last executing test programs:

12m21.231560416s ago: executing program 2 (id=1376):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0xb, &(0x7f0000005300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)={0x28, r1, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x3}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000800}, 0x0)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000140), r0)
r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VIDIOC_QUERYCTRL(r3, 0xc0445624, &(0x7f0000000340)={0x88000003, 0x0, "679c51ecbc83d0e22e845e3ede5adc714d88a57474315dc49c00", 0x1, 0x0, 0x0, 0x200, 0x2})
sendmsg$NBD_CMD_STATUS(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000900)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000429bd7000fcdbdf25050000000c00030042000000000000000c00080002000000000000000c00020003000000000000000c00020009000000000000000d000a006e6c3830323135340000000008000100000000000c00080001800000000000000c000400ffffffffffffff7fa588c98c64e3effb690139ee61a9f937e2d09c5ba06928e4941697b9b907119cf88332c91c7077508a4c699ef6219765ea141fc7bf7c88279efc6596dad73db1952b22c1e7f7dfaf4328bc7dde7d2d6bfc74414dadd663dbdf60c800415350ab2a7a7d9c5501867570f550d7caec722b4df1e1"], 0x74}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000340)="d8000000180081084e81f782db44b904021d0800fd007c06e8fe55a10a0015400600142603600e120800060000000201a80016000800014003e01100036010fab94dcf5c0461c1d67f6f9400e08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef409001b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed1bffec62070000cbee5de6ccd44a677575a62cef352a92954b43370e9701ee1b6ec75a526c5d5b5701cf8773", 0xd8}], 0x1}, 0x400c0)

12m21.071847548s ago: executing program 2 (id=1381):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r3, 0xc05064a7, &(0x7f0000000a00)={0x0, &(0x7f0000000840)=[{}], 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, r2})
syz_open_dev$vim2m(0x0, 0xf, 0x2)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
gettid()
timer_create(0x0, 0x0, 0x0)
futex(0x0, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)

12m20.715221325s ago: executing program 2 (id=1384):
r0 = socket$inet6(0xa, 0x1, 0x84)
setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)}, 0xc0011122)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000014c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000702000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000053000000b7000000000000009500001000000000a80501363034fdb117168bd07ba00af739d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945f105d802f5132143c0a9fc7a84452569957c1002ed7d4d8e17f791f4798c8eb483e9973320d046c3126c6afcfd84de03352c69b3edff5be26f8ffa5f8f2879021c2ea53ea79acd7fb38dd1abb75aa393cea26d465637d11f705000000473e7b7c4ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057844f226ef4e912f01a201e694e3806e8c70e8b69524cd19f7525d8d66bb766f7f3f918c86a70252236800001897133af94a5a4cfc794d8b9d7c33632152c48eaf302f0b2e0c252b00000000000000006f1bbefbe08de65e3762e194ba4cae8b13535d7d11ee917bca4885bbf597a14ab2458efce78510d86272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36bed435000025ecd201d2ffb0a7fa4f5d11060cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b9d86329bd5b4697336112b0b8754ce3574046bf6114d1a88597850b77378fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f3faf37ebdfccea0c002ad2b42047c9ec43193ccf617dbf8a12b4f189edbf9fb7c42b1f435ccd4d96822e6b70100912c92e3943e9c4f45d8bcd528fa8a3ea847f10e9b2506f3bb506f1d7fbde8010000000000a073d0de5538ab42e170b3baae34c35987b0dda497ac3f5e97e6e6aeea15c6d5ed24310100000003bb6030f84b63aaf8690db0221b1705c501f802ff59b4e683efa4b6e77e042072bd2ac37d413008ec9eb8166f6e28b49a77ed91befc65315896f88a8fb1dd679fb4c515f8b7a5b7aca6a251a89d47b728502f7e621cc0e3ba04000000c149ee6601728c750d304197c22da8650579475afd96187d881e93b42a5fdfd686d8900c44c67133dad58037fda65885a15a429edfe3027a5ebf95254744f10fd607bc3300b94932b8d944e0b083bbd86b19cb074577a25ff581d92af08a06f857310a2f14326b0b290205e91a682e00c8762cbc6b904c980eef6e6a1def886c95676dce6a8194479700a02b92bdc8d05eae1f24fdd7b80d1bb404c22f681594de2ebb9687219de8d73ac83823feb402a2415a9850d5f0183ec67be96dc0e4c2d7acf1dfe79d6771903b76e21190c22d641030e1ddacf006c3116e1803af20a5f2b5f7ba58aca5bcabbbab24414a3810788e5503e4be66d683daac5f0001000077339b4200000000108a3c87b19d5b9a00c75d84a92d6dcf00ba96edf35ede0e2b57c26e94801b498924166bde57d5f24258d9fd028096cc15a8b912b494d4bbe609031ea1ca65a548971d5d16296dd08e020000007a27310d5d01f8a8a0f5212d7f628f554afea715ccbc66cbb1016490f5d579308cb3188cf2fcaf67e0c16443d526ba4b968f07ae362c2133c168313e84beb871203880dd453c45d0a137d7f5a8b039dbfa62fb2b4214f8e69f967bf1fbd89e77fcca110000000800000000000000f8877994ebdc35f7efd41e3babd9b3782edd6776d5b6cb4ecd72c9de9b5503747d71440378cf2c2c7ea2dc5febb654a867f853713cf4c0bb322fbbe446d18dee4c821275ef18259cafc346c8b3b9fb0f3adcf6ea310a6b9a3f59e29a5909ea047fb61affb4bc8bbea1fb761b8933795b1a91358a7791aa843d07020e8bb6fc18458c49ac6313e7165b7d9f65e94a62b69f1011b94340cdb7303f01e5cdb5682ddf73d65c3de1d88dd7496d6345d5b9de0223988056a53e19a8b96b9640bc6c09d3c2ff894d626b57c776ed53f94d5e22ff148061b37f72bd92924cb1d0a725e19b264346b7cae0251a850de78316503f3c3d395c7e3f04fc8d52583327cd2341ce4b2d092815376299686f41353b2823814563011a2223b9dd00000000000000000000003a131374a3371cb3e2a9bb4d798b91cefa444501f40b7c9589e8c0bb6c82123d2b45ce905d0903b32ecf30e828c71a07a83f3275f3d661d1af0ffbd5d7f0"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0xfeffff, 0x680, 0x3f000002, &(0x7f0000000700)="c45c57ce395de5b289f07d637a223920f181c2e57d71483cfb2d075a3ff07258e080a194805cdb0c26d3f7ffb1e0d9cf4fa36dcb2168b72de48ac8f93e6804f1c4d70898d0810e044d7e1778eaac5dfdcc9f1208905522025bcfdf1b6f969b094d5c022c2b7ffefde71e0627b9a2069cc1e0175c4b8860aad4b0a103c589f676b6c4e85eb3950c533b6e62c39ccf9ae9bfe54ee5887358d44f46337fbe090d7c7e55847edee8130ffd3d1e719e01a68b0e691c0d35b0b56e0b514036342fd56f08ac0083f3c2fe41a1295a3d23cf3d160d4fd90f66beba68860456ed41272e1e68d16c2564c85f5556e18784113c493d13253e14d6eb891707fba3c30d07d5ee8619e4426cafec4cf6a3723c455d09b586b248", 0x0, 0xf0, 0x0, 0xf0, 0xffffff0c}, 0x40)
syncfs(r0)
sendto$inet6(r0, &(0x7f00000002c0)='\x00', 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x4e23, 0x27b6a97, @private2={0xfc, 0x2, '\x00', 0xff}, 0x8080}, 0x1c)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x4020aeb2, &(0x7f0000000300)={0x0, 0x45, @pic={0x81, 0x5, 0xfc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x62, 0x0, 0x3, 0x0, 0x0, 0x1}})

12m18.825656896s ago: executing program 2 (id=1393):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0xf1)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', 0x0, 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
mkdir(&(0x7f0000000240)='./bus\x00', 0x0)
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

12m18.588083651s ago: executing program 2 (id=1397):
r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
r1 = syz_io_uring_setup(0x832, &(0x7f0000000140)={0x0, 0xfd5a, 0x2000, 0x1, 0x2fb}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000a40)=ANY=[@ANYBLOB="b70200000d000000bfa300000000000005000000000000007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67d5b310efcfa89147a7fb0a93d035f2f206d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d7be3e8c254a5cba117cbdb9cd38bdb2cc8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e6a9f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d996d60a17e3c184b751c51160100000000000080148b9a31ee8dc8b544f3c4a532e60a0ac346dfebd31a08060000000200000000000000334d83239dd20100008000000000d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08a406f99f7b1e1ad828267d4eadd3964663e085354133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb28cb0bae7c34dc5e7c805210600000000000000c3dec04b25df45d4f71ab158c36657b7218baa07a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d01776839b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c707fe81436b024c2574980397bc49d70c060d57bc88fbe3bbaa058b040362ab926150763fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4e6068f1bf710d133d541da86e046e513b3177e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2b2ff7f9a7d365e63845f3e1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000010000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edef8ba72205beff7771bcb293747b88486cacee403000000a2919a4b09e168e4e4d5ff2ed893f2e314679fa69fc7e0cf761f91b18725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289c2f884d0766cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2efce676a93110904d5e055af44664b53c764d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007976694b6a0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d201721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e671282a2d3066ac968c7d7d7db195f255b1b4a85eb9ee0a3b68c9e209756623adf685dd715d68ed1274b4d5502f512493af8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f74b6563a4be1fd82b73c8c2bc"], 0x0}, 0x90)
r4 = socket$rds(0x15, 0x5, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x803400, 0x0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x84022, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r4, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x2020, 0x1})
io_uring_enter(r1, 0x27e2, 0x0, 0x0, 0x0, 0x0)
lseek(r0, 0x9, 0x0)

12m18.461612248s ago: executing program 2 (id=1399):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c200000086fd6002adf700383afffe880000000000000000000000000001ff020000000000000000000000000001020090780000000060fd906300003afeff01000000000000000000000000000100000000000000000000ffffac1414aa1e520b4c951ee12e3518a7562c4a256488170853584ab74a262d94440dcca91209b7eb0338b2dd03941463897ea9c671303b4cc29ad530a3a3e24cab3eb9a11f18573fdf5a055e6f5904623ddb58d3c974bf1dca53734b34118802c22c3e2d30160f6643e451101e8119673ae24bdc"], 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
writev(r1, &(0x7f0000000080)=[{&(0x7f00000001c0)="2e9b5b0007e03dd65193dfb6c561963f86dd6067060000000600000000000000f5a81543b0c1", 0x26}, {&(0x7f0000000040)="a12600"/12, 0xc}, {&(0x7f0000000200)='\x00\x00\x00\x00\x00\x00', 0x6}, {&(0x7f0000000100)="dc916fa08ccd96d28b4fe89d5640661da93425fa173fbb80b9826b", 0x1b}], 0x4)
write$sysctl(0xffffffffffffffff, &(0x7f0000000240)='1\x00', 0x2)
write$tun(r1, &(0x7f0000000140)={@void, @val={0x0, 0x80, 0x9, 0x0, 0x401, 0x3697}, @x25={0x0, 0x8, 0xf, "cdd8946fae23fdeafa214e292b6c8ae4a45e93375dd2e92199ef89b39016dd1aa7eabce254adf59f1c37b4f86968362f30917b696a0b970bb1e9bb870743f0cc6fd88f86f3034366e3fee393c21f5697b97eefc7efdc2ba77c736eb0218ea788ffa2a9668e560d69b443f491fe6e3b263dbad2f9172957282ae79e9db2ef20cfcfb90c2eeaa05e2d134d950b67cbfbbc13b4c74859b651167322f4dcac6c6bd10d941a9d1f3862b531909a00cd35b97370d1c0d4cc0e2143f7972675ecf3dc36ba"}}, 0xce)

12m2.826610914s ago: executing program 32 (id=1399):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c200000086fd6002adf700383afffe880000000000000000000000000001ff020000000000000000000000000001020090780000000060fd906300003afeff01000000000000000000000000000100000000000000000000ffffac1414aa1e520b4c951ee12e3518a7562c4a256488170853584ab74a262d94440dcca91209b7eb0338b2dd03941463897ea9c671303b4cc29ad530a3a3e24cab3eb9a11f18573fdf5a055e6f5904623ddb58d3c974bf1dca53734b34118802c22c3e2d30160f6643e451101e8119673ae24bdc"], 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
writev(r1, &(0x7f0000000080)=[{&(0x7f00000001c0)="2e9b5b0007e03dd65193dfb6c561963f86dd6067060000000600000000000000f5a81543b0c1", 0x26}, {&(0x7f0000000040)="a12600"/12, 0xc}, {&(0x7f0000000200)='\x00\x00\x00\x00\x00\x00', 0x6}, {&(0x7f0000000100)="dc916fa08ccd96d28b4fe89d5640661da93425fa173fbb80b9826b", 0x1b}], 0x4)
write$sysctl(0xffffffffffffffff, &(0x7f0000000240)='1\x00', 0x2)
write$tun(r1, &(0x7f0000000140)={@void, @val={0x0, 0x80, 0x9, 0x0, 0x401, 0x3697}, @x25={0x0, 0x8, 0xf, "cdd8946fae23fdeafa214e292b6c8ae4a45e93375dd2e92199ef89b39016dd1aa7eabce254adf59f1c37b4f86968362f30917b696a0b970bb1e9bb870743f0cc6fd88f86f3034366e3fee393c21f5697b97eefc7efdc2ba77c736eb0218ea788ffa2a9668e560d69b443f491fe6e3b263dbad2f9172957282ae79e9db2ef20cfcfb90c2eeaa05e2d134d950b67cbfbbc13b4c74859b651167322f4dcac6c6bd10d941a9d1f3862b531909a00cd35b97370d1c0d4cc0e2143f7972675ecf3dc36ba"}}, 0xce)

8m51.129390533s ago: executing program 0 (id=2212):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$l2tp(0x0, r0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x1fd, 0x1, 0x0, 0x2000, &(0x7f0000b07000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
r5 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1d, 0x18, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6ad}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r5}}, @ringbuf_query], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0xa, 0x47, &(0x7f0000000440)=""/71, 0x41000, 0x8, '\x00', 0x0, @lsm=0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x4, 0x5}, 0x8, 0x10, &(0x7f00000006c0)={0x0, 0xb, 0x2, 0x2}, 0x10, 0x0, r5, 0x0, &(0x7f00000007c0), 0x0, 0x10, 0x1}, 0x94)
ioctl$KVM_GET_VCPU_EVENTS(r4, 0x4048aecb, &(0x7f0000000000))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
accept$unix(0xffffffffffffffff, 0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

8m49.579441587s ago: executing program 0 (id=2216):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001500010300000000000000000c00000008000100", @ANYRES32], 0x1c}}, 0x4000000)
sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x6b7e369c4a37b0ea) (fail_nth: 1)

8m48.966326641s ago: executing program 0 (id=2219):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r1 = getpid()
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000540)=@bridge_getvlan={0x18, 0x72, 0x301}, 0x18}, 0x1, 0xf00}, 0x0)
sched_setscheduler(r1, 0x1, &(0x7f0000000240)=0xff179ba)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r5, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0x301, 0x0, 0xe0, 0x101, 0x0})

8m48.959649908s ago: executing program 0 (id=2220):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000640)=@broute={'broute\x00', 0x20, 0x1, 0x170, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200006c0], 0x0, 0x0, &(0x7f00000006c0)=ANY=[]}, 0x78)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0xb101e, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x44000, 0x0)
sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000400)=ANY=[@ANYBLOB="140100002e00010000000000fbdbdd250301f2800c00160009ac0f00000000001400010000000000000000000000ffffac1414aa50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fe2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebdddad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb6400001d2a11b09c54593d8da77e8b2b4a9ada80417fa8c895ba97c0e5e574cc420134f85e9071ea04426426180168ce617813eb53c85b93863f444cec2a84b90f3eb282a9d27533459a6204cf5df9f107774972aa9b5b3fdaaddae31cac735867e3f900"/372], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000100)={0x2, &(0x7f0000000040)=[{0x1, 0x5, 0x0, 0x54}, {0x9, 0x41, 0x0, 0xe}]})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000640)=@broute={'broute\x00', 0x20, 0x1, 0x170, [], 0x0, 0x0, 0x0}, 0x1e8)

8m48.447547068s ago: executing program 0 (id=2222):
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
setresgid(0xee00, 0x0, 0x0)
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x40, 0x10400}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
syz_fuse_handle_req(r0, &(0x7f0000006380)="c66dd220cbdeb68f27c1f98bf43fd861bcf841572658a3308737983b31a434673f1003eeeb6d9b934bcd19cf754f4882114d61e15354449f763f772e86c9e2252731f7a098faad2accca3e470845b32918bcf530f9474d3cd610d9028cb7b247d3a73d887719f70554d8976c10784c8073e521a80b5ebe7501d6c3b6b5cf9a498a1e97b8201ac756e5f35d71bdd4d196e73cae0cc34c7140cde8380de823e8c76662f0844f549818b5ef6c732b8f412b79273508b69f2e6a653709b4d9bded080b6c15ca5c5b8ff23309e05d460dfb40403f60a3e5a0e1d4e1aa59d53823a047427673267e79d40fdd6f12ef696fe22887d24087373f64987e48ba20e7f47d1f08871e0c22a02593156648fc106c4529d8cf17c71d473f4ad43992b1cdbf5cfaaf1ce401d5ad8b9c6bdc3c60a88a91c52f5aae74a5d25e0cd738fd80169a98b84d4d24a7e86c9d8e4c3e3ff1a9fc44a87558aeb7acbfec13a26a4b121b2cb9ae628c682aa4c44311c45a673bab25880665d6cdf589e5c5415794c4fd6b940e7a44df93a34a684183581c850fbe97ef8c1de852ea836e0db1a104b498d6dd8fdf65c606e772de2e9dfe46a418fac3c0bdd72916c951e3df04f2ae85839305be2a86aebcf4898b6e49c27df6033ad2b8651279ceb20c779716240d3d0fef3bb6c417a8c6f75398a91942d8ab11f21f5795767650a96e246c7244f8e4935e9c01349616a098ae810487d657fd095beee05a36812f39f4266f25f4508e80f19a4aec7116f1d8bc48bc2c1f0f96ff34b66a965d428852766b78f1e7eb0260bbb355cc0859af6988ff7efa0b3fede3d5f2f2147ffae4a5eb58a7585b596270334c360a1547787a95634e13d59bf53f51f48e75a6a3e48f8348f4cb495d9699dfdf8cc71668c5b9622578100f7163394cb3171fc8a6c1e7f88f08b8c3cf4b0cd9a1bc16bd1488ebe43199d97cdf4bbcde8a06a79c5af6ff2ebf1a04add74830cfac0b946514b18de249e934dd8a1a96fce085320fa857c853480170208533acd3d41c4384a932eeccd4ce7d09827efae4c0d19d00c5b48943c4d877017be59434dae6bef767fb9ffd073c2261b06c0f23a0c77a5bcb1f5738dceb6abee00bd7c649f6ebc64b4b8b948319a22ed4add48eedda8a2cd1bad6799e1d9ed778e5ce22d5fead0cd06806cb4b7b5661f9db6bcf9ddcdc9e49e0e6a8ec98fc42c660d5d75311fb9c9d06074611ebbdbea45672dd78760ed92d0e95c1d5ae234d674dc3ffaeef3d928aa4b93c0fe55fa886bd3f2371a5bb22c4dd6b8bc13250490cf279d4e56b646dec4eaa53951d55f602c1f4081d49316f6bcb35aad0453b44c7f266e99838683404859bc372d1df5f1512f35558b3706b32093b72a78a40c8a188852a0b5aca11a34ba23195cb598ca595f243c260392cd793b65dda856f81be1b54d873a0366407ac26687262d6bda693e058f598bde80e304c83dd0c2fd0e634ff15e1ca4e2918bfa8e3a626aee7b5e445aa7fae096595fe58032c993eb06ce49c1045b1f132f2c90d6e23b76076838ad7ed7a6a74245d7ad72b38bdc04e458d3908d1d272f23fe18f68ad746e5440cfbcc3b7ad477dccd6fb2db536df0e4d24480d2765e724ca06cbde7e01cd32e36681796a454c801adc1b25b501cc4aaae778f3783dad15d12e656b09bb3d8f37efc86cc7faea5e51913902faed79ae5973f4413e275f78e7e66099f9e41bd73a07445a780dde0b189308e3b83d1a3cf5aef2d3e11fcad930eb6c60ebb899b22cdbd539412b2371d28a4331394d8f29d8b16f94ffd91d4eb5c278e7f6b4024fcc7af9dfde1b3c915b06dae683760fad05d6638c6389fdd19a9b12956c11e9b9ea7d30e09b13d9f681e012f1e41746341a61b71ac6c333b29883ca2cd1aaa3c02e66c85de1e3b2b7e77b0dd1469ab9db5c17beb2d33862db20fd77de685a1e70ba55b0d9cf4b2d3d1196196b5317324e5f189605baa37493c9586b7e475865b4bb21b335e8b291b9dea17f6afc1cd84618b189567817511de821a866a00b62c62516b716cf55dcf7f5b7d7520306fe03f00cc61b7dc297886459d74bedb8ac1d05cc506db74d018c877da735481c318224fd06f349b59f69b0d2d017c817e5a1f934d263789d418eb69c772d923b01a6a4a6afbba4a6980fbf7cddd84f8e4392eaccb98cdd30488919ea6d492d32f9ca4233649117474f4116f6ca4cb762d524c0f92bbb40d3f430dbd50dba20adda8b4170a73c3b66257c412311a7bd3ea3ecca0da47a7a00ef0a464ee0a4b2402b61db833f3cfe1847b9630de47f331d575f6e3c6fb44a9021700c6d8055ea982a05a5ba6a91a41e7445fdba7ac09202fee733a5c216b3c3090991225b98178508d1985832f8e7dae58482ec0fa2215c935bd0ef9f03c0ed3caf97bf4de023605aa8535f1e88e841471bd8842084c6715a3fd3acd07ec9c43f635e5f868d82cdc6f9424ed978d39e72cc92535c2637164f15e9a67770389535ba46cbf786189562908872274ba126b313bd1c0780e9d0ca38956d1277b58f04eaa1f97ed8c6c83d9c05df0df8b43da930707a84662e480a33d1868edc9ff65368d51fda828ad29ecbd3b2cc0ddb0aad251b4736f872ba5f066617a9e9675ed7f80685544af44c677b9d39a1a353984ea4ccbf36d759b490f8dcd5621e573baaa2c03ef367f543ca5d36d1c9d33d4762bb0b1e02ec67d3511582d69b06a57d15f5260fab5ed8d9361948eabf88d9e776a18c5c4f2d42bb46373861b613db9a91ccff8fbd563ddb37f0738fa1723c23c85cac0f9eb53a41d115fe0339eed3167f59b2f2f0739cf9c0ba5769b18a213d5809bccadecee6e781811bf584c22a6557516d12bd58420f5c67c673fdf0888ab31edcee3198927b5b87a63f89f7a07d1da8cb946f0a87e7d3bb455c888f394d17694378446c9073e54368564dc546b6c930ae17afcc8360cb2e31d87ad8923f60033aa637a399707398ffa51645ab1d9963c29375c834746004ac16d24d8f006e9674e45da3d938de524857c57fd39b22678f39096309527ed22c41677a65a67dc0998a8babc9cb688a56628d09a732773d9019d92399415e93852a12d66ccbfa571837b7689c7cc50026ed643a89c8f1bdef6d01016e6e1c21bb779db52c2254f5dae40ff173943ba62ce343ec035d93d5c92c64884d654777cf6995dd0c485c7c132db383769ae1f35f1980654d2b47e92b1862f653eeb81ada4eed6c9d0fe9da3d7db5dfb4d66b2d576676beddc4394ade2acf55f9ec24aee7c4c77138e799f62deb19367ce226a66715da515479b176c9ca06c739566d279142ce2163b8835c840a3de6e2d275b5d5a948b26ec8faa6cf322c5038fc00fb0a27f0b76b5e305780c9145e99feadf571bf8d87dc93ea0f8ff3bc246b16d4e43256507abc7ccc92e113a037ab13855058ba1e0770b90f52e0740c157d68963b3d236f681454589385c6124bddf948c5aa2e147a3543c301dc6d82acb504f76239c890b7d3d76dbd7c26445ab6fe66f9f71d95f4f0d6c51533ce4b05353ef27178f6b6813366189ff4cc19cc5c9f7aca4d6b6f3b5b213e828cbf8b8b5cacb42ade1fa2594cc4ccd3457a45a5b19926f17b9061c9072fdce96afbd3f2bbecc6dfbdf9d9b3e1a621e65a7cdf0a97cb0223b220b39a88b7414ce91e5fb52f3c9c7e10199ffc8fad826d40a798ecaebbd8881c1605f986bb0af06f416280f63f3a3c28d399d13c21e6d79501cbbfcc9483a73a931e91358807fbebefd39b466cb9f251fa4fc7d5f4fd2d87d4604c9750593d3a801b963085ad7aaa91e023977742b728d292b046d0bd49f81717a686f10096e154681b85aeb81a26fa8f46bf3dfdf5dc7c7ca37aa3da37e53a105be5935640baff476453f53ffcf786894eac35d1933a5e97fb9b6d975f9fbe7914d09dc948d305005eb4aba3a9b8cdefb30dbb3300f46041db06567956ba4327280721addb17425a2b223e81bc41467cb413cebbe16818468eeb5b24b6cd79ec4787f693f3c301e5dd10747bea13bf042d6fde42d18c48fec0e3e43454799da1d5501130fc98917fed27d696ae85a39debdb67d5b3d70a82a2097095476e24211757626c91a29e917796766bc4016456c4acf0436b6c02055778ce7f34e605264f7d6d1321072c4ba341866ac6f78e9b99a30478eb7f09a17f4fb3e23184e878c2f60d2c18617185007841778c7c256750a287ec0bbdd20bd37ab50538e43a5929456d336fb46a04593765b2692ba15e7b71b97788970a7903e12088211098bd356132862a4d586508b4aac077d3acd4f77c67d9066b436d14b20d3e2870cb19cdad5581de2e08da761fc95755c43cf0dc2cff84e6a3a8fa2d0390fcfee285a133b37ac7b2fefd0d3665b1705784187e228579680be97982194329136fb72d8b61cdeaa88f3dfc835ae22167c0130529fe81043b0e1c3aebccb1f4aadc28cb484f850158504439d389d1e559ff424217dc031d422a8b7b51731db75dc541e16fed8fae14f58c1f9c8d0fb91a685245ba558c1aeb243aa728db51c3f3aa6d8f7a4a547b8d95018402283a59a45173e7696f02304954ebfb43c2215f180c8e47e433e5262e279fdb63405c81b0f128b7d6a095ff5f85690331d94d34923a3e8beef5cccbf7b208b2a0aa898f9a32b2f1bb55aca4eaaefcdf09acd871f4b88feb535be87dfdbb5ad45ff3c26a2765230011d90baa4b5d5baaac5519f9013c8fd497d57083403ee6eb0c4e23428cf3846bd34d69840d021196f9a9a4fc101016fe2d4fbf4ec23c11e9d737c5e6d2cc3da7e0981c00ea9df07ed88ab05b7821033b2d311f2fe0525176660d0a33b0eb23a57f5b1d41e2c1698ac7bfe5f59c27792f899fd39610052b705862e798a27084450edfccd180a13d8adf8072430e9305f41b0a67bd1784b6ba9450b1e872794e0b7b55b22a2f649f83270b98d0a0137694fec0d16ec2ebf37c72d9398d231a71e40c912428929a29a433dc0fdcb697f64e07540da92067b1b5a7735fb7fb8ac8da2591fa44b676bbaa32ef5e6cc11f1b2ab3b262d9bc4b2082e081ee50fe71def63cf6e2d588bb8d66a8daa8c8a30ca07d2956463e1affc76003e4bacc632cdeee50098fe80cd7485fefed6eab639d8c42a1357fefae5a5a779fad536474e3bdebf6aab699552e807ffd8a44030f439756748dee9ddf19a6cbf5f75307b03c5ef4185a31a41583fb4ca3699e06319371c5d932d6e5f4e1bf77c02c70564d2140f7510e183ba2fa7ead8a9b8cfb085a9d0fa7dbca7561bd9dc1e5c1a1da0322982ff29c0fa2cc33bea18646445cc59b44965a01570b7b739d730df8f1f2cfe3558e7102de13994d6745ef8f91965265fbe0d29c3f381e1eb9c63242962a4409ddb0a4946ef9ce5b0eda90f8365362681943247a0d87d9b7fbbdd26d4902be34068499b6e2ab2ea746634402e1065c8cb9c32a211d10fc2796f1a7045c59b9cbc4771dbf56a5c38303f93951194d06a1b8cce31dd4869a148ae90a797d09de168e47974ed9699eab3a6424781f481d03cf1046df28b454af02df72c0f56c693343a82f7f383afb3ac452200ff155444010f6c988de71e3fb6f079bc6ac2bfab6ff451242b7e3e70578b8206529816764206d47115cda77b3e356e54f825ec745017ea8c3dcb412523b754b951d19fc075ec66012cceff51da925af9079f547e840c3f2774239cce5fd6533f3ee8d194812de2d4499ef18c4bebfa8d7273307d7aa0ac09e6ebfd95ba99946a585a4bd4afef8bb0b52857e8415a32b42e0a9ccb0749599d7a43cec793b22c96b3de91534c905456b25a5972124b83c7d8f0520cd71c5544e49afab26cccacdb7e112f0af1acbcb2b68760c7538aa6c990814d7cf7bde5ddd618bfd55bfbdd968e53e28f94042fafa2796b5bf2d1be612c81dbafbf90b0728b4b06fe216aab91b8898780ab06cff75be5239c39ac836dbdb5482222e61ff5971ea492c5b5ef509720fc886f8a07a9232653d427d176574c99d65244f1618fdaab109f732e1e1295391a25f9b750c9761bbceb81d316d9f9dcd555afb762191b7e173f06a4d8f4d97ab88b9ae19f6c85c361b8b5cbe91a3493cae594063ed457f3be99772485b34d3308da4e751e58a14cf7c771d8e5be77f88c7567af095caae1eb83d259cea709ea5441047ce96f0e21faf89ed491bba5d0dcc6bc33a07237fbef2fe671447ce14e16a1cae4361938767ce65ecfe0c63e1261cce5fbf603a2537d21b50c9a3a3ed6a7cf112a0586a653b43f813912a226aa4722f7edaf8dda5553efb22721dc71924aa73bf232c2439b1d806d3beaf157442643c81ce2b551b82d63cbcd4195029e2f63aef127ed4df0bffd41665d86213512557ce90ee54fcd01078a6a19085bde6a0343595f540b1ff610bd7a5a2d695bdc5e508cbf544d15cf5920b3e405ef4e10e6651c5ffff039adde2f805143b78916188fec05cadac443c93447d23bb25b0a0cfc787754a20f7efcdee5798de939b758f238f15c23f2622b8ed682378017c8f251dda0261baa33c6262d42d6365e68e85d43a46d92aaf04acee203c09487755df49f07ea1129782b1be0feb6f011bb914266fe2cf5361c377fe33a491089f701ac61bcab2bfa3bbe8bf7b0b834dba1bf187ab78fca751b57f1bddfc670c80d83c34c3461d823d7762b45ff0accc3af21b38137276d4e4d7a5d0a075902865f17f084cfa94cc28f70ee7296e216401b172184df0e060dd61be91efcdbeb03b4a6699c88a16ebb18f3e938cb458a377e29a3f3cbdaaf121e278b691c02b6f0dc790510840b3970b1f905b421a1cb376043cc7511e70e94cc63941ed0f864b4118592878538e12e986b9abaaf2ed588ad5f0e5e0851ffc29ef21aed080eb6f35fa10052f27767d0ddf3fea5a08c14657d68a9c3e6cba422d93a6aff222c40eee9f3c9fcb03a310453b616a80c48646f7d196433736fedcfc2ff4fa1a43bf9f8fc0a0660cf9f79fd0d8e106591a2319cff5eb0a5be578d178e0e184a9eca92991ca63bf1e9c5b1c56dba3c836975a74d9eb9b763ce7c5dc753cde77fb2d048e3656a15f9aa7f9dea249c4a3dc0456b64533513e69861fcb9f4348d78acd5b8ce1f3c41271b8551ba4d5754fbb123862236bc94192a5306c29adb2b0b053cd7d4deaa1be6c61f75bca27b53765a7356dd34a48437d5e5b356d48db64749243fea9b1f44e4625fe7ce820dc9f1a6022d77198e6e917cd4f5e23622d5b3b2fafd4f9be0b85db21371f5d35c7c651a616a8351a02dbfa74f9d273a0eb7d2ab9fca254bd28509b3d6f5420108cabc42d9a5670779dfdfb78afe74cd87fdf8e3be937e6c6981eb88156f5cbc91e4b92f8d65a151ee3307cce381dc189c54a29d21c9fa9f512c50dbc9f1c0ddb43b6b10d5190b8169f9e06f7c60a2103c9c3fa3fe0d1cab8358cf4ddf95d5e26fbed636b2f1f474b7d10426afb5aa21948f7486e0df5275ffa6c091c46c3868703c4e30e1a15a8d27a708b6d5fa7d123f1524c221fb93b5f9f8d87b0286de38c6112a05d1f07706923b531e335db326ff756acf6cf9a5e5352953d112a842d7b2f05d296f644b01bca413f2686dbdea6b2cc6dd8115e22d832af742eb801ee61f6b90f93d227b694fe474385125801d6eb58867c15246faa6c0a1cae0b05f104fb2e97476c73a79185796e0c26bb1b59527aba4b79db6ec99f1650898b996e068329d17b94730cd6ab79a3d77d80e5ed78eecc7d680b5425231357f24c46fd01732052eb18737634915131c7ffcdb0b48a35d8761c402ff5b56aa1a9080b46836e4a888c86d7a260fb6cc2f3b9f68d52201531220bbfe0e7b2890a390acb33831fa1126b88dceb126a555181edbfa4680cadb08d38abe00c91980ce68ab58274ec28eaa697f8a4d7d6db744d8c9daac2035d40a5eb565e12c8be5c2bc1d725f713d45a03ac14ceaf91bb1c5dddcac87553b9d22e23d738742e3bf994412ab153f66ddea53a35c9ec19c555a49ae1aea112a70ddc10201258536ba93ae0dc7fb60d51ffbbe9e96eb8eeea6878e3784dcd686fc0db4516249cdfcb9f6d880fdcf8f86cdadd23ea7455b3b7e3a0e8affc9b61be59814f8e32175c869adaf7dbb5acb4c994e2269d2657011e8751c5c0e6e97e9eda4e8e6c309e842c8ea01c20de3c5f4f6372cc8cb7cdf2b0e3519155e4c662fc8572c36d9d3b7eb3ee19e985bfab9eb20e077c20dec4172e584357cc54f9cd49742e0b31d1fed87812f19efa9ae81ebebb021df0c280aa9790d2f1acb94b38f268ca7861b1da63cbb86daaeac3a5b067c86fc532a1db230a29578563f16dee5b4267f9d474c81c9ad762216452cb3a37c8ed44cbaab2e4b9a9583b134da3a64390fe5f76946879a1757d127e6e10b3b3042de48189350d844ede16134c770dba47cf56483cc14e2cfc93fc11f47cd33b06b720f531efdd1ff1254966b68fc46645ec3b45c2a60427e69ba1d710f25571522ba90622315f9f0cad33f8b1a1053a45aa07964892621ecc9256b7c4e21716e546c235fdb618f339b55c377a30b61a9add4e3b5657e3433a6feaff5b67ef34771ae6d04449b5228b6b99ce7237996b307613d14602d76f21a58a55cdc71a1f348ca18265634f094012bf4eae241df634d7424de578eb4c4199de382f2795c17eefa11ac2ad4625be7263373de4bbe189d42fa51953652d433323b9e6110f00c7cb44e4e7df1e6e1cc421c5cc5e78eac4009824d73b4bf0a0340ebd883acb90e928f6034d6a44edee021abc40726df358ef83429351f46aaf10b63b0a5f4c68bdf4e425f8ce7c6a8ad95dc4874836a56a298f586a602ad7b33350fabaacfda30b80210432dc6b59cb807d50782399624d624bbb5e759c09daec8ab3afbff204f62f94754e377cca96b00ba4842d52d8f12a5ce7d1dd81b760c1c5392f739d91f8bdc8c290090fc6e3221ee69abd2648b6c7a818e8a0d04ffd83464f7b26002e4d5614392848205fc0e766713e4c65f46ec2f9d221e98fdeaa5c329d8a0e7481690164fa1ad829ce9dd2eec2fe92231b33415c3f564161353ea7f823e3dc97c9e905f40d693082be719aff77b3b35a832ed3fc16e3bf57305fbabfbbadea1d33ece1f05ba482d3dcc391e0c709c02c335a6289a8deb035fd5b99edde61f0d936631e21251eb65c1dc23574a7a8f9ba8fd0b6c958ee146954cdab3daf90c17ffe92aef5390b4e19d32fef469e9e60ef8ea16af6b66dab7de1d6ddfeeb602cd69d8f32e4d5f06bfaebe7f000d62abc793ad34d77d1369c63785e93c2ff205769589011208ed6affc73dda9287bc8f4d9e27d33038b699431f56285f92fd9f02e78745fcdca4a4840dcfc307bf8f1806146d954ed5ccc8a66edf2179e2a5356624b3b30f8f78839ddc9940794acce40290e5eb73dbb52fe1c633e88d1492aedc69b351912a0890b63eda0d8756a5b7c47c740fcd73a0f419fa363fbf0cd3fcdd38f0fd055627932c998421f086ee0cbe0520b2f2fd6d38fce1575a2c90fef9f81aa23fc7c4c5625d6f46fbfd02ac31cd1620a92c43b7884e4a050e5ef5bb9b8f9825a159bb0370c828519ef71090e09ab43ff2bd2cc75563fb9073eadcfd869f0d9b6986e4320b1986ce3f19a3f5dce202f8c13757726e5d6a9fc9e2b0b357625362fb873709fb307ee51bc58494857fdd3811f6a8aee0086b0a62da4e327c698e5639e373567d5eefc76e0d6725272527cdbc01a2b40e7511ac986e32bb7e48558756dca3b944855fd9dfdbb2358a52e53769817cad50af13d8a5941c41f6bd121cb267acdc461c500855c6f6c0750367c62dd32fa41595a6070e728f1915bab951e5536ff8230a0608ac96c2e19a5c1415209a3774c091174f575bc937d544d495370294aaffc5e6be76364c7a212bbb4ec7f3bd38db75a159b68e2b3075ae6bb68ffa02e6bfb42553b505da20f133b2855572b7e6f8f3de240d9ab1ff32b3d9825f087774f4932024be806b78f059d4b3b40414df456aef405d1cffb2f3604834dae38932d830298df7045d404f005f5edf81061850808d4998f6ce80bc7569081765875d908d4b6a0edcb434317543a4f5954a5e0e5b7c4da75cb369e2810e2aebf950b973ad3380bca5d0de8311e59a6ed3f01d8f7c1b39060fddc7ac1febe659626ed7ad27dcee7b3d409b9f84e4f55ceb2e462f55627857f8c485c35c9abdc2fa87c4281365790ecdf1971f3a285ea0bb2038ae91d927729f4bf847bf0fc724b002cb029d2a57b89218bd4a763ab01902b7b48cb609cf3b9ad8fb568aef0ceff20c5def1a4faee11d33d304e2227b83f3ab06f0b9fa5502b1d9c6fe2a34bf9abb9a5b13928800149488cead47e48c754c75a061d5ea8a515f7f55611b0c048b88c9772ca4b1eb3d6fc931801990f1611e9b1171223527dceccfe8cfd72600a88a8486e088e21c30b997af1b60b55bc5443cecb18c2dcf54dbca3ac34f10ad2be9d755679519bb674b42904be579df62436bcf06de4cfd636d592840d674d11195edeb4dfe61370e9a9453378957fdecf2115ee008224fb8c97fcd051ddb1ed8d0419b950f2cd085bf1debaafb2a46cf65be863939cffde741797fdf64c17f3b447464be0e6bb90324c4c65b3cf66958a15d537a1675dffbc4e41f7a6c92ed27c5ef0dd0dcce6f96225b4e0ece510ce00f9611e395215e116026499dce3417cee3fbde0106b2a6fbd5937423124f6549c2206afc2ad1df5bedcc5e1371ed2b9f09f76576589450b09dd990811c59c3f848c1a4fccdfe686968903edffbc010eb73f55ac5a675fa3db70db12c826c8b7360617d8abeacefa6e2a8da62e4f304543cc9217fe1b0ec4fb044ca849802c4a140b91cc056d566c8670e4600941a54b2eb8643ff206c3401c0bd9838a025545227ae3e6bcb47fa3dcd1b40d8a0917f63744fb1ec2b72211c6cfda13248b2d0b4232e4fe7015cc42d4928f07ca9161640102f22236cca7ca3b81ffc81c4ff20532b5203e0d94771b8d0ec70e637135fdbb788fa8b4704e11d3c6083a45f51efd8560c0e63435516586aa82eaa998c140767d3ce35491e301c12f74583c61cd4d2ef1caa6fea3e353637cdeb3332d964155c9d32f826829a7174ab06c44e32063e46ce742b7027cffb8999302b602949c60496a0bf3c7cdf859d4ba51102674414867af614cffb88ac177dfbdb6131f7370dcb851002cec1742fb1561257716850c9ed3b075a6c023bcf05b5d580ac8e5d7ab7e5b1723212c681989e5f91958b635e0d076634584920c1b98d7f6ea0ddded6be9eb74de778b3c57c36b18e0c56c3a051014e09fac70ce6a7b0f042f5eeca8b8885e500bcb41f6fd974e5f6888859abdf3600706a3de9fce060c3069600c63106aff24210461c5d3423fa4e350041fd166902ad86bdba8cf965917f7e3ab019e1911d8013dad576465319c4e04b89b5ee1d07f54705718592d6aa453558294743daa8dba33159fb0e291829ac220562b007597e067e5f65841563673b69cc1d549f50e9efbdf256d797fe8c7d09596c167a45d", 0x2000, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ptrace(0x10, 0x0)
writev(r2, &(0x7f0000000140)=[{&(0x7f0000000cc0)="e1", 0x1}], 0x1)
stat(&(0x7f00000004c0)='./file0\x00', 0x0)

8m47.617829473s ago: executing program 0 (id=2225):
setrlimit(0x8, &(0x7f0000000080))
mincore(&(0x7f0000000000/0x1000)=nil, 0x1000, &(0x7f0000000340)=""/194)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
poll(&(0x7f0000000040), 0x0, 0x7)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r1, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
sendmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
recvmmsg(r1, &(0x7f0000000d00), 0xf000, 0x10002, 0x0)
mlockall(0x2)

8m47.284298506s ago: executing program 33 (id=2225):
setrlimit(0x8, &(0x7f0000000080))
mincore(&(0x7f0000000000/0x1000)=nil, 0x1000, &(0x7f0000000340)=""/194)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
poll(&(0x7f0000000040), 0x0, 0x7)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r1, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
sendmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
recvmmsg(r1, &(0x7f0000000d00), 0xf000, 0x10002, 0x0)
mlockall(0x2)

1m44.90938108s ago: executing program 3 (id=3699):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
mremap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000, 0x6, &(0x7f0000ffc000/0x1000)=nil)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b", 0x44}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

1m44.066961696s ago: executing program 3 (id=3703):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = open(0x0, 0x0, 0x0)
bind$rds(0xffffffffffffffff, 0x0, 0x0)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x73, 0x86, 0x40, 0x20, 0xc72, 0x14, 0x39ac, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0xa, [{{0x9, 0x4, 0x1d, 0xf3, 0x0, 0x71, 0x6c, 0x75}}]}}]}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_control_io(r1, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f00000006c0)={0x40, 0x5, 0xa, "bc767a712da82b0d79b3"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000ac0)={0x40, 0x1a, 0x2, 0x3}, &(0x7f0000000b00)={0x40, 0x1c, 0x1, 0x80}, &(0x7f0000000b40)={0x40, 0x1e, 0x1, 0x8}, &(0x7f0000000b80)={0x40, 0x21, 0x1, 0x3}})
syz_usb_control_io(r1, 0x0, &(0x7f0000000380)={0x84, &(0x7f0000000000)={0x40, 0x3, 0x4, "000000d5"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
unlinkat(r0, &(0x7f00000000c0)='./control\x00', 0x200)
setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, 0x0, 0x0)

1m40.731009045s ago: executing program 3 (id=3712):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32, @ANYBLOB="0000000000000000000001000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
readv(r1, &(0x7f0000000040)=[{&(0x7f00000000c0)=""/119, 0x77}], 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'team_slave_0\x00', <r2=>0x0})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000200)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', r2, 0x8000, 0x700, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x1, 0x14, 0x67, 0x0, 0x0, 0x29, 0x0, @multicast1, @empty}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f3, &(0x7f0000000940)={'syztnl0\x00', &(0x7f0000000140)={'ip_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x2, {{0x5, 0x4, 0x0, 0x3e, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, @multicast1, @empty}}}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000220000000400000002"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r5, <r6=>0xffffffffffffffff}, &(0x7f0000000200), &(0x7f0000000140)=r4}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r6}, &(0x7f0000000040)=0x2, &(0x7f0000000240)=r4}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r5, &(0x7f0000000040)}, 0x20)
accept4$netrom(r4, &(0x7f0000000080)={{0x3, @bcast}, [@null, @rose, @bcast, @remote, @null, @remote, @null]}, &(0x7f0000000300)=0x48, 0x80800)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000280)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
r8 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0)

1m38.039365184s ago: executing program 3 (id=3721):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x12c5008, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x500, 0x40)
r1 = open_tree(r0, &(0x7f0000000300)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (fail_nth: 5)

1m37.046880038s ago: executing program 3 (id=3724):
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0)
r0 = socket(0x2, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000003c0)=0x6)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
sysinfo(&(0x7f0000000240)=""/226)
r4 = syz_init_net_socket$ax25(0x3, 0x3, 0xc3)
r5 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5867, 0x10, 0xfffffffc, 0x24d}, &(0x7f00000006c0)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4)
syz_io_uring_setup(0x60df, &(0x7f0000000340)={0x0, 0x318f, 0x80, 0x2, 0x3c5, 0x0, r5}, &(0x7f0000000080)=<r8=>0x0, &(0x7f00000000c0))
syz_io_uring_submit(r8, r7, &(0x7f0000000140)=@IORING_OP_CLOSE={0x13, 0x7})
io_uring_enter(r5, 0x100847c0, 0x0, 0x1, 0x0, 0x0)
setsockopt$ax25_int(r4, 0x101, 0x5, &(0x7f0000000b80)=0x40005, 0x4)

1m36.329874738s ago: executing program 3 (id=3725):
r0 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec85000000750000000400000007"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000000)={@host})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @host, 0xc, 0x0, 0x5e, 0x2000001, 0x4, 0x101, 0x4})
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x4e20, 0x0, @empty, 0x4009}}, 0x2, 0x0, 0x1003fc, 0x0, 0x32, 0x7}, 0x9c)
bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x80000, @loopback}, 0x1c)
sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r6 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
ioctl$VIDIOC_ENUM_FMT(r6, 0xc0585611, &(0x7f00000000c0)={0x0, 0xb, 0x0, "3e58f67896b2f2098200902177392faff604cb7ef87e7610bc39ef64257f5d33"})
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x11e)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x5, 0x0)

1m35.550182275s ago: executing program 34 (id=3725):
r0 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec85000000750000000400000007"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000000)={@host})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @host, 0xc, 0x0, 0x5e, 0x2000001, 0x4, 0x101, 0x4})
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x4e20, 0x0, @empty, 0x4009}}, 0x2, 0x0, 0x1003fc, 0x0, 0x32, 0x7}, 0x9c)
bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x80000, @loopback}, 0x1c)
sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r6 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
ioctl$VIDIOC_ENUM_FMT(r6, 0xc0585611, &(0x7f00000000c0)={0x0, 0xb, 0x0, "3e58f67896b2f2098200902177392faff604cb7ef87e7610bc39ef64257f5d33"})
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x11e)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x5, 0x0)

13.322852015s ago: executing program 4 (id=4010):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@newqdisc={0x2c, 0x24, 0xd0f, 0x70bd29, 0xfffffffd, {0x60, 0x0, 0x0, 0x0, {0x0, 0x2}, {0xffff, 0xffff}, {0xfff3}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000050}, 0x20008840)
syz_open_procfs(0x0, 0x0)
semop(0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x401c2, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0x3}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1}}, 0x80001}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000002c0), 0x3)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f000000e0c0), 0x10010)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000b00)=@ccm_128={{0x303}, "0000090800000003", "73b59657269ef929ee540a8a0a86c5d0", "6362dfd5", "21be0dd9f7f3c312"}, 0x28)
sendfile(r4, r5, &(0x7f0000000100)=0x1010, 0x10001)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
ioctl$FS_IOC_FSSETXATTR(r6, 0x40086602, &(0x7f0000000080)={0x17e})
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x1ff)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r7, 0x40086602, &(0x7f0000000140)={0x17e})

12.329738877s ago: executing program 4 (id=4014):
syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="1201000043242108d81301006230010203010902120001000000000904"], 0x0)
syz_usb_connect$cdc_ecm(0x1, 0x132, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x120, 0x1, 0x1, 0x5, 0x50, 0xe, [{{0x9, 0x4, 0x0, 0xe, 0x3, 0x2, 0x6, 0x0, 0x7f, {{0xa, 0x24, 0x6, 0x0, 0x0, "67bb85bc7f"}, {0x5, 0x24, 0x0, 0x8000}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x2, 0x0, 0xa9}, [@dmm={0x7, 0x24, 0x14, 0xf, 0xe}, @mdlm_detail={0x99, 0x24, 0x13, 0x3, "4d44382e5e58538225ab99e52f3fb74349c31ec7c77291347cf848992d0a97a0a86ecf0419531f16bbf55a2b274415100d9100eb92b3b850259127586dd8e25a50643a6a23e4133ae01540b1d3503eef7207ffde3bf67ed10f4c38f3a63e6892a3911925f6001c0ce2e0e3c96580d1d40e9aba93de4dcca387474996da87da818febd3dfc92229233b3bc9b6b9deca09e11f5e87c5"}, @mbim_extended={0x8, 0x24, 0x1c, 0x2, 0x0, 0x3}, @mdlm={0x15, 0x24, 0x12, 0x3}, @obex={0x5, 0x24, 0x15, 0x3}, @mdlm={0x15, 0x24, 0x12, 0x7ff}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x40, 0xf5, 0x9, 0xff}}], {{0x9, 0x5, 0x82, 0x2, 0x8, 0x17, 0x8, 0x1e}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0xd, 0xb, 0x77}}}}}]}}]}}, &(0x7f00000006c0)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x110, 0xf5, 0x3, 0xdb, 0x20, 0x9}, 0x2b, &(0x7f00000001c0)={0x5, 0xf, 0x2b, 0x3, [@ssp_cap={0x14, 0x10, 0xa, 0x1, 0x2, 0x7, 0xf0f, 0x8, [0xff00cf, 0x3fc0]}, @ext_cap={0x7, 0x10, 0x2, 0xc, 0x6, 0x1, 0x8}, @wireless={0xb, 0x10, 0x1, 0x0, 0x8, 0x3, 0x0, 0x2, 0x5}]}, 0x9, [{0x82, &(0x7f0000000200)=@string={0x82, 0x3, "41cca207b7313b62d1b2c62a769e36dfd83e4f665833575e06497148e5b89d5f1fb3cb04d06a6ee319f680a556a12052843b59cb96b86f902a29ef331df1d380ec342f259f4421ef7d0201846f2f6eb666053a34b649f33862c18d443a6efd075292a0320a449a0ed8b9238a53cb7c2c15d9cc54861c96e27bcb78977353ee53"}}, {0x0, 0xfffffffffffffffe}, {0x76, &(0x7f00000002c0)=@string={0x76, 0x3, "27f0d8f2fba2ca25f560e673a176696582347024256eadd21f99419c5735b9dca4dd7f62de98d6903c91248172da0c301fad06b1830bd74ab5c148125802f13d9c35736c2c5f8fe12fa96659acca70197041a11e52aaea0b7bae09c4fa7d6ce444bdba7630b6868d49a7774fd0bfab17d9eeff1f"}}, {0xaa, &(0x7f0000000340)=@string={0xaa, 0x3, "171367acf482a0e8682d41eb91e9b290412da081d1da5b5f9e0c7b7ce354683fc0f79cd62c4712dc52eb4c8e880fcae4999673b8b80aeeb12d5758a59edf8a0ae1a2556a8d3d5327beb475db7997858dc7075a2d627ae36c38da6b0ca61f81b6ba97ed9f276e98dfedcf02017d36416b0e7773c44fd325ee53b1ca71fa94958340cba707144e904b77b7c18820e3a8302d4b3fe1357b2ee82ce0a479b3f0e60952bb9b03ee0a4d7a"}}, {0xb6, &(0x7f0000000480)=@string={0xb6, 0x3, "b9805b4190f5f2b9de4f83ca492a90b57fa11c4673a079d60af5667bf7741726b34e81b653569f818e4c6f9f7b5fa87a16a283691b7e6abeca7edefb80e08c6e863a89f93d760b45ecce6b5e02254229536f43fb153808e1c89d282f46e3b377dc1046658483a4314192822d3c1ff8eb6542b4af84d32c87073ae73d3fe315496f906a05dc38123d9ff5801a8ffb95b23f13b019445f1eb384160deda62935631de803b7fab98a3ed21e391f146bd6b3884ac65a"}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x427}}, {0xf9, &(0x7f0000000540)=@string={0xf9, 0x3, "aaddfe59f40afe45d27fcc9f295f18e7b91b95601fd97c432fbdb73fe4d35720121be71abf99963dc083dfbb7566eade7af36395645c71df25576babeb2d6413a822a64c0f8cf0514de242b03c53557e449ac0d3eee2c3ff3653ed283ceed47e5c32acb6f512c727956ded7131f38ee86b14060ec8ff5c840aebb63d4892770173a00b036addbdf4d3244cb24e1fa54e3a41a6d4cb9595acc42190acebc0e1bd18b98f01677d88121412e74b2ee0caee8ac291d18f78dd85956fddc8f69a697e88cd94eb1a08319d9ca0777b895c928eff55eb3e74cad6b57f22e3b23b91c0b21b4089ba2769151ec9ca5e040c0de86092f371ff171ea6"}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x437}}, {0x4, &(0x7f0000000680)=@lang_id={0x4, 0x3, 0x455}}]})

8.971212759s ago: executing program 4 (id=4029):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
gettid()
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x2}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r1, &(0x7f0000048040)=""/102392, 0x18ff8)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x20)
preadv(r2, &(0x7f0000001b00)=[{&(0x7f00000009c0)=""/239, 0xef}], 0x1, 0x2, 0x0)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_FD_FRAMES(r3, 0x65, 0x8, 0x0, &(0x7f0000000300))
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x10)
futex(0x0, 0xd, 0x1, 0x0, &(0x7f0000048000)=0xffffffff, 0x0)
futex(&(0x7f0000000840)=0x1, 0xd, 0x1, &(0x7f0000000880)={0x77359400}, 0x0, 0x2)
close(0xffffffffffffffff)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/kexec_crash_size', 0x2, 0x42)
mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000005c0)=ANY=[])
bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x1}, 0xa)
socket$kcm(0x29, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x30, 0x40, 0x107, 0x70bd2b, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x1c2}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x84;'}]}, @nested={0xc, 0x2, 0x0, 0x1, [@typed={0x8, 0x4, 0x0, 0x0, @pid}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
r5 = syz_open_dev$loop(&(0x7f0000000180), 0x3, 0x2)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r6, &(0x7f0000000000)="180c4552", 0x4)
write$binfmt_misc(r6, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000000400)={r6, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x80000000, 0x0, 0x0, 0x0, 0xc, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f30600301a00000020000000000000000c100"}})

7.28373338s ago: executing program 4 (id=4034):
r0 = syz_open_dev$vcsa(&(0x7f0000000380), 0x7b95b611, 0x802)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000000)='x', 0x1}, {&(0x7f00000001c0)='\x00\x00', 0x2}], 0x2)

6.535915868s ago: executing program 4 (id=4038):
syz_open_dev$tty1(0xc, 0x4, 0x2)
socket$inet6(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = fcntl$getown(r1, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x4, 0x3}, 0x0)
chdir(&(0x7f0000000480)='./cgroup\x00')
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
r3 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r3, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0}, 0x0)
sendmsg$rds(r3, &(0x7f0000000680)={&(0x7f0000000140)={0x2, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
getsockopt$TIPC_CONN_TIMEOUT(r4, 0x10f, 0x82, &(0x7f0000000640), &(0x7f0000000680)=0x4)
r5 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x73, 0x86, 0x40, 0x20, 0xc72, 0x14, 0x39ac, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0xa, [{{0x9, 0x4, 0x1d, 0xf3, 0x0, 0x71, 0x6c, 0x75}}]}}]}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_control_io(r5, &(0x7f0000000600)={0x2c, &(0x7f0000000240)={0x20, 0x8, 0x8b, {0x8b, 0x1e, "f6c5094fb3078cb2385480fbe9062b8cfb5a725e247b6f44bf53db48bdc64f7114f8340ddf03112197404351c835c8bf746fa7fed8fda518519040cf9903a7bf49d3c9af4c57b305fccbfb1aa8b185a8f559ab1b3e9220239dd394301e162af333bb216fce67fe8b7e6f45a9d48a9800bc01baabfaa60671275ffb0ef006d2db5ee1f0c5745f515896"}}, &(0x7f00000004c0)={0x0, 0x3, 0x88, @string={0x88, 0x3, "1e957fa4713a8183d504cac724985ba5dd1c1fc91df38e471568670ca458bd57f9b0d01b0cb0cc8d5f18eb3b6b73dd9eae28d9efc68bc508f4be91f5e413a501d9c5e41c5b95a92359442b0ca89cd7fb72bf5840a4131fb3b17f5be10f062f2f7499ef191b707841812e7f63e87d2ee04a1d4c2ab3d4e6f9526194b53e247e4ca7b6bddf680e"}}, &(0x7f0000000440)={0x0, 0xf, 0x2a, {0x5, 0xf, 0x2a, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x3c47fc5327a3b63, 0xff, 0x4, 0x9}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x0, 0x1, 0x47, 0x8}, @wireless={0xb, 0x10, 0x1, 0x4, 0x20, 0x6, 0x2, 0x6, 0x4}, @ptm_cap={0x3}, @ptm_cap={0x3}]}}, &(0x7f0000000580)={0x20, 0x29, 0xf, {0xf, 0x29, 0x4, 0x4, 0x7, 0xe, "616ddd2d", "832fa931"}}, &(0x7f00000005c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x8, 0x1, 0x6, 0x7f, 0xf3, 0x9, 0x4}}}, &(0x7f0000000bc0)={0x84, &(0x7f00000006c0)={0x40, 0x5, 0xae, "bc767a712da82b0d79b3f0dd3d6d4b8ea700c4a5d45ec5f8737fd3f90430aa25c0b767300be9086bee18373ffc9fc1a7ce9b4ffe4f46898e54a582a0e20071333366c2954be9e1b550645868cbff4d108d54f6369cf04e68d60cd85472f2b7a3002a00b530053280275713f85213ed1aa26a51de7682b50c68ed0d31755413744608cecd2d8ed20945fbd1e7579cd8dc47085fe70d2bcb7dbfd071f7796df17db4b227d9e1506d87da719f6d3c93"}, &(0x7f0000000780)={0x0, 0xa, 0x1, 0xba}, &(0x7f00000007c0)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000800)={0x20, 0x0, 0x4, {0x3, 0x1}}, &(0x7f0000000840)={0x20, 0x0, 0x8, {0xc0, 0x40, [0xf0]}}, &(0x7f0000000880)={0x40, 0x7, 0x2, 0x1}, &(0x7f0000000940)={0x40, 0x9, 0x1, 0xe}, &(0x7f0000000980)={0x40, 0xb, 0x2, "d898"}, &(0x7f00000009c0)={0x40, 0xf, 0x2, 0x4c3b}, &(0x7f0000000a00)={0x40, 0x13, 0x6, @random="237406ef9dee"}, &(0x7f0000000a40)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000a80)={0x40, 0x19, 0x2, "27f7"}, &(0x7f0000000ac0)={0x40, 0x1a, 0x2, 0x3}, &(0x7f0000000b00)={0x40, 0x1c, 0x1, 0x80}, &(0x7f0000000b40)={0x40, 0x1e, 0x1, 0x8}, &(0x7f0000000b80)={0x40, 0x21, 0x1, 0x3}})
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [], {0x14}}, 0x28}}, 0x0)
syz_usb_control_io(r5, 0x0, &(0x7f0000000380)={0x84, &(0x7f0000000000)={0x40, 0x3, 0x4, "000000d5"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, &(0x7f00000001c0)=0x2)
unlinkat(0xffffffffffffffff, &(0x7f00000000c0)='./control\x00', 0x200)
rmdir(&(0x7f0000000040)='./control\x00')

5.197710512s ago: executing program 1 (id=4043):
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$IOMMU_IOAS_MAP(0xffffffffffffffff, 0x3b85, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
ioctl$USBDEVFS_DROP_PRIVILEGES(r2, 0x4004551e, &(0x7f0000000140)=0xfffff801)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x22401, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
socket$packet(0x11, 0x2, 0x300)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x44}}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000200)="ea0d00b0000f229464670fc79c8100800000ba6100ecbaf80c66b8ecb1048566efbafc0c66b8106d7dd166eff0867dc5decb66b9800000c00f326635000100000f30ea0000e50066b8010000000f01d9", 0x50}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0, 0x3f}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

4.941325804s ago: executing program 6 (id=4046):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet(0x2, 0x3, 0x2)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newtaction={0x6c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x1}}}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_TCINDEX={0x6, 0x2}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0)
setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc)
setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa0000000003"], 0x1c)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x10001}}}}}, 0x0)
chmod(&(0x7f0000000000)='./file0\x00', 0x88)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000100)={'tunl0\x00', &(0x7f0000000040)={'sit0\x00', <r4=>0x0, 0x7800, 0x80, 0x3, 0x7d, {{0x7, 0x4, 0x1, 0x2c, 0x1c, 0x64, 0x0, 0xa, 0x4, 0x0, @remote, @remote, {[@end, @ssrr={0x89, 0x7, 0x79, [@initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}}})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$EVIOCGBITKEY(0xffffffffffffffff, 0x80404521, &(0x7f00000003c0)=""/85)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xffff}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x2, 0x401, 0xc}}}}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newtfilter={0x40, 0x2c, 0xd3f, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0xfff3, 0x1}, {}, {0x5, 0x8}}, [@filter_kind_options=@f_flower={{0xb}, {0x10, 0x2, [@TCA_FLOWER_KEY_ETH_DST={0xa}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8848}, 0x4000010)
syz_emit_ethernet(0x6a, &(0x7f0000000340)={@broadcast, @dev, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x6558, 0x0, 0x0, [0x0]}, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x800, [0x0]}, {}, {0xdd86}}}}}}, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000140)={@ipv4={'\x00', '\xff\xff', @loopback}, 0x2c, r4})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0xc)
r10 = getpid()
sched_setscheduler(r10, 0x2, &(0x7f0000000200)=0x7)
r11 = fcntl$getown(r3, 0x9)
prlimit64(r11, 0x1d, &(0x7f00000002c0)={0x9dad, 0x1}, 0x0)

3.881879148s ago: executing program 7 (id=4047):
sched_setscheduler(0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
mremap(&(0x7f0000303000/0x3000)=nil, 0x3000, 0x1000, 0x0, &(0x7f0000007000/0x1000)=nil)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x4010, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
syz_clone3(&(0x7f0000000080)={0x204801600, &(0x7f00000001c0), 0x0, 0x0, {0x2c}, 0x0, 0x0, 0x0, 0x0, 0x0, {r2}}, 0x58)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

3.744657866s ago: executing program 1 (id=4049):
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0)
r0 = socket(0x2, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000280)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_cmd={0x3c, 0x6, 0x10, 0x3, 0xe8, 0x3, 0x0, 0x6, 0x1, 0x2, 0xfffffffd, 0xfffffffd, 0x200, 0xb, 0x9f, 0x3, [0x100, 0xfffffff9]}})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
connect$unix(0xffffffffffffffff, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000003c0)=0x6)
mprotect(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x1000002)
r3 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5867, 0x10, 0xfffffffc, 0x24d}, &(0x7f00000006c0)=<r4=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4)
syz_io_uring_setup(0x60df, &(0x7f0000000340)={0x0, 0x318f, 0x80, 0x2, 0x3c5, 0x0, r3}, &(0x7f0000000080)=<r5=>0x0, &(0x7f00000000c0))
syz_io_uring_submit(r5, 0x0, &(0x7f0000000140)=@IORING_OP_CLOSE={0x13, 0x7})
io_uring_enter(r3, 0x100847c0, 0x0, 0x1, 0x0, 0x0)
setsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x5, &(0x7f0000000b80)=0x40005, 0x4)

3.743952313s ago: executing program 5 (id=4050):
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x88)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000080)=0x40, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mount(&(0x7f0000000200)=@rnullb, &(0x7f0000000240)='./cgroup/../file0\x00', &(0x7f0000000280)='hpfs\x00', 0xa94010, &(0x7f00000002c0)='&:,[.\x00')
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, 0x0, 0x0)
pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80040)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x1000)
chown(&(0x7f00000003c0)='./file0\x00', r4, 0xee01)
write$P9_RGETATTR(r3, &(0x7f00000001c0)={0xa0, 0x19, 0x2, {0x20, {0xd, 0x2, 0x5}, 0x20, r4, 0xee01, 0x7, 0x7, 0x1, 0x9, 0x8001, 0x8, 0x1, 0x9, 0x0, 0x3, 0x1, 0xcc, 0x9, 0x9, 0x4}}, 0xa0)
prctl$PR_SET_THP_DISABLE(0x42, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0600000c"], 0x9)
socket$netlink(0x10, 0x3, 0xe)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0xfd, 0x7fff0000}]})
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82)
syz_open_dev$sg(&(0x7f0000000280), 0x80000000002, 0x1)
r6 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r6, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1e00000094000000090000000300000000000600", @ANYRES32, @ANYBLOB="0800000000000000000000000000000400000000", @ANYRESDEC=0x0, @ANYRESOCT=r4, @ANYBLOB="0400000000000000040000009a5d000000000000d53bdc0af08adfbba5981945feddde4066442b0abc2bc610795163360ab9de6a3cfe5ea323654c8c2486e70916fec33aab9d93489848509e1320bea913c9f567e5c5834f82bb6d155a6a6ea104ed533fcc8396", @ANYRES32, @ANYBLOB="21b530a19632d57c77f4188da2e7ad8250b75167245f35afe7748c91be8178aa41c89c44b39a60041094147184707df9dcf30f85eaec6d376c63316d04b41c10dcf7a3d59ffe0d2563e0b3c8fdbc06dda3dd9ea73583bb2408160e760ac29617598db2ae1a21928794cc7246bba1cc2c15b4d3d90278e66c9947295c30538548737d249c7c367331e0b2c789f15aef9589f98cc7961d43b4e94e96627f42d55066154fa09948564153b4e02fa9964360ceec65f175f95128"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0x200000d2, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x200}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
close_range(r5, 0xffffffffffffffff, 0x0)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000080)={0x640, 0x800, 0x556, 0x280, 0x3, 0x7, 0x18, 0x2, {0x6c, 0x8, 0x1}, {0x4, 0xffffff7f, 0x1}, {0x1, 0xfffffffe, 0x1}, {0xb2e8, 0x1, 0x1}, 0x3, 0x0, 0xffffff69, 0x465e9c13, 0x1, 0x5, 0x8, 0x6, 0x2, 0x4, 0x3, 0x0, 0x38, 0x4, 0x3, 0x5})
r8 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff070000e5373526a01e"], 0x1c}, 0x1, 0x0, 0x0, 0x48050}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r10 = openat$cgroup_int(r9, &(0x7f0000000140)='cgroup.max.descendants\x00', 0x2, 0x0)
write$cgroup_subtree(r10, &(0x7f0000000080)=ANY=[], 0x27)

3.741872834s ago: executing program 7 (id=4051):
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x8004)

3.582588122s ago: executing program 6 (id=4052):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0xb, &(0x7f0000005300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000900)=ANY=[@ANYBLOB='t\x00\x00', @ANYRES16, @ANYBLOB="000429bd7000fcdbdf25050000000c00030042000000000000000c00080002000000000000000c00020003000000000000000c00020009000000000000000d000a006e6c3830323135340000000008000100000000000c00080001800000000000000c000400ffffffffffffff7fa588c98c64e3effb690139ee61a9f937e2d09c5ba06928e4941697b9b907119cf88332c91c7077508a4c699ef6219765ea141fc7bf7c88279efc6596dad73db1952b22c1e7f7dfaf4328bc7dde7d2d6bfc74414dadd663dbdf60c800415350ab2a7a7d9c5501867570f550d7caec722b4df1e1"], 0x74}, 0x1, 0x0, 0x0, 0x1}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000340)="d8000000180081084e81f782db44b904021d0800fd007c06e8fe55a10a0015400600142603600e120800060000000201a80016000800014003e01100036010fab94dcf5c0461c1d67f6f9400e08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef409001b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed1bffec62070000cbee5de6ccd44a677575a62cef352a92954b43370e9701ee1b6ec75a526c5d5b5701cf8773", 0xd8}], 0x1}, 0x400c0)

3.482500215s ago: executing program 6 (id=4053):
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x33, 0x0, 0x0)
socket(0x21, 0x2, 0x4ee)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = ioctl$KVM_CREATE_GUEST_MEMFD(0xffffffffffffffff, 0xc040aed4, &(0x7f0000000040)={0x1000200001fe0000, 0x1})
close(r0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000008000000001"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x18)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000180)={r4, &(0x7f0000000400)="d55b5b", &(0x7f00000000c0)=""/71}, 0x20)

3.48178376s ago: executing program 1 (id=4054):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$fou(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x24}, 0x1, 0x0, 0x0, 0xc0}, 0x40040)

3.481452455s ago: executing program 7 (id=4055):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001f00)=ANY=[@ANYBLOB="200000005e00250e00000000000000000c000080eec47c8e670527ab04000180"], 0x20}], 0x1}, 0x0)
readv(r1, &(0x7f0000001500)=[{&(0x7f0000000200)=""/73, 0x49}], 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000000)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000000, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10)
write(r0, &(0x7f00000000c0)="8f2a0a65bd8c002b0304000e0580a7b6070d63e286a5cefe", 0x5ac)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x101840, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, 0x0)

3.383605084s ago: executing program 5 (id=4056):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
r0 = open(&(0x7f0000000480)='./file0\x00', 0x0, 0x718bb647156ec3b7)
mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x200, 0x0)
linkat(r0, &(0x7f0000000040)='./file1\x00', r0, &(0x7f0000000180)='./bus\x00', 0x0)
link(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='./file0\x00')
open(&(0x7f0000000440)='./bus\x00', 0xe8142, 0x80)

3.311524478s ago: executing program 7 (id=4057):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$F2FS_IOC_COMPRESS_FILE(r0, 0xf518, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket$inet(0x2, 0x2, 0x1)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x0, @remote}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x8000000000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_getparam(0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
eventfd(0xfffffff9)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f00000002c0), 0x60c0, 0x0)
ioctl$SG_GET_PACK_ID(r5, 0x227c, &(0x7f0000000040))
r6 = openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000240)=r5)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, 0x0)
r7 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYRESDEC=r7], 0x4c}}, 0x40)
r8 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r8, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfe, 0x2ffffffff}, 0xc)
r9 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14)
socket$nl_route(0x10, 0x3, 0x0)

3.310161541s ago: executing program 5 (id=4058):
r0 = socket$kcm(0x10, 0x2, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
connect$tipc(r2, &(0x7f0000000140)=@id={0x1e, 0x3, 0x1, {0x4e20, 0x4}}, 0xffffffffffffff08)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=@newqdisc={0x34, 0x24, 0x100, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x10}, {0xffff, 0xffff}, {0xd, 0x1}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x51}, 0x4c001)
r4 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r4, &(0x7f00000065c0)={0x0, 0x0, &(0x7f0000006580)={&(0x7f0000006080)={0x28, 0x14, 0x211, 0x0, 0x25dfdbfc, {0x28}, [@INET_DIAG_REQ_BYTECODE={0xfffffffffffffd68, 0xfa, "4ac2411e47060aefadfa617ab9"}]}, 0x28}}, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1a1c00, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WIPHY(r6, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r7, 0x0, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8, 0x1, 0x19}, @void, @void}}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40)
ioctl$SIOCGIFHWADDR(r5, 0x8927, &(0x7f00000000c0)={'nicvf0\x00'})

3.257632331s ago: executing program 1 (id=4059):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
syz_socket_connect_nvme_tcp()
read$hiddev(0xffffffffffffffff, &(0x7f00000000c0)=""/4092, 0xffc)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001100)=""/26, 0x1a}], 0x1, 0x20010000, 0xd56a)
read$msr(0xffffffffffffffff, &(0x7f0000000180)=""/92, 0x5c)
ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
r5 = signalfd(r3, &(0x7f0000001180)={[0x40000003]}, 0x8)
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f00000001c0)={0x1, r5})
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000040)=[r2, r6, r1], 0x3)
io_uring_register$IORING_UNREGISTER_FILES(0xffffffffffffffff, 0x3, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000001140), 0x3, 0x400)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x1)

2.566291508s ago: executing program 5 (id=4060):
r0 = inotify_init1(0x0)
inotify_add_watch(r0, &(0x7f0000000400)='.\x00', 0xa4000021)
read(r0, 0x0, 0x20)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000007c0)=ANY=[@ANYBLOB="5000000010000104fcffffff8000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=r2, @ANYBLOB="336c4c1332362033cd258fd745ba52fb05d0cad5c299ac18cb10aa54d4e0516606cd205a1885e849c55e979192c75ddfb755ca561e5fca292120e6b8a5eb4b4526b84918ef53d1cb80c4bad26583a24c0ad7c76ef67c7f0c5845cff5"], 0x50}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000001a40)=""/102392, 0x18ff8)
r4 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000340)="3d58fbf6eee38ee7cfc10733244a9f394fa99903cc5c3312450c499c5c3ec1001ee215e32b775bd4d47de3d2060528d26dd149e4d974272a1cf7311b3bc55a5701927969720283d2c2805f42c8439e54b9bfd9faa37ad90c4e575b434c2010c32511eb0d19da9710ceae508ccacc8927ed421cd7c1b1d0d4481154d64296215720c11f8b71bc7f528f061ca14e9618111392749441c029404d06b9976cce0a958a752ef9b763ac2a2b712b412a0eb169fc190618dd527569f2e8a8b0b2472fd1", 0xc0}, {&(0x7f0000000440)="732930c8c3b1b6f63b2004403edfbdaee8773bc781d3ec57512208e31aceab040f1a3fe844c484d597ef386cf1b9e5890de76a28539d387aed95e1698c484a941fb349d4a116c6d08d6f6f59308a1af84ba57dfde69ac1dfbea7e5c081acd5ad5cdfc7b17c04ff014927a293bd38e2", 0x6f}, {&(0x7f00000004c0)="9349e8056101906719a65511a9dcc86b883b2132a2ab2edc1bae7cd8beaca473c734bcd1b688bc3df992fed47389521a12dc1453f4a619cc0c252e539d2f928ef04a44459745d82468f329b51f94cc36ae99a36ffdcb3daae1dd71dea6e345b675e40ed140534d17f276901fcd627c0b0336dee9c862749054a842c5d9d200da48993dea9e40ff21071a71f7d2f49a6f59bf2191b3f74d", 0x97}, {&(0x7f0000000580)="d5ebd2940c80e1c9cb263e3486c0b3c92a1f24b865a36b82a41bd2ff983f434f3be95433afeec74e615f8948871687d7fc9de25e130185b1223e6dc31658306272fe28c6d0ba28ac0be958a200587b30920eecaf34876ee86ec7533809280c728e072597ae393511a76393463476adf34de23f2bc70ecc9594aaa1426351c6b3bb3caa2178c40b02053f1ce5648620dcecd5d4b59a8701af047ed9eaac07dc33e1a86e7756ae4e2522219c9002578d0d441069815b0ae9c51ec2296a4bdd4d3a60fbfe036d405dd9b69aa11807030438df03581056473a", 0xd7}, {&(0x7f0000000680)="30821c91b6473050f8c805f6e5108536450cae95a117cd54b0e6ecda715867ec3a2b0bcbaa2f07b413a9b64c3f2d0832e58939e3bedaf8960a5e05c9003359d142e0831dd8c4dcbd94b9fa26ccacd0abd46a6b6749d9dab1174deb129bf27ad38bca7396c8f1d315a3fa3c6677efa30ae71e765d870118576e9cef0183eb5ec1df93c20499b90f4fbcd427704eef", 0x8e}], 0x5}, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x3000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, 0x0}], 0x1, 0x1, 0x0, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r9 = socket(0x400000000010, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r11, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001940)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, r11, {0xfff3, 0x7}, {0x0, 0xc}, {0x8, 0x1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x14, 0x2, [@TCA_CGROUP_EMATCHES={0x10, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x40010)
ioctl$KVM_PRE_FAULT_MEMORY(r7, 0xc040aed5, &(0x7f0000000040)={0x3000, 0x114000})
r12 = add_key(&(0x7f0000000000)='rxrpc\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$instantiate(0xc, r12, 0x0, 0x0, 0x0)
open(0x0, 0x40, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)

2.562160478s ago: executing program 6 (id=4061):
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x48)
bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12011001000000406d0413c500000000000109022400010000a0060904fd0081030003000921000028012207000905810300024908"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\"\a'], 0x0}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff0500fde5b8e77c"], 0x15)
ptrace$cont(0x7, 0x0, 0x4, 0x7fff)
r3 = syz_open_procfs(0x0, &(0x7f0000000440)='net/route\x00')
preadv(r3, &(0x7f00000001c0)=[{&(0x7f0000002380)=""/169, 0xa9}], 0x1, 0x80, 0x1)
uname(&(0x7f0000000400)=""/144)

2.17363945s ago: executing program 4 (id=4062):
syz_usb_connect(0x3, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be"], 0x0)
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x100, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendto$inet(r1, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000001400)={0x0, 0x0, 0x47a}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000005c0)={0x0, 0x2, 0x47a}, 0x39)
setsockopt$MRT6_FLUSH(r1, 0x29, 0xd4, &(0x7f0000000000)=0xd, 0x4)

2.070053427s ago: executing program 7 (id=4063):
socket$igmp6(0xa, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = open(&(0x7f00000002c0)='./file0\x00', 0x1491ff, 0x22)
fcntl$setlease(r2, 0x400, 0x0)
r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x2, 0x0, 0x2}, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80, 0x23456})
write$FUSE_NOTIFY_RESEND(r2, &(0x7f0000000240)={0x14}, 0x14)
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', r6}, 0x18)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), r8)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r8, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)={0x2c, r9, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24040c81}, 0x2de0d2a06d7aeea8)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x14)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000080)='./file0\x00')
chmod(&(0x7f0000000000)='./file1\x00', 0x4a)

1.949299518s ago: executing program 1 (id=4064):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0xb, &(0x7f0000005300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000900)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16, @ANYBLOB="000429bd7000fcdbdf25050000000c00030042000000000000000c00080002000000000000000c00020003000000000000000c00020009000000000000000d000a006e6c3830323135340000000008000100000000000c00080001800000000000000c000400ffffffffffffff7fa588c98c64e3effb690139ee61a9f937e2d09c5ba06928e4941697b9b907119cf88332c91c7077508a4c699ef6219765ea141fc7bf7c88279efc6596dad73db1952b22c1e7f7dfaf4328bc7dde7d2d6bfc74414dadd663dbdf60c800415350ab2a7a7d9c5501867570f550d7caec722b4df1e1"], 0x74}, 0x1, 0x0, 0x0, 0x1}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000340)="d8000000180081084e81f782db44b904021d0800fd007c06e8fe55a10a0015400600142603600e120800060000000201a80016000800014003e01100036010fab94dcf5c0461c1d67f6f9400e08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef409001b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed1bffec62070000cbee5de6ccd44a677575a62cef352a92954b43370e9701ee1b6ec75a526c5d5b5701cf8773", 0xd8}], 0x1}, 0x400c0)

1.807072656s ago: executing program 1 (id=4065):
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ptrace$ARCH_ENABLE_TAGGED_ADDR(0x1e, 0x0, 0x5, 0x4002)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x33}, 0xe70bdd3d34fcba6)
r2 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x44)
r3 = syz_io_uring_setup(0xbdf, &(0x7f0000000000)={0x0, 0x6d0a, 0x80, 0xfffffffd, 0x40000331, 0x0, r2}, &(0x7f0000000080)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r2, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
syz_open_procfs$userns(0x0, &(0x7f0000000140))
io_uring_enter(r3, 0x847ba, 0x2000, 0xe, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, 0x0)
sched_setattr(0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000440)={0x1, @pix_mp={0x62, 0x1, 0x3031334d, 0x3, 0xa, [{0x3, 0x6}, {0x2, 0x2}, {0x3, 0x411}, {0x10001, 0x8}, {0x6, 0x8}, {0x4, 0xd}, {0x8, 0xfffffff8}, {0x5, 0x1}], 0xc, 0x2, 0x1, 0x0, 0x2}})
mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x5)
syz_usb_connect(0x0, 0x34, 0x0, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0xfe, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000011008b88040f80cb59acbc0413a1f8480f0000005e2900421803001825e60a001402000002800000121f", 0x2e}], 0x1}, 0x0)

762.414618ms ago: executing program 5 (id=4066):
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0)
r0 = socket(0x2, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000280)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_cmd={0x3c, 0x6, 0x10, 0x3, 0xe8, 0x3, 0x0, 0x6, 0x1, 0x2, 0xfffffffd, 0xfffffffd, 0x200, 0xb, 0x9f, 0x3, [0x100, 0xfffffff9]}})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
connect$unix(0xffffffffffffffff, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000003c0)=0x6)
mprotect(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x1000002)
r3 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5867, 0x10, 0xfffffffc, 0x24d}, &(0x7f00000006c0)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_setup(0x60df, &(0x7f0000000340)={0x0, 0x318f, 0x80, 0x2, 0x3c5, 0x0, r3}, &(0x7f0000000080)=<r6=>0x0, &(0x7f00000000c0))
syz_io_uring_submit(r6, r5, &(0x7f0000000140)=@IORING_OP_CLOSE={0x13, 0x7})
io_uring_enter(r3, 0x100847c0, 0x0, 0x1, 0x0, 0x0)
setsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x5, &(0x7f0000000b80)=0x40005, 0x4)

677.592825ms ago: executing program 7 (id=4067):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), r0)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000080)=<r3=>0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0)
socket$rds(0x15, 0x5, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x18)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x80, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x8, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
sendmsg$NFC_CMD_VENDOR(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0x40, r2, 0x200, 0x70bd27, 0x25dfdbfc, {}, [@NFC_ATTR_VENDOR_DATA={0x13, 0x1f, "85b7b3df45c9c2e0519cb3ff8e31f6"}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}, @NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0x80000001}, @NFC_ATTR_VENDOR_SUBCMD={0x8, 0x1e, 0x7fffffff}]}, 0x40}}, 0x800)
sendmsg$NL802154_CMD_DEL_SEC_KEY(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=ANY=[@ANYBLOB="240000000b53cf1d7d8c01920ab014ecabac98c42a075e4cdbadf09a731bd3d6124ebc04bc108e7b696cc14c116c1a892e0f931b7a542acbb9fd7d946517e0c75838016266da55412eb8ad50a78543d31194f815cf725d7932cb8579", @ANYRES16=r1, @ANYBLOB="499225bd7000fedbdf2518000000040030800c0006000100000001000000"], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x0)
syz_usb_connect(0x1, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000009a65d0860040800dee20102030109021b05000000000009040000f678eaf500090584", @ANYBLOB='\v'], &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
openat$mice(0xffffffffffffff9c, &(0x7f0000000300), 0x0)
r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x204000, 0x0)
ioctl$SNAPSHOT_CREATE_IMAGE(r7, 0x40043311, &(0x7f0000000180))

474.162194ms ago: executing program 5 (id=4068):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00006ca000/0x4000)=nil, 0x4000, 0x0, 0x3ff, 0x100)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
write(0xffffffffffffffff, &(0x7f0000000000)="fc0000001c000705ab092509b86813000aab080102000000b85b0e93210001c0f0060848050000010000000000039815fa2c53c28648000000b937799f377a00bc000c00f0036cdf", 0x48)
r0 = syz_open_dev$sg(&(0x7f00000002c0), 0x5d7000000000000, 0x2402)
ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f0000000000)=0x1)
read(r0, &(0x7f0000000040)=""/142, 0x3f)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)

53.668566ms ago: executing program 6 (id=4069):
r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x800000000e3, 0x401)
ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0205647, &(0x7f00000000c0)={0xf010000, 0x0, "4f2572ce1cedbf10981e10326800000000000000000000000500", 0x2, 0x102000002, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, [0x3ff, 0x1, 0x0, 0xb7e]})
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1004c, '\x00', 0x0, @sk_reuseport=0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
ioctl$VIDIOC_SUBDEV_G_SELECTION(r0, 0xc040563d, &(0x7f00000001c0)={0x0, 0x0, 0x101, 0x4, {0x8, 0x1, 0x0, 0x6}})

0s ago: executing program 6 (id=4070):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3c0000004800010000000000000000000a00806e0800000000000000140001800d2a79075827af5aa534d6815c2e93f10c000280", @ANYRES32=0x0], 0x3c}}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = dup(r5)
write$UHID_INPUT(r6, &(0x7f0000002080)={0xc, {"a2e3ad9bed0d52f91b30330887f70e06d038e7ff7fc6e5539b3272298b089b07081b4d090890e0878f0e1ac6e7049b3365959bfc9a240d2567f3988f7ef31952013fffe8d178708c523c921b1b9b39070d075d0936cd3b78130d9b61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c9000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdc80c47ee4f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78ff95b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af0000807e0000000002d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b4051db55e0510a6e4114a53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a6d8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00')
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
preadv(r7, &(0x7f0000000040)=[{&(0x7f0000001440)=""/4106, 0x100a}], 0x1, 0x300, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r2, 0x80489439, &(0x7f0000000200))
r8 = socket(0x80000000000000a, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r8, 0x84, 0x71, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB, @ANYRES32=0x0], 0x48)
connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)

kernel console output (not intermixed with test programs):

] usb 7-1: config 0 descriptor??
[  910.821645][ T5932] peak_usb 7-1:0.29: PEAK-System PCAN-USB X6 v121 fw v179.0.0 (2 channels)
[  911.477983][T18664] infiniband syz1: set active
[  911.484674][ T5932] peak_usb 7-1:0.29 can0: sending command failure: -8
[  911.491472][ T5932] peak_usb 7-1:0.29 can0: sending command failure: -8
[  911.567681][T18664] infiniband syz1: added bond_slave_0
[  911.574203][ T5932] peak_usb 7-1:0.29 can0: sending command failure: -8
[  911.586234][T18664] syz1: rxe_create_cq: returned err = -12
[  911.598665][T18664] infiniband syz1: Couldn't create ib_mad CQ
[  911.605182][T18664] infiniband syz1: Couldn't open port 1
[  911.654467][ T5932] peak_usb 7-1:0.29: probe with driver peak_usb failed with error -8
[  911.885303][ T5932] usb 7-1: USB disconnect, device number 14
[  911.952331][T18664] RDS/IB: syz1: added
[  911.961565][T18664] smc: adding ib device syz1 with port count 1
[  912.083708][T18664] smc:    ib device syz1 port 1 has no pnetid
[  912.877855][ T5824] Bluetooth: hci4: command 0x0406 tx timeout
[  916.532751][T18745] netlink: 'syz.1.3422': attribute type 21 has an invalid length.
[  916.592853][T18745] netlink: 156 bytes leftover after parsing attributes in process `syz.1.3422'.
[  916.613427][T18745] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3422'.
[  917.133367][ T5857] usb 7-1: new full-speed USB device number 15 using dummy_hcd
[  917.303867][ T5857] usb 7-1: config 0 has an invalid interface number: 29 but max is 0
[  917.313450][ T5857] usb 7-1: config 0 has no interface number 0
[  917.347004][ T5857] usb 7-1: config 0 interface 29 has no altsetting 0
[  917.398739][ T5857] usb 7-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  917.410115][ T5857] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  917.432454][ T5857] usb 7-1: Product: syz
[  917.436707][ T5857] usb 7-1: Manufacturer: syz
[  917.441273][ T5857] usb 7-1: SerialNumber: syz
[  917.455352][ T5857] usb 7-1: config 0 descriptor??
[  917.524039][T18765] fuse: Unknown parameter 'fd0x0000000000000004'
[  917.730721][ T5857] peak_usb 7-1:0.29: PEAK-System PCAN-USB X6 v121 fw v179.240.221 (2 channels)
[  918.924936][ T5857] peak_usb 7-1:0.29 can0: sending command failure: -22
[  918.932332][ T5857] peak_usb 7-1:0.29 can0: sending command failure: -22
[  918.965324][ T5857] peak_usb 7-1:0.29 can0: sending command failure: -22
[  919.054329][ T5857] peak_usb 7-1:0.29: probe with driver peak_usb failed with error -22
[  920.434158][T18794] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3434'.
[  920.477948][ T5857] usb 7-1: USB disconnect, device number 15
[  920.523840][T18798] netlink: 'syz.6.3435': attribute type 21 has an invalid length.
[  920.532348][T18798] netlink: 156 bytes leftover after parsing attributes in process `syz.6.3435'.
[  920.542567][T18798] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3435'.
[  920.598879][T18800] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  920.648725][T18800] team0: No ports can be present during mode change
[  921.708897][T18820] tipc: Disabling bearer <udp:syz2>
[  921.883239][ T5932] usb 7-1: new full-speed USB device number 16 using dummy_hcd
[  921.964251][    T9] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[  922.077975][T18826] FAULT_INJECTION: forcing a failure.
[  922.077975][T18826] name failslab, interval 1, probability 0, space 0, times 0
[  922.091740][T18826] CPU: 1 UID: 0 PID: 18826 Comm: syz.4.3444 Not tainted syzkaller #0 PREEMPT(full) 
[  922.091765][T18826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  922.091776][T18826] Call Trace:
[  922.091782][T18826]  <TASK>
[  922.091789][T18826]  dump_stack_lvl+0x16c/0x1f0
[  922.091821][T18826]  should_fail_ex+0x512/0x640
[  922.091841][T18826]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  922.091871][T18826]  should_failslab+0xc2/0x120
[  922.091891][T18826]  kmem_cache_alloc_noprof+0x75/0x6e0
[  922.091917][T18826]  ? getname_flags.part.0+0x4c/0x550
[  922.091946][T18826]  ? getname_flags.part.0+0x4c/0x550
[  922.091968][T18826]  getname_flags.part.0+0x4c/0x550
[  922.091993][T18826]  getname_flags+0x93/0xf0
[  922.092009][T18826]  user_path_at+0x24/0x60
[  922.092027][T18826]  __x64_sys_mount+0x1fb/0x310
[  922.092049][T18826]  ? __pfx___x64_sys_mount+0x10/0x10
[  922.092077][T18826]  do_syscall_64+0xcd/0xfa0
[  922.092106][T18826]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  922.092123][T18826] RIP: 0033:0x7ff1c4b8efc9
[  922.092138][T18826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  922.092154][T18826] RSP: 002b:00007ff1c5a5b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  922.092171][T18826] RAX: ffffffffffffffda RBX: 00007ff1c4de5fa0 RCX: 00007ff1c4b8efc9
[  922.092182][T18826] RDX: 0000200000000180 RSI: 0000200000000000 RDI: 0000000000000000
[  922.092193][T18826] RBP: 00007ff1c5a5b090 R08: 0000200000000080 R09: 0000000000000000
[  922.092203][T18826] R10: 0000000002004000 R11: 0000000000000246 R12: 0000000000000001
[  922.092214][T18826] R13: 00007ff1c4de6038 R14: 00007ff1c4de5fa0 R15: 00007ffe6ab134c8
[  922.092239][T18826]  </TASK>
[  922.392859][    T9] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  922.404457][ T5932] usb 7-1: config 0 has an invalid interface number: 29 but max is 0
[  922.477087][    T9] usb 4-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3
[  922.491102][ T5932] usb 7-1: config 0 has no interface number 0
[  922.503666][ T5932] usb 7-1: config 0 interface 29 has no altsetting 0
[  922.513470][    T9] usb 4-1: Product: syz
[  922.530764][    T9] usb 4-1: Manufacturer: syz
[  922.535683][    T9] usb 4-1: SerialNumber: syz
[  922.549580][    T9] usb 4-1: config 0 descriptor??
[  922.556799][    T9] ch341 4-1:0.0: ch341-uart converter detected
[  922.567684][ T5932] usb 7-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  922.583595][ T5932] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  922.622926][ T5932] usb 7-1: Product: syz
[  922.631466][ T5932] usb 7-1: Manufacturer: syz
[  922.663252][ T5932] usb 7-1: SerialNumber: syz
[  922.812946][ T5932] usb 7-1: config 0 descriptor??
[  923.737977][ T5932] peak_usb 7-1:0.29: PEAK-System PCAN-USB X6 v121 fw v179.0.0 (2 channels)
[  923.939620][ T5932] peak_usb 7-1:0.29 can0: sending command failure: -8
[  923.951368][ T5932] peak_usb 7-1:0.29 can0: sending command failure: -8
[  923.968839][ T5932] peak_usb 7-1:0.29 can0: sending command failure: -8
[  924.119787][T18841] netlink: 'syz.5.3447': attribute type 21 has an invalid length.
[  924.601699][    T9] ch341-uart ttyUSB0: failed to read break control: -71
[  924.608828][    T9] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  924.628171][    T9] usb 4-1: USB disconnect, device number 73
[  924.635329][T18841] netlink: 156 bytes leftover after parsing attributes in process `syz.5.3447'.
[  924.645869][T18841] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3447'.
[  924.645871][ T5932] peak_usb 7-1:0.29: probe with driver peak_usb failed with error -8
[  924.646322][    T9] ch341 4-1:0.0: device disconnected
[  924.672480][ T5932] usb 7-1: USB disconnect, device number 16
[  925.607215][T18856] netlink: 'syz.6.3451': attribute type 1 has an invalid length.
[  925.615251][T18856] netlink: 15382 bytes leftover after parsing attributes in process `syz.6.3451'.
[  925.890873][T18857] netlink: 'syz.3.3452': attribute type 1 has an invalid length.
[  925.898793][T18857] netlink: 15382 bytes leftover after parsing attributes in process `syz.3.3452'.
[  925.944165][T18857] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3452'.
[  925.953668][T18857] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3452'.
[  925.962765][T18857] netlink: 'syz.3.3452': attribute type 14 has an invalid length.
[  926.089609][T18853] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3451'.
[  926.098894][T18853] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3451'.
[  926.107782][T18853] netlink: 'syz.6.3451': attribute type 14 has an invalid length.
[  926.373295][ T5932] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[  927.155170][T18870] netlink: 'syz.5.3455': attribute type 1 has an invalid length.
[  927.162972][T18870] netlink: 15382 bytes leftover after parsing attributes in process `syz.5.3455'.
[  927.263253][ T5932] usb 4-1: Using ep0 maxpacket: 8
[  927.278099][T18867] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.3454'.
[  927.304052][ T5932] usb 4-1: config 0 has an invalid interface number: 186 but max is 0
[  927.340580][ T5932] usb 4-1: config 0 has no interface number 0
[  927.363952][ T5932] usb 4-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  927.433667][ T5932] usb 4-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  927.481022][ T5932] usb 4-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  927.575205][ T5932] usb 4-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  927.601023][T18865] netlink: 'syz.5.3455': attribute type 14 has an invalid length.
[  927.734801][ T5932] usb 4-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  927.751925][ T5932] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  927.889457][ T5932] usb 4-1: Product: syz
[  927.908076][ T5932] usb 4-1: Manufacturer: syz
[  928.347779][ T5932] usb 4-1: SerialNumber: syz
[  928.366174][ T5932] usb 4-1: config 0 descriptor??
[  928.641695][ T5932] iowarrior 4-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0
[  928.825633][ T5857] usb 4-1: USB disconnect, device number 74
[  929.800247][T12542] Bluetooth: hci3: received HCILL_GO_TO_SLEEP_ACK in state 1
[  929.984749][T18910] __nla_validate_parse: 3 callbacks suppressed
[  929.984761][T18910] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3467'.
[  930.603906][  T112] usb 6-1: new full-speed USB device number 34 using dummy_hcd
[  931.115686][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  931.336607][  T112] usb 6-1: config 0 has an invalid interface number: 29 but max is 0
[  931.345395][  T112] usb 6-1: config 0 has no interface number 0
[  931.351507][  T112] usb 6-1: config 0 interface 29 has no altsetting 0
[  931.374302][  T112] usb 6-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  931.384098][  T112] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  931.392105][  T112] usb 6-1: Product: syz
[  931.403331][  T112] usb 6-1: Manufacturer: syz
[  931.413866][  T112] usb 6-1: SerialNumber: syz
[  931.432003][  T112] usb 6-1: config 0 descriptor??
[  931.657975][  T112] peak_usb 6-1:0.29: PEAK-System PCAN-USB X6 v121 fw v179.240.221 (2 channels)
[  931.833363][ T5824] Bluetooth: hci3: command 0x1003 tx timeout
[  931.839795][T13271] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  931.956922][  T112] peak_usb 6-1:0.29 can0: sending command failure: -22
[  932.357221][  T112] peak_usb 6-1:0.29 can0: sending command failure: -22
[  932.390409][  T112] peak_usb 6-1:0.29 can0: sending command failure: -22
[  933.224144][  T112] peak_usb 6-1:0.29: probe with driver peak_usb failed with error -22
[  933.494621][T18960] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3482'.
[  933.817210][  T112] usb 6-1: USB disconnect, device number 34
[  934.405269][T18976] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3484'.
[  934.444668][T18976] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3484'.
[  935.830676][T18986] tipc: Disabling bearer <udp:syz2>
[  936.632436][    T9] usb 2-1: new full-speed USB device number 61 using dummy_hcd
[  936.773239][ T5932] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  936.798865][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[  936.830422][    T9] usb 2-1: not running at top speed; connect to a high speed hub
[  936.966128][ T5932] usb 6-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  937.200641][ T5932] usb 6-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3
[  937.210752][ T5932] usb 6-1: Product: syz
[  937.215304][ T5932] usb 6-1: Manufacturer: syz
[  937.221007][    T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  937.231450][    T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  937.245945][ T5932] usb 6-1: SerialNumber: syz
[  937.260622][    T9] usb 2-1: string descriptor 0 read error: -22
[  937.267557][ T5932] usb 6-1: config 0 descriptor??
[  937.272571][    T9] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  937.283291][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  937.300355][ T5932] ch341 6-1:0.0: ch341-uart converter detected
[  937.315765][    T9] usb 2-1: 0:2 : does not exist
[  938.027675][T19019] netlink: 'syz.4.3497': attribute type 1 has an invalid length.
[  938.035779][T19019] netlink: 15334 bytes leftover after parsing attributes in process `syz.4.3497'.
[  938.123894][T19019] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3497'.
[  938.132957][T19019] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3497'.
[  938.142289][T19019] netlink: 'syz.4.3497': attribute type 14 has an invalid length.
[  938.261363][    T9] usb 2-1: 5:0: cannot get min/max values for control 2 (id 5)
[  938.283874][    T9] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5)
[  938.317372][    T9] usb 2-1: 5:0: failed to get current value for ch 1 (-22)
[  938.453023][    T9] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5)
[  938.464400][    T9] usb 2-1: USB disconnect, device number 61
[  938.583283][ T5939] usb 4-1: new full-speed USB device number 75 using dummy_hcd
[  938.888646][ T5932] ch341-uart ttyUSB0: failed to read break control: -71
[  938.897472][ T5932] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  938.991476][ T5932] usb 6-1: USB disconnect, device number 35
[  938.998970][ T5932] ch341 6-1:0.0: device disconnected
[  939.007691][ T5939] usb 4-1: config 0 has an invalid interface number: 29 but max is 0
[  939.016338][ T5939] usb 4-1: config 0 has no interface number 0
[  939.022441][ T5939] usb 4-1: config 0 interface 29 has no altsetting 0
[  939.089592][ T5939] usb 4-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  939.099344][ T5939] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  939.113205][ T5939] usb 4-1: Product: syz
[  939.117379][ T5939] usb 4-1: Manufacturer: syz
[  939.125090][ T5939] usb 4-1: SerialNumber: syz
[  939.131836][ T5939] usb 4-1: config 0 descriptor??
[  939.356072][ T5939] peak_usb 4-1:0.29: PEAK-System PCAN-USB X6 v121 fw v179.240.221 (2 channels)
[  939.815482][ T5939] peak_usb 4-1:0.29 can0: sending command failure: -22
[  939.862110][ T5939] peak_usb 4-1:0.29 can0: sending command failure: -22
[  939.873661][ T5939] peak_usb 4-1:0.29 can0: sending command failure: -22
[  940.108442][T19048] netlink: 'syz.1.3504': attribute type 21 has an invalid length.
[  940.116547][T19048] netlink: 156 bytes leftover after parsing attributes in process `syz.1.3504'.
[  940.152772][T19048] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3504'.
[  940.166267][ T5939] peak_usb 4-1:0.29: probe with driver peak_usb failed with error -22
[  940.495262][T19056] netlink: 'syz.5.3505': attribute type 1 has an invalid length.
[  940.503057][T19056] netlink: 15334 bytes leftover after parsing attributes in process `syz.5.3505'.
[  940.668552][T19045] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3503'.
[  941.121902][T19054] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3505'.
[  941.131004][T19054] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3505'.
[  941.139872][T19054] netlink: 'syz.5.3505': attribute type 14 has an invalid length.
[  941.334924][  T112] usb 4-1: USB disconnect, device number 75
[  941.765895][T19076] FAULT_INJECTION: forcing a failure.
[  941.765895][T19076] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  941.779419][T19076] CPU: 1 UID: 0 PID: 19076 Comm: syz.4.3512 Not tainted syzkaller #0 PREEMPT(full) 
[  941.779442][T19076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  941.779452][T19076] Call Trace:
[  941.779458][T19076]  <TASK>
[  941.779465][T19076]  dump_stack_lvl+0x16c/0x1f0
[  941.779496][T19076]  should_fail_ex+0x512/0x640
[  941.779520][T19076]  _copy_from_user+0x2e/0xd0
[  941.779544][T19076]  copy_msghdr_from_user+0x98/0x160
[  941.779568][T19076]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  941.779590][T19076]  ? rcu_is_watching+0x12/0xc0
[  941.779619][T19076]  ? __lock_acquire+0x622/0x1c90
[  941.779656][T19076]  ___sys_recvmsg+0xdb/0x1a0
[  941.779679][T19076]  ? __pfx____sys_recvmsg+0x10/0x10
[  941.779725][T19076]  __sys_recvmsg+0x16a/0x220
[  941.779749][T19076]  ? __pfx___sys_recvmsg+0x10/0x10
[  941.779789][T19076]  do_syscall_64+0xcd/0xfa0
[  941.779816][T19076]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  941.779833][T19076] RIP: 0033:0x7ff1c4b8efc9
[  941.779848][T19076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  941.779865][T19076] RSP: 002b:00007ff1c5a19038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  941.779881][T19076] RAX: ffffffffffffffda RBX: 00007ff1c4de6180 RCX: 00007ff1c4b8efc9
[  941.779893][T19076] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000008
[  941.779903][T19076] RBP: 00007ff1c5a19090 R08: 0000000000000000 R09: 0000000000000000
[  941.779913][T19076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  941.779923][T19076] R13: 00007ff1c4de6218 R14: 00007ff1c4de6180 R15: 00007ffe6ab134c8
[  941.779949][T19076]  </TASK>
[  942.977653][T19086] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3515'.
[  943.204807][T19090] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3513'.
[  943.774176][T19100] openvswitch: netlink: nsh attribute has 4 unknown bytes.
[  944.985937][T19119] netlink: 'syz.1.3524': attribute type 1 has an invalid length.
[  944.994090][T19119] netlink: 15334 bytes leftover after parsing attributes in process `syz.1.3524'.
[  945.123842][T19118] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3524'.
[  945.132822][T19118] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3524'.
[  945.141978][T19118] netlink: 'syz.1.3524': attribute type 14 has an invalid length.
[  945.173436][  T112] usb 7-1: new full-speed USB device number 17 using dummy_hcd
[  945.422774][  T112] usb 7-1: config 0 has an invalid interface number: 29 but max is 0
[  945.435394][  T112] usb 7-1: config 0 has no interface number 0
[  945.465264][  T112] usb 7-1: config 0 interface 29 has no altsetting 0
[  945.527430][  T112] usb 7-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  945.593998][  T112] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  945.682625][  T112] usb 7-1: Product: syz
[  945.692119][  T112] usb 7-1: Manufacturer: syz
[  945.712536][  T112] usb 7-1: SerialNumber: syz
[  945.744830][  T112] usb 7-1: config 0 descriptor??
[  945.928172][T19135] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3527'.
[  945.989010][T19137] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3527'.
[  946.011828][  T112] peak_usb 7-1:0.29: PEAK-System PCAN-USB X6 v121 fw v179.240.221 (2 channels)
[  946.173484][T19143] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3529'.
[  946.229958][  T112] peak_usb 7-1:0.29 can0: sending command failure: -22
[  946.238075][  T112] peak_usb 7-1:0.29 can0: sending command failure: -22
[  946.245113][  T112] peak_usb 7-1:0.29 can0: sending command failure: -22
[  946.329500][T19145] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3529'.
[  946.405242][  T112] peak_usb 7-1:0.29: probe with driver peak_usb failed with error -22
[  946.464416][    T9] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  946.623629][    T9] usb 6-1: Using ep0 maxpacket: 32
[  946.638516][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  946.743919][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  946.754269][    T9] usb 6-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  946.836182][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  946.896639][  T112] usb 4-1: new full-speed USB device number 76 using dummy_hcd
[  946.919936][    T9] usb 6-1: config 0 descriptor??
[  947.127382][  T112] usb 4-1: config 0 has an invalid interface number: 29 but max is 0
[  947.139264][  T112] usb 4-1: config 0 has no interface number 0
[  947.149556][  T112] usb 4-1: config 0 interface 29 has no altsetting 0
[  947.164800][  T112] usb 4-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  947.179418][  T112] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  947.188555][  T112] usb 4-1: Product: syz
[  947.192838][  T112] usb 4-1: Manufacturer: syz
[  947.202452][  T112] usb 4-1: SerialNumber: syz
[  947.209755][  T112] usb 4-1: config 0 descriptor??
[  947.350482][    T9] ft260 0003:0403:6030.000F: unknown main item tag 0x7
[  947.529585][  T112] peak_usb 4-1:0.29: PEAK-System PCAN-USB X6 v121 fw v179.0.0 (2 channels)
[  947.548623][    T9] ft260 0003:0403:6030.000F: chip code: 6424 8183
[  947.606937][ T5857] usb 7-1: USB disconnect, device number 17
[  947.721444][  T112] peak_usb 4-1:0.29 can0: sending command failure: -8
[  947.728859][  T112] peak_usb 4-1:0.29 can0: sending command failure: -8
[  947.738243][  T112] peak_usb 4-1:0.29 can0: sending command failure: -8
[  947.749276][    T9] ft260 0003:0403:6030.000F: failed to retrieve system status
[  947.757474][    T9] ft260 0003:0403:6030.000F: probe with driver ft260 failed with error -5
[  947.924490][  T112] peak_usb 4-1:0.29: probe with driver peak_usb failed with error -8
[  947.936198][  T112] usb 4-1: USB disconnect, device number 76
[  948.918784][T19164] netlink: 16186 bytes leftover after parsing attributes in process `syz.6.3535'.
[  949.139372][T19169] FAULT_INJECTION: forcing a failure.
[  949.139372][T19169] name failslab, interval 1, probability 0, space 0, times 0
[  949.152165][T19169] CPU: 1 UID: 0 PID: 19169 Comm: syz.4.3536 Not tainted syzkaller #0 PREEMPT(full) 
[  949.152190][T19169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  949.152202][T19169] Call Trace:
[  949.152208][T19169]  <TASK>
[  949.152215][T19169]  dump_stack_lvl+0x16c/0x1f0
[  949.152246][T19169]  should_fail_ex+0x512/0x640
[  949.152266][T19169]  ? fs_reclaim_acquire+0xae/0x150
[  949.152289][T19169]  should_failslab+0xc2/0x120
[  949.152310][T19169]  __kmalloc_noprof+0xdd/0x880
[  949.152333][T19169]  ? __schedule+0x11a3/0x5de0
[  949.152357][T19169]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  949.152384][T19169]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  949.152409][T19169]  tomoyo_realpath_from_path+0xc2/0x6e0
[  949.152433][T19169]  ? tomoyo_profile+0x47/0x60
[  949.152458][T19169]  tomoyo_path_number_perm+0x245/0x580
[  949.152485][T19169]  ? tomoyo_path_number_perm+0x237/0x580
[  949.152514][T19169]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  949.152552][T19169]  ? rcu_is_watching+0x12/0xc0
[  949.152590][T19169]  ? __sanitizer_cov_trace_pc+0x8/0x70
[  949.152615][T19169]  ? hook_file_ioctl_common+0x145/0x410
[  949.152645][T19169]  ? __fget_files+0x20e/0x3c0
[  949.152668][T19169]  security_file_ioctl+0x9b/0x240
[  949.152690][T19169]  __x64_sys_ioctl+0xb7/0x210
[  949.152717][T19169]  do_syscall_64+0xcd/0xfa0
[  949.152744][T19169]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  949.152762][T19169] RIP: 0033:0x7ff1c4b8efc9
[  949.152779][T19169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  949.152796][T19169] RSP: 002b:00007ff1c5a19038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  949.152814][T19169] RAX: ffffffffffffffda RBX: 00007ff1c4de6180 RCX: 00007ff1c4b8efc9
[  949.152826][T19169] RDX: 0000200000000340 RSI: 00000000c06864ce RDI: 0000000000000004
[  949.152837][T19169] RBP: 00007ff1c5a19090 R08: 0000000000000000 R09: 0000000000000000
[  949.152848][T19169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  949.152859][T19169] R13: 00007ff1c4de6218 R14: 00007ff1c4de6180 R15: 00007ffe6ab134c8
[  949.152885][T19169]  </TASK>
[  949.152908][T19169] ERROR: Out of memory at tomoyo_realpath_from_path.
[  949.412202][T19171] netlink: 'syz.1.3538': attribute type 21 has an invalid length.
[  949.424758][T19171] netlink: 156 bytes leftover after parsing attributes in process `syz.1.3538'.
[  949.434952][T19171] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3538'.
[  949.829657][T11574] usb 6-1: USB disconnect, device number 36
[  950.094746][T19187] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3541'.
[  952.471215][ T5857] usb 6-1: new full-speed USB device number 37 using dummy_hcd
[  952.831930][T19216] tipc: Enabled bearer <udp:syz2>, priority 10
[  953.524510][ T5857] usb 6-1: config 0 has an invalid interface number: 29 but max is 0
[  953.532945][ T5857] usb 6-1: config 0 has no interface number 0
[  953.539635][ T5857] usb 6-1: config 0 interface 29 has no altsetting 0
[  953.616176][ T5857] usb 6-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  953.625823][ T5857] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  953.635897][ T5857] usb 6-1: Product: syz
[  953.644051][ T5857] usb 6-1: Manufacturer: syz
[  953.656923][ T5857] usb 6-1: SerialNumber: syz
[  953.667416][T19229] netlink: 'syz.3.3551': attribute type 21 has an invalid length.
[  953.678781][T19229] netlink: 156 bytes leftover after parsing attributes in process `syz.3.3551'.
[  953.784968][T19229] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3551'.
[  953.794801][ T5857] usb 6-1: config 0 descriptor??
[  954.019379][ T5857] peak_usb 6-1:0.29: PEAK-System PCAN-USB X6 v121 fw v179.240.221 (2 channels)
[  954.231569][ T5857] peak_usb 6-1:0.29 can0: sending command failure: -22
[  954.239032][ T5857] peak_usb 6-1:0.29 can0: sending command failure: -22
[  954.253601][ T5857] peak_usb 6-1:0.29 can0: sending command failure: -22
[  954.439919][ T5857] peak_usb 6-1:0.29: probe with driver peak_usb failed with error -22
[  954.463605][  T112] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[  955.113225][  T112] usb 4-1: Using ep0 maxpacket: 8
[  955.119901][  T112] usb 4-1: config 0 has an invalid interface number: 186 but max is 0
[  955.125906][T19242] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3555'.
[  955.148809][  T112] usb 4-1: config 0 has no interface number 0
[  955.209777][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  955.209793][   T30] audit: type=1326 audit(1762064803.176:1595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19241 comm="syz.4.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1c4b8efc9 code=0x7ffc0000
[  955.255444][  T112] usb 4-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  955.304790][  T112] usb 4-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  955.334143][  T112] usb 4-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  955.404756][  T112] usb 4-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  955.445312][  T112] usb 4-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  955.457011][   T30] audit: type=1326 audit(1762064803.176:1596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19241 comm="syz.4.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=194 compat=0 ip=0x7ff1c4b8efc9 code=0x7ffc0000
[  955.457854][  T112] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  955.498976][  T112] usb 4-1: Product: syz
[  955.613449][  T112] usb 4-1: Manufacturer: syz
[  955.618178][  T112] usb 4-1: SerialNumber: syz
[  955.625002][   T30] audit: type=1326 audit(1762064803.176:1597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19241 comm="syz.4.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1c4b8efc9 code=0x7ffc0000
[  955.648874][   T30] audit: type=1326 audit(1762064803.176:1598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19241 comm="syz.4.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7ff1c4b8efc9 code=0x7ffc0000
[  956.180389][   T30] audit: type=1326 audit(1762064803.176:1599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19241 comm="syz.4.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1c4b8efc9 code=0x7ffc0000
[  956.205042][   T30] audit: type=1326 audit(1762064803.176:1600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19241 comm="syz.4.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7ff1c4b8efc9 code=0x7ffc0000
[  956.229924][  T112] usb 4-1: config 0 descriptor??
[  956.235394][   T30] audit: type=1326 audit(1762064803.176:1601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19241 comm="syz.4.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1c4b8efc9 code=0x7ffc0000
[  956.261946][   T30] audit: type=1326 audit(1762064803.186:1602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19241 comm="syz.4.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff1c4b8d810 code=0x7ffc0000
[  956.286708][   T30] audit: type=1326 audit(1762064803.186:1603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19241 comm="syz.4.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7ff1c4b907f7 code=0x7ffc0000
[  956.310961][   T30] audit: type=1326 audit(1762064803.186:1604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19241 comm="syz.4.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff1c4b8efc9 code=0x7ffc0000
[  956.865261][  T112] iowarrior 4-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0
[  957.913235][  T112] usb 4-1: USB disconnect, device number 77
[  958.667876][  T112] usb 6-1: USB disconnect, device number 37
[  958.904854][T19280] netlink: 'syz.4.3564': attribute type 1 has an invalid length.
[  958.912631][T19280] netlink: 'syz.4.3564': attribute type 4 has an invalid length.
[  958.920476][T19280] netlink: 15334 bytes leftover after parsing attributes in process `syz.4.3564'.
[  958.996996][T19280] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3564'.
[  959.005987][T19280] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3564'.
[  959.015085][T19280] netlink: 'syz.4.3564': attribute type 14 has an invalid length.
[  959.173611][ T5932] usb 7-1: new full-speed USB device number 18 using dummy_hcd
[  959.369227][ T5932] usb 7-1: config 0 has an invalid interface number: 29 but max is 0
[  959.380528][ T5932] usb 7-1: config 0 has no interface number 0
[  959.398247][ T5932] usb 7-1: config 0 interface 29 has no altsetting 0
[  959.410284][ T5932] usb 7-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  959.532488][ T5932] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  959.550950][ T5932] usb 7-1: Product: syz
[  959.558598][T19296] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3570'.
[  959.569567][ T5932] usb 7-1: Manufacturer: syz
[  959.578122][ T5932] usb 7-1: SerialNumber: syz
[  959.596420][ T5932] usb 7-1: config 0 descriptor??
[  959.807769][ T5932] peak_usb 7-1:0.29: PEAK-System PCAN-USB X6 v0 fw v0.0.0 (2 channels)
[  960.143730][ T5932] peak_usb 7-1:0.29 can0: sending command failure: -22
[  960.150797][ T5932] peak_usb 7-1:0.29 can0: sending command failure: -22
[  960.157748][ T5932] peak_usb 7-1:0.29 can0: sending command failure: -22
[  960.229463][ T5932] peak_usb 7-1:0.29: probe with driver peak_usb failed with error -22
[  960.244879][ T5932] usb 7-1: USB disconnect, device number 18
[  960.249641][T19302] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.3573'.
[  961.982476][T19324] FAULT_INJECTION: forcing a failure.
[  961.982476][T19324] name failslab, interval 1, probability 0, space 0, times 0
[  962.013593][T19324] CPU: 1 UID: 0 PID: 19324 Comm: syz.6.3578 Not tainted syzkaller #0 PREEMPT(full) 
[  962.013612][T19324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  962.013620][T19324] Call Trace:
[  962.013624][T19324]  <TASK>
[  962.013629][T19324]  dump_stack_lvl+0x16c/0x1f0
[  962.013650][T19324]  should_fail_ex+0x512/0x640
[  962.013663][T19324]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  962.013679][T19324]  should_failslab+0xc2/0x120
[  962.013692][T19324]  kmem_cache_alloc_noprof+0x75/0x6e0
[  962.013708][T19324]  ? skb_clone+0x190/0x3f0
[  962.013726][T19324]  ? skb_clone+0x190/0x3f0
[  962.013738][T19324]  skb_clone+0x190/0x3f0
[  962.013753][T19324]  netlink_deliver_tap+0xabd/0xd30
[  962.013771][T19324]  netlink_unicast+0x64c/0x870
[  962.013789][T19324]  ? __pfx_netlink_unicast+0x10/0x10
[  962.013810][T19324]  netlink_sendmsg+0x8c8/0xdd0
[  962.013827][T19324]  ? __pfx_netlink_sendmsg+0x10/0x10
[  962.013848][T19324]  ____sys_sendmsg+0xa98/0xc70
[  962.013859][T19324]  ? copy_msghdr_from_user+0x10a/0x160
[  962.013874][T19324]  ? __pfx_____sys_sendmsg+0x10/0x10
[  962.013890][T19324]  ___sys_sendmsg+0x134/0x1d0
[  962.013909][T19324]  ? __pfx____sys_sendmsg+0x10/0x10
[  962.013922][T19324]  ? __lock_acquire+0x622/0x1c90
[  962.013956][T19324]  __sys_sendmsg+0x16d/0x220
[  962.013971][T19324]  ? __pfx___sys_sendmsg+0x10/0x10
[  962.013994][T19324]  do_syscall_64+0xcd/0xfa0
[  962.014011][T19324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  962.014023][T19324] RIP: 0033:0x7f61bd58efc9
[  962.014032][T19324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  962.014043][T19324] RSP: 002b:00007f61be490038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  962.014056][T19324] RAX: ffffffffffffffda RBX: 00007f61bd7e5fa0 RCX: 00007f61bd58efc9
[  962.014063][T19324] RDX: 0000000020040040 RSI: 00002000000000c0 RDI: 0000000000000003
[  962.014069][T19324] RBP: 00007f61be490090 R08: 0000000000000000 R09: 0000000000000000
[  962.014076][T19324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  962.014082][T19324] R13: 00007f61bd7e6038 R14: 00007f61bd7e5fa0 R15: 00007ffecd489d48
[  962.014099][T19324]  </TASK>
[  962.373420][  T112] usb 2-1: new full-speed USB device number 62 using dummy_hcd
[  962.579715][  T112] usb 2-1: config 0 has an invalid interface number: 29 but max is 0
[  962.591489][  T112] usb 2-1: config 0 has no interface number 0
[  962.598573][  T112] usb 2-1: config 0 interface 29 has no altsetting 0
[  962.619566][  T112] usb 2-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  962.648074][  T112] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  962.656833][  T112] usb 2-1: Product: syz
[  962.661174][  T112] usb 2-1: Manufacturer: syz
[  962.667834][  T112] usb 2-1: SerialNumber: syz
[  962.675761][  T112] usb 2-1: config 0 descriptor??
[  964.009957][  T112] peak_usb 2-1:0.29: PEAK-System PCAN-USB X6 v121 fw v179.240.221 (2 channels)
[  964.231572][  T112] peak_usb 2-1:0.29 can0: sending command failure: -22
[  964.270891][  T112] peak_usb 2-1:0.29 can0: sending command failure: -22
[  964.278835][  T112] peak_usb 2-1:0.29 can0: sending command failure: -22
[  964.354365][  T112] peak_usb 2-1:0.29: probe with driver peak_usb failed with error -22
[  964.412976][T19349] siw: device registration error -23
[  964.526023][T19351] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3585'.
[  964.611105][T19354] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3585'.
[  965.281237][T19360] binder: 19356:19360 ioctl c0306201 200000000640 returned -22
[  965.289946][T19360] binder: 19356:19360 ioctl 80045113 200000000000 returned -22
[  966.013952][T19362] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  966.373193][ T5932] usb 2-1: USB disconnect, device number 62
[  966.579133][T19373] siw: device registration error -23
[  968.323993][T19385] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3592'.
[  968.425911][T19388] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3592'.
[  968.884530][T19394] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3594'.
[  969.369515][T19404] fuse: Bad value for 'rootmode'
[  969.591781][T19411] FAULT_INJECTION: forcing a failure.
[  969.591781][T19411] name failslab, interval 1, probability 0, space 0, times 0
[  969.605463][T19411] CPU: 1 UID: 0 PID: 19411 Comm: syz.6.3598 Not tainted syzkaller #0 PREEMPT(full) 
[  969.605488][T19411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  969.605500][T19411] Call Trace:
[  969.605506][T19411]  <TASK>
[  969.605513][T19411]  dump_stack_lvl+0x16c/0x1f0
[  969.605546][T19411]  should_fail_ex+0x512/0x640
[  969.605567][T19411]  ? __kmalloc_cache_noprof+0x5f/0x780
[  969.605595][T19411]  should_failslab+0xc2/0x120
[  969.605616][T19411]  __kmalloc_cache_noprof+0x72/0x780
[  969.605640][T19411]  ? rcu_is_watching+0x12/0xc0
[  969.605661][T19411]  ? __request_module+0x2ad/0x690
[  969.605680][T19411]  ? lockdep_hardirqs_on+0x7c/0x110
[  969.605709][T19411]  ? __request_module+0x2ad/0x690
[  969.605727][T19411]  __request_module+0x2ad/0x690
[  969.605746][T19411]  ? __pfx___request_module+0x10/0x10
[  969.605777][T19411]  ? rcu_is_watching+0x12/0xc0
[  969.605799][T19411]  ? lockdep_hardirqs_on+0x7c/0x110
[  969.605829][T19411]  netlink_create+0x226/0x620
[  969.605857][T19411]  __sock_create+0x338/0x8d0
[  969.605880][T19411]  __sys_socket+0x14d/0x260
[  969.605898][T19411]  ? __pfx___sys_socket+0x10/0x10
[  969.605913][T19411]  ? ksys_write+0x1ac/0x250
[  969.605938][T19411]  __x64_sys_socket+0x72/0xb0
[  969.605954][T19411]  ? lockdep_hardirqs_on+0x7c/0x110
[  969.605979][T19411]  do_syscall_64+0xcd/0xfa0
[  969.606006][T19411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  969.606024][T19411] RIP: 0033:0x7f61bd58efc9
[  969.606038][T19411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  969.606056][T19411] RSP: 002b:00007f61be44e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  969.606074][T19411] RAX: ffffffffffffffda RBX: 00007f61bd7e6180 RCX: 00007f61bd58efc9
[  969.606085][T19411] RDX: 000000000000000e RSI: 0000000000000003 RDI: 0000000000000010
[  969.606095][T19411] RBP: 00007f61be44e090 R08: 0000000000000000 R09: 0000000000000000
[  969.606105][T19411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  969.606116][T19411] R13: 00007f61bd7e6218 R14: 00007f61bd7e6180 R15: 00007ffecd489d48
[  969.606142][T19411]  </TASK>
[  971.259192][T19428] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3603'.
[  971.623442][T19424] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3604'.
[  971.828554][T19432] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3603'.
[  972.398685][T19445] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3607'.
[  973.663312][ T5932] usb 4-1: new full-speed USB device number 78 using dummy_hcd
[  973.825647][ T5932] usb 4-1: config 0 has an invalid interface number: 29 but max is 0
[  973.835681][ T5932] usb 4-1: config 0 has no interface number 0
[  974.448255][ T5932] usb 4-1: config 0 interface 29 has no altsetting 0
[  974.457337][ T5932] usb 4-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  974.467634][ T5932] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  974.476104][ T5932] usb 4-1: Product: syz
[  974.480300][ T5932] usb 4-1: Manufacturer: syz
[  974.484964][ T5932] usb 4-1: SerialNumber: syz
[  974.492860][ T5932] usb 4-1: config 0 descriptor??
[  974.758065][T19478] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3616'.
[  974.767203][T19478] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3616'.
[  974.776409][T19478] netlink: 'syz.1.3616': attribute type 14 has an invalid length.
[  974.889222][ T5932] peak_usb 4-1:0.29: PEAK-System PCAN-USB X6 v0 fw v0.0.0 (2 channels)
[  975.534102][ T5932] peak_usb 4-1:0.29 can0: sending command failure: -22
[  975.541532][ T5932] peak_usb 4-1:0.29 can0: sending command failure: -22
[  975.551793][ T5932] peak_usb 4-1:0.29 can0: sending command failure: -22
[  975.979678][ T5932] peak_usb 4-1:0.29: probe with driver peak_usb failed with error -22
[  976.036026][ T5932] usb 4-1: USB disconnect, device number 78
[  976.296523][T19502] siw: device registration error -23
[  976.746295][   T30] kauditd_printk_skb: 22 callbacks suppressed
[  976.746313][   T30] audit: type=1400 audit(1762064824.796:1627): avc:  denied  { write } for  pid=19504 comm="syz.1.3623" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  977.740288][   T30] audit: type=1400 audit(1762064825.786:1628): avc:  denied  { checkpoint_restore } for  pid=19515 comm="syz.4.3626" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  977.990573][ T5857] usb 2-1: new full-speed USB device number 63 using dummy_hcd
[  978.721590][ T5857] usb 2-1: config 0 has an invalid interface number: 29 but max is 0
[  978.729917][ T5857] usb 2-1: config 0 has no interface number 0
[  978.740940][ T5857] usb 2-1: config 0 interface 29 has no altsetting 0
[  978.812838][ T5857] usb 2-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  978.822934][ T5857] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  978.844869][ T5857] usb 2-1: Product: syz
[  978.852172][ T5857] usb 2-1: Manufacturer: syz
[  978.857458][ T5857] usb 2-1: SerialNumber: syz
[  978.865028][ T5857] usb 2-1: config 0 descriptor??
[  979.082834][ T5857] peak_usb 2-1:0.29: PEAK-System PCAN-USB X6 v121 fw v179.240.221 (2 channels)
[  979.659103][ T5857] peak_usb 2-1:0.29 can0: sending command failure: -22
[  979.667659][ T5857] peak_usb 2-1:0.29 can0: sending command failure: -22
[  979.838047][ T5857] peak_usb 2-1:0.29 can0: sending command failure: -22
[  980.073859][ T5857] peak_usb 2-1:0.29: probe with driver peak_usb failed with error -22
[  982.537105][ T5932] usb 2-1: USB disconnect, device number 63
[  983.103400][ T5932] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[  983.433521][ T5932] usb 2-1: Using ep0 maxpacket: 32
[  983.441790][ T5932] usb 2-1: config 9 has an invalid interface number: 37 but max is 0
[  983.455999][ T5932] usb 2-1: config 9 has no interface number 0
[  983.472489][ T5932] usb 2-1: config 9 interface 37 has no altsetting 0
[  983.484586][ T5932] usb 2-1: New USB device found, idVendor=0734, idProduct=043b, bcdDevice=d8.00
[  983.503251][ T5932] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  983.531603][ T5932] usb 2-1: Product: syz
[  983.682676][ T5932] usb 2-1: Manufacturer: syz
[  983.690873][ T5932] usb 2-1: SerialNumber: syz
[  984.684621][ T5932] gspca_main: spca506-2.14.0 probing 0734:043b
[  985.059798][ T5932] usb 2-1: USB disconnect, device number 64
[  986.341266][T19636] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3653'.
[  986.716302][   T30] audit: type=1400 audit(1762064834.776:1629): avc:  denied  { write } for  pid=19643 comm="syz.4.3654" lport=45062 faddr=::ffff:172.20.255.187 fport=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  986.832067][T19646] netlink: 9 bytes leftover after parsing attributes in process `syz.5.3653'.
[  986.924590][ T5857] usb 2-1: new full-speed USB device number 65 using dummy_hcd
[  987.784672][T19647] netlink: 5 bytes leftover after parsing attributes in process `syz.5.3653'.
[  987.815655][T19646] gretap0: entered promiscuous mode
[  987.826744][T19647] 0ªî{X¹¦: renamed from gretap0
[  987.850748][T19647] 0ªî{X¹¦: left promiscuous mode
[  987.865021][T19647] 0ªî{X¹¦: entered allmulticast mode
[  987.895195][T19647] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  988.000250][ T5857] usb 2-1: config 0 has an invalid interface number: 29 but max is 0
[  988.077542][ T5857] usb 2-1: config 0 has no interface number 0
[  988.095268][T19656] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3657'.
[  988.162880][ T5857] usb 2-1: config 0 interface 29 has no altsetting 0
[  988.238229][T19657] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3657'.
[  988.322011][ T5857] usb 2-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  988.347323][ T5857] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  988.358023][ T5857] usb 2-1: Product: syz
[  988.362794][ T5857] usb 2-1: Manufacturer: syz
[  988.368186][ T5857] usb 2-1: SerialNumber: syz
[  988.393870][ T5857] usb 2-1: config 0 descriptor??
[  988.673527][ T5857] peak_usb 2-1:0.29: PEAK-System PCAN-USB X6 v121 fw v179.240.221 (2 channels)
[  988.948672][ T5857] peak_usb 2-1:0.29 can0: sending command failure: -22
[  990.029115][ T5857] peak_usb 2-1:0.29 can0: sending command failure: -22
[  990.036265][ T5857] peak_usb 2-1:0.29 can0: sending command failure: -22
[  990.387868][ T5857] peak_usb 2-1:0.29: probe with driver peak_usb failed with error -22
[  992.546404][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  994.065650][ T5932] usb 2-1: USB disconnect, device number 65
[  994.876382][ T5932] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  995.613243][ T5932] usb 7-1: Using ep0 maxpacket: 32
[  995.637967][ T5932] usb 7-1: config 0 has an invalid interface number: 67 but max is 0
[  995.985573][ T5932] usb 7-1: config 0 has no interface number 0
[  996.035634][ T5932] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  996.051636][ T5932] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  996.087211][ T5932] usb 7-1: Product: syz
[  996.111713][ T5932] usb 7-1: Manufacturer: syz
[  996.136479][ T5932] usb 7-1: SerialNumber: syz
[  996.164991][ T5932] usb 7-1: config 0 descriptor??
[  996.182832][ T5932] smsc95xx v2.0.0
[  996.668777][ T5857] kernel read not supported for file /vcs (pid: 5857 comm: kworker/1:4)
[  997.113372][ T5932] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  997.138772][ T5932] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  999.128513][ T5932] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000038: -71
[  999.153056][ T5932] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -71
[  999.240539][T19777] netlink: 16162 bytes leftover after parsing attributes in process `syz.1.3685'.
[  999.251154][ T5932] usb 7-1: USB disconnect, device number 19
[ 1000.574010][T19795] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3690'.
[ 1001.363264][ T5932] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[ 1001.523524][ T5932] usb 7-1: Using ep0 maxpacket: 8
[ 1001.534721][ T5932] usb 7-1: config 0 has an invalid interface number: 186 but max is 0
[ 1001.573577][ T5932] usb 7-1: config 0 has no interface number 0
[ 1001.631042][T19815] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3696'.
[ 1001.676534][ T5932] usb 7-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1001.854122][ T5932] usb 7-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[ 1001.867778][T19820] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3696'.
[ 1002.494255][ T5932] usb 7-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[ 1002.668991][T19833] sctp: [Deprecated]: syz.5.3700 (pid 19833) Use of int in max_burst socket option.
[ 1002.668991][T19833] Use struct sctp_assoc_value instead
[ 1002.697487][T19833] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3700'.
[ 1002.718602][ T5932] usb 7-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[ 1002.753669][T19833] macvlan2: entered promiscuous mode
[ 1002.762198][T19833] macvlan2: entered allmulticast mode
[ 1002.776221][T19833] bond1: entered promiscuous mode
[ 1002.787557][T19833] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1002.810903][T19833] bond1: left promiscuous mode
[ 1002.859943][ T5932] usb 7-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[ 1002.942210][ T5932] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1002.964853][ T5932] usb 7-1: Product: syz
[ 1002.982839][ T5932] usb 7-1: Manufacturer: syz
[ 1003.015472][ T5932] usb 7-1: SerialNumber: syz
[ 1003.075233][ T5932] usb 7-1: config 0 descriptor??
[ 1003.300055][ T5932] iowarrior 7-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0
[ 1003.383460][ T5932] usb 7-1: USB disconnect, device number 20
[ 1003.413369][ T5857] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[ 1003.583561][ T5857] usb 6-1: Using ep0 maxpacket: 16
[ 1003.595218][ T5857] usb 6-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[ 1003.616983][ T5857] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1003.717628][    T9] usb 4-1: new full-speed USB device number 79 using dummy_hcd
[ 1003.735165][ T5857] usb 6-1: Product: syz
[ 1003.745217][ T5857] usb 6-1: Manufacturer: syz
[ 1003.754583][ T5857] usb 6-1: SerialNumber: syz
[ 1003.767336][ T5857] usb 6-1: config 0 descriptor??
[ 1004.355813][    T9] usb 4-1: config 0 has an invalid interface number: 29 but max is 0
[ 1004.369255][    T9] usb 4-1: config 0 has no interface number 0
[ 1004.376371][    T9] usb 4-1: config 0 interface 29 has no altsetting 0
[ 1004.386452][    T9] usb 4-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[ 1004.396422][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1004.404622][    T9] usb 4-1: Product: syz
[ 1004.409007][    T9] usb 4-1: Manufacturer: syz
[ 1004.415940][    T9] usb 4-1: SerialNumber: syz
[ 1004.422742][    T9] usb 4-1: config 0 descriptor??
[ 1004.542240][ T5857] dvb_usb_dtv5100 6-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -71
[ 1004.580149][ T5857] usb 6-1: USB disconnect, device number 38
[ 1004.586424][ T5932] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[ 1004.634454][    T9] peak_usb 4-1:0.29: PEAK-System PCAN-USB X6 v121 fw v179.0.0 (2 channels)
[ 1004.743263][ T5932] usb 7-1: Using ep0 maxpacket: 32
[ 1004.755065][ T5932] usb 7-1: config 0 has an invalid interface number: 85 but max is 0
[ 1004.773244][ T5932] usb 7-1: config 0 has no interface number 0
[ 1004.789756][ T5932] usb 7-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1004.812055][ T5932] usb 7-1: config 0 interface 85 has no altsetting 0
[ 1004.855701][    T9] peak_usb 4-1:0.29 can0: sending command failure: -8
[ 1004.870644][ T5932] usb 7-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1004.882174][    T9] peak_usb 4-1:0.29 can0: sending command failure: -8
[ 1004.889886][ T5932] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1004.898167][    T9] peak_usb 4-1:0.29 can0: sending command failure: -8
[ 1005.451087][ T5932] usb 7-1: Product: syz
[ 1005.457767][ T5932] usb 7-1: Manufacturer: syz
[ 1005.466578][ T5932] usb 7-1: SerialNumber: syz
[ 1005.480253][ T5932] usb 7-1: config 0 descriptor??
[ 1005.488938][    T9] peak_usb 4-1:0.29: probe with driver peak_usb failed with error -8
[ 1005.508729][    T9] usb 4-1: USB disconnect, device number 79
[ 1005.814284][T19849] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1005.852576][T19849] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1006.636208][ T5932] appletouch 7-1:0.85: Failed to read mode from device.
[ 1006.693365][ T5932] appletouch 7-1:0.85: probe with driver appletouch failed with error -5
[ 1006.735832][ T5932] usb 7-1: USB disconnect, device number 21
[ 1006.863300][ T5857] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[ 1007.035547][ T5857] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1007.062162][ T5857] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1007.089007][ T5857] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1007.119843][ T5857] usb 2-1: config 0 descriptor??
[ 1007.139612][ T5857] pwc: Askey VC010 type 2 USB webcam detected.
[ 1007.818495][ T5857] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1007.850713][ T5857] pwc: recv_control_msg error -32 req 02 val 2700
[ 1007.910807][ T5857] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1007.925852][ T5857] pwc: recv_control_msg error -32 req 04 val 1000
[ 1007.932830][   T30] audit: type=1400 audit(1762064855.986:1630): avc:  denied  { lock } for  pid=19869 comm="syz.1.3711" path="socket:[86862]" dev="sockfs" ino=86862 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[ 1007.986791][   T30] audit: type=1400 audit(1762064856.046:1631): avc:  denied  { unmount } for  pid=11346 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 1008.117911][ T5857] pwc: recv_control_msg error -71 req 04 val 1300
[ 1008.250571][T19892] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3716'.
[ 1008.398777][ T5857] pwc: recv_control_msg error -71 req 04 val 1400
[ 1008.411430][ T5857] pwc: recv_control_msg error -71 req 02 val 2000
[ 1008.426518][ T5857] pwc: recv_control_msg error -71 req 02 val 2100
[ 1008.435936][ T5857] pwc: recv_control_msg error -71 req 04 val 1500
[ 1008.442797][ T5857] pwc: recv_control_msg error -71 req 02 val 2500
[ 1008.456913][ T5857] pwc: recv_control_msg error -71 req 02 val 2400
[ 1008.466234][ T5857] pwc: recv_control_msg error -71 req 02 val 2600
[ 1008.479198][ T5857] pwc: recv_control_msg error -71 req 02 val 2900
[ 1008.493905][ T5857] pwc: recv_control_msg error -71 req 02 val 2800
[ 1008.515380][ T5857] pwc: recv_control_msg error -71 req 04 val 1100
[ 1008.532648][ T5857] pwc: recv_control_msg error -71 req 04 val 1200
[ 1008.553221][ T5857] pwc: Registered as video103.
[ 1008.558793][ T5857] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input42
[ 1008.600082][ T5857] usb 2-1: USB disconnect, device number 66
[ 1009.596225][T19905] FAULT_INJECTION: forcing a failure.
[ 1009.596225][T19905] name failslab, interval 1, probability 0, space 0, times 0
[ 1009.610185][T19905] CPU: 1 UID: 0 PID: 19905 Comm: syz.3.3721 Not tainted syzkaller #0 PREEMPT(full) 
[ 1009.610210][T19905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1009.610221][T19905] Call Trace:
[ 1009.610227][T19905]  <TASK>
[ 1009.610235][T19905]  dump_stack_lvl+0x16c/0x1f0
[ 1009.610268][T19905]  should_fail_ex+0x512/0x640
[ 1009.610287][T19905]  ? __kmalloc_cache_noprof+0x5f/0x780
[ 1009.610313][T19905]  should_failslab+0xc2/0x120
[ 1009.610332][T19905]  __kmalloc_cache_noprof+0x72/0x780
[ 1009.610354][T19905]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1009.610383][T19905]  ? get_mountpoint+0x166/0x4d0
[ 1009.610412][T19905]  ? get_mountpoint+0x166/0x4d0
[ 1009.610434][T19905]  get_mountpoint+0x166/0x4d0
[ 1009.610458][T19905]  do_lock_mount.part.0+0x323/0xa80
[ 1009.610480][T19905]  ? inode_has_perm+0x16f/0x1d0
[ 1009.610508][T19905]  do_move_mount.isra.0+0x205/0xf80
[ 1009.610532][T19905]  ? __pfx_do_move_mount.isra.0+0x10/0x10
[ 1009.610557][T19905]  ? getname_flags.part.0+0x1c5/0x550
[ 1009.610591][T19905]  __do_sys_move_mount+0x3e0/0x830
[ 1009.610614][T19905]  ? __pfx___do_sys_move_mount+0x10/0x10
[ 1009.610632][T19905]  ? ksys_write+0x1ac/0x250
[ 1009.610648][T19905]  ? __pfx_ksys_write+0x10/0x10
[ 1009.610678][T19905]  do_syscall_64+0xcd/0xfa0
[ 1009.610709][T19905]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1009.610726][T19905] RIP: 0033:0x7f2a0318efc9
[ 1009.610741][T19905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1009.610758][T19905] RSP: 002b:00007f2a040cb038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ad
[ 1009.610776][T19905] RAX: ffffffffffffffda RBX: 00007f2a033e5fa0 RCX: 00007f2a0318efc9
[ 1009.610788][T19905] RDX: ffffffffffffff9c RSI: 0000200000000140 RDI: 0000000000000004
[ 1009.610799][T19905] RBP: 00007f2a040cb090 R08: 0000000000000000 R09: 0000000000000000
[ 1009.610810][T19905] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001
[ 1009.610820][T19905] R13: 00007f2a033e6038 R14: 00007f2a033e5fa0 R15: 00007ffd4f9df8b8
[ 1009.610848][T19905]  </TASK>
[ 1009.927678][T19907] overlay: ./file0 is not a directory
[ 1010.255847][   T30] audit: type=1400 audit(1762064857.936:1632): avc:  denied  { mounton } for  pid=19901 comm="syz.1.3720" path="/syzcgroup/net/syz1/cgroup.procs" dev="cgroup" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=file permissive=1
[ 1011.093469][ T5857] usb 2-1: new full-speed USB device number 67 using dummy_hcd
[ 1011.173839][T12529] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1011.304714][ T5857] usb 2-1: config 0 has an invalid interface number: 29 but max is 0
[ 1011.322741][ T5857] usb 2-1: config 0 has no interface number 0
[ 1011.329690][ T5857] usb 2-1: config 0 interface 29 has no altsetting 0
[ 1011.355987][  T112] usb 6-1: new full-speed USB device number 39 using dummy_hcd
[ 1011.786084][T12529] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1011.797283][ T5857] usb 2-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[ 1011.821970][ T5857] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1011.830791][ T5857] usb 2-1: Product: syz
[ 1011.835531][ T5857] usb 2-1: Manufacturer: syz
[ 1011.840221][ T5857] usb 2-1: SerialNumber: syz
[ 1011.847287][ T5857] usb 2-1: config 0 descriptor??
[ 1011.874217][T12529] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1011.944232][T12529] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1011.965173][  T112] usb 6-1: config 0 has an invalid interface number: 221 but max is 0
[ 1011.974967][  T112] usb 6-1: config 0 has no interface number 0
[ 1011.981115][  T112] usb 6-1: config 0 interface 221 has no altsetting 0
[ 1011.992082][  T112] usb 6-1: New USB device found, idVendor=12d1, idProduct=503b, bcdDevice= c.16
[ 1012.001734][  T112] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1012.013009][  T112] usb 6-1: Product: syz
[ 1012.017310][  T112] usb 6-1: Manufacturer: syz
[ 1012.021942][  T112] usb 6-1: SerialNumber: syz
[ 1012.030826][  T112] usb 6-1: config 0 descriptor??
[ 1012.132534][ T5857] peak_usb 2-1:0.29: PEAK-System PCAN-USB X6 v121 fw v179.0.0 (2 channels)
[ 1012.169898][ T5824] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1012.180198][ T5824] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1012.288242][T12529] bridge_slave_1: left allmulticast mode
[ 1012.294842][ T5824] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1012.303185][T12529] bridge_slave_1: left promiscuous mode
[ 1012.309434][T12529] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1012.318391][ T5824] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1012.329246][ T5824] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1012.756494][ T5857] peak_usb 2-1:0.29 can0: sending command failure: -8
[ 1012.771011][T12529] bridge_slave_0: left allmulticast mode
[ 1012.800833][ T5857] peak_usb 2-1:0.29 can0: sending command failure: -8
[ 1012.808256][T12529] bridge_slave_0: left promiscuous mode
[ 1012.814888][T12529] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1012.817507][ T5857] peak_usb 2-1:0.29 can0: sending command failure: -8
[ 1012.884973][T19930] FAULT_INJECTION: forcing a failure.
[ 1012.884973][T19930] name failslab, interval 1, probability 0, space 0, times 0
[ 1012.900120][T19930] CPU: 0 UID: 0 PID: 19930 Comm: syz.6.3730 Not tainted syzkaller #0 PREEMPT(full) 
[ 1012.900146][T19930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1012.900156][T19930] Call Trace:
[ 1012.900162][T19930]  <TASK>
[ 1012.900169][T19930]  dump_stack_lvl+0x16c/0x1f0
[ 1012.900198][T19930]  should_fail_ex+0x512/0x640
[ 1012.900217][T19930]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1012.900240][T19930]  should_failslab+0xc2/0x120
[ 1012.900258][T19930]  kmem_cache_alloc_noprof+0x75/0x6e0
[ 1012.900282][T19930]  ? skb_clone+0x190/0x3f0
[ 1012.900309][T19930]  ? skb_clone+0x190/0x3f0
[ 1012.900328][T19930]  skb_clone+0x190/0x3f0
[ 1012.900349][T19930]  netlink_deliver_tap+0xabd/0xd30
[ 1012.900376][T19930]  netlink_unicast+0x64c/0x870
[ 1012.900397][T19930]  ? __pfx_netlink_unicast+0x10/0x10
[ 1012.900430][T19930]  netlink_sendmsg+0x8c8/0xdd0
[ 1012.900459][T19930]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1012.900496][T19930]  ____sys_sendmsg+0xa98/0xc70
[ 1012.900513][T19930]  ? copy_msghdr_from_user+0x10a/0x160
[ 1012.900529][T19930]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1012.900546][T19930]  ___sys_sendmsg+0x134/0x1d0
[ 1012.900565][T19930]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1012.900584][T19930]  ? __lock_acquire+0x622/0x1c90
[ 1012.900641][T19930]  __sys_sendmsg+0x16d/0x220
[ 1012.900656][T19930]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1012.900680][T19930]  do_syscall_64+0xcd/0xfa0
[ 1012.900698][T19930]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1012.900713][T19930] RIP: 0033:0x7f61bd58efc9
[ 1012.900727][T19930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1012.900743][T19930] RSP: 002b:00007f61be490038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1012.900758][T19930] RAX: ffffffffffffffda RBX: 00007f61bd7e5fa0 RCX: 00007f61bd58efc9
[ 1012.900769][T19930] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003
[ 1012.900778][T19930] RBP: 00007f61be490090 R08: 0000000000000000 R09: 0000000000000000
[ 1012.900787][T19930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1012.900794][T19930] R13: 00007f61bd7e6038 R14: 00007f61bd7e5fa0 R15: 00007ffecd489d48
[ 1012.900809][T19930]  </TASK>
[ 1013.116586][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1013.394307][  T112] option 6-1:0.221: GSM modem (1-port) converter detected
[ 1013.423041][  T112] usb 6-1: USB disconnect, device number 39
[ 1013.443060][  T112] option 6-1:0.221: device disconnected
[ 1013.455781][T19941] FAULT_INJECTION: forcing a failure.
[ 1013.455781][T19941] name failslab, interval 1, probability 0, space 0, times 0
[ 1013.469630][T19941] CPU: 1 UID: 0 PID: 19941 Comm: syz.4.3734 Not tainted syzkaller #0 PREEMPT(full) 
[ 1013.469655][T19941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1013.469665][T19941] Call Trace:
[ 1013.469670][T19941]  <TASK>
[ 1013.469678][T19941]  dump_stack_lvl+0x16c/0x1f0
[ 1013.469709][T19941]  should_fail_ex+0x512/0x640
[ 1013.469727][T19941]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[ 1013.469755][T19941]  should_failslab+0xc2/0x120
[ 1013.469775][T19941]  kmem_cache_alloc_noprof+0x75/0x6e0
[ 1013.469799][T19941]  ? getname_flags.part.0+0x4c/0x550
[ 1013.469827][T19941]  ? getname_flags.part.0+0x4c/0x550
[ 1013.469849][T19941]  getname_flags.part.0+0x4c/0x550
[ 1013.469874][T19941]  getname_flags+0x93/0xf0
[ 1013.469891][T19941]  user_path_at+0x24/0x60
[ 1013.469908][T19941]  __x64_sys_mount+0x1fb/0x310
[ 1013.469928][T19941]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1013.469952][T19941]  do_syscall_64+0xcd/0xfa0
[ 1013.469977][T19941]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1013.469993][T19941] RIP: 0033:0x7ff1c4b8efc9
[ 1013.470005][T19941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1013.470019][T19941] RSP: 002b:00007ff1c5a5b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1013.470034][T19941] RAX: ffffffffffffffda RBX: 00007ff1c4de5fa0 RCX: 00007ff1c4b8efc9
[ 1013.470044][T19941] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 0000000000000000
[ 1013.470054][T19941] RBP: 00007ff1c5a5b090 R08: 0000200000000040 R09: 0000000000000000
[ 1013.470063][T19941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1013.470073][T19941] R13: 00007ff1c4de6038 R14: 00007ff1c4de5fa0 R15: 00007ffe6ab134c8
[ 1013.470094][T19941]  </TASK>
[ 1014.198119][T12529] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1014.296804][   T30] audit: type=1326 audit(1762064862.356:1633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19948 comm="syz.4.3736" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff1c4b8efc9 code=0x0
[ 1014.319731][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1014.329787][T12529] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1014.350485][T12529] bond0 (unregistering): Released all slaves
[ 1014.637662][ T5857] peak_usb 2-1:0.29: probe with driver peak_usb failed with error -8
[ 1014.776034][ T5932] syz1: Port: 1 Link DOWN
[ 1014.845088][T19963] QAT: Invalid ioctl 1076910120
[ 1014.865126][T13271] Bluetooth: hci3: command tx timeout
[ 1015.387591][ T5857] usb 2-1: USB disconnect, device number 67
[ 1015.765176][T19963] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1015.777506][T19963] bond0: (slave lo): Error: Device can not be enslaved while up
[ 1016.943226][T13271] Bluetooth: hci3: command tx timeout
[ 1017.062260][   T30] audit: type=1400 audit(1762064865.116:1634): avc:  denied  { nosuid_transition } for  pid=19984 comm="syz.4.3745" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process2 permissive=1
[ 1017.096670][   T30] audit: type=1400 audit(1762064865.116:1635): avc:  denied  { transition } for  pid=19984 comm="syz.4.3745" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=1553 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1
[ 1017.153350][T19985] overlayfs: cannot append lower layer
[ 1017.179108][   T30] audit: type=1400 audit(1762064865.116:1636): avc:  denied  { entrypoint } for  pid=19984 comm="syz.4.3745" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=1553 scontext=system_u:object_r:hugetlbfs_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1017.284992][   T30] audit: type=1400 audit(1762064865.116:1637): avc:  denied  { share } for  pid=19984 comm="syz.4.3745" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1
[ 1017.346875][   T30] audit: type=1400 audit(1762064865.116:1638): avc:  denied  { noatsecure } for  pid=19984 comm="syz.4.3745" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1
[ 1017.514062][ T5932] usb 7-1: new full-speed USB device number 22 using dummy_hcd
[ 1017.529389][T19997] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3747'.
[ 1017.707205][ T5932] usb 7-1: config 0 has an invalid interface number: 29 but max is 0
[ 1017.866263][ T5932] usb 7-1: config 0 has no interface number 0
[ 1017.885669][T19998] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3747'.
[ 1017.893217][ T5932] usb 7-1: config 0 interface 29 has no altsetting 0
[ 1017.926601][ T5932] usb 7-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[ 1017.966430][ T5932] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1018.034934][ T5932] usb 7-1: Product: syz
[ 1018.057315][ T5932] usb 7-1: Manufacturer: syz
[ 1018.061942][ T5932] usb 7-1: SerialNumber: syz
[ 1018.132847][ T5932] usb 7-1: config 0 descriptor??
[ 1018.475503][T20005] ptrace attach of ""[20004] was attempted by "./syz-executor exec"[20005]
[ 1019.033547][ T5932] peak_usb 7-1:0.29: PEAK-System PCAN-USB X6 v121 fw v179.0.0 (2 channels)
[ 1019.082338][T13271] Bluetooth: hci3: command tx timeout
[ 1019.082420][ T5932] peak_usb 7-1:0.29 can0: sending command failure: -8
[ 1019.098210][ T5932] peak_usb 7-1:0.29 can0: sending command failure: -8
[ 1019.223233][ T5932] peak_usb 7-1:0.29 can0: sending command failure: -8
[ 1019.426230][ T5932] peak_usb 7-1:0.29: probe with driver peak_usb failed with error -8
[ 1019.534722][ T5932] usb 7-1: USB disconnect, device number 22
[ 1019.783193][T20017] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3752'.
[ 1019.792116][T20017] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3752'.
[ 1019.801126][T20017] netlink: 'syz.5.3752': attribute type 14 has an invalid length.
[ 1020.085255][T12529] hsr_slave_0: left promiscuous mode
[ 1020.092090][T12529] hsr_slave_1: left promiscuous mode
[ 1020.098286][T12529] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1020.123339][T12529] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1020.133951][T12529] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1020.161867][T12529] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1020.216711][T20030] netlink: 'syz.1.3757': attribute type 21 has an invalid length.
[ 1020.227037][T12529] veth1_macvtap: left promiscuous mode
[ 1020.232606][T12529] veth0_macvtap: left promiscuous mode
[ 1020.251097][T20032] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3758'.
[ 1020.253444][T12529] veth1_vlan: left promiscuous mode
[ 1020.272216][T20032] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1020.273610][T12529] veth0_vlan: left promiscuous mode
[ 1020.294313][ T5932] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[ 1020.464745][ T5932] usb 7-1: Using ep0 maxpacket: 32
[ 1020.526261][ T5932] usb 7-1: config 0 has an invalid interface number: 85 but max is 0
[ 1020.567250][ T5932] usb 7-1: config 0 has no interface number 0
[ 1020.612923][ T5932] usb 7-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1020.698418][ T5932] usb 7-1: config 0 interface 85 has no altsetting 0
[ 1020.822188][ T5932] usb 7-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1020.920587][ T5932] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1021.010950][ T5932] usb 7-1: Product: syz
[ 1021.070253][ T5932] usb 7-1: Manufacturer: syz
[ 1021.103198][T13271] Bluetooth: hci3: command tx timeout
[ 1021.112661][ T5932] usb 7-1: SerialNumber: syz
[ 1021.195837][ T5932] usb 7-1: config 0 descriptor??
[ 1021.818526][T20047] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3762'.
[ 1022.288678][T12529] team0 (unregistering): Port device team_slave_1 removed
[ 1022.326623][T12529] team0 (unregistering): Port device team_slave_0 removed
[ 1022.397260][T12527] smc: removing ib device syz1
[ 1022.475222][ T5932] appletouch 7-1:0.85: Geyser mode initialized.
[ 1022.483965][ T5932] input: appletouch as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.85/input/input43
[ 1022.725734][T20030] netlink: 156 bytes leftover after parsing attributes in process `syz.1.3757'.
[ 1022.735976][T20030] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3757'.
[ 1022.905016][T19921] chnl_net:caif_netlink_parms(): no params data found
[ 1022.971036][T20060] overlayfs: overlapping lowerdir path
[ 1023.091542][T20068] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3767'.
[ 1023.259722][T20075] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3768'.
[ 1023.316295][T20077] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3768'.
[ 1023.835307][T19921] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1023.840652][ T5939] usb 7-1: USB disconnect, device number 23
[ 1023.858205][T19921] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1023.873053][T19921] bridge_slave_0: entered allmulticast mode
[ 1023.905547][ T5939] appletouch 7-1:0.85: input: appletouch disconnected
[ 1023.907680][T19921] bridge_slave_0: entered promiscuous mode
[ 1023.942565][T19921] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1023.952899][T19921] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1024.029152][T19921] bridge_slave_1: entered allmulticast mode
[ 1024.098016][T19921] bridge_slave_1: entered promiscuous mode
[ 1024.193263][ T5857] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[ 1024.428572][ T5857] usb 6-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b
[ 1024.486383][ T5857] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1024.669676][ T5857] usb 6-1: config 0 descriptor??
[ 1024.814778][ T5857] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input44
[ 1025.216671][ T5857] usb 6-1: USB disconnect, device number 40
[ 1025.822185][T19921] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1025.969845][T19921] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1026.118076][T19921] team0: Port device team_slave_0 added
[ 1026.131110][T19921] team0: Port device team_slave_1 added
[ 1026.392435][T19921] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1026.410628][T19921] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1026.513176][T19921] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1026.543584][T19921] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1026.557657][T19921] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1026.756870][T19921] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1027.284543][T19921] hsr_slave_0: entered promiscuous mode
[ 1027.291817][T19921] hsr_slave_1: entered promiscuous mode
[ 1027.309682][T19921] debugfs: 'hsr0' already exists in 'hsr'
[ 1027.323172][T19921] Cannot create hsr debugfs directory
[ 1028.879341][T20150] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1029.842114][T20159] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3787'.
[ 1029.894177][T19921] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1029.968523][T20160] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3787'.
[ 1030.004725][T19921] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1030.029761][T19921] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1030.052887][T19921] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1030.498343][T19921] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1030.522849][T19921] 8021q: adding VLAN 0 to HW filter on device team0
[ 1030.562665][T20174] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3790'.
[ 1030.574897][   T30] audit: type=1326 audit(1762064878.616:1639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20170 comm="syz.6.3790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61bd58efc9 code=0x7ffc0000
[ 1030.605608][T12542] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1030.612732][T12542] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1030.633883][   T30] audit: type=1326 audit(1762064878.616:1640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20170 comm="syz.6.3790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61bd58efc9 code=0x7ffc0000
[ 1030.659635][   T30] audit: type=1326 audit(1762064878.616:1641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20170 comm="syz.6.3790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f61bd58efc9 code=0x7ffc0000
[ 1030.683021][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1030.696831][   T30] audit: type=1326 audit(1762064878.616:1642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20170 comm="syz.6.3790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61bd58efc9 code=0x7ffc0000
[ 1030.720292][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1030.730389][   T30] audit: type=1326 audit(1762064878.616:1643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20170 comm="syz.6.3790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61bd58efc9 code=0x7ffc0000
[ 1030.753860][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1030.762077][   T30] audit: type=1326 audit(1762064878.616:1644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20170 comm="syz.6.3790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f61bd58efc9 code=0x7ffc0000
[ 1030.785474][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1030.793433][   T30] audit: type=1326 audit(1762064878.636:1645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20170 comm="syz.6.3790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61bd58efc9 code=0x7ffc0000
[ 1030.816880][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1030.827123][   T30] audit: type=1326 audit(1762064878.636:1646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20170 comm="syz.6.3790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61bd58efc9 code=0x7ffc0000
[ 1030.850620][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1030.858312][   T30] audit: type=1326 audit(1762064878.636:1647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20170 comm="syz.6.3790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f61bd58efc9 code=0x7ffc0000
[ 1030.886545][   T30] audit: type=1326 audit(1762064878.636:1648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20170 comm="syz.6.3790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61bd58efc9 code=0x7ffc0000
[ 1030.916098][T10205] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1030.923250][T10205] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1031.499081][T19921] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1032.006814][T20207] netlink: 'syz.5.3797': attribute type 1 has an invalid length.
[ 1032.023185][T20207] netlink: 'syz.5.3797': attribute type 4 has an invalid length.
[ 1032.039967][T20207] netlink: 15334 bytes leftover after parsing attributes in process `syz.5.3797'.
[ 1032.404258][T19921] veth0_vlan: entered promiscuous mode
[ 1032.416917][T19921] veth1_vlan: entered promiscuous mode
[ 1032.538745][T19921] veth0_macvtap: entered promiscuous mode
[ 1032.549806][T19921] veth1_macvtap: entered promiscuous mode
[ 1032.578721][T19921] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1032.597497][T19921] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1032.627552][T12546] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1032.636827][T12546] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1032.729441][T12529] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1032.831162][T12529] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1033.298150][T12546] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1033.332500][T12546] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1033.422758][T12546] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1033.447889][T12546] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1033.987286][T20230] sctp: [Deprecated]: syz.6.3804 (pid 20230) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1033.987286][T20230] Use struct sctp_sack_info instead
[ 1034.129453][T20233] loop6: detected capacity change from 0 to 524287999
[ 1034.169595][T20233] buffer_io_error: 22 callbacks suppressed
[ 1034.169607][T20233] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1034.349540][T20239] siw: device registration error -23
[ 1034.619362][T20233] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1034.664289][T20233] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1034.708025][T20233] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1034.797125][T20233] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1034.913345][T20233] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1034.926067][T20233] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1034.943382][T20233] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1034.961613][T20233] ldm_validate_partition_table(): Disk read failed.
[ 1034.976040][T20233] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1034.998414][T20233] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1035.018027][T20233] Dev loop6: unable to read RDB block 0
[ 1035.029679][T20233]  loop6: unable to read partition table
[ 1035.042703][T20240] block device autoloading is deprecated and will be removed.
[ 1035.077354][T20240] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3805'.
[ 1035.090192][T20233] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[ 1037.250124][   T30] kauditd_printk_skb: 7 callbacks suppressed
[ 1037.250141][   T30] audit: type=1400 audit(1762064885.306:1656): avc:  denied  { mount } for  pid=20265 comm="syz.7.3813" name="/" dev="securityfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1
[ 1037.432258][T20267] PKCS7: Unknown OID: [4] 2.19.13055.1334505.0.0.0.0
[ 1037.439010][T20267] PKCS7: Only support pkcs7_signedData type
[ 1037.704617][T19926] usb 6-1: new full-speed USB device number 41 using dummy_hcd
[ 1037.831308][T20278] netlink: 'syz.6.3816': attribute type 2 has an invalid length.
[ 1037.839407][T20278] netlink: 'syz.6.3816': attribute type 2 has an invalid length.
[ 1037.852261][T20278] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3816'.
[ 1037.888317][T19926] usb 6-1: config 0 has an invalid interface number: 29 but max is 0
[ 1037.898068][T19926] usb 6-1: config 0 has no interface number 0
[ 1038.250692][T19926] usb 6-1: config 0 interface 29 has no altsetting 0
[ 1038.269478][T19926] usb 6-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[ 1038.297709][T19926] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1038.373380][T19926] usb 6-1: Product: syz
[ 1038.382365][T19926] usb 6-1: Manufacturer: syz
[ 1038.405612][T19926] usb 6-1: SerialNumber: syz
[ 1038.431584][T19926] usb 6-1: config 0 descriptor??
[ 1038.744390][T19926] peak_usb 6-1:0.29: PEAK-System PCAN-USB X6 v0 fw v0.0.0 (2 channels)
[ 1038.844739][T20289] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3819'.
[ 1038.853741][T20289] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3819'.
[ 1038.862663][T20289] netlink: 'syz.1.3819': attribute type 14 has an invalid length.
[ 1039.166430][T19926] peak_usb 6-1:0.29 can0: sending command failure: -22
[ 1039.203889][T19926] peak_usb 6-1:0.29 can0: sending command failure: -22
[ 1039.273462][T19926] peak_usb 6-1:0.29 can0: sending command failure: -22
[ 1040.487411][T19926] peak_usb 6-1:0.29: probe with driver peak_usb failed with error -22
[ 1040.531086][T19926] usb 6-1: USB disconnect, device number 41
[ 1041.093474][T20303] siw: device registration error -23
[ 1041.844773][ T5932] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[ 1042.020690][ T5932] usb 7-1: Using ep0 maxpacket: 8
[ 1042.196297][T20333] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3831'.
[ 1042.206444][T20333] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3831'.
[ 1042.215756][T20333] netlink: 'syz.4.3831': attribute type 14 has an invalid length.
[ 1043.009020][ T5932] usb 7-1: config 0 has an invalid interface number: 31 but max is 0
[ 1043.017778][ T5932] usb 7-1: config 0 has no interface number 0
[ 1043.055934][ T5932] usb 7-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[ 1043.111959][ T5932] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1043.151861][T20345] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3832'.
[ 1043.193645][ T5932] usb 7-1: Product: syz
[ 1043.197831][ T5932] usb 7-1: Manufacturer: syz
[ 1043.244394][ T5932] usb 7-1: SerialNumber: syz
[ 1043.268254][ T5932] usb 7-1: config 0 descriptor??
[ 1043.290542][T20349] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3834'.
[ 1043.384102][T20348] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3832'.
[ 1043.413959][T20352] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3834'.
[ 1043.495425][T20314] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1043.514525][T20314] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1043.527181][ T5932] uvcvideo 7-1:0.31: Found UVC 0.04 device syz (046d:08c3)
[ 1043.569392][ T5932] uvcvideo 7-1:0.31: No valid video chain found.
[ 1043.591688][ T5932] usb 7-1: USB disconnect, device number 24
[ 1044.600061][T20364] 9pnet_fd: Insufficient options for proto=fd
[ 1044.855645][T20371] netlink: 'syz.1.3840': attribute type 21 has an invalid length.
[ 1044.864692][T20371] netlink: 156 bytes leftover after parsing attributes in process `syz.1.3840'.
[ 1044.877963][T20371] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3840'.
[ 1045.269294][T20374] siw: device registration error -23
[ 1048.850689][   T30] audit: type=1400 audit(1762064896.906:1657): avc:  denied  { create } for  pid=20418 comm="syz.7.3855" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[ 1048.875352][   T30] audit: type=1400 audit(1762064896.936:1658): avc:  denied  { ioctl } for  pid=20418 comm="syz.7.3855" path="socket:[89883]" dev="sockfs" ino=89883 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[ 1048.900902][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1048.933490][T19926] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[ 1049.113801][   T30] audit: type=1400 audit(1762064896.966:1659): avc:  denied  { write } for  pid=20418 comm="syz.7.3855" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[ 1049.243442][T19926] usb 6-1: Using ep0 maxpacket: 8
[ 1049.249899][T19926] usb 6-1: config 0 has an invalid interface number: 186 but max is 0
[ 1049.266497][T19926] usb 6-1: config 0 has no interface number 0
[ 1049.282922][T19926] usb 6-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1049.319054][T19926] usb 6-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[ 1049.331019][T19926] usb 6-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[ 1049.358900][T19926] usb 6-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[ 1049.386119][T19926] usb 6-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[ 1049.396323][T19926] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1049.472328][T19926] usb 6-1: Product: syz
[ 1049.482771][T19926] usb 6-1: Manufacturer: syz
[ 1049.491590][T19926] usb 6-1: SerialNumber: syz
[ 1049.510122][T19926] usb 6-1: config 0 descriptor??
[ 1049.744063][T19926] iowarrior 6-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0
[ 1049.962542][T19926] usb 6-1: USB disconnect, device number 42
[ 1052.133479][T19926] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[ 1053.080882][T20473] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1053.088207][T20473] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1053.207826][T20473] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1053.220322][T20473] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1053.252360][T19926] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[ 1053.272514][T19926] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[ 1053.296914][T19926] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[ 1053.470259][T12527] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1053.472098][T19926] usb 6-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 1053.479547][T12527] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1053.497409][ T5932] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[ 1053.505091][T19926] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1053.515388][T19926] usb 6-1: Product: syz
[ 1053.519128][T12527] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1053.519858][T19926] usb 6-1: Manufacturer: syz
[ 1053.535311][T19926] usb 6-1: SerialNumber: syz
[ 1053.554325][T19926] usb 6-1: config 0 descriptor??
[ 1053.562776][T20468] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[ 1053.635842][T20468] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[ 1053.650416][T19926] usb 6-1: ucan: probing device on interface #0
[ 1053.698193][T20486] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3871'.
[ 1053.955426][T12527] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1053.986738][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1054.013216][ T5932] usb 7-1: Using ep0 maxpacket: 8
[ 1054.033158][ T5932] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1054.039809][ T5932] usb 7-1: New USB device found, idVendor=1345, idProduct=3008, bcdDevice= 0.00
[ 1054.049154][ T5932] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1054.065792][ T5932] usb 7-1: config 0 descriptor??
[ 1054.498065][T20503] FAULT_INJECTION: forcing a failure.
[ 1054.498065][T20503] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1054.511520][T20503] CPU: 0 UID: 0 PID: 20503 Comm: syz.1.3875 Not tainted syzkaller #0 PREEMPT(full) 
[ 1054.511542][T20503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1054.511551][T20503] Call Trace:
[ 1054.511557][T20503]  <TASK>
[ 1054.511567][T20503]  dump_stack_lvl+0x16c/0x1f0
[ 1054.511597][T20503]  should_fail_ex+0x512/0x640
[ 1054.511621][T20503]  _copy_to_user+0x32/0xd0
[ 1054.511643][T20503]  simple_read_from_buffer+0xcb/0x170
[ 1054.511670][T20503]  proc_fail_nth_read+0x197/0x240
[ 1054.511691][T20503]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1054.511711][T20503]  ? rw_verify_area+0xcf/0x6c0
[ 1054.511734][T20503]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1054.511757][T20503]  vfs_read+0x1e4/0xcf0
[ 1054.511773][T20503]  ? __pfx___mutex_lock+0x10/0x10
[ 1054.511790][T20503]  ? __pfx_vfs_read+0x10/0x10
[ 1054.511812][T20503]  ? __fget_files+0x20e/0x3c0
[ 1054.511835][T20503]  ksys_read+0x12a/0x250
[ 1054.511849][T20503]  ? __pfx_ksys_read+0x10/0x10
[ 1054.511863][T20503]  ? __pfx_handle_softirqs+0x10/0x10
[ 1054.511888][T20503]  do_syscall_64+0xcd/0xfa0
[ 1054.511913][T20503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1054.511930][T20503] RIP: 0033:0x7f7479b8d9dc
[ 1054.511944][T20503] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1054.511958][T20503] RSP: 002b:00007f747a9c3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1054.511973][T20503] RAX: ffffffffffffffda RBX: 00007f7479de5fa0 RCX: 00007f7479b8d9dc
[ 1054.511984][T20503] RDX: 000000000000000f RSI: 00007f747a9c30a0 RDI: 0000000000000004
[ 1054.511993][T20503] RBP: 00007f747a9c3090 R08: 0000000000000000 R09: 0000000000000000
[ 1054.512003][T20503] R10: 0000000000080800 R11: 0000000000000246 R12: 0000000000000001
[ 1054.512012][T20503] R13: 00007f7479de6038 R14: 00007f7479de5fa0 R15: 00007ffff8fc4ce8
[ 1054.512037][T20503]  </TASK>
[ 1055.023814][T19926] usb 6-1: ucan: failed to retrieve device info
[ 1055.030192][T19926] usb 6-1: ucan: probe failed; try to update the device firmware
[ 1055.101759][ T5932] sony 0003:1345:3008.0010: hiddev0,hidraw0: USB HID vff.ff Device [HID 1345:3008] on usb-dummy_hcd.6-1/input0
[ 1055.116353][ T5932] sony 0003:1345:3008.0010: failed to claim input
[ 1055.951032][ T5932] usb 7-1: USB disconnect, device number 25
[ 1056.073476][   T30] audit: type=1400 audit(1762064904.136:1660): avc:  denied  { write } for  pid=20505 comm="syz.1.3876" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1056.507989][ T5939] usb 6-1: USB disconnect, device number 43
[ 1057.403673][T20538] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3880'.
[ 1057.523227][    T9] usb 7-1: new full-speed USB device number 26 using dummy_hcd
[ 1057.684973][    T9] usb 7-1: config 0 has an invalid interface number: 29 but max is 0
[ 1057.693314][    T9] usb 7-1: config 0 has no interface number 0
[ 1057.776613][    T9] usb 7-1: config 0 interface 29 has no altsetting 0
[ 1057.804452][    T9] usb 7-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[ 1057.827085][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1057.874657][    T9] usb 7-1: Product: syz
[ 1057.878938][    T9] usb 7-1: Manufacturer: syz
[ 1057.895088][    T9] usb 7-1: SerialNumber: syz
[ 1057.922175][    T9] usb 7-1: config 0 descriptor??
[ 1058.475578][    T9] peak_usb 7-1:0.29: PEAK-System PCAN-USB X6 v121 fw v179.240.221 (2 channels)
[ 1059.432571][    T9] peak_usb 7-1:0.29 can0: sending command failure: -22
[ 1059.449261][    T9] peak_usb 7-1:0.29 can0: sending command failure: -22
[ 1059.469210][    T9] peak_usb 7-1:0.29 can0: sending command failure: -22
[ 1059.542064][T20570] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3891'.
[ 1059.647583][    T9] peak_usb 7-1:0.29: probe with driver peak_usb failed with error -22
[ 1059.923306][T19926] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[ 1059.974027][T20580] input: syz0 as /devices/virtual/input/input45
[ 1060.019494][ T5932] usb 7-1: USB disconnect, device number 26
[ 1060.153228][T19926] usb 2-1: Using ep0 maxpacket: 8
[ 1060.160016][T19926] usb 2-1: config 1 descriptor has 1 excess byte, ignoring
[ 1060.167523][T19926] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[ 1060.192365][T19926] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1060.443955][T20593] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3897'.
[ 1060.452883][T20593] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3897'.
[ 1060.462001][T20593] netlink: 'syz.6.3897': attribute type 14 has an invalid length.
[ 1060.551358][T19926] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1060.616948][T19926] usb 2-1: config 1 interface 1 has no altsetting 0
[ 1060.712825][T19926] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1060.748462][T19926] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1060.873206][T19926] usb 2-1: Product: syz
[ 1060.877419][T19926] usb 2-1: Manufacturer: syz
[ 1060.882083][T19926] usb 2-1: SerialNumber: syz
[ 1061.049249][T20602] bridge1: entered allmulticast mode
[ 1062.736226][T19926] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[ 1062.854573][T19926] usb 2-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[ 1063.668392][T19926] usb 2-1: 2:1 : invalid channels 0
[ 1063.741836][T20624] netlink: 156 bytes leftover after parsing attributes in process `syz.1.3906'.
[ 1063.801728][T19926] usb 2-1: USB disconnect, device number 68
[ 1063.816958][T20624] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3906'.
[ 1064.311941][T20636] netlink: 'syz.7.3908': attribute type 39 has an invalid length.
[ 1064.503230][ T5932] usb 2-1: new full-speed USB device number 69 using dummy_hcd
[ 1064.766471][T20636] hsr_slave_1 (unregistering): left promiscuous mode
[ 1066.215487][T20650] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1066.628507][ T5932] usb 2-1: config 0 has an invalid interface number: 29 but max is 0
[ 1066.636745][ T5932] usb 2-1: config 0 has no interface number 0
[ 1066.658635][ T5932] usb 2-1: config 0 interface 29 has no altsetting 0
[ 1066.814779][ T5932] usb 2-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[ 1066.824041][ T5932] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1066.832003][ T5932] usb 2-1: Product: syz
[ 1066.836320][ T5932] usb 2-1: Manufacturer: syz
[ 1066.840970][ T5932] usb 2-1: SerialNumber: syz
[ 1067.389662][ T5932] usb 2-1: config 0 descriptor??
[ 1067.511480][T20666] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3912'.
[ 1067.531117][T20665] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3916'.
[ 1067.794134][ T5932] usb 2-1: can't set config #0, error -71
[ 1067.801057][ T5932] usb 2-1: USB disconnect, device number 69
[ 1068.773110][T20679] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[ 1068.779628][T20679] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1068.807623][T20683] netlink: 'syz.6.3922': attribute type 21 has an invalid length.
[ 1068.817273][T20683] netlink: 156 bytes leftover after parsing attributes in process `syz.6.3922'.
[ 1068.827756][T20683] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3922'.
[ 1068.880731][T20679] vhci_hcd vhci_hcd.0: Device attached
[ 1069.213811][   T30] audit: type=1800 audit(1762064917.086:1661): pid=20689 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.6.3924" name=6E73BF12E10BC845E0807291376B6A9C4CCE5A99F85125232DD3D213E8DCE1FDDEEFF2A7D2AB97C26527FC108503 dev="overlay" ino=92594 res=0 errno=0
[ 1069.242446][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1069.316166][T20680] vhci_hcd: connection closed
[ 1069.319472][   T49] vhci_hcd: stop threads
[ 1069.328599][ T5857] usb 44-1: SetAddress Request (2) to port 0
[ 1069.335149][   T49] vhci_hcd: release socket
[ 1069.340758][ T5857] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd
[ 1069.350326][   T49] vhci_hcd: disconnect device
[ 1069.361966][   T30] audit: type=1800 audit(1762064917.096:1662): pid=20689 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.6.3924" name=6E73BF12E10BC845E0807291376B6A9C4CCE5A99F85125232DD3D213E8DCE1FDDEEFF2A7D2AB97C26527FC108503 dev="overlay" ino=92594 res=0 errno=0
[ 1069.390612][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1069.397176][    T9] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[ 1069.413783][ T5857] usb 44-1: enqueue for inactive port 0
[ 1069.564785][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1069.579581][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1069.615104][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1069.656622][    T9] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1069.679367][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1069.690755][    T9] usb 2-1: config 0 descriptor??
[ 1069.804185][ T5857] usb usb44-port1: attempt power cycle
[ 1070.150873][    T9] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[ 1070.221916][   T30] audit: type=1400 audit(1762064918.276:1663): avc:  denied  { map } for  pid=20696 comm="syz.7.3928" path="socket:[91677]" dev="sockfs" ino=91677 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[ 1070.245677][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1070.383797][ T5857] usb usb44-port1: unable to enumerate USB device
[ 1070.906178][T19926] usb 2-1: USB disconnect, device number 70
[ 1072.193222][ T5932] usb 2-1: new full-speed USB device number 71 using dummy_hcd
[ 1072.388026][ T5932] usb 2-1: config 0 has an invalid interface number: 29 but max is 0
[ 1072.396720][ T5932] usb 2-1: config 0 has no interface number 0
[ 1072.419654][ T5932] usb 2-1: config 0 interface 29 has no altsetting 0
[ 1072.451680][ T5932] usb 2-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[ 1072.461772][ T5932] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1072.490090][ T5932] usb 2-1: Product: syz
[ 1072.504515][ T5932] usb 2-1: Manufacturer: syz
[ 1072.509136][ T5932] usb 2-1: SerialNumber: syz
[ 1072.622278][ T5932] usb 2-1: config 0 descriptor??
[ 1072.687794][T20724] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3933'.
[ 1072.922059][T20726] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3933'.
[ 1072.923383][ T5932] peak_usb 2-1:0.29: PEAK-System PCAN-USB X6 v121 fw v179.240.221 (2 channels)
[ 1073.350556][ T5932] peak_usb 2-1:0.29 can0: sending command failure: -22
[ 1073.409696][T20693] Set syz1 is full, maxelem 65536 reached
[ 1073.420814][ T5932] peak_usb 2-1:0.29 can0: sending command failure: -22
[ 1074.228848][ T5932] peak_usb 2-1:0.29 can0: sending command failure: -22
[ 1074.301033][ T5932] peak_usb 2-1:0.29: probe with driver peak_usb failed with error -22
[ 1075.328509][T19926] usb 2-1: USB disconnect, device number 71
[ 1077.654446][T20793] netlink: 36 bytes leftover after parsing attributes in process `syz.7.3953'.
[ 1077.700507][T20795] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3954'.
[ 1077.723651][T20789] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3953'.
[ 1077.885419][T20799] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3954'.
[ 1078.405871][T20811] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3959'.
[ 1078.566099][T20811] sp0: Synchronizing with TNC
[ 1078.723561][T20815] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3958'.
[ 1079.066444][   T30] audit: type=1800 audit(1762064927.126:1664): pid=20809 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.5.3957" name="bus" dev="ramfs" ino=92909 res=0 errno=0
[ 1079.645974][T20827] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3962'.
[ 1079.688069][   T36] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1079.697052][T20828] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3962'.
[ 1079.706328][T20827] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3962'.
[ 1079.720014][   T36] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1079.730415][   T36] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1079.742641][   T36] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1080.335613][T20846] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3966'.
[ 1080.568667][T20857] overlayfs: missing 'lowerdir'
[ 1081.243417][ T5857] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[ 1081.453144][ T5857] usb 6-1: device descriptor read/64, error -71
[ 1081.723198][ T5857] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[ 1081.953308][ T5857] usb 6-1: device descriptor read/64, error -71
[ 1082.064911][ T5857] usb usb6-port1: attempt power cycle
[ 1082.443397][ T5857] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[ 1082.473911][ T5857] usb 6-1: device descriptor read/8, error -71
[ 1082.725672][ T5857] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[ 1082.761881][T20880] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1082.775084][ T5857] usb 6-1: device descriptor read/8, error -71
[ 1082.893579][ T5857] usb usb6-port1: unable to enumerate USB device
[ 1083.045024][T20888] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3975'.
[ 1083.483442][ T5857] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[ 1083.512770][   T67] batadv1: left allmulticast mode
[ 1083.512812][   T67] batadv1: left promiscuous mode
[ 1083.512966][   T67] bridge0: port 3(batadv1) entered disabled state
[ 1083.521200][   T67] bridge_slave_1: left allmulticast mode
[ 1083.539997][   T67] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1083.548546][   T67] bridge_slave_0: left allmulticast mode
[ 1083.548568][   T67] bridge_slave_0: left promiscuous mode
[ 1083.548826][   T67] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1083.643749][ T5857] usb 2-1: config 0 has an invalid interface number: 117 but max is 0
[ 1083.643773][ T5857] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1083.643790][ T5857] usb 2-1: config 0 has no interface number 0
[ 1083.643820][ T5857] usb 2-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[ 1083.643839][ T5857] usb 2-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1083.645577][ T5857] usb 2-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[ 1083.645601][ T5857] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1083.645619][ T5857] usb 2-1: Product: syz
[ 1083.645632][ T5857] usb 2-1: Manufacturer: syz
[ 1083.645645][ T5857] usb 2-1: SerialNumber: syz
[ 1083.647707][ T5857] usb 2-1: config 0 descriptor??
[ 1083.978523][   T67] bond1 (unregistering): (slave geneve2): Releasing active interface
[ 1084.057133][   T30] audit: type=1800 audit(1762064932.116:1665): pid=20885 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.3979" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[ 1084.078428][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1084.408433][T20910] siw: device registration error -23
[ 1084.424233][T11574] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[ 1084.542654][ T5857] usbtouchscreen 2-1:0.117: probe with driver usbtouchscreen failed with error -71
[ 1084.581947][ T5857] usb 2-1: USB disconnect, device number 72
[ 1084.679295][T11574] usb 6-1: Using ep0 maxpacket: 8
[ 1084.697714][T11574] usb 6-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=62.cb
[ 1084.715041][ T5889] kworker/0:3 (5889) used greatest stack depth: 15816 bytes left
[ 1084.866176][T11574] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1084.883763][T11574] usb 6-1: Product: syz
[ 1084.898304][T11574] usb 6-1: Manufacturer: syz
[ 1084.904395][T11574] usb 6-1: SerialNumber: syz
[ 1084.912803][   T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1084.925919][   T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1084.941263][   T67] bond0 (unregistering): (slave batadv0): Releasing backup interface
[ 1084.961575][   T67] bond0 (unregistering): Released all slaves
[ 1085.158407][   T67] bond1 (unregistering): Released all slaves
[ 1085.189400][   T67] bond2 (unregistering): Released all slaves
[ 1085.575470][T11574] mxuport 6-1:254.0: mxuport_recv_ctrl_urb - short read (0 / 4)
[ 1085.588928][T20901] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3983'.
[ 1085.599140][   T67] tipc: Disabling bearer <udp:syz2>
[ 1085.613744][T11574] mxuport 6-1:254.0: probe with driver mxuport failed with error -5
[ 1085.655256][   T67] tipc: Left network mode
[ 1085.687716][ T5932] usb 6-1: USB disconnect, device number 48
[ 1085.923232][ T5857] usb 2-1: new full-speed USB device number 73 using dummy_hcd
[ 1087.006548][ T5857] usb 2-1: config 0 has an invalid interface number: 29 but max is 0
[ 1087.032066][ T5857] usb 2-1: config 0 has no interface number 0
[ 1087.039739][ T5857] usb 2-1: config 0 interface 29 has no altsetting 0
[ 1087.109079][T20940] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1087.221971][T20941] netlink: 'syz.6.3991': attribute type 10 has an invalid length.
[ 1087.262857][T20941] veth0_vlan: left promiscuous mode
[ 1087.279082][T20941] veth0_vlan: entered promiscuous mode
[ 1087.360188][T20941] team0: Device veth0_vlan failed to register rx_handler
[ 1087.686664][   T67] hsr_slave_0: left promiscuous mode
[ 1087.700403][   T67] hsr_slave_1: left promiscuous mode
[ 1087.707642][   T67] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1087.715219][   T67] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1087.724578][   T67] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1087.731972][   T67] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1087.741763][   T67] batman_adv: batadv0: Removing interface: team0
[ 1087.883958][T20951] sctp: [Deprecated]: syz.5.3992 (pid 20951) Use of int in max_burst socket option.
[ 1087.883958][T20951] Use struct sctp_assoc_value instead
[ 1088.225222][   T67] veth1_macvtap: left promiscuous mode
[ 1088.230819][   T67] veth0_macvtap: left allmulticast mode
[ 1088.236585][   T67] veth0_macvtap: left promiscuous mode
[ 1088.245808][   T67] veth1_vlan: left promiscuous mode
[ 1088.251209][   T67] veth0_vlan: left promiscuous mode
[ 1088.592677][ T5857] usb 2-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[ 1088.623941][ T5857] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1088.631985][ T5857] usb 2-1: Product: syz
[ 1088.669949][ T5857] usb 2-1: Manufacturer: syz
[ 1088.680664][ T5857] usb 2-1: config 0 descriptor??
[ 1088.811275][   T67] pim6reg (unregistering): left allmulticast mode
[ 1088.828008][ T5857] usb 2-1: can't set config #0, error -71
[ 1088.849550][ T5857] usb 2-1: USB disconnect, device number 73
[ 1090.380567][   T67] team0 (unregistering): Port device team_slave_1 removed
[ 1090.440125][   T67] team0 (unregistering): Port device team_slave_0 removed
[ 1090.474741][ T5857] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[ 1090.652151][ T5857] usb 7-1: Using ep0 maxpacket: 8
[ 1090.661426][ T5857] usb 7-1: config 162 has an invalid interface number: 253 but max is 0
[ 1090.674169][ T5857] usb 7-1: config 162 has no interface number 0
[ 1090.681011][ T5857] usb 7-1: config 162 interface 253 has no altsetting 0
[ 1090.690919][ T5857] usb 7-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.09
[ 1090.700555][ T5857] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1090.708908][ T5857] usb 7-1: Product: syz
[ 1090.716655][ T5857] usb 7-1: Manufacturer: syz
[ 1090.721394][ T5857] usb 7-1: SerialNumber: syz
[ 1090.807077][T20981] FAULT_INJECTION: forcing a failure.
[ 1090.807077][T20981] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1090.820640][T20981] CPU: 0 UID: 0 PID: 20981 Comm: syz.7.4001 Not tainted syzkaller #0 PREEMPT(full) 
[ 1090.820663][T20981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1090.820673][T20981] Call Trace:
[ 1090.820679][T20981]  <TASK>
[ 1090.820686][T20981]  dump_stack_lvl+0x16c/0x1f0
[ 1090.820715][T20981]  should_fail_ex+0x512/0x640
[ 1090.820737][T20981]  _copy_from_iter+0x29f/0x1720
[ 1090.820761][T20981]  ? __alloc_skb+0x200/0x380
[ 1090.820780][T20981]  ? __pfx__copy_from_iter+0x10/0x10
[ 1090.820798][T20981]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[ 1090.820814][T20981]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[ 1090.820840][T20981]  netlink_sendmsg+0x820/0xdd0
[ 1090.820868][T20981]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1090.820899][T20981]  ____sys_sendmsg+0xa98/0xc70
[ 1090.820915][T20981]  ? copy_msghdr_from_user+0x10a/0x160
[ 1090.820935][T20981]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1090.820953][T20981]  ? kfree+0x252/0x6d0
[ 1090.820973][T20981]  ? __pfx__kstrtoull+0x10/0x10
[ 1090.821002][T20981]  ___sys_sendmsg+0x134/0x1d0
[ 1090.821024][T20981]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1090.821067][T20981]  ? __pfx___might_resched+0x10/0x10
[ 1090.821092][T20981]  __sys_sendmmsg+0x200/0x420
[ 1090.821114][T20981]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1090.821142][T20981]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1090.821167][T20981]  ? fput+0x9b/0xd0
[ 1090.821186][T20981]  ? ksys_write+0x1ac/0x250
[ 1090.821209][T20981]  ? __pfx_ksys_write+0x10/0x10
[ 1090.821227][T20981]  __x64_sys_sendmmsg+0x9c/0x100
[ 1090.821246][T20981]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1090.821269][T20981]  do_syscall_64+0xcd/0xfa0
[ 1090.821293][T20981]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1090.821309][T20981] RIP: 0033:0x7fe1b4d8efc9
[ 1090.821323][T20981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1090.821337][T20981] RSP: 002b:00007fe1b5c10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1090.821353][T20981] RAX: ffffffffffffffda RBX: 00007fe1b4fe5fa0 RCX: 00007fe1b4d8efc9
[ 1090.821363][T20981] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000004
[ 1090.821373][T20981] RBP: 00007fe1b5c10090 R08: 0000000000000000 R09: 0000000000000000
[ 1090.821382][T20981] R10: 000000000000fff0 R11: 0000000000000246 R12: 0000000000000001
[ 1090.821391][T20981] R13: 00007fe1b4fe6038 R14: 00007fe1b4fe5fa0 R15: 00007ffca96652c8
[ 1090.821415][T20981]  </TASK>
[ 1090.943432][ T5857] go7007 7-1:162.253: probe with driver go7007 failed with error -12
[ 1091.149493][   T67] team0 (unregistering): Port device dummy0 removed
[ 1091.178397][ T5857] usb 7-1: USB disconnect, device number 27
[ 1094.350256][   T67] IPVS: stop unused estimator thread 0...
[ 1094.538351][T19926] usb 6-1: new full-speed USB device number 49 using dummy_hcd
[ 1094.633403][T11574] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[ 1094.716084][T19926] usb 6-1: config 0 has an invalid interface number: 29 but max is 0
[ 1094.751803][T19926] usb 6-1: config 0 has no interface number 0
[ 1094.763617][T21027] netlink: 36 bytes leftover after parsing attributes in process `syz.6.4013'.
[ 1094.783855][T11574] usb 2-1: device descriptor read/64, error -71
[ 1094.792885][T19926] usb 6-1: config 0 interface 29 has no altsetting 0
[ 1094.825344][T19926] usb 6-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[ 1094.834609][T19926] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1094.842790][T19926] usb 6-1: Product: syz
[ 1094.847350][T19926] usb 6-1: Manufacturer: syz
[ 1094.852017][T19926] usb 6-1: SerialNumber: syz
[ 1094.864200][T19926] usb 6-1: config 0 descriptor??
[ 1095.083166][T11574] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[ 1095.233158][T11574] usb 2-1: device descriptor read/64, error -71
[ 1095.353585][T11574] usb usb2-port1: attempt power cycle
[ 1095.444733][T19926] peak_usb 6-1:0.29: PEAK-System PCAN-USB X6 v121 fw v179.240.221 (2 channels)
[ 1095.713152][T11574] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[ 1095.740439][T19926] peak_usb 6-1:0.29 can0: sending command failure: -22
[ 1095.753598][T11574] usb 2-1: device descriptor read/8, error -71
[ 1095.830740][T19926] peak_usb 6-1:0.29 can0: sending command failure: -22
[ 1095.865552][T19926] peak_usb 6-1:0.29 can0: sending command failure: -22
[ 1095.869525][T21039] netlink: 'syz.7.4016': attribute type 21 has an invalid length.
[ 1095.883371][T21039] netlink: 156 bytes leftover after parsing attributes in process `syz.7.4016'.
[ 1095.892583][T21039] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4016'.
[ 1095.996805][T11574] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[ 1096.038572][T19926] peak_usb 6-1:0.29: probe with driver peak_usb failed with error -22
[ 1096.043739][T11574] usb 2-1: device descriptor read/8, error -71
[ 1096.228621][T11574] usb usb2-port1: unable to enumerate USB device
[ 1096.451449][T21046] syz_tun: entered allmulticast mode
[ 1098.182181][T11574] usb 6-1: USB disconnect, device number 49
[ 1098.577547][T11574] libceph: connect (1)[c::]:6789 error -101
[ 1098.672745][T11574] libceph: mon0 (1)[c::]:6789 connect error
[ 1099.063193][ T5932] libceph: connect (1)[c::]:6789 error -101
[ 1099.145745][ T5932] libceph: mon0 (1)[c::]:6789 connect error
[ 1099.238455][T21094] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1099.373185][ T5932] usb 2-1: new full-speed USB device number 78 using dummy_hcd
[ 1099.485159][T21080] ceph: No mds server is up or the cluster is laggy
[ 1099.877784][T11574] libceph: connect (1)[c::]:6789 error -101
[ 1100.003142][ T5932] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1100.016523][T11574] libceph: mon0 (1)[c::]:6789 connect error
[ 1100.074685][ T5932] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1100.092208][ T5932] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1100.121474][ T5932] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1100.161790][ T5932] usb 2-1: Product: syz
[ 1100.182321][ T5932] usb 2-1: Manufacturer: syz
[ 1100.288553][ T5932] usb 2-1: SerialNumber: syz
[ 1101.254455][T21115] netlink: 'syz.7.4036': attribute type 15 has an invalid length.
[ 1101.262300][T21115] netlink: 666 bytes leftover after parsing attributes in process `syz.7.4036'.
[ 1102.185547][ T5932] usb 2-1: 0:2 : does not exist
[ 1102.227587][ T5932] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[ 1102.243393][T21130] netlink: 'syz.5.4040': attribute type 10 has an invalid length.
[ 1102.252323][T21130] team0: Device ipvlan1 failed to register rx_handler
[ 1102.280175][ T5932] usb 2-1: USB disconnect, device number 78
[ 1103.604941][T21157] input: syz0 as /devices/virtual/input/input47
[ 1103.845237][T13271] Bluetooth: hci5: unexpected event for opcode 0x0c00
[ 1103.875537][T21172] netlink: 'syz.6.4052': attribute type 21 has an invalid length.
[ 1103.883604][T21172] netlink: 156 bytes leftover after parsing attributes in process `syz.6.4052'.
[ 1103.892652][T21172] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4052'.
[ 1105.084821][   T30] audit: type=1326 audit(1762064953.136:1666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21188 comm="syz.1.4059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7479b8efc9 code=0x7ffc0000
[ 1105.204680][   T30] audit: type=1326 audit(1762064953.136:1667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21188 comm="syz.1.4059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7479b8efc9 code=0x7ffc0000
[ 1105.340734][   T30] audit: type=1326 audit(1762064953.146:1668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21188 comm="syz.1.4059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7479b8efc9 code=0x7ffc0000
[ 1105.363374][T21200] netlink: 48 bytes leftover after parsing attributes in process `syz.5.4060'.
[ 1105.365095][   T30] audit: type=1326 audit(1762064953.146:1669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21188 comm="syz.1.4059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7479b8efc9 code=0x7ffc0000
[ 1105.398511][   T30] audit: type=1326 audit(1762064953.146:1670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21188 comm="syz.1.4059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7479b8efc9 code=0x7ffc0000
[ 1105.437047][   T30] audit: type=1326 audit(1762064953.146:1671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21188 comm="syz.1.4059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7479b8d810 code=0x7ffc0000
[ 1105.504101][T21205] netlink: 'syz.1.4064': attribute type 21 has an invalid length.
[ 1105.513234][T21205] netlink: 156 bytes leftover after parsing attributes in process `syz.1.4064'.
[ 1105.523076][   T30] audit: type=1326 audit(1762064953.146:1672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21188 comm="syz.1.4059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7479b8efc9 code=0x7ffc0000
[ 1105.556280][T21205] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4064'.
[ 1105.590099][  T977] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[ 1105.663527][ T5932] Bluetooth: hci5: Opcode 0x0c1a failed: -110
[ 1105.670345][ T5932] Bluetooth: hci5: Error when powering off device on rfkill (-110)
[ 1105.698649][   T30] audit: type=1326 audit(1762064953.146:1673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21188 comm="syz.1.4059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7479b8efc9 code=0x7ffc0000
[ 1105.814902][  T977] usb 7-1: config 0 has an invalid interface number: 253 but max is 0
[ 1105.823171][  T977] usb 7-1: config 0 has no interface number 0
[ 1105.829400][  T977] usb 7-1: too many endpoints for config 0 interface 253 altsetting 0: 129, using maximum allowed: 30
[ 1105.871473][T21216] netlink: 14 bytes leftover after parsing attributes in process `syz.1.4065'.
[ 1105.883510][  T977] usb 7-1: config 0 interface 253 altsetting 0 endpoint 0x81 has an invalid bInterval 73, changing to 10
[ 1105.953113][  T977] usb 7-1: config 0 interface 253 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129
[ 1106.014615][  T977] usb 7-1: New USB device found, idVendor=046d, idProduct=c513, bcdDevice= 0.00
[ 1106.057896][  T977] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1106.142822][  T977] usb 7-1: config 0 descriptor??
[ 1106.399927][T21216] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1106.427845][T21216] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1106.448024][T21216] bond0 (unregistering): Released all slaves
[ 1106.566364][  T977] logitech-djreceiver 0003:046D:C513.0012: unknown main item tag 0x0
[ 1106.587497][  T977] logitech-djreceiver 0003:046D:C513.0012: unknown main item tag 0x0
[ 1106.607728][  T977] logitech-djreceiver 0003:046D:C513.0012: unknown main item tag 0x0
[ 1106.633334][  T977] logitech-djreceiver 0003:046D:C513.0012: unknown main item tag 0x0
[ 1106.656059][  T977] logitech-djreceiver 0003:046D:C513.0012: unknown main item tag 0x0
[ 1106.687643][  T977] logitech-djreceiver 0003:046D:C513.0012: unknown main item tag 0x0
[ 1106.706890][  T977] logitech-djreceiver 0003:046D:C513.0012: unknown main item tag 0x0
[ 1106.740771][  T977] logitech-djreceiver 0003:046D:C513.0012: hidraw0: USB HID v0.00 Device [HID 046d:c513] on usb-dummy_hcd.6-1/input253
[ 1106.787439][  T977] usb 7-1: USB disconnect, device number 28
[ 1107.638148][T21236] GUP no longer grows the stack in syz.6.4070 (21236): 200000004000-20000000a000 (200000002000)
[ 1107.638390][T21236] CPU: 1 UID: 0 PID: 21236 Comm: syz.6.4070 Not tainted syzkaller #0 PREEMPT(full) 
[ 1107.638414][T21236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1107.638426][T21236] Call Trace:
[ 1107.638432][T21236]  <TASK>
[ 1107.638440][T21236]  dump_stack_lvl+0x16c/0x1f0
[ 1107.638475][T21236]  gup_vma_lookup+0x1d2/0x220
[ 1107.638499][T21236]  __get_user_pages+0x241/0x3530
[ 1107.638532][T21236]  ? find_held_lock+0x2b/0x80
[ 1107.638558][T21236]  ? __pfx___get_user_pages+0x10/0x10
[ 1107.638589][T21236]  get_user_pages_remote+0x243/0xab0
[ 1107.638612][T21236]  ? mast_spanning_rebalance.isra.0+0x2060/0x2060
[ 1107.638641][T21236]  ? __pfx_get_user_pages_remote+0x10/0x10
[ 1107.638661][T21236]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1107.638684][T21236]  __access_remote_vm+0x250/0xaa0
[ 1107.638705][T21236]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1107.638721][T21236]  ? __pfx___access_remote_vm+0x10/0x10
[ 1107.638742][T21236]  proc_pid_cmdline_read+0x4de/0x8e0
[ 1107.638762][T21236]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[ 1107.638781][T21236]  ? rw_verify_area+0xcf/0x6c0
[ 1107.638803][T21236]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[ 1107.638819][T21236]  vfs_readv+0x5c1/0x8b0
[ 1107.638845][T21236]  ? __pfx_vfs_readv+0x10/0x10
[ 1107.638890][T21236]  ? __fget_files+0x20e/0x3c0
[ 1107.638912][T21236]  ? do_preadv+0x1a6/0x270
[ 1107.638934][T21236]  do_preadv+0x1a6/0x270
[ 1107.638958][T21236]  ? __pfx_do_preadv+0x10/0x10
[ 1107.638991][T21236]  do_syscall_64+0xcd/0xfa0
[ 1107.639042][T21236]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1107.639059][T21236] RIP: 0033:0x7f61bd58efc9
[ 1107.639072][T21236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1107.639088][T21236] RSP: 002b:00007f61be42d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[ 1107.639104][T21236] RAX: ffffffffffffffda RBX: 00007f61bd7e6270 RCX: 00007f61bd58efc9
[ 1107.639115][T21236] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 000000000000000b
[ 1107.639124][T21236] RBP: 00007f61bd611f91 R08: 0000000000000000 R09: 0000000000000000
[ 1107.639134][T21236] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000
[ 1107.639144][T21236] R13: 00007f61bd7e6308 R14: 00007f61bd7e6270 R15: 00007ffecd489d48
[ 1107.639167][T21236]  </TASK>
[ 1107.823284][ T5932] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[ 1107.823340][ T5932] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[ 1107.823477][    C1] ------------[ cut here ]------------
[ 1107.823596][    C1] workqueue: cannot queue hci_cmd_timeout on wq hci2
[ 1107.823666][    C1] WARNING: CPU: 1 PID: 21226 at kernel/workqueue.c:2257 __queue_work+0xd03/0x1160
[ 1107.823688][    C1] Modules linked in:
[ 1107.823832][    C1] CPU: 1 UID: 0 PID: 21226 Comm: syz.5.4068 Not tainted syzkaller #0 PREEMPT(full) 
[ 1107.823860][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1107.823870][    C1] RIP: 0010:__queue_work+0xd03/0x1160
[ 1107.823886][    C1] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 4b 04 00 00 48 8b 75 18 4c 89 fa 48 c7 c7 20 27 8c 8b e8 1e 15 f7 ff 90 <0f> 0b 90 90 e9 2f f7 ff ff e8 5f e5 38 00 90 0f 0b 90 e9 b4 f5 ff
[ 1107.823901][    C1] RSP: 0018:ffffc90000a08be8 EFLAGS: 00010082
[ 1107.823920][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817b3ee8
[ 1107.823929][    C1] RDX: ffff8880287b0000 RSI: ffffffff817b3ef5 RDI: 0000000000000001
[ 1107.823939][    C1] RBP: ffff88802a450978 R08: 0000000000000001 R09: 0000000000000000
[ 1107.823949][    C1] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff9200014118f
[ 1107.823958][    C1] R13: 0000000000000101 R14: ffffffff81843990 R15: ffff88807a5dc978
[ 1107.823968][    C1] FS:  0000000000000000(0000) GS:ffff888124b08000(0000) knlGS:0000000000000000
[ 1107.823983][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1107.823993][    C1] CR2: 0000001b31bf4ff8 CR3: 0000000062f24000 CR4: 00000000003526f0
[ 1107.824003][    C1] Call Trace:
[ 1107.824008][    C1]  <IRQ>
[ 1107.824021][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 1107.824038][    C1]  call_timer_fn+0x19a/0x620
[ 1107.824054][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[ 1107.824073][    C1]  ? __run_timers+0x559/0x960
[ 1107.824087][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 1107.824105][    C1]  __run_timers+0x569/0x960
[ 1107.824124][    C1]  ? __pfx___run_timers+0x10/0x10
[ 1107.824152][    C1]  run_timer_base+0x114/0x190
[ 1107.824166][    C1]  ? __pfx_run_timer_base+0x10/0x10
[ 1107.824184][    C1]  run_timer_softirq+0x1a/0x40
[ 1107.824196][    C1]  handle_softirqs+0x219/0x8e0
[ 1107.824219][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1107.824242][    C1]  __irq_exit_rcu+0x109/0x170
[ 1107.824258][    C1]  irq_exit_rcu+0x9/0x30
[ 1107.824274][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1107.824295][    C1]  </IRQ>
[ 1107.824300][    C1]  <TASK>
[ 1107.824306][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1107.824322][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70
[ 1107.824341][    C1] Code: c6 6b 57 00 48 89 df 5b e9 2d 1a 5d 00 be 03 00 00 00 5b e9 82 b0 e7 02 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 48 8b 34 24 65 48 8b 15 68 72 e4 11 65 8b 05 79 72 e4
[ 1107.824355][    C1] RSP: 0018:ffffc9000c9a7570 EFLAGS: 00000293
[ 1107.824367][    C1] RAX: 0000000000000000 RBX: 1ffff92001934eaf RCX: ffffffff816defb3
[ 1107.824377][    C1] RDX: ffff8880287b0000 RSI: ffffffff816deff0 RDI: 0000000000000007
[ 1107.824387][    C1] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000
[ 1107.824396][    C1] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88807cdd6b40
[ 1107.824406][    C1] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
[ 1107.824422][    C1]  ? arch_check_zapped_pte+0x93/0x140
[ 1107.824443][    C1]  ? arch_check_zapped_pte+0xd0/0x140
[ 1107.824466][    C1]  arch_check_zapped_pte+0x9d/0x140
[ 1107.824486][    C1]  ? __pfx_arch_check_zapped_pte+0x10/0x10
[ 1107.824504][    C1]  ? __tlb_remove_folio_pages_size.constprop.0+0x162/0x560
[ 1107.824536][    C1]  unmap_page_range+0x151d/0x41b0
[ 1107.824571][    C1]  ? __pfx_unmap_page_range+0x10/0x10
[ 1107.824587][    C1]  ? mas_next_slot+0x12d3/0x1cb0
[ 1107.824605][    C1]  ? uprobe_munmap+0x20/0x600
[ 1107.824622][    C1]  unmap_single_vma.constprop.0+0x153/0x240
[ 1107.824642][    C1]  unmap_vmas+0x218/0x470
[ 1107.824661][    C1]  ? __pfx_unmap_vmas+0x10/0x10
[ 1107.824694][    C1]  exit_mmap+0x1b2/0xb90
[ 1107.824715][    C1]  ? __pfx_exit_mmap+0x10/0x10
[ 1107.824747][    C1]  ? arch_uprobe_clear_state+0x16/0x150
[ 1107.824768][    C1]  __mmput+0x12a/0x410
[ 1107.824788][    C1]  mmput+0x62/0x70
[ 1107.824805][    C1]  do_exit+0x7c7/0x2bf0
[ 1107.824825][    C1]  ? lock_acquire+0x179/0x350
[ 1107.824849][    C1]  ? __pfx_do_exit+0x10/0x10
[ 1107.824871][    C1]  ? find_held_lock+0x2b/0x80
[ 1107.824893][    C1]  do_group_exit+0xd3/0x2a0
[ 1107.824925][    C1]  get_signal+0x2671/0x26d0
[ 1107.824945][    C1]  ? kick_process+0xf6/0x1a0
[ 1107.824965][    C1]  ? __pfx_task_work_add+0x10/0x10
[ 1107.824984][    C1]  ? __pfx_get_signal+0x10/0x10
[ 1107.825010][    C1]  arch_do_signal_or_restart+0x8f/0x7c0
[ 1107.825033][    C1]  ? __fget_files+0x20e/0x3c0
[ 1107.825048][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1107.825070][    C1]  ? ksys_read+0x1ac/0x250
[ 1107.825083][    C1]  ? __pfx_ksys_read+0x10/0x10
[ 1107.825101][    C1]  exit_to_user_mode_loop+0x85/0x130
[ 1107.825118][    C1]  do_syscall_64+0x426/0xfa0
[ 1107.825142][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1107.825157][    C1] RIP: 0033:0x7fdc6b18efc9
[ 1107.825170][    C1] Code: Unable to access opcode bytes at 0x7fdc6b18ef9f.
[ 1107.825177][    C1] RSP: 002b:00007fdc6bfaf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1107.825192][    C1] RAX: fffffffffffffe00 RBX: 00007fdc6b3e5fa0 RCX: 00007fdc6b18efc9
[ 1107.825203][    C1] RDX: 000000000000003f RSI: 0000200000000040 RDI: 0000000000000003
[ 1107.825213][    C1] RBP: 00007fdc6b211f91 R08: 0000000000000000 R09: 0000000000000000
[ 1107.825223][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1107.825233][    C1] R13: 00007fdc6b3e6038 R14: 00007fdc6b3e5fa0 R15: 00007ffd2990ae58
[ 1107.825254][    C1]  </TASK>
[ 1107.825262][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1107.825274][    C1] CPU: 1 UID: 0 PID: 21226 Comm: syz.5.4068 Not tainted syzkaller #0 PREEMPT(full) 
[ 1107.825292][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1107.825306][    C1] Call Trace:
[ 1107.825312][    C1]  <IRQ>
[ 1107.825318][    C1]  dump_stack_lvl+0x3d/0x1f0
[ 1107.825340][    C1]  vpanic+0x640/0x6f0
[ 1107.825363][    C1]  ? __queue_work+0xd03/0x1160
[ 1107.825380][    C1]  panic+0xca/0xd0
[ 1107.825401][    C1]  ? __pfx_panic+0x10/0x10
[ 1107.825428][    C1]  ? check_panic_on_warn+0x1f/0xb0
[ 1107.825450][    C1]  check_panic_on_warn+0xab/0xb0
[ 1107.825472][    C1]  __warn+0xf6/0x3c0
[ 1107.825486][    C1]  ? __queue_work+0xd03/0x1160
[ 1107.825504][    C1]  report_bug+0x3c3/0x580
[ 1107.825526][    C1]  ? __queue_work+0xd03/0x1160
[ 1107.825547][    C1]  handle_bug+0x184/0x210
[ 1107.825566][    C1]  exc_invalid_op+0x17/0x50
[ 1107.825583][    C1]  asm_exc_invalid_op+0x1a/0x20
[ 1107.825598][    C1] RIP: 0010:__queue_work+0xd03/0x1160
[ 1107.825613][    C1] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 4b 04 00 00 48 8b 75 18 4c 89 fa 48 c7 c7 20 27 8c 8b e8 1e 15 f7 ff 90 <0f> 0b 90 90 e9 2f f7 ff ff e8 5f e5 38 00 90 0f 0b 90 e9 b4 f5 ff
[ 1107.825626][    C1] RSP: 0018:ffffc90000a08be8 EFLAGS: 00010082
[ 1107.825638][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817b3ee8
[ 1107.825647][    C1] RDX: ffff8880287b0000 RSI: ffffffff817b3ef5 RDI: 0000000000000001
[ 1107.825656][    C1] RBP: ffff88802a450978 R08: 0000000000000001 R09: 0000000000000000
[ 1107.825665][    C1] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff9200014118f
[ 1107.825675][    C1] R13: 0000000000000101 R14: ffffffff81843990 R15: ffff88807a5dc978
[ 1107.825692][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 1107.825714][    C1]  ? __warn_printk+0x198/0x350
[ 1107.825735][    C1]  ? __warn_printk+0x1a5/0x350
[ 1107.825758][    C1]  ? __queue_work+0xd02/0x1160
[ 1107.825779][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 1107.825796][    C1]  call_timer_fn+0x19a/0x620
[ 1107.825811][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[ 1107.825829][    C1]  ? __run_timers+0x559/0x960
[ 1107.825844][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 1107.825865][    C1]  __run_timers+0x569/0x960
[ 1107.825885][    C1]  ? __pfx___run_timers+0x10/0x10
[ 1107.825920][    C1]  run_timer_base+0x114/0x190
[ 1107.825935][    C1]  ? __pfx_run_timer_base+0x10/0x10
[ 1107.825953][    C1]  run_timer_softirq+0x1a/0x40
[ 1107.825967][    C1]  handle_softirqs+0x219/0x8e0
[ 1107.825991][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1107.826018][    C1]  __irq_exit_rcu+0x109/0x170
[ 1107.826041][    C1]  irq_exit_rcu+0x9/0x30
[ 1107.826060][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1107.826079][    C1]  </IRQ>
[ 1107.826083][    C1]  <TASK>
[ 1107.826088][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1107.826100][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70
[ 1107.826114][    C1] Code: c6 6b 57 00 48 89 df 5b e9 2d 1a 5d 00 be 03 00 00 00 5b e9 82 b0 e7 02 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 48 8b 34 24 65 48 8b 15 68 72 e4 11 65 8b 05 79 72 e4
[ 1107.826125][    C1] RSP: 0018:ffffc9000c9a7570 EFLAGS: 00000293
[ 1107.826133][    C1] RAX: 0000000000000000 RBX: 1ffff92001934eaf RCX: ffffffff816defb3
[ 1107.826140][    C1] RDX: ffff8880287b0000 RSI: ffffffff816deff0 RDI: 0000000000000007
[ 1107.826147][    C1] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000
[ 1107.826154][    C1] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88807cdd6b40
[ 1107.826163][    C1] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
[ 1107.826173][    C1]  ? arch_check_zapped_pte+0x93/0x140
[ 1107.826192][    C1]  ? arch_check_zapped_pte+0xd0/0x140
[ 1107.826209][    C1]  arch_check_zapped_pte+0x9d/0x140
[ 1107.826223][    C1]  ? __pfx_arch_check_zapped_pte+0x10/0x10
[ 1107.826238][    C1]  ? __tlb_remove_folio_pages_size.constprop.0+0x162/0x560
[ 1107.826256][    C1]  unmap_page_range+0x151d/0x41b0
[ 1107.826280][    C1]  ? __pfx_unmap_page_range+0x10/0x10
[ 1107.826292][    C1]  ? mas_next_slot+0x12d3/0x1cb0
[ 1107.826305][    C1]  ? uprobe_munmap+0x20/0x600
[ 1107.826317][    C1]  unmap_single_vma.constprop.0+0x153/0x240
[ 1107.826332][    C1]  unmap_vmas+0x218/0x470
[ 1107.826345][    C1]  ? __pfx_unmap_vmas+0x10/0x10
[ 1107.826367][    C1]  exit_mmap+0x1b2/0xb90
[ 1107.826381][    C1]  ? __pfx_exit_mmap+0x10/0x10
[ 1107.826403][    C1]  ? arch_uprobe_clear_state+0x16/0x150
[ 1107.826417][    C1]  __mmput+0x12a/0x410
[ 1107.826431][    C1]  mmput+0x62/0x70
[ 1107.826443][    C1]  do_exit+0x7c7/0x2bf0
[ 1107.826458][    C1]  ? lock_acquire+0x179/0x350
[ 1107.826471][    C1]  ? __pfx_do_exit+0x10/0x10
[ 1107.826486][    C1]  ? find_held_lock+0x2b/0x80
[ 1107.826502][    C1]  do_group_exit+0xd3/0x2a0
[ 1107.826518][    C1]  get_signal+0x2671/0x26d0
[ 1107.826532][    C1]  ? kick_process+0xf6/0x1a0
[ 1107.826546][    C1]  ? __pfx_task_work_add+0x10/0x10
[ 1107.826559][    C1]  ? __pfx_get_signal+0x10/0x10
[ 1107.826579][    C1]  arch_do_signal_or_restart+0x8f/0x7c0
[ 1107.826592][    C1]  ? __fget_files+0x20e/0x3c0
[ 1107.826603][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1107.826620][    C1]  ? ksys_read+0x1ac/0x250
[ 1107.826630][    C1]  ? __pfx_ksys_read+0x10/0x10
[ 1107.826642][    C1]  exit_to_user_mode_loop+0x85/0x130
[ 1107.826655][    C1]  do_syscall_64+0x426/0xfa0
[ 1107.826672][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1107.826685][    C1] RIP: 0033:0x7fdc6b18efc9
[ 1107.826694][    C1] Code: Unable to access opcode bytes at 0x7fdc6b18ef9f.
[ 1107.826699][    C1] RSP: 002b:00007fdc6bfaf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1107.826709][    C1] RAX: fffffffffffffe00 RBX: 00007fdc6b3e5fa0 RCX: 00007fdc6b18efc9
[ 1107.826716][    C1] RDX: 000000000000003f RSI: 0000200000000040 RDI: 0000000000000003
[ 1107.826723][    C1] RBP: 00007fdc6b211f91 R08: 0000000000000000 R09: 0000000000000000
[ 1107.826729][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1107.826736][    C1] R13: 00007fdc6b3e6038 R14: 00007fdc6b3e5fa0 R15: 00007ffd2990ae58
[ 1107.826750][    C1]  </TASK>
[ 1107.826990][    C1] Kernel Offset: disabled