last executing test programs:

1m5.543464315s ago: executing program 3 (id=3867):
r0 = openat2(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)={0xa8000, 0x4, 0x2}, 0x18)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x30, 0x2, 0x3, 0x201, 0x0, 0x0, {0x5, 0x0, 0xa}, [@NFQA_CFG_CMD={0x8, 0x1, {0x6, 0x0, 0x25}}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}, @NFQA_CFG_PARAMS={0x9, 0x2, {0x3, 0x2}}]}, 0x30}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"], 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getpriority(0x0, 0x0)

1m3.498579892s ago: executing program 3 (id=3875):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000002c80)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="300000001c000100000000000000000007000000", @ANYRES32=r3, @ANYBLOB="40003a000a000200ffffffffffff000008000f"], 0x30}}, 0x0)
prlimit64(0x0, 0x6, &(0x7f0000000240)={0x8, 0x8004}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x880000, &(0x7f0000000300)=ANY=[@ANYBLOB="7405000000000000007266646e6f3d", @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESOCT=r5])
socket$alg(0x26, 0x5, 0x0)
r6 = syz_open_procfs$pagemap(0x0, &(0x7f0000000140))
ioctl$PAGEMAP_SCAN(r6, 0xc0606610, &(0x7f0000000280)={0x60, 0x0, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff4000/0x3000)=nil, 0x4, 0x0, 0x0, 0xb, 0x17, 0x1, 0x0, 0x42})
getpid()
openat$binderfs(0xffffffffffffff9c, 0x0, 0x1002, 0x0)
r7 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
getpgrp(0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090000000000000000000000850000002a000000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000040)='sys_exit\x00', r8}, 0x10)
getegid()
close(r7)
r9 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCVHANGUP(r9, 0x5437, 0x2)
fcntl$setstatus(r7, 0x4, 0x2c00)
syz_open_dev$sndctrl(&(0x7f0000000240), 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_io_uring_setup(0x7b95, &(0x7f0000000440)={0x0, 0xd47d, 0x0, 0x0, 0x98}, &(0x7f0000000000), &(0x7f0000000400))

1m2.456547109s ago: executing program 3 (id=3877):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="180000000000000000000095000000000010009c07b346cb5e13f8772644f4971e732de04fedad572bac3404f614c6921cc6566233111a04388a1dd9abd53082a556d3870cc36484b7afd31929aee457d4af6b6ec2d0aec2be5822d676d4d9c11f086b9ee55435fa635bf655e9a79e6ef3c3e8ad04cf1da9c1a928f766b975a31f0c49d8b56581c9304a570a7c27812e5da8d9143ea1ecc8e0f700befc1d70bf4fa9b153672e1e6924fddc5f747e8013"], &(0x7f0000000140)='syzkaller\x00'}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb0100", 0x25}, {&(0x7f0000000040)="aa1d484ea0a00000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfb", 0x26}], 0x2)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b470d649b72ab25399cd956c07dead6a93690", 0x1c}], 0x1}, 0x0)
recvmsg(r4, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x2062)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001800010010000000000000000a370000", @ANYRES32=0x0, @ANYBLOB="0013fa89c32eb80001"], 0x30}}, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0500000001000100ff7f00000202000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000f7c96811000000000000000000020000000000000000000000008db7"], 0x50)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00f7ffffff1e00ff130012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

59.784439576s ago: executing program 3 (id=3885):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000001e00007b8af8ff00000000bfa2000000000000"], 0x0, 0xe, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000304000000000000000000007400", @ANYRES32=r1, @ANYBLOB="0000000000000000240012800b000100627269646765000014000280060027"], 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r2 = socket$inet6(0x10, 0x3, 0x0)
sendmsg$inet(r2, 0x0, 0x0)

59.720023909s ago: executing program 3 (id=3886):
bind$packet(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000280)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wg2\x00'})
r2 = syz_pidfd_open(0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x20)
migrate_pages(0x0, 0x8, &(0x7f0000000300)=0x8, &(0x7f0000000340)=0x5)
preadv(r3, &(0x7f0000001b00)=[{&(0x7f00000009c0)=""/239, 0xef}], 0x1, 0x2, 0x0)
mkdirat(r3, &(0x7f0000000440)='./file0\x00', 0x45)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = syz_open_dev$video(&(0x7f0000000040), 0x8000000000000003, 0x16b142)
ioctl$VIDIOC_S_FMT(r5, 0xc0d05640, &(0x7f0000000340)={0x9, @vbi={0x7, 0x5, 0x24a2, 0x34363248, [0x7fffffff, 0x10001], [0xa, 0x3], 0x1}})
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x40}}, 0x4000800)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
ioctl$BTRFS_IOC_ADD_DEV(r2, 0xff08, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x140, 0x0)
close(r7)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r8)
sendmsg$TIPC_CMD_ENABLE_BEARER(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})

56.413582343s ago: executing program 3 (id=3894):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
semtimedop(0x0, &(0x7f0000000280)=[{0x0, 0x0, 0x1000}], 0x1, 0x0)
semctl$IPC_RMID(0x0, 0x0, 0x10)
openat$dir(0xffffffffffffff9c, 0x0, 0x51f180, 0x100)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000080)=0x6, 0x4)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r2, 0xc0096616, &(0x7f00000001c0)={0x2, [0x0, 0x0]})
sendfile(r5, r4, &(0x7f00000000c0)=0x58, 0x9)
r6 = socket$packet(0x11, 0x3, 0x300)
r7 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$netlink(r7, 0x10e, 0xa, &(0x7f0000001140)=""/4086, &(0x7f0000000040)=0xfffffffffffffd74)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2, 0x4010, r6, 0xc1444000)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r9, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e67}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r9, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r8, @ANYBLOB="a787000000ff000000000b00000404000180"], 0x18}}, 0x0)

53.353625323s ago: executing program 0 (id=3904):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000080))
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vxcan0\x00', <r1=>0x0})
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r2, &(0x7f0000000000)={0x1d, r1, 0x1, {0x0, 0x0, 0x2}, 0xfe}, 0x18)
sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x1d, r1, 0x0, {}, 0x2}, 0x18, &(0x7f0000000180)={&(0x7f00000003c0)}}, 0xee)
close(r2)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f00000000c0)={r2, 0xfffffffffffffffa, 0x4c})

53.233046029s ago: executing program 0 (id=3905):
openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x500, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="fcffffff0000000000000000ff010000850000000e000000850000005000000095318ed036cc6d45c0f1ee32de39345321c386f39838902ace84298d66568ce134e5cb3083d19cf2c6e88af517ff49726135e40e4b8f5eee6f7142c0e9cd70dff536c89dca81ad9ae21125a6acff6944ed07cde5d787a7d37f915deadee6947d565bfb1ad5a43f094d3cc8198550a61c93ab13f0bf77c6a9c72bba2913f5b4e0"], &(0x7f0000000100)='syzkaller\x00', 0x401, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18)
r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x289c2, 0x1)
fcntl$setlease(r1, 0x400, 0x1)
socket$igmp6(0xa, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1, 0xc}, &(0x7f0000001fee)='R\x10suse\x00\x00\x00\x00\x00\x00\x00-\b\x02@\x00', 0x0)
r5 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_buf(r5, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31)
sendmmsg$inet6(r5, &(0x7f0000002940), 0x40000000000017d, 0x811)
r6 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f0000000380)={0x3c0, 0x40, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, 0x4, 0x8, 0x3, 0x1ff, 0x3d, 0x5, 0x3, 0x53, 0x202, 0x1, 0x4})
add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff)
setsockopt(0xffffffffffffffff, 0x7, 0x81, &(0x7f0000000280)="1a000000", 0x4)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x40d4, &(0x7f0000000140)={0xa, 0x4e23, 0x4, @loopback, 0xffffffff}, 0x1c)
setxattr$security_evm(&(0x7f0000000240)='./bus\x00', &(0x7f0000000300), 0x0, 0x0, 0x1)

51.941293195s ago: executing program 0 (id=3908):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5)\x00'}, 0x58)
r3 = accept$alg(r2, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
sendmsg$alg(r3, &(0x7f0000000280)={0x0, 0xff8d, &(0x7f0000000740)=[{&(0x7f0000000540)="b6"}, {&(0x7f0000000580)="b1cdc0a92435041e6be063329729ef5e76ad3fe345f5049c645eea4edf3eac61ac6125c4382bea15999372651c0bedb101c6de3cefe71b3c94b24b07b8aafdf4bdcc2569b869280ee381d3e45f30dbd8e28014119a6036cb506f7a2b2a5039de729d400860c16bc46bebeacfb205403097943553bbef64d6a817d60ca21b7944848733b0e4e78d36219fe86bf2274f10f977fa07fbc307484bc1feaf02343682711f9e4f55c773e427969ba85891fcf67bd340694e5cb9d5c00f376b9c56c24a7515286a8f0955784b81819d216b26cb77c27d976c9faeba5c250cac", 0xdc}, {&(0x7f00000007c0)="67a9692bdd01faed906c6411d8c3a7e0037340873e5a1f6e59dd24d02cac6a000e0000000000000000c5157b4b67317e2e9d65f6f94b47bb606a3b5972a27beec2880dae2aaf9fdf76039f47a0e9956f24bb4a2d94a5a46c4bcc8731b57e2dd876b270bfc262781bfefe470234d1af7089438b0300a46e3098df7afc754445be4f47dfc5548d483f2c9f1608e91ee2050fbbc9ab46e0fddf55f35049c188aaf606ec39f8e96e680d1c0e65", 0xffffff41}, {&(0x7f0000000680)="3568ced1970359734f553b38b7e823cd3e4b260c303ab8f70591545b2a2b14963069f94c3ca955f4bb502b1aeb095ad4c1b37b6b3b62288dfdd4c0b492978a19052e6e96eda0c016236e84100e5f5575853b502832362059529b4c31113a6c6befe743f70b26074f05cb699444c998bd9ed5b1765520c1581b18941abd3d3bd35902afb1637275c1924c35613d7c627f9478b466be188e7ca7b352919595291d82e87bc3127bc04a8575397369098197bc477a5f71b6e53cf90a926505375904", 0xc0}, {&(0x7f0000000980)="f6545097a63ebe15d5737ab18a96e1610c0e5ff3e2fa407deb36687fb2602605e834abaf439404961546ece396cd6a0f9c7b71ce566bd45e9da08989200a2f0abcbd5008f368565da7775d22c301128e94c536f8662eb4945d87595449ff995b777b3ddc888cee5e6605174fb237a4c88d335db0c1f5bd61f15432d379738371abd5f2f8debfe56c38590b2c9b51ceaab05b3910df0c546980044e17fcc89820142611a169dae227326b36e82f26a2d4eef23c37504b5310762e1174f3fc7281ed5ae9d83f630634bc00d434bb5ae958d77b94f3a2ca14aa54244479d04efa61071cb24ca08888acfdb15516fec5a0a9fcd208b6c7683a8a8f72fa9aee442f46bc4dff0c84a39b34d58230ee86c369997e3b6339faff3c8bcb2c803dffc19414db25c677139126fb38ddcab85e07518c032ca549ef67685687db08f09e1694c08789c85992f7953125ef8a940201ae314edd5b6016e91730586f021a9ecf74d2cfe184bf7444d368bed8bcfd8bab42362d926bb6b47cf20e5746a4c97ab73198461f4fa48375a146784795914b96e7c3b8c33f335a51b5affe5a90cd2f365b13f5373645f1c3aedc043e9bfa00718f7cc6585b7a5dcd347f1a685b52cf2865b70b9c407695c831ad080238b160547cfdebcf9b5871d9682bd4effca32a98f50fa749dea570e9feef9cd88d15e97c436a95819d05878a662100", 0x51}], 0x5, 0x0, 0x0, 0x20040890}, 0x2404c800)

50.064708169s ago: executing program 0 (id=3911):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000340)={0xfffff2d4, 0x200ffffe, 0x7, 0xffffffff, 0x0, "4d6b5ccb00"})
readv(r0, &(0x7f0000003a00)=[{&(0x7f0000003840)=""/166, 0xa6}], 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000a40))

49.953113279s ago: executing program 0 (id=3913):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000001140), r0)
sendmsg$GTP_CMD_ECHOREQ(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000001180)={0x3c, r1, 0x1, 0x70bd25, 0x25dfdbfc, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}, @GTPA_VERSION={0x8}, @GTPA_PEER_ADDRESS={0x8, 0x4, @broadcast}, @GTPA_LINK={0x8}, @GTPA_NET_NS_FD={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x4040000)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"], 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$rds(0x15, 0x5, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/custom0\x00', 0x2, 0x0)
ioctl$BINDER_FREEZE(r7, 0x400c620e, &(0x7f00000001c0)={r3, 0x0, 0x1ff})
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @range={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_RANGE_SREG={0x8, 0x1, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0)
sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000700)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast1, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x87}, {@in=@remote, 0x0, 0x33}, @in=@loopback, {}, {}, {}, 0x0, 0x0, 0xa, 0x0, 0x0, 0x20}, [@algo_crypt={0x48, 0x4, {{'ecb(cipher_null)\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'sha1\x00'}}}]}, 0x184}}, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.time\x00', 0x26e1, 0x0)
close(r9)
socket$kcm(0x2, 0x5, 0x84)
ioctl$SIOCSIFHWADDR(r9, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1d}})

49.003291228s ago: executing program 0 (id=3917):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x1, 0x9f, 0x7, 0x281, 0x8a, 0xff, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x35a, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0x2, 0x9, 0x4, 0x5, 0x1000, 0x0, 0x200b398, 0x400040, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x14000000, 0xffff58b9, 0x4c2336d3, 0x4, 0xfffffffc, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x1cb, 0x1, 0x4, 0x3, 0x436, 0x2, 0x9, 0x95, 0x8000, 0x6, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0xffffffff, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xfffffffb, 0xfff, 0x200, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x1, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x40000003, 0x9d86, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x0, 0x101, 0x3, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0x80000001, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x1, 0xdab, 0x7ff, 0x8, 0x13ffd, 0xfffffffd, 0x1b18]}, 0x45c)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2805}, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf5, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x0, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r6 = dup(r5)
r7 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r7, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4)
bind$inet6(r7, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
setsockopt$sock_int(r7, 0x1, 0x31, &(0x7f0000001600), 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8000000004)
sync()
writev(r8, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b4560a117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000100)={0x8, 0x1, 0x2})
r9 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)

41.047878393s ago: executing program 32 (id=3894):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
semtimedop(0x0, &(0x7f0000000280)=[{0x0, 0x0, 0x1000}], 0x1, 0x0)
semctl$IPC_RMID(0x0, 0x0, 0x10)
openat$dir(0xffffffffffffff9c, 0x0, 0x51f180, 0x100)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000080)=0x6, 0x4)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r2, 0xc0096616, &(0x7f00000001c0)={0x2, [0x0, 0x0]})
sendfile(r5, r4, &(0x7f00000000c0)=0x58, 0x9)
r6 = socket$packet(0x11, 0x3, 0x300)
r7 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$netlink(r7, 0x10e, 0xa, &(0x7f0000001140)=""/4086, &(0x7f0000000040)=0xfffffffffffffd74)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2, 0x4010, r6, 0xc1444000)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r9, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e67}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r9, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r8, @ANYBLOB="a787000000ff000000000b00000404000180"], 0x18}}, 0x0)

33.898363676s ago: executing program 33 (id=3917):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x1, 0x9f, 0x7, 0x281, 0x8a, 0xff, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x35a, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0x2, 0x9, 0x4, 0x5, 0x1000, 0x0, 0x200b398, 0x400040, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x14000000, 0xffff58b9, 0x4c2336d3, 0x4, 0xfffffffc, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x1cb, 0x1, 0x4, 0x3, 0x436, 0x2, 0x9, 0x95, 0x8000, 0x6, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0xffffffff, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xfffffffb, 0xfff, 0x200, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x1, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x40000003, 0x9d86, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x0, 0x101, 0x3, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0x80000001, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x1, 0xdab, 0x7ff, 0x8, 0x13ffd, 0xfffffffd, 0x1b18]}, 0x45c)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2805}, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf5, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x0, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r6 = dup(r5)
r7 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r7, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4)
bind$inet6(r7, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
setsockopt$sock_int(r7, 0x1, 0x31, &(0x7f0000001600), 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8000000004)
sync()
writev(r8, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b4560a117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000100)={0x8, 0x1, 0x2})
r9 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)

15.255278329s ago: executing program 6 (id=4039):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c00000041000900000000000000030002000000080002"], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x20040044)

15.223028753s ago: executing program 6 (id=4040):
r0 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000040)={0x0, {0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x2, 0x4e21, @rand_addr=0xff}, {0x2, 0x4e22, @empty}, 0x0, 0x0, 0x0, 0x0, 0x80, &(0x7f0000000000)='macvlan1\x00', 0x3, 0x5, 0x4})
getpeername$llc(0xffffffffffffffff, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast}, &(0x7f0000000100)=0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r0, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x74, r1, 0x10, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x1b, 0x2a, [@rann={0x7e, 0x15, {{0x1, 0x78}, 0x6, 0xf, @device_a, 0x4, 0x5}}]}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x37}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x5d}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x29}, @NL80211_ATTR_MAC={0xa}]}, 0x74}, 0x1, 0x0, 0x0, 0x1}, 0x20000090)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, &(0x7f0000000700)={0x2, 0x1, 0x1b, 0x15, 0x1a3, &(0x7f0000000300)="69b0d3ee179664670e40ed0e3b9495ba111ca444d6502a075f388b3fc1877da60822676dfc3a30b4bf760732ca40a5097dd25d5f7f3d1eb9b0f582dae0612f376471bdb2402585ca4851dc1a8fc7684b5bcdc8b8a926bd90f4c153243fe546af39c34a36c36de15ad43d2b15e0081f6d11fd4bb7d8eb0e19c85a679151ac57b2b2a0866ea8482cd3febdb661093c0d0a47697a2ca0a1a991b084e52bcf278d4af98eb1626a9f86a83acead9a85beb6e8f5729d970f27dac59a917a899df13e7ff9af2a7f779c5aa74de0b298afa2b7e49c08e3b7b248811c8d8c26e0fcc7fac60ba1e5151979581cc4c476180eaa2c41be89217167d5e62252ab9d877ece4c5705318112ab529de7a74b7db60cd90a38492c85db1a29060581e65dea9c52a58757c183d2698cd9fbdfb75194a054379bc69c1ada7b7f84300d1bef4126bebd01640a8006cba0ac5a3c95d44501f4ff92b955408421757e798a972c43701ea722a56cef94f3e4ad16ff433994ba3b0b90bdbc6ee76b8d586cd8de4e4f335856c2d67581b2478cca0ba065e0f1722ca4508491738f20374154d6c9ffd6d4ba247d852a2c55278e67d904294c6da409d07536ffd7a5ad1ba64300613acd923f76bcab3540a32d2f7e677b8adf9a751af5d5a96eec7da63ca82797c4c32cfd156dcbb931f42004822e675c9b135b1d2f04ae9bc56d5d3c881918e7ab1ff517178be6db35233677715a84d886401a19eaa29d933d0d3cce89d4aaa21b24d8b1e2928f4d9334e5379214f0d4a8ef02aaa9fefd6ee66851c73b821819aaa9811b598b5b05af79dfde684f66ab07ab39f4524ffd1935e321371821fa9ff19ab979757668428d43571a85dd8cb978a668d706d9b83e49b1c6e41eec0d4f8b82fa1b37e213b2242a6a229c4218e3df111890d862d39434d401ef65467a01223fc152a26408c14143b4b5a50289a6b2e48f9e3c06804b4de2d57ce51f5b9b584e8b52ebb80a3880359b128e757b802c761ad5b1ad87baf7ed198e3b4946c1e21b3046cdcda77630dd95c6d30fa6e44d26cd690a1fb534335d94c2ad13deeb42c6e383ab7afe3d4d28d7fdc23053e69546a4b4ceff805979cc335d5237f5165210dd0c576a9c4dbebd84d82930228a54b4d47a69c72f97314ae62db8aea17dfa89ebcaa470099f54fb82ca1f5747dd90c2b72c479b49e42721e0b4c48ba111488f290741aa542e9b478e73d4ffc8451da8a79284aec094c8685d80208b5f73166342bb7d8d307ac21b1a52be19ccc4a11f234f53d3a9afccffa5eaa6cd4f34d22138d74ed9c7dd153aa0a19cc08210d56841b552341e5d02c5652a331e8c21d3f655ad455eabec3ae2d6ba29fc1e9ed4ed08c75e7b75c7a668a1286bfb4e5ace7caa732c7383fd3ca935a65847e9aba2d38e5deb1d5139e9bffdcd0828e670e424fa888d88a4"})
r3 = accept$unix(0xffffffffffffffff, &(0x7f0000000740), &(0x7f00000007c0)=0x6e)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000d40)={<r4=>0x0}, &(0x7f0000000d80)=0xc)
getresuid(&(0x7f0000000dc0), &(0x7f0000000e00)=<r5=>0x0, &(0x7f0000000e40))
newfstatat(0xffffffffffffff9c, &(0x7f0000000e80)='./file0\x00', &(0x7f0000000ec0)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x800)
r7 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000f40), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000f80)={{0x1, 0x1, 0x18, <r8=>r0, {0xcf2}}, './file0\x00'})
r9 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000fc0), 0x242080, 0x0)
r10 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000001000)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
r11 = bpf$TOKEN_CREATE(0x24, &(0x7f0000001340)={0x0, r0}, 0x8)
r12 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000001380), 0x2, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000013c0)={0x0, <r13=>0x0})
r14 = getuid()
r15 = openat$dir(0xffffffffffffff9c, &(0x7f0000001440)='./file0\x00', 0x80, 0x4)
r16 = accept4$inet6(0xffffffffffffffff, &(0x7f0000001480)={0xa, 0x0, 0x0, @empty}, &(0x7f00000014c0)=0x1c, 0x80800)
r17 = syz_open_dev$vivid(&(0x7f0000001500), 0x1, 0x2)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0x1, <r18=>0xffffffffffffffff}, &(0x7f0000001540), &(0x7f0000001580)}, 0x20)
r19 = gettid()
read$FUSE(0xffffffffffffffff, &(0x7f0000001600)={0x2020, 0x0, 0x0, <r20=>0x0}, 0x2020)
r21 = getegid()
fcntl$getownex(r0, 0x10, &(0x7f0000003640)={0x0, <r22=>0x0})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000003680)={{0x1, 0x1, 0x18, r0, {<r23=>0xffffffffffffffff}}, './file0\x00'})
r24 = getegid()
sendmmsg$unix(r3, &(0x7f0000005340)=[{{&(0x7f0000000800)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000000cc0)=[{&(0x7f0000000880)="f7012d130b3a3c64c08151c7e64e81b2e9e83480608b514f695b1f0b3c9156a71bce530bcf0cb2380ae4373ff3fc86daceb72e777f085d99520f4863285262a814a9df3d923bd71618487ea1e46af55a892513fb53c9ad9fef95115f0762190decba7bfc17e313e255d5d732776d223a7cdaaed85829acdd0e390d7857df0c168a264bf3fdc1", 0x86}, {&(0x7f0000000940)="c2965f74aa8fe1b72bba76aba159e0ea07c0d805c73bce5b87fe9df59d01c6f4a7364ba921cf0940aa712d9af1118b3e6b83de2e6be60c82d6ff07b7d23d999aecd3480ceb632630c2f3de937c9e74a2cf91ce995473c2368e0dd3f2c236056a4385227056c30357a55e593233b00563681f865d2b3b378992b345a2a4b3ab35ac227a949a263453c5a9a343e8d00238d02735150d1bebbd099d68b4be2014fd7c390b4e0374d95396cd9059f7e4affb3b381ed439a13aa8", 0xb8}, {&(0x7f0000000a00)="f04c3bbaeb89055eb6392f6f007e452cfc50c0b040496a08f6983f6fc35154ab2d9eb0db589e368e5a914ee3b25cc31a511265de02ad1cb4c33a254f82182493ff7a0a61a19adb1fc1e7091357347b7a8e454faa46b78bdc7c1d51226665eb4f3e13ffda00766633ef680af74be9b7786011b754850e73fbecc8441e5d135321fa9a97fb310bbab8", 0x88}, {&(0x7f0000000ac0)="be5b5c9ddd1df273de355b6fe41e742d187864e051e059e2c8a8c15cb2a18fa92108953afa0ed498f12f666124f75e5f8b61d21b26009bd5d8705fb77954d9d5ae63fd16b1814bd95a047c95cd1d6828841f7017e28d03e69d0b60b797193a07a47845ad7dc93e42443d84954143fe6f602d7347caa54bccd754016ced3f361186653379ef220d469e96a43b8454a4bf27712e91516738b5813191105157784a2857f8", 0xa3}, {&(0x7f0000000b80)="7fed193778aa721fb1386ab205689326034b70c339ec10b14914f306b18fa39c5d135c71eafd037124901dbd36720eb5665c68f2c45970", 0x37}, {&(0x7f0000000bc0)="db477a613f19ecb3ee6f11d66e950875f7b1c6e5ce5b73f40d295c41eb680f03c1f80cecac4aa777a6353e841297bd652de4a7509a9f53642ba0ccbae48ead56e54433da8bf23a39ccd0689a627add5e05a8063230970f9b8d9966b10b46c7679f35d200b61811261343f43ee5e53be658846305ce83bf", 0x77}, {&(0x7f0000000c40)="d8c4a1b9818f5846134faa5f2b78886d9c2e50ec8dfd3e328618a03f0044ad87c3a706970701c6058ccd7afd555130407487ca197b6e9b1819791b93d6b97c4ab81fd01e7bd812", 0x47}], 0x7, &(0x7f0000001040)=[@cred={{0x1c, 0x1, 0x2, {r4, r5, r6}}}, @rights={{0x30, 0x1, 0x1, [r7, r8, r0, r0, r0, r0, 0xffffffffffffffff, r9]}}, @rights={{0x2c, 0x1, 0x1, [r0, r0, r0, r0, r0, r0, r0]}}, @rights={{0x2c, 0x1, 0x1, [r0, r0, r0, r0, r0, r0, r0]}}, @rights={{0x18, 0x1, 0x1, [r10, r0]}}], 0xc8, 0x4028800}}, {{&(0x7f0000001140)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000001300)=[{&(0x7f00000011c0)="9f64f792639921b2cd15d22dc18ff7eedca4ee2ad1982fcafb676c30bdf8e0863d3947fff88303fd5fd91fd5464d08f1e1616517dc4ddf722ac5b69cd16f2cb2c7f7e4f4b7ff484a3a0d57e2074818e998f75bd8e9f13c2e5b8e3576aea322fb9d59fbc704bf2d54caa713f7482ec1ae25c854af3933ff515c0dcbe3ff843818bfe2384e9f2dbc08073a2c311530a756c14d3981653769c03c4a39b17b033e14cf6a89be8df3d46ed7463c57f0703d9cf0a979bc1736ac6f9c0652e0844b19a531923f7c8570d32edb06355d8d7cdcf8caaed84dded1a0353ea3c8554397a31143ad99b5dee906bd", 0xe8}, {&(0x7f00000012c0)="233ee6899b4b906bcbde3b97b3576b3d0ec388e42ccaad3e9b560c079d193610658bdac5f5", 0x25}], 0x2, &(0x7f00000036c0)=[@rights={{0x24, 0x1, 0x1, [r11, 0xffffffffffffffff, r12, r0, r0]}}, @cred={{0x1c, 0x1, 0x2, {r13, r14, 0xee01}}}, @rights={{0x1c, 0x1, 0x1, [r15, r0, r16]}}, @rights={{0x28, 0x1, 0x1, [r0, r0, r0, r0, r0, r17]}}, @rights={{0x2c, 0x1, 0x1, [r0, r0, r0, r0, r0, r0, r0]}}, @rights={{0x20, 0x1, 0x1, [r18, r0, r0, r0]}}, @cred={{0x1c, 0x1, 0x2, {r19, r20, r21}}}, @cred={{0x1c, 0x1, 0x2, {r22, r23, r24}}}], 0x120, 0x40044}}, {{&(0x7f0000003800)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000004b80)=[{&(0x7f0000003880)="f13d378f20cd66be2e6104aaa2ed002c61182991b71df0dcadd7294e5192d74a73b008a9c1a1bf4a7a507126a623d028724824c3986afe8ceaf4f5bcf6fb215ffbedbbe880d3cc78e48a11dcbaece94c4d3602da88e521eae044a507cafc6355f926c4e7e805b8481949cee3a642ac2cdd641f958d0359443cce6f5bbf2a4f2e57da729690bbaed6", 0x88}, {&(0x7f0000003940)="e6d468c45394a30c4aecade12bd92764414406806a15e7775fc27e5bb7a52a04c36c9f540136cc", 0x27}, {&(0x7f0000003980)="e567a014c627aedc910612a1072a62ea866838f0d0302ba881a56aab11efb6038e5736e368964c3ac99d3004f1360df421c66ef0ae42fad739fdf9780f73707f56fdc306efa9573b01ab1c62d82992ddf2c17914012fd6e5f53dc31339", 0x5d}, {&(0x7f0000003a00)="1e1c200a0fd99a67252dbef6015f3464667b7b2e551a0dcaaa7045a817fa6b0f4153ea54dd73063dd86ea0221d4268905bb28eeb7216718bdafe34c4f2dfbe53d895febf964c789fad06027e5bea226b8b7223cde08d46fdb309fb815508f37c6dc96ce9d0c33febd7d0ff99a1b33e580b976b32b0ab80e427ca64ff4e1e17077a6bc239cedd1932c7b93451affe9da02f7a2f88b22fb27fd1abf8f5cad12bbbfdcdc18603982fafb7446a809e9d02ab68f503fa3fdefb3bbdae5f1f002e26d476e1fce4d2668421918c8be802292ec1e82c28aab56f01dcfb66c8912d0745cca6730fee68013c1e46304d7b61992afc1935665d37f042949fcb6568f3227abd731a3b66a807a038a20798d4e036bee3eedc617870c007ec08bd5316c75ecda468191bf9a048274016e4e4610c8fb2509b37de08d1548083f36eb0027f615e5f2a33ce4c0b892fdb3762f072fc82008cb996c460c340ee669fda681ba7eda2405c6820faf72fdfd9d4fd7dab8afec9953bb844bd5bf66963bc004348bd654ca957988160286ca27c0586c651bb379eebd4f34f4d4aaa97061c13066b54898682c21a5a742dbafaafe227a51fb9b1b9307446e60a55e73f715ce322cea0342a0504ad32d1699b9d268beb06399296bfe2824d77420cb83aece5e5212ef44c15dba314064f0ff6b4085d657cb0098ccac4275e1939f32b6ddc7347671a82baf70f63ba492c85e5cdd39ab16d6c93560c0026ab0a0b96d3af22de0db2aac397394c3b24c0ca0fbcfad08939c2444dd553ee6bd70aca3b9a1f603e105df4d57d0f084d5f3dceb12990822f0fd0882b123f5020a447cf7ce16e2518fa75295f68b01ea8daa1d4395da813935dd0697adc5209bcd796751405f98a4a19a594a6f50d0ae9260c2231613341d15c23608a26f6a75ce583f47699f87c7a3a4bb830798b7681d2b2e699c349450d1f91625677f512f4e5e73b0274b7adb9dea9fa27ad2e27fae12fb7cd95d217425c7dc382de8d369d70e0e27de97fc4f1efeb5557a99e3a4d4486452025eb02a61a36d12c91ed4555d39db87fc17586b4555a46813447c891e8e51dd222db2420ddc806b78566600467b4890b80218a82f9d06d9ab92a83e22290dd711bf541ae69f5b4d3f159227963cf753a1099f53652caef4c92a1f9627ac572cb78b965918c8bbe8eff7a293db4bc75bef3bd2f4e9477c4aba6cfb26b5c0befd71c1a112cb0ce565f1d4b9efa0a521294404ab1d1e77398c84881ba23d7d036bd3c46106f2f7bb2245946a941c72ede76b1e526b0815ea2c2e88520db2a328e7ea67430df6aac473a3106440d453375268829e81f753a3950f8b8517a14e0df6ae14e8caa368a33f9f04269df3f9e8bad36f88f1785a43b29ce88e4cf1fd0084f2065854bb741a68cf695722d9d91d1f0b72c0716ad858b5bb314af5fb047cb73797157ad597414f83a65bc0e78f33a041194380842ab683ae28a6b0d37381d25a8a7ad76883362045a9cacd15a659c95ac07da26d097ea00e9cdfc367fb2de6bee18f65ab202d37c1657c9577bb4b99e39542cadf9a70e79860fdee387e1415a8bc658e1bb010b1ab7a7f55e7667a2c3863ff81edf5b92ee996a87c3bad461cf8e11d3ea942bc16d1c37ec912da20cd1dd9d8520cc245130346293087f95df0707341436810a8ab50239a6c522faaf70edcc8c2b54930cb0ea4fae1eaf196cd3cf9cbd46efdfb416a2027429118af5e5636c99a650cb302906fb2b8fec61cfede178c9eb3be62e611f76e4ca521347a1479de0bf97707220176d1644df832b9439fd3926a80fdb0250c5099547eb49402b262a3556539cc12661609d3e2fc0d0d728d69485062e47c71927dbee19b607a46d999d62dd8b0ca294e9f0579f85c281afaef45da1c47ced2e23cfd43832a0e074cc4cb4f98408c3dee9b23d9987dc7a5d750975ff5e93dfe714459810ecc27c164851b1299cc5443b8a18ee53d9bdb8c8ee6114932e8447bbe3ea922f0e7268834825b58477540f159967579f6e858a432e11ac8bb351aa5d9f48c5f454d2c43682a9ae45b53185b5a502d012d1cc8bfef93dfaabf329fc8949b871c1aead1d806ea4ba87a7fc975d254cfa4748312b73dbc82202ef896fb03cf3becad881d208284b4adda917e740510efde191ee16787c4a6cdfaba3265c7b5c7755aab3be221cae61e15fd4bba23f1d7626552b8eb7d161bf8a4c8c0490419f3bc9ddf7c866405c38c130fdcface846acf669d66d2ab850de086a81a214c18682288f3dee88c55b7ae8fc78909d8dd3169facab11382226c1c9f1bf6e80ec61a5789d9870b266b8b5dd3a411e4bf44b7eb535946a298cd185142df661f00ce47e8ae986c593eebef9ff94175143f1639d719bfd8b5edefa2888008eabd96d151b113ea7d9b6f127b8ba04396088402729074fe0991c173eaab95f6dd87a131b6a72d6570b831dd8988c998c93834d048dd3903cbff16a02d07bf5c33384ef53ee061926ceb094a8ec733223eb03b9bc899dd1dfb6e73ea955d493ab518e057408ac527ebaa3a3d0de788f95f3d57a2a76e428794f7b680c8e15f802d62fcc50a86b0bb997285e212cf0b3538830202d010bb6bf7092527b4367234f73b3773b5af498b1734de950c1512982efb959a009adbdc93a27af6d6a55eb4d3d9932d4be60e0d7d23c6e78795d8a1721ce1d2b91664874c14746ecbfe324025b4626e26534bdda0203c6eeaf1021d08a4be16483034c6a3573884c60be7c82467413c69ccf117c7158ab93f4ad91c46c948caaaea3edb8054fc06627174ee42075ced83716c9cbf6e26ec967477ea4a86393026e442f8f20f9e4316cc710e047776ee0349b45f8c007161f8648cf04d9cdeb46f25d8ba36afdc24033a0c4dd808b4b7eb0de7096163891ecef0b051861f691d687d978dd7db3e09d7cd2a18c1f3c8eeceb249246f9bd2022943612905ffc7bc698f19d372d73f080231c7a2304c423def8da8c89c798de9c59ec7e0b90c5c2741cece2ae29ef98552f6cf450de6a16d0f6b4617beb56d6104fca29a6f07db7a9fb148c6f8fa39e2e03c6ea8fa7626e58f46f5e10da02a47eadefe0f4ae448dd3d9ce0b2a04ba54a5f71992c4e44bd1648c13403af3face03355d360c1fd3482a66487b23b5937e6c5ce56cff4459f632234c3c5e6a6b08754461596d2f15c04c8e6daa33f583b3f3de953de095b447118c57caf5230eb7dd3000de622439db0b51cf99d1579e023fa886d67bde47e307573104655a5b257bfb38da2566c1b27586ffbe0ab22e773ba54f78de937411fb485d3184609a8c792a155f350f6c411bbf7c61513764c0f19e89fa46144e4f6acdb2176ce7c11bddf356406526bd80ad7cc9ba437005423470ed97d099963aca216f6a9d52ccc076cdbf02e72559948cb51e2db0f75462642647ccffd6bcce601407ce2497edc4ca1eb61a72bfc7907064aa2ecea32c7ee7e5d13f54a7267fe7c8717f7f78ee0b15f6219c817d3eecdb114add7a62a267395821aa73a652a7068b461f4d5f230cf8c9e7fd8ece618488986bc0fda6b158c7596963b5b356f825814b48ac37bc7262040065c72b7718cb15d9c1ff68ac5b189cad8325d7370077db634c0b290231f6ec3a4a43106af292aa45e909b51bc14d924a1cfa9a349aea8b4fcab5ec21f7de8224f321412677804078ed517d45ccf9403bf6a6ad7d4d75b7057422584e8446396d8ed314ff9442c85956816aaa024f7db833c1f1723c318bec5fd17b01f2323f7605f8c62b6cc1a49a4ce851326a3d496f4b2124b34580b14765276e1777f79a39d72bfc52826751b23efb97876de8e798da1e37e2a6884bf134f66781c9d7d364dccf1a699a9cd4ab20a96f10433b81eb727beb940fe28f72c5c9d138b3b60481c89af15efba31b17b5aff1fe5210bfb476a5f13dba79f7f67b9b004a3005b73a5d12f9412ad2f48d764d678b626a7c96c44a13fddba5df5514b4fa37af9075d2baa2f81f6266c05786019fa86e8edb59398e9d069c15dee6a35475bd9006aeecb74c105a8128583683c038a015d673c00489d6893804d70a6d10603523fdf91f9d1be088899e4550d6ccc05b8e2dcd10e96c1bf706ec73ccbeb0dc8f25fe8757dd9982a4e7c23049f712fff33d9781b855986dd826b51fd51ead82deac9453a8a45b8e66cf05fc13999c8c2e091580947fec7a4bbd4f19681f26bdb365613e27fe00dbb89022520534a4fbaab539c46b3476665434bc0b3f487376308711fb84d297d58020c401bd23bc1d349ddafed0819e56bfbe10aae93b4c9cb6c871c7d927356d81ad1e2426c51ec87e3216d7f68f05387928f244740cee3b73a0588c1917428800d8ecefbcd07757617007b11f4660f5a026edace0a4e625aca03875d9e708f0228f34809fe44906cd85ea6f12a16aa209800274a1e2ba7dab0219d6d9883000ee544ddd990ad6bcbb4dbfaa7c447553e1006501925bffcef2517a671754f9d70d89b1315dd674cc9edcb848a35278ce1c8f7212fbfee333f7d1c0bc75d996bfe458662e0c279bf24ed7eccf494f51d9dbdc860a7135f2eb107543830f6893ec0f8e85a86fea89d0bf02e31972e8f07218e91b0fb1d7b0a6eedcf4b0ca64fba1d216d85658279aa5e06dd08047a6f74b1a01d20c66e592d4942b3713d6fc7df0d92610c2e8e5d3d4099eb009a1f75e18130af80f581c2c9f9155057ab3c6a96ed316fd9d651d7bff7fae2243fe9403d697e3685fb585a2af0b18758879ba37bff0434204628f96e477bc5fedeb7ed845aa9b872bfc3be49436d33c24cc249babcddb7490ebee4a46df167faf9b239b2ddb9433a3f24e040d6b4cc292641f3c95b547c0bc8893faa73d802dd4a1a6f20073236897d5b14c315ca48ba4fff063d34f45e7a896bc378348ce4581c1feaf20f7e82f719c1d87d1164bd10b6d6530d9627a22d6e03df64d793e42536c7c838bf3fb01516720c719f5bd893af70c6b945ada1a6406c4d6a3e4865dad0562d2d3c88836ae7406aa785175c07824a2355d1b20fde6a50371c1ddaaaccc93c277c9ae293f79e10fa386396bddd708a1d317a8355dfe44fc18d655cb1a71af292cfea38f223ce6d893ac8691a9a716966983f75be4268371a2d64ce616460a1811f67e00ed2c3fae2b4cade883391421eb5af3c9bfadf01b0362c64caa33b4d15d14d4bf20e99cd92abde637a298c6deab9c05c884f07469a6667e72fde2d8c414ddbca3f4a0616eb8a64876f506bba996148fa8a3077c1eb719b647149d4569926c5352ba888b5039e38661a51e09f1ff9e7445c6c97c72d9431ed6f64e50e3b811d9c77cb432df0ce89ff4a55aa865539115a42d5f28dbec65f5ad062d8d70da8823ccec1563eaf7ce74a542d3869c22b72b2eb743d510f9f94f3e440ac8757c1139a12a6f1b97ef8237202ebc3427ae865833d1af636be062881c854fc0f814eb01c4450fd5f4a306b34a7ce4d6abcaff157ce67a63817d74195711f14d0ee18484ca684b0b1646370284f9ec428809ea1d8ec3d612138335ea5df22431733aff65ebd917ca1dbb95b8ccc75ef95d40302ad15d850618d9aa6c097ba02dc9b4437f6e2839751619b27ff3fb779c0f840520fea7562ff7533063a763e18594ee41b016d4a04360b3eeedf36ce0c2e0156048c8e2a577d69618f906104041a51eda33a8e9b9188080458fe1685a6d8d786e589a8404472d874a69ccc846009a65c7b47d3b0310740d490a8152051df0432acd0b", 0x1000}, {&(0x7f0000004a00)="9b6d409cba2603d136bc1aa05ba053605de10f452049b26ff84fde8b5b770aac12e569c079749a38b8b2a182598539d02a84d62012577c5c2b8d6fc61b284bd3ac97878c10f78147a87e92874b2a5b800df9cfe9d9cf3593826bfca482b00d4f7dd723e2af508dafba52b7145c08a5e5b599bca0c834fbc6048ae335c2ea1d14e3f31061d33e7787255be3c04d0d445d9ac45f3b16b09236964dac9f6495acab18ed669896390690ae0602050e2be7055b430019e6e1780270efe10b70c4c5bb47c3793a982620b21ff5ea2068b17f7fa2", 0xd1}, {&(0x7f0000004b00)="9b9fd71eed4124a3b7995d23bee7ffb88dc3401f826a34114d3ae57300d3cfc05ed384ef97aff5705885b822c88ec4901e1e986fb05d977c889401d30a7ef4a141d82ff4d0d5315f67241cc639a100", 0x4f}], 0x6, &(0x7f0000004ec0)=[@rights={{0x1c, 0x1, 0x1, [r0, r0, r0]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, r0, r0, r0, r0, r0, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [r0]}}, @rights={{0x2c, 0x1, 0x1, [r0, 0xffffffffffffffff, r0, r0, 0xffffffffffffffff, 0xffffffffffffffff, r0]}}], 0xd8, 0x20000440}}, {{&(0x7f0000004fc0)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000005180)=[{&(0x7f0000005040)="c6a46ca94077b7515f00bca0e5acbc8a01487ebfabf8b886829b800b15c0542715001d9a15329f3b1f3236e150ad80996ecaf2944530f69206d1177520a516b7029c72d6863e4f83797e45d9d6106dc9c24b535cb78816385d7263ee80cf2528779d2761a308fd2dba950e56a68d995ea0a9c520c74a1d589c42c908c0e3cfd009b310db4ef114de1db1006e6e300e11deacae6ce872139989a10715374ec073a643fb854636bda48eb45f9142a8affe0f8058ab41c4c224ab9b6b675cc356cc39d592b0e797ba1a6e9b0d33c7de08", 0xcf}, {&(0x7f0000005140)="0ea697ad589e82c78689", 0xa}], 0x2, &(0x7f00000052c0)=[@rights={{0x24, 0x1, 0x1, [r0, 0xffffffffffffffff, 0xffffffffffffffff, r0, r0]}}, @rights={{0x20, 0x1, 0x1, [r0, 0xffffffffffffffff, r0, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [r0, r0, r0, r0, r0, r0, 0xffffffffffffffff]}}], 0x78, 0x2400c890}}], 0x4, 0x10)

15.082835276s ago: executing program 6 (id=4041):
socket$alg(0x26, 0x5, 0x0)
socket(0xa, 0x5, 0x0)
r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x0, 0x20000820)
recvmmsg(0xffffffffffffffff, &(0x7f0000000880)=[{{&(0x7f00000000c0)=@rc, 0x80, &(0x7f0000000140)=[{&(0x7f0000000300)=""/176, 0xb0}, {&(0x7f0000000940)=""/109, 0x6d}], 0x2, &(0x7f00000003c0)=""/99, 0x63}, 0x8}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000440)=""/117, 0x75}, {&(0x7f00000004c0)=""/137, 0x89}], 0x2}, 0x8}, {{&(0x7f00000005c0)=@qipcrtr, 0x80, &(0x7f0000000740)=[{&(0x7f0000000640)=""/137, 0x89}, {&(0x7f0000000700)=""/61, 0x3d}], 0x2, &(0x7f0000000780)=""/196, 0xc4}, 0x6}], 0x3, 0x10002, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000180)={0x0, 0x0, 0x80000, 0x0, <r4=>0xffffffffffffffff})
fcntl$getownex(r4, 0x10, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
shutdown(r5, 0x240)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r6, 0x100000000)
add_key$fscrypt_provisioning(&(0x7f0000002240), 0x0, 0x0, 0x0, 0xfffffffffffffffb)
ioctl$TCFLSH(r4, 0x400455c8, 0x1)
mremap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f00003eb000/0x1000)=nil)
syz_80211_inject_frame(&(0x7f00000002c0), 0x0, 0x0)
syz_usb_ep_write(r0, 0x81, 0x8, &(0x7f0000000080)="00012c615bc20000")
r7 = fsopen(&(0x7f00000001c0)='ocfs2_dlmfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
fsmount(r7, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r7, 0x7, 0x0, 0x0, 0x0)

13.407123056s ago: executing program 5 (id=4048):
r0 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(r2, 0x0, 0x0, 0xfffffe04, 0x1)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r3, 0x0, 0xa}, 0x18)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r5, 0xc048aeca, &(0x7f0000000080))
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448ca, 0x0)
rseq(0x0, 0x0, 0x0, 0x300)
setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @mcast1}, {0xa, 0x0, 0x0, @empty}}, 0x5c)

12.568876632s ago: executing program 1 (id=4052):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getrlimit(0x5, &(0x7f00000005c0))
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000580)={'veth1_to_bond\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r1, r3, 0x25, 0x4}, 0x14)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r4=>r0, {0x9}}, './file0/file0\x00'})
r5 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0)
unlinkat(r5, &(0x7f00000000c0)='./control\x00', 0x200)
r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000240)={0xffffffffffffffff, 0x9, 0x18}, 0xc)
r7 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000002c0)={0xffffffffffffffff, 0x5, 0x18}, 0xc)
r8 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r8, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c8098000"})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r8, 0xc0285700, &(0x7f0000000140)={0xfff, "711cf65998d09ba01233c4601b021d06f376bcdc75d21971706498fad99a57b9"})
ioctl$SW_SYNC_IOC_INC(r8, 0x40045701, &(0x7f0000000280)=0x8000)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{0x1, <r9=>0xffffffffffffffff}, &(0x7f0000000300), &(0x7f0000000340)=r0}, 0x20)
r10 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r10, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r11=>0x0})
ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r10, 0x3b87, &(0x7f0000000100)={0x18, 0x1, 0x0, 0x0, r11})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r10, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r11})
ioctl$IOMMU_IOAS_MAP$PAGES(r10, 0x3b85, &(0x7f0000000340)={0x28, 0x7, r11, 0x0, &(0x7f0000c6c000/0x2000)=nil, 0x2000, 0x1004000})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x9, 0x2, &(0x7f00000000c0)=@raw=[@jmp={0x5, 0x0, 0x1, 0x2, 0x6, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x4a}], &(0x7f0000000100)='GPL\x00', 0x9, 0x6, &(0x7f0000000180)=""/6, 0x41100, 0x30, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x0, 0x10, &(0x7f00000001c0)={0x0, 0x4, 0xff}, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0)=[r4, 0x1, r5, r6, 0xffffffffffffffff, r7, r9], &(0x7f0000000400)=[{0x0, 0x5, 0x4, 0x5}, {0x4, 0x1, 0xf, 0x6}, {0x3, 0x5, 0x4, 0x2}], 0x10, 0x1}, 0x94)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r12=>0xffffffffffffffff, <r13=>0xffffffffffffffff})
connect$unix(r12, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r13, 0x0, 0x0, 0x0)
recvmmsg(r12, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

9.246105997s ago: executing program 2 (id=4055):
rseq(&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x2004000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f00000001c0)={0x2, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff008}, {0x6}]}, 0x10)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000ec0)={'batadv0\x00', <r5=>0x0})
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r4, &(0x7f0000000400)={0x0, 0x20, &(0x7f00000003c0)={&(0x7f0000000440)={0x1c, r6, 0x303, 0x0, 0xfffffffc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
unshare(0x22020600)
r7 = mq_open(&(0x7f0000000480)='!selinuxwk1\x1f\xd0m\xc3\x7f9\xc9\x9e*\rT\x93\xfd\xe2\x91\xef\xaa\x16#j\x97\x8f\xbc\xdeY\x0f\xcc\xc5mV\xcb\x15vm(p\xc9-QZ#\xd2{\x84\xbf\x06\x00\x00\xd9', 0x40, 0x104, 0x0)
finit_module(r7, 0x0, 0x0)

9.05243732s ago: executing program 1 (id=4056):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@ipv6_delroute={0x30, 0x19, 0x10, 0x70bd28, 0x25dfdbfe, {0xa, 0x10, 0x80, 0x6, 0xfc, 0x3, 0xc8, 0x5, 0x1000}, [@RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @LWTUNNEL_IP6_FLAGS={0x6, 0x6, 0x58}}, @RTA_PREF={0x5, 0x14, 0x7}]}, 0x30}, 0x1, 0x0, 0x0, 0x48084}, 0x40)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="701500003c0007010300000000000000047c0000040042800c00018016000600843b00004c1502"], 0x1570}, 0x1, 0x0, 0x0, 0x20000000}, 0xc800)

8.198902483s ago: executing program 2 (id=4057):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000080)={0x0, 0x69}, 0x1)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="0403a023"], 0xe)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x43, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x3, 0x0, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_io_uring_setup(0x82e, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xd, &(0x7f0000000140)={0x7, 0x5e}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000004340)=""/102376, 0x18fe8)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = socket(0x2, 0x3, 0xff)
sendmsg$NL80211_CMD_JOIN_OCB(r3, &(0x7f0000000580)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000500)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x4004)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
getpid()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f000001ebc0), 0x0, 0x303, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x15)
timer_settime(0x0, 0x0, &(0x7f00000002c0)={{}, {0x77359400}}, &(0x7f0000000480))
ioctl$TCSETS(r4, 0x80204705, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400004, 0x14, "3eccd8000000000000000040000000040100"})
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
bind$alg(r4, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha1\x00'}, 0x58)

8.182501082s ago: executing program 6 (id=4058):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f00000014c0)={0x2, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x2, 0x18, 0x4, 0x0, 0xc, 0x0, 0x80ffffff, 0x0, [@sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e23, 0x34, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, 0x8}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4e24, 0xfffffff1, @empty, 0x7}}]}, 0x60}}, 0x0)

8.016452192s ago: executing program 6 (id=4059):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$FITHAW(r1, 0xc0045878)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000380), 0x680800, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x60240)
r6 = epoll_create(0x101)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, &(0x7f00000001c0)={{@local, 0x2}, @local, 0x4, 0xfffffffffffffffc, 0xe, 0xff, 0xffff, 0x400, 0x8})
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000080)={0x40000014})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x38}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
syz_clone3(&(0x7f00000004c0)={0x11010280, &(0x7f00000000c0), &(0x7f0000000240), &(0x7f0000000280)=<r8=>0x0, {0x36}, &(0x7f0000001100)=""/4096, 0x1000, &(0x7f00000003c0)=""/199, &(0x7f00000002c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0], 0x6}, 0x58)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000540)={0x0, <r9=>0x0}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000740)='/proc/partitions\x00', 0x0, 0x0)
setsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000600)={r8, r9, 0xffffffffffffffff}, 0xc)
r10 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_SEND_PRIO(r10, 0x6b, 0x3, &(0x7f0000000840), &(0x7f0000000880)=0x4)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x30, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x8}, [@IFLA_GROUP={0x8}, @IFLA_TXQLEN={0x8, 0xd, 0x1}]}, 0x30}}, 0x0)

8.007203751s ago: executing program 1 (id=4060):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x3, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xfffffffffffffd63}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
unlink(0x0)
r4 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0)
r5 = socket$pptp(0x18, 0x1, 0x2)
setsockopt(r5, 0xfffffffe, 0xcc, &(0x7f0000000300)="ba5746bd702db8369f1f11ade7825c538cb388fc610c81b9e258b4488467a87c9bb994cad512338699559fca99d923c5c5a7a5aaf42c47f32b39512fbff612ed9969e2743f9743096107760cee138deadc419e09566f22048770a1e7d55231481eb32653e1f317a97cbb85c5cd49aa11743600bd32fffe6ded0fbd2b844bebdaad5a74a089197db584872a07579cd0dc398701d8ae6ec11f", 0x98)
ioctl$I2C_SMBUS(r4, 0x720, &(0x7f0000000000)={0x0, 0x0, 0x3, &(0x7f00000000c0)={0x19, "90f50180e64f61909103f1fbbc2b81c9f144d76e44c700100000e52829e7cb8393"}})
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007911a800000000003f74fdc346f357989500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f00000004c0)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94)
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r7, &(0x7f0000007580)={0x0, 0x0, &(0x7f0000007540)={&(0x7f0000000000)={0x44, r6, 0x1, 0x70bd25, 0x25dfdc00, {}, [@IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bridge_slave_0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x1661}]}]}, 0x44}}, 0x48040)

7.46681772s ago: executing program 5 (id=4061):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3a, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0xc, 0x100}, 0x0)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000140)=@assoc_value, 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0x191, 0x78, 0xa0, 0x3f, 0x32, 0x1c0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x1, 0x1, 0x0, 0xfffffffd, 0x0, 0x8, 0x4, 0x0, 0x2, 0xa})
ioctl$FBIOGETCMAP(r0, 0x4604, &(0x7f0000000200)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
pread64(0xffffffffffffffff, 0x0, 0x0, 0xc2a)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r2 = epoll_create(0x2)
r3 = socket(0x1, 0x1, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f00000000c0)={0x80000000})
r4 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r4, r4, 0x7, r3, &(0x7f0000000140)={r2, r3})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'ecryptfs', 0x20, 'user:', '}@^/!-{', 0x20, 0x400}, 0x2f, 0xfffffffffffffffc)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f000001b700)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x44, 0x30, 0x1, 0x0, 0x0, {}, [{0x30, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)

6.128960627s ago: executing program 5 (id=4062):
r0 = syz_usb_connect(0x0, 0x4a, 0x0, 0x0)
openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r5 = creat(&(0x7f0000000580)='./file1\x00', 0x0)
r6 = fanotify_init(0xf00, 0x1)
fanotify_mark(r6, 0x105, 0x40009975, r5, 0x0)
fallocate(r4, 0x0, 0x1000000, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r4, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x1244, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_BSS(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)={0x24, r8, 0x1, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_BSS_CTS_PROT={0x5, 0x1c, 0x4d}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x4004084)

5.958525977s ago: executing program 4 (id=4063):
r0 = fanotify_init(0x0, 0x80000) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r2 = socket$inet6(0xa, 0x80002, 0x0) (async)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000100)) (async)
connect$inet6(r2, &(0x7f0000000240)={0xa, 0x0, 0x40, @mcast2, 0x2}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}}], 0x1, 0x0) (async)
write$tun(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400f5ff"], 0xfdef) (async)
r4 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000040)={@loopback, 0x800, 0x0, 0x2, 0x0, 0x7}, 0x20) (async)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x1b, "0076ba7d82000000002708000000f7ff6fd800"}) (async)
r6 = syz_open_pts(r5, 0x761600)
r7 = dup(r6) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) (async, rerun: 64)
r8 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000240), 0x22601, 0x0) (rerun: 64)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r8, 0xc0285700, &(0x7f0000000000)={0x2, "94c492eb0165203d36bec70800890100000000000000e1100a0000005900", <r9=>0xffffffffffffffff})
r10 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESOCT=r9, @ANYBLOB=',wfdno=', @ANYRESHEX=r10]) (async)
fanotify_mark(r0, 0x1, 0x40001012, r7, 0x0)
recvmsg$inet_nvme(r7, &(0x7f0000000580)={&(0x7f0000000080), 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)=""/83, 0x53}, {&(0x7f0000000280)=""/211, 0xd3}, {&(0x7f0000000200)=""/40, 0x28}, {&(0x7f0000000380)=""/18, 0x12}, {&(0x7f00000003c0)=""/195, 0xc3}], 0x5, &(0x7f0000000540)=""/7, 0x7}, 0x100)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

4.826934027s ago: executing program 1 (id=4064):
r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd2)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
close(r0)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x1a1)
fcntl$setlease(r2, 0x400, 0x1)
execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[], &(0x7f0000000140)='syzkaller\x00'}, 0x94)
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00')
preadv(r4, &(0x7f00000014c0)=[{&(0x7f0000000280)=""/191, 0xbf}], 0x1, 0x4a9a8af7, 0x0)
r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
accept$netrom(r5, &(0x7f0000000180)={{0x3, @null}, [@rose, @default, @null, @netrom, @remote, @default, @bcast, @bcast]}, &(0x7f0000000000)=0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000500)=ANY=[@ANYBLOB="1201000000000008fc0d020100000000000109022d00010000c005090400008103000000092100001001220700090581030002080a11090502"], 0x0)
r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0)
write$dsp(r6, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r6, 0x5001, 0x0)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)

4.826518098s ago: executing program 6 (id=4065):
keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0x0, 0x9e0eadae347b960d)
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b10009058205"], 0x0)
fsopen(&(0x7f0000000000)='ceph\x00', 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
write$tun(r0, &(0x7f00000002c0)={@val={0x0, 0x6006}, @val={0x1, 0x5, 0x7, 0xffff, 0x80, 0x6}, @ipv4=@gre={{0x5, 0x4, 0x2, 0x1, 0x7b, 0x64, 0x0, 0xd, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010102}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x0, 0x2}, {0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x86dd, [], "88679c39"}, {0x8, 0x88be, 0x4, {{0x3, 0x1, 0x10, 0x1, 0x0, 0x1, 0x2, 0x5}, 0x1, {0x1}}}, {0x8, 0x22eb, 0x3, {{0x8, 0x2, 0x2, 0x1, 0x0, 0x0, 0x1, 0x9}, 0x2, {0x401, 0x9, 0x3, 0x6, 0x1, 0x1, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x1, "c89df4e90dc05f773aaf453384c14238696fdfe2aaa57ef66a8a6b18646685"}}}}, 0x89)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r1, &(0x7f00000002c0)=""/91, 0x5b)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0)
readv(r2, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0xfdef}], 0x1)
ioctl$TCSETS(r2, 0x40045431, 0x0)
dup3(0xffffffffffffffff, r2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r5 = memfd_create(&(0x7f0000000080)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea\x7f\x8cZ7`_4t\xcda\x9b\x11\x11\x0e\xa1\xcf\x00'/51, 0x2)
ftruncate(r5, 0x1000006)
fcntl$addseals(r5, 0x409, 0x7)
ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000000)={r5, 0x0, 0x0, 0x1000000})

4.783222859s ago: executing program 4 (id=4066):
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x20000)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000300), 0x1c3902, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c0000001d00070f000000000000000007000000", @ANYRES32=r3, @ANYBLOB="00005200060005000100000008000800", @ANYBLOB="c51d3c7b98"], 0x2c}, 0x1, 0x0, 0x0, 0x8080}, 0x20008000)
fchdir(r1)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x28, r5, 0x1, 0x4, 0x1, {}, [@IPVS_CMD_ATTR_DAEMON={0x14, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x48c1}, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r2, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000400)={&(0x7f0000000480)={0x68, r5, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e23}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x9}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e23}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4054}, 0x4040800)
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x0)
mount(&(0x7f0000000440)=@nullb, &(0x7f0000000300)='./cgroup\x00', &(0x7f00000001c0)='hfs\x00', 0x200480, 0x0)

4.73514341s ago: executing program 4 (id=4067):
r0 = socket$inet6_udp(0xa, 0x2, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) (async)
getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x1, 0x0, &(0x7f00000010c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = add_key$keyring(&(0x7f0000000040), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffa)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, 0xffffffffffffffff, 0x22) (async)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="4400000000000000000000000000000000000000c52ec9f24f5786f39baac2e7f61063f2abca88041fd6f416a43d5a7530d6244bb6cb013ba0d66dc41fc4c0ffa217fa4143a32e94a5eae74a04c980656a08263087cca002d09e5157604c2850ca59fdebd0beecafa97621a9535985b09886a4799388a571d03000116e8e9d68a540d6454f57e9e2109c30dd30cdd550dfc6004781bc324993009e7a25f4cb1363b832f36a1758d0600b76965d53dfb9373fa37d499a7bee84bbdb3920", @ANYRES32=0x0, @ANYBLOB="60bc010004a701002400128009000100626f6e64000000001400028008000700020000000800030008000000"], 0x44}, 0x1, 0x0, 0x0, 0x11}, 0x4040044) (async)
bpf$TOKEN_CREATE(0x24, &(0x7f00000003c0)={0x0, r3}, 0x8)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
syz_open_dev$video(&(0x7f0000000280), 0xbe, 0x20000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) (async)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000000)={'virt_wifi0\x00', &(0x7f0000002fc0)=@ethtool_coalesce={0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) (async)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1b0007cd2d7f8ff571940000e200040000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50) (async)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) (async)
r8 = openat$khugepaged_scan(0xffffff9c, &(0x7f0000000200), 0x1, 0x0)
write$khugepaged_scan(r8, &(0x7f0000000080), 0x8)

4.546986466s ago: executing program 4 (id=4068):
socket(0xb, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x10, &(0x7f0000000a00)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@call={0x85, 0x0, 0x0, 0x23}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
r3 = syz_open_procfs(0x0, &(0x7f0000000400)='map_files\x00')
getdents(r3, &(0x7f0000000000)=""/42, 0x2a)
getdents64(r3, &(0x7f0000000080)=""/147, 0x93)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
socket(0x10, 0x80002, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdir(0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r6 = socket$inet(0x2, 0x2, 0x0)
mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1)
setsockopt$inet_mreqn(r6, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r7 = socket$netlink(0x10, 0x3, 0x0)
writev(r7, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r7, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
r8 = socket$inet(0x2, 0x5, 0x0)
setsockopt$inet_mreqn(r8, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)

4.399471788s ago: executing program 2 (id=4069):
openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x2a100, 0x0)
syz_80211_join_ibss(0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000040)=0x272)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000140))
r3 = gettid()
sched_setscheduler(r3, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x64, &(0x7f0000000040), 0x4)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2001, 0x0)
r5 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r5, 0x11, 0x67, &(0x7f0000000200)=0x3, 0x4)
r6 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r6, 0xc4c85513, &(0x7f0000000b00)={{0x2}, 0x0, [0x400000, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x8, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xc6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x81, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x8838, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x3, 0x800000000000000, 0x20000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7, 0x0, 0x40, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x1000000000000, 0x0, 0x0, 0x0, 0x8, 0x1, 0x0, 0x0, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x9]})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000003000), r7)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c)
sendmmsg$inet6(r5, 0x0, 0x0, 0x4001c00)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0x5, &(0x7f0000000040)=0xa8, 0x4)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4)
socket$nl_generic(0x10, 0x3, 0x10)

3.612873837s ago: executing program 4 (id=4070):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='bridge0\x00', 0x10)
syz_io_uring_setup(0x24fa, &(0x7f0000000b80)={0x0, 0x0, 0x10100, 0x0, 0x33a}, &(0x7f0000000300)=<r1=>0x0, &(0x7f0000000240)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x20012062, 0x1})
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000004, 0x50153, 0xffffffffffffffff, 0x10000000)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
write(r5, &(0x7f0000000340), 0x11000)
r6 = syz_io_uring_setup(0x6de4, &(0x7f0000000180)={0x0, 0x113a, 0x2, 0x2}, &(0x7f00000000c0), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_BUFFERS2(r6, 0xf, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000100)=@IORING_OP_MKDIRAT={0x25, 0x1c, 0x0, r5, 0x0, &(0x7f00000000c0)='./file0\x00', 0x40, 0x0, 0x1})
ioctl$EXT4_IOC_SETFSUUID(r5, 0x4008662c, &(0x7f00000002c0)={0x0, 0x0, "cbfc94a424fa537b96aa2c564442e33b"})
sendto$inet(r0, &(0x7f0000000040)="255f5a03204f8e0b", 0xdd86, 0x804, &(0x7f0000000080)={0x2, 0x4e22, @multicast1=0xe000000d}, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0xa78, r7, 0x4}, 0x38)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x48, r8, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x83}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x667}, @NL80211_ATTR_STA_WME={0xc, 0x81, [@NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0xff}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x24000012}, 0x4814)
ioctl$PTP_PIN_GETFUNC2(r4, 0xc0603d0f, &(0x7f0000000340)={'\x00', 0x8, 0x1, 0x4})
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_RADAR_DETECT(r10, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2040000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x3c, r8, 0x10, 0x70bd25, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x980}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x81}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2a}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x12}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24000880}, 0x4000)

3.285190311s ago: executing program 1 (id=4071):
r0 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(r2, 0x0, 0x0, 0xfffffe04, 0x1)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r3, 0x0, 0xa}, 0x18)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r5, 0xc048aeca, &(0x7f0000000080))
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448ca, 0x0)
rseq(0x0, 0x0, 0x0, 0x300)
setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @mcast1}, {0xa, 0x0, 0x0, @empty}}, 0x5c)

3.005833394s ago: executing program 5 (id=4072):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x9, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_DELETE(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x2, 0x2, 0x301, 0x0, 0x0, {0x2, 0x0, 0x9}}, 0x14}, 0x1, 0x0, 0x0, 0x140040c4}, 0x40000)

2.240962588s ago: executing program 4 (id=4073):
bind$packet(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000240)={[&(0x7f00000000c0)='=\x8d5\x10\xe4\x00\bj\xfb', &(0x7f0000000080)='=\x8d5\x10\xe4\x00\bj\xfb']})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wg2\x00'})
r2 = syz_pidfd_open(0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x20)
migrate_pages(0x0, 0x8, &(0x7f0000000300)=0x8, &(0x7f0000000340)=0x5)
preadv(r3, &(0x7f0000001b00)=[{&(0x7f00000009c0)=""/239, 0xef}], 0x1, 0x2, 0x0)
mkdirat(r3, &(0x7f0000000440)='./file0\x00', 0x45)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = syz_open_dev$video(&(0x7f0000000040), 0x8000000000000003, 0x16b142)
ioctl$VIDIOC_S_FMT(r5, 0xc0d05640, &(0x7f0000000340)={0x9, @vbi={0x7, 0x5, 0x24a2, 0x34363248, [0x7fffffff, 0x10001], [0xa, 0x3], 0x1}})
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x40}}, 0x4000800)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
ioctl$BTRFS_IOC_ADD_DEV(r2, 0xff08, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x140, 0x0)
close(r7)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r8)
sendmsg$TIPC_CMD_ENABLE_BEARER(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})

2.232492872s ago: executing program 5 (id=4074):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x10}}, 0x2}, 0x1c)
r1 = userfaultfd(0x1)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa07, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_open_dev$midi(0x0, 0x3, 0x88c02)
connect$inet6(r0, 0x0, 0x0)
r3 = fcntl$dupfd(r0, 0x0, r0)
sendmsg$NL80211_CMD_ADD_TX_TS(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000005c0)={0x14, 0x0, 0x100, 0x70bd28, 0x25dfdbff, {{}, {@void, @void}}}, 0x14}}, 0x4801)
syz_genetlink_get_family_id$SEG6(&(0x7f00000002c0), r0)
r4 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000400)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write(r4, 0x1, 0x0, 0x0)

1.786866437s ago: executing program 2 (id=4075):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$ttynull(0xffffffffffffff9c, 0x0, 0x141440, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x10}}, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@broadcast, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x9000000)

932.475724ms ago: executing program 2 (id=4076):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket(0x23, 0x1, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(r1, &(0x7f0000000400)='ns\x00')
sched_rr_get_interval(r1, &(0x7f0000000080))
getpgid(r1)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00')
r3 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r3, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
setsockopt$RDS_CANCEL_SENT_TO(r3, 0x114, 0x1, 0x0, 0x0)
mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x6002, &(0x7f0000000040)=0x3, 0x4, 0x0)
read$FUSE(r2, &(0x7f000000ae80)={0x2020}, 0x2020)
kexec_load(0x1, 0x1, &(0x7f0000000140)=[{0x0, 0x0, 0x2c}], 0x0)
socket$netlink(0x10, 0x3, 0x0)

373.365229ms ago: executing program 1 (id=4077):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x9, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_io_uring_submit(0x0, 0x0, 0x0)
ioctl$FBIOPUTCMAP(0xffffffffffffffff, 0x4605, &(0x7f0000000140)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xc, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r2 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
r3 = openat$autofs(0xffffffffffffff9c, 0x0, 0x204000, 0x0)
syz_init_net_socket$ax25(0x3, 0x3, 0xf0)
setpriority(0x0, 0x0, 0x2a14b58)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='smaps_rollup\x00')
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0200000000000000060000000500000000100000", @ANYRES32, @ANYBLOB="0100330300000000000000000000000000000000476d6592383a2f51d43ce77f", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
close(0x3)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000107000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r5, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000240)={0x1, 0x0, &(0x7f0000000340)=""/212, &(0x7f00000000c0)=""/95, &(0x7f00000001c0)=""/38, 0xeeee8000})
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)

2.495123ms ago: executing program 5 (id=4078):
syz_open_procfs(0x0, &(0x7f0000000040)='net/rt_cache\x00')
r0 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r3, 0x0, 0x32, &(0x7f0000000f00)=0x1000000, 0x4)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'veth0_macvtap\x00', <r4=>0x0})
sendmmsg$inet(r3, &(0x7f0000002240)=[{{&(0x7f0000000040)={0x2, 0x4e20, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000180)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @local, @loopback}}}], 0x20}}], 0x1, 0x0)
r5 = socket(0x10, 0x803, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x10, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xc, 0x8, 0x7fffffffffffffff}]}}]}, 0x40}}, 0x0)
sendmsg$nl_route(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=@getnexthop={0x4c, 0x6a, 0x800, 0x70bd28, 0x25dfdbfb, {}, [@NHA_FDB={0x4}, @NHA_MASTER={0x8, 0xa, 0x1}, @NHA_GROUPS={0x4}, @NHA_OIF={0x8, 0x5, r4}, @NHA_OIF={0x8, 0x5, r7}, @NHA_GROUPS={0x4}, @NHA_ID={0x8}, @NHA_MASTER={0x8, 0xa, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000801}, 0x41)
r8 = fsmount(r0, 0x0, 0x1)
fchdir(r8)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0)
r9 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0)
r10 = fsmount(r9, 0x0, 0x1)
fchdir(r10)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x143042, 0x80)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x121440, 0x0)

0s ago: executing program 2 (id=4079):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4001, 0x0, @loopback}, 0x1c)
socket$netlink(0x10, 0x3, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
iopl(0x3)
sendmsg$nl_route_sched(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newtaction={0xb4, 0x30, 0x1, 0x70bd2b, 0x25dfdbde, {}, [{0xa0, 0x1, [@m_bpf={0x58, 0x1, 0x0, 0x0, {{0x8}, {0x30, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x1}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x3, 0xef, 0x1, 0x8000, 0x2}}, @TCA_ACT_BPF_OPS={0xc, 0x4, [{0x16, 0xf2, 0x3, 0x7}]}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_bpf={0x44, 0x2, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x3, 0x2, 0x0, 0x6, 0x80}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0xc044}, 0x4000814)
io_uring_enter(0xffffffffffffffff, 0x4707, 0x7721, 0x27, 0x0, 0x56)
syz_emit_vhci(&(0x7f0000000f40)=ANY=[@ANYBLOB="042ffd02ffffffffffff01073c4023020005a5"], 0x200)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000))
gettid()
read$FUSE(0xffffffffffffffff, &(0x7f0000000f80)={0x2020}, 0x2020)

kernel console output (not intermixed with test programs):

4] vxfs: WRONG superblock magic 00000000 at 1
[ 1117.910242][T20144] vxfs: WRONG superblock magic 00000000 at 8
[ 1117.916487][T20144] vxfs: can't find superblock.
[ 1118.174091][T20142] ceph: No mds server is up or the cluster is laggy
[ 1118.184984][   T24] libceph: connect (1)[c::]:6789 error -101
[ 1118.191313][   T24] libceph: mon0 (1)[c::]:6789 connect error
[ 1118.249205][T20131] fido_id[20131]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[ 1118.582429][T20112] tipc: Resetting bearer <eth:syzkaller0>
[ 1118.617221][T20112] tipc: Disabling bearer <eth:syzkaller0>
[ 1118.663099][T20151] FAULT_INJECTION: forcing a failure.
[ 1118.663099][T20151] name failslab, interval 1, probability 0, space 0, times 0
[ 1118.769916][T20151] CPU: 1 UID: 0 PID: 20151 Comm: syz.2.3665 Not tainted syzkaller #0 PREEMPT(full) 
[ 1118.769942][T20151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1118.769952][T20151] Call Trace:
[ 1118.769960][T20151]  <TASK>
[ 1118.769967][T20151]  dump_stack_lvl+0x16c/0x1f0
[ 1118.769994][T20151]  should_fail_ex+0x512/0x640
[ 1118.770013][T20151]  ? __kmalloc_noprof+0xca/0x880
[ 1118.770042][T20151]  should_failslab+0xc2/0x120
[ 1118.770063][T20151]  __kmalloc_noprof+0xdd/0x880
[ 1118.770089][T20151]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[ 1118.770122][T20151]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[ 1118.770149][T20151]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[ 1118.770181][T20151]  genl_family_rcv_msg_doit+0xbf/0x2f0
[ 1118.770208][T20151]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1118.770242][T20151]  ? bpf_lsm_capable+0x9/0x10
[ 1118.770263][T20151]  ? security_capable+0x7e/0x260
[ 1118.770280][T20151]  ? ns_capable+0xd7/0x110
[ 1118.770306][T20151]  genl_rcv_msg+0x55c/0x800
[ 1118.770334][T20151]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1118.770360][T20151]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[ 1118.770385][T20151]  ? __lock_acquire+0x62e/0x1ce0
[ 1118.770407][T20151]  netlink_rcv_skb+0x158/0x420
[ 1118.770431][T20151]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1118.770457][T20151]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1118.770490][T20151]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1118.770510][T20151]  ? selinux_netlink_send+0x578/0x830
[ 1118.770527][T20151]  ? is_vmalloc_addr+0x86/0xa0
[ 1118.770544][T20151]  genl_rcv+0x28/0x40
[ 1118.770567][T20151]  netlink_unicast+0x5a7/0x870
[ 1118.770593][T20151]  ? __pfx_netlink_unicast+0x10/0x10
[ 1118.770623][T20151]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1118.770652][T20151]  netlink_sendmsg+0x8c8/0xdd0
[ 1118.770679][T20151]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1118.770711][T20151]  ____sys_sendmsg+0xa98/0xc70
[ 1118.770738][T20151]  ? copy_msghdr_from_user+0x10a/0x160
[ 1118.770760][T20151]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1118.770796][T20151]  ___sys_sendmsg+0x134/0x1d0
[ 1118.770818][T20151]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1118.770868][T20151]  __sys_sendmsg+0x16d/0x220
[ 1118.770889][T20151]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1118.770925][T20151]  do_syscall_64+0xcd/0x4e0
[ 1118.770948][T20151]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1118.770966][T20151] RIP: 0033:0x7f1356f8eec9
[ 1118.770981][T20151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1118.770996][T20151] RSP: 002b:00007f13551f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1118.771013][T20151] RAX: ffffffffffffffda RBX: 00007f13571e5fa0 RCX: 00007f1356f8eec9
[ 1118.771024][T20151] RDX: 0000000000008090 RSI: 0000200000001540 RDI: 0000000000000003
[ 1118.771034][T20151] RBP: 00007f13551f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1118.771044][T20151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1118.771053][T20151] R13: 00007f13571e6038 R14: 00007f13571e5fa0 R15: 00007ffe76dd2458
[ 1118.771076][T20151]  </TASK>
[ 1119.630664][T20167] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3668'.
[ 1119.687316][T20167] ksmbd: Unknown IPC event: 0, ignore.
[ 1119.756803][T20172] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3670'.
[ 1119.954730][T20174] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3671'.
[ 1119.972328][T20174] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3671'.
[ 1120.433553][T20174] bond0: (slave bond_slave_1): Releasing backup interface
[ 1121.425258][T20194] FAULT_INJECTION: forcing a failure.
[ 1121.425258][T20194] name failslab, interval 1, probability 0, space 0, times 0
[ 1121.438253][T20194] CPU: 0 UID: 0 PID: 20194 Comm: syz.2.3676 Not tainted syzkaller #0 PREEMPT(full) 
[ 1121.438283][T20194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1121.438297][T20194] Call Trace:
[ 1121.438304][T20194]  <TASK>
[ 1121.438312][T20194]  dump_stack_lvl+0x16c/0x1f0
[ 1121.438341][T20194]  should_fail_ex+0x512/0x640
[ 1121.438364][T20194]  ? fs_reclaim_acquire+0xae/0x150
[ 1121.438391][T20194]  should_failslab+0xc2/0x120
[ 1121.438417][T20194]  __kmalloc_noprof+0xdd/0x880
[ 1121.438448][T20194]  ? tomoyo_encode2+0x100/0x3e0
[ 1121.438479][T20194]  ? tomoyo_encode2+0x100/0x3e0
[ 1121.438503][T20194]  tomoyo_encode2+0x100/0x3e0
[ 1121.438533][T20194]  tomoyo_encode+0x29/0x50
[ 1121.438559][T20194]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1121.438595][T20194]  tomoyo_path_number_perm+0x245/0x580
[ 1121.438617][T20194]  ? tomoyo_path_number_perm+0x237/0x580
[ 1121.438651][T20194]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1121.438676][T20194]  ? find_held_lock+0x2b/0x80
[ 1121.438737][T20194]  ? find_held_lock+0x2b/0x80
[ 1121.438767][T20194]  ? hook_file_ioctl_common+0x145/0x410
[ 1121.438803][T20194]  ? __fget_files+0x20e/0x3c0
[ 1121.438832][T20194]  security_file_ioctl+0x9b/0x240
[ 1121.438861][T20194]  __x64_sys_ioctl+0xb7/0x210
[ 1121.438896][T20194]  do_syscall_64+0xcd/0x4e0
[ 1121.438927][T20194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1121.438950][T20194] RIP: 0033:0x7f1356f8eec9
[ 1121.438968][T20194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1121.438990][T20194] RSP: 002b:00007f13551d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1121.439012][T20194] RAX: ffffffffffffffda RBX: 00007f13571e6090 RCX: 00007f1356f8eec9
[ 1121.439026][T20194] RDX: 000020000000a300 RSI: 00000000c0347c03 RDI: 0000000000000008
[ 1121.439039][T20194] RBP: 00007f13551d5090 R08: 0000000000000000 R09: 0000000000000000
[ 1121.439052][T20194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1121.439066][T20194] R13: 00007f13571e6128 R14: 00007f13571e6090 R15: 00007ffe76dd2458
[ 1121.439096][T20194]  </TASK>
[ 1121.439415][T20194] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1121.932465][T20196] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1121.981149][T20196] syzkaller0: entered promiscuous mode
[ 1122.034761][T20196] syzkaller0: entered allmulticast mode
[ 1122.084307][T20203] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3675'.
[ 1122.818926][T20203] batadv1: entered allmulticast mode
[ 1122.962006][T20212] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1124.547294][T20226] Invalid option length (1047458) for dns_resolver key
[ 1124.915211][T20228] FAULT_INJECTION: forcing a failure.
[ 1124.915211][T20228] name failslab, interval 1, probability 0, space 0, times 0
[ 1124.927979][T20228] CPU: 0 UID: 0 PID: 20228 Comm: syz.0.3684 Not tainted syzkaller #0 PREEMPT(full) 
[ 1124.928002][T20228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1124.928012][T20228] Call Trace:
[ 1124.928019][T20228]  <TASK>
[ 1124.928025][T20228]  dump_stack_lvl+0x16c/0x1f0
[ 1124.928052][T20228]  should_fail_ex+0x512/0x640
[ 1124.928072][T20228]  ? __kmalloc_noprof+0xca/0x880
[ 1124.928095][T20228]  should_failslab+0xc2/0x120
[ 1124.928110][T20228]  __kmalloc_noprof+0xdd/0x880
[ 1124.928127][T20228]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[ 1124.928149][T20228]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[ 1124.928167][T20228]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[ 1124.928186][T20228]  ? cred_has_capability.isra.0+0x190/0x310
[ 1124.928202][T20228]  genl_family_rcv_msg_doit+0xbf/0x2f0
[ 1124.928220][T20228]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1124.928242][T20228]  ? bpf_lsm_capable+0x9/0x10
[ 1124.928257][T20228]  ? security_capable+0x7e/0x260
[ 1124.928270][T20228]  genl_rcv_msg+0x55c/0x800
[ 1124.928289][T20228]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1124.928306][T20228]  ? __pfx_netlbl_cipsov4_add+0x10/0x10
[ 1124.928323][T20228]  ? __lock_acquire+0x62e/0x1ce0
[ 1124.928339][T20228]  netlink_rcv_skb+0x158/0x420
[ 1124.928354][T20228]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1124.928371][T20228]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1124.928392][T20228]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1124.928406][T20228]  ? netlink_unicast+0x4ee/0x870
[ 1124.928422][T20228]  genl_rcv+0x28/0x40
[ 1124.928437][T20228]  netlink_unicast+0x5a7/0x870
[ 1124.928454][T20228]  ? __pfx_netlink_unicast+0x10/0x10
[ 1124.928474][T20228]  netlink_sendmsg+0x8c8/0xdd0
[ 1124.928491][T20228]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1124.928512][T20228]  ____sys_sendmsg+0xa98/0xc70
[ 1124.928529][T20228]  ? copy_msghdr_from_user+0x10a/0x160
[ 1124.928543][T20228]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1124.928558][T20228]  ? find_held_lock+0x2b/0x80
[ 1124.928576][T20228]  ? rcu_is_watching+0x12/0xc0
[ 1124.928593][T20228]  ? trace_sched_exit_tp+0xd1/0x120
[ 1124.928612][T20228]  ___sys_sendmsg+0x134/0x1d0
[ 1124.928626][T20228]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1124.928652][T20228]  ? irqentry_exit_to_user_mode+0x2b0/0x2b0
[ 1124.928671][T20228]  __sys_sendmsg+0x16d/0x220
[ 1124.928684][T20228]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1124.928698][T20228]  ? write_comp_data+0x8b/0x90
[ 1124.928721][T20228]  do_syscall_64+0xcd/0x4e0
[ 1124.928736][T20228]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1124.928748][T20228] RIP: 0033:0x7f4aed38eec9
[ 1124.928758][T20228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1124.928770][T20228] RSP: 002b:00007f4aeb5f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1124.928780][T20228] RAX: ffffffffffffffda RBX: 00007f4aed5e6090 RCX: 00007f4aed38eec9
[ 1124.928787][T20228] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000009
[ 1124.928794][T20228] RBP: 00007f4aeb5f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1124.928800][T20228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1124.928807][T20228] R13: 00007f4aed5e6128 R14: 00007f4aed5e6090 R15: 00007ffd3b0b62a8
[ 1124.928821][T20228]  </TASK>
[ 1125.307236][T20227] afs: Unknown parameter ''
[ 1125.368369][T20229] siw: device registration error -23
[ 1125.895396][T20234] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3685'.
[ 1125.904427][T20234] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3685'.
[ 1126.744812][ T5955] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[ 1126.845364][T20186] tipc: Resetting bearer <eth:syzkaller0>
[ 1127.064612][T20255] vxfs: WRONG superblock magic 00000000 at 1
[ 1127.071005][T20255] vxfs: WRONG superblock magic 00000000 at 8
[ 1127.077114][T20255] vxfs: can't find superblock.
[ 1127.311885][   T11] block nbd0: Possible stuck request ffff888026057c40: control (read@0,1024B). Runtime 30 seconds
[ 1127.326427][T20186] tipc: Disabling bearer <eth:syzkaller0>
[ 1127.332239][   T11] block nbd0: Possible stuck request ffff888026057e00: control (read@1024,1024B). Runtime 30 seconds
[ 1127.343173][   T11] block nbd0: Possible stuck request ffff888026057fc0: control (read@2048,1024B). Runtime 30 seconds
[ 1127.344985][T20252] ceph: No mds server is up or the cluster is laggy
[ 1127.354102][   T11] block nbd0: Possible stuck request ffff888026058180: control (read@3072,1024B). Runtime 30 seconds
[ 1127.363381][   T24] libceph: connect (1)[c::]:6789 error -101
[ 1127.386266][   T24] libceph: mon0 (1)[c::]:6789 connect error
[ 1127.414792][T20248] nbd1: detected capacity change from 0 to 63
[ 1127.436676][T20254] nbd: must specify an index to disconnect
[ 1127.457020][ T5955] usb 4-1: Using ep0 maxpacket: 32
[ 1127.463891][ T5955] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1127.476331][T11240] block nbd1: Receive control failed (result -104)
[ 1128.042190][ T5955] usb 4-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[ 1128.064628][ T5955] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1128.088771][ T5955] usb 4-1: Product: syz
[ 1128.092983][ T5955] usb 4-1: Manufacturer: syz
[ 1128.101859][ T5955] usb 4-1: SerialNumber: syz
[ 1128.109536][ T5955] usb 4-1: config 0 descriptor??
[ 1128.203240][T20272] veth0_to_team: entered promiscuous mode
[ 1128.724307][T20282] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3696'.
[ 1129.319769][T20282] batadv1: entered allmulticast mode
[ 1129.934308][ T5955] usb 4-1: USB disconnect, device number 65
[ 1130.361469][T20299] tipc: Started in network mode
[ 1130.374894][T20299] tipc: Node identity 0238a3aa1dec, cluster identity 4711
[ 1130.382667][T20299] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1130.393957][T20299] syzkaller0: entered promiscuous mode
[ 1130.399560][T20299] syzkaller0: entered allmulticast mode
[ 1130.637045][   T30] audit: type=1400 audit(2000000563.710:2481): avc:  denied  { shutdown } for  pid=20300 comm="syz.2.3702" lport=9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1130.750239][   T30] audit: type=1400 audit(2000000563.880:2482): avc:  denied  { write } for  pid=20300 comm="syz.2.3702" name="file0" dev="tmpfs" ino=614 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1130.991960][   T30] audit: type=1400 audit(2000000563.890:2483): avc:  denied  { open } for  pid=20300 comm="syz.2.3702" path="/114/file0" dev="tmpfs" ino=614 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1131.190079][   T30] audit: type=1400 audit(2000000563.890:2484): avc:  denied  { ioctl } for  pid=20300 comm="syz.2.3702" path="/114/file0" dev="tmpfs" ino=614 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1131.412124][T20330] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3704'.
[ 1131.526107][T17103] tipc: Node number set to 534029226
[ 1131.607646][T20310] nbd3: detected capacity change from 0 to 63
[ 1131.636459][T20313] nbd: must specify an index to disconnect
[ 1131.646107][T11240] block nbd3: Receive control failed (result -104)
[ 1131.767198][   T30] audit: type=1326 audit(2000000564.890:2485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20333 comm="syz.3.3706" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8c19d8eec9 code=0x0
[ 1132.049022][T20343] netlink: 'syz.0.3708': attribute type 3 has an invalid length.
[ 1132.312340][T20344] loop2: detected capacity change from 0 to 7
[ 1132.332542][T17240] Dev loop2: unable to read RDB block 7
[ 1132.338312][T17240]  loop2: unable to read partition table
[ 1132.345050][T17240] loop2: partition table beyond EOD, truncated
[ 1132.357610][T20344] Dev loop2: unable to read RDB block 7
[ 1132.363623][T20344]  loop2: unable to read partition table
[ 1132.372220][T20344] loop2: partition table beyond EOD, truncated
[ 1132.389061][T20344] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[ 1133.414504][T20293] tipc: Resetting bearer <eth:syzkaller0>
[ 1133.429843][T20293] tipc: Disabling bearer <eth:syzkaller0>
[ 1133.468901][T20357] cgroup: subsys name conflicts with all
[ 1133.912990][T20369] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3714'.
[ 1135.045583][T12793] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[ 1135.244778][T12793] usb 4-1: Using ep0 maxpacket: 32
[ 1135.252746][T12793] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1135.393224][T12793] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1135.426552][T12793] usb 4-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1135.445092][T12793] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1135.452434][T12793] usb 4-1: New USB device found, idVendor=04b3, idProduct=3109, bcdDevice= 0.00
[ 1135.468455][T12793] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1135.808704][T20394] binder: 20393:20394 ioctl c0306201 200000000240 returned -14
[ 1135.817642][T12793] usb 4-1: config 0 descriptor??
[ 1135.907561][T20396] netlink: 80 bytes leftover after parsing attributes in process `syz.4.3723'.
[ 1135.917075][T20396] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3723'.
[ 1135.926561][T20396] tipc: MTU too low for tipc bearer
[ 1136.796131][T12793] lenovo 0003:04B3:3109.0034: unknown main item tag 0x4
[ 1136.803414][T12793] lenovo 0003:04B3:3109.0034: unknown main item tag 0x1
[ 1136.838202][T12793] lenovo 0003:04B3:3109.0034: hidraw0: USB HID v5f.b2 Device [HID 04b3:3109] on usb-dummy_hcd.3-1/input0
[ 1137.043591][T12793] usb 4-1: USB disconnect, device number 66
[ 1137.509026][T20408] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3724'.
[ 1137.608009][T20408] batadv1: entered allmulticast mode
[ 1137.626913][T20410] fido_id[20410]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[ 1138.863582][T20432] pimreg: entered allmulticast mode
[ 1138.868301][T20432] netlink: 14 bytes leftover after parsing attributes in process `syz.2.3731'.
[ 1139.314671][T19479] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[ 1139.758457][T19479] usb 2-1: config index 0 descriptor too short (expected 39, got 27)
[ 1139.767164][T19479] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1139.906038][T19479] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1139.967014][T19479] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1140.006265][T19479] usb 2-1: Product: syz
[ 1140.010570][T19479] usb 2-1: Manufacturer: syz
[ 1140.015674][T19479] usb 2-1: SerialNumber: syz
[ 1140.044249][T19479] usb 2-1: config 0 descriptor??
[ 1140.051665][T20432] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1140.062280][T20432] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1140.086153][T20432] bond0 (unregistering): Released all slaves
[ 1140.094206][T19479] hub 2-1:0.0: bad descriptor, ignoring hub
[ 1140.104673][T19479] hub 2-1:0.0: probe with driver hub failed with error -5
[ 1140.131932][T19479] usb 2-1: selecting invalid altsetting 0
[ 1140.204682][T17103] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[ 1140.356041][T17103] usb 1-1: config index 0 descriptor too short (expected 39, got 27)
[ 1140.364910][T17103] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1140.396081][T17103] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1140.428163][T17103] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1140.437726][T17103] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1140.446036][T12793] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[ 1140.455351][T17103] usb 1-1: Product: syz
[ 1140.465591][T17103] usb 1-1: Manufacturer: syz
[ 1140.470686][T17103] usb 1-1: SerialNumber: syz
[ 1140.478429][T17103] usb 1-1: config 0 descriptor??
[ 1140.486279][T17103] hub 1-1:0.0: bad descriptor, ignoring hub
[ 1140.496924][T17103] hub 1-1:0.0: probe with driver hub failed with error -5
[ 1140.499790][T20447] netlink: 'syz.2.3738': attribute type 12 has an invalid length.
[ 1140.517492][T17103] usb 1-1: selecting invalid altsetting 0
[ 1140.522116][T20447] netlink: 'syz.2.3738': attribute type 1 has an invalid length.
[ 1140.596617][T12793] usb 4-1: config index 0 descriptor too short (expected 39, got 27)
[ 1140.616658][T12793] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1140.644631][T12793] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1140.676882][T12793] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1140.693240][T12793] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1140.704168][T12793] usb 4-1: Product: syz
[ 1140.709788][T12793] usb 4-1: Manufacturer: syz
[ 1140.715459][T12793] usb 4-1: SerialNumber: syz
[ 1140.728060][T12793] usb 4-1: config 0 descriptor??
[ 1140.958430][T12793] hub 4-1:0.0: bad descriptor, ignoring hub
[ 1140.972907][T12793] hub 4-1:0.0: probe with driver hub failed with error -5
[ 1140.984466][T12793] usb 4-1: selecting invalid altsetting 0
[ 1141.169589][T20460] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1141.977543][T20466] wg0 speed is unknown, defaulting to 1000
[ 1142.055144][ T5955] usb 2-1: USB disconnect, device number 78
[ 1142.278125][T19479] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[ 1142.588787][   T30] audit: type=1400 audit(2000000575.650:2486): avc:  denied  { lock } for  pid=20477 comm="syz.4.3747" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[ 1142.598388][T19479] usb 3-1: config 0 has no interfaces?
[ 1142.602065][T19479] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 1142.602095][T19479] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1142.602115][T19479] usb 3-1: Product: syz
[ 1142.602130][T19479] usb 3-1: Manufacturer: syz
[ 1142.602144][T19479] usb 3-1: SerialNumber: syz
[ 1142.604316][T19479] usb 3-1: config 0 descriptor??
[ 1142.819834][T20482] binder: 20476:20482 ioctl c0306201 200000000240 returned -14
[ 1142.963279][T20486] netlink: 80 bytes leftover after parsing attributes in process `syz.1.3746'.
[ 1142.974388][T20486] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3746'.
[ 1142.983612][T20486] tipc: MTU too low for tipc bearer
[ 1143.269287][T17103] usb 3-1: USB disconnect, device number 82
[ 1143.528404][T20490] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3748'.
[ 1143.660271][T17103] usb 4-1: USB disconnect, device number 67
[ 1143.684899][T19479] usb 1-1: USB disconnect, device number 91
[ 1145.924380][T20514] syz_tun: entered allmulticast mode
[ 1146.082149][T17103] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[ 1146.384664][T17103] usb 4-1: Using ep0 maxpacket: 16
[ 1146.398259][T17103] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 1146.438383][T17103] usb 4-1: config 0 has no interface number 0
[ 1147.122390][T17103] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[ 1147.140542][T17103] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1147.160766][T17103] usb 4-1: Product: syz
[ 1147.171658][T17103] usb 4-1: Manufacturer: syz
[ 1147.186042][T17103] usb 4-1: SerialNumber: syz
[ 1147.205395][T17103] usb 4-1: config 0 descriptor??
[ 1147.343054][T17103] gspca_main: spca1528-2.14.0 probing 04fc:1528
[ 1147.454771][T19479] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[ 1147.974706][T19479] usb 1-1: Using ep0 maxpacket: 8
[ 1147.981441][T19479] usb 1-1: config 1 has an invalid descriptor of length 251, skipping remainder of the config
[ 1148.027476][T19479] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 64320, setting to 1024
[ 1148.045176][T19479] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[ 1148.057350][T19479] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1148.072672][T19479] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[ 1148.108907][T19479] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1148.280814][T19479] usb 1-1: Product: syz
[ 1148.293271][T19479] usb 1-1: Manufacturer: syz
[ 1148.304745][T19479] usb 1-1: SerialNumber: syz
[ 1148.405151][T17103] gspca_spca1528: reg_w err -110
[ 1148.452774][T17103] spca1528 4-1:0.1: probe with driver spca1528 failed with error -110
[ 1148.713267][T20531] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 1148.774614][T12761] usb 2-1: new full-speed USB device number 79 using dummy_hcd
[ 1148.776853][T19479] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[ 1148.980371][T20530] usb usb8: usbfs: interface 0 claimed by hub while 'syz.0.3759' resets device
[ 1148.983066][T19479] usbtest 1-1:1.0: couldn't get endpoints, -22
[ 1149.026353][T12761] usb 2-1: config 4 has an invalid interface number: 110 but max is 0
[ 1149.055452][T19479] usbtest 1-1:1.0: probe with driver usbtest failed with error -22
[ 1149.081174][T12761] usb 2-1: config 4 has no interface number 0
[ 1149.087882][   T30] audit: type=1400 audit(2000000582.210:2487): avc:  denied  { append } for  pid=20526 comm="syz.0.3759" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[ 1149.141899][T12761] usb 2-1: too many endpoints for config 4 interface 110 altsetting 48: 248, using maximum allowed: 30
[ 1149.148381][T19479] usb 1-1: USB disconnect, device number 92
[ 1149.169445][T12761] usb 2-1: config 4 interface 110 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 248
[ 1149.223277][T12761] usb 2-1: config 4 interface 110 has no altsetting 0
[ 1149.236956][T12761] usb 2-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d
[ 1149.249262][T12761] usb 2-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3
[ 1149.259616][T12761] usb 2-1: Product: syz
[ 1149.263890][T12761] usb 2-1: Manufacturer: syz
[ 1149.269098][T12761] usb 2-1: SerialNumber: syz
[ 1149.342957][T20550] binder: 20549:20550 ioctl c0306201 200000000240 returned -14
[ 1149.423255][T20551] netlink: 80 bytes leftover after parsing attributes in process `syz.4.3765'.
[ 1149.432589][T20551] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3765'.
[ 1149.441908][T20551] tipc: MTU too low for tipc bearer
[ 1149.590560][T20541] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1149.627936][T20541] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1149.793541][T19479] usb 4-1: USB disconnect, device number 68
[ 1149.923248][T20553] nbd: nbd3 already in use
[ 1149.935284][T20553] block nbd3: NBD_DISCONNECT
[ 1149.940184][T20553] block nbd3: Send disconnect failed -32
[ 1149.946759][T20553] block nbd3: shutting down sockets
[ 1149.995582][    C1] blk_print_req_error: 285 callbacks suppressed
[ 1149.995602][    C1] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1150.011213][    C1] buffer_io_error: 286 callbacks suppressed
[ 1150.011226][    C1] Buffer I/O error on dev nbd3, logical block 0, async page read
[ 1150.026969][    C1] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1150.036101][    C1] Buffer I/O error on dev nbd3, logical block 1, async page read
[ 1150.043948][    C1] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1150.053055][    C1] Buffer I/O error on dev nbd3, logical block 2, async page read
[ 1150.060979][    C1] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1150.070121][    C1] Buffer I/O error on dev nbd3, logical block 3, async page read
[ 1150.082768][T20556] comedi comedi3: aio_iiro_16: I/O port conflict (0x4f27,8)
[ 1150.093731][T17241] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1150.115717][T17241] Buffer I/O error on dev nbd3, logical block 0, async page read
[ 1150.149587][T17241] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1150.178011][T17241] Buffer I/O error on dev nbd3, logical block 1, async page read
[ 1150.260382][T17241] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1150.290511][T17241] Buffer I/O error on dev nbd3, logical block 2, async page read
[ 1150.303125][T17241] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1150.312591][T17241] Buffer I/O error on dev nbd3, logical block 3, async page read
[ 1150.321868][T17241] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1150.331212][T17241] Buffer I/O error on dev nbd3, logical block 0, async page read
[ 1150.340675][T17241] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1150.350472][T17241] Buffer I/O error on dev nbd3, logical block 1, async page read
[ 1150.420138][T17241] ldm_validate_partition_table(): Disk read failed.
[ 1150.458405][T20564] sd 0:0:1:0: PR command failed: 1026
[ 1150.464501][T17241] Dev nbd3: unable to read RDB block 0
[ 1150.470457][T20564] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[ 1150.485828][T17241]  nbd3: unable to read partition table
[ 1150.492526][T20564] sd 0:0:1:0: Add. Sense: Invalid command operation code
[ 1150.568758][T17241] ldm_validate_partition_table(): Disk read failed.
[ 1150.602614][T17241] Dev nbd3: unable to read RDB block 0
[ 1150.609104][T12761] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state.
[ 1150.630999][T17241]  nbd3: unable to read partition table
[ 1150.637912][T12761] vp7045: USB control message 'out' went wrong.
[ 1150.651230][T12761] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[ 1150.733603][T12761] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19)
[ 1150.758274][T12761] usb 2-1: USB disconnect, device number 79
[ 1150.782050][T20572] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1150.842433][T20574] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3771'.
[ 1150.888863][T20574] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3771'.
[ 1151.601258][T20586] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1151.628547][   T30] audit: type=1400 audit(2000000584.760:2488): avc:  denied  { append } for  pid=20585 comm="syz.2.3776" name="event3" dev="devtmpfs" ino=987 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[ 1151.652739][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1151.665313][T20586] syzkaller0: entered promiscuous mode
[ 1151.671632][T20586] syzkaller0: entered allmulticast mode
[ 1151.696030][T20586] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[ 1151.745482][T20594] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3777'.
[ 1152.650577][T20600] vivid-002: disconnect
[ 1152.731785][   T30] audit: type=1400 audit(2000000585.790:2489): avc:  denied  { read } for  pid=20587 comm="syz.1.3775" dev="sockfs" ino=65160 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1152.735559][T20586] tipc: Resetting bearer <eth:syzkaller0>
[ 1152.766785][T20604] openvswitch: netlink: Missing key (keys=40, expected=200000)
[ 1152.843971][T20585] tipc: Resetting bearer <eth:syzkaller0>
[ 1152.848983][T20587] vivid-002: reconnect
[ 1153.176355][T20585] tipc: Disabling bearer <eth:syzkaller0>
[ 1153.205035][ T5948] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[ 1153.374629][ T5948] usb 1-1: Using ep0 maxpacket: 8
[ 1153.413934][ T5948] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[ 1153.441446][ T5948] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1153.507352][T20623] afs: Unknown parameter ''
[ 1153.577840][T20624] siw: device registration error -23
[ 1154.398724][ T5948] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1154.508544][ T5948] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1154.670681][ T5948] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1154.787978][T20628] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1154.845580][ T5948] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1154.904884][ T5948] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1155.220648][ T5955] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[ 1155.238583][ T5948] usb 1-1: GET_CAPABILITIES returned 0
[ 1155.251213][ T5948] usbtmc 1-1:16.0: can't read capabilities
[ 1155.337306][T20642] binder: BINDER_SET_CONTEXT_MGR already set
[ 1155.343430][T20642] binder: 20637:20642 ioctl 4018620d 2000000002c0 returned -16
[ 1155.806972][ T5955] usb 3-1: Using ep0 maxpacket: 8
[ 1155.814527][ T5955] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30
[ 1155.829181][ T5955] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1155.842378][ T5955] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 129
[ 1155.858197][ T5955] usb 3-1: New USB device found, idVendor=0dfc, idProduct=0102, bcdDevice= 0.00
[ 1155.871719][ T5955] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1155.883496][ T5955] usb 3-1: config 0 descriptor??
[ 1156.109765][T20652] binder: 20651:20652 ioctl c0306201 200000000240 returned -14
[ 1156.476602][ T5955] hid-generic 0003:0DFC:0102.0035: hidraw0: USB HID v0.00 Device [HID 0dfc:0102] on usb-dummy_hcd.2-1/input0
[ 1157.017439][ T5955] usb 3-1: USB disconnect, device number 83
[ 1157.026444][T20654] netlink: 80 bytes leftover after parsing attributes in process `syz.4.3793'.
[ 1157.105838][T20654] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3793'.
[ 1157.127375][T20654] tipc: MTU too low for tipc bearer
[ 1157.174889][T12761] usb 1-1: USB disconnect, device number 93
[ 1157.743752][T16796] block nbd1: Possible stuck request ffff888026072a00: control (read@0,1024B). Runtime 30 seconds
[ 1157.754764][   T11] block nbd0: Possible stuck request ffff888026057c40: control (read@0,1024B). Runtime 60 seconds
[ 1157.765470][T16796] block nbd1: Possible stuck request ffff888026072bc0: control (read@1024,1024B). Runtime 30 seconds
[ 1157.776455][   T11] block nbd0: Possible stuck request ffff888026057e00: control (read@1024,1024B). Runtime 60 seconds
[ 1157.787426][T16796] block nbd1: Possible stuck request ffff888026072d80: control (read@2048,1024B). Runtime 30 seconds
[ 1158.217991][   T11] block nbd0: Possible stuck request ffff888026057fc0: control (read@2048,1024B). Runtime 60 seconds
[ 1158.229615][T16796] block nbd1: Possible stuck request ffff888026072f40: control (read@3072,1024B). Runtime 30 seconds
[ 1158.240597][   T11] block nbd0: Possible stuck request ffff888026058180: control (read@3072,1024B). Runtime 60 seconds
[ 1159.192005][T17103] libceph: connect (1)[c::]:6789 error -101
[ 1159.221682][T20704] ceph: No mds server is up or the cluster is laggy
[ 1159.231411][T20709] vxfs: WRONG superblock magic 00000000 at 1
[ 1159.237619][T20709] vxfs: WRONG superblock magic 00000000 at 8
[ 1159.243584][T20709] vxfs: can't find superblock.
[ 1159.260571][T17103] libceph: mon0 (1)[c::]:6789 connect error
[ 1159.476393][T20713] : entered promiscuous mode
[ 1160.732829][   T30] audit: type=1400 audit(2000000593.470:2490): avc:  denied  { watch } for  pid=20720 comm="syz.1.3807" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1160.756296][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1160.861488][   T30] audit: type=1400 audit(2000000593.900:2491): avc:  denied  { bind } for  pid=20723 comm="syz.0.3806" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1160.909926][   T30] audit: type=1400 audit(2000000593.920:2492): avc:  denied  { listen } for  pid=20723 comm="syz.0.3806" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1161.918784][T20744] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3812'.
[ 1161.948513][T20744] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3812'.
[ 1163.625218][T20786] nbd3: detected capacity change from 0 to 63
[ 1163.631743][T20789] block nbd3: NBD_DISCONNECT
[ 1163.639193][T20789] block nbd3: Disconnected due to user request.
[ 1163.665368][T20789] block nbd3: shutting down sockets
[ 1163.705048][    C1] blk_print_req_error: 138 callbacks suppressed
[ 1163.705068][    C1] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1163.720497][    C1] buffer_io_error: 138 callbacks suppressed
[ 1163.720514][    C1] Buffer I/O error on dev nbd3, logical block 0, async page read
[ 1163.734617][    C1] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1163.743681][    C1] Buffer I/O error on dev nbd3, logical block 1, async page read
[ 1163.751588][    C1] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1163.760707][    C1] Buffer I/O error on dev nbd3, logical block 2, async page read
[ 1163.768595][    C1] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1163.777709][    C1] Buffer I/O error on dev nbd3, logical block 3, async page read
[ 1163.785705][T17188] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1163.807761][T17188] Buffer I/O error on dev nbd3, logical block 0, async page read
[ 1163.824689][T17188] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1163.850302][T17188] Buffer I/O error on dev nbd3, logical block 1, async page read
[ 1163.888952][T17188] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1163.954796][T17188] Buffer I/O error on dev nbd3, logical block 2, async page read
[ 1163.978952][T17188] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1164.051607][T17188] Buffer I/O error on dev nbd3, logical block 3, async page read
[ 1164.063897][T17188] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1164.063925][T17188] Buffer I/O error on dev nbd3, logical block 0, async page read
[ 1164.064025][T17188] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1164.064046][T17188] Buffer I/O error on dev nbd3, logical block 1, async page read
[ 1164.068705][T17188] ldm_validate_partition_table(): Disk read failed.
[ 1164.070325][T17188] Dev nbd3: unable to read RDB block 0
[ 1164.071897][T17188]  nbd3: unable to read partition table
[ 1164.077947][T17188] ldm_validate_partition_table(): Disk read failed.
[ 1164.078795][T17188] Dev nbd3: unable to read RDB block 0
[ 1164.079634][T17188]  nbd3: unable to read partition table
[ 1164.325492][T12761] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[ 1164.574618][T12761] usb 4-1: Using ep0 maxpacket: 8
[ 1164.677065][T12761] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[ 1164.708848][T12761] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1164.738502][T12761] usb 4-1: Product: syz
[ 1164.751400][T12761] usb 4-1: Manufacturer: syz
[ 1164.759562][T12761] usb 4-1: SerialNumber: syz
[ 1164.768435][T12761] usb 4-1: config 0 descriptor??
[ 1164.778470][T12761] gspca_main: sq930x-2.14.0 probing 2770:930c
[ 1165.155461][T12761] gspca_sq930x: reg_r 001f failed -71
[ 1165.160935][T12761] sq930x 4-1:0.0: probe with driver sq930x failed with error -71
[ 1165.230151][T12761] usb 4-1: USB disconnect, device number 69
[ 1165.460466][   T30] audit: type=1400 audit(2000000598.590:2493): avc:  denied  { create } for  pid=20812 comm="syz.4.3820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[ 1165.538600][T20836] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3823'.
[ 1165.553989][   T30] audit: type=1400 audit(2000000598.590:2494): avc:  denied  { write } for  pid=20812 comm="syz.4.3820" path="socket:[65518]" dev="sockfs" ino=65518 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[ 1165.590637][T20837] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3823'.
[ 1165.801253][T20841] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3824'.
[ 1165.835272][T20841] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3824'.
[ 1166.161297][T20866] xt_policy: too many policy elements
[ 1166.498734][T20873] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3826'.
[ 1166.868895][T20873] batadv1: entered allmulticast mode
[ 1167.216414][T20881] 9pnet_virtio: no channels available for device 127.0.0.1
[ 1167.355524][T20885] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1167.367493][T20887] FAULT_INJECTION: forcing a failure.
[ 1167.367493][T20887] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1167.380768][T20887] CPU: 0 UID: 0 PID: 20887 Comm: syz.2.3833 Not tainted syzkaller #0 PREEMPT(full) 
[ 1167.380785][T20887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1167.380792][T20887] Call Trace:
[ 1167.380797][T20887]  <TASK>
[ 1167.380801][T20887]  dump_stack_lvl+0x16c/0x1f0
[ 1167.380820][T20887]  should_fail_ex+0x512/0x640
[ 1167.380836][T20887]  _copy_to_user+0x32/0xd0
[ 1167.380852][T20887]  simple_read_from_buffer+0xcb/0x170
[ 1167.380865][T20887]  proc_fail_nth_read+0x197/0x240
[ 1167.380880][T20887]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1167.380895][T20887]  ? rw_verify_area+0xcf/0x6c0
[ 1167.380905][T20887]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1167.380919][T20887]  vfs_read+0x1e1/0xcf0
[ 1167.380932][T20887]  ? __pfx___mutex_lock+0x10/0x10
[ 1167.380946][T20887]  ? __pfx_vfs_read+0x10/0x10
[ 1167.380961][T20887]  ? __fget_files+0x20e/0x3c0
[ 1167.380977][T20887]  ksys_read+0x12a/0x250
[ 1167.380988][T20887]  ? __pfx_ksys_read+0x10/0x10
[ 1167.381003][T20887]  do_syscall_64+0xcd/0x4e0
[ 1167.381018][T20887]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1167.381030][T20887] RIP: 0033:0x7f1356f8d8dc
[ 1167.381040][T20887] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1167.381051][T20887] RSP: 002b:00007f13551f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1167.381062][T20887] RAX: ffffffffffffffda RBX: 00007f13571e5fa0 RCX: 00007f1356f8d8dc
[ 1167.381069][T20887] RDX: 000000000000000f RSI: 00007f13551f60a0 RDI: 0000000000000005
[ 1167.381076][T20887] RBP: 00007f13551f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1167.381082][T20887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1167.381088][T20887] R13: 00007f13571e6038 R14: 00007f13571e5fa0 R15: 00007ffe76dd2458
[ 1167.381102][T20887]  </TASK>
[ 1167.627251][T20885] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1167.801850][T20885] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1167.816618][T20890] netlink: 'syz.2.3834': attribute type 1 has an invalid length.
[ 1167.836278][   T30] audit: type=1400 audit(2000000600.940:2495): avc:  denied  { ioctl } for  pid=20888 comm="syz.2.3834" path="socket:[66248]" dev="sockfs" ino=66248 ioctlcmd=0x942c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[ 1167.867189][T20885] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1167.885314][T20889] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1167.893993][T20889] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1167.895265][ T5955] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[ 1167.928519][   T30] audit: type=1400 audit(2000000600.950:2496): avc:  denied  { getopt } for  pid=20888 comm="syz.2.3834" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1168.034658][T20895] afs: Unknown parameter 'dy'
[ 1168.103322][ T5955] usb 1-1: Using ep0 maxpacket: 32
[ 1168.114257][T20896] siw: device registration error -23
[ 1168.154681][T12793] usb 2-1: new full-speed USB device number 80 using dummy_hcd
[ 1168.977960][ T5955] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1168.989994][ T5955] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1169.001579][T12793] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1169.014632][ T5955] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1169.024227][T12793] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1169.033319][ T5955] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1169.045702][T12793] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[ 1169.062305][T12793] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1169.087084][ T5955] usb 1-1: config 0 descriptor??
[ 1169.139264][T12793] usb 2-1: Product: syz
[ 1169.143520][ T5955] hub 1-1:0.0: USB hub found
[ 1169.161162][T12793] usb 2-1: Manufacturer: syz
[ 1169.182660][T12793] usb 2-1: SerialNumber: syz
[ 1169.203554][T12793] usb 2-1: config 0 descriptor??
[ 1169.360408][ T5955] hub 1-1:0.0: config failed, can't read hub descriptor (err -22)
[ 1169.685733][ T5955] usbhid 1-1:0.0: can't add hid device: -71
[ 1169.691907][T20892] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1169.704171][ T5955] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1169.715625][T20892] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1169.730315][T12793] usb 2-1: USB disconnect, device number 80
[ 1169.756696][ T5955] usb 1-1: USB disconnect, device number 94
[ 1170.471732][T20923] FAULT_INJECTION: forcing a failure.
[ 1170.471732][T20923] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 1170.485663][T20923] CPU: 0 UID: 0 PID: 20923 Comm: syz.1.3844 Not tainted syzkaller #0 PREEMPT(full) 
[ 1170.485688][T20923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1170.485700][T20923] Call Trace:
[ 1170.485706][T20923]  <TASK>
[ 1170.485714][T20923]  dump_stack_lvl+0x16c/0x1f0
[ 1170.485742][T20923]  should_fail_ex+0x512/0x640
[ 1170.485769][T20923]  should_fail_alloc_page+0xe7/0x130
[ 1170.485792][T20923]  prepare_alloc_pages+0x3c2/0x610
[ 1170.485816][T20923]  ? rcu_is_watching+0x12/0xc0
[ 1170.485844][T20923]  __alloc_frozen_pages_noprof+0x18b/0x2470
[ 1170.485874][T20923]  ? pcpu_next_md_free_region+0x108/0x380
[ 1170.485901][T20923]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1170.485918][T20923]  ? pcpu_chunk_refresh_hint+0x2b5/0x360
[ 1170.485961][T20923]  ? __pfx_pcpu_chunk_refresh_hint+0x10/0x10
[ 1170.485993][T20923]  ? pcpu_block_update_hint_alloc+0x86b/0xb80
[ 1170.486025][T20923]  __alloc_pages_noprof+0xb/0x1b0
[ 1170.486040][T20923]  pcpu_populate_chunk+0x110/0xb00
[ 1170.486060][T20923]  ? mark_held_locks+0x49/0x80
[ 1170.486072][T20923]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1170.486087][T20923]  pcpu_alloc_noprof+0x86a/0x14c0
[ 1170.486104][T20923]  tbl_mask_cache_alloc+0xeb/0x200
[ 1170.486116][T20923]  ovs_flow_tbl_init+0x24/0x600
[ 1170.486127][T20923]  ? kasan_save_track+0x14/0x30
[ 1170.486140][T20923]  ovs_dp_cmd_new+0x251/0xe60
[ 1170.486164][T20923]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[ 1170.486179][T20923]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[ 1170.486198][T20923]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[ 1170.486219][T20923]  genl_family_rcv_msg_doit+0x209/0x2f0
[ 1170.486237][T20923]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1170.486259][T20923]  ? bpf_lsm_capable+0x9/0x10
[ 1170.486273][T20923]  ? security_capable+0x7e/0x260
[ 1170.486285][T20923]  ? ns_capable+0xd7/0x110
[ 1170.486301][T20923]  genl_rcv_msg+0x55c/0x800
[ 1170.486319][T20923]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1170.486337][T20923]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[ 1170.486353][T20923]  netlink_rcv_skb+0x158/0x420
[ 1170.486369][T20923]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1170.486386][T20923]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1170.486415][T20923]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1170.486432][T20923]  genl_rcv+0x28/0x40
[ 1170.486447][T20923]  netlink_unicast+0x5a7/0x870
[ 1170.486464][T20923]  ? __pfx_netlink_unicast+0x10/0x10
[ 1170.486479][T20923]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1170.486498][T20923]  netlink_sendmsg+0x8c8/0xdd0
[ 1170.486515][T20923]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1170.486536][T20923]  ____sys_sendmsg+0xa98/0xc70
[ 1170.486553][T20923]  ? copy_msghdr_from_user+0x10a/0x160
[ 1170.486567][T20923]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1170.486590][T20923]  ___sys_sendmsg+0x134/0x1d0
[ 1170.486605][T20923]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1170.486635][T20923]  __sys_sendmsg+0x16d/0x220
[ 1170.486649][T20923]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1170.486678][T20923]  do_syscall_64+0xcd/0x4e0
[ 1170.486694][T20923]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1170.486706][T20923] RIP: 0033:0x7f5f9e78eec9
[ 1170.486716][T20923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1170.486727][T20923] RSP: 002b:00007f5f9f563038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1170.486738][T20923] RAX: ffffffffffffffda RBX: 00007f5f9e9e6090 RCX: 00007f5f9e78eec9
[ 1170.486745][T20923] RDX: 0000000000004040 RSI: 0000200000000000 RDI: 0000000000000006
[ 1170.486752][T20923] RBP: 00007f5f9f563090 R08: 0000000000000000 R09: 0000000000000000
[ 1170.486759][T20923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1170.486765][T20923] R13: 00007f5f9e9e6128 R14: 00007f5f9e9e6090 R15: 00007ffd1cd88298
[ 1170.486780][T20923]  </TASK>
[ 1170.486899][T20923] percpu: allocation failed, size=2048 align=4 atomic=0, failed to populate
[ 1170.861966][T20923] CPU: 0 UID: 0 PID: 20923 Comm: syz.1.3844 Not tainted syzkaller #0 PREEMPT(full) 
[ 1170.861984][T20923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1170.861992][T20923] Call Trace:
[ 1170.861998][T20923]  <TASK>
[ 1170.862004][T20923]  dump_stack_lvl+0x16c/0x1f0
[ 1170.862022][T20923]  pcpu_alloc_noprof+0x118a/0x14c0
[ 1170.862041][T20923]  tbl_mask_cache_alloc+0xeb/0x200
[ 1170.862053][T20923]  ovs_flow_tbl_init+0x24/0x600
[ 1170.862065][T20923]  ? kasan_save_track+0x14/0x30
[ 1170.862080][T20923]  ovs_dp_cmd_new+0x251/0xe60
[ 1170.862096][T20923]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[ 1170.862112][T20923]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[ 1170.862131][T20923]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[ 1170.862152][T20923]  genl_family_rcv_msg_doit+0x209/0x2f0
[ 1170.862171][T20923]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1170.862193][T20923]  ? bpf_lsm_capable+0x9/0x10
[ 1170.862207][T20923]  ? security_capable+0x7e/0x260
[ 1170.862219][T20923]  ? ns_capable+0xd7/0x110
[ 1170.862240][T20923]  genl_rcv_msg+0x55c/0x800
[ 1170.862259][T20923]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1170.862276][T20923]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[ 1170.862293][T20923]  netlink_rcv_skb+0x158/0x420
[ 1170.862308][T20923]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1170.862345][T20923]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1170.862366][T20923]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1170.862382][T20923]  genl_rcv+0x28/0x40
[ 1170.862397][T20923]  netlink_unicast+0x5a7/0x870
[ 1170.862415][T20923]  ? __pfx_netlink_unicast+0x10/0x10
[ 1170.862430][T20923]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1170.862449][T20923]  netlink_sendmsg+0x8c8/0xdd0
[ 1170.862466][T20923]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1170.862486][T20923]  ____sys_sendmsg+0xa98/0xc70
[ 1170.862505][T20923]  ? copy_msghdr_from_user+0x10a/0x160
[ 1170.862523][T20923]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1170.862546][T20923]  ___sys_sendmsg+0x134/0x1d0
[ 1170.862560][T20923]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1170.862591][T20923]  __sys_sendmsg+0x16d/0x220
[ 1170.862605][T20923]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1170.862634][T20923]  do_syscall_64+0xcd/0x4e0
[ 1170.862658][T20923]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1170.862675][T20923] RIP: 0033:0x7f5f9e78eec9
[ 1170.862688][T20923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1170.862705][T20923] RSP: 002b:00007f5f9f563038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1170.862722][T20923] RAX: ffffffffffffffda RBX: 00007f5f9e9e6090 RCX: 00007f5f9e78eec9
[ 1170.862733][T20923] RDX: 0000000000004040 RSI: 0000200000000000 RDI: 0000000000000006
[ 1170.862743][T20923] RBP: 00007f5f9f563090 R08: 0000000000000000 R09: 0000000000000000
[ 1170.862753][T20923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1170.862763][T20923] R13: 00007f5f9e9e6128 R14: 00007f5f9e9e6090 R15: 00007ffd1cd88298
[ 1170.862787][T20923]  </TASK>
[ 1171.936950][T20930] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3847'.
[ 1172.296111][T17103] IPVS: starting estimator thread 0...
[ 1172.494631][T20939] IPVS: using max 39 ests per chain, 93600 per kthread
[ 1172.921780][   T30] audit: type=1400 audit(2000000606.050:2497): avc:  denied  { write } for  pid=20951 comm="syz.2.3854" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[ 1172.992746][   T30] audit: type=1400 audit(2000000606.080:2498): avc:  denied  { ioctl } for  pid=20951 comm="syz.2.3854" path="/dev/cachefiles" dev="devtmpfs" ino=4 ioctlcmd=0x550d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[ 1173.065624][T20954] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3850'.
[ 1173.144618][ T5955] usb 4-1: new full-speed USB device number 70 using dummy_hcd
[ 1173.155355][T20956] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3854'.
[ 1173.176461][   T30] audit: type=1400 audit(2000000606.280:2499): avc:  denied  { execute } for  pid=20951 comm="syz.2.3854" path="/dev/comedi4" dev="devtmpfs" ino=1279 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1173.613508][T20954] batadv1: entered allmulticast mode
[ 1173.668156][   T12] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1
[ 1173.972730][ T5955] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1173.982694][ T5955] usb 4-1: not running at top speed; connect to a high speed hub
[ 1174.026173][ T5955] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1174.036895][ T5955] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1174.051093][ T5955] usb 4-1: string descriptor 0 read error: -22
[ 1174.065046][ T5955] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1174.084641][ T5955] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1174.109219][ T5955] usb 4-1: 0:2 : does not exist
[ 1174.383152][T20973] siw: device registration error -23
[ 1175.107959][ T5955] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[ 1175.122149][ T5955] usb 4-1: 5:0: cannot get min/max values for control 2 (id 5)
[ 1175.137402][ T5955] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5)
[ 1175.153783][ T5955] usb 4-1: 5:0: failed to get current value for ch 1 (-22)
[ 1175.180726][ T5955] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5)
[ 1175.197403][ T5955] usb 4-1: 5:0: cannot get min/max values for control 2 (id 5)
[ 1175.222965][ T5955] usb 4-1: USB disconnect, device number 70
[ 1175.235924][T20969] bond1: Unable to set up delay as MII monitoring is disabled
[ 1175.244847][T17188] udevd[17188]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1175.300189][T20969] bond1 (unregistering): Released all slaves
[ 1175.494243][T20983] vivid-007: =================  START STATUS  =================
[ 1175.502226][T20983] vivid-007: Enable Output Cropping: true
[ 1175.508330][T20983] vivid-007: Enable Output Composing: true
[ 1175.514296][T20983] vivid-007: Enable Output Scaler: true
[ 1175.520320][T20983] vivid-007: Tx RGB Quantization Range: Automatic
[ 1175.527047][T20983] vivid-007: Transmit Mode: HDMI
[ 1175.533033][T20983] vivid-007: Hotplug Present: 0x00000000
[ 1175.540359][T20983] vivid-007: RxSense Present: 0x00000000
[ 1175.546259][T20983] vivid-007: EDID Present: 0x00000000
[ 1175.551743][T20983] vivid-007: ==================  END STATUS  ==================
[ 1176.037152][T20990] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3862'.
[ 1176.047105][T20990] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[ 1176.515142][T20988] nbd4: detected capacity change from 0 to 63
[ 1176.521706][T20989] block nbd4: NBD_DISCONNECT
[ 1176.526822][T20989] block nbd4: Disconnected due to user request.
[ 1176.540564][T20989] block nbd4: shutting down sockets
[ 1176.546959][T17241] blk_print_req_error: 138 callbacks suppressed
[ 1176.546972][T17241] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1176.574310][T17241] buffer_io_error: 138 callbacks suppressed
[ 1176.574328][T17241] Buffer I/O error on dev nbd4, logical block 0, async page read
[ 1176.757210][   T11] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 3 prio class 2
[ 1176.766839][   T11] Buffer I/O error on dev nbd4, logical block 1, async page read
[ 1176.774740][   T11] Buffer I/O error on dev nbd4, logical block 2, async page read
[ 1176.782498][   T11] Buffer I/O error on dev nbd4, logical block 3, async page read
[ 1176.790395][T17241] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1176.800575][T17241] Buffer I/O error on dev nbd4, logical block 0, async page read
[ 1176.814798][T17241] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1176.823866][T17241] Buffer I/O error on dev nbd4, logical block 1, async page read
[ 1176.831888][T17241] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1176.841661][T17241] Buffer I/O error on dev nbd4, logical block 2, async page read
[ 1176.849727][T17241] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1176.859133][T17241] Buffer I/O error on dev nbd4, logical block 3, async page read
[ 1176.868244][T17241] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1176.884204][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 1176.890624][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 1176.898990][T17241] Buffer I/O error on dev nbd4, logical block 0, async page read
[ 1176.956739][T17241] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1176.989741][T17241] Buffer I/O error on dev nbd4, logical block 1, async page read
[ 1176.999470][T17241] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1177.014703][T17241] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1177.476588][T17241] ldm_validate_partition_table(): Disk read failed.
[ 1177.484972][T17241] Dev nbd4: unable to read RDB block 0
[ 1177.492360][T17241]  nbd4: unable to read partition table
[ 1177.619249][T17241] ldm_validate_partition_table(): Disk read failed.
[ 1177.669304][T17241] Dev nbd4: unable to read RDB block 0
[ 1177.689516][T17241]  nbd4: unable to read partition table
[ 1177.836630][T21013] wg0 speed is unknown, defaulting to 1000
[ 1177.864701][   T30] audit: type=1400 audit(2000000610.980:2500): avc:  denied  { bind } for  pid=21008 comm="syz.2.3869" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1177.904693][   T30] audit: type=1400 audit(2000000610.980:2501): avc:  denied  { name_bind } for  pid=21008 comm="syz.2.3869" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[ 1177.927290][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1177.944959][   T24] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[ 1177.954857][   T30] audit: type=1400 audit(2000000610.980:2502): avc:  denied  { node_bind } for  pid=21008 comm="syz.2.3869" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[ 1177.976191][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1178.175634][T21015] wg0 speed is unknown, defaulting to 1000
[ 1178.235867][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1178.246947][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1178.271165][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[ 1178.284735][ T5955] usb 3-1: new full-speed USB device number 84 using dummy_hcd
[ 1178.306827][   T24] usb 1-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[ 1178.316047][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1178.324162][   T24] usb 1-1: Product: syz
[ 1178.338691][   T24] usb 1-1: Manufacturer: syz
[ 1178.353177][   T24] usb 1-1: SerialNumber: syz
[ 1178.384837][   T24] usb 1-1: config 0 descriptor??
[ 1178.439549][ T5955] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1178.464683][ T5955] usb 3-1: New USB device found, idVendor=05ac, idProduct=027b, bcdDevice= 0.00
[ 1178.484043][ T5955] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1178.501218][ T5955] usb 3-1: config 0 descriptor??
[ 1178.646447][T21009] wg0 speed is unknown, defaulting to 1000
[ 1178.834788][T17103] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[ 1178.954265][ T5955] apple 0003:05AC:027B.0036: hidraw0: USB HID v0.00 Device [HID 05ac:027b] on usb-dummy_hcd.2-1/input0
[ 1179.133057][T21019] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1179.154198][T21019] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1179.169346][ T5955] usb 3-1: USB disconnect, device number 84
[ 1179.182449][T17103] usb 2-1: Using ep0 maxpacket: 8
[ 1179.235807][T17103] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[ 1179.246012][T17103] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1179.303452][T17103] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1179.332256][T17103] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1179.344689][T17103] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1179.371885][T17103] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[ 1179.380477][T17103] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1179.392384][T17103] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1179.412223][T17103] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1179.466882][T17103] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1179.492568][T17103] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[ 1179.500650][T17103] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1179.533365][   T30] audit: type=1800 audit(2000000612.650:2503): pid=21033 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.3876" name="bus" dev="ramfs" ino=66916 res=0 errno=0
[ 1179.558790][T17103] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1179.591145][T17103] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1179.603314][T17103] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1179.643942][T17103] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1179.664261][T17103] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1179.684917][   T24] adutux 1-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[ 1179.707887][T17103] usb 2-1: Product: syz
[ 1179.824644][T17103] usb 2-1: Manufacturer: syz
[ 1179.829291][T17103] usb 2-1: SerialNumber: syz
[ 1179.910239][T21041] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3877'.
[ 1179.977185][ T5955] usb 1-1: USB disconnect, device number 95
[ 1180.098411][T21041] batadv1: entered allmulticast mode
[ 1180.286242][T17103] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1180.807997][T17103] usb 2-1: USB disconnect, device number 81
[ 1181.095102][T21049] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1181.102563][T21049] syzkaller0: entered promiscuous mode
[ 1181.112087][T21049] syzkaller0: entered allmulticast mode
[ 1181.631458][T21053] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1181.640914][T21053] syzkaller0: entered promiscuous mode
[ 1181.646655][T21053] syzkaller0: entered allmulticast mode
[ 1182.277761][   T30] audit: type=1400 audit(2000000615.380:2504): avc:  denied  { connect } for  pid=21059 comm="syz.4.3883" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1182.370725][T21063] netlink: 'syz.0.3884': attribute type 9 has an invalid length.
[ 1182.391694][T21065] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3885'.
[ 1182.570431][T21070] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1182.583846][T21070] syzkaller0: entered promiscuous mode
[ 1182.589438][T21070] syzkaller0: entered allmulticast mode
[ 1183.996865][T21049] tipc: Resetting bearer <eth:syzkaller0>
[ 1184.060766][T21049] tipc: Disabling bearer <eth:syzkaller0>
[ 1184.581539][ T5955] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[ 1184.698836][T21050] tipc: Resetting bearer <eth:syzkaller0>
[ 1184.742049][T21050] tipc: Disabling bearer <eth:syzkaller0>
[ 1184.746852][ T5955] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1184.763147][ T5955] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1184.775080][ T5955] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1184.789793][ T5955] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1184.799527][ T5955] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1184.926977][ T5955] usb 3-1: config 0 descriptor??
[ 1185.472608][T21070] tipc: Resetting bearer <eth:syzkaller0>
[ 1185.490350][T21070] tipc: Disabling bearer <eth:syzkaller0>
[ 1186.135747][   T30] audit: type=1400 audit(2000000619.220:2505): avc:  denied  { map } for  pid=21096 comm="syz.3.3894" path="socket:[67715]" dev="sockfs" ino=67715 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1186.658207][ T5955] plantronics 0003:047F:FFFF.0037: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[ 1186.834813][ T5955] usb 3-1: USB disconnect, device number 85
[ 1187.088208][T21105] fido_id[21105]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[ 1187.330574][T21111] wg0 speed is unknown, defaulting to 1000
[ 1187.345589][   T30] audit: type=1400 audit(2000000620.480:2506): avc:  denied  { ioctl } for  pid=21108 comm="syz.1.3896" path="socket:[67022]" dev="sockfs" ino=67022 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[ 1187.710956][   T30] audit: type=1400 audit(2000000620.840:2507): avc:  denied  { getopt } for  pid=21117 comm="syz.2.3898" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1188.222211][T21125] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3900'.
[ 1188.395006][   T11] block nbd1: Possible stuck request ffff888026072a00: control (read@0,1024B). Runtime 60 seconds
[ 1188.406075][T16796] block nbd0: Possible stuck request ffff888026057c40: control (read@0,1024B). Runtime 90 seconds
[ 1188.416864][T16796] block nbd0: Possible stuck request ffff888026057e00: control (read@1024,1024B). Runtime 90 seconds
[ 1188.428095][T16796] block nbd0: Possible stuck request ffff888026057fc0: control (read@2048,1024B). Runtime 90 seconds
[ 1188.440855][   T11] block nbd1: Possible stuck request ffff888026072bc0: control (read@1024,1024B). Runtime 60 seconds
[ 1188.454150][T16796] block nbd0: Possible stuck request ffff888026058180: control (read@3072,1024B). Runtime 90 seconds
[ 1188.465593][   T11] block nbd1: Possible stuck request ffff888026072d80: control (read@2048,1024B). Runtime 60 seconds
[ 1188.477486][   T11] block nbd1: Possible stuck request ffff888026072f40: control (read@3072,1024B). Runtime 60 seconds
[ 1188.624673][T12793] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[ 1188.784614][T12793] usb 2-1: Using ep0 maxpacket: 16
[ 1188.792603][T12793] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1188.806328][T12793] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1188.816663][T12793] usb 2-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[ 1188.826399][T12793] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1188.838288][T12793] usb 2-1: config 0 descriptor??
[ 1188.872428][T21136] vxcan0: tx drop: invalid sa for name 0x0000000000000001
[ 1189.400051][T12793] logitech 0003:046D:C29C.0038: unknown main item tag 0x0
[ 1189.414685][T12793] logitech 0003:046D:C29C.0038: unknown main item tag 0x0
[ 1189.425797][T12793] logitech 0003:046D:C29C.0038: unknown main item tag 0x0
[ 1189.437792][T12793] logitech 0003:046D:C29C.0038: unknown main item tag 0x0
[ 1189.443039][T21127] IPVS: persistence engine module ip_vs_pe_ not found
[ 1189.464621][T12793] logitech 0003:046D:C29C.0038: unknown main item tag 0x0
[ 1189.480016][T12793] logitech 0003:046D:C29C.0038: unknown main item tag 0x0
[ 1189.489031][T12793] logitech 0003:046D:C29C.0038: unknown main item tag 0x0
[ 1189.497389][T12793] logitech 0003:046D:C29C.0038: unknown main item tag 0x0
[ 1189.504921][T12793] logitech 0003:046D:C29C.0038: unknown main item tag 0x0
[ 1189.519301][T12793] logitech 0003:046D:C29C.0038: unknown main item tag 0x0
[ 1189.539237][T12793] logitech 0003:046D:C29C.0038: hidraw0: USB HID v0.01 Device [HID 046d:c29c] on usb-dummy_hcd.1-1/input0
[ 1189.574748][T12761] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[ 1189.619837][T12793] logitech 0003:046D:C29C.0038: no inputs found
[ 1189.627682][T12793] usb 2-1: USB disconnect, device number 82
[ 1189.745794][T12761] usb 3-1: Using ep0 maxpacket: 8
[ 1189.752179][T12761] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30
[ 1189.752214][T12761] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1189.752228][T12761] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 129
[ 1189.752250][T12761] usb 3-1: New USB device found, idVendor=0dfc, idProduct=0102, bcdDevice= 0.00
[ 1189.752263][T12761] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1189.753498][T12761] usb 3-1: config 0 descriptor??
[ 1190.716249][T21166] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3907'.
[ 1191.815144][T21171] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3910'.
[ 1192.274115][T12761] usbhid 3-1:0.0: can't add hid device: -71
[ 1192.286691][T12761] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1192.302631][T12761] usb 3-1: USB disconnect, device number 86
[ 1192.771096][T21187] netlink: 508 bytes leftover after parsing attributes in process `syz.2.3915'.
[ 1193.107031][T21191] binder: 21190:21191 ioctl c0306201 200000000240 returned -14
[ 1193.330970][T21196] netlink: 80 bytes leftover after parsing attributes in process `syz.1.3916'.
[ 1193.340199][T21196] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3916'.
[ 1193.351411][T21196] tipc: MTU too low for tipc bearer
[ 1193.633995][T21201] wg0 speed is unknown, defaulting to 1000
[ 1193.842263][   T30] audit: type=1400 audit(2000000626.970:2508): avc:  denied  { create } for  pid=21206 comm="syz.2.3920" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=netlink_netfilter_socket permissive=1
[ 1194.172053][T21212] team0 (unregistering): Port device team_slave_0 removed
[ 1194.183959][T21212] team0 (unregistering): Port device team_slave_1 removed
[ 1194.514671][T17103] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[ 1194.677023][T17103] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1194.689352][T17103] usb 2-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00
[ 1194.788411][T17103] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1194.799794][T17103] usb 2-1: config 0 descriptor??
[ 1195.009661][T21229] vxfs: WRONG superblock magic 00000000 at 1
[ 1195.016923][T21229] vxfs: WRONG superblock magic 00000000 at 8
[ 1195.023763][T21229] vxfs: can't find superblock.
[ 1195.245109][T21227] ceph: No mds server is up or the cluster is laggy
[ 1195.252396][   T24] libceph: connect (1)[c::]:6789 error -101
[ 1195.259039][   T24] libceph: mon0 (1)[c::]:6789 connect error
[ 1195.397301][T17103] hid_mf 0003:0079:1846.0039: hidraw0: USB HID v0.00 Device [HID 0079:1846] on usb-dummy_hcd.1-1/input0
[ 1195.408832][T17103] hid_mf 0003:0079:1846.0039: Invalid report, this should never happen!
[ 1195.418487][T17103] hid_mf 0003:0079:1846.0039: Force feedback init failed.
[ 1195.637058][ T5955] usb 2-1: USB disconnect, device number 83
[ 1195.794091][T21239] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3926'.
[ 1195.851780][T21239] batadv1: entered allmulticast mode
[ 1196.551439][T21247] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1196.571662][T21247] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1196.794325][   T30] audit: type=1400 audit(2000000629.920:2509): avc:  denied  { ioctl } for  pid=21252 comm="syz.4.3930" path="socket:[68291]" dev="sockfs" ino=68291 ioctlcmd=0x8b2c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1196.825123][T12761] hid_parser_main: 150 callbacks suppressed
[ 1196.825144][T12761] hid-generic 0000:0000:0000.003A: unknown main item tag 0x0
[ 1196.849284][T12761] hid-generic 0000:0000:0000.003A: unknown main item tag 0x0
[ 1196.879581][   T30] audit: type=1400 audit(2000000629.950:2510): avc:  denied  { read } for  pid=21254 comm="syz.1.3931" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1196.933678][T12761] hid-generic 0000:0000:0000.003A: unknown main item tag 0x0
[ 1196.942121][T12761] hid-generic 0000:0000:0000.003A: unknown main item tag 0x0
[ 1196.946793][T21263] pimreg: left allmulticast mode
[ 1196.956018][T12761] hid-generic 0000:0000:0000.003A: unknown main item tag 0x0
[ 1196.983459][T12761] hid-generic 0000:0000:0000.003A: unknown main item tag 0x0
[ 1196.993151][T12761] hid-generic 0000:0000:0000.003A: unknown main item tag 0x0
[ 1197.006504][T12761] hid-generic 0000:0000:0000.003A: unknown main item tag 0x0
[ 1197.014857][T12761] hid-generic 0000:0000:0000.003A: unknown main item tag 0x0
[ 1197.027612][T12761] hid-generic 0000:0000:0000.003A: unknown main item tag 0x0
[ 1197.080015][T12761] hid-generic 0000:0000:0000.003A: hidraw0: <UNKNOWN> HID v0.43 Device [syz0] on syz1
[ 1197.805869][T21272] netlink: 14 bytes leftover after parsing attributes in process `syz.1.3933'.
[ 1198.167589][T21272] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1198.180237][T21272] bond0 (unregistering): Released all slaves
[ 1198.828322][T21284] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3936'.
[ 1199.129380][T21287] create_pit_timer: 3 callbacks suppressed
[ 1199.129396][T21287] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1199.144188][T21293] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
[ 1199.153303][T21293] FAULT_INJECTION: forcing a failure.
[ 1199.153303][T21293] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1199.155851][T21287] kvm: pic: non byte read
[ 1199.167072][T21293] CPU: 1 UID: 0 PID: 21293 Comm: syz.4.3939 Not tainted syzkaller #0 PREEMPT(full) 
[ 1199.167094][T21293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1199.167103][T21293] Call Trace:
[ 1199.167109][T21293]  <TASK>
[ 1199.167115][T21293]  dump_stack_lvl+0x16c/0x1f0
[ 1199.167141][T21293]  should_fail_ex+0x512/0x640
[ 1199.167165][T21293]  _copy_to_user+0x32/0xd0
[ 1199.167186][T21293]  simple_read_from_buffer+0xcb/0x170
[ 1199.167205][T21293]  proc_fail_nth_read+0x197/0x240
[ 1199.167227][T21293]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1199.167253][T21293]  ? rw_verify_area+0xcf/0x6c0
[ 1199.167268][T21293]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1199.167287][T21293]  vfs_read+0x1e1/0xcf0
[ 1199.167307][T21293]  ? __pfx___mutex_lock+0x10/0x10
[ 1199.167327][T21293]  ? __pfx_vfs_read+0x10/0x10
[ 1199.167349][T21293]  ? __fget_files+0x20e/0x3c0
[ 1199.167365][T21293]  ? __x64_sys_mount+0x200/0x310
[ 1199.167391][T21293]  ksys_read+0x12a/0x250
[ 1199.167407][T21293]  ? __pfx_ksys_read+0x10/0x10
[ 1199.167429][T21293]  do_syscall_64+0xcd/0x4e0
[ 1199.167450][T21293]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1199.167466][T21293] RIP: 0033:0x7fc70598d8dc
[ 1199.167479][T21293] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1199.167494][T21293] RSP: 002b:00007fc706844030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1199.167510][T21293] RAX: ffffffffffffffda RBX: 00007fc705be5fa0 RCX: 00007fc70598d8dc
[ 1199.167520][T21293] RDX: 000000000000000f RSI: 00007fc7068440a0 RDI: 0000000000000003
[ 1199.167530][T21293] RBP: 00007fc706844090 R08: 0000000000000000 R09: 0000000000000000
[ 1199.167539][T21293] R10: 0000000000004002 R11: 0000000000000246 R12: 0000000000000002
[ 1199.167548][T21293] R13: 00007fc705be6038 R14: 00007fc705be5fa0 R15: 00007ffcd63afd08
[ 1199.167569][T21293]  </TASK>
[ 1200.008434][T21306] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1200.099293][T21307] No control pipe specified
[ 1200.483283][T21314] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1200.684678][   T24] usb 3-1: new low-speed USB device number 87 using dummy_hcd
[ 1200.814630][   T24] usb 3-1: device descriptor read/64, error -71
[ 1201.064644][   T24] usb 3-1: new low-speed USB device number 88 using dummy_hcd
[ 1201.197642][   T24] usb 3-1: device descriptor read/64, error -71
[ 1201.219056][T16311] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1201.229330][T16311] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1201.239704][T16311] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1201.249153][T16311] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1201.256921][T16311] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1201.292752][T21320] wg0 speed is unknown, defaulting to 1000
[ 1201.305153][   T24] usb usb3-port1: attempt power cycle
[ 1201.378414][T21320] chnl_net:caif_netlink_parms(): no params data found
[ 1201.425693][T21320] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1201.432907][T21320] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1201.440631][T21320] bridge_slave_0: entered allmulticast mode
[ 1201.447533][T21320] bridge_slave_0: entered promiscuous mode
[ 1201.455195][T21320] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1201.462287][T21320] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1201.470025][T21320] bridge_slave_1: entered allmulticast mode
[ 1201.476925][T21320] bridge_slave_1: entered promiscuous mode
[ 1201.501707][T21320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1201.512774][T21320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1201.538304][T21320] team0: Port device team_slave_0 added
[ 1201.546244][T21320] team0: Port device team_slave_1 added
[ 1201.566459][T21320] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1201.573424][T21320] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1201.600849][T21320] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1201.613472][T21320] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1201.620807][T21320] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1201.647708][T21320] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1201.658525][   T24] usb 3-1: new low-speed USB device number 89 using dummy_hcd
[ 1201.685289][   T24] usb 3-1: device descriptor read/8, error -71
[ 1201.687904][T21320] hsr_slave_0: entered promiscuous mode
[ 1201.698251][T21320] hsr_slave_1: entered promiscuous mode
[ 1201.704319][T21320] debugfs: 'hsr0' already exists in 'hsr'
[ 1201.711149][T21320] Cannot create hsr debugfs directory
[ 1201.823380][T21320] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1201.834678][T21320] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1201.844081][T21320] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1201.853447][T21320] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1201.879188][T21320] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1201.886365][T21320] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1201.893901][T21320] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1201.901035][T21320] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1201.943764][T21320] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1201.958037][   T62] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1201.967250][   T24] usb 3-1: new low-speed USB device number 90 using dummy_hcd
[ 1201.975653][   T62] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1202.000788][T21320] 8021q: adding VLAN 0 to HW filter on device team0
[ 1202.055831][   T24] usb 3-1: device descriptor read/8, error -71
[ 1202.067752][   T62] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1202.075024][   T62] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1202.085284][   T62] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1202.087650][T21335] FAULT_INJECTION: forcing a failure.
[ 1202.087650][T21335] name failslab, interval 1, probability 0, space 0, times 0
[ 1202.092477][   T62] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1202.106990][T21335] CPU: 0 UID: 0 PID: 21335 Comm: syz.1.3949 Not tainted syzkaller #0 PREEMPT(full) 
[ 1202.107012][T21335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1202.107021][T21335] Call Trace:
[ 1202.107027][T21335]  <TASK>
[ 1202.107033][T21335]  dump_stack_lvl+0x16c/0x1f0
[ 1202.107065][T21335]  should_fail_ex+0x512/0x640
[ 1202.107084][T21335]  ? __kmalloc_noprof+0xca/0x880
[ 1202.107110][T21335]  should_failslab+0xc2/0x120
[ 1202.107130][T21335]  __kmalloc_noprof+0xdd/0x880
[ 1202.107153][T21335]  ? lsm_blob_alloc+0x68/0x90
[ 1202.107180][T21335]  ? lsm_blob_alloc+0x68/0x90
[ 1202.107200][T21335]  lsm_blob_alloc+0x68/0x90
[ 1202.107222][T21335]  security_bpf_map_create+0x34/0x2a0
[ 1202.107243][T21335]  map_create+0x13bd/0x27e0
[ 1202.107274][T21335]  ? __pfx_map_create+0x10/0x10
[ 1202.107295][T21335]  ? __might_fault+0xe3/0x190
[ 1202.107312][T21335]  ? __might_fault+0xe3/0x190
[ 1202.107326][T21335]  ? __might_fault+0x13b/0x190
[ 1202.107344][T21335]  ? selinux_bpf+0xde/0x130
[ 1202.107369][T21335]  __sys_bpf+0x3d9d/0x4980
[ 1202.107387][T21335]  ? __pfx___sys_bpf+0x10/0x10
[ 1202.107401][T21335]  ? find_held_lock+0x2b/0x80
[ 1202.107427][T21335]  ? find_held_lock+0x2b/0x80
[ 1202.107454][T21335]  ? __mutex_unlock_slowpath+0x161/0x7b0
[ 1202.107487][T21335]  ? fput+0x9b/0xd0
[ 1202.107507][T21335]  ? ksys_write+0x1ac/0x250
[ 1202.107523][T21335]  ? __pfx_ksys_write+0x10/0x10
[ 1202.107543][T21335]  __x64_sys_bpf+0x78/0xc0
[ 1202.107558][T21335]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1202.107576][T21335]  do_syscall_64+0xcd/0x4e0
[ 1202.107597][T21335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1202.107613][T21335] RIP: 0033:0x7f5f9e78eec9
[ 1202.107626][T21335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1202.107646][T21335] RSP: 002b:00007f5f9f584038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1202.107662][T21335] RAX: ffffffffffffffda RBX: 00007f5f9e9e5fa0 RCX: 00007f5f9e78eec9
[ 1202.107673][T21335] RDX: 0000000000000050 RSI: 0000200000000000 RDI: 0000000000000000
[ 1202.107683][T21335] RBP: 00007f5f9f584090 R08: 0000000000000000 R09: 0000000000000000
[ 1202.107692][T21335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1202.107702][T21335] R13: 00007f5f9e9e6038 R14: 00007f5f9e9e5fa0 R15: 00007ffd1cd88298
[ 1202.107723][T21335]  </TASK>
[ 1202.205092][T21337] netlink: 'syz.1.3950': attribute type 1 has an invalid length.
[ 1202.208674][   T24] usb usb3-port1: unable to enumerate USB device
[ 1202.411228][T21320] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1202.707136][   T30] audit: type=1400 audit(2000000635.840:2511): avc:  denied  { create } for  pid=21349 comm="syz.1.3952" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[ 1202.910707][T21320] veth0_vlan: entered promiscuous mode
[ 1202.923858][T21320] veth1_vlan: entered promiscuous mode
[ 1202.949388][T21320] veth0_macvtap: entered promiscuous mode
[ 1202.960436][T21320] veth1_macvtap: entered promiscuous mode
[ 1202.976130][T21320] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1203.002954][T21320] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1203.024230][T13957] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1203.035563][T13957] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1203.045035][T13957] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1203.054135][ T9375] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1203.196005][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1203.203837][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1203.231824][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1203.240732][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1203.365612][T11240] Bluetooth: hci0: command tx timeout
[ 1203.734602][T19479] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 1203.934667][T19479] usb 6-1: Using ep0 maxpacket: 8
[ 1203.941123][T19479] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30
[ 1203.955139][T19479] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1204.013032][T19479] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 129
[ 1204.054640][T19479] usb 6-1: New USB device found, idVendor=0dfc, idProduct=0102, bcdDevice= 0.00
[ 1204.071013][T19479] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1204.096958][T19479] usb 6-1: config 0 descriptor??
[ 1204.364737][T12793] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[ 1204.424656][ T5955] usb 2-1: new high-speed USB device number 85 using dummy_hcd
[ 1204.514897][T12793] usb 3-1: Using ep0 maxpacket: 16
[ 1204.521465][T12793] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1204.532590][T12793] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1204.542409][T12793] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 1204.551578][T12793] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1204.570110][T12793] usb 3-1: config 0 descriptor??
[ 1204.575166][ T5955] usb 2-1: Using ep0 maxpacket: 16
[ 1204.585501][ T5955] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1204.596661][ T5955] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1204.606530][ T5955] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1204.620302][ T5955] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1204.629945][ T5955] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1204.640322][ T5955] usb 2-1: config 0 descriptor??
[ 1204.986234][T12793] hid_parser_main: 73 callbacks suppressed
[ 1204.986255][T12793] savu 0003:1E7D:2D5A.003B: unknown main item tag 0x0
[ 1204.999388][T12793] savu 0003:1E7D:2D5A.003B: unknown main item tag 0x0
[ 1205.006294][T12793] savu 0003:1E7D:2D5A.003B: unknown main item tag 0x0
[ 1205.013114][T12793] savu 0003:1E7D:2D5A.003B: unknown main item tag 0x0
[ 1205.020155][T12793] savu 0003:1E7D:2D5A.003B: unknown main item tag 0x0
[ 1205.029850][T12793] savu 0003:1E7D:2D5A.003B: hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0
[ 1205.068922][ T5955] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0
[ 1205.084984][ T5955] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0
[ 1205.092626][ T5955] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0
[ 1205.108787][ T5955] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.003C/input/input48
[ 1205.189951][ T5955] microsoft 0003:045E:07DA.003C: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[ 1205.297161][ T5955] usb 2-1: USB disconnect, device number 85
[ 1205.435437][T11240] Bluetooth: hci0: command tx timeout
[ 1205.859289][T21380] netlink: 'syz.1.3960': attribute type 1 has an invalid length.
[ 1206.172482][T21380] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3960'.
[ 1206.439867][T19479] usbhid 6-1:0.0: can't add hid device: -71
[ 1206.478001][T19479] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1206.804847][T19479] usb 6-1: USB disconnect, device number 2
[ 1207.078010][   T30] audit: type=1400 audit(2000000640.200:2512): avc:  denied  { setopt } for  pid=21396 comm="syz.5.3964" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1207.179589][T19479] usb 3-1: USB disconnect, device number 91
[ 1207.267268][T21408] FAULT_INJECTION: forcing a failure.
[ 1207.267268][T21408] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1207.282488][T21408] CPU: 0 UID: 0 PID: 21408 Comm: syz.2.3968 Not tainted syzkaller #0 PREEMPT(full) 
[ 1207.282517][T21408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1207.282529][T21408] Call Trace:
[ 1207.282535][T21408]  <TASK>
[ 1207.282543][T21408]  dump_stack_lvl+0x16c/0x1f0
[ 1207.282572][T21408]  should_fail_ex+0x512/0x640
[ 1207.282598][T21408]  _copy_to_user+0x32/0xd0
[ 1207.282624][T21408]  simple_read_from_buffer+0xcb/0x170
[ 1207.282646][T21408]  proc_fail_nth_read+0x197/0x240
[ 1207.282671][T21408]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1207.282695][T21408]  ? rw_verify_area+0xcf/0x6c0
[ 1207.282712][T21408]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1207.282735][T21408]  vfs_read+0x1e1/0xcf0
[ 1207.282757][T21408]  ? __pfx___mutex_lock+0x10/0x10
[ 1207.282781][T21408]  ? __pfx_vfs_read+0x10/0x10
[ 1207.282807][T21408]  ? __fget_files+0x20e/0x3c0
[ 1207.282836][T21408]  ksys_read+0x12a/0x250
[ 1207.282854][T21408]  ? __pfx_ksys_read+0x10/0x10
[ 1207.282886][T21408]  do_syscall_64+0xcd/0x4e0
[ 1207.282912][T21408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1207.282932][T21408] RIP: 0033:0x7f1356f8d8dc
[ 1207.282947][T21408] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1207.282965][T21408] RSP: 002b:00007f13551f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1207.282984][T21408] RAX: ffffffffffffffda RBX: 00007f13571e5fa0 RCX: 00007f1356f8d8dc
[ 1207.282996][T21408] RDX: 000000000000000f RSI: 00007f13551f60a0 RDI: 0000000000000005
[ 1207.283007][T21408] RBP: 00007f13551f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1207.283023][T21408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1207.283034][T21408] R13: 00007f13571e6038 R14: 00007f13571e5fa0 R15: 00007ffe76dd2458
[ 1207.283065][T21408]  </TASK>
[ 1207.514751][T11240] Bluetooth: hci0: command tx timeout
[ 1207.546330][   T24] libceph: connect (1)[c::]:6789 error -101
[ 1207.563674][   T24] libceph: mon0 (1)[c::]:6789 connect error
[ 1207.586967][T21410] ceph: No mds server is up or the cluster is laggy
[ 1207.607848][T21418] vxfs: WRONG superblock magic 00000000 at 1
[ 1207.641821][T21418] vxfs: WRONG superblock magic 00000000 at 8
[ 1207.698068][T21418] vxfs: can't find superblock.
[ 1208.024754][T19479] usb 2-1: new high-speed USB device number 86 using dummy_hcd
[ 1208.124700][T17103] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[ 1208.174654][T19479] usb 2-1: Using ep0 maxpacket: 16
[ 1208.182324][T19479] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1208.198928][T19479] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1208.209074][T19479] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1208.222227][T19479] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1208.254697][T19479] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1208.433549][T19479] usb 2-1: config 0 descriptor??
[ 1208.438106][T17103] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1208.447590][T17103] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1208.455627][T17103] usb 3-1: Product: syz
[ 1208.459790][T17103] usb 3-1: Manufacturer: syz
[ 1208.464385][T17103] usb 3-1: SerialNumber: syz
[ 1208.581614][T21435] rdma_rxe: rxe_newlink: failed to add vxcan1
[ 1208.765826][T16311] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1208.833236][T17103] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1208.834491][T16311] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1208.849205][   T24] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1208.858542][T16311] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1208.867458][T16311] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1208.880046][T16311] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1208.921719][T21433] wg0 speed is unknown, defaulting to 1000
[ 1208.928471][ T5948] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[ 1209.054266][T19479] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0
[ 1209.070495][T19479] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0
[ 1209.106951][ T5948] usb 6-1: Using ep0 maxpacket: 8
[ 1209.112695][T19479] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.003D/input/input49
[ 1209.127548][ T5948] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1209.182939][T21433] chnl_net:caif_netlink_parms(): no params data found
[ 1209.191201][ T5948] usb 6-1: config 57 has an invalid interface number: 229 but max is 0
[ 1209.356317][T12761] usb 3-1: USB disconnect, device number 92
[ 1209.409221][T19479] microsoft 0003:045E:07DA.003D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[ 1209.421535][ T5948] usb 6-1: config 57 has no interface number 0
[ 1209.437554][ T5948] usb 6-1: config 57 interface 229 has no altsetting 0
[ 1209.458330][ T5948] usb 6-1: New USB device found, idVendor=0979, idProduct=0270, bcdDevice=dd.eb
[ 1209.479877][T19479] usb 2-1: USB disconnect, device number 86
[ 1209.490451][ T5948] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1209.506920][ T5948] usb 6-1: Product: syz
[ 1209.513977][ T5948] usb 6-1: Manufacturer: syz
[ 1209.515029][T21439] fido_id[21439]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[ 1209.528077][ T5948] usb 6-1: SerialNumber: syz
[ 1209.588980][T21433] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1209.598477][T11240] Bluetooth: hci0: command tx timeout
[ 1209.600490][T21433] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1209.611727][T21433] bridge_slave_0: entered allmulticast mode
[ 1209.619290][T21433] bridge_slave_0: entered promiscuous mode
[ 1209.627044][T21433] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1209.634747][T21433] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1209.641973][T21433] bridge_slave_1: entered allmulticast mode
[ 1209.649301][T21433] bridge_slave_1: entered promiscuous mode
[ 1209.674856][T21433] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1209.687055][T21433] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1209.715747][T21433] team0: Port device team_slave_0 added
[ 1209.723299][T21433] team0: Port device team_slave_1 added
[ 1209.749050][T21433] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1209.756116][T21433] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1209.782345][T21433] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1209.795620][T21433] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1209.802591][T21433] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1209.829299][T21433] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1209.869911][T21433] hsr_slave_0: entered promiscuous mode
[ 1209.876672][T21433] hsr_slave_1: entered promiscuous mode
[ 1209.882786][T21433] debugfs: 'hsr0' already exists in 'hsr'
[ 1209.888795][T21433] Cannot create hsr debugfs directory
[ 1209.914798][   T24] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[ 1209.921832][   T24] ath9k_htc: Failed to initialize the device
[ 1209.936341][T12761] usb 3-1: ath9k_htc: USB layer deinitialized
[ 1209.991696][T21444] FAULT_INJECTION: forcing a failure.
[ 1209.991696][T21444] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1210.005772][T21444] CPU: 0 UID: 0 PID: 21444 Comm: syz.1.3974 Not tainted syzkaller #0 PREEMPT(full) 
[ 1210.005798][T21444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1210.005809][T21444] Call Trace:
[ 1210.005815][T21444]  <TASK>
[ 1210.005823][T21444]  dump_stack_lvl+0x16c/0x1f0
[ 1210.005850][T21444]  should_fail_ex+0x512/0x640
[ 1210.005881][T21444]  _copy_from_user+0x2e/0xd0
[ 1210.005906][T21444]  copy_msghdr_from_user+0x98/0x160
[ 1210.005930][T21444]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1210.005968][T21444]  ___sys_sendmsg+0xfe/0x1d0
[ 1210.005996][T21444]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1210.006050][T21444]  __sys_sendmsg+0x16d/0x220
[ 1210.006072][T21444]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1210.006110][T21444]  do_syscall_64+0xcd/0x4e0
[ 1210.006135][T21444]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1210.006154][T21444] RIP: 0033:0x7f5f9e78eec9
[ 1210.006168][T21444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1210.006185][T21444] RSP: 002b:00007f5f9f584038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1210.006203][T21444] RAX: ffffffffffffffda RBX: 00007f5f9e9e5fa0 RCX: 00007f5f9e78eec9
[ 1210.006214][T21444] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[ 1210.006225][T21444] RBP: 00007f5f9f584090 R08: 0000000000000000 R09: 0000000000000000
[ 1210.006236][T21444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1210.006247][T21444] R13: 00007f5f9e9e6038 R14: 00007f5f9e9e5fa0 R15: 00007ffd1cd88298
[ 1210.006271][T21444]  </TASK>
[ 1210.237196][   T30] audit: type=1400 audit(2000000643.370:2513): avc:  denied  { mounton } for  pid=21448 comm="syz.4.3976" path="/183/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1
[ 1210.341035][T21433] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1210.356214][T21433] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1210.368952][T21433] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1210.397887][T21433] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1210.484323][T12761] usb 3-1: new high-speed USB device number 93 using dummy_hcd
[ 1210.655808][T12761] usb 3-1: Using ep0 maxpacket: 16
[ 1210.663569][T12761] usb 3-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[ 1210.677627][T12761] usb 3-1: config 6 has 0 interfaces, different from the descriptor's value: 1
[ 1210.744572][T21433] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1210.782627][T21433] 8021q: adding VLAN 0 to HW filter on device team0
[ 1210.796908][   T62] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1210.804067][   T62] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1210.844152][   T62] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1210.851352][   T62] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1210.902789][T12761] usb 3-1: string descriptor 0 read error: -71
[ 1210.926618][T12761] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=90.c3
[ 1210.938759][T12761] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1210.943443][T21433] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1210.955467][T11240] Bluetooth: hci6: command tx timeout
[ 1210.986838][T12761] r8152-cfgselector 3-1: Unknown version 0x0000
[ 1210.997375][T12761] r8152-cfgselector 3-1: rejected 1 configuration due to insufficient available bus power
[ 1211.014966][T12761] r8152-cfgselector 3-1: no configuration chosen from 1 choice
[ 1211.024840][T12761] r8152-cfgselector 3-1: USB disconnect, device number 93
[ 1211.325407][ T5948] gspca_main: jeilinj-2.14.0 probing 0979:0270
[ 1211.347967][ T5948] usb 6-1: USB disconnect, device number 3
[ 1212.121467][T21433] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1212.539793][T21433] veth0_vlan: entered promiscuous mode
[ 1212.579226][T21433] veth1_vlan: entered promiscuous mode
[ 1212.669074][T21433] veth0_macvtap: entered promiscuous mode
[ 1212.674226][T21486] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[ 1212.698213][T21433] veth1_macvtap: entered promiscuous mode
[ 1212.709245][T21486] CIFS mount error: No usable UNC path provided in device string!
[ 1212.709245][T21486] 
[ 1212.721112][T21486] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1212.889280][T21433] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1212.981302][T21433] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1213.034742][T11240] Bluetooth: hci6: command tx timeout
[ 1213.354086][T21495] fuse: Unknown parameter '������;H�8���ݒÏkm����G�+�]*m�LM52a&�zk���r�*'
[ 1213.416627][   T50] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1213.471555][   T50] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1213.519225][   T50] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1213.579485][   T50] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1213.670101][ T5948] usb 2-1: new high-speed USB device number 87 using dummy_hcd
[ 1213.869278][ T6833] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1213.895638][ T5948] usb 2-1: Using ep0 maxpacket: 16
[ 1213.911030][ T6833] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1213.921114][ T5948] usb 2-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice= 0.00
[ 1213.952186][ T5948] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1214.010330][T21510] FAULT_INJECTION: forcing a failure.
[ 1214.010330][T21510] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1214.024944][T21510] CPU: 1 UID: 0 PID: 21510 Comm: syz.5.3987 Not tainted syzkaller #0 PREEMPT(full) 
[ 1214.024971][T21510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1214.024982][T21510] Call Trace:
[ 1214.024988][T21510]  <TASK>
[ 1214.025002][T21510]  dump_stack_lvl+0x16c/0x1f0
[ 1214.025030][T21510]  should_fail_ex+0x512/0x640
[ 1214.025056][T21510]  _copy_from_iter+0x29f/0x1720
[ 1214.025080][T21510]  ? __lock_acquire+0x62e/0x1ce0
[ 1214.025102][T21510]  ? __pfx__copy_from_iter+0x10/0x10
[ 1214.025122][T21510]  ? __lock_acquire+0x62e/0x1ce0
[ 1214.025152][T21510]  copy_page_from_iter+0xde/0x180
[ 1214.025178][T21510]  tun_build_skb.constprop.0+0x2e8/0x1510
[ 1214.025207][T21510]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[ 1214.025226][T21510]  ? unwind_get_return_address+0x59/0xa0
[ 1214.025250][T21510]  ? arch_stack_walk+0xa6/0x100
[ 1214.025285][T21510]  ? _kstrtoull+0x145/0x200
[ 1214.025312][T21510]  tun_get_user+0x149c/0x3cc0
[ 1214.025342][T21510]  ? __pfx_tun_get_user+0x10/0x10
[ 1214.025363][T21510]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1214.025392][T21510]  ? find_held_lock+0x2b/0x80
[ 1214.025417][T21510]  ? tun_get+0x191/0x370
[ 1214.025438][T21510]  tun_chr_write_iter+0xdc/0x210
[ 1214.025460][T21510]  vfs_write+0x7d3/0x11d0
[ 1214.025480][T21510]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1214.025501][T21510]  ? __pfx_vfs_write+0x10/0x10
[ 1214.025537][T21510]  ? find_held_lock+0x2b/0x80
[ 1214.025580][T21510]  ksys_write+0x12a/0x250
[ 1214.025598][T21510]  ? __pfx_ksys_write+0x10/0x10
[ 1214.025624][T21510]  do_syscall_64+0xcd/0x4e0
[ 1214.025669][T21510]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1214.025686][T21510] RIP: 0033:0x7f207f98d97f
[ 1214.025704][T21510] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1214.025722][T21510] RSP: 002b:00007f20807b2000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1214.025739][T21510] RAX: ffffffffffffffda RBX: 00007f207fbe5fa0 RCX: 00007f207f98d97f
[ 1214.025751][T21510] RDX: 000000000000005e RSI: 0000200000000400 RDI: 00000000000000c8
[ 1214.025761][T21510] RBP: 00007f20807b2090 R08: 0000000000000000 R09: 0000000000000000
[ 1214.025772][T21510] R10: 000000000000005e R11: 0000000000000293 R12: 0000000000000001
[ 1214.025783][T21510] R13: 00007f207fbe6038 R14: 00007f207fbe5fa0 R15: 00007ffcfd83fdb8
[ 1214.025807][T21510]  </TASK>
[ 1214.045384][ T5948] usb 2-1: config 0 descriptor??
[ 1214.054020][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1214.275624][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1214.620584][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1214.711180][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1215.040101][ T5948] apple 0003:05AC:0292.003E: item fetching failed at offset 3/6
[ 1215.053406][ T5948] apple 0003:05AC:0292.003E: parse failed
[ 1215.073381][ T5948] apple 0003:05AC:0292.003E: probe with driver apple failed with error -22
[ 1215.116580][T11240] Bluetooth: hci6: command tx timeout
[ 1215.209050][   T30] audit: type=1400 audit(2000000648.340:2514): avc:  denied  { bind } for  pid=21529 comm="syz.2.3991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[ 1215.285374][T21494] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3984'.
[ 1215.298959][T12761] usb 2-1: USB disconnect, device number 87
[ 1215.452081][T21535] trusted_key: encrypted_key: insufficient parameters specified
[ 1215.473729][T21535] tmpfs: Bad value for 'mpol'
[ 1216.893312][T21561] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1216.922614][T21561] kvm: pic: non byte read
[ 1216.939289][T21561] kvm: pic: level sensitive irq not supported
[ 1216.939353][T21561] kvm: pic: non byte read
[ 1216.950965][T21561] kvm: pic: level sensitive irq not supported
[ 1216.951041][T21561] kvm: pic: non byte read
[ 1216.963078][T21561] kvm: pic: level sensitive irq not supported
[ 1216.963141][T21561] kvm: pic: non byte read
[ 1217.593245][T11240] Bluetooth: hci6: command tx timeout
[ 1217.609710][T21561] kvm: pic: level sensitive irq not supported
[ 1217.609799][T21561] kvm: pic: non byte read
[ 1218.030492][T21561] kvm: pic: level sensitive irq not supported
[ 1218.030560][T21561] kvm: pic: non byte read
[ 1218.477760][   T11] block nbd0: Possible stuck request ffff888026057c40: control (read@0,1024B). Runtime 120 seconds
[ 1218.489268][T16796] block nbd1: Possible stuck request ffff888026072a00: control (read@0,1024B). Runtime 90 seconds
[ 1218.500048][   T11] block nbd0: Possible stuck request ffff888026057e00: control (read@1024,1024B). Runtime 120 seconds
[ 1218.511437][T16796] block nbd1: Possible stuck request ffff888026072bc0: control (read@1024,1024B). Runtime 90 seconds
[ 1218.522620][   T11] block nbd0: Possible stuck request ffff888026057fc0: control (read@2048,1024B). Runtime 120 seconds
[ 1218.533870][T16796] block nbd1: Possible stuck request ffff888026072d80: control (read@2048,1024B). Runtime 90 seconds
[ 1218.546665][   T11] block nbd0: Possible stuck request ffff888026058180: control (read@3072,1024B). Runtime 120 seconds
[ 1218.558323][T16796] block nbd1: Possible stuck request ffff888026072f40: control (read@3072,1024B). Runtime 90 seconds
[ 1218.707579][T21585] 8021q: VLANs not supported on rose0
[ 1219.337138][T21598] Bluetooth: MGMT ver 1.23
[ 1219.547263][   T30] audit: type=1326 audit(2000000652.660:2515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21584 comm="syz.2.4004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1356f8eec9 code=0x7ffc0000
[ 1219.784901][T21606] netlink: 'syz.1.4011': attribute type 2 has an invalid length.
[ 1219.818791][   T30] audit: type=1326 audit(2000000652.660:2516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21584 comm="syz.2.4004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1356f8eec9 code=0x7ffc0000
[ 1219.846249][T11240] Bluetooth: hci6: unexpected event 0x2f length: 509 > 260
[ 1220.027121][   T30] audit: type=1326 audit(2000000652.660:2517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21584 comm="syz.2.4004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7f1356f8eec9 code=0x7ffc0000
[ 1220.474839][   T30] audit: type=1326 audit(2000000652.660:2518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21584 comm="syz.2.4004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1356f8eec9 code=0x7ffc0000
[ 1221.149351][   T30] audit: type=1326 audit(2000000652.660:2519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21584 comm="syz.2.4004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1356f8eec9 code=0x7ffc0000
[ 1221.173287][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1221.289110][   T30] audit: type=1326 audit(2000000652.670:2520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21584 comm="syz.2.4004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1356f8d710 code=0x7ffc0000
[ 1221.453313][   T30] audit: type=1326 audit(2000000652.670:2521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21584 comm="syz.2.4004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1356f8eec9 code=0x7ffc0000
[ 1221.477445][   T30] audit: type=1326 audit(2000000652.670:2522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21584 comm="syz.2.4004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1356f8eec9 code=0x7ffc0000
[ 1221.537360][   T30] audit: type=1326 audit(2000000652.670:2523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21584 comm="syz.2.4004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f1356f8d97f code=0x7ffc0000
[ 1221.562221][   T30] audit: type=1326 audit(2000000652.670:2524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21584 comm="syz.2.4004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1356f8eec9 code=0x7ffc0000
[ 1221.987263][T12761] usb 2-1: new full-speed USB device number 88 using dummy_hcd
[ 1222.175067][T12761] usb 2-1: device descriptor read/64, error -71
[ 1223.375386][T12761] usb 2-1: new full-speed USB device number 89 using dummy_hcd
[ 1223.428797][T21649] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4021'.
[ 1223.758661][T12761] usb 2-1: device descriptor read/64, error -71
[ 1223.897380][T12761] usb usb2-port1: attempt power cycle
[ 1224.330728][T12761] usb 2-1: new full-speed USB device number 90 using dummy_hcd
[ 1224.478408][T12761] usb 2-1: device descriptor read/8, error -71
[ 1224.713256][T21669] binder: BINDER_SET_CONTEXT_MGR already set
[ 1224.719807][T21669] binder: 21668:21669 ioctl 4018620d 2000000002c0 returned -16
[ 1224.728370][T21669] binder: 21668:21669 ioctl c0306201 200000000240 returned -11
[ 1224.746036][T21670] netlink: 56 bytes leftover after parsing attributes in process `syz.6.4029'.
[ 1224.895327][T21672] netlink: 80 bytes leftover after parsing attributes in process `syz.1.4030'.
[ 1224.904426][T21672] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4030'.
[ 1224.916263][T21672] tipc: MTU too low for tipc bearer
[ 1225.415390][   T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[ 1225.507764][T21679] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4033'.
[ 1225.553636][   T24] usb 6-1: device descriptor read/64, error -71
[ 1225.764864][T17377] usb 3-1: new full-speed USB device number 94 using dummy_hcd
[ 1225.834701][   T24] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[ 1226.034682][T17377] usb 3-1: device descriptor read/64, error -71
[ 1226.042520][T21686] netlink: 36 bytes leftover after parsing attributes in process `syz.6.4036'.
[ 1226.053386][   T30] kauditd_printk_skb: 2 callbacks suppressed
[ 1226.053400][   T30] audit: type=1400 audit(2000000659.180:2527): avc:  denied  { getopt } for  pid=21685 comm="syz.6.4036" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1226.080548][   T24] usb 6-1: device descriptor read/64, error -71
[ 1226.194897][   T24] usb usb6-port1: attempt power cycle
[ 1226.274666][T17377] usb 3-1: new full-speed USB device number 95 using dummy_hcd
[ 1226.784749][T17377] usb 3-1: device descriptor read/64, error -71
[ 1226.895589][T17377] usb usb3-port1: attempt power cycle
[ 1226.924628][   T24] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[ 1226.964264][   T24] usb 6-1: device descriptor read/8, error -71
[ 1227.390833][T21713] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4044'.
[ 1227.510364][T12759] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 1227.518060][T17377] usb 3-1: new full-speed USB device number 96 using dummy_hcd
[ 1227.525938][   T24] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[ 1227.545205][   T24] usb 6-1: device descriptor read/8, error -71
[ 1227.555228][T17377] usb 3-1: device descriptor read/8, error -71
[ 1227.655205][   T24] usb usb6-port1: unable to enumerate USB device
[ 1227.698061][T21717] netlink: 3 bytes leftover after parsing attributes in process `syz.1.4045'.
[ 1227.732043][T12759] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1227.741415][T12759] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1227.772571][T12759] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1227.804729][T17377] usb 3-1: new full-speed USB device number 97 using dummy_hcd
[ 1227.833064][T21717] batadv1: entered allmulticast mode
[ 1227.838809][T12759] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[ 1227.852961][T12759] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[ 1227.912780][T17377] usb 3-1: device descriptor read/8, error -71
[ 1227.925392][T12759] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1227.937951][T12759] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1228.016535][T12759] usb 7-1: Product: syz
[ 1228.024614][T12759] usb 7-1: Manufacturer: syz
[ 1228.034864][T17377] usb usb3-port1: unable to enumerate USB device
[ 1228.044805][T12759] cdc_wdm 7-1:1.0: skipping garbage
[ 1228.050064][T12759] cdc_wdm 7-1:1.0: skipping garbage
[ 1228.075851][T12759] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[ 1228.081791][T12759] cdc_wdm 7-1:1.0: Unknown control protocol
[ 1228.353332][   T30] audit: type=1400 audit(2000000661.410:2528): avc:  denied  { read } for  pid=21719 comm="syz.5.4046" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1228.372888][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1228.604776][   T30] audit: type=1400 audit(2000000661.730:2529): avc:  denied  { setattr } for  pid=21719 comm="syz.5.4046" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sock_file permissive=1
[ 1228.685537][T21726] binder: 21725:21726 ioctl c0306201 200000000240 returned -14
[ 1228.794467][T21724] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1228.855944][T21729] netlink: 80 bytes leftover after parsing attributes in process `syz.2.4047'.
[ 1228.865486][T21729] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4047'.
[ 1228.874767][T21729] tipc: MTU too low for tipc bearer
[ 1229.342646][   T30] audit: type=1400 audit(2000000662.470:2530): avc:  denied  { write } for  pid=21738 comm="syz.1.4050" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[ 1229.538129][T21741] cgroup: Need name or subsystem set
[ 1229.777051][T21748] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1233.901190][T17103] usb 7-1: USB disconnect, device number 2
[ 1233.989356][T21759] openvswitch: netlink: Message has 8 unknown bytes.
[ 1234.088732][T21760] netlink: 3 bytes leftover after parsing attributes in process `syz.4.4054'.
[ 1234.370155][T21760] batadv1: entered allmulticast mode
[ 1234.534666][T12793] usb 2-1: new high-speed USB device number 92 using dummy_hcd
[ 1234.684873][T12793] usb 2-1: device descriptor read/64, error -71
[ 1234.924679][T12793] usb 2-1: new high-speed USB device number 93 using dummy_hcd
[ 1235.131780][T12793] usb 2-1: device descriptor read/64, error -71
[ 1235.542204][T12793] usb usb2-port1: attempt power cycle
[ 1235.931523][T12793] usb 2-1: new high-speed USB device number 94 using dummy_hcd
[ 1235.966396][T12793] usb 2-1: device descriptor read/8, error -71
[ 1236.685036][T12793] usb 2-1: new high-speed USB device number 95 using dummy_hcd
[ 1236.715244][T12793] usb 2-1: device descriptor read/8, error -71
[ 1237.081470][   T30] audit: type=1400 audit(2000000669.420:2531): avc:  denied  { watch } for  pid=21777 comm="syz.5.4062" path="/18/bus/file1" dev="overlay" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 1237.106271][   T30] audit: type=1400 audit(2000000669.420:2532): avc:  denied  { watch_sb } for  pid=21777 comm="syz.5.4062" path="/18/bus/file1" dev="overlay" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1237.154895][T12793] usb usb2-port1: unable to enumerate USB device
[ 1237.248854][T21784] 9pnet_fd: Insufficient options for proto=fd
[ 1237.378756][T21793] /dev/nullb0: Can't open blockdev
[ 1237.584644][T17103] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 1237.616694][T21801] netlink: 'syz.4.4068': attribute type 4 has an invalid length.
[ 1237.625404][T21801] netlink: 'syz.4.4068': attribute type 4 has an invalid length.
[ 1237.654748][T12793] usb 2-1: new high-speed USB device number 96 using dummy_hcd
[ 1237.744717][T17103] usb 7-1: Using ep0 maxpacket: 32
[ 1237.751546][T17103] usb 7-1: config 0 has an invalid interface number: 132 but max is 0
[ 1237.760614][T17103] usb 7-1: config 0 has no interface number 0
[ 1237.766854][T17103] usb 7-1: config 0 interface 132 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1237.780814][T17103] usb 7-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 1237.792091][T17103] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1237.800223][T17103] usb 7-1: Product: syz
[ 1237.804484][T17103] usb 7-1: Manufacturer: syz
[ 1237.804687][T12793] usb 2-1: Using ep0 maxpacket: 8
[ 1237.809283][T17103] usb 7-1: SerialNumber: syz
[ 1237.823747][T17103] usb 7-1: config 0 descriptor??
[ 1237.834359][T12793] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30
[ 1237.837038][T17103] em28xx 7-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 1237.855728][T17103] em28xx 7-1:0.132: Video interface 132 found: isoc
[ 1237.877236][T12793] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1237.887461][T12793] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 129
[ 1237.916777][T12793] usb 2-1: New USB device found, idVendor=0dfc, idProduct=0102, bcdDevice= 0.00
[ 1237.929144][T12793] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1237.970883][T12793] usb 2-1: config 0 descriptor??
[ 1238.313336][T12793] usbhid 2-1:0.0: can't add hid device: -71
[ 1238.331279][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.332543][T12793] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1238.338982][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 1238.398190][T12793] usb 2-1: USB disconnect, device number 96
[ 1239.036905][T17103] em28xx 7-1:0.132: unknown em28xx chip ID (0)
[ 1239.295102][T17103] em28xx 7-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 1239.336021][T17103] em28xx 7-1:0.132: board has no eeprom
[ 1239.550248][T17103] em28xx 7-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 1239.561671][T17103] em28xx 7-1:0.132: analog set to isoc mode.
[ 1239.569277][T17377] em28xx 7-1:0.132: Registering V4L2 extension
[ 1240.229203][T17377] em28xx 7-1:0.132: failed to trigger read from i2c address 0x4a (error=-5)
[ 1240.286496][T17377] em28xx 7-1:0.132: failed to trigger read from i2c address 0x48 (error=-5)
[ 1240.324725][T12793] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 1240.333343][T17377] em28xx 7-1:0.132: failed to trigger read from i2c address 0x42 (error=-5)
[ 1240.368163][T21829] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1240.375775][T21829] syzkaller0: entered promiscuous mode
[ 1240.381380][T21829] syzkaller0: entered allmulticast mode
[ 1240.387906][T17377] em28xx 7-1:0.132: failed to trigger read from i2c address 0x40 (error=-5)
[ 1240.618531][T12793] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1240.645776][T17377] em28xx 7-1:0.132: failed to trigger read from i2c address 0x84 (error=-5)
[ 1240.672325][T17377] em28xx 7-1:0.132: failed to trigger read from i2c address 0x86 (error=-5)
[ 1240.712720][T17377] em28xx 7-1:0.132: failed to trigger read from i2c address 0x94 (error=-5)
[ 1240.772493][T12793] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1240.833682][T12793] usb 6-1: Product: syz
[ 1240.834395][T17377] em28xx 7-1:0.132: failed to trigger read from i2c address 0x96 (error=-5)
[ 1240.920273][T12793] usb 6-1: Manufacturer: syz
[ 1240.928081][T12793] usb 6-1: SerialNumber: syz
[ 1240.959818][T12793] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1240.978058][ T5948] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1241.216306][T12793] usb 6-1: USB disconnect, device number 8
[ 1241.239236][T17377] em28xx 7-1:0.132: failed to trigger read from i2c address 0xc0 (error=-5)
[ 1241.372227][T17377] em28xx 7-1:0.132: failed to trigger read from i2c address 0xc2 (error=-5)
[ 1241.394668][T17377] em28xx 7-1:0.132: failed to trigger read from i2c address 0xc4 (error=-5)
[ 1241.406465][T17377] em28xx 7-1:0.132: failed to trigger read from i2c address 0xc6 (error=-5)
[ 1241.416006][T17377] em28xx 7-1:0.132: failed to trigger read from i2c address 0xc8 (error=-5)
[ 1241.428414][T17377] em28xx 7-1:0.132: Config register raw data: 0xfffffffb
[ 1241.437671][T17377] em28xx 7-1:0.132: AC97 chip type couldn't be determined
[ 1241.456288][T17377] em28xx 7-1:0.132: No AC97 audio processor
[ 1241.741200][T17377] usb 7-1: Decoder not found
[ 1241.749615][T17377] em28xx 7-1:0.132: failed to create media graph
[ 1241.763994][T17377] em28xx 7-1:0.132: V4L2 device video103 deregistered
[ 1241.831719][T19479] usb 7-1: USB disconnect, device number 3
[ 1241.845308][T19479] em28xx 7-1:0.132: Disconnecting em28xx
[ 1242.101088][T17377] em28xx 7-1:0.132: Remote control support is not available for this card.
[ 1242.140958][T21839] ==================================================================
[ 1242.149236][T21839] BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0
[ 1242.156692][T21839] Read of size 8 at addr ffff88804851c740 by task v4l_id/21839
[ 1242.164230][T21839] 
[ 1242.166543][T21839] CPU: 1 UID: 0 PID: 21839 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[ 1242.166559][T21839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1242.166566][T21839] Call Trace:
[ 1242.166572][T21839]  <TASK>
[ 1242.166577][T21839]  dump_stack_lvl+0x116/0x1f0
[ 1242.166595][T21839]  print_report+0xcd/0x630
[ 1242.166610][T21839]  ? __virt_addr_valid+0x81/0x610
[ 1242.166620][T21839]  ? __phys_addr+0xe8/0x180
[ 1242.166630][T21839]  ? v4l2_fh_init+0x27d/0x2c0
[ 1242.166649][T21839]  kasan_report+0xe0/0x110
[ 1242.166666][T21839]  ? v4l2_fh_init+0x27d/0x2c0
[ 1242.166683][T21839]  v4l2_fh_init+0x27d/0x2c0
[ 1242.166699][T21839]  v4l2_fh_open+0x64/0xa0
[ 1242.166715][T21839]  em28xx_v4l2_open+0x24e/0x7e0
[ 1242.166734][T21839]  v4l2_open+0x1cf/0x5e0
[ 1242.166751][T21839]  ? __pfx_v4l2_open+0x10/0x10
[ 1242.166765][T21839]  chrdev_open+0x234/0x6a0
[ 1242.166780][T21839]  ? __pfx_chrdev_open+0x10/0x10
[ 1242.166793][T21839]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[ 1242.166809][T21839]  do_dentry_open+0x982/0x1530
[ 1242.166821][T21839]  ? __pfx_chrdev_open+0x10/0x10
[ 1242.166835][T21839]  vfs_open+0x82/0x3f0
[ 1242.166850][T21839]  path_openat+0x1de4/0x2cb0
[ 1242.166865][T21839]  ? __pfx_path_openat+0x10/0x10
[ 1242.166879][T21839]  do_filp_open+0x20b/0x470
[ 1242.166891][T21839]  ? __pfx_do_filp_open+0x10/0x10
[ 1242.166907][T21839]  ? alloc_fd+0x471/0x7d0
[ 1242.166931][T21839]  do_sys_openat2+0x11b/0x1d0
[ 1242.166946][T21839]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1242.166961][T21839]  ? find_held_lock+0x2b/0x80
[ 1242.166977][T21839]  ? handle_mm_fault+0x2ab/0xd10
[ 1242.166995][T21839]  __x64_sys_openat+0x174/0x210
[ 1242.167011][T21839]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1242.167027][T21839]  ? do_user_addr_fault+0x843/0x1370
[ 1242.167044][T21839]  do_syscall_64+0xcd/0x4e0
[ 1242.167059][T21839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1242.167071][T21839] RIP: 0033:0x7fedc5aa7407
[ 1242.167082][T21839] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 1242.167093][T21839] RSP: 002b:00007ffd248c7eb0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1242.167104][T21839] RAX: ffffffffffffffda RBX: 00007fedc6222880 RCX: 00007fedc5aa7407
[ 1242.167112][T21839] RDX: 0000000000000000 RSI: 00007ffd248c9f1a RDI: ffffffffffffff9c
[ 1242.167119][T21839] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 1242.167125][T21839] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1242.167132][T21839] R13: 00007ffd248c8100 R14: 00007fedc6389000 R15: 000055f24d4ad4d8
[ 1242.167142][T21839]  </TASK>
[ 1242.167146][T21839] 
[ 1242.426423][T21839] Allocated by task 17377:
[ 1242.431026][T21839]  kasan_save_stack+0x33/0x60
[ 1242.435819][T21839]  kasan_save_track+0x14/0x30
[ 1242.440489][T21839]  __kasan_kmalloc+0xaa/0xb0
[ 1242.445071][T21839]  em28xx_v4l2_init+0x114/0x4080
[ 1242.450294][T21839]  em28xx_init_extension+0x13a/0x200
[ 1242.455595][T21839]  request_module_async+0x61/0x70
[ 1242.460697][T21839]  process_one_work+0x9cf/0x1b70
[ 1242.465740][T21839]  worker_thread+0x6c8/0xf10
[ 1242.470320][T21839]  kthread+0x3c2/0x780
[ 1242.474376][T21839]  ret_from_fork+0x56a/0x730
[ 1242.479303][T21839]  ret_from_fork_asm+0x1a/0x30
[ 1242.484053][T21839] 
[ 1242.486378][T21839] Freed by task 17377:
[ 1242.490434][T21839]  kasan_save_stack+0x33/0x60
[ 1242.495259][T21839]  kasan_save_track+0x14/0x30
[ 1242.499938][T21839]  __kasan_save_free_info+0x3b/0x60
[ 1242.505291][T21839]  __kasan_slab_free+0x5f/0x80
[ 1242.510089][T21839]  kfree+0x2b8/0x6d0
[ 1242.514104][T21839]  em28xx_v4l2_init+0x22b5/0x4080
[ 1242.519167][T21839]  em28xx_init_extension+0x13a/0x200
[ 1242.524564][T21839]  request_module_async+0x61/0x70
[ 1242.529855][T21839]  process_one_work+0x9cf/0x1b70
[ 1242.534786][T21839]  worker_thread+0x6c8/0xf10
[ 1242.539473][T21839]  kthread+0x3c2/0x780
[ 1242.543550][T21839]  ret_from_fork+0x56a/0x730
[ 1242.548223][T21839]  ret_from_fork_asm+0x1a/0x30
[ 1242.552982][T21839] 
[ 1242.555303][T21839] The buggy address belongs to the object at ffff88804851c000
[ 1242.555303][T21839]  which belongs to the cache kmalloc-8k of size 8192
[ 1242.569338][T21839] The buggy address is located 1856 bytes inside of
[ 1242.569338][T21839]  freed 8192-byte region [ffff88804851c000, ffff88804851e000)
[ 1242.583301][T21839] 
[ 1242.585603][T21839] The buggy address belongs to the physical page:
[ 1242.591993][T21839] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x48518
[ 1242.600740][T21839] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1242.609313][T21839] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1242.616832][T21839] page_type: f5(slab)
[ 1242.620800][T21839] raw: 00fff00000000040 ffff88801b027280 dead000000000122 0000000000000000
[ 1242.629576][T21839] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 1242.638156][T21839] head: 00fff00000000040 ffff88801b027280 dead000000000122 0000000000000000
[ 1242.646994][T21839] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 1242.655762][T21839] head: 00fff00000000003 ffffea0001214601 00000000ffffffff 00000000ffffffff
[ 1242.664869][T21839] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1242.673651][T21839] page dumped because: kasan: bad access detected
[ 1242.680061][T21839] page_owner tracks the page as allocated
[ 1242.685864][T21839] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 21790, tgid 21789 (syz.6.4065), ts 1238039074084, free_ts 1238024171333
[ 1242.707818][T21839]  post_alloc_hook+0x1c0/0x230
[ 1242.712674][T21839]  get_page_from_freelist+0x10a3/0x3a30
[ 1242.718379][T21839]  __alloc_frozen_pages_noprof+0x25f/0x2470
[ 1242.724413][T21839]  alloc_pages_mpol+0x1fb/0x550
[ 1242.729276][T21839]  new_slab+0x24a/0x360
[ 1242.733429][T21839]  ___slab_alloc+0xdc4/0x1ae0
[ 1242.738106][T21839]  __slab_alloc.constprop.0+0x63/0x110
[ 1242.743563][T21839]  __kmalloc_cache_noprof+0x477/0x780
[ 1242.748928][T21839]  ceph_alloc_options+0xb6/0x310
[ 1242.753838][T21839]  ceph_init_fs_context+0x61/0x530
[ 1242.758930][T21839]  alloc_fs_context+0x54d/0x9c0
[ 1242.763775][T21839]  __x64_sys_fsopen+0xeb/0x240
[ 1242.768551][T21839]  do_syscall_64+0xcd/0x4e0
[ 1242.773035][T21839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1242.778900][T21839] page last free pid 17241 tgid 17241 stack trace:
[ 1242.785388][T21839]  __free_frozen_pages+0x7df/0x1160
[ 1242.790579][T21839]  __put_partials+0x130/0x170
[ 1242.795251][T21839]  qlist_free_all+0x4d/0x120
[ 1242.799861][T21839]  kasan_quarantine_reduce+0x195/0x1e0
[ 1242.805300][T21839]  __kasan_kmalloc+0x8a/0xb0
[ 1242.809881][T21839]  __kmalloc_noprof+0x32f/0x880
[ 1242.814715][T21839]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1242.820248][T21839]  tomoyo_path_perm+0x274/0x460
[ 1242.825178][T21839]  security_inode_getattr+0x116/0x290
[ 1242.830536][T21839]  vfs_statx+0x121/0x3f0
[ 1242.834762][T21839]  vfs_fstatat+0x7b/0xf0
[ 1242.838996][T21839]  __do_sys_newfstatat+0x97/0x120
[ 1242.844026][T21839]  do_syscall_64+0xcd/0x4e0
[ 1242.848623][T21839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1242.854513][T21839] 
[ 1242.856830][T21839] Memory state around the buggy address:
[ 1242.862456][T21839]  ffff88804851c600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1242.870546][T21839]  ffff88804851c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1242.878599][T21839] >ffff88804851c700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1242.886659][T21839]                                            ^
[ 1242.892791][T21839]  ffff88804851c780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1242.900889][T21839]  ffff88804851c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1242.908948][T21839] ==================================================================
[ 1242.956725][ T5948] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1242.986349][   T30] audit: type=1400 audit(2000000676.060:2533): avc:  denied  { write } for  pid=5805 comm="syz-executor" path="pipe:[3937]" dev="pipefs" ino=3937 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 1243.009491][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1243.044688][T19479] em28xx 7-1:0.132: Closing input extension
[ 1243.058138][ T5948] ath9k_htc: Failed to initialize the device
[ 1243.158676][T12793] usb 6-1: ath9k_htc: USB layer deinitialized
[ 1243.275264][   T30] audit: type=1400 audit(2000000676.240:2534): avc:  denied  { read } for  pid=5174 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 1243.304916][   T30] audit: type=1400 audit(2000000676.240:2535): avc:  denied  { search } for  pid=5174 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1243.326465][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1243.365286][   T30] audit: type=1400 audit(2000000676.240:2536): avc:  denied  { search } for  pid=5174 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1243.467481][   T30] audit: type=1400 audit(2000000676.240:2537): avc:  denied  { add_name } for  pid=5174 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1243.630216][   T30] audit: type=1400 audit(2000000676.240:2538): avc:  denied  { create } for  pid=5174 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1243.714583][T21839] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1243.721834][T21839] CPU: 1 UID: 0 PID: 21839 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[ 1243.730858][T21839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1243.740905][T21839] Call Trace:
[ 1243.744174][T21839]  <TASK>
[ 1243.747082][T21839]  dump_stack_lvl+0x3d/0x1f0
[ 1243.751659][T21839]  vpanic+0x640/0x6f0
[ 1243.755704][T21839]  panic+0xca/0xd0
[ 1243.759396][T21839]  ? __pfx_panic+0x10/0x10
[ 1243.763784][T21839]  ? v4l2_fh_init+0x27d/0x2c0
[ 1243.768446][T21839]  ? preempt_schedule_common+0x44/0xc0
[ 1243.773886][T21839]  ? preempt_schedule_thunk+0x16/0x30
[ 1243.779242][T21839]  ? check_panic_on_warn+0x1f/0xb0
[ 1243.784335][T21839]  check_panic_on_warn+0xab/0xb0
[ 1243.789255][T21839]  end_report+0x107/0x170
[ 1243.793588][T21839]  kasan_report+0xee/0x110
[ 1243.798075][T21839]  ? v4l2_fh_init+0x27d/0x2c0
[ 1243.802745][T21839]  v4l2_fh_init+0x27d/0x2c0
[ 1243.807235][T21839]  v4l2_fh_open+0x64/0xa0
[ 1243.811643][T21839]  em28xx_v4l2_open+0x24e/0x7e0
[ 1243.816577][T21839]  v4l2_open+0x1cf/0x5e0
[ 1243.821423][T21839]  ? __pfx_v4l2_open+0x10/0x10
[ 1243.826172][T21839]  chrdev_open+0x234/0x6a0
[ 1243.830590][T21839]  ? __pfx_chrdev_open+0x10/0x10
[ 1243.836241][T21839]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[ 1243.842648][T21839]  do_dentry_open+0x982/0x1530
[ 1243.847404][T21839]  ? __pfx_chrdev_open+0x10/0x10
[ 1243.852437][T21839]  vfs_open+0x82/0x3f0
[ 1243.856495][T21839]  path_openat+0x1de4/0x2cb0
[ 1243.861073][T21839]  ? __pfx_path_openat+0x10/0x10
[ 1243.865994][T21839]  do_filp_open+0x20b/0x470
[ 1243.870483][T21839]  ? __pfx_do_filp_open+0x10/0x10
[ 1243.875494][T21839]  ? alloc_fd+0x471/0x7d0
[ 1243.879810][T21839]  do_sys_openat2+0x11b/0x1d0
[ 1243.884472][T21839]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1243.889749][T21839]  ? find_held_lock+0x2b/0x80
[ 1243.894485][T21839]  ? handle_mm_fault+0x2ab/0xd10
[ 1243.899455][T21839]  __x64_sys_openat+0x174/0x210
[ 1243.904601][T21839]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1243.909989][T21839]  ? do_user_addr_fault+0x843/0x1370
[ 1243.915277][T21839]  do_syscall_64+0xcd/0x4e0
[ 1243.919818][T21839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1243.926530][T21839] RIP: 0033:0x7fedc5aa7407
[ 1243.931226][T21839] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 1243.950941][T21839] RSP: 002b:00007ffd248c7eb0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1243.959344][T21839] RAX: ffffffffffffffda RBX: 00007fedc6222880 RCX: 00007fedc5aa7407
[ 1243.967321][T21839] RDX: 0000000000000000 RSI: 00007ffd248c9f1a RDI: ffffffffffffff9c
[ 1243.975281][T21839] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 1243.983252][T21839] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1243.991238][T21839] R13: 00007ffd248c8100 R14: 00007fedc6389000 R15: 000055f24d4ad4d8
[ 1243.999216][T21839]  </TASK>
[ 1244.003113][T21839] Kernel Offset: disabled
[ 1244.007537][T21839] Rebooting in 86400 seconds..