last executing test programs:

2m55.264309872s ago: executing program 2 (id=670):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
unlink(&(0x7f0000000040)='./file0/file0\x00')
bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYRES32, @ANYRES16, @ANYRES32, @ANYBLOB="97a7dc178ed6e6bf4c8c0ce68aedd6103246ae6fe87e593f5c206d6813acfa203b8ed10b6baf627e13a1edcc2b5dd3aba134c7f5723751244f551647006d49eb07da379582eb3ef31c6f874abc397bed8373c87e0f663c2fb9432712a6ff49e487eb08fa", @ANYRES32, @ANYRES16, @ANYRES8=0x0], 0x11)
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
unshare(0x22000600)
r0 = openat$kvm(0x0, &(0x7f00000002c0), 0x4000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1})
eventfd2(0xb, 0x1)
prlimit64(0x0, 0x1, &(0x7f0000000040)={0x3, 0x2}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x100, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) (fail_nth: 7)

2m54.536007473s ago: executing program 2 (id=671):
add_key$fscrypt_provisioning(&(0x7f0000000400), &(0x7f00000004c0)={'syz', 0x3}, &(0x7f0000000500)=ANY=[@ANYBLOB="0100000000"], 0x48, 0xfffffffffffffffb)

2m54.521630176s ago: executing program 2 (id=672):
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)={@ipv4={""/10, ""/2, @dev}, <r1=>0x0}, &(0x7f0000000140)=0x14)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYRES32=0x0, @ANYRES16], &(0x7f0000000080)='GPL\x00', 0x0, 0x1a, 0x0, 0x40f00, 0x0, '\x00', r1, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$l2tp6(0xa, 0x2, 0x73)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCGIFCONF(r5, 0x8912, &(0x7f00000003c0)=@buf)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x90)
mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0)

2m53.602947967s ago: executing program 2 (id=676):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000066c0), 0x0, 0x5efe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4002, &(0x7f0000000000)=0x4, 0x6, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
ioctl$SCSI_IOCTL_GET_PCI(0xffffffffffffffff, 0x2284, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x3000005, 0x109010, 0xffffffffffffffff, 0x8000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
r3 = socket$kcm(0x2d, 0x2, 0x0)
close(r3)

2m52.607724309s ago: executing program 2 (id=682):
r0 = syz_open_dev$media(&(0x7f0000000400), 0xe92, 0x880)
ioctl$MEDIA_IOC_DEVICE_INFO(r0, 0xc1007c00, &(0x7f0000000440))
mkdirat(0xffffffffffffff9c, 0x0, 0x1b2)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0x6, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f00000001c0)="f3420fc7fdc443e9789c5e0b00000005c4027d79c9c4827918d766400f6eb358000000c4a2c1910cf2c4e3dd0be409430f060f21dc66baa000b002ee", 0x3c}], 0x1, 0x48, 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000440)=0x10)
symlink(&(0x7f0000001640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000e40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f0000000380)={0x34, &(0x7f0000000180)=ANY=[@ANYBLOB="4018030000d2f17f8b"], 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, 0x0}], 0x1, 0x60, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs={0x1, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f0000000280), 0x0, 0x40000002, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$UI_DEV_SETUP(r6, 0x405c5503, &(0x7f0000000540)={{0x0, 0x0, 0x4, 0xf}, 'syz0\x00'})

2m50.339914662s ago: executing program 2 (id=690):
socket$inet6_sctp(0xa, 0x1, 0x84)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x22280, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001b61e308d016a9105230010203010902"], 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x64440, 0x0)
r0 = gettid()
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
rt_sigqueueinfo(r0, 0xb, &(0x7f0000002d00)={0x0, 0x0, 0xfffffffd})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x42, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r2, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x8, r4}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000200)="19c9d4342b0c0100000000f9ffff", 0xe}], 0x1}}], 0x1, 0x0)

2m35.200115776s ago: executing program 32 (id=690):
socket$inet6_sctp(0xa, 0x1, 0x84)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x22280, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001b61e308d016a9105230010203010902"], 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x64440, 0x0)
r0 = gettid()
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
rt_sigqueueinfo(r0, 0xb, &(0x7f0000002d00)={0x0, 0x0, 0xfffffffd})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x42, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r2, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x8, r4}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000200)="19c9d4342b0c0100000000f9ffff", 0xe}], 0x1}}], 0x1, 0x0)

6.636080943s ago: executing program 0 (id=1188):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)={0x6})
ioctl$KVM_REINJECT_CONTROL(r1, 0xae71, &(0x7f0000000040))
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)

6.634942816s ago: executing program 5 (id=1189):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="05000000040000000800000008"], 0x50)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000200)={0x6, <r1=>0x0}, 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000048000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
fsmount(0xffffffffffffffff, 0x1, 0x80)
r8 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
fcntl$dupfd(r8, 0x406, r8)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x4b0, 0x318, 0x11, 0x148, 0x318, 0x0, 0x418, 0x2a8, 0x2a8, 0x418, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x318, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x0, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@NOTRACK={0x20}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x510)
syz_emit_ethernet(0x4a, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6002000000140600fe800000f4ffffff00000000000000bbfe8000000000004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5002000090780000"], 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
epoll_wait(0xffffffffffffffff, 0x0, 0x0, 0x6)
syz_open_procfs(0x0, &(0x7f0000000040)='syscall\x00')
socket$inet_tcp(0x2, 0x1, 0x0)

5.504452916s ago: executing program 5 (id=1193):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = dup(r2)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$GTP_CMD_DELPDP(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14}, 0x14}}, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="0000000000000000280012000c0001007665"], 0x48}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$nl_route_sched(r5, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
readv(r0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

5.418997653s ago: executing program 0 (id=1194):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0xfffffffffffffc73, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_MCE_KILL(0x23, 0x1, 0x7fffffffeffe)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r6}, 0x18)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000006c0)='net/route\x00')
preadv(r7, &(0x7f00000025c0)=[{&(0x7f0000002500)=""/79, 0x4f}], 0x1, 0x10006c, 0x2f)

5.363858057s ago: executing program 4 (id=1195):
r0 = socket(0x10, 0x3, 0x0)
r1 = syz_genetlink_get_family_id$tipc(0x0, r0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r5}, 0x18)
syz_open_dev$rtc(0x0, 0x0, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000001640)='kfree\x00'}, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaaaaaaaaaa20f8c200000086dd62561699001000fffc000000000000000000000000000001200100000000000000023b00000000000000c2040001"], 0x0)
r6 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r6, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a65274d7c727e7e53c1bb714e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028642b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ed7eff0d26ff199ee1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e006204df635e731a5bfcf142f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd400cfdfe756bcb7d08e36655c"})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x1ff)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200001}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000228bd7000fbd5f52f5d004a00004ed49f8b1f9a91bd14001462726fec7d633f73742d6c69e62b0000"], 0x30}, 0x1, 0x0, 0x0, 0x88}, 0x0)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000000c0)={'tunl0\x00', <r8=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES32=r8, @ANYBLOB="00000000000000002400128009000100697069700000000014000280050009008900000005000a"], 0x44}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x6}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

5.348719066s ago: executing program 1 (id=1196):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
sync()

4.309648675s ago: executing program 5 (id=1198):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x454e, 0x4)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @multicast1}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000f00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)

4.055878941s ago: executing program 1 (id=1199):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002ec0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e01f3440cee51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cad32b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337602d3e5a815232f5e16c1b30c3a6abc85018e5ff2c91018afc9ffc2cc788bee1b47683db012469398685211dfbbae3e2ed0a50e7393bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d300006aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7af22e30d46a9d26d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977fb536a9caab37d9ac4cfc1c7b400000000000007ffc826b956ba859ac8e3c177b91bd7d5e41ff83ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d000069a16203a967c1bbe09315c29877a308bcc87dc3addb08142bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8240000e3428d2129369ee1b85af9ffffff0d0df414b315f651c8412392191fa83ee830548f11be359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92000000000f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb74d4ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905de328c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a978ee56c83a3466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342e0eaf6f330e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea95ec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf81700cd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be3827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f969369de47422604e2fc5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293b6c833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b612272d40f522d8c98c879aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbe71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd46dbd61627a2e0a74b5e6aefb7eee403502734137ff47a57f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a125e3af1130d66a7b66837ae7e7123dde7404a067ad0a6a2d6bec9411b61cad4121be3c72ff3a04713042253d438e7becf8120de3895b8ce974958bde39cb8da3427a2e9e2de936431e67fed5ab5684db07de39083d8948cc4c8a2608100000000000000000000aecb8b0b7941088f971ce17427eec32a012295cc0cdd32955176b6ad5a4bb953e58ccfa9428f452cfb5a48a9fda26db3985c8be3c2f99827da074825b01c4a3a71fb59d5798100000000000000c76b05a45d2dd8c20d971e2f3e4369168f5cb83d6ff3a18733fec726034fbfa95624135bee374414b2c8c61f52357a520efd6a10aff244bc8a62ed367981fb4d5d77f7bc093958ff46527499957da4934cd4b370cf76f72dd05fa80cdfb68c836fd81be7a58532e041a87f9222f157610a4bcdc05b2a55308c8e7568b90f7a338557e816a16972aea79dff5becefa6f9c5ce6c58fb38da9e7532dc53cfdc2e789b76f7d32aca1bfea2aa62621b78dded30fc07171866bf3d552900000000a32dda61eeda1750e157c2d569b9d08f583c0ee28daec2e8bb85f3c8e91c4448096ee953def18dc73e55cb30f9cd069d8780b00eaba382f0c3ae391c30a5f1b0f36dd0c2193b791995d2890327a10d7abac76d1202f72e97f0105184d7aaaab8d3e29c9a8d263f076b55cf53c5bb9c0662a3d19a6722d7f83ae4331d3256f90af0857788b380ccc3b266c418e66d1d756d5df6423dd0cea67bc235d3776d22270fc19301ead09f156893e9"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000632f77fbac14fe16e000030a07080403fe80000020006558845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x24, 0x60000000}, 0x2c)

4.019205763s ago: executing program 0 (id=1200):
r0 = open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10002, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x2281, &(0x7f0000000440)=ANY=[@ANYBLOB="180000002000000000000000000000005a447967", @ANYRES32, @ANYBLOB="0000000000000000b7080000070000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
fcntl$getownex(r5, 0x10, &(0x7f0000000280))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r4}, &(0x7f0000000300), 0x0}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
write$FUSE_CREATE_OPEN(r0, &(0x7f0000000180)={0xa0, 0xfffffffffffffffe, 0x0, {{0x7, 0x1, 0x5, 0x6, 0x5, 0x1, {0x1, 0x180, 0xff, 0x5, 0xff, 0xd615, 0x2, 0x800001, 0xfffffffe, 0x8000, 0x0, 0xee00, 0x0, 0x6, 0x800001}}}}, 0xa0)
sendfile(r0, r0, &(0x7f0000000080), 0x7f03)

3.75049828s ago: executing program 1 (id=1201):
recvmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r1 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
pwritev(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r0, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, 0x0)
ioctl$LOOP_CLR_FD(r0, 0x4c01)

3.224108671s ago: executing program 3 (id=1202):
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0)
r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
lseek(r2, 0x2, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x8, 0x3, 0x278, 0x0, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x3d8, 0xffffffff, 0xffffffff, 0x3d8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x2d8)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0x2000)

3.028507877s ago: executing program 4 (id=1203):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r3=>0xffffffffffffffff})
close(r3)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
close(r3)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r5, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r6}, 0x10)
add_key$fscrypt_v1(0x0, &(0x7f0000000080)={'fscrypt:', @desc2}, 0x0, 0x0, 0xffffffffffffffff)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00', 0x2002, 0x0)
write$cgroup_pid(r7, 0x0, 0x0)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)

3.007555628s ago: executing program 0 (id=1204):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$binfmt_script(r0, &(0x7f0000000440)={'#! ', './file0', [{0x20, 'wlan1\x00'}], 0xa, "1721d03759be36cec0"}, 0x1b)
dup3(r1, r1, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000005e40)={0x2020}, 0xfffffffa)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00'}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0))
munmap(&(0x7f0000893000/0x4000)=nil, 0x4000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r5}, 0x10)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r6, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)

2.907923827s ago: executing program 3 (id=1205):
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a0ef010095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='kmem_cache_free\x00', r1}, 0x10)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
faccessat(0xffffffffffffffff, 0x0, 0x5)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67)
sendto$inet(r0, 0x0, 0x0, 0x20000844, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000240)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x10}}}}}}, 0x0)

2.886986524s ago: executing program 3 (id=1206):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
openat$ppp(0xffffffffffffff9c, 0x0, 0x2300, 0x0)
mkdir(&(0x7f0000005740)='./file0\x00', 0x3b)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
openat$binfmt_register(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
bpf$BPF_PROG_QUERY(0x9, &(0x7f0000000180)={@fallback=r4, 0x1e, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
syz_fuse_handle_req(r4, &(0x7f00000041c0)="7ed2c42ad1b04ce3792cda19c56ce9c81ae16fb01de77f95f775f064b2d612b46878f0f4a0a6f2849f980da1b22329cba96651402f92b1a1e6a59690f7d3c2b83f46342ce56b30111f6dfd123712c00727f907272fce27d40232206a8a7e8fcc150d5a765bac8a3782c384442eaf7db71af25f723953337cf47202b7f3024c9806c0e34f946fbe2bfc8704eebd86cb87c064db095bc2992179479f918597c51ec08d10ddc4297e5b2393283743ae791551e1b69baec8ff6eb755ac3651f92ab58fcd167b7572856cda043426b0fc8900e72cbe576d3888cc8e8c60b97c72fb16860da7fd00bd9fdf528cf0feaf4b51d8234c9a6d629c66b9ea5cf119c2b84f819d3d1a8cf75b9983e5e8fcc9dfe0d68ad096b651d07eaa7ab1a7aae8fc5731c0b24949a8387809114b4001656bf23ee28e639c5adcc443cf2b596030964214c56ffd72725893cfa5ddf147110bd0d5faccf7458dc39569439a2a0cdb82854883999424c5b100acf18d8b473efdc9601165ef1de86b3aa4803e9c9b9a5b7626b3cffe385fbfd19980423e93ebb380ae39aecc96cd32082fd30aeda93f84e216708c76af3a75818ea3d0ef0df84a9ec975e71bdc891f73e71fad39230a72f9f9ab536e935b7e512ecc2d8a3856758eb14133334a1cc9b2656e352855ecdf29ce6598e5365c22beb2000004a740354ce862ccf59e33a2d0f2a3b8ee3679610bc0546ac9f7e9d1a73bfbc27907165f4cbdce5e89ac865c5d249b68a1747c992eb2aecc3abdec090b8803f647788987a1e049b458bff0931e4d438de03a775407096b7a4a8c9f4bd2101beab30240ee86f8e67d210bc3bb1b5cd82892c7853bf1b453cc9021163e0f79e26f7544d2476b4d6264094441ad3195a4667ef0fa150f7dc88956e4bd8f5ebe44194c3e4dbe8442d01a213e68f171737f25d9cf8abe7539ed80e3f87c3863194f4107ffe05244e93d69949edf089d5691d5f15a9777d96bdf8241923736aaaa69e3317e51b9f0b1149eb2e1ccaeb2cd233e30422b58c227b8021782de8c88dd62f53a171372abb08ec973ef911ebbe02b48a0952cd8fb6ba9efddd3625c202b1636e1257927da2111352164a6b1d115f2516faf580f89024c9c740421f9e2caffa09dc82478232e9adb8b922b2491d7168f5600f5fc83b766565c56bfad32fe9fd07edfeac3a6df2db815b7ef3bb18bfb78dbccc5f83e08952397ad031e549f41c1255ca666117c85ea82e2f294e88a2b8a1a5d4029792b00acaeb17cbab642e1e467e45bec53f20c2c26b0c082d32de99e797cd490d24ab2ce8c9397fcc01750716deada5b937005e5c570bc12a1a6b37a4ee281669ac783d18d5950dfb58ee31c1c305761d7ead0cea02afd72db2ae9067eccdac7e0a48112d612a19d47321062d11bf5ab06fcd68499e5b5e6bc5ce84f9e799bf5881b3d0479ae6513ad5eb11a5598dfcba17053c4cb67f3d54340d9505aeb987321857480c87ce3f7e09d437c89c525e7c1cb367fe791ced45e500028f589a74d4688c78011e7b4ead692d81a37973642e5e6845bf48ff98f9fd5b78e06f740f583fa49f6affe889776ad4e7480f12b12b60c661fcf1e0a6143ef08e335a1f5d519c048c0a86eebfe1dec807203a3e5e10ac2e0586b9e459b08f9d0c21fde3962f6bf6d56b8c5fc9292ee189da1ba6b5a88b8c7d3d94f4fb3589940e238f226cb0fe73c9606dcafcb8c841529be202aedb4fd2c8c16cf06817559f5620c174567de9f7427b25eba5c301f433644cc8a5e0ab0bea2513f031310c757e9315bd96be4f47db97d151d18000b9df04e7fcbe0dfc684d1a259b702693e34a274ed0fb93781f39456039d9d80ad240acfaba4892535242761942b95c503db73beb41de80f79ce4d02c51d57b2c0463a3f09fc53fed5523b70a30670ca02da78b0647031ae8ed5612f56eb1abbb50c98b4801f1b17942f6b5a56af59ad68febd24d901b51403a9db23f017ec2b428fa5ab591a1904b49bd452d3937dd6347cd773f9a0699970193daf2b4c7899a8c94ea109a1df422477820da801ae1d8e67f36966b3a9631edc5f81dd6ea3529a5a653edf59374895d1be79f9719856b70f2f86fe4aa419b4a9db3e928abcc4573e5c4668049959ebcb9bd773e08d8a1abdbcb2195c5da9bc7e4a36e83bc42a6139c4d40bb66ddbead9432a3927bfbeb485ecd3d0e666a86398122bf2386c914d5b51d2cc4ee6a3085094bf547678c76ab4a3d7a973852da647fb39023272c7d665ad8eb46024e5e5fe6732b7acd9b39a0fe5b4dbff846e3bd9cbe9d5b6b3ce7b1d3011902f12a20153a1c8222c2f5a940667834cf440a08b14f8e73e4e8ff7f0e588824ac0c2804a83906cf2c5763d2c6a852f53a761a1cb34acbb07bd6a0fae4fb36fa93b854f1dcc0ecca8bbeb4e5036d045e2ff24d98c1a2780963f775c6c02e7e5947869b5c93dab7e8b3eb2935b7d8f0734b472f89155792d65f78e84d72912d36ce05466fa0d1579832e92b6941a5e3b7fcbfa58c6418461d406737ca2b75e771d73e516718f589a859c935d6b4372b7fad7c6541781e01fd905b343d4dd430cfdbd9a63d4f0aee13174aec686af676818332d86182f02f279b1a6980ba0f86f62087d35eb48983a3d16433a1fc09609681f4418629f7b7c50d0ade5518a5d657fbbdf4bf30c7c24a1d81ff2031d921d214966939595aaa566bfaddd7f9fd51228d51976c5b3758d12d31393d263a43ca033cf3b4e9885568a4977368467aa8f2ba6a536f307a550c277886cea27ff17dfdbe914257ffb65b8c276a15be8ea5165fd16b909f7757e30f0ece05a2927c0e7498d6d5ea5619c96786af5230029e9214db8269365a84dc0e2cec200ae9c0b74d579c48037bc40c5fcc73b80e3bc67dd5e0d1ed0484f2c62822401e39621c52ac6d603f2d111350928ee2eb8d0825110321f5c26d6fada90725c6b5204644256a1d74f0daf2e416bee390605e3f6d06cb18c1852b30776d2073bc156c85311ccbfb139b4367f81750140a474e494a1c0d5fa2ff2a6c9b5a40f8f616b3d5e2e4be56442e305376f5d0e6a6c4d54f05e6c08ed6ee32955ff1bdf87189122767e85ad03bfbec0ec78bf859beaf880f2589cc418b53ab5cb3d0264fc11456a1b868fb014e010bff07a07754603891a399047f17dea68c6481d91e71d0aa8c26b3745a69ea2cd02deb3ccc0e7ddc6e3ac7180a9cad8f0ef1253610cb6965fa9307c9082ee845b4021af0a2af27d12b41e4647f92497918e0365fbb14a177150299e6702389939f8c9e66cdade9004ca7bb53e947ca0409d4f9d74bcbc49ac48d7b706832ab0b19f045fd21ff6339565d8d022ab08d15c2229b26ffea5ce20631e759c66095359d614db7c4683de79b53f7185b1d523c90cd1041d095face8e69c8f79862a12b0d2c5a3bb5853643faf495bece649383391e769e40cd4f11cb5bc0891998e059ee61cceb0c27792b88a92d88603e3ee0857fa2a8e03c0bbaa8f895a78e1dc7b54b5321b0db04a4e9ca3cf9a426efb08ed8de49253276849211b385ad9ae841380136caedd3fc49daa7dd4930d5e1c6355438ff086e054ba406a1f4ca450e5197076459c9dd9433bfe0a385b2236b9e28b0091e3269297dca512cbfd21300e49178cf3bc287153a5005ca28e9c7dbb4291ae76fad759ba39ba2b8a63ffcc01db45a13ae616deb1df4ad532f905beaabe165aedc442a0e2f7e232714ca59b7089081963efaf363925b1ddcbfcd4aa85da9ba903765ea04766749a7a69375cb5c7f4da42db2d0c38187c6b37adc198e350e8abac561517c3a668a3f1a0fdc33557e862d252581d13dad4128628b91eb1e1b9a55ceed5ec83ce5b0c9c5f98383c972587d9702bcfa7349f3f3049307210cf211e6bd62b9d11b58bfad21b80a6b1de0d25fc42a0bd94b69d127aa563c61d673dd512878e655756bf20fb5a41101edb2342bc4f7522ca4c3a33c3bc10bd061fce3bb4480199ea88a51990c70b3716c9a17c7b98596d9621f7dea213ef9f1b77105faa85a4467cfb676c94e7343a2089446f6243bbbf36811c669d0b0ccaa4f2ca57f59cf2cc7511887a51c37bf44306ff3709f7ef341df4ab0078b846ca3301170c7f5ea1f94eab76da7b32fe0d44bed365906f513d314b30f050b9fdb4fdf6654378b697e956e46054223d30ec4994f0ec0a7e750c4a580c4174134c0695927a12144151fdeb343df388228fc3710bb7cd80d93458cafd839a7d21116e5b06a4f68bf67a8b7b8f1a3ccea9d05a85c1a2e6c1272f7f015164d556be02cadee46ff48ee04e75aeb06b5a1a0c3ef1ccbb4d59a4c34a05f810e052f9825d24ff27321e6c4b5235dd74dbc48d3c9eed385ad50157c2f84be8872c75b4d236063f0356860ecebfc1b6b83d30397bc174b29b8a7c0d88c468e326783c00a146509e75ccd460e9230f7977ec3cb2425bf2e314680ff492753607731bc1d674f935d6ce06901a308a8711c20677fe9ae855144a8e0bc9a7d0f49f4f08186817b0b94fd56d496067c80b76eb77bb534f85ff8f4397a02a8e9448c9a1b9924d27fcdbab5feeddb14d1f57032d8a7d8e1aafbc8f9eacdd01c4788a239c1108ef5ccc159e0db4ba44de7a7cbf3f97fe03b57ec6364fe0e7d2b903b2a3f8fb52e99042b3ab6d6c4e3dd73ef2256af4567554823821c7464247e6fe624f83c2f282d42aefd38560aa4879afcdd4531c7cb192bb9abc24af0b8f981af96a7db30c0ebdaeaebc5a7841d7825f0a017382fe903478e7e54d2953c8ae8c537754cab7d59c42dedcef719c049bed1cbea347749741b2652cc1b88923d50bee5cb4aaaff9c2ff6111b2501c58f62c60bead8cac89e1ab10ff784b8228739d20a808a1a88aed3904cc25a938906ded4cf007bb9c009c52d0439444d08d1b26ff8c935115c6601a29f15a9b8d3c1c5b0959521c0a55c91b40e1aa96f8d5a1813c4baf2d0335d5e5e2bea7aa2b3ba2bdc7369a768c3bed6a11d47173442a961babc8f02fe7b701697cbc9c93599d69a25a96044c1d901a7c8b489b5a77cdb2e3894b31ab6969c25b17ca9bd95b8399e4e9968c764a1512989cfb8a53e1837cd27acb58ed999ec20016a0601b3a020924968984b982b6de1734705e413a680702605b6648d9bc93ff57cc5541b73317233b04e3aee4c3138e0f9a2a49155f4ea1e62d9ff541f7f566b18c5ee024d4750be962377937ec97b038bce7b3a7de504214e7eb22407fc0e8eb1455fe5951e83553d8e538db244b62ec9f56a1b7c155d5d1736944bb3e46edf0461068a4b9b02ba07679d003572252fd3d596a9020b153637c7513f27f4efef20ee83ab0285f2892ff52262b9d1e2bf92c4cb273d20b975d163eb2dfa4eba7b9e642bbd3acf3a192963fab83373d00f9bf543cbde732b16bfb4f9699458df528ea37790cc4ec09e7b6d6ae3a83187eebb57678da1ffc230786a79566a7e22836aab04598c0fdf991b96256f14e1d8936668147edf405bbc88e84d7a312f892c3a1dcad7e11a7fa27ca50bcbe2e3fcb201f1297899e327972bec7d631b9ee036194fad4918f0f1c7639491ba7d3b29022d53b6a6fbdef6f7566164487f59b466c9235288a2a3d5a44886ae9b375f8a7cd383da9c607dd3bada8a29d0d77672a3edc11f3a653ae729474bbdedbfcf0ab19b2fe998b7ac59e87552028c9c6578464af8e76c2864c11121009219dd32a5efd6a596b6324c680d19ba0fbb019d722f71fd68443e0c0588764d1dab37cf7bceb4e2b1248efd3f22e26e75472e35166f1545ae178da423c0bbd175aec6360cdd7d2812f4fae46295596e4d9e40f68fb3c9360a2b47dddc35aa2fd34d05411f3fca71df5702edba8c182e94a0ef2b89945d2f9dae556965f52ccdba267bd8f84db5ffc537b30f431455976b92680895695bcf86e1b22821b0fff3511eb44518afeece8dc580e6189e7ce26e3ba6ad4c93083f0766c79e185f8fa2099fa660dcfb6cbd36f91922c9eb6aad143a646744f73237af4dddd2b184091568760210676c468252653f4f5949f346afcd5d062a1387892236d0186ae01bfcf5814617790414b62355513c961f9fd324aa05dbc16725368b3bc4b591a58b7d47c1ffb7bc4c24ec18e4598b692cbf0a88c18f969e702fbb7d0ccf81a7468a7f7ebac94364fa44bbeeb022a2da5b980d109d93b6252dcc00c3158aed7d928a8bc1077023a62288845d474c0143ada9854dcd9bcfbcbd93e62f1a163d06e3f012d6c814cf3b2589a0fb7c21708025ba26375e7f5b3b76e12d90918683adbe81c08b03c3fff740c0c35d38d17468aa1b7959bb9cd6c8735ae32819c5607f34249251832d7f30b30b2cbde6a7235a9137dd1c3abf3f8d07192795280388c546806678f71e511956e86ba03930f579ed7076787404f24680bbf3cb6b562106bcee85012d08861857673e202e05c70fb151803564dafa7e4237674ed5f936e0dea63e7e5bf98058a4eaffc2eba998707c2fb54e1f38626b9a0d34267e1f40a4b0787ce848909a583990194434a9197a1c989d0c0b204199bfe32c281714e3c3fb6c2a26fdd049a5fbd352b6f561e2fa874c9a36c294f253281ff0d89b535189b9fab730858d078e71a0451abe07455ff9527569f50d3b2e406b37b8891045413c072fc4fd848c28b89ef4228b85e919072ccf6ecc0a53a3b086caeea506bdba02c9eeb66efcbc0682e52a3a2b078ffc9752b93330bea7039de2a8db03401d28775ef1f39803b77d42f6de6f482756ad1addebf8d10fa3ca75267f4d526162a669d0d1952cb91da2354f39b95c417ebf83af5cb0a7ca452910867ea4f7cc2e268f635b1febc5b7f5daff7e5057f8b3124b8bba68e2b34e879adc8a4da0ce6b2c7981883b403fafdea21c6f9955bd789a9807183a455ecaaddfc2c250244d040996098e1e5222a945ae7616817953bb0353ce90c42cc991a0db325e8e7bbb039885f4845c368a513e781428d53226cc7e48b48388c02c2b77be2d1d51da3fbe8bda78c12023487225730c59e7db2bfaa0d94917cd68b3a9b9e4b96219bd68f37ba382edc6eeffb0763c44e4023aa64a5b539817bc522eb969aa79143450580e73ecaa398157ffe9dc9d3ede14fc83d032d29d964072e34f2e6e60877fe5dbd5152edb58ffccc0f6f48b4873a82ed6ca0cc1e32a8d21f38180fd2877538ebcc0a2e415f0dfde170b08244d34554c1b26bf6e6c8f85df2b52bf0f02949663e0bdf9a2b1f4b18743dca57ff68cc37e963848ace00a0c304276208aa5e7caff86c435792d084542cb6712151de2f065fb4cc55b164ef2f95c90eb7d05b4ec7ab03489a9924ceccdbd12469bcb054a38142b7fb83b42a394a8e5eb4bbc3a96f482db8cf6b5acdc295a746517d77141faf3b9cb247774dc5064e22218af24610cceefe61cf360059db259a58d4760678ba0638ac84dc9a06bd142e8862d2d7f659c2004561ad89d4959bd2b09ff93c24ba5b807c652043e8e832e3a37c4f7573541c50c3a026283c4ff1bf7cd629302f5def4dc31ee4a24fa1074b77b563728bedc90dcd6b0a99989de0a04761762925b1ea95805ad59218e852aa8eacd1847a559339e1e5050279986a8a5b5dd71ecbdba8dd8d79eaac5b13b0e41cbef43ef24d14ca2197e7526c55de4bb7fc45f341c6e4647d4c5eda01f97e4879883b2dacc8411dc38a6362ac8a1426beafb561ce53dd28005540b2fa00c34bd132618a61893409501407692d344779807ab5590546d1d73840effe22ae3f85427ea37958f0efd4fd4b295d6fef9aa80982f30adb4b7d243b4adc78cdf2f6324d7ebc5ec128f38e98f4ca9f03abd1fcafcbef25f96221a78c8e9a3a8c974d17b5827416e01fa3192708782278700b8a13681bcd2832ff2ae5551cfdb477ea8f0b13f8c507be94aa86f1fb52924ba96b10c5f5861cf0937e474fe7cfbb84347a48d9a5bb2fa698286023f2ea1216851b7d7b8e204db759c163ba490c31ae8b517163d5d57b882dfacb4308e7796b83f998a4f8762b5eeee0e85440b972a46eed1e3e717ede0dd112a6dc5a5cbc71a9018c4dce90ef5e3437038b83c05562b60417e7f81ca0d93377531fa0582638ca1a4a39fe9973c40ebeee50b5cb6d55974f23dff764517289296908c5432bd92060d721ada9d90dbd4485613a58f338fd527965d1bab5df9317bd6019a8549f175feffed260df04e0ee114c1f04e9920a85b872745e6d261af012e65b5ccf34dd9f942c9693c51bbc56609f563e29c6922c1505af2b9a173160fa1b5575d8d91143638219707f0df7402e638c010fa77932cde29dece0dff0d8e0f4d9bb645757e4194115ca768b26148e8066dbd345f92997cdf1017469081c618ae3855c226e07289a9404326ad6f019afe5588981b7fbaefb168363f46cbc4cf3edd8575245b64f9468972fc9a3516d7b6f72450e1c37ae5dd248e58398151c098efd59bfec1162ee05c4f748b7c0f13eccfc6bd71ce7d93f77f0e6878f2f55bea321204ba04e4b69d2382b35d60676c8e3c63ca92199e9134f59721a2a80cee9c4e7e3075fbc012fc69f0e9307946dfd1214a918eae892508833ea130d300319b54c38310b8a006dcc79a53ffd523101e57e0b0fb9201d37a6ef84b4f0b9a189fdc52dc46f9cae08108b76173c6daad6942268cf0b5fc120e0db99729b8f35f9038fade1a328fdbd08964e01867c667a2e6553b26e0c678d58f6e919a44e1d06a3df4bdecf0c92b29a1a347394ed717d8797fc47b2791a205f9cc3c7145de2150177a432ecc7c1a4823274f773b30b33c2a95d8bcc8e8ff550983dc7f103745f668189ca299ab33c7e1f003f44fbcf6616bfabe4105d7537c4814d24438203fa254668efd0b58bd2b5a34fd5687884967815c68f39be8dbde7b146fc487de3d0249f38e5abaee7b8a33eb8a6522e0c52a91a49990c77a3fa4b6679410b5bb40e56394c7433352290e9fcf8f8d2e581b8e422a1d0802e69f7d21deb2e68675bf64410572b709141cbe17ffc41f9761bdce2f0fe2b17e90280c3c56b0a2ff9cdc47fe8c17f2ffb5d9481c0df7961addc54feec21b7675c9b711c75bd69f29863c2d7fe9930510338fd211e12a56f05ed7444cca5de0be51241de353166d38e08c7f260700e8a16fb3491dfaaba0843c06f17111e1d64baaa5e90631164cf53a7e5ee2701b470e5d0a5bfc62364dc8083db3b39c683f4c167a53ef289085ba686b2ec72e119ec38f8093cf7eb23155d31e852aec81fea7eb1a1551998bb91b46b726fcf670c458853f655167be94db5f9524369ad541d590cb90089c150bb6f379a4f03d935ab6e65a9be43af3001fc99800bc210695b0c749a80d084882827a324da046e421fcc973c2ffe53c235de2f3ebc81ba79c55aa49125539927c2c85fe0c3c6f85ee71818c81fd159739e9df7dfd82900ac67c14ce6c86bd3edaa64c691a0371d2d4167ca68ebc1b4bbbc23994840e20e53516e3bdeeda5d3025f118fea3a7291157bb9ed22cd544c6dd37e649de95b307c6d4c37dc102b51464a3d3cc3ffc4f3c2466278b2f5de6597e136ced64a41d96fc1d773289ba9e0c8b2fa8627ba87189690867402bf73661df6cd230e4ae9b99392075957a5ffbeff81f8723360f6e1b5e7ab2234d4ca100b6f9ce72d1ccc5b349bd47ea38f92de6decc2155fd4cc34d7eed0968ad901c8064c8bd54e59fae7ea9320a6292a0b68f2b204f6bfc773b1e01fe7de2a3dd0a5ec00adbe1c39a193a701ac897fee76fa9c3f18ae53def4676527ac1247cfddfaec56ce1a09fa0d6004d58b13642f981264ce52ac4e19259d34e18a5136e2c064a5d22b1cabb442079e5bab5f9c85d7f01c22171ade59970d7fe593391c5ee9e7cc787bed72da399ea8fe7d39b0e8385f7c67a043e485abda5f77cbe0b89cf0a5b3f326913ab0217b5a1fe2d39427b348573044f8a5d5e4722a73f9d49447ae4f50cea06ecbf46065237ca2c75237f0d93aabff94166ebbf744aa8e3ceb3750bac643416789457f14466f910ab297e62ee05f1782d6541d81cb196b7a3d6ab3f7bbed709e50999b4f28995576d47c620a24acd23ec1c03b14d4238b29e220152f7e4fe4ed496e8f939c5ed0893443d58c37a16b1f2deca1add92f54a3de96695f4852386bf1bd8b4984bf336613d1912db65b8d69690cd4420b733b34d1a7dfc8136068d3b710298ff9405524d20666488ccd7650f6b02285266af3e88f9ad99a26fb5256d7601310d2da89245e70f811a994d85bb138d29786c11746598141abfd195f801c0d86584221c4b1a82470dd4f17bab73271ce4ebdc2e94abf56dc6e047bca8d3988e337c499aed8c1391ab1af615d8ba93e8575e1dd69c595a7835eacb8109c7e719e376590e16a4c16889604047f04674e38425ba8e743ff91fc7e0f172eedcc182e8d42a28c9416e74b7caab5749859d7b231dfae0d573547e27f00f1d0e088aa7acfa6db7de3cfe2df15b076c2174e3f50447a4881045dfe54e1fbd489993bf947d549adadf8337174d64c0a67983fbef163375555bd3f159998794231dbc264f4bfd52b1a655fdd0fd27b1857279a2bc209aee01e8062a2ac5349398c92899744c986d3f472d6059575da3fa9a634ccc778387fecd1f43c6be46777afe156be99d76d11d47b76f194a67a50c5ad9941aaba39cc72fa93698916af7b34656c75796caa682185d09747f9911c95a8e6d095631c58d3cb37ab20e6292a4fd065e2dc2d745e171aaecd0600c54dfcf4212a4bfeaf307099063cbb3b892b96bab588c992613d7c7c6bb3d953ae5410d4c3b18b59003c7721dbc4379b4a4a243f8cb93dd5ad8276608f26201c2bff86e64f43a2bf793517681a1f9ca659f1de4b5ccd5496b40c52349c442c354112565fee597b12efb427eb63e6692fc3bda9b831da0e1afc8dcb2a3aa21fbd444c80f39cfd78c8e26155fd86740c8e225f06a0962abe5f687e6953c3382ee3f4b559b97f2a451df9db76d3084065ddc713aa9b63c0154b386be600a285692140f5e019ed2b01a44ba946a52355baa806e2247dbec3d0a4fb8ff14500fab216e425cb2a158efa9fd79e50b020a9316ef4e3726d08fae1683da67c323c2fbdc97b01860109387a62ef8ba4709cf079041925ce1801a8828d1f73e119be76190b5344e3c82c83d787544a883cd34721dece78e2495ca7e850f2af14395af675e6fda7d5cd7e122f1eb317480c071284cdd53b9c0457ed7b074f5a9f647fa3b5a1aad9f6459a9510af3f9c4f52c698c23c4c6f0022781ce7bdb57c493ed3ae6213e437560290e30cedc90ae400711c2220ae142c099d17cd1fa45f4424df658abc04e47754e0e66f38a7ea83c751181a2ab77d4e95b3c6008ecba7d4aa457d16b2e82fabea5a55244da18d2926153b1ee36471d1a37de2ead7d0650ea582332735c05d0abfa881cd7e841a0f53e8ad4dfb4f70b855c259588172cb1027b5b51f0cad9e89a739d07319e82977716ea71325412ae3ddc0a210e774c3061a623096f354dfd36759ac63bb5a926e7582478cc987", 0x2000, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2.695619118s ago: executing program 5 (id=1207):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000001e00100000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000fcffffffb702000004000000b7030000000000de850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0xc02, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="02070009"], 0x10}}, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r0}, 0x18)

1.75197228s ago: executing program 3 (id=1208):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
r5 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f0000000300)={{{@in=@empty, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in6=@dev}, 0x0, @in=@multicast2}}, 0x0)
fchown(0xffffffffffffffff, r6, 0xee00)
connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
r7 = socket$inet(0x2, 0xa, 0x4)
r8 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'team_slave_0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mq={0x7}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}]}, @TCA_RATE={0x6}]}, 0x58}}, 0x0)

1.656255208s ago: executing program 4 (id=1209):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = dup(r0)
faccessat2(r2, &(0x7f0000000040)='\x00', 0x7, 0x1200)

1.655819593s ago: executing program 1 (id=1210):
r0 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000000)=<r1=>0x0)
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0)
readv(r2, &(0x7f0000000180)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1)
timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
pipe(&(0x7f0000000e00)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
vmsplice(r3, 0x0, 0x0, 0x1)
close(r4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00'}, 0x10)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
fcntl$lock(r5, 0x7, &(0x7f0000000040)={0x1, 0x0, 0xffffffffffffffff, 0xffffffffffffffff})
socket$nl_audit(0x10, 0x3, 0x9)

1.391654602s ago: executing program 4 (id=1211):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="020a0600060000002abd7000ffdbdf25040017"], 0x30}}, 0x44880)

1.19989145s ago: executing program 5 (id=1212):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x5, 0x8, 0xa, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r2, 0x3)
syz_emit_ethernet(0x4a, &(0x7f0000000140)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0200", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x0, 0x0, 0xbae5}}}}}}}, 0x0)

337.441011ms ago: executing program 4 (id=1213):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@newtaction={0x218, 0x30, 0x2, 0x70bd2d, 0x25dfdbff, {}, [{0x204, 0x1, [@m_nat={0x7c, 0x20, 0x0, 0x0, {{0x8}, {0x54, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x5, 0x678e, 0x8, 0x401, 0x7}, @dev={0xac, 0x14, 0x14, 0x1d}, @private=0xa010100, 0xff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x5, 0xfff, 0x2, 0xf, 0xa4b}, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, 0xffffff00}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_tunnel_key={0x154, 0x1d, 0x0, 0x0, {{0xf}, {0x58, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @local}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @rand_addr=0x64010101}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @private2}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x5, 0x5, 0x5, 0x8, 0x5305ffdc}, 0x4}}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0xfffffffd}]}, {0xcd, 0x6, "d88df9ef021ea236a7d1699029dc77d9fd00ce0c514fbb3a758813f82ddb3fe3880b43f994d2e04ea15db1e25efc934decf260e00dd17c6b46fbe19370874a3a9cb5378c0b2c4641a42c1d616920914def20b90a4be3c5b7698f247d7d8c404eefdacbc4dabb342372d24afd589f3ec6122c61b0e9a47e39d192630c65e3970d4c66c9d0d670fc04d957ef64620e5749ba417c5f994be77b301b1463476e75c9148c0784e719247a8785ed82b174e7bd3f243b68e6b1db9f1d0fbf454d5f8997045f663a488ca7e55b"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_ctinfo={0x30, 0x13, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1}}}}]}]}, 0x218}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

224.507051ms ago: executing program 3 (id=1214):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000180)={0x24, r2, 0x62c21a4ade68aba1, 0x0, 0x0, {{0x32}, {@val={0x8, 0x117}, @val={0x8}, @void}}}, 0x24}}, 0x4000000)

212.301414ms ago: executing program 1 (id=1215):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@local, @in, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0x800, 0x0, 0x6}}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x2b}, 0x0, @in6=@mcast1, 0x0, 0x3}}, 0xe8)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000d40)=ANY=[@ANYBLOB="0212000005020000fcffffff0000000001020900008000006bdae99676f5d98b222c1d175b1bde5f2af814867595cca148f284845d6726daecb906b52bcbe4a0671f0cfe91064a71252070eab7b079faae2437c1c6375c071120ac3c3dfb0e5500269ca1cd7c4713a0369feb90311ab8556d5bac400f5ffbe90545162b4d370163c56d991d223d5da19c52bdbff65404e119035c710bccfff638d731934ecdd791b655adfc821d0887903e07df64c986fa6fb88f4a7d0b3f81044ac984488238d0f3c48cf099ab574e73f1a68d600ab06ec38d634b447f1d4aad0dd4f056494500bab1d7792480ea186568121117e75c05a8bde6476b7304bb2b64f14f54921845a91f868fa925cf0a818b9bba4ea375d10464e94cba1fefd1cf5efc16c2e5c1cf9adb172617d21d333c27c4554adf58cd7508fe0eed1a11186e77fce9e4518b7280db2fc8acac72e4934e0ae31d2132afdb95c105813b90284c0f3bd48d2bae45cd2d03aeb092f6ad45692fc26c26909b57d12e3bf2024de3edce03c2dd8cf1081fbc181cb24fb432907ee893125e386edee1e48b5fb72dc536fd879fc356b5bff8ae29afeda341fbb0fbba2d1a133f05b1cac0479743ca5c562d8a9d0ddb7bee5282f97fea614ca3aab3c10d6d6a81f495737f3787737ade4f9af413bc0298d7364c46dbcacedb88aba3b4add5e20c7927ca485152618468c3d23edc4d9cd368d4791e555fd2b8ec465a838f331950b862e23a9d8291dc879d7ea58209a3372319c8a5f2db16e3ebd1e349eb699a79faa391f8cee02ba5e9d1bc0f71b4e912681dfe4716c490dbf06199553c3bac487a1f2964d2f5fd7f064807dd11c3ca2f12c7a3ec79362c247f63d20d3ca52f0474b47c40a394ddfed196dce0259bf849bcb86f2d4919522d46f87443998f7ed5e40da41a80428d3b6e3845a9b377b3c6577add73ead5d1dc4d3620b53818be04d9f7ba74600cf5b462a7ed38b53b701465a152983c8fabe301fc42bebcb7c631e94afec308dee54b51e9c1df0f446fcd47612e90a275e51516310c59eb67c1e3b2da93bd52a7c9c4135fdc36027aad74c3cfd5c6ca6f5ae914a7cab1a3a5d397422163c49c609f53bd370fdecb126cea447defd3d448dadf5079430c058cba11fbb17c14ea71f96091f9a5d3a034ae9b34ac7a0b1d4eca440a51e4cd265911eeba260345b28ac84c065553e9aace53f1f29aa6b80ef7c4070192e4c12cb4389c3476b1f0a69825fdf4de60e9d02266fe9f50cba35775b2103bf85b312b04f3c6bec4b67e1b642a6b9bbef45d28ea1af055bf3c6cc62cb571cfbc4229c7d5aa62a2ed3ce2f42666fa295c71f44263c703d207fb6925f303a3facbd7afa4dccb0b6c37cf8e8a3fdc8ed1cfff049b48a94e50a5631a75589317dbcfd154f16e7dddac2945baf059a2aa4b14b9ac1d411c81dc600343abf5e9c4750e190a5116bab2258d8f1d5e0d3ab740423267be7e21c2eac41ae2aefead42fd71f91c4c3694617fb7fc265a48c3b82eea6e57c90824914847f857deb94c810b34ad53a9824127c2fef4cc5d7fd23307dd90c01bc32c79c2344459a58442b59260d8e21dc41f0b54d5d5433b9fd44ba4803766cacfec5bb5fd1ca3ccbc7c11cfd7274b526b9b61a231499a83831b9be1f708cde614165ce3bd0ccd42ab401bcd35143199d43395107e240e61c3abbcbad69a53ec9205bc2946dab619214ae55dfc6aad9a72683cb84f489efd02f1d439d6abfc4a9d2588c4db6419a7dd6c2387461298941a1d8d5bf4c0e35d0294014f217985cca434d557899c3090c236efe06bc9f2c5dc46f67896d56450a0aa4b6b6247ce45c12a1f547825cbac09f13bb48200ee1f85b00a0ce88723c19449fe2bbe500861bb03dbc2ae489e9b3f5ddaea3b4459be8aebd66cdc054affa87d60e0e86bb0ce56f604f697c5be3cb868e6dad28e3366ef5b6e9a26f8e1ba44d700eda13fa3f589ae638843a8a98c157f25c5e88c3df285e1e70d32110614c51d0e0a74abc7800006cf0d1d3d66e84ec726edc5c52f26f702d182e702be580bf74670201ebeffecc62630b637320626cbac4e9e98c608252e3932da36804e3e1e3ec3bee53bcf0071088c84f2a014b0122dcd9507d6003e63e34d7b59807dd24907e17ba43b83af0b734d9861870f137464be924a415a7607d7c2936c9156f6bc604c51600c558cdf18fe73fffa575443a4174311ecab11cd96572306b00a8998c20bb3879c37c9d400b06f03fd7b54ab24cefc134176df98af05086839f83eeaa9efa3e7629bdb0bc8377020b040e86cf36ff9f2bcc788091c9285b423cc7670a8290c394db287b24533b508a7df6786d571e6be8cd989ea2d1b846a03f24fcdae10333f55461716292e0589efbf61462943b8c8544ac128c8ce01e99ae5ba81cf037e86e1f35271c405c640a8429bc189a749033b831ef71bfb05fa72d2da716f2d86046296f481e4364f7e033dcb4fed15eb0937a66b62143ad51e76242f4cf425d662eeeb179a46a059489c2bbdee163cf5ac3d0fb6441bf171a7c34bbbcf2e3a59e637d35f32301d9d4a85b2a1db1a5cb6fffa7ebec998674711fdfd49297d7ac33f5c89d0999172bc3dad8e76ac1f081e4c1bb755562ff5715361000f56fb464881dfe6abb4f039a139f8fb2e2dca14b895ad3ee1d2835e0cd47051ea34d855b7c8387ef1a85d94b851602cbdb2242a2afb59d26292be2ebbd8ca3b2866b293c1ef2048dd65addb63230643502ab8e9548dfee031ee8306344f89973dc22712ae6896ab40c61e6093c026524da15ca192b1ecd14ec10cebfea7faed1a9bae2be7edf9c53182805fa4af868751ff3758b9c4f7e877dc8e16475592c85bda5a62c1b38938ac3b7031773c06c5eb5539baeb0588e6ede91d2da317a1a823045e375bb4ac29d6dc75d228a4ade916671eccd320ee5c0298650b541d98c4d1e09ed841f1cffbf0c7551c5ae725ad0f77f612829a409becb4e60ccc3cbb80d77e8d9bac59cfcac2c8a4c857f862747473148d9089dc56ed827784a63390eeb78f791c75c4eb3a1efad0f75e062cc4948e4b1b67a373494b88ff819a695ceac580bdd7b2c63222a663432e31b8531ee74d34afa70266ffe08d6ab6439c1b442df9195bd1b729d9ebfa25f326e48f7104303120046b2f1eb45c59a415b68d9cc3f6ca68dadf64748393f4c1f4a5876173ef0c95ea73c682b05e9e05c9a8a1d65500106a980f0a0effa10b93a03715f40f851d122a15fd4b60740a711b1121c146bb59b740ccf8db57b2eee36e4c5a3c6aadaca73b9637cb21f1d87acd9b76885b8694a5d036b6e3dde6ceb589575b6414bef68ae179973b5e04012a3ad10c55f9049ccd757185583633543f556967796eeebb8348e969860fdeb9166f1a431d44a2ae6e73c75d3b891ea014ce2be631c9d1eb301c7043aa03b66218095c0375ed12090e5bc32c44e3ddfbbcbe48f8d396e489db24cd7d8779d659b48193b96374e2937d3087e911b4d1c70cef3b984a72f80ed2f17ef50aab6f5931c897367aa6dd86e8e93de921c611f112f676e34b4ee720f46434b2c70742c1af99bee1b0c72683cd840bbba4e75e3a0128d0ebf1010dea64f896ef3cfd82a73fe329ce53b63697cb7bc0c03e127fd59d3241646f62a25ceb692d9e469c649dec8b693975d718d89394345b684ea2507d295422c88892de4e69c71e2dbf6bfd160a1c20b63e6e21b73d6bb14377ce3578664196f7ab33be87d3fe5772415361f857f6128b7ecd261638f4133f6384b1e2ba1c045985636e818e622460d4ef2af43267efb71168a92d22ec6b337158d3bcff2f0913ece4258ba89b5e19f8cae9c7f87ac8d051247f3635f398404f1d9fb1ace4082dd6897024070dddd7942b566d3f7f2a4fd9ec148397ddb814057c66b738f45ccb08f2f9ed8c5c8735a9c6938b7c5260a8cb0cbfd2bb9656592b4a70f368ecdcc8fdfcd52ad0ea0b9c3152147e9e441519eb1a69bc1b216fda362376ce23729bd384e8579c37aadf759b6c23ea54bfde28652d0b37cbcea221da9125919212cbad64e4aec3075bb70cc7eca71a25cb2a77c898fd775d74d61dcfcbff9d4d20102f3b5c804ccc3bb711b88140508a8802dcb205ebff54cbd9af252f36cf44b2337c382a7562ad6fc035313bff7f7d30a45fe01a083fb744460147a3a4b34b8dcc047607f38ba6b927c93872830e8d0c84031889b29afc2ef3944c4c0a3f3060f337bf0da8c7209e79a81f09330ecbf0024dcf85f7e4ec644867f5343f259825b1f421c51d30f3da87bbcb67946f133c6a4add120054b1b8a16a12a58352d37425f68d55e8e3a0391ed03085fef286214f51ab917906b2b9fcbf6ef85e04ba368f8811f9ec5a3a112c1b498f553e6659ed41b10ad141d921cca6878c7e1960380a2d0f86226f6b7e95a9639b41be4f73c392d3e7b133cfc2009f6a02edcfeb11bd2c84b3fcf50d4cb0d49f770ae2c71c73c766d327fb0c8d79c9908e1f7292eff8657f0ff0542df3127613c31cc2387d270b9510bd0a9709d80ed781b828d3a0f92df1be687206d572066d44b9afcf6b440b7298bf30f657fd9f986debea4f23032f37d711859854a134e7ad44613643eb7104e624e0bc34dddc2dd0ecee2bd04a87b03e06864710c51d561f28718c88ddc35dcbf23f1c5f0ef8149e24949e1d50572f039da9ef0fd29934fc6c7bcc9c44771b0d8c1dd739796eedd036abd78f4f26da1bb680138f9191eac4669d84e4866974257d8438f3253198b0478d33c325f633aaf85d9e6056766d1a17fa6cc1e1d639cf59dd06c1d8c1f4d48ea9ab2c3cc08fa812821eda5f32f17e808c14002aa846ee6f18177d27e6f715462e5562f0f7afbe6f5fa6ec031536b478733270175d928a46bc23cf14ed073854afd5032a8bef43d4c5664e159ffa7e9cdef4fe17c2c5ef36c6e6ddf342d16ce207cfe09b8067f2e48c6bae69b620d8be76725200b63522d766517203c6641e7d891469bf239c7a48d14f7c690e182c4f6a1fd02f2aa1b97dbecb8e120cc0fbd374ff598c53cb505698f94429466b97acb1a0232169e0e19e9ad7e3a41ee63e3b9ddcc0d40385c3d5acbb51e1987821de029bd9dc1fabd200a2e55bf786c52ae9ffc335d8a82e9156705ebfaff0992c1f5bca9d0d020834fea9163fcb691bf06deb6f92b76e2c21b3fa1625910846f3c715cbfb7de75209aec43c1a9acd2b4f833ac3a3883ba23349aa2a439871764c54ac8842a4a10280ff498072928aa1b4ced9ab3d9d27e4b5fab13bb979788848f7a4239896fe73a176a38766ed7fa1e84e88efb12a9c75c2e4431396b192b9dc4fa92343a702538feef01ae577fa443f4b50666bb87fc62577045963e8168981e1b6063b7454345a84dfdb278a4090d155220a18fd21e90a2c84943d947f5079aaa3e04364ffeb8a804df0f6e3c1b45782fcd5a4535940f26636ee79188ccb2ba071e0c832d9e9a9a391e0992e0f6965100ad2e6608d5db25847b2aa794ea6ee9b7687a1f9357320d073d06db8c38fbdc1be781bf53d05a5deeeb9e8d8ff66876b3a88b309d27bb83f8b3390947fd97c9f9ea41b215803088ac254cdab849291ed081e4a0cfd611fb7819d50753121bdda8770ad38d84bfadd9da9d7e9ffa5b9af3b9b8c13d7f73d920173137a6d4d17f2a2d0605926a68623947ee798dffe22746288195a718ae5dbfcc03b7da8a8ff0aa40c133b56c0c3ee95dd1dfaadafbdb37dc17ec84b0a0ce29ad46d50ef4fde31b6ba31c76498091fea2ef0c785be2daf492121dbc2101fd102000a"], 0x1028}}, 0x20000050)

96.085337ms ago: executing program 0 (id=1216):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000140), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000080)={'wg0\x00', <r3=>0x0})
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)={0x54, r1, 0x1, 0x70bd2b, 0x0, {}, [@WGDEVICE_A_PEERS={0x4}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e22}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r3}]}, 0x54}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)

95.752857ms ago: executing program 5 (id=1217):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x5, &(0x7f00000006c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f0000004280)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000004200)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0xeea390, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x50)
read$FUSE(r2, &(0x7f0000008bc0)={0x2020, 0x0, <r4=>0x0}, 0x2020)
readlink(&(0x7f0000000000)='./file0/file0/file0/file0/file0\x00', &(0x7f0000000140)=""/176, 0xb0)
write$FUSE_INIT(r2, &(0x7f0000000280)={0x50, 0x0, r4, {0x7, 0x24}}, 0x50)

95.569028ms ago: executing program 4 (id=1218):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=0x0], 0x4c}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000580)=0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
ftruncate(r2, 0x7f)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f00000001c0)=0x1)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000170000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
socket$inet(0x2, 0x0, 0x400)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
rename(&(0x7f0000000100)='./file0\x00', &(0x7f0000000340)='./file0\x00')
bind$inet6(r4, &(0x7f00000002c0)={0xa, 0x2, 0x40000003, @loopback, 0x7}, 0x1c)
sendto$inet6(r4, &(0x7f00000000c0), 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x3}, 0x1c)
shutdown(r4, 0x1)

60.431677ms ago: executing program 3 (id=1219):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
fsopen(&(0x7f0000000000)='cifs\x00', 0x0)

52.005021ms ago: executing program 1 (id=1220):
socket(0xf, 0x3, 0x100000001)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="4400000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c00028005000100000000"], 0x44}, 0x1, 0x0, 0x0, 0x4000080}, 0x0)

0s ago: executing program 0 (id=1221):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c)
connect$pppl2tp(r1, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
writev(r1, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1)

kernel console output (not intermixed with test programs):

erialNumber: syz
[  255.037931][ T8235] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  255.263328][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  255.272321][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  255.435777][ T8247] netlink: 8 bytes leftover after parsing attributes in process `syz.0.639'.
[  255.564363][ T5912] dvb-usb: found a 'Gigabyte U7000' in cold state, will try to load a firmware
[  255.676927][    T9] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  255.721154][ T5912] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  255.721231][    T9] ath9k_htc: Failed to initialize the device
[  255.763058][ T5912] dib0700: firmware download failed at 7 with -22
[  255.769991][   T52] usb 2-1: ath9k_htc: USB layer deinitialized
[  255.786247][   T30] audit: type=1400 audit(1743999599.842:485): avc:  denied  { module_request } for  pid=8250 comm="syz.3.641" kmod="net-pf-2-proto-2-type-9" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  256.303411][   T30] audit: type=1400 audit(1743999600.362:486): avc:  denied  { write } for  pid=8234 comm="syz.4.636" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  256.332901][   T30] audit: type=1400 audit(1743999600.362:487): avc:  denied  { watch } for  pid=8234 comm="syz.4.636" path="/118/bus/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  258.176965][   T30] audit: type=1400 audit(1743999600.362:488): avc:  denied  { watch_sb watch_reads } for  pid=8234 comm="syz.4.636" path="/118/bus/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  258.460078][ T5872] usb 5-1: USB disconnect, device number 26
[  260.638076][ T8283] tty tty25: ldisc open failed (-12), clearing slot 24
[  261.240109][ T8294] ICMPv6: NA: ff:ff:ff:ff:ff:ff advertised our address fe80::aa on syz_tun!
[  262.149757][    T9] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  262.429659][    T9] usb 3-1: device descriptor read/64, error -71
[  262.734268][   T30] audit: type=1400 audit(1743999606.792:489): avc:  denied  { create } for  pid=8306 comm="syz.3.653" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  262.775819][   T30] audit: type=1400 audit(1743999606.812:490): avc:  denied  { write } for  pid=8306 comm="syz.3.653" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  262.800579][    T9] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  262.882075][   T30] audit: type=1400 audit(1743999606.922:491): avc:  denied  { read } for  pid=8312 comm="syz.3.656" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  262.969685][    T9] usb 3-1: device descriptor read/64, error -71
[  262.985784][   T30] audit: type=1400 audit(1743999606.922:492): avc:  denied  { open } for  pid=8312 comm="syz.3.656" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  263.010563][   T30] audit: type=1400 audit(1743999606.922:493): avc:  denied  { ioctl } for  pid=8312 comm="syz.3.656" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  263.037560][ T8314] random: crng reseeded on system resumption
[  263.079862][    T9] usb usb3-port1: attempt power cycle
[  263.151008][   T30] audit: type=1400 audit(1743999607.212:494): avc:  denied  { ioctl } for  pid=8312 comm="syz.3.656" path="socket:[19023]" dev="sockfs" ino=19023 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  263.408122][   T30] audit: type=1400 audit(1743999607.462:495): avc:  denied  { link } for  pid=8329 comm="syz.1.660" name="#7" dev="tmpfs" ino=708 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  263.441399][ T5904] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  263.449137][    T9] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  263.462133][   T30] audit: type=1400 audit(1743999607.492:496): avc:  denied  { rename } for  pid=8329 comm="syz.1.660" name="#8" dev="tmpfs" ino=708 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  263.492741][    T9] usb 3-1: device descriptor read/8, error -71
[  263.493656][ T8332] futex_wake_op: syz.1.660 tries to shift op by -1; fix this program
[  263.520017][ T8332] tmpfs: Bad value for 'mpol'
[  263.524796][   T30] audit: type=1400 audit(1743999607.582:497): avc:  denied  { mounton } for  pid=8329 comm="syz.1.660" path="/129/bus/file0" dev="overlay" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  263.548197][    C1] vkms_vblank_simulate: vblank timer overrun
[  264.533578][ T5904] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  264.557983][ T5904] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  265.290818][ T5904] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  265.302428][ T5904] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  265.310679][ T5904] usb 4-1: SerialNumber: syz
[  266.264004][ T5904] usb 4-1: 0:2 : does not exist
[  266.268980][ T5904] usb 4-1: unit 5: unexpected type 0x0b
[  266.319074][ T5904] usb 4-1: USB disconnect, device number 10
[  266.483226][ T8358] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8358 comm=syz.2.667
[  266.727680][ T5904] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  266.847936][ T8368] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  266.899693][   T10] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  266.901884][   T53] Bluetooth: hci5: Frame reassembly failed (-84)
[  267.129606][   T10] usb 5-1: Using ep0 maxpacket: 8
[  267.136495][   T10] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  267.147846][   T10] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  267.157811][ T5904] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  267.168263][   T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  267.178112][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.186237][ T5904] usb 4-1: Product: syz
[  267.190538][   T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  267.200542][ T5904] usb 4-1: Manufacturer: syz
[  267.205213][ T5904] usb 4-1: SerialNumber: syz
[  267.209896][   T10] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  267.224678][   T10] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  267.234528][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  267.243212][ T5904] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  267.261363][    T9] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  267.510843][   T10] usb 5-1: GET_CAPABILITIES returned 0
[  267.519848][ T8374] FAULT_INJECTION: forcing a failure.
[  267.519848][ T8374] name failslab, interval 1, probability 0, space 0, times 0
[  267.533930][ T8374] CPU: 0 UID: 0 PID: 8374 Comm: syz.2.670 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  267.533955][ T8374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  267.533964][ T8374] Call Trace:
[  267.533970][ T8374]  <TASK>
[  267.533976][ T8374]  dump_stack_lvl+0x16c/0x1f0
[  267.534002][ T8374]  should_fail_ex+0x512/0x640
[  267.534019][ T8374]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  267.534039][ T8374]  should_failslab+0xc2/0x120
[  267.534056][ T8374]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  267.534070][ T8374]  ? radix_tree_node_alloc.constprop.0+0x7c/0x350
[  267.534085][ T8374]  radix_tree_node_alloc.constprop.0+0x7c/0x350
[  267.534099][ T8374]  idr_get_free+0x528/0xa30
[  267.534116][ T8374]  idr_alloc_u32+0x190/0x2f0
[  267.534128][ T8374]  ? __pfx_idr_alloc_u32+0x10/0x10
[  267.534145][ T8374]  idr_alloc_cyclic+0x10b/0x230
[  267.534158][ T8374]  ? __pfx_idr_alloc_cyclic+0x10/0x10
[  267.534170][ T8374]  ? lockdep_init_map_type+0x5c/0x280
[  267.534180][ T8374]  ? __rwlock_init+0x37/0x150
[  267.534192][ T8374]  afs_lookup_cell+0xe68/0x1680
[  267.534210][ T8374]  ? __pfx_afs_lookup_cell+0x10/0x10
[  267.534226][ T8374]  ? find_held_lock+0x2b/0x80
[  267.534238][ T8374]  ? afs_dynroot_lookup+0x307/0xd60
[  267.534253][ T8374]  afs_dynroot_lookup+0x3d8/0xd60
[  267.534265][ T8374]  ? __pfx_afs_dynroot_lookup+0x10/0x10
[  267.534278][ T8374]  ? lockdep_init_map_type+0x5c/0x280
[  267.534288][ T8374]  ? lockdep_init_map_type+0x5c/0x280
[  267.534300][ T8374]  __lookup_slow+0x24e/0x460
[  267.534314][ T8374]  ? __pfx___lookup_slow+0x10/0x10
[  267.534335][ T8374]  ? lookup_fast+0x156/0x610
[  267.534351][ T8374]  walk_component+0x353/0x5b0
[  267.534367][ T8374]  link_path_walk.part.0.constprop.0+0x682/0xd60
[  267.534387][ T8374]  path_parentat+0xad/0x1b0
[  267.534402][ T8374]  __filename_parentat+0x22f/0x680
[  267.534418][ T8374]  ? __pfx___filename_parentat+0x10/0x10
[  267.534446][ T8374]  ? rcu_is_watching+0x12/0xc0
[  267.534458][ T8374]  ? irqentry_exit+0x3b/0x90
[  267.534473][ T8374]  filename_create+0xbf/0x4a0
[  267.534488][ T8374]  ? __pfx_filename_create+0x10/0x10
[  267.534505][ T8374]  ? filename_create+0x1c/0x4a0
[  267.534521][ T8374]  do_mkdirat+0xaa/0x3e0
[  267.534532][ T8374]  ? __pfx_do_mkdirat+0x10/0x10
[  267.534545][ T8374]  __x64_sys_mkdir+0xef/0x140
[  267.534555][ T8374]  do_syscall_64+0xcd/0x260
[  267.534569][ T8374]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.534580][ T8374] RIP: 0033:0x7f40d578d169
[  267.534588][ T8374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  267.534598][ T8374] RSP: 002b:00007f40d35d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[  267.534608][ T8374] RAX: ffffffffffffffda RBX: 00007f40d59a6160 RCX: 00007f40d578d169
[  267.534614][ T8374] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  267.534620][ T8374] RBP: 00007f40d35d5090 R08: 0000000000000000 R09: 0000000000000000
[  267.534625][ T8374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  267.534631][ T8374] R13: 0000000000000001 R14: 00007f40d59a6160 R15: 00007ffdeda35108
[  267.534643][ T8374]  </TASK>
[  267.843874][   T10] usbtmc 5-1:16.0: can't read capabilities
[  267.932900][ T5912] usb 4-1: USB disconnect, device number 11
[  268.045704][   T10] usb 5-1: USB disconnect, device number 27
[  268.176519][ T8381] FAULT_INJECTION: forcing a failure.
[  268.176519][ T8381] name failslab, interval 1, probability 0, space 0, times 0
[  268.189293][ T8381] CPU: 0 UID: 0 PID: 8381 Comm: syz.0.673 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  268.189316][ T8381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  268.189326][ T8381] Call Trace:
[  268.189332][ T8381]  <TASK>
[  268.189338][ T8381]  dump_stack_lvl+0x16c/0x1f0
[  268.189365][ T8381]  should_fail_ex+0x512/0x640
[  268.189388][ T8381]  should_failslab+0xc2/0x120
[  268.189423][ T8381]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  268.189442][ T8381]  ? skb_clone+0x190/0x3f0
[  268.189465][ T8381]  skb_clone+0x190/0x3f0
[  268.189489][ T8381]  netlink_deliver_tap+0xabd/0xd30
[  268.189514][ T8381]  netlink_unicast+0x6b2/0x7f0
[  268.189539][ T8381]  ? __pfx_netlink_unicast+0x10/0x10
[  268.189567][ T8381]  netlink_ack+0x696/0xb80
[  268.189596][ T8381]  netlink_rcv_skb+0x347/0x440
[  268.189618][ T8381]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  268.189642][ T8381]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  268.189678][ T8381]  ? netlink_deliver_tap+0x1ae/0xd30
[  268.189703][ T8381]  netlink_unicast+0x53a/0x7f0
[  268.189726][ T8381]  ? __pfx_netlink_unicast+0x10/0x10
[  268.189756][ T8381]  netlink_sendmsg+0x8d1/0xdd0
[  268.189782][ T8381]  ? __pfx_netlink_sendmsg+0x10/0x10
[  268.189818][ T8381]  ____sys_sendmsg+0xa95/0xc70
[  268.189844][ T8381]  ? copy_msghdr_from_user+0x10a/0x160
[  268.189864][ T8381]  ? __pfx_____sys_sendmsg+0x10/0x10
[  268.189898][ T8381]  ___sys_sendmsg+0x134/0x1d0
[  268.189919][ T8381]  ? __pfx____sys_sendmsg+0x10/0x10
[  268.189970][ T8381]  __sys_sendmsg+0x16d/0x220
[  268.189991][ T8381]  ? __pfx___sys_sendmsg+0x10/0x10
[  268.190018][ T8381]  ? rcu_is_watching+0x12/0xc0
[  268.190047][ T8381]  do_syscall_64+0xcd/0x260
[  268.190071][ T8381]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  268.190087][ T8381] RIP: 0033:0x7f6ce838d169
[  268.190102][ T8381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  268.190118][ T8381] RSP: 002b:00007f6ce9175038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  268.190134][ T8381] RAX: ffffffffffffffda RBX: 00007f6ce85a5fa0 RCX: 00007f6ce838d169
[  268.190143][ T8381] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000004
[  268.190152][ T8381] RBP: 00007f6ce9175090 R08: 0000000000000000 R09: 0000000000000000
[  268.190162][ T8381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  268.190171][ T8381] R13: 0000000000000000 R14: 00007f6ce85a5fa0 R15: 00007ffffe3db4d8
[  268.190194][ T8381]  </TASK>
[  268.465609][    T9] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  268.472689][    T9] ath9k_htc: Failed to initialize the device
[  268.484552][ T5912] usb 4-1: ath9k_htc: USB layer deinitialized
[  268.870545][ T5833] Bluetooth: hci5: command 0x1003 tx timeout
[  268.877038][ T5836] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  269.108822][ T8393] netlink: 8 bytes leftover after parsing attributes in process `syz.3.678'.
[  269.118801][ T8393] syz.3.678 (8393): /proc/8392/oom_adj is deprecated, please use /proc/8392/oom_score_adj instead.
[  269.339655][   T10] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  270.124126][ T8411] FAULT_INJECTION: forcing a failure.
[  270.124126][ T8411] name failslab, interval 1, probability 0, space 0, times 0
[  270.136839][ T8411] CPU: 0 UID: 0 PID: 8411 Comm: syz.0.680 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  270.136861][ T8411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  270.136871][ T8411] Call Trace:
[  270.136877][ T8411]  <TASK>
[  270.136883][ T8411]  dump_stack_lvl+0x16c/0x1f0
[  270.136910][ T8411]  should_fail_ex+0x512/0x640
[  270.136928][ T8411]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  270.136948][ T8411]  should_failslab+0xc2/0x120
[  270.136966][ T8411]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  270.136984][ T8411]  ? __alloc_skb+0x2b2/0x380
[  270.137006][ T8411]  __alloc_skb+0x2b2/0x380
[  270.137024][ T8411]  ? __pfx___alloc_skb+0x10/0x10
[  270.137045][ T8411]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  270.137072][ T8411]  netlink_alloc_large_skb+0x69/0x130
[  270.137095][ T8411]  netlink_sendmsg+0x6a1/0xdd0
[  270.137120][ T8411]  ? __pfx_netlink_sendmsg+0x10/0x10
[  270.137151][ T8411]  ____sys_sendmsg+0xa95/0xc70
[  270.137175][ T8411]  ? copy_msghdr_from_user+0x10a/0x160
[  270.137194][ T8411]  ? __pfx_____sys_sendmsg+0x10/0x10
[  270.137229][ T8411]  ___sys_sendmsg+0x134/0x1d0
[  270.137250][ T8411]  ? __pfx____sys_sendmsg+0x10/0x10
[  270.137300][ T8411]  __sys_sendmsg+0x16d/0x220
[  270.137320][ T8411]  ? __pfx___sys_sendmsg+0x10/0x10
[  270.137355][ T8411]  do_syscall_64+0xcd/0x260
[  270.137378][ T8411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.137394][ T8411] RIP: 0033:0x7f6ce838d169
[  270.137407][ T8411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  270.137423][ T8411] RSP: 002b:00007f6ce9133038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  270.137438][ T8411] RAX: ffffffffffffffda RBX: 00007f6ce85a6160 RCX: 00007f6ce838d169
[  270.137449][ T8411] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000005
[  270.137458][ T8411] RBP: 00007f6ce9133090 R08: 0000000000000000 R09: 0000000000000000
[  270.137467][ T8411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  270.137477][ T8411] R13: 0000000000000000 R14: 00007f6ce85a6160 R15: 00007ffffe3db4d8
[  270.137498][ T8411]  </TASK>
[  270.363056][ T8412] netlink: 'syz.4.681': attribute type 10 has an invalid length.
[  270.374177][ T8412] bridge0: port 2(bridge_slave_1) entered disabled state
[  270.381487][ T8412] bridge0: port 1(bridge_slave_0) entered disabled state
[  270.626243][ T8412] bridge0: port 2(bridge_slave_1) entered blocking state
[  270.633390][ T8412] bridge0: port 2(bridge_slave_1) entered forwarding state
[  270.640767][ T8412] bridge0: port 1(bridge_slave_0) entered blocking state
[  270.648595][ T8412] bridge0: port 1(bridge_slave_0) entered forwarding state
[  270.658639][ T8412] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  270.690412][ T8410] netlink: 4 bytes leftover after parsing attributes in process `syz.4.681'.
[  270.700876][ T8410] bridge_slave_1: left allmulticast mode
[  270.706531][ T8410] bridge_slave_1: left promiscuous mode
[  270.713034][ T8410] bridge0: port 2(bridge_slave_1) entered disabled state
[  270.844966][ T8410] bridge_slave_0: left allmulticast mode
[  270.853319][ T8410] bridge_slave_0: left promiscuous mode
[  270.860262][ T8410] bridge0: port 1(bridge_slave_0) entered disabled state
[  271.084046][ T8410] bond0: (slave bridge0): Releasing backup interface
[  271.469061][ T8428] ICMPv6: NA: ff:ff:ff:ff:ff:ff advertised our address fe80::aa on syz_tun!
[  271.947177][ T5904] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  272.131300][ T5904] usb 4-1: config 0 has no interfaces?
[  272.154596][ T5904] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  272.674187][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.682979][ T5904] usb 4-1: Product: syz
[  272.687151][ T5904] usb 4-1: Manufacturer: syz
[  272.692166][ T5904] usb 4-1: SerialNumber: syz
[  272.698769][ T5904] usb 4-1: config 0 descriptor??
[  273.405428][ T8446] netlink: 60 bytes leftover after parsing attributes in process `syz.1.692'.
[  275.022790][    T9] usb 4-1: USB disconnect, device number 12
[  275.766105][   T10] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  276.851876][   T10] usb 2-1: Using ep0 maxpacket: 16
[  276.906076][   T10] usb 2-1: config index 0 descriptor too short (expected 16456, got 72)
[  276.936221][   T10] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  276.958677][   T10] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  276.979781][   T10] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  276.999228][   T10] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  277.022483][   T10] usb 2-1: config 0 has no interface number 0
[  277.028617][   T10] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  277.042108][   T10] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  277.061475][   T10] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  277.071945][   T10] usb 2-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  277.100678][   T10] usb 2-1: config 0 interface 125 has no altsetting 0
[  277.113945][   T10] usb 2-1: config 0 interface 125 has no altsetting 2
[  277.134697][   T10] usb 2-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  277.144180][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.170732][   T10] usb 2-1: Product: syz
[  277.180538][   T10] usb 2-1: Manufacturer: syz
[  277.195412][   T10] usb 2-1: SerialNumber: syz
[  277.218100][   T10] usb 2-1: config 0 descriptor??
[  277.241413][   T10] usb 2-1: selecting invalid altsetting 2
[  278.242800][   T30] audit: type=1400 audit(1743999622.302:498): avc:  denied  { ioctl } for  pid=8479 comm="syz.3.702" path="socket:[19256]" dev="sockfs" ino=19256 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  278.267311][    C1] vkms_vblank_simulate: vblank timer overrun
[  278.483468][   T10] get_1284_register timeout
[  278.499597][   T10] uss720 2-1:0.125: probe with driver uss720 failed with error -5
[  278.507480][    C0] usb 2-1: async_complete: urb error -104
[  278.534135][   T10] usb 2-1: USB disconnect, device number 25
[  280.143234][ T8503] netlink: 60 bytes leftover after parsing attributes in process `syz.1.706'.
[  280.464214][ T8511] netlink: 32 bytes leftover after parsing attributes in process `syz.0.708'.
[  280.493597][ T8511] netlink: 32 bytes leftover after parsing attributes in process `syz.0.708'.
[  280.747819][ T8518] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  280.979561][   T10] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  281.175153][   T10] usb 5-1: config 0 has no interfaces?
[  281.193890][   T10] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  281.200547][ T8525] cgroup: noprefix used incorrectly
[  281.206618][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  281.249575][   T10] usb 5-1: Product: syz
[  281.253824][   T10] usb 5-1: Manufacturer: syz
[  281.258421][   T10] usb 5-1: SerialNumber: syz
[  281.327565][   T10] usb 5-1: config 0 descriptor??
[  281.834476][ T8534] netlink: 60 bytes leftover after parsing attributes in process `syz.0.713'.
[  282.658528][ T8539] random: crng reseeded on system resumption
[  283.101016][ T8554] netlink: 16 bytes leftover after parsing attributes in process `syz.3.719'.
[  283.511150][   T10] usb 5-1: USB disconnect, device number 29
[  283.919879][   T10] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  284.109672][   T10] usb 5-1: Using ep0 maxpacket: 16
[  285.625958][   T10] usb 5-1: config index 0 descriptor too short (expected 16456, got 72)
[  286.339136][   T10] usb 5-1: config 0 has an invalid interface number: 125 but max is 1
[  286.352933][   T10] usb 5-1: config 0 has an invalid interface number: 125 but max is 1
[  286.361394][   T10] usb 5-1: config 0 has an invalid interface number: 125 but max is 1
[  286.370272][   T10] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  286.379209][   T10] usb 5-1: config 0 has no interface number 0
[  286.385769][   T10] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  286.398912][   T10] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  286.459460][ T8567] FAULT_INJECTION: forcing a failure.
[  286.459460][ T8567] name failslab, interval 1, probability 0, space 0, times 0
[  286.472911][ T8567] CPU: 0 UID: 0 PID: 8567 Comm: syz.0.722 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  286.472934][ T8567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  286.472943][ T8567] Call Trace:
[  286.472949][ T8567]  <TASK>
[  286.472955][ T8567]  dump_stack_lvl+0x16c/0x1f0
[  286.472982][ T8567]  should_fail_ex+0x512/0x640
[  286.473000][ T8567]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  286.473021][ T8567]  should_failslab+0xc2/0x120
[  286.473040][ T8567]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  286.473055][ T8567]  ? trace_sched_exit_tp+0xde/0x130
[  286.473080][ T8567]  ? __alloc_skb+0x2b2/0x380
[  286.473102][ T8567]  __alloc_skb+0x2b2/0x380
[  286.473120][ T8567]  ? __pfx___alloc_skb+0x10/0x10
[  286.473139][ T8567]  ? __mutex_trylock_common+0xe9/0x250
[  286.473163][ T8567]  netlink_dump+0x698/0xd00
[  286.473187][ T8567]  ? __pfx_netlink_dump+0x10/0x10
[  286.473223][ T8567]  ? __netlink_dump_start+0x190/0x990
[  286.473243][ T8567]  ? __netlink_dump_start+0x23d/0x990
[  286.473267][ T8567]  __netlink_dump_start+0x6d6/0x990
[  286.473292][ T8567]  unix_diag_handler_dump+0x3b2/0xa10
[  286.473314][ T8567]  ? rcu_is_watching+0x12/0xc0
[  286.473334][ T8567]  ? irqentry_exit+0x3b/0x90
[  286.473355][ T8567]  ? __pfx_unix_diag_handler_dump+0x10/0x10
[  286.473372][ T8567]  ? __pfx_unix_diag_dump+0x10/0x10
[  286.473394][ T8567]  ? sock_diag_rcv_msg+0x1e4/0x790
[  286.473415][ T8567]  sock_diag_rcv_msg+0x437/0x790
[  286.473435][ T8567]  netlink_rcv_skb+0x16a/0x440
[  286.473456][ T8567]  ? __pfx_sock_diag_rcv_msg+0x10/0x10
[  286.473475][ T8567]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  286.473495][ T8567]  ? find_held_lock+0x2b/0x80
[  286.473537][ T8567]  netlink_unicast+0x53a/0x7f0
[  286.473568][ T8567]  ? __pfx_netlink_unicast+0x10/0x10
[  286.473597][ T8567]  netlink_sendmsg+0x8d1/0xdd0
[  286.473623][ T8567]  ? __pfx_netlink_sendmsg+0x10/0x10
[  286.473654][ T8567]  sock_write_iter+0x4fc/0x5b0
[  286.473679][ T8567]  ? __pfx_sock_write_iter+0x10/0x10
[  286.473712][ T8567]  ? bpf_lsm_file_permission+0x9/0x10
[  286.473735][ T8567]  ? security_file_permission+0x71/0x210
[  286.473759][ T8567]  ? rw_verify_area+0xcf/0x680
[  286.473785][ T8567]  vfs_write+0x5ba/0x1180
[  286.473800][ T8567]  ? __pfx_sock_write_iter+0x10/0x10
[  286.473827][ T8567]  ? __pfx_vfs_write+0x10/0x10
[  286.473840][ T8567]  ? find_held_lock+0x2b/0x80
[  286.473877][ T8567]  ksys_write+0x205/0x240
[  286.473891][ T8567]  ? __pfx_ksys_write+0x10/0x10
[  286.473912][ T8567]  do_syscall_64+0xcd/0x260
[  286.473936][ T8567]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.473953][ T8567] RIP: 0033:0x7f6ce838d169
[  286.473967][ T8567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  286.473982][ T8567] RSP: 002b:00007f6ce9133038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  286.473998][ T8567] RAX: ffffffffffffffda RBX: 00007f6ce85a6160 RCX: 00007f6ce838d169
[  286.474008][ T8567] RDX: 0000000000000029 RSI: 0000200000000100 RDI: 0000000000000009
[  286.474018][ T8567] RBP: 00007f6ce9133090 R08: 0000000000000000 R09: 0000000000000000
[  286.474027][ T8567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  286.474036][ T8567] R13: 0000000000000000 R14: 00007f6ce85a6160 R15: 00007ffffe3db4d8
[  286.474059][ T8567]  </TASK>
[  286.475168][ T8567] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=8567 comm=syz.0.722
[  286.817627][   T10] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  286.827846][   T10] usb 5-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  286.841343][   T10] usb 5-1: config 0 interface 125 has no altsetting 0
[  286.848127][   T10] usb 5-1: config 0 interface 125 has no altsetting 2
[  286.872965][   T10] usb 5-1: string descriptor 0 read error: -71
[  286.894997][   T10] usb 5-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  286.926597][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  286.939615][    T9] usb 4-1: new full-speed USB device number 13 using dummy_hcd
[  287.312572][    T9] usb 4-1: device descriptor read/all, error -71
[  287.321135][   T10] usb 5-1: config 0 descriptor??
[  287.332277][   T10] usb 5-1: can't set config #0, error -71
[  287.429702][   T10] usb 5-1: USB disconnect, device number 30
[  287.438729][ T8576] ubi: mtd0 is already attached to ubi31
[  287.797178][   T30] audit: type=1400 audit(1743999631.762:499): avc:  denied  { audit_read } for  pid=8572 comm="syz.0.726" capability=37  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  287.838344][ T8583] FAULT_INJECTION: forcing a failure.
[  287.838344][ T8583] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  287.851742][ T8583] CPU: 1 UID: 0 PID: 8583 Comm: syz.4.728 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  287.851757][ T8583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  287.851763][ T8583] Call Trace:
[  287.851766][ T8583]  <TASK>
[  287.851770][ T8583]  dump_stack_lvl+0x16c/0x1f0
[  287.851788][ T8583]  should_fail_ex+0x512/0x640
[  287.851802][ T8583]  _copy_from_user+0x2e/0xd0
[  287.851814][ T8583]  input_event_from_user+0x133/0x3b0
[  287.851830][ T8583]  ? __pfx_input_event_from_user+0x10/0x10
[  287.851845][ T8583]  ? __pfx___might_resched+0x10/0x10
[  287.851859][ T8583]  ? input_inject_event+0x1a5/0x390
[  287.851877][ T8583]  evdev_write+0x37b/0x750
[  287.851893][ T8583]  ? __pfx_evdev_write+0x10/0x10
[  287.851908][ T8583]  ? bpf_lsm_file_permission+0x9/0x10
[  287.851922][ T8583]  ? security_file_permission+0x71/0x210
[  287.851938][ T8583]  ? rw_verify_area+0xcf/0x680
[  287.851954][ T8583]  vfs_write+0x25c/0x1180
[  287.851961][ T8583]  ? __pfx_evdev_write+0x10/0x10
[  287.851978][ T8583]  ? __pfx_vfs_write+0x10/0x10
[  287.851985][ T8583]  ? find_held_lock+0x2b/0x80
[  287.851998][ T8583]  ? __fget_files+0x204/0x3c0
[  287.852010][ T8583]  ? __fget_files+0x20e/0x3c0
[  287.852022][ T8583]  ksys_write+0x205/0x240
[  287.852031][ T8583]  ? __pfx_ksys_write+0x10/0x10
[  287.852043][ T8583]  do_syscall_64+0xcd/0x260
[  287.852058][ T8583]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.852068][ T8583] RIP: 0033:0x7f65e558d169
[  287.852081][ T8583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.852095][ T8583] RSP: 002b:00007f65e63f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  287.852106][ T8583] RAX: ffffffffffffffda RBX: 00007f65e57a6080 RCX: 00007f65e558d169
[  287.852112][ T8583] RDX: 0000000000002250 RSI: 0000200000000040 RDI: 0000000000000005
[  287.852118][ T8583] RBP: 00007f65e63f7090 R08: 0000000000000000 R09: 0000000000000000
[  287.852123][ T8583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  287.852129][ T8583] R13: 0000000000000000 R14: 00007f65e57a6080 R15: 00007ffd27d16cb8
[  287.852141][ T8583]  </TASK>
[  288.069862][    C1] vkms_vblank_simulate: vblank timer overrun
[  288.145018][ T5833] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  288.153336][ T5833] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  288.161154][ T5833] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  288.168649][ T5833] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  288.176446][ T5833] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  288.258425][   T13] Bluetooth: hci6: Frame reassembly failed (-84)
[  288.320855][   T30] audit: type=1400 audit(1743999632.272:500): avc:  denied  { mounton } for  pid=8585 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  288.370191][ T8573] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  288.455215][ T8588] random: crng reseeded on system resumption
[  288.676046][ T8585] chnl_net:caif_netlink_parms(): no params data found
[  288.856738][   T70] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  289.225988][ T8585] bridge0: port 1(bridge_slave_0) entered blocking state
[  289.234255][ T8585] bridge0: port 1(bridge_slave_0) entered disabled state
[  289.241899][ T8585] bridge_slave_0: entered allmulticast mode
[  289.248775][ T8585] bridge_slave_0: entered promiscuous mode
[  289.256146][ T8585] bridge0: port 2(bridge_slave_1) entered blocking state
[  289.264316][ T8585] bridge0: port 2(bridge_slave_1) entered disabled state
[  289.271789][ T8585] bridge_slave_1: entered allmulticast mode
[  289.278516][ T8585] bridge_slave_1: entered promiscuous mode
[  289.305642][   T70] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  289.328890][ T8585] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  289.343128][ T8585] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  289.370367][   T70] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  289.396007][ T8585] team0: Port device team_slave_0 added
[  289.405169][ T8585] team0: Port device team_slave_1 added
[  289.447553][   T70] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  289.489739][ T8585] batman_adv: batadv0: Adding interface: batadv_slave_0
[  289.496814][ T8585] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  289.528318][ T8585] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  289.740875][ T8585] batman_adv: batadv0: Adding interface: batadv_slave_1
[  289.842141][ T8585] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  289.883817][ T8585] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  290.110824][ T8585] hsr_slave_0: entered promiscuous mode
[  290.116947][ T8585] hsr_slave_1: entered promiscuous mode
[  290.123375][ T8585] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  290.131287][ T8585] Cannot create hsr debugfs directory
[  290.202561][ T8616] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=8616 comm=syz.4.735
[  290.281021][ T5833] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  290.299752][ T5833] Bluetooth: hci5: command tx timeout
[  291.137538][   T70] bridge_slave_1: left allmulticast mode
[  291.143540][   T70] bridge_slave_1: left promiscuous mode
[  291.150676][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[  291.166365][   T70] bridge_slave_0: left allmulticast mode
[  291.172853][   T70] bridge_slave_0: left promiscuous mode
[  291.287698][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[  292.348471][ T5833] Bluetooth: hci4: unexpected subevent 0x1d length: 1 < 14
[  292.379861][ T5833] Bluetooth: hci5: command tx timeout
[  293.079720][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  293.146489][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  293.177000][   T70] bond0 (unregistering): Released all slaves
[  293.922650][ T8585] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  293.994708][ T8585] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  294.463674][ T8637] random: crng reseeded on system resumption
[  294.477384][ T5833] Bluetooth: hci5: command tx timeout
[  294.522866][ T8585] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  294.768966][ T8585] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  295.033484][ T8585] 8021q: adding VLAN 0 to HW filter on device bond0
[  295.176789][ T8664] netlink: 60 bytes leftover after parsing attributes in process `syz.1.745'.
[  295.582754][ T8585] 8021q: adding VLAN 0 to HW filter on device team0
[  295.599078][ T6263] bridge0: port 1(bridge_slave_0) entered blocking state
[  295.606215][ T6263] bridge0: port 1(bridge_slave_0) entered forwarding state
[  295.696764][ T6263] bridge0: port 2(bridge_slave_1) entered blocking state
[  295.703928][ T6263] bridge0: port 2(bridge_slave_1) entered forwarding state
[  296.186875][   T10] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  296.263145][ T8673] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  296.371292][   T10] usb 2-1: config 0 has no interfaces?
[  296.379229][   T10] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  296.380232][ T8585] 8021q: adding VLAN 0 to HW filter on device batadv0
[  296.543036][ T5825] Bluetooth: hci5: command tx timeout
[  297.112732][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  297.125277][   T10] usb 2-1: Product: syz
[  297.129460][   T10] usb 2-1: Manufacturer: syz
[  297.134154][   T10] usb 2-1: SerialNumber: syz
[  297.142360][   T10] usb 2-1: config 0 descriptor??
[  297.245330][ T8690] vlan2: entered allmulticast mode
[  297.252449][ T8690] bridge_slave_0: entered allmulticast mode
[  297.282963][ T8585] veth0_vlan: entered promiscuous mode
[  297.292824][ T8585] veth1_vlan: entered promiscuous mode
[  297.313888][ T8585] veth0_macvtap: entered promiscuous mode
[  297.326947][ T8585] veth1_macvtap: entered promiscuous mode
[  297.356951][ T8585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  297.368825][ T8585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  297.384178][ T8585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  297.394713][ T8585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  297.406351][ T8693] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  297.407372][ T8585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  297.420574][ T8693] syz.4.753: vmalloc error: size 4096, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  297.430255][ T8585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  297.441966][ T8693] CPU: 0 UID: 0 PID: 8693 Comm: syz.4.753 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  297.441985][ T8693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  297.441993][ T8693] Call Trace:
[  297.441999][ T8693]  <TASK>
[  297.442004][ T8693]  dump_stack_lvl+0x16c/0x1f0
[  297.442027][ T8693]  warn_alloc+0x248/0x3a0
[  297.442046][ T8693]  ? __pfx_warn_alloc+0x10/0x10
[  297.442062][ T8693]  ? alloc_pages_mpol+0x25a/0x550
[  297.442079][ T8693]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  297.442103][ T8693]  __vmalloc_node_range_noprof+0x12d2/0x1540
[  297.442132][ T8693]  ? vhost_task_create+0x1d2/0x2e0
[  297.442153][ T8693]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  297.442178][ T8693]  ? rcu_is_watching+0x12/0xc0
[  297.442197][ T8693]  ? vhost_task_create+0x1d2/0x2e0
[  297.442210][ T8693]  __vmalloc_node_noprof+0x74/0xa0
[  297.442230][ T8693]  ? vhost_task_create+0x1d2/0x2e0
[  297.442245][ T8693]  copy_process+0x2ead/0x91a0
[  297.442263][ T8693]  ? kasan_save_track+0x14/0x30
[  297.442276][ T8693]  ? __kasan_kmalloc+0xaa/0xb0
[  297.442287][ T8693]  ? vhost_task_create+0xe5/0x2e0
[  297.442300][ T8693]  ? kvm_mmu_post_init_vm+0x1b7/0x370
[  297.442313][ T8693]  ? kvm_arch_vcpu_ioctl_run+0x66/0x18c0
[  297.442333][ T8693]  ? kvm_vcpu_ioctl+0x5e9/0x1680
[  297.442352][ T8693]  ? __x64_sys_ioctl+0x190/0x200
[  297.442370][ T8693]  ? do_syscall_64+0xcd/0x260
[  297.442393][ T8693]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.442418][ T8693]  ? __pfx_copy_process+0x10/0x10
[  297.442449][ T8693]  ? lockdep_init_map_type+0x5c/0x280
[  297.442465][ T8693]  ? lockdep_init_map_type+0x5c/0x280
[  297.442479][ T8693]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  297.442495][ T8693]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  297.442515][ T8693]  vhost_task_create+0x1d2/0x2e0
[  297.442529][ T8693]  ? __pfx_vhost_task_create+0x10/0x10
[  297.442543][ T8693]  ? register_lock_class+0x41/0x4c0
[  297.442562][ T8693]  ? __pfx_vhost_task_fn+0x10/0x10
[  297.442578][ T8693]  ? kvm_vcpu_ioctl+0x27e/0x1680
[  297.442605][ T8693]  kvm_mmu_post_init_vm+0x1b7/0x370
[  297.442621][ T8693]  kvm_arch_vcpu_ioctl_run+0x66/0x18c0
[  297.442641][ T8693]  ? kvm_vcpu_ioctl+0x14c2/0x1680
[  297.442666][ T8693]  kvm_vcpu_ioctl+0x5e9/0x1680
[  297.442689][ T8693]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  297.442716][ T8693]  ? ioctl_has_perm.constprop.0.isra.0+0x2fe/0x450
[  297.442740][ T8693]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  297.442768][ T8693]  ? hook_file_ioctl_common+0x145/0x410
[  297.442787][ T8693]  ? selinux_file_ioctl+0x180/0x270
[  297.442806][ T8693]  ? selinux_file_ioctl+0xb4/0x270
[  297.442827][ T8693]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  297.442849][ T8693]  __x64_sys_ioctl+0x190/0x200
[  297.442869][ T8693]  do_syscall_64+0xcd/0x260
[  297.442888][ T8693]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.442901][ T8693] RIP: 0033:0x7f65e558d169
[  297.442914][ T8693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  297.442927][ T8693] RSP: 002b:00007f65e6418038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  297.442941][ T8693] RAX: ffffffffffffffda RBX: 00007f65e57a5fa0 RCX: 00007f65e558d169
[  297.442949][ T8693] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000b
[  297.442957][ T8693] RBP: 00007f65e6418090 R08: 0000000000000000 R09: 0000000000000000
[  297.442966][ T8693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  297.442974][ T8693] R13: 0000000000000000 R14: 00007f65e57a5fa0 R15: 00007ffd27d16cb8
[  297.442993][ T8693]  </TASK>
[  297.443030][ T8693] Mem-Info:
[  297.454951][ T8585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  297.467660][ T8693] active_anon:4036 inactive_anon:0 isolated_anon:0
[  297.467660][ T8693]  active_file:16060 inactive_file:38681 isolated_file:0
[  297.467660][ T8693]  unevictable:768 dirty:333 writeback:0
[  297.467660][ T8693]  slab_reclaimable:6818 slab_unreclaimable:101514
[  297.467660][ T8693]  mapped:29479 shmem:1410 pagetables:781
[  297.467660][ T8693]  sec_pagetables:0 bounce:0
[  297.467660][ T8693]  kernel_misc_reclaimable:0
[  297.467660][ T8693]  free:1326555 free_pcp:444 free_cma:0
[  297.475821][ T8585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  297.477198][ T8693] Node 0 active_anon:16144kB inactive_anon:0kB active_file:64240kB inactive_file:154648kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:117916kB dirty:1332kB writeback:0kB shmem:4104kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11344kB pagetables:3124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  297.479332][ T8585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  297.484403][ T8693] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  297.488400][ T8585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  297.493568][ T8693] Node 0 
[  297.511607][ T8585] batman_adv: batadv0: Interface activated: batadv_slave_0
[  297.515723][ T8693] DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  297.534242][ T8585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  297.538101][ T8693] lowmem_reserve[]:
[  297.545260][ T8585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  297.548219][ T8693]  0
[  297.553375][ T8585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  297.557678][ T8693]  2481
[  297.566219][ T8585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  297.568787][ T8693]  2483
[  297.574962][ T8585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  297.579568][ T8693]  2483
[  297.586041][ T8585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  297.588185][ T8693]  2483
[  297.594712][ T8585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  297.599923][ T8693] 
[  297.606895][ T8585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  297.610632][ T8693] Node 0 
[  297.626193][ T8585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  297.630196][ T8693] DMA32 free:1381920kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB active_anon:16116kB inactive_anon:0kB active_file:64240kB inactive_file:153072kB unevictable:1536kB writepending:1332kB present:3129332kB managed:2541536kB mlocked:0kB bounce:0kB free_pcp:5116kB local_pcp:564kB free_cma:0kB
[  297.630270][ T8693] lowmem_reserve[]: 0 0 1 1 1
[  297.630306][ T8693] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:28kB free_cma:0kB
[  297.630348][ T8693] lowmem_reserve[]: 0 0 0 0 0
[  297.643169][ T8585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  297.646803][ T8693] 
[  297.652781][ T8585] batman_adv: batadv0: Interface activated: batadv_slave_1
[  297.656965][ T8693] Node 1 
[  297.679215][ T8585] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  297.684418][ T8693] Normal free:3909940kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  297.693936][ T8585] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  297.697155][ T8693] lowmem_reserve[]:
[  297.702553][ T8585] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  297.707577][ T8693]  0
[  297.715304][ T8585] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  297.717792][ T8693]  0
[  298.242838][ T5833] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  298.287679][ T8693]  0 0 0
[  298.290665][ T8693] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  298.318112][ T8693] Node 0 DMA32: 575*4kB (UME) 1001*8kB (UME) 715*16kB (ME) 764*32kB (UME) 463*64kB (UME) 89*128kB (UME) 48*256kB (UME) 41*512kB (UME) 19*1024kB (UME) 10*2048kB (UME) 299*4096kB (UM) = 1385140kB
[  298.341887][ T8693] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[  298.355065][ T8693] Node 1 Normal: 191*4kB (UME) 51*8kB (UME) 40*16kB (UME) 197*32kB (UME) 96*64kB (UME) 25*128kB (UME) 13*256kB (UME) 4*512kB (UM) 4*1024kB (UME) 4*2048kB (UE) 946*4096kB (M) = 3909940kB
[  298.374139][ T8693] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  298.390628][ T8693] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  298.402295][ T8693] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  298.413351][ T8693] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  298.438277][ T8693] 56151 total pagecache pages
[  298.446880][ T8693] 0 pages in swap cache
[  298.451992][ T8693] Free swap  = 124996kB
[  298.456411][ T8693] Total swap = 124996kB
[  298.461917][ T8693] 2097051 pages RAM
[  298.465885][ T8693] 0 pages HighMem/MovableOnly
[  298.470984][ T8693] 429625 pages reserved
[  298.475296][ T8693] 0 pages cma reserved
[  298.558530][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  298.577958][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  298.596937][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  298.608061][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  298.634901][   T30] audit: type=1400 audit(1743999642.692:501): avc:  denied  { mounton } for  pid=8585 comm="syz-executor" path="/root/syzkaller.F0Xykh/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  298.643794][ T8702] FAULT_INJECTION: forcing a failure.
[  298.643794][ T8702] name failslab, interval 1, probability 0, space 0, times 0
[  298.679197][ T8702] CPU: 1 UID: 0 PID: 8702 Comm: syz.4.756 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  298.679223][ T8702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  298.679233][ T8702] Call Trace:
[  298.679238][ T8702]  <TASK>
[  298.679245][ T8702]  dump_stack_lvl+0x16c/0x1f0
[  298.679272][ T8702]  should_fail_ex+0x512/0x640
[  298.679290][ T8702]  ? fs_reclaim_acquire+0xae/0x150
[  298.679314][ T8702]  ? tomoyo_encode2+0x100/0x3e0
[  298.679336][ T8702]  should_failslab+0xc2/0x120
[  298.679354][ T8702]  __kmalloc_noprof+0xd2/0x510
[  298.679369][ T8702]  ? d_absolute_path+0x136/0x1a0
[  298.679394][ T8702]  tomoyo_encode2+0x100/0x3e0
[  298.679420][ T8702]  tomoyo_encode+0x29/0x50
[  298.679441][ T8702]  tomoyo_realpath_from_path+0x18f/0x6e0
[  298.679474][ T8702]  tomoyo_check_open_permission+0x2ab/0x3c0
[  298.679495][ T8702]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  298.679538][ T8702]  ? do_raw_spin_lock+0x12c/0x2b0
[  298.679563][ T8702]  tomoyo_file_open+0x6b/0x90
[  298.679579][ T8702]  security_file_open+0x84/0x1e0
[  298.679603][ T8702]  do_dentry_open+0x596/0x1c10
[  298.679626][ T8702]  vfs_open+0x82/0x3f0
[  298.679648][ T8702]  path_openat+0x1e5e/0x2d40
[  298.679674][ T8702]  ? __pfx_path_openat+0x10/0x10
[  298.679696][ T8702]  do_filp_open+0x20b/0x470
[  298.679712][ T8702]  ? __pfx_do_filp_open+0x10/0x10
[  298.679746][ T8702]  ? alloc_fd+0x471/0x7d0
[  298.679765][ T8702]  do_sys_openat2+0x11b/0x1d0
[  298.679785][ T8702]  ? __pfx_do_sys_openat2+0x10/0x10
[  298.679806][ T8702]  ? __fget_files+0x20e/0x3c0
[  298.679826][ T8702]  __x64_sys_openat+0x174/0x210
[  298.679846][ T8702]  ? __pfx___x64_sys_openat+0x10/0x10
[  298.679864][ T8702]  ? ksys_write+0x1b9/0x240
[  298.679879][ T8702]  ? rcu_is_watching+0x12/0xc0
[  298.679905][ T8702]  do_syscall_64+0xcd/0x260
[  298.679928][ T8702]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.679944][ T8702] RIP: 0033:0x7f65e558d169
[  298.679958][ T8702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  298.679973][ T8702] RSP: 002b:00007f65e6418038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  298.679989][ T8702] RAX: ffffffffffffffda RBX: 00007f65e57a5fa0 RCX: 00007f65e558d169
[  298.680000][ T8702] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  298.680009][ T8702] RBP: 00007f65e6418090 R08: 0000000000000000 R09: 0000000000000000
[  298.680018][ T8702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  298.680028][ T8702] R13: 0000000000000000 R14: 00007f65e57a5fa0 R15: 00007ffd27d16cb8
[  298.680051][ T8702]  </TASK>
[  298.934216][    C1] vkms_vblank_simulate: vblank timer overrun
[  298.996274][ T5873] usb 2-1: USB disconnect, device number 26
[  299.009158][ T8702] ERROR: Out of memory at tomoyo_realpath_from_path.
[  299.013932][ T8706] netlink: 'syz.1.757': attribute type 5 has an invalid length.
[  299.115531][ T8710] pim6reg1: entered promiscuous mode
[  299.125060][ T8706] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  299.134647][ T8710] pim6reg1: entered allmulticast mode
[  299.258576][ T8713] netlink: 16 bytes leftover after parsing attributes in process `syz.4.758'.
[  299.270447][ T8713] netlink: 16 bytes leftover after parsing attributes in process `syz.4.758'.
[  299.381912][ T8717] FAULT_INJECTION: forcing a failure.
[  299.381912][ T8717] name failslab, interval 1, probability 0, space 0, times 0
[  299.434883][ T8717] CPU: 0 UID: 0 PID: 8717 Comm: syz.1.759 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  299.434910][ T8717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  299.434920][ T8717] Call Trace:
[  299.434925][ T8717]  <TASK>
[  299.434932][ T8717]  dump_stack_lvl+0x16c/0x1f0
[  299.434967][ T8717]  should_fail_ex+0x512/0x640
[  299.434985][ T8717]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  299.435005][ T8717]  should_failslab+0xc2/0x120
[  299.435024][ T8717]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  299.435041][ T8717]  ? security_file_alloc+0x34/0x2b0
[  299.435069][ T8717]  security_file_alloc+0x34/0x2b0
[  299.435092][ T8717]  init_file+0x93/0x4c0
[  299.435112][ T8717]  alloc_empty_file+0x73/0x1e0
[  299.435134][ T8717]  dentry_open+0x46/0xd0
[  299.435153][ T8717]  vfs_open_tree+0x732/0x910
[  299.435173][ T8717]  ? __pfx_vfs_open_tree+0x10/0x10
[  299.435189][ T8717]  ? arch_syscall_is_vdso_sigreturn+0xb6/0x230
[  299.435208][ T8717]  ? syscall_user_dispatch+0x78/0x140
[  299.435231][ T8717]  __x64_sys_open_tree+0x84/0x130
[  299.435251][ T8717]  do_syscall_64+0xcd/0x260
[  299.435275][ T8717]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  299.435290][ T8717] RIP: 0033:0x7f88c138d169
[  299.435304][ T8717] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  299.435318][ T8717] RSP: 002b:00007f88c21f1038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ac
[  299.435334][ T8717] RAX: ffffffffffffffda RBX: 00007f88c15a5fa0 RCX: 00007f88c138d169
[  299.435344][ T8717] RDX: 0000000000089901 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  299.435360][ T8717] RBP: 00007f88c21f1090 R08: 0000000000000000 R09: 0000000000000000
[  299.435369][ T8717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  299.435379][ T8717] R13: 0000000000000000 R14: 00007f88c15a5fa0 R15: 00007ffe5f2cbf08
[  299.435401][ T8717]  </TASK>
[  301.201895][ T8723] netlink: 8 bytes leftover after parsing attributes in process `syz.5.762'.
[  301.302661][   T30] audit: type=1400 audit(1743999645.362:502): avc:  denied  { setopt } for  pid=8735 comm="syz.4.764" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  301.354288][ T8738] FAULT_INJECTION: forcing a failure.
[  301.354288][ T8738] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  301.367993][ T8738] CPU: 0 UID: 0 PID: 8738 Comm: syz.4.764 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  301.368016][ T8738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  301.368026][ T8738] Call Trace:
[  301.368032][ T8738]  <TASK>
[  301.368039][ T8738]  dump_stack_lvl+0x16c/0x1f0
[  301.368067][ T8738]  should_fail_ex+0x512/0x640
[  301.368094][ T8738]  should_fail_alloc_page+0xe7/0x130
[  301.368116][ T8738]  prepare_alloc_pages+0x3c2/0x610
[  301.368144][ T8738]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  301.368165][ T8738]  ? find_held_lock+0x2b/0x80
[  301.368189][ T8738]  ? psi_task_switch+0x201/0x8e0
[  301.368216][ T8738]  ? lock_acquire+0x179/0x350
[  301.368232][ T8738]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  301.368253][ T8738]  ? mark_held_locks+0x49/0x80
[  301.368268][ T8738]  ? finish_task_switch.isra.0+0x221/0xc10
[  301.368294][ T8738]  ? rcu_is_watching+0x12/0xc0
[  301.368315][ T8738]  ? trace_sched_exit_tp+0xde/0x130
[  301.368339][ T8738]  ? __schedule+0x1186/0x5de0
[  301.368359][ T8738]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  301.368379][ T8738]  ? policy_nodemask+0xea/0x4e0
[  301.368400][ T8738]  alloc_pages_mpol+0x1fb/0x550
[  301.368420][ T8738]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  301.368439][ T8738]  ? __lock_acquire+0x5ca/0x1ba0
[  301.368459][ T8738]  folio_alloc_mpol_noprof+0x36/0x2f0
[  301.368483][ T8738]  vma_alloc_folio_noprof+0xed/0x1e0
[  301.368504][ T8738]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  301.368528][ T8738]  ? lockdep_hardirqs_on+0x7c/0x110
[  301.368553][ T8738]  do_pte_missing+0x223d/0x3fb0
[  301.368588][ T8738]  __handle_mm_fault+0x103d/0x2a40
[  301.368622][ T8738]  ? __pfx___handle_mm_fault+0x10/0x10
[  301.368645][ T8738]  ? __pte_offset_map_lock+0x155/0x2f0
[  301.368668][ T8738]  ? find_held_lock+0x2b/0x80
[  301.368687][ T8738]  ? find_held_lock+0x2b/0x80
[  301.368723][ T8738]  handle_mm_fault+0x3fe/0xad0
[  301.368752][ T8738]  __get_user_pages+0x771/0x36f0
[  301.368786][ T8738]  ? __pfx___get_user_pages+0x10/0x10
[  301.368809][ T8738]  ? __pfx_down_read_killable+0x10/0x10
[  301.368842][ T8738]  __gup_longterm_locked+0x5e7/0x1850
[  301.368866][ T8738]  ? lockdep_hardirqs_on+0x7c/0x110
[  301.368893][ T8738]  ? __pfx___gup_longterm_locked+0x10/0x10
[  301.368916][ T8738]  ? sanity_check_pinned_pages+0x4b7/0x11e0
[  301.368950][ T8738]  ? sanity_check_pinned_pages+0x4d7/0x11e0
[  301.368974][ T8738]  ? __sanitizer_cov_trace_pc+0x8/0x70
[  301.368993][ T8738]  ? sanity_check_pinned_pages+0x3ac/0x11e0
[  301.369021][ T8738]  gup_fast_fallback+0x183d/0x2650
[  301.369061][ T8738]  ? __pfx_gup_fast_fallback+0x10/0x10
[  301.369094][ T8738]  ? is_valid_gup_args+0xe3/0x1f0
[  301.369116][ T8738]  ? is_valid_gup_args+0xf0/0x1f0
[  301.369141][ T8738]  pin_user_pages_fast+0xa7/0xf0
[  301.369165][ T8738]  ? __pfx_pin_user_pages_fast+0x10/0x10
[  301.369197][ T8738]  io_pin_pages+0xe1/0x1e0
[  301.369219][ T8738]  io_sqe_buffer_register+0x161/0x1d10
[  301.369255][ T8738]  ? __pfx_io_sqe_buffer_register+0x10/0x10
[  301.369273][ T8738]  ? trace_kmalloc+0x2b/0xd0
[  301.369291][ T8738]  ? __kvmalloc_node_noprof+0x296/0x600
[  301.369311][ T8738]  ? iovec_from_user+0xbb/0x140
[  301.369332][ T8738]  io_sqe_buffers_register+0x1f9/0x740
[  301.369360][ T8738]  ? __pfx_io_sqe_buffers_register+0x10/0x10
[  301.369388][ T8738]  ? __pfx___mutex_trylock_common+0x10/0x10
[  301.369409][ T8738]  __io_uring_register+0x22cc/0x2390
[  301.369430][ T8738]  ? trace_contention_end+0xdd/0x130
[  301.369446][ T8738]  ? __pfx___io_uring_register+0x10/0x10
[  301.369465][ T8738]  ? __mutex_lock+0x1ca/0xb90
[  301.369490][ T8738]  ? __x64_sys_io_uring_register+0x159/0x280
[  301.369510][ T8738]  ? __pfx___mutex_lock+0x10/0x10
[  301.369530][ T8738]  ? irqentry_exit+0x3b/0x90
[  301.369558][ T8738]  ? __x64_sys_io_uring_register+0x115/0x280
[  301.369584][ T8738]  __x64_sys_io_uring_register+0x169/0x280
[  301.369608][ T8738]  do_syscall_64+0xcd/0x260
[  301.369632][ T8738]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.369649][ T8738] RIP: 0033:0x7f65e558d169
[  301.369663][ T8738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  301.369679][ T8738] RSP: 002b:00007f65e63f7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[  301.369694][ T8738] RAX: ffffffffffffffda RBX: 00007f65e57a6080 RCX: 00007f65e558d169
[  301.369705][ T8738] RDX: 00002000000002c0 RSI: 0000000000000000 RDI: 000000000000000a
[  301.369713][ T8738] RBP: 00007f65e63f7090 R08: 0000000000000000 R09: 0000000000000000
[  301.369722][ T8738] R10: 100000000000011a R11: 0000000000000246 R12: 0000000000000001
[  301.369731][ T8738] R13: 0000000000000000 R14: 00007f65e57a6080 R15: 00007ffd27d16cb8
[  301.369754][ T8738]  </TASK>
[  302.162301][ T8745] FAULT_INJECTION: forcing a failure.
[  302.162301][ T8745] name failslab, interval 1, probability 0, space 0, times 0
[  302.178932][ T8745] CPU: 1 UID: 0 PID: 8745 Comm: syz.0.765 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  302.178956][ T8745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  302.178965][ T8745] Call Trace:
[  302.178971][ T8745]  <TASK>
[  302.178977][ T8745]  dump_stack_lvl+0x16c/0x1f0
[  302.179003][ T8745]  should_fail_ex+0x512/0x640
[  302.179020][ T8745]  ? fs_reclaim_acquire+0xae/0x150
[  302.179044][ T8745]  should_failslab+0xc2/0x120
[  302.179063][ T8745]  __kmalloc_cache_noprof+0x6a/0x3e0
[  302.179086][ T8745]  ? do_raw_spin_lock+0x12c/0x2b0
[  302.179112][ T8745]  ? inode_doinit_use_xattr+0x54/0x410
[  302.179135][ T8745]  inode_doinit_use_xattr+0x54/0x410
[  302.179157][ T8745]  inode_doinit_with_dentry+0x51e/0x12e0
[  302.179184][ T8745]  ? __pfx_inode_doinit_with_dentry+0x10/0x10
[  302.179214][ T8745]  selinux_d_instantiate+0x26/0x30
[  302.179235][ T8745]  security_d_instantiate+0x142/0x1a0
[  302.179260][ T8745]  d_splice_alias+0x93/0xf80
[  302.179281][ T8745]  ? ovl_lookup+0xd16/0x2270
[  302.179300][ T8745]  ovl_lookup+0xd2e/0x2270
[  302.179325][ T8745]  ? __pfx_ovl_lookup+0x10/0x10
[  302.179341][ T8745]  ? d_alloc_parallel+0x6ae/0x12e0
[  302.179374][ T8745]  ? __pfx_d_alloc_parallel+0x10/0x10
[  302.179402][ T8745]  ? lockdep_init_map_type+0x5c/0x280
[  302.179422][ T8745]  __lookup_slow+0x24e/0x460
[  302.179445][ T8745]  ? __pfx___lookup_slow+0x10/0x10
[  302.179482][ T8745]  ? lookup_fast+0x156/0x610
[  302.179505][ T8745]  walk_component+0x353/0x5b0
[  302.179530][ T8745]  path_lookupat+0x17e/0x780
[  302.179558][ T8745]  filename_lookup+0x224/0x5f0
[  302.179575][ T8745]  ? __pfx_filename_lookup+0x10/0x10
[  302.179610][ T8745]  ? getname_flags.part.0+0x1c2/0x540
[  302.179636][ T8745]  user_path_at+0x3a/0x60
[  302.179651][ T8745]  __x64_sys_utime+0x1c0/0x2c0
[  302.179671][ T8745]  ? __pfx___x64_sys_utime+0x10/0x10
[  302.179688][ T8745]  ? fput+0x70/0xf0
[  302.179707][ T8745]  ? ksys_write+0x1b9/0x240
[  302.179731][ T8745]  do_syscall_64+0xcd/0x260
[  302.179756][ T8745]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.179772][ T8745] RIP: 0033:0x7f6ce838d169
[  302.179786][ T8745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  302.179801][ T8745] RSP: 002b:00007f6ce9175038 EFLAGS: 00000246 ORIG_RAX: 0000000000000084
[  302.179817][ T8745] RAX: ffffffffffffffda RBX: 00007f6ce85a5fa0 RCX: 00007f6ce838d169
[  302.179827][ T8745] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  302.179836][ T8745] RBP: 00007f6ce9175090 R08: 0000000000000000 R09: 0000000000000000
[  302.179845][ T8745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  302.179854][ T8745] R13: 0000000000000000 R14: 00007f6ce85a5fa0 R15: 00007ffffe3db4d8
[  302.179875][ T8745]  </TASK>
[  302.450638][    C1] vkms_vblank_simulate: vblank timer overrun
[  302.506412][ T8745] evm: overlay not supported
[  302.692561][ T8750] bridge1: entered promiscuous mode
[  302.715696][ T8750] bridge1: entered allmulticast mode
[  302.726455][ T8750] team0: Port device bridge1 added
[  302.807016][ T8759] macsec0: entered promiscuous mode
[  302.807651][ T8759] macsec0: entered allmulticast mode
[  302.807679][ T8759] veth1_macvtap: entered allmulticast mode
[  304.549569][    T9] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  304.807876][    T9] usb 5-1: config 0 has no interfaces?
[  304.814606][    T9] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  304.894486][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  304.904433][ T8749] random: crng reseeded on system resumption
[  304.919586][    T9] usb 5-1: Product: syz
[  304.923810][    T9] usb 5-1: Manufacturer: syz
[  304.928506][    T9] usb 5-1: SerialNumber: syz
[  304.960234][    T9] usb 5-1: config 0 descriptor??
[  305.169706][    T9] usb 5-1: USB disconnect, device number 31
[  305.382438][ T8776] netlink: 16 bytes leftover after parsing attributes in process `syz.5.774'.
[  305.887117][ T8782] netlink: 60 bytes leftover after parsing attributes in process `syz.3.776'.
[  306.034289][   T30] audit: type=1400 audit(1743999650.092:503): avc:  denied  { bind } for  pid=8772 comm="syz.1.773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  306.312787][ T8777] ieee802154 phy0 wpan0: encryption failed: -22
[  307.169640][ T8802] [U] 
[  307.172583][ T8802] [U] 
[  307.175242][ T8802] [U] 
[  307.177898][ T8802] [U] 
[  307.198509][ T8802] [U] 
[  307.201244][ T8802] [U] 
[  307.203942][ T8802] [U] 
[  307.206644][ T8802] [U] 
[  307.233095][ T8802] [U] 
[  307.235834][ T8802] [U] 
[  307.238526][ T8802] [U] 
[  307.241219][ T8802] [U] 
[  307.267488][ T8807] tmpfs: Bad value for 'mpol'
[  307.295840][ T8802] [U] 
[  307.298588][ T8802] [U] 
[  307.301277][ T8802] [U] 
[  307.303979][ T8802] [U] 
[  307.316014][ T8802] [U] 
[  307.318750][ T8802] [U] 
[  307.321451][ T8802] [U] 
[  307.324151][ T8802] [U] 
[  307.328142][ T8802] [U] 
[  307.330856][ T8802] [U] 
[  307.333540][ T8802] [U] 
[  307.336229][ T8802] [U] 
[  307.344339][ T8802] [U] 
[  307.347062][ T8802] [U] 
[  307.349759][ T8802] [U] 
[  307.352453][ T8802] [U] 
[  307.355858][ T8802] [U] 
[  307.358562][ T8802] [U] 
[  307.361258][ T8802] [U] 
[  307.363941][ T8802] [U] 
[  307.368920][ T8802] [U] 
[  307.371625][ T8802] [U] 
[  307.374324][ T8802] [U] 
[  307.377017][ T8802] [U] 
[  307.380385][ T8802] [U] 
[  307.383069][ T8802] [U] 
[  307.385731][ T8802] [U] 
[  307.388392][ T8802] [U] 
[  307.392863][ T8802] [U] 
[  307.395558][ T8802] [U] 
[  307.398232][ T8802] [U] 
[  307.400912][ T8802] [U] 
[  307.404332][ T8802] [U] 
[  307.407022][ T8802] [U] 
[  307.409691][ T8802] [U] 
[  307.412361][ T8802] [U] 
[  307.415054][    T9] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  307.415628][ T8802] [U] 
[  307.425293][ T8802] [U] 
[  307.427971][ T8802] [U] 
[  307.430654][ T8802] [U] 
[  307.434122][ T8802] [U] 
[  307.436816][ T8802] [U] 
[  307.439486][ T8802] [U] 
[  307.442180][ T8802] [U] 
[  307.445530][ T8802] [U] 
[  307.448243][ T8802] [U] 
[  307.450935][ T8802] [U] 
[  307.453624][ T8802] [U] 
[  307.457005][ T8802] [U] 
[  307.459712][ T8802] [U] 
[  307.462406][ T8802] [U] 
[  307.465088][ T8802] [U] 
[  307.469796][ T8802] [U] 
[  307.472498][ T8802] [U] 
[  307.475200][ T8802] [U] 
[  307.477876][ T8802] [U] 
[  307.480807][ T8802] [U] 
[  307.483512][ T8802] [U] 
[  307.486172][ T8802] [U] 
[  307.488828][ T8802] [U] 
[  307.491995][ T8802] [U] 
[  307.494696][ T8802] [U] 
[  307.497370][ T8802] [U] 
[  307.500049][ T8802] [U] 
[  307.503098][ T8802] [U] 
[  307.505790][ T8802] [U] 
[  307.508471][ T8802] [U] 
[  307.511160][ T8802] [U] 
[  307.514577][ T8802] [U] 
[  307.517271][ T8802] [U] 
[  307.519930][ T8802] [U] 
[  307.522590][ T8802] [U] 
[  307.528327][ T8802] [U] 
[  307.531020][ T8802] [U] 
[  307.533679][ T8802] [U] 
[  307.536340][ T8802] [U] 
[  307.539216][ T8802] [U] 
[  307.541899][ T8802] [U] 
[  307.544645][ T8802] [U] 
[  307.547316][ T8802] [U] 
[  307.553639][ T8802] [U] 
[  307.556347][ T8802] [U] 
[  307.559032][ T8802] [U] 
[  307.561716][ T8802] [U] 
[  307.566425][ T8802] [U] 
[  307.569102][ T8802] [U] 
[  307.571765][ T8802] [U] 
[  307.574435][ T8802] [U] 
[  307.577410][ T8802] [U] 
[  307.580088][ T8802] [U] 
[  307.582748][ T8802] [U] 
[  307.585414][ T8802] [U] 
[  307.588206][    T9] usb 2-1: Using ep0 maxpacket: 16
[  307.588749][ T8802] [U] 
[  307.594955][    T9] usb 2-1: config index 0 descriptor too short (expected 16456, got 72)
[  307.595982][ T8802] [U] 
[  307.606060][    T9] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  307.607616][ T8802] [U] 
[  307.617150][    T9] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  307.618387][ T8802] [U] 
[  307.626618][ T5874] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  307.629210][    C1] vkms_vblank_simulate: vblank timer overrun
[  307.638763][    T9] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  307.646761][ T8802] [U] 
[  307.653506][ T8802] [U] 
[  307.656176][ T8802] [U] 
[  307.658847][ T8802] [U] 
[  307.661896][    T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  307.672859][ T8802] [U] 
[  307.675571][ T8802] [U] 
[  307.678256][ T8802] [U] 
[  307.680945][ T8802] [U] 
[  307.681852][    T9] usb 2-1: config 0 has no interface number 0
[  307.683868][ T8802] [U] 
[  307.692383][ T8802] [U] 
[  307.695066][ T8802] [U] 
[  307.697759][ T8802] [U] 
[  307.700247][    T9] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  307.700900][ T8802] [U] 
[  307.714102][ T8802] [U] 
[  307.716788][ T8802] [U] 
[  307.719472][ T8802] [U] 
[  307.722843][ T8802] [U] 
[  307.725543][ T8802] [U] 
[  307.728225][ T8802] [U] 
[  307.729716][    T9] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  307.744608][    T9] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  307.755268][ T8801] [U] 
[  307.756480][    T9] usb 2-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  307.785165][    T9] usb 2-1: config 0 interface 125 has no altsetting 0
[  307.792436][    T9] usb 2-1: config 0 interface 125 has no altsetting 2
[  307.803899][    T9] usb 2-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  307.822009][ T5874] usb 6-1: Using ep0 maxpacket: 16
[  307.827495][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.836408][    T9] usb 2-1: Product: syz
[  307.841279][    T9] usb 2-1: Manufacturer: syz
[  307.841532][ T5874] usb 6-1: config index 0 descriptor too short (expected 16456, got 72)
[  307.854939][ T5874] usb 6-1: config 0 has an invalid interface number: 125 but max is 1
[  307.869865][    T9] usb 2-1: SerialNumber: syz
[  307.884481][ T5874] usb 6-1: config 0 has an invalid interface number: 125 but max is 1
[  307.894460][    T9] usb 2-1: config 0 descriptor??
[  307.908646][    T9] usb 2-1: selecting invalid altsetting 2
[  307.934006][ T5874] usb 6-1: config 0 has an invalid interface number: 125 but max is 1
[  307.942810][ T5874] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[  307.951777][ T5874] usb 6-1: config 0 has no interface number 0
[  307.957872][ T5874] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  307.969124][ T5874] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  307.982635][ T5874] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  307.993102][ T5874] usb 6-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  308.006452][ T5874] usb 6-1: config 0 interface 125 has no altsetting 0
[  308.013369][ T5874] usb 6-1: config 0 interface 125 has no altsetting 2
[  308.036019][ T5874] usb 6-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  308.301976][ T5874] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  308.322036][ T5874] usb 6-1: Product: syz
[  308.326748][ T5874] usb 6-1: Manufacturer: syz
[  308.334273][ T5874] usb 6-1: SerialNumber: syz
[  308.340959][ T5874] usb 6-1: config 0 descriptor??
[  308.348297][ T5874] usb 6-1: selecting invalid altsetting 2
[  308.429674][ T5873] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  308.583835][ T5873] usb 4-1: config 0 has no interfaces?
[  308.593109][ T5873] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  308.602276][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  308.610519][ T5873] usb 4-1: Product: syz
[  308.636137][ T5873] usb 4-1: Manufacturer: syz
[  308.640801][ T5873] usb 4-1: SerialNumber: syz
[  308.673569][ T5873] usb 4-1: config 0 descriptor??
[  308.846035][ T8819] random: crng reseeded on system resumption
[  309.020248][    T9] get_1284_register timeout
[  309.024911][    T9] uss720 2-1:0.125: probe with driver uss720 failed with error -5
[  309.024978][    C0] usb 2-1: async_complete: urb error -104
[  309.246753][ T5873] usb 2-1: USB disconnect, device number 27
[  309.400010][    C0] usb 6-1: async_complete: urb error -71
[  309.407353][ T5874] get_1284_register: usb error -71
[  309.412740][ T5874] uss720 6-1:0.125: probe with driver uss720 failed with error -71
[  309.425812][ T5874] usb 6-1: USB disconnect, device number 2
[  311.689864][   T30] audit: type=1400 audit(1743999654.972:504): avc:  denied  { read } for  pid=8836 comm="syz.0.791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  312.147093][   T30] audit: type=1400 audit(1743999655.792:505): avc:  denied  { write } for  pid=8836 comm="syz.0.791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  313.108976][    T9] usb 4-1: USB disconnect, device number 15
[  313.122734][   T30] audit: type=1400 audit(1743999657.182:506): avc:  denied  { mount } for  pid=8842 comm="syz.5.790" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  313.292240][ T8854] ICMPv6: NA: ff:ff:ff:ff:ff:ff advertised our address fe80::aa on syz_tun!
[  313.332311][ T8848] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  314.501351][ T8863] netlink: 8 bytes leftover after parsing attributes in process `syz.0.797'.
[  314.736455][ T8868] netlink: 8 bytes leftover after parsing attributes in process `syz.0.797'.
[  316.807210][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  316.819582][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  317.980390][   T30] audit: type=1400 audit(1743999661.312:507): avc:  denied  { ioctl } for  pid=8892 comm="syz.5.804" path="socket:[22739]" dev="sockfs" ino=22739 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  318.174625][   T30] audit: type=1400 audit(1743999662.192:508): avc:  denied  { ioctl } for  pid=8896 comm="syz.4.805" path="socket:[22432]" dev="sockfs" ino=22432 ioctlcmd=0x89e7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  318.199094][    C1] vkms_vblank_simulate: vblank timer overrun
[  318.455738][   T30] audit: type=1400 audit(1743999662.202:509): avc:  denied  { getopt } for  pid=8896 comm="syz.4.805" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  318.606340][ T8905] netlink: 4 bytes leftover after parsing attributes in process `syz.5.809'.
[  319.065669][ T8913] netlink: 60 bytes leftover after parsing attributes in process `syz.3.808'.
[  319.137153][ T8910] netlink: 60 bytes leftover after parsing attributes in process `syz.1.807'.
[  319.139744][   T30] audit: type=1400 audit(1743999663.192:510): avc:  denied  { bind } for  pid=8914 comm="syz.0.810" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  319.167396][   T30] audit: type=1400 audit(1743999663.192:511): avc:  denied  { listen } for  pid=8914 comm="syz.0.810" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  319.219618][ T5914] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  319.839175][ T5914] usb 5-1: config 0 has no interfaces?
[  319.877621][ T8926] FAULT_INJECTION: forcing a failure.
[  319.877621][ T8926] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  319.892346][ T8926] CPU: 0 UID: 0 PID: 8926 Comm: syz.3.813 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  319.892369][ T8926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  319.892379][ T8926] Call Trace:
[  319.892385][ T8926]  <TASK>
[  319.892391][ T8926]  dump_stack_lvl+0x16c/0x1f0
[  319.892419][ T8926]  should_fail_ex+0x512/0x640
[  319.892439][ T8926]  _copy_to_user+0x32/0xd0
[  319.892461][ T8926]  simple_read_from_buffer+0xcb/0x170
[  319.892489][ T8926]  proc_fail_nth_read+0x197/0x270
[  319.892515][ T8926]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  319.892542][ T8926]  ? rw_verify_area+0xcf/0x680
[  319.892562][ T8926]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  319.892587][ T8926]  vfs_read+0x1de/0xc70
[  319.892614][ T8926]  ? __pfx___mutex_lock+0x10/0x10
[  319.892638][ T8926]  ? __pfx_vfs_read+0x10/0x10
[  319.892669][ T8926]  ? __fget_files+0x20e/0x3c0
[  319.892691][ T8926]  ksys_read+0x12a/0x240
[  319.892705][ T8926]  ? __pfx_ksys_read+0x10/0x10
[  319.892717][ T8926]  ? rcu_is_watching+0x12/0xc0
[  319.892745][ T8926]  do_syscall_64+0xcd/0x260
[  319.892769][ T8926]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  319.892786][ T8926] RIP: 0033:0x7fa21ab8bb7c
[  319.892801][ T8926] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  319.892817][ T8926] RSP: 002b:00007fa21bab9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  319.892839][ T8926] RAX: ffffffffffffffda RBX: 00007fa21ada5fa0 RCX: 00007fa21ab8bb7c
[  319.892849][ T8926] RDX: 000000000000000f RSI: 00007fa21bab90a0 RDI: 0000000000000004
[  319.892857][ T8926] RBP: 00007fa21bab9090 R08: 0000000000000000 R09: 0000000000000000
[  319.892866][ T8926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  319.892875][ T8926] R13: 0000000000000000 R14: 00007fa21ada5fa0 R15: 00007ffd68909668
[  319.892898][ T8926]  </TASK>
[  320.092713][ T8924] xt_l2tp: v2 doesn't support IP mode
[  320.130260][   T30] audit: type=1400 audit(1743999664.182:512): avc:  denied  { write } for  pid=8927 comm="syz.5.814" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  320.160661][ T5914] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  320.227556][ T5914] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  320.244005][ T8928] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  320.251578][ T8928] IPv6: NLM_F_CREATE should be set when creating new route
[  320.258803][ T8928] IPv6: NLM_F_CREATE should be set when creating new route
[  320.297583][ T5914] usb 5-1: Product: syz
[  320.305013][ T5914] usb 5-1: Manufacturer: syz
[  320.310058][ T5914] usb 5-1: SerialNumber: syz
[  320.316128][ T5914] usb 5-1: config 0 descriptor??
[  320.393868][   T10] libceph: connect (1)[c::]:6789 error -101
[  320.402107][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  320.412433][   T10] libceph: connect (1)[c::]:6789 error -101
[  320.418938][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  320.434084][ T8939] netlink: 'syz.3.817': attribute type 2 has an invalid length.
[  320.529560][ T5912] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  320.680002][ T5912] usb 6-1: Using ep0 maxpacket: 32
[  320.681269][   T10] libceph: connect (1)[c::]:6789 error -101
[  320.694727][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  320.697508][ T5912] usb 6-1: config 0 has an invalid interface number: 12 but max is 0
[  320.709986][ T5912] usb 6-1: config 0 has no interface number 0
[  320.716285][ T5912] usb 6-1: config 0 interface 12 has no altsetting 0
[  320.725649][ T5912] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  320.734738][ T5912] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  320.742838][ T5912] usb 6-1: Product: syz
[  320.747058][ T5912] usb 6-1: Manufacturer: syz
[  320.805989][ T5912] usb 6-1: SerialNumber: syz
[  320.823595][ T5912] usb 6-1: config 0 descriptor??
[  321.201718][ T8936] ceph: No mds server is up or the cluster is laggy
[  321.213653][   T10] libceph: connect (1)[c::]:6789 error -101
[  321.220854][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  322.069913][   T10] usb 5-1: USB disconnect, device number 32
[  322.801650][ T8960] netlink: 60 bytes leftover after parsing attributes in process `syz.1.822'.
[  323.993249][ T8979] ICMPv6: NA: ff:ff:ff:ff:ff:ff advertised our address fe80::aa on syz_tun!
[  324.097745][ T8981] netlink: 8 bytes leftover after parsing attributes in process `syz.4.826'.
[  324.309853][ T5874] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  324.406572][ T5912] f81534 6-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  324.419581][ T5912] f81534 6-1:0.12: f81534_find_config_idx: read failed: -71
[  324.427723][ T5912] f81534 6-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  324.436365][ T5912] f81534 6-1:0.12: probe with driver f81534 failed with error -71
[  324.453409][ T5912] usb 6-1: USB disconnect, device number 3
[  324.559696][ T5874] usb 2-1: Using ep0 maxpacket: 16
[  324.568562][ T5874] usb 2-1: config index 0 descriptor too short (expected 16456, got 72)
[  324.577032][ T5874] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  324.585346][ T5874] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  324.594849][ T5874] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  324.603072][ T5874] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  324.620288][ T5874] usb 2-1: config 0 has no interface number 0
[  324.626525][ T5874] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  324.659549][ T5874] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  324.680115][ T5874] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  324.690306][ T5874] usb 2-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  324.703730][ T5874] usb 2-1: config 0 interface 125 has no altsetting 0
[  324.710792][ T5874] usb 2-1: config 0 interface 125 has no altsetting 2
[  324.719637][   T52] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  324.720992][ T5874] usb 2-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  324.736690][ T5874] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  324.745586][ T5874] usb 2-1: Product: syz
[  324.750774][ T5874] usb 2-1: Manufacturer: syz
[  324.755373][ T5874] usb 2-1: SerialNumber: syz
[  324.764999][ T5874] usb 2-1: config 0 descriptor??
[  324.775792][ T5874] usb 2-1: selecting invalid altsetting 2
[  324.892814][   T52] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  324.910308][   T52] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  324.929735][   T52] usb 5-1: Product: syz
[  324.933927][   T52] usb 5-1: Manufacturer: syz
[  324.935794][ T8990] netlink: 16 bytes leftover after parsing attributes in process `syz.0.829'.
[  324.945303][   T52] usb 5-1: SerialNumber: syz
[  324.980885][   T52] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  325.006924][ T5911] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  325.472417][ T9000] netlink: 16 bytes leftover after parsing attributes in process `syz.0.830'.
[  325.860942][ T5874] get_1284_register timeout
[  325.866630][ T5874] uss720 2-1:0.125: probe with driver uss720 failed with error -5
[  325.866694][    C0] usb 2-1: async_complete: urb error -104
[  325.866823][    C0] usb 2-1: async_complete: urb error -104
[  325.904697][   T10] usb 5-1: USB disconnect, device number 33
[  326.525601][ T5911] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  326.570156][ T5911] ath9k_htc: Failed to initialize the device
[  326.799773][   T10] usb 5-1: ath9k_htc: USB layer deinitialized
[  327.924134][   T52] usb 2-1: USB disconnect, device number 28
[  327.949838][ T9028] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  327.967391][   T30] audit: type=1400 audit(1743999672.012:513): avc:  denied  { mounton } for  pid=9027 comm="syz.0.837" path="/163/file0" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1
[  328.232025][   T30] audit: type=1400 audit(1743999672.182:514): avc:  denied  { watch watch_reads } for  pid=9027 comm="syz.0.837" path="/163/file0" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1
[  329.911843][ T9042] ICMPv6: NA: ff:ff:ff:ff:ff:ff advertised our address fe80::aa on syz_tun!
[  330.830071][ T9055] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  331.149170][ T9058] x_tables: duplicate underflow at hook 3
[  331.225061][ T5914] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  331.292043][   T30] audit: type=1400 audit(1743999675.342:515): avc:  denied  { accept } for  pid=9057 comm="syz.5.846" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  331.311250][    C1] vkms_vblank_simulate: vblank timer overrun
[  331.529610][ T5914] usb 5-1: Using ep0 maxpacket: 8
[  331.545179][ T5914] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  331.558833][ T5914] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  331.909704][ T5914] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  332.000192][ T5914] usb 5-1: config 0 descriptor??
[  332.011068][ T5914] iowarrior 5-1:0.0: no interrupt-in endpoint found
[  332.281962][   T30] audit: type=1400 audit(1743999676.322:516): avc:  denied  { read } for  pid=9073 comm="syz.5.850" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  332.314762][   T30] audit: type=1400 audit(1743999676.322:517): avc:  denied  { open } for  pid=9073 comm="syz.5.850" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  332.393827][   T30] audit: type=1400 audit(1743999676.342:518): avc:  denied  { map } for  pid=9073 comm="syz.5.850" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  332.393870][   T30] audit: type=1400 audit(1743999676.342:519): avc:  denied  { execute } for  pid=9073 comm="syz.5.850" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  332.564342][    C1] vkms_vblank_simulate: vblank timer overrun
[  332.566797][ T9082] random: crng reseeded on system resumption
[  332.742242][ T9086] fuse: Bad value for 'fd'
[  333.407119][   T30] audit: type=1400 audit(1743999677.462:520): avc:  denied  { setcheckreqprot } for  pid=9093 comm="syz.3.855" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  333.427469][    C1] vkms_vblank_simulate: vblank timer overrun
[  333.517095][   T30] audit: type=1400 audit(1743999677.492:521): avc:  denied  { open } for  pid=9093 comm="syz.3.855" path="/dev/ptyqb" dev="devtmpfs" ino=130 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  333.541031][ T5914] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  333.804862][   T30] audit: type=1400 audit(1743999677.642:522): avc:  denied  { ioctl } for  pid=9093 comm="syz.3.855" path="/dev/ptyqb" dev="devtmpfs" ino=130 ioctlcmd=0x5438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  333.829729][    C1] vkms_vblank_simulate: vblank timer overrun
[  333.861302][ T5914] usb 6-1: config index 0 descriptor too short (expected 23569, got 27)
[  333.878522][ T5914] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  333.972300][ T5914] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  333.984091][ T5914] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  333.997734][ T5914] usb 6-1: Manufacturer: syz
[  335.056846][   T52] usb 5-1: USB disconnect, device number 34
[  335.111741][ T5914] usb 6-1: config 0 descriptor??
[  335.504135][ T9121] netlink: 16 bytes leftover after parsing attributes in process `syz.0.859'.
[  336.499519][ T5914] rc_core: IR keymap rc-hauppauge not found
[  336.505487][ T5914] Registered IR keymap rc-empty
[  336.688808][ T5914] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[  337.135905][ T9132] netlink: 16 bytes leftover after parsing attributes in process `syz.0.861'.
[  338.064252][ T5914] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input7
[  338.149386][ T9136] ICMPv6: NA: ff:ff:ff:ff:ff:ff advertised our address fe80::aa on syz_tun!
[  338.289746][   T30] audit: type=1400 audit(1743999682.342:523): avc:  denied  { read } for  pid=5182 comm="acpid" name="event4" dev="devtmpfs" ino=2992 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  338.312165][    C1] vkms_vblank_simulate: vblank timer overrun
[  338.318327][   T30] audit: type=1400 audit(1743999682.342:524): avc:  denied  { open } for  pid=5182 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2992 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  338.367504][ T5914] usb 6-1: USB disconnect, device number 4
[  338.497909][   T30] audit: type=1400 audit(1743999682.342:525): avc:  denied  { ioctl } for  pid=5182 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2992 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  338.859534][   T52] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  338.928545][   T30] audit: type=1400 audit(1743999682.982:526): avc:  denied  { allowed } for  pid=9147 comm="syz.4.865" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  339.053499][   T52] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  339.113981][   T52] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  339.153260][   T52] usb 4-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  339.180592][   T52] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.204977][   T52] usb 4-1: config 0 descriptor??
[  339.224150][ T9156] ubi: mtd0 is already attached to ubi31
[  339.239225][ T9156] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  339.248493][   T12] Bluetooth: hci2: Frame reassembly failed (-84)
[  339.432061][   T30] audit: type=1400 audit(1743999683.492:527): avc:  denied  { setattr } for  pid=9142 comm="syz.3.866" name="HCI" dev="sockfs" ino=24036 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  340.627305][   T52] usbhid 4-1:0.0: can't add hid device: -71
[  340.633422][   T52] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  340.661656][   T52] usb 4-1: USB disconnect, device number 16
[  341.145375][ T9173] netlink: 60 bytes leftover after parsing attributes in process `syz.5.871'.
[  341.260093][ T5833] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  341.567947][ T9177] ubi: mtd0 is already attached to ubi31
[  341.729915][ T9177] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  342.798485][ T5911] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  343.494126][ T5911] usb 2-1: Using ep0 maxpacket: 16
[  343.505883][ T5911] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  343.558021][ T5911] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87
[  343.587155][ T5911] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 152, changing to 11
[  343.618397][ T5911] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 8285, setting to 1024
[  343.643808][ T5911] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  343.713323][ T5911] usb 2-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  343.725768][ T5911] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  343.734256][ T5911] usb 2-1: Product: syz
[  343.738410][ T5911] usb 2-1: Manufacturer: syz
[  343.747064][ T5911] usb 2-1: SerialNumber: syz
[  343.753899][ T5911] usb 2-1: config 0 descriptor??
[  343.824793][ T5825] Bluetooth: hci2: command 0x1003 tx timeout
[  343.829808][ T5833] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  343.982664][ T5911] appledisplay 2-1:0.0: Error while getting initial brightness: -90
[  343.997936][ T5911] appledisplay 2-1:0.0: probe with driver appledisplay failed with error -90
[  344.023870][ T9200] netlink: 8 bytes leftover after parsing attributes in process `syz.5.879'.
[  344.197571][ T9209] ubi: mtd0 is already attached to ubi31
[  344.210917][ T5911] usb 2-1: USB disconnect, device number 29
[  344.216938][ T9209] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  344.241675][   T13] Bluetooth: hci2: Frame reassembly failed (-84)
[  344.616297][ T9213] netlink: 16 bytes leftover after parsing attributes in process `syz.3.881'.
[  346.300035][ T5833] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  346.303647][ T5825] Bluetooth: hci2: command 0x1003 tx timeout
[  348.349188][ T9250] netlink: 8 bytes leftover after parsing attributes in process `syz.5.893'.
[  348.622027][ T5833] Bluetooth: hci0: command 0x080f tx timeout
[  348.630111][ T5825] Bluetooth: hci0: Opcode 0x206a failed: -110
[  348.645099][    T9] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  350.098139][    T9] usb 5-1: Using ep0 maxpacket: 16
[  351.856085][    T9] usb 5-1: device descriptor read/all, error -71
[  352.416734][ T9289] ubi: mtd0 is already attached to ubi31
[  352.627308][ T9293] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  352.634504][   T12] Bluetooth: hci2: Frame reassembly failed (-84)
[  352.758107][ T9295] netlink: 8 bytes leftover after parsing attributes in process `syz.1.905'.
[  353.128636][ T9300] netlink: 16 bytes leftover after parsing attributes in process `syz.1.906'.
[  353.979973][ T5138] Bluetooth: hci5: command 0x206a tx timeout
[  353.985985][ T5833] Bluetooth: hci5: Opcode 0x206a failed: -110
[  354.752068][ T5833] Bluetooth: hci2: command 0x1003 tx timeout
[  354.758830][ T5825] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  355.336332][ T9318] block device autoloading is deprecated and will be removed.
[  356.147584][ T9336] ubi: mtd0 is already attached to ubi31
[  356.174198][ T5939] Bluetooth: hci2: Frame reassembly failed (-84)
[  356.181759][ T9336] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  356.471289][ T9347] netlink: 16 bytes leftover after parsing attributes in process `syz.4.917'.
[  356.481792][ T9347] netlink: 16 bytes leftover after parsing attributes in process `syz.4.917'.
[  357.679798][ T5138] Bluetooth: hci5: command 0x206a tx timeout
[  357.685901][ T5833] Bluetooth: hci5: Opcode 0x206a failed: -110
[  358.093175][ T9354] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  358.329682][ T5825] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  358.649572][ T5873] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  358.657244][ T5911] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  358.814104][ T5873] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  358.829813][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  358.838079][ T5873] usb 4-1: Product: syz
[  358.928276][ T5873] usb 4-1: Manufacturer: syz
[  358.933085][ T5873] usb 4-1: SerialNumber: syz
[  358.959116][ T5873] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  358.968711][ T5911] usb 5-1: config 0 has no interfaces?
[  359.065051][ T9373] netlink: 16 bytes leftover after parsing attributes in process `syz.0.926'.
[  360.196254][   T52] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  360.215711][ T5911] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  360.244465][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  360.258344][ T5911] usb 5-1: Product: syz
[  360.284223][ T5911] usb 5-1: Manufacturer: syz
[  360.291077][ T5911] usb 5-1: SerialNumber: syz
[  360.348789][ T5911] usb 5-1: config 0 descriptor??
[  360.637192][    T9] usb 4-1: USB disconnect, device number 17
[  360.962448][ T5911] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  361.139488][ T5911] usb 6-1: Using ep0 maxpacket: 16
[  361.252508][ T5911] usb 6-1: config index 0 descriptor too short (expected 16456, got 72)
[  361.263806][   T52] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  361.300694][   T52] ath9k_htc: Failed to initialize the device
[  361.310221][ T5911] usb 6-1: config 0 has an invalid interface number: 125 but max is 1
[  361.328965][    T9] usb 4-1: ath9k_htc: USB layer deinitialized
[  361.333670][ T5911] usb 6-1: config 0 has an invalid interface number: 125 but max is 1
[  361.354787][ T5911] usb 6-1: config 0 has an invalid interface number: 125 but max is 1
[  361.370056][ T5911] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[  361.381156][ T5911] usb 6-1: config 0 has no interface number 0
[  361.387404][ T5911] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  361.400660][ T5911] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  361.650424][ T5911] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  361.660681][ T5911] usb 6-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  361.675035][ T5911] usb 6-1: config 0 interface 125 has no altsetting 0
[  361.682072][ T5911] usb 6-1: config 0 interface 125 has no altsetting 2
[  361.693317][ T5911] usb 6-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  361.702747][ T5911] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.711759][ T5911] usb 6-1: Product: syz
[  361.716410][ T5911] usb 6-1: Manufacturer: syz
[  361.722516][ T5911] usb 6-1: SerialNumber: syz
[  361.728521][ T5911] usb 6-1: config 0 descriptor??
[  361.736537][ T5911] usb 6-1: selecting invalid altsetting 2
[  361.797064][ T9397] ubi: mtd0 is already attached to ubi31
[  361.811852][ T9397] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  361.819013][   T12] Bluetooth: hci2: Frame reassembly failed (-84)
[  362.395557][ T5873] usb 5-1: USB disconnect, device number 37
[  362.639509][ T9409] netlink: 16 bytes leftover after parsing attributes in process `syz.1.936'.
[  362.792670][ T5911] get_1284_register timeout
[  362.914024][    C1] usb 6-1: async_complete: urb error -104
[  362.923090][ T5911] uss720 6-1:0.125: probe with driver uss720 failed with error -5
[  363.937329][ T5825] Bluetooth: hci2: command 0x1003 tx timeout
[  363.944458][ T5833] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  364.090963][ T9412] overlayfs: overlapping lowerdir path
[  364.577347][ T9419] netlink: 60 bytes leftover after parsing attributes in process `syz.0.939'.
[  364.867537][ T5904] usb 6-1: USB disconnect, device number 5
[  368.470467][ T9458] ubi: mtd0 is already attached to ubi31
[  368.482581][ T9458] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  368.498234][ T6263] Bluetooth: hci2: Frame reassembly failed (-84)
[  368.908266][ T9469] random: crng reseeded on system resumption
[  369.393442][ T9476] netlink: 60 bytes leftover after parsing attributes in process `syz.1.953'.
[  369.955829][ T9481] netlink: 60 bytes leftover after parsing attributes in process `syz.3.954'.
[  370.486898][   T30] audit: type=1400 audit(1743999714.542:528): avc:  denied  { create } for  pid=9487 comm="syz.3.956" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  370.550169][ T5825] Bluetooth: hci2: command 0x1003 tx timeout
[  370.557047][ T5833] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  371.206687][   T30] audit: type=1400 audit(1743999715.262:529): avc:  denied  { ioctl } for  pid=9494 comm="syz.5.958" path="mnt:[4026532803]" dev="nsfs" ino=4026532803 ioctlcmd=0x940c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  371.231211][    C1] vkms_vblank_simulate: vblank timer overrun
[  371.276758][   T30] audit: type=1400 audit(1743999715.302:530): avc:  denied  { mount } for  pid=9494 comm="syz.5.958" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  371.311963][   T30] audit: type=1400 audit(1743999715.302:531): avc:  denied  { mounton } for  pid=9494 comm="syz.5.958" path="/44/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  373.364519][   T30] audit: type=1400 audit(1743999717.262:532): avc:  denied  { mount } for  pid=9514 comm="syz.1.963" name="/" dev="configfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  373.614570][ T9525] netlink: 60 bytes leftover after parsing attributes in process `syz.3.964'.
[  373.733797][   T30] audit: type=1400 audit(1743999717.572:533): avc:  denied  { ioctl } for  pid=9514 comm="syz.1.963" path="socket:[25767]" dev="sockfs" ino=25767 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  373.758310][    C1] vkms_vblank_simulate: vblank timer overrun
[  373.859259][   T30] audit: type=1400 audit(1743999717.912:534): avc:  denied  { unmount } for  pid=8585 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  378.142072][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  378.148413][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  382.549050][ T9626] netlink: 60 bytes leftover after parsing attributes in process `syz.1.988'.
[  383.588460][ T9647] ubi: mtd0 is already attached to ubi31
[  383.702187][ T9647] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  383.716275][ T5939] Bluetooth: hci2: Frame reassembly failed (-84)
[  383.890954][ T9650] overlayfs: failed to resolve './file1': -2
[  385.739684][ T5825] Bluetooth: hci2: command 0x1003 tx timeout
[  385.814747][ T5833] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  388.504308][ T9690] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  388.851520][ T9688] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1007'.
[  391.749271][ T9708] overlayfs: failed to resolve './file1': -2
[  394.742532][ T9735] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1021'.
[  394.779000][ T9736] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1018'.
[  395.222768][   T30] audit: type=1400 audit(1743999739.282:535): avc:  denied  { write } for  pid=9750 comm="syz.4.1023" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  395.279564][ T5911] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  395.442793][ T5911] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  395.499607][ T5911] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  395.514364][ T5911] usb 2-1: Product: syz
[  395.518699][ T5911] usb 2-1: Manufacturer: syz
[  395.529777][ T5911] usb 2-1: SerialNumber: syz
[  395.568444][ T5911] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  395.668492][   T52] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  396.126088][ T5911] usb 2-1: USB disconnect, device number 30
[  396.780159][   T52] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  396.794466][   T52] ath9k_htc: Failed to initialize the device
[  396.807634][ T5911] usb 2-1: ath9k_htc: USB layer deinitialized
[  396.958389][ T9775] ubi: mtd0 is already attached to ubi31
[  397.138275][ T9775] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  397.233499][   T12] Bluetooth: hci2: Frame reassembly failed (-84)
[  397.249996][   T12] Bluetooth: hci2: Frame reassembly failed (-84)
[  397.563293][ T9779] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  399.259659][ T5833] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  399.509632][ T9793] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1034'.
[  401.659535][   T52] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  402.262795][   T52] usb 5-1: device descriptor read/64, error -71
[  402.521354][   T52] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  402.682310][ T5904] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  402.699733][   T52] usb 5-1: device descriptor read/64, error -71
[  402.757786][ T9837] ubi: mtd0 is already attached to ubi31
[  402.832058][   T52] usb usb5-port1: attempt power cycle
[  402.880719][   T30] audit: type=1400 audit(1743999746.932:536): avc:  denied  { map } for  pid=9830 comm="syz.5.1044" path="socket:[27235]" dev="sockfs" ino=27235 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  402.891920][ T9837] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  402.939960][ T5904] usb 2-1: Using ep0 maxpacket: 16
[  402.994237][ T5904] usb 2-1: config index 0 descriptor too short (expected 16456, got 72)
[  403.002760][   T12] Bluetooth: hci2: Frame reassembly failed (-84)
[  403.076017][ T5904] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  403.106886][ T5904] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  403.129557][ T5904] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  403.147673][ T5904] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  403.165282][ T5904] usb 2-1: config 0 has no interface number 0
[  403.219523][   T52] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  403.264479][ T5904] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  403.277819][ T5904] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  403.290188][ T5904] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  403.301800][ T5904] usb 2-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  403.377692][ T9843] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1047'.
[  403.698378][ T5904] usb 2-1: config 0 interface 125 has no altsetting 0
[  403.705293][ T5904] usb 2-1: config 0 interface 125 has no altsetting 2
[  403.721513][   T52] usb 5-1: device descriptor read/8, error -71
[  403.736840][ T5904] usb 2-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  403.753996][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.768491][ T5904] usb 2-1: Product: syz
[  403.804362][ T5904] usb 2-1: Manufacturer: syz
[  403.811173][ T9849] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  403.854143][ T5904] usb 2-1: SerialNumber: syz
[  403.868858][ T5904] usb 2-1: config 0 descriptor??
[  403.881460][ T5904] usb 2-1: selecting invalid altsetting 2
[  403.989650][   T52] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  404.031812][   T52] usb 5-1: device descriptor read/8, error -71
[  404.140284][   T52] usb usb5-port1: unable to enumerate USB device
[  404.475772][ T9858] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1049'.
[  404.939594][ T5833] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  404.941476][ T5904] get_1284_register timeout
[  404.959266][    C0] usb 2-1: async_complete: urb error -104
[  404.966212][ T5904] uss720 2-1:0.125: probe with driver uss720 failed with error -5
[  405.219597][ T5874] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  405.439859][ T5874] usb 5-1: Using ep0 maxpacket: 16
[  405.501737][ T5874] usb 5-1: config index 0 descriptor too short (expected 16456, got 72)
[  405.579859][ T5874] usb 5-1: config 0 has an invalid interface number: 125 but max is 1
[  405.666673][ T5874] usb 5-1: config 0 has an invalid interface number: 125 but max is 1
[  405.686873][ T5874] usb 5-1: config 0 has an invalid interface number: 125 but max is 1
[  405.707686][ T5874] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  405.744964][ T5874] usb 5-1: config 0 has no interface number 0
[  405.778244][ T5874] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  405.841030][ T5874] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  405.863898][ T5874] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  405.868895][   T52] usb 2-1: USB disconnect, device number 31
[  405.908180][ T5874] usb 5-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  406.179530][ T5874] usb 5-1: config 0 interface 125 has no altsetting 0
[  406.196561][ T5874] usb 5-1: config 0 interface 125 has no altsetting 2
[  406.208664][ T5874] usb 5-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  406.228075][ T5874] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  406.248313][ T5874] usb 5-1: Product: syz
[  406.252890][ T5874] usb 5-1: Manufacturer: syz
[  406.302012][ T5874] usb 5-1: SerialNumber: syz
[  406.332909][ T5874] usb 5-1: config 0 descriptor??
[  406.479197][ T5874] usb 5-1: selecting invalid altsetting 2
[  406.623840][ T9890] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1057'.
[  407.847522][ T9898] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1059'.
[  408.195324][ T5874] get_1284_register timeout
[  408.224751][ T5874] uss720 5-1:0.125: probe with driver uss720 failed with error -5
[  408.232770][    C0] usb 5-1: async_complete: urb error -104
[  408.748232][ T5874] usb 5-1: USB disconnect, device number 42
[  408.814742][ T9902] FAULT_INJECTION: forcing a failure.
[  408.814742][ T9902] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  409.163043][ T9902] CPU: 1 UID: 0 PID: 9902 Comm: syz.5.1062 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  409.163067][ T9902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  409.163075][ T9902] Call Trace:
[  409.163080][ T9902]  <TASK>
[  409.163084][ T9902]  dump_stack_lvl+0x16c/0x1f0
[  409.163102][ T9902]  should_fail_ex+0x512/0x640
[  409.163116][ T9902]  _copy_from_user+0x2e/0xd0
[  409.163128][ T9902]  mfill_atomic_copy+0xff7/0x1c20
[  409.163145][ T9902]  ? find_held_lock+0x2b/0x80
[  409.163158][ T9902]  ? __might_fault+0xe3/0x190
[  409.163169][ T9902]  ? __pfx_mfill_atomic_copy+0x10/0x10
[  409.163185][ T9902]  userfaultfd_ioctl+0x20bb/0x3890
[  409.163202][ T9902]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  409.163215][ T9902]  ? ioctl_has_perm.constprop.0.isra.0+0x2f4/0x450
[  409.163231][ T9902]  ? ioctl_has_perm.constprop.0.isra.0+0x2fe/0x450
[  409.163252][ T9902]  ? hook_file_ioctl_common+0x145/0x410
[  409.163266][ T9902]  ? selinux_file_ioctl+0x180/0x270
[  409.163280][ T9902]  ? selinux_file_ioctl+0xb4/0x270
[  409.163295][ T9902]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  409.163309][ T9902]  ? __x64_sys_ioctl+0x190/0x200
[  409.163323][ T9902]  __x64_sys_ioctl+0x190/0x200
[  409.163337][ T9902]  do_syscall_64+0xcd/0x260
[  409.163352][ T9902]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  409.163362][ T9902] RIP: 0033:0x7f6da1f8d169
[  409.163371][ T9902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  409.163381][ T9902] RSP: 002b:00007f6da2e73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  409.163391][ T9902] RAX: ffffffffffffffda RBX: 00007f6da21a5fa0 RCX: 00007f6da1f8d169
[  409.163397][ T9902] RDX: 0000200000000040 RSI: 00000000c028aa03 RDI: 0000000000000006
[  409.163403][ T9902] RBP: 00007f6da2e73090 R08: 0000000000000000 R09: 0000000000000000
[  409.163409][ T9902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  409.163415][ T9902] R13: 0000000000000000 R14: 00007f6da21a5fa0 R15: 00007ffff4cfd148
[  409.163427][ T9902]  </TASK>
[  409.370259][    C1] vkms_vblank_simulate: vblank timer overrun
[  411.584259][ T5825] Bluetooth: hci5: command 0x206a tx timeout
[  414.822781][ T9970] FAULT_INJECTION: forcing a failure.
[  414.822781][ T9970] name failslab, interval 1, probability 0, space 0, times 0
[  414.822843][ T9970] CPU: 0 UID: 0 PID: 9970 Comm: syz.3.1078 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  414.822864][ T9970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  414.822874][ T9970] Call Trace:
[  414.822880][ T9970]  <TASK>
[  414.822887][ T9970]  dump_stack_lvl+0x16c/0x1f0
[  414.822913][ T9970]  should_fail_ex+0x512/0x640
[  414.822934][ T9970]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  414.822956][ T9970]  should_failslab+0xc2/0x120
[  414.822975][ T9970]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  414.822992][ T9970]  ? security_file_alloc+0x34/0x2b0
[  414.823021][ T9970]  security_file_alloc+0x34/0x2b0
[  414.823044][ T9970]  init_file+0x93/0x4c0
[  414.823064][ T9970]  alloc_empty_file+0x73/0x1e0
[  414.823085][ T9970]  alloc_file_pseudo+0x13a/0x230
[  414.823107][ T9970]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  414.823129][ T9970]  ? alloc_fd+0x471/0x7d0
[  414.823149][ T9970]  __anon_inode_getfile+0xf7/0x370
[  414.823172][ T9970]  anon_inode_getfile_fmode+0x37/0xa0
[  414.823191][ T9970]  __do_sys_fanotify_init+0x8e3/0xb80
[  414.823217][ T9970]  do_syscall_64+0xcd/0x260
[  414.823241][ T9970]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.823257][ T9970] RIP: 0033:0x7fa21ab8d169
[  414.823270][ T9970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  414.823285][ T9970] RSP: 002b:00007fa21ba77038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c
[  414.823301][ T9970] RAX: ffffffffffffffda RBX: 00007fa21ada6160 RCX: 00007fa21ab8d169
[  414.823311][ T9970] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000f00
[  414.823320][ T9970] RBP: 00007fa21ba77090 R08: 0000000000000000 R09: 0000000000000000
[  414.823329][ T9970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  414.823338][ T9970] R13: 0000000000000000 R14: 00007fa21ada6160 R15: 00007ffd68909668
[  414.823360][ T9970]  </TASK>
[  415.425648][ T9971] random: crng reseeded on system resumption
[  417.170899][   T30] audit: type=1326 audit(1743999761.222:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9998 comm="syz.4.1088" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f65e558d169 code=0x0
[  417.193671][    C1] vkms_vblank_simulate: vblank timer overrun
[  418.225509][ T5874] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  418.772716][ T5874] usb 4-1: New USB device found, idVendor=10d6, idProduct=2200, bcdDevice= 0.02
[  418.788600][ T5874] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  418.816658][ T5874] usb 4-1: SerialNumber: syz
[  418.863546][ T5874] usb 4-1: config 0 descriptor??
[  419.173886][   T30] audit: type=1400 audit(1743999763.202:538): avc:  denied  { create } for  pid=10016 comm="syz.5.1093" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:fusefs_t tclass=chr_file permissive=1
[  420.177941][   T30] audit: type=1400 audit(1743999764.232:539): avc:  denied  { write } for  pid=10026 comm="syz.4.1097" path="socket:[27964]" dev="sockfs" ino=27964 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  420.352158][ T5874] usb 4-1: USB disconnect, device number 18
[  420.485161][   T30] audit: type=1400 audit(1743999764.542:540): avc:  denied  { bind } for  pid=10036 comm="syz.1.1100" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  420.505156][    C1] vkms_vblank_simulate: vblank timer overrun
[  420.535254][T10039] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1100'.
[  420.666415][T10022] syz.3.1084 (10022) used greatest stack depth: 21208 bytes left
[  420.674377][   T30] audit: type=1400 audit(1743999764.622:541): avc:  denied  { name_bind } for  pid=10040 comm="syz.3.1102" src=65530 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=rawip_socket permissive=1
[  420.780893][T10053] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1107'.
[  422.200639][T10082] netlink: 6 bytes leftover after parsing attributes in process `syz.3.1116'.
[  422.466853][   T30] audit: type=1400 audit(1743999766.412:542): avc:  denied  { create } for  pid=10071 comm="syz.1.1115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  423.643366][T10108] overlayfs: failed to resolve './file0': -2
[  424.434455][T10113] overlayfs: failed to resolve './file0': -2
[  425.135428][   T30] audit: type=1326 audit(1743999769.192:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10123 comm="syz.1.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88c138d169 code=0x7ffc0000
[  425.175578][   T30] audit: type=1326 audit(1743999769.212:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10123 comm="syz.1.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88c138d169 code=0x7ffc0000
[  425.223308][   T30] audit: type=1326 audit(1743999769.212:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10123 comm="syz.1.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=106 compat=0 ip=0x7f88c138d169 code=0x7ffc0000
[  425.282080][   T30] audit: type=1326 audit(1743999769.212:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10123 comm="syz.1.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88c138d169 code=0x7ffc0000
[  425.309207][   T30] audit: type=1326 audit(1743999769.212:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10123 comm="syz.1.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88c138d169 code=0x7ffc0000
[  425.335813][   T30] audit: type=1326 audit(1743999769.212:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10123 comm="syz.1.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f88c138d169 code=0x7ffc0000
[  425.455422][   T30] audit: type=1326 audit(1743999769.212:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10123 comm="syz.1.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88c138d169 code=0x7ffc0000
[  425.481668][   T30] audit: type=1326 audit(1743999769.212:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10123 comm="syz.1.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88c138d169 code=0x7ffc0000
[  425.981780][   T30] audit: type=1400 audit(1743999770.042:551): avc:  denied  { read } for  pid=10146 comm="syz.4.1142" name="file0" dev="tmpfs" ino=1190 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  426.422002][T10154] xt_hashlimit: max too large, truncated to 1048576
[  428.227643][T10160] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1146'.
[  428.514843][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  428.514859][   T30] audit: type=1326 audit(1743999772.572:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10173 comm="syz.0.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce838d169 code=0x7ffc0000
[  428.548303][   T30] audit: type=1326 audit(1743999772.572:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10173 comm="syz.0.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f6ce838d169 code=0x7ffc0000
[  428.571636][    C1] vkms_vblank_simulate: vblank timer overrun
[  428.581922][   T30] audit: type=1326 audit(1743999772.572:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10173 comm="syz.0.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce838d169 code=0x7ffc0000
[  428.605296][    C1] vkms_vblank_simulate: vblank timer overrun
[  428.627465][   T30] audit: type=1326 audit(1743999772.572:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10173 comm="syz.0.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce838d169 code=0x7ffc0000
[  428.935666][   T30] audit: type=1326 audit(1743999772.572:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10173 comm="syz.0.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7f6ce838d169 code=0x7ffc0000
[  428.959033][    C1] vkms_vblank_simulate: vblank timer overrun
[  429.006535][   T30] audit: type=1326 audit(1743999772.572:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10173 comm="syz.0.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce838d169 code=0x7ffc0000
[  429.033243][   T30] audit: type=1326 audit(1743999772.572:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10173 comm="syz.0.1152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce838d169 code=0x7ffc0000
[  429.102105][   T30] audit: type=1326 audit(1743999773.152:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10187 comm="syz.0.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce838d169 code=0x7ffc0000
[  429.128118][   T30] audit: type=1326 audit(1743999773.152:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10187 comm="syz.0.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce838d169 code=0x7ffc0000
[  429.154905][   T30] audit: type=1326 audit(1743999773.182:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10187 comm="syz.0.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f6ce838d169 code=0x7ffc0000
[  430.524308][T10210] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1165'.
[  430.538435][T10210] dummy0: entered promiscuous mode
[  430.545352][T10210] macsec1: entered promiscuous mode
[  430.669321][T10207] fuse: root generation should be zero
[  433.522225][T10245] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10245 comm=syz.0.1172
[  434.868893][   T30] kauditd_printk_skb: 33 callbacks suppressed
[  434.868907][   T30] audit: type=1400 audit(1743999778.922:596): avc:  denied  { bind } for  pid=10261 comm="syz.5.1180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  434.929515][   T30] audit: type=1400 audit(1743999778.962:597): avc:  denied  { setopt } for  pid=10261 comm="syz.5.1180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  435.014867][T10259] overlayfs: failed to resolve './file0': -2
[  435.294155][   T30] audit: type=1400 audit(1743999779.352:598): avc:  denied  { write } for  pid=10260 comm="syz.1.1179" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  435.338440][   T30] audit: type=1400 audit(1743999779.352:599): avc:  denied  { read } for  pid=10260 comm="syz.1.1179" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  435.648128][   T30] audit: type=1400 audit(1743999779.702:600): avc:  denied  { write } for  pid=10274 comm="syz.3.1185" path="socket:[28399]" dev="sockfs" ino=28399 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  435.672517][    C1] vkms_vblank_simulate: vblank timer overrun
[  435.965070][   T30] audit: type=1400 audit(1743999779.702:601): avc:  denied  { nlmsg_read } for  pid=10274 comm="syz.3.1185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  436.226114][   T30] audit: type=1326 audit(1743999780.282:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10293 comm="syz.1.1191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88c138d169 code=0x7ffc0000
[  436.252874][   T30] audit: type=1326 audit(1743999780.282:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10293 comm="syz.1.1191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88c138d169 code=0x7ffc0000
[  437.227150][   T30] audit: type=1326 audit(1743999780.312:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10293 comm="syz.1.1191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7f88c138d169 code=0x7ffc0000
[  437.299388][T10303] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10303 comm=syz.5.1193
[  437.446096][T10311] xt_hashlimit: size too large, truncated to 1048576
[  438.082253][T10317] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=10317 comm=syz.4.1195
[  438.340235][   T30] audit: type=1326 audit(1743999782.382:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10318 comm="syz.1.1196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88c138d169 code=0x7ffc0000
[  439.508333][T10330] SELinux: failed to load policy
[  439.583698][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  439.590131][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  439.653095][T10332] loop7: detected capacity change from 0 to 16384
[  440.646410][T10332] I/O error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 4 prio class 0
[  440.657460][T10332] Buffer I/O error on dev loop7, logical block 0, lost async page write
[  440.668249][T10332] Buffer I/O error on dev loop7, logical block 1, lost async page write
[  440.676701][T10332] Buffer I/O error on dev loop7, logical block 2, lost async page write
[  440.687332][T10332] Buffer I/O error on dev loop7, logical block 3, lost async page write
[  442.789655][   T31] INFO: task kworker/u8:4:70 blocked for more than 143 seconds.
[  442.798058][   T31]       Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0
[  442.882330][T10419] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1220'.
[  443.326006][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  443.377865][   T31] task:kworker/u8:4    state:D stack:23512 pid:70    tgid:70    ppid:2      task_flags:0x4208060 flags:0x00004000
[  443.496305][   T31] Workqueue: netns cleanup_net
[  443.506698][   T31] Call Trace:
[  443.510280][   T31]  <TASK>
[  443.513481][   T31]  __schedule+0x116f/0x5de0
[  443.518226][   T31]  ? __lock_acquire+0x5ca/0x1ba0
[  443.523472][   T31]  ? __pfx___schedule+0x10/0x10
[  443.528821][   T31]  ? find_held_lock+0x2b/0x80
[  443.533958][   T31]  ? schedule+0x2d7/0x3a0
[  443.538358][   T31]  schedule+0xe7/0x3a0
[  443.542894][   T31]  afs_cell_purge+0x41f/0x4f0
[  443.547671][   T31]  ? __try_to_del_timer_sync+0x115/0x170
[  443.554469][   T31]  ? __pfx_afs_cell_purge+0x10/0x10
[  443.560011][   T31]  ? __pfx_var_wake_function+0x10/0x10
[  443.565633][   T31]  ? __timer_delete_sync+0x108/0x1b0
[  443.571452][   T31]  ? __pfx_afs_net_exit+0x10/0x10
[  443.576673][   T31]  afs_net_exit+0x83/0x140
[  443.581631][   T31]  ops_exit_list+0xb0/0x180
[  443.586198][   T31]  cleanup_net+0x5c1/0xb30
[  443.591118][   T31]  ? __pfx_cleanup_net+0x10/0x10
[  443.596152][   T31]  ? rcu_is_watching+0x12/0xc0
[  443.601398][   T31]  process_one_work+0x9cc/0x1b70
[  443.606443][   T31]  ? __pfx_netdevice_event_work_handler+0x10/0x10
[  443.613435][   T31]  ? __pfx_process_one_work+0x10/0x10
[  443.618916][   T31]  ? assign_work+0x1a0/0x250
[  443.623968][   T31]  worker_thread+0x6c8/0xf10
[  443.628632][   T31]  ? __pfx_worker_thread+0x10/0x10
[  443.634336][   T31]  kthread+0x3c2/0x780
[  443.638467][   T31]  ? __pfx_kthread+0x10/0x10
[  443.643448][   T31]  ? __pfx_kthread+0x10/0x10
[  443.649363][   T31]  ? __pfx_kthread+0x10/0x10
[  443.655451][   T31]  ? __pfx_kthread+0x10/0x10
[  443.660588][   T31]  ? rcu_is_watching+0x12/0xc0
[  443.665388][   T31]  ? __pfx_kthread+0x10/0x10
[  443.670228][   T31]  ret_from_fork+0x45/0x80
[  443.674698][   T31]  ? __pfx_kthread+0x10/0x10
[  443.679321][   T31]  ret_from_fork_asm+0x1a/0x30
[  443.684201][   T31]  </TASK>
[  443.687399][   T31] 
[  443.687399][   T31] Showing all locks held in the system:
[  444.338549][   T31] 1 lock held by khungtaskd/31:
[  444.343974][   T31]  #0: ffffffff8e3c1580 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  444.353917][   T31] 3 locks held by kworker/u8:4/70:
[  444.359019][   T31]  #0: ffff88801c2f3948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  444.374429][   T31]  #1: ffffc90001567d18 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  444.389624][   T31]  #2: ffffffff90115ed0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xc9/0xb30
[  444.398995][   T31] 2 locks held by getty/5588:
[  444.431162][   T31]  #0: ffff88803781a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  444.441252][   T31]  #1: ffffc900033532f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  444.451621][   T31] 1 lock held by syz-executor/8585:
[  444.456853][   T31]  #0: ffffffff8e3ccab8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0
[  444.467046][   T31] 
[  444.469392][   T31] =============================================
[  444.469392][   T31] 
[  444.479254][   T31] NMI backtrace for cpu 1
[  444.479267][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  444.479287][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  444.479296][   T31] Call Trace:
[  444.479302][   T31]  <TASK>
[  444.479309][   T31]  dump_stack_lvl+0x116/0x1f0
[  444.479335][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  444.479351][   T31]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[  444.479371][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  444.479389][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  444.479408][   T31]  watchdog+0xf70/0x12c0
[  444.479434][   T31]  ? __pfx_watchdog+0x10/0x10
[  444.479447][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  444.479468][   T31]  ? __kthread_parkme+0x19e/0x250
[  444.479493][   T31]  ? __pfx_watchdog+0x10/0x10
[  444.479509][   T31]  kthread+0x3c2/0x780
[  444.479526][   T31]  ? __pfx_kthread+0x10/0x10
[  444.479540][   T31]  ? __pfx_kthread+0x10/0x10
[  444.479555][   T31]  ? __pfx_kthread+0x10/0x10
[  444.479570][   T31]  ? __pfx_kthread+0x10/0x10
[  444.479585][   T31]  ? rcu_is_watching+0x12/0xc0
[  444.479606][   T31]  ? __pfx_kthread+0x10/0x10
[  444.479622][   T31]  ret_from_fork+0x45/0x80
[  444.479638][   T31]  ? __pfx_kthread+0x10/0x10
[  444.479654][   T31]  ret_from_fork_asm+0x1a/0x30
[  444.479688][   T31]  </TASK>
[  444.610557][    C1] vkms_vblank_simulate: vblank timer overrun
[  444.618275][   T31] Sending NMI from CPU 1 to CPUs 0:
[  444.624356][    C0] NMI backtrace for cpu 0
[  444.624372][    C0] CPU: 0 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  444.624389][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  444.624398][    C0] Workqueue: events_unbound cfg80211_wiphy_work
[  444.624420][    C0] RIP: 0010:__kasan_check_byte+0x4/0x50
[  444.624436][    C0] Code: 8d 42 ff 48 89 c3 e9 89 fe ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 <41> 54 49 89 f4 55 48 89 fd 53 e8 0d 1f 00 00 89 c3 84 c0 74 0b 89
[  444.624448][    C0] RSP: 0018:ffffc90000bf7940 EFLAGS: 00000202
[  444.624458][    C0] RAX: 0000000000000001 RBX: ffff88807b74dc58 RCX: 0000000000000000
[  444.624466][    C0] RDX: 0000000000000000 RSI: ffffffff8b74c883 RDI: ffff88807b74dc58
[  444.624474][    C0] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[  444.624481][    C0] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001
[  444.624489][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  444.624496][    C0] FS:  0000000000000000(0000) GS:ffff8881249b3000(0000) knlGS:0000000000000000
[  444.624509][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  444.624517][    C0] CR2: 00007f6da2179178 CR3: 000000000e182000 CR4: 00000000003526f0
[  444.624525][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  444.624532][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  444.624539][    C0] Call Trace:
[  444.624543][    C0]  <TASK>
[  444.624547][    C0]  lock_acquire+0xfc/0x350
[  444.624563][    C0]  _raw_spin_lock_bh+0x33/0x40
[  444.624577][    C0]  ? ieee80211_ibss_work+0x153/0x1480
[  444.624591][    C0]  ieee80211_ibss_work+0x153/0x1480
[  444.624605][    C0]  ? __pfx_ieee80211_ibss_work+0x10/0x10
[  444.624617][    C0]  ? __lock_acquire+0xaa4/0x1ba0
[  444.624632][    C0]  ? do_raw_spin_lock+0x12c/0x2b0
[  444.624645][    C0]  ? find_held_lock+0x2b/0x80
[  444.624660][    C0]  ? mark_held_locks+0x49/0x80
[  444.624671][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  444.624684][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  444.624699][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  444.624715][    C0]  ieee80211_iface_work+0xcee/0x1020
[  444.624729][    C0]  ? rcu_is_watching+0x12/0xc0
[  444.624745][    C0]  cfg80211_wiphy_work+0x3dc/0x550
[  444.624764][    C0]  process_one_work+0x9cc/0x1b70
[  444.624781][    C0]  ? __pfx_batadv_iv_send_outstanding_bat_ogm_packet+0x10/0x10
[  444.624797][    C0]  ? __pfx_process_one_work+0x10/0x10
[  444.624814][    C0]  ? assign_work+0x1a0/0x250
[  444.624827][    C0]  worker_thread+0x6c8/0xf10
[  444.624845][    C0]  ? __pfx_worker_thread+0x10/0x10
[  444.624858][    C0]  kthread+0x3c2/0x780
[  444.624870][    C0]  ? __pfx_kthread+0x10/0x10
[  444.624881][    C0]  ? __pfx_kthread+0x10/0x10
[  444.624892][    C0]  ? __pfx_kthread+0x10/0x10
[  444.624903][    C0]  ? __pfx_kthread+0x10/0x10
[  444.624914][    C0]  ? rcu_is_watching+0x12/0xc0
[  444.624928][    C0]  ? __pfx_kthread+0x10/0x10
[  444.624940][    C0]  ret_from_fork+0x45/0x80
[  444.624953][    C0]  ? __pfx_kthread+0x10/0x10
[  444.624965][    C0]  ret_from_fork_asm+0x1a/0x30
[  444.624987][    C0]  </TASK>
[  444.630534][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  444.630548][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.14.0-syzkaller-13546-g16cd1c265776 #0 PREEMPT(full) 
[  444.630565][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  444.630574][   T31] Call Trace:
[  444.630579][   T31]  <TASK>
[  444.630585][   T31]  dump_stack_lvl+0x3d/0x1f0
[  444.630607][   T31]  panic+0x71c/0x800
[  444.630623][   T31]  ? __pfx_panic+0x10/0x10
[  444.630635][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  444.630653][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  444.630668][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  444.630684][   T31]  ? watchdog+0xdda/0x12c0
[  444.630699][   T31]  ? watchdog+0xdcd/0x12c0
[  444.630715][   T31]  watchdog+0xdeb/0x12c0
[  444.630733][   T31]  ? __pfx_watchdog+0x10/0x10
[  444.630746][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  444.630765][   T31]  ? __kthread_parkme+0x19e/0x250
[  444.630786][   T31]  ? __pfx_watchdog+0x10/0x10
[  444.630800][   T31]  kthread+0x3c2/0x780
[  444.630815][   T31]  ? __pfx_kthread+0x10/0x10
[  444.630827][   T31]  ? __pfx_kthread+0x10/0x10
[  444.630840][   T31]  ? __pfx_kthread+0x10/0x10
[  444.630853][   T31]  ? __pfx_kthread+0x10/0x10
[  444.630866][   T31]  ? rcu_is_watching+0x12/0xc0
[  444.630885][   T31]  ? __pfx_kthread+0x10/0x10
[  444.630900][   T31]  ret_from_fork+0x45/0x80
[  444.630914][   T31]  ? __pfx_kthread+0x10/0x10
[  444.630928][   T31]  ret_from_fork_asm+0x1a/0x30
[  444.630958][   T31]  </TASK>
[  445.078225][   T31] Kernel Offset: disabled
[  445.082524][   T31] Rebooting in 86400 seconds..