last executing test programs:

31m34.041329433s ago: executing program 3 (id=478):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2)
ioctl$UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f0000000100)={0x1, 0x2, [{0xffffffffffffffff, 0x0, 0x100000000, 0x1802000}, {0xffffffffffffffff, 0x0, 0x8000, 0x100000000}]})
sendmmsg$inet6(r0, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000000380)="31ca3b95ece2591e110b5c6111a94df23a197f895512db9e86adb68216e44a330e6830578d4cadc8733a9986ffb35f4c0510e75c2e7ca04f6799dd28f201088a28e683812f9499b4cf53367d282f9271333678c2e9dd16c95fecc6f465a39897bf4cb419c8bbaa9199506754b0a15cd73741358d9d03594d4b633b81028411186fb6ae210b8f3fa992be726a871031bf0972d0", 0x93}, {&(0x7f0000000440)="12137a3f734ca8b0ab9aff5ac77668f7aad0c9a2c224f3a492dba4e2f1192b83c8299b198825aacf188864b1d70dcb50778ed965253716193603bd9514ca4026bd2e43d02507cdb287ad34ea74cf61f55a69e258b957311d68522d2c2fc4b485aa825f4f318077102152aeb4de9c747c930510d1ffb2185008b5751f8390fee9032ef1ec5729802a264203d60cdd641348b977bc0b3fe3ed3625ee1ab4e40caee02f828c21e6f98b61839595649dadb93692a31e50955fa2213c9eebc3e576f7c12847ff9e16b8b8e6d15b9e2c19e29595a8fcd07e38ed0e56113ecae7953de0b67839ccf6bda07675393fe0cca3a89760949dc7f928dd277bc325cc333ea8bb927c8a1cfc61d1f819880435090ad61943df227626bd492250b1d87fcf1ac510efe48ba351f4e8d828b3b7a5c77cd8a0907ad5f5114eba6c4f6478ad68d1465a70fc3ec2c23e20b269f40b5ff2cc0be3e21fcca4d691ce541271b126473f63ce883e32536fc8db9ce99f24f18de7c9a5244abb6fa68588348c1d88cfae378005072604a2830f4cc6cf3238c334a0fc5994713fc9e333e07791f1febc03941d9ac2e2166ba4040a831f90e4c1cfd1d8904130fd42e01f499b11201fdcedcf3f6fdf86e881224aaca2355306da81afc8cf16d333a460afc005aa21ebdb27822cbe341c55b353951d384264796e2175e2eba929b2d252f571ffc37a49263dfa2049e6c82e7af0eb2ae5b1a4a9a94d63d3416f62cfc09a2490646a4dbe7cf8f2e7ece2a3cbe96a8b60e1ba0ffe8c9997d670a28934f3f8029544af60f4ec33658031eddbde107614d2cc84bf1b26ce7460860303bbb02d494f52727266dbc381c81ef75d5f3ff17f4179ef12cc789cb0360e9e51e1f578626c6e788d82150ab96b92cec06344955154a1bdf0cf60dd7a88f894e18b2ad9992983ca8dc84c8d75c6b988d84164d1b1e56725c6dc728b648a7803a53bcfc2d62272d54cbc138683578313a0802ec2582f6bedbfd5fd78624cd275ef58e7343b9ab458ab72896a7f98cbfd07bf8bcde0dae748aef7f8b88c957477abd961f23782535d307f2e532d23c31a2bb6d3b94c81d3825810adc4eab456dc8ae77f104f8d4b2250906c8fc35a946ab7616ed752dd7736c5ebeb96db887d95de734a22579ab7f2f8dae622d6788ce8db552ab198790b7def41c18fdcfce0c68aa3d839543b4e8faa8b4f65772ff2028d20b711ff4269da76a86fe59a9a0bfd1ad385fd3aa2922bc7929b9262c026f22af533e9603b95212f334991e359fb0da4b574934fbda405359e383123d4f9f4d2a44d68fa4c9277d5edbb189959a9d9547d18f5a006f7d9d6ed23b2ee3212b736f8aa979e730b12f93e4afa4f297ccdcf1026b44b8cbc89768f8334f96854f87992dbf780016ae7906ea62a67d92d3c3dd1a3beae586cd8466afb8dd62757568d177d66fdbaa2e442f24e002bbe64f3186e97f303e792f3a235fe7d035993ddc40b09c9bcf2c39e282b111b579370679d5bc21d9757879822a0136dc299bc9aeb91c7df408fdc1b6c67fc5b04c221b69aaea72022983c85c6157ebbaf26e3a9f50593c4633aedf33953d9b238b99f55d24ebadca263acb799f3a062cd867daec9033e115d1c5ca129542b3368d263af271ded357fa4ebf5161c66af121447d7ebb52c88661c4164215c6dac92a9d7fcb083d197b84dbf04deb1b03ce0b8500638946e98371af50aa54e8ad4e8fdd164982b700c040ceb99940f490365e1f83c3013a57708", 0x4e6}], 0x2}}], 0x1, 0x4000c000)
sendto$inet6(r0, &(0x7f0000000300), 0x48, 0x0, 0x0, 0xfffffffffffffdfd)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
ioctl$KDGKBMODE(r2, 0x4b44, &(0x7f0000000040))

31m33.970226302s ago: executing program 3 (id=479):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000480), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r4=>0x0})
sendmsg$FOU_CMD_ADD(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x2c, r3, 0x1, 0x70bd2d, 0x0, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast1}, @FOU_ATTR_TYPE={0x5, 0x4, 0x1}, @FOU_ATTR_IFINDEX={0x8, 0xb, r4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20048091}, 0x0)
sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x1c, r3, 0x209, 0x0, 0x0, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x2}]}, 0x1c}}, 0x0)
syz_emit_ethernet(0x6e, &(0x7f0000000640)={@multicast, @remote, @void, {@ipv6={0x86dd, @dccp_packet={0x0, 0x6, "f91e2e", 0x38, 0x3c, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[@dstopts={0x67}], {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "716a01", 0x0, "cc1978"}, "bfea6d397a22f47c03ede36a57180aecd805cf6e90c2c85be9a93a117ded01ce"}}}}}}, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000000)={'vlan0\x00', @random="010000201000"})

31m32.406399516s ago: executing program 3 (id=487):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x28, 0x2, 0x6, 0x5, 0x0, 0x0, {0x5, 0x0, 0xa}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}}, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000cfc000/0x2000)=nil, 0x2000, 0x17)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000b00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000d5000000000000000000"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000020001801000020646c2100000000002020007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='block_rq_requeue\x00', r4}, 0x3a)
sendmsg$nl_route_sched(r1, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newtaction={0x98, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x84, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4, 0xa}, {0xc}, {0xc}}}, @m_mpls={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
r5 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_mtu(r5, 0x29, 0x17, &(0x7f00000000c0), 0x4)
sendto$inet6(r5, 0x0, 0x0, 0x200c0884, &(0x7f0000000200)={0xa, 0x4e22, 0xfffffffc, @dev={0xfe, 0x80, '\x00', 0x44}}, 0x1c)
r6 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$SG_IO(r7, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x40002, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0})
sendto$inet6(r7, &(0x7f0000000440)="c7cfcaaa22e10542fca5c0195350f15147db82ea9a7bf812187190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f487a0c8ecc2a835a358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473c40e94f253c9621fac33b88bf2d01559bb658e343257b90f233b81bc5c000000000000342502582217ab8bf380834170ad2a02da3a5695a5d4f4fe75b612b69cb5969a1eea349ec54871e436b6c6510715c4c05be3603b078afbc68c39972a1309226ff9d0ab19d9ecfdedb735d596acc06a9ed8edd398be8fdf8850764e4227f1d99cd2d0b3e8fd38920ebc432aef884eea3e8a45aab7c4a8e172f99c5eca416a9f56e30ae5da5ae1a375730699ae38aed456297ce084890b430b542f580be30e9927e30bbf7d2e696fc9ac83cf1a704f8a1787386986d6", 0x186, 0x24004841, 0x0, 0x0)
sendto$inet6(r5, 0x0, 0x5b, 0x0, 0x0, 0xfffffffffffffc42)
r8 = gettid()
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r9, 0x4040534e, &(0x7f0000000080)={0x2b9, @time})
tkill(r8, 0x7)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r9, 0x80045301, 0x0)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x4, 0xffffffff}, @const={0x0, 0x0, 0x0, 0x2}, @func_proto={0x2, 0x0, 0x0, 0x12, 0x2}, @var={0x2, 0x0, 0x0, 0xe, 0x3}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x54, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)

31m29.095197138s ago: executing program 3 (id=496):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x5ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r1=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000080)={0x7, 0x8, 0xfa00, {r1, 0x10000}}, 0x10)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0)=0x10, r1, 0x0, 0x1, 0x4}}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xe, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(0xffffffffffffffff, 0xc2604110, &(0x7f00000001c0)={0x0, [[0x8003], [0x0, 0x100001], [0x91, 0x0, 0x7fffffff]]})
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000240), 0x57)

31m28.981247298s ago: executing program 3 (id=498):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0)
fsetxattr$security_capability(r1, &(0x7f0000000000), &(0x7f0000000040)=@v1={0x1000000, [{0x7, 0x4}]}, 0xc, 0x3)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000080)={0x1, 0x0, &(0x7f0000000000/0x4000)=nil})
creat(&(0x7f0000000040)='./bus\x00', 0x0)
io_setup(0x200, &(0x7f0000000140))
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmmsg$inet_sctp(r3, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000562000), 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="200000000000008400000002000000000041020002000000000000a4f83fce2f26784d41c1122326896ba83e5fd0346f6cac543a0b7a", @ANYRES32=0x0], 0x20}], 0x1, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000000000404c054b0200000000000109022400010000000009040000010300000009210000000000000409058103"], 0x0)

31m24.554911496s ago: executing program 3 (id=514):
socket(0x80000000000000a, 0x2, 0x0) (async)
r0 = socket(0x80000000000000a, 0x2, 0x0)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000000)={'netdevsim0\x00', 0x101})
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0)
write$dsp(r1, &(0x7f0000002000)='`', 0x88020) (async)
write$dsp(r1, &(0x7f0000002000)='`', 0x88020)
r2 = syz_io_uring_setup(0x284, &(0x7f0000000000)={0x0, 0xbc7c, 0x20, 0x2, 0xcc}, &(0x7f0000000080), &(0x7f0000000100))
syz_io_uring_setup(0x144f, &(0x7f0000000140)={0x0, 0x6e11, 0x0, 0x2, 0x10c, 0x0, r2}, &(0x7f00000001c0), &(0x7f0000000200))
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000440)={&(0x7f0000000380)=""/151, 0x8000, 0x1800, 0x1, 0x1}, 0x20) (async)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000440)={&(0x7f0000000380)=""/151, 0x8000, 0x1800, 0x1, 0x1}, 0x20)
write$binfmt_script(r3, &(0x7f0000000040), 0x4)
r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r4, 0x80045104, &(0x7f0000000000))
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r3, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000240)={0x0, @in6={{0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x7}}, 0xe, 0x2, 0x4, 0x7ff, 0x40, 0x4, 0x90}, &(0x7f0000000300)=0x9c) (async)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000240)={<r5=>0x0, @in6={{0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x7}}, 0xe, 0x2, 0x4, 0x7ff, 0x40, 0x4, 0x90}, &(0x7f0000000300)=0x9c)
setsockopt$inet_sctp_SCTP_RESET_ASSOC(r3, 0x84, 0x78, &(0x7f0000000340)=r5, 0x4)

31m8.969949155s ago: executing program 32 (id=514):
socket(0x80000000000000a, 0x2, 0x0) (async)
r0 = socket(0x80000000000000a, 0x2, 0x0)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000000)={'netdevsim0\x00', 0x101})
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0)
write$dsp(r1, &(0x7f0000002000)='`', 0x88020) (async)
write$dsp(r1, &(0x7f0000002000)='`', 0x88020)
r2 = syz_io_uring_setup(0x284, &(0x7f0000000000)={0x0, 0xbc7c, 0x20, 0x2, 0xcc}, &(0x7f0000000080), &(0x7f0000000100))
syz_io_uring_setup(0x144f, &(0x7f0000000140)={0x0, 0x6e11, 0x0, 0x2, 0x10c, 0x0, r2}, &(0x7f00000001c0), &(0x7f0000000200))
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000440)={&(0x7f0000000380)=""/151, 0x8000, 0x1800, 0x1, 0x1}, 0x20) (async)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000440)={&(0x7f0000000380)=""/151, 0x8000, 0x1800, 0x1, 0x1}, 0x20)
write$binfmt_script(r3, &(0x7f0000000040), 0x4)
r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r4, 0x80045104, &(0x7f0000000000))
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r3, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000240)={0x0, @in6={{0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x7}}, 0xe, 0x2, 0x4, 0x7ff, 0x40, 0x4, 0x90}, &(0x7f0000000300)=0x9c) (async)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000240)={<r5=>0x0, @in6={{0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x7}}, 0xe, 0x2, 0x4, 0x7ff, 0x40, 0x4, 0x90}, &(0x7f0000000300)=0x9c)
setsockopt$inet_sctp_SCTP_RESET_ASSOC(r3, 0x84, 0x78, &(0x7f0000000340)=r5, 0x4)

29m35.2203904s ago: executing program 1 (id=879):
r0 = socket$packet(0x11, 0x2, 0x300)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f000000a400)={0x2020, 0x0, <r2=>0x0}, 0x2020)
syz_fuse_handle_req(r1, &(0x7f0000008400)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9474a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d806b2ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0x0, {0x3, 0x0, 0x4000000000, 0x7fffffff, 0x0, 0x0, {0x0, 0x1, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4, 0x6000, 0x0, 0x0, 0x0, 0x800}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x28, 0x2, 0x1030, 0x4, 0x0, 0xfffffffc}}, 0x50)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x4842, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r3=>0x0})
socket$inet_smc(0x2b, 0x1, 0x0)
r4 = getpid()
syz_pidfd_open(r4, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_udp(0x2, 0x2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
pselect6(0x40, &(0x7f0000000600), 0x0, &(0x7f0000000680)={0x7ff}, 0x0, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$KDSIGACCEPT(0xffffffffffffffff, 0x4b4e, 0xe)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
r9 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r9, 0x1, 0x28, &(0x7f00000000c0)=0xffe3, 0x4)
sendmsg$nl_xfrm(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@allocspi={0x120, 0x16, 0x1, 0x0, 0x0, {{{@in=@broadcast, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@private0, 0x0, 0x32}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x0, 0xd1}, [@address_filter={0x28, 0x1a, {@in=@rand_addr=0x64010102, @in=@dev={0xac, 0x14, 0x14, 0x16}, 0x2, 0x6, 0x7}}]}, 0x120}}, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x1, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {}, {}, {0xc, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x20044010)

29m32.582137518s ago: executing program 1 (id=889):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40080000000008b}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20004000)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x4000)=nil)
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4004, 0x5)
socket$nl_route(0x10, 0x3, 0x0)
r1 = landlock_create_ruleset(&(0x7f00000000c0)={0x4302}, 0x18, 0x0)
landlock_restrict_self(r1, 0x0)
landlock_restrict_self(r1, 0x0)
r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
add_key$user(&(0x7f0000000200), &(0x7f0000000580)={'syz', 0x3}, &(0x7f0000000400)="f4", 0x1, 0xfffffffffffffffe)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x39}, 0x4}, 0x1c)

29m31.53936885s ago: executing program 1 (id=892):
r0 = io_uring_setup(0x26ce, &(0x7f0000000100))
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x59})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
close(r2)
r3 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000380)='stat\x00')
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmmsg$alg(r5, &(0x7f0000001a80)=[{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000240)="6f8b7647", 0x4}], 0x1, 0x0, 0x0, 0x4008850}], 0x1, 0x8880)
sendmsg$AUDIT_TTY_SET(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0x40081}, 0x4004040)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r6, &(0x7f0000000140)=ANY=[], 0xff2e)

29m28.733208154s ago: executing program 1 (id=903):
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = getpgrp(0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000ec0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_CMP_DATA={0x4}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x24}, @NFTA_CMP_OP={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc4}}, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
setsockopt$SO_BINDTODEVICE_wg(r1, 0x1, 0x19, &(0x7f0000000500)='wg1\x00', 0x4)
r3 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81000e224e217f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71006000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
r4 = syz_open_procfs(r0, &(0x7f0000000100)='mountinfo\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r7, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r7, @ANYBLOB=',privport,access=', @ANYRESOCT=r8])
statfs(&(0x7f0000000280)='./file0\x00', 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x40000, 0x0)
preadv(r4, &(0x7f0000000280)=[{&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/169, 0xa9}, {&(0x7f0000000440)=""/169, 0xa9}], 0x3, 0x0, 0x0)

29m27.95689961s ago: executing program 1 (id=905):
syz_usb_connect$uac1(0x3, 0xb3, &(0x7f0000000000)=ANY=[@ANYBLOB="12011001000000206b1d01014000010203010902a10003010940810904000000010100000a240100040002010208240804010080350904010000010200000904010101010200000b2402010b0303bc8be6d10924020203000000f8"], 0x0)
socketpair(0x1, 0x80001, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000005c0)={'ip_vti0\x00', &(0x7f0000000040)={'syztnl0\x00', 0x0, 0x0, 0x7, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x400, 0x0, 0x0, 0x4, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}}}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000100)={'ip6_vti0\x00', 0x0, 0x0, 0x0, 0x9, 0xc, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x40, 0x0, 0x80}})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r3}, 0x10)
r4 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ip_tables_targets\x00')
preadv(r4, &(0x7f0000000480)=[{&(0x7f00000001c0)=""/158, 0x9e}], 0x1, 0x2, 0x0)
r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_X86_SETUP_MCE(r6, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x4})
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000009502"])
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCSIFBR(r7, 0x890c, &(0x7f0000000000)=@generic={0x0, 0x2})
r8 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000000c0)={'lo\x00', <r10=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@bridge_newneigh={0x34, 0x1c, 0x5, 0x0, 0x0, {0x2, 0x0, 0x0, r10, 0x10}, [@NDA_DST_MAC={0xa}, @NDA_LLADDR={0xa, 0x2, @link_local}]}, 0x34}, 0x1, 0x0, 0x0, 0x240140a1}, 0x0)
r11 = socket(0x10, 0x2, 0x0)
write(r11, &(0x7f0000000000)="240000001e005f80004000000000000002000000010000000000080008000100000000ff", 0x24)
syz_clone(0x11000000, &(0x7f0000000200)="90dda30ce22d5e3122a30fc1cbc2119081273b5f52a999a7799350f9ea817c29c4b1f9799656c1cf8292ac58d58b3c95530937a50d4ea46d5f428d80ccf2008df03dcf63c5d24ec3be0d712c2cbd705f2d52d95b1e3f734650dea344c6dd91d79344915b4dda675d63e6b278a9cf21d9cf4be0a95f9bd63ae34341fe3eeb63112f51bbe429de028d07947ef5cad971f8f576dfa7dc570443630d", 0x9a, &(0x7f0000000180), &(0x7f00000002c0), &(0x7f0000000300)="86f63d9789859fdaa737768315dd8e669f860ddd9e13f3a67d1f5e5188a7efc6086055b5b928cc8181c1767bb7d8f5cdfe1f143548287bf038729de31ca8e62e023b7a196861935ff8ecbcc881a7fac585269b4535377f10c48a07ccb1ce3f383b")
ioctl$F2FS_IOC_MOVE_RANGE(r5, 0xc020f509, &(0x7f00000000c0)={r7, 0x13ff, 0x7, 0x10001})

29m23.913506828s ago: executing program 1 (id=919):
setrlimit(0x40000000000008, &(0x7f0000000000)={0x2, 0x8d96})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x840, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000005700)=[@text32={0x20, 0x0}], 0x1, 0xe, 0x0, 0x0)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0xf)
socket$xdp(0x2c, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0x6, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000018220000", @ANYRES32=r1, @ANYBLOB="0000000700000000000000c1df42c2c3639b570aff43a643d6300bbc15b1de5b7c1238f10653cd42c4a7b209000000203a5dc27717ebcd8f5db8a5dd5b059236330bc52da1af14cc43d98c13a9b975b4179b9eb3a6456da5bd21dc9996"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r3}, 0xc)
unshare(0x22020600)
r4 = socket$inet6_icmp(0xa, 0x2, 0x3a)
bind$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e20, 0x3, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
madvise(&(0x7f000009c000/0x3000)=nil, 0x3000, 0x15)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0)
r7 = syz_io_uring_setup(0x237, &(0x7f0000000300)={0x0, 0x200000, 0x10100, 0x3}, &(0x7f0000000000)=<r8=>0x0, &(0x7f00000001c0)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r7, 0x2def, 0x4000, 0x0, 0x0, 0x0)
write$dsp(r6, &(0x7f0000002000)='`', 0x88020)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
chdir(&(0x7f0000000000)='./file0\x00')
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r10, 0xffffffff80000900, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
migrate_pages(r5, 0x5, &(0x7f0000000040)=0x9, &(0x7f0000000080)=0x272)

29m8.602385749s ago: executing program 33 (id=919):
setrlimit(0x40000000000008, &(0x7f0000000000)={0x2, 0x8d96})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x840, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000005700)=[@text32={0x20, 0x0}], 0x1, 0xe, 0x0, 0x0)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0xf)
socket$xdp(0x2c, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0x6, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000018220000", @ANYRES32=r1, @ANYBLOB="0000000700000000000000c1df42c2c3639b570aff43a643d6300bbc15b1de5b7c1238f10653cd42c4a7b209000000203a5dc27717ebcd8f5db8a5dd5b059236330bc52da1af14cc43d98c13a9b975b4179b9eb3a6456da5bd21dc9996"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r3}, 0xc)
unshare(0x22020600)
r4 = socket$inet6_icmp(0xa, 0x2, 0x3a)
bind$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e20, 0x3, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
madvise(&(0x7f000009c000/0x3000)=nil, 0x3000, 0x15)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0)
r7 = syz_io_uring_setup(0x237, &(0x7f0000000300)={0x0, 0x200000, 0x10100, 0x3}, &(0x7f0000000000)=<r8=>0x0, &(0x7f00000001c0)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r7, 0x2def, 0x4000, 0x0, 0x0, 0x0)
write$dsp(r6, &(0x7f0000002000)='`', 0x88020)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
chdir(&(0x7f0000000000)='./file0\x00')
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r10, 0xffffffff80000900, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
migrate_pages(r5, 0x5, &(0x7f0000000040)=0x9, &(0x7f0000000080)=0x272)

28m51.366645474s ago: executing program 5 (id=1036):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = fsopen(&(0x7f0000001880)='squashfs\x00', 0x0)
r2 = dup3(r0, r1, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000240)={'gre0\x00', &(0x7f0000000780)={'sit0\x00', 0x0, 0x40, 0x10, 0x7fffffff, 0x4, {{0x46, 0x4, 0x2, 0x2f, 0x118, 0x64, 0x0, 0x7, 0x2f, 0x0, @remote, @broadcast, {[@timestamp={0x44, 0x24, 0xb5, 0x0, 0x2, [0x188, 0x8, 0x40, 0x5, 0x8b, 0x9, 0xffff, 0x4]}, @rr={0x7, 0x23, 0x42, [@multicast1, @multicast2, @broadcast, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x3b}, @broadcast, @rand_addr=0x64010102, @rand_addr=0x64010100]}, @ssrr={0x89, 0x17, 0xc5, [@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @rand_addr=0x64010101, @multicast2, @loopback]}, @cipso={0x86, 0x58, 0x0, [{0x6, 0xd, "67dcfc4d5a4aeaaaaea8d9"}, {0x2, 0x10, "d906b52a6b1d370bda053fb29995"}, {0x2, 0xc, "a4645e3b6704aaf015aa"}, {0x6, 0xf, "455e3c8f6dabaf03b3e16ff4eb"}, {0x0, 0xb, "6590931e727779c30b"}, {0x5, 0xf, "6da0762a601555943d2b2fc26a"}]}, @timestamp_prespec={0x44, 0x4c, 0xdb, 0x3, 0x2, [{@dev={0xac, 0x14, 0x14, 0x20}, 0x9}, {@local, 0xfffffffe}, {@rand_addr=0x64010102, 0x4}, {@broadcast, 0x9}, {@loopback, 0x182}, {@rand_addr=0x64010102, 0x3}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x38000000}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x80000000}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x5}]}]}}}}})

28m51.233571769s ago: executing program 5 (id=1041):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000840)=@security={'security\x00', 0x4, 0x4, 0x448, 0xffffffff, 0x2a8, 0x1d0, 0x1d0, 0xffffffff, 0xffffffff, 0x378, 0x378, 0x378, 0xffffffff, 0x7fffffe, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @remote}, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, [0x0, 0xff000000, 0xffffffff, 0xffffffff], [0xff000000, 0xff000000, 0xffffff00, 0xff], 'dvmrp0\x00', 'vlan0\x00', {0xff}, {}, 0x2f, 0xb, 0x3, 0x18}, 0x0, 0xa8, 0x1d0}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x2, 0x2, 'system_u:object_r:lib_t:s0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}, {{@ipv6={@private1, @local, [], [0x0, 0xffffff00], 'geneve1\x00', 'macvlan0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4a8)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
splice(r1, &(0x7f0000000780), r2, &(0x7f0000000800)=0x3f1d, 0x3, 0xe)
syz_usb_control_io(r0, &(0x7f0000000200)={0x2c, &(0x7f0000000000)={0x20, 0x10, 0xb, {0xb, 0xf, "84a26ca77d95ac46e9"}}, &(0x7f0000000040)={0x0, 0x3, 0xda, @string={0xda, 0x3, "4ed9222e816c74a43117f04dd68daab572008c6c9e590ec5b1ae526c7bafcc067f50bd9329f263c419c1d3a0d3d31e8b7d411ddbec73ef9b9d8e6b00301974d7378b89e335279534e3cbd3011da8b8933670b8e843c5c85830af0c63929b0fb1771c611883fbb0a874d757741eaee4d68276daba3c3ca0992b982b38b72be3b9a5ea5ff46ce90516ecbdeec073771387a0de3e890a50de66557688a9e806e16c3f3f6e2f3803b5649b57fdbcb9d06ccbc82fdda5457a3fea16d3dcea633eab675cdb31942885d49611d5e66c7edb5466780c5a9fff12efec"}}, &(0x7f0000000140)={0x0, 0xf, 0x8, {0x5, 0xf, 0x8, 0x1, [@ptm_cap={0x3}]}}, &(0x7f0000000d00)={0x20, 0x29, 0xf, {0xf, 0x29, 0x3, 0x10, 0x9, 0x20, "5b2c57f5", "6263d542"}}, &(0x7f00000001c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x7c, 0x74a15f3c350696aa, 0x3, 0x2, 0x0, 0x9, 0x3}}}, &(0x7f00000006c0)={0x84, &(0x7f0000000240)={0x0, 0x16, 0x93, "425f6909772704762a4edef0b4e21d64b7ae30af1835bb1a1e296eece1de11f129bb626069b4b7a21c75c5c492238b5b51149f9a5ad31e436a43724e444a92b14ab98c0525e57a4b41b31f65af6818ae78018f6c5f53ee574379b76521e1f8e1e6f1d553fdd598ae2bc229f6a30d3d18ed491143c911ac24ca447b39fad79af6687dd1dd0340d5ab0ae9019238848405c3b6e2"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x40}, &(0x7f0000000380)={0x20, 0x0, 0x4}, &(0x7f00000003c0)={0x20, 0x0, 0x4, {0x20, 0x8}}, &(0x7f0000000400)={0x40, 0x7, 0x2, 0x9}, &(0x7f0000000440)={0x40, 0x9, 0x1, 0x3}, &(0x7f0000000480)={0x40, 0xb, 0x2, "1c4e"}, &(0x7f00000004c0)={0x40, 0xf, 0x2, 0x7}, &(0x7f0000000500)={0x40, 0x13, 0x6}, &(0x7f0000000540)={0x40, 0x17, 0x6, @link_local}, &(0x7f0000000580)={0x40, 0x19, 0x2, "45e7"}, &(0x7f00000005c0)={0x40, 0x1a, 0x2, 0x6}, &(0x7f0000000600)={0x40, 0x1c, 0x1, 0xb}, &(0x7f0000000640)={0x40, 0x1e, 0x1, 0x1}, &(0x7f0000000680)={0x40, 0x21, 0x1, 0x9}})
syz_usb_control_io$hid(r0, 0x0, 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0xfffffffffffffeff)
ioctl$FS_IOC_GETVERSION(r3, 0x40025b0c, 0x0)

28m50.370496875s ago: executing program 4 (id=1047):
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_SUBDEV_S_CROP(r0, 0xc038563c, &(0x7f00000000c0)={0x1, 0x0, {0x0, 0x8000, 0x40, 0x9}})
r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
setresuid(0x0, 0xffffffffffffffff, 0xee00)
getresuid(&(0x7f00000000c0), &(0x7f0000000040), &(0x7f0000000080)=<r2=>0x0)
setresuid(0x0, r2, 0xffffffffffffffff)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000000), &(0x7f0000000100)=0x14)

28m50.150538003s ago: executing program 4 (id=1048):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00')
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_pressure(r4, &(0x7f0000000040)='memory.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r5, &(0x7f0000000080)={'full', 0x20, 0x2000000005, 0x20, 0x10000000fffff}, 0x8)
fchdir(r3)
setuid(0xee00)
openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000800), 0x0, 0x2, 0x0)
shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000639000/0x2000)=nil)
r6 = shmget$private(0x0, 0x3000, 0x800, &(0x7f0000f9a000/0x3000)=nil)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
shmctl$IPC_RMID(r6, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14edffff2100020026bd70004a8d3b0f8293c3ff"], 0x14}, 0x1, 0x0, 0x0, 0x24008888}, 0x40)

28m48.310221773s ago: executing program 4 (id=1052):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000580)={0x1, @pix_mp={0x0, 0x0, 0x34325842, 0x4, 0x1, [{}, {0x277c, 0xfffffffd}, {0x0, 0x333e99ca}, {}, {}, {0xd360, 0x4}], 0x14}})
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000040)={0xff, 0x1, 0x4, 0x0, 0xfd})
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
add_key(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000180))
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000003940)=@base={0x21, 0x0, 0x0, 0x0, 0xb5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x418000)
r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$uac1(0x1, 0x81, &(0x7f00000000c0)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0xff, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6f, 0x3, 0x1, 0x0, 0x0, 0x39, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x1, 0x9}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x80, 0x1, 0x8, {0x7, 0x25, 0x1, 0x0, 0x9, 0x100}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x1ff, 0x2, 0x7}, @as_header={0x7, 0x24, 0x1, 0x82, 0x7}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x6, 0x1, 0x9, {0x7, 0x25, 0x1, 0x81, 0x9, 0x81}}}}}}}]}}, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000780)={@local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00 \x00', 0x18, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @local, {[], @mld={0x187, 0x0, 0x0, 0x0, 0x0, @local}}}}}}, 0x0)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000040)={'bond0\x00', 0xff})
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x2001100, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0)

28m47.220030993s ago: executing program 5 (id=1059):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
set_mempolicy(0x2, &(0x7f00000002c0)=0xfff, 0x9f9)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'geneve0\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x49920d862a92153b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_MULTI_BOOLOPT={0xc, 0x2e, {0x0, 0xfffffffffffffffe}}]}}}]}, 0x40}}, 0x0)
sendto$packet(r3, &(0x7f0000000180)="0b032200e0ff64000200475400f6a13bb1000000080081004803", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r4}, 0x14)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}}, 0x1c}}, 0x0)
r8 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_mreq(r8, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r10, 0x8933, &(0x7f0000001bc0)={'batadv_slave_1\x00', <r11=>0x0})
sendmsg$nl_route(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="480000001400030400000000000000000a3f0000", @ANYRES32=r11, @ANYBLOB="14000200ff0200000000000000000000000000011400060000000000060000000000000000000000080008000004"], 0x48}, 0x1, 0x0, 0x0, 0x400c1}, 0x88)
setsockopt$inet6_int(r8, 0x29, 0x46, 0x0, 0x0)
r12 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r0)
sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f00000003c0)={0x48, r12, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_PORT_INDEX={0x8}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x20008090}, 0x0)

28m47.101157835s ago: executing program 5 (id=1060):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x80700a, 0x0)
umount2(0x0, 0xb)

28m47.040764939s ago: executing program 5 (id=1061):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = socket$inet(0x2, 0x3, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'team_slave_0\x00'})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, 0x0, 0x15)
r5 = dup(r4)
write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18)
r6 = socket$qrtr(0x2a, 0x2, 0x0)
bind$qrtr(r6, &(0x7f0000000000)={0x2a, 0x1, 0x2}, 0xc)
bind$vsock_stream(r5, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
pipe2(&(0x7f0000000040), 0x84000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x38, 0x3, 0x8, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0xf361}, @CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x7f}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x9c6}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}]}, 0x38}, 0x1, 0x0, 0x0, 0x200040c0}, 0x4)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x4010, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@cache_mmap}], [], 0x6b}})
r8 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0)
write$binfmt_misc(r8, &(0x7f0000000300), 0xd00)

28m46.709125336s ago: executing program 5 (id=1065):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="6000000002060500000000000000000000000000140007800800064000000000080013400000000005000100060000000900020073797a32000000000500040000000000050005000a00000011000300686173683a6970"], 0x60}}, 0x0) (fail_nth: 7)
socket$nl_netfilter(0x10, 0x3, 0xc)

28m45.837869413s ago: executing program 34 (id=1065):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="6000000002060500000000000000000000000000140007800800064000000000080013400000000005000100060000000900020073797a32000000000500040000000000050005000a00000011000300686173683a6970"], 0x60}}, 0x0) (fail_nth: 7)
socket$nl_netfilter(0x10, 0x3, 0xc)

28m44.541304227s ago: executing program 4 (id=1071):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x80700a, 0x0)
umount2(0x0, 0xb)

28m44.084041029s ago: executing program 4 (id=1075):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280), &(0x7f0000000580), 0xffffffff, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0xc90}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000040))
ioctl$sock_inet6_SIOCADDRT(r5, 0x890b, 0x0)
getpid()
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=@base={0x11, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r9 = syz_pidfd_open(r8, 0x0)
process_madvise(r9, 0x0, 0x0, 0xe, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000240)={r7}, 0x57)
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kmem_cache_free\x00', r10}, 0x10)

28m41.393300835s ago: executing program 4 (id=1085):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x80700a, 0x0)
umount2(0x0, 0xb)

28m40.531902942s ago: executing program 35 (id=1085):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x80700a, 0x0)
umount2(0x0, 0xb)

9.657928708s ago: executing program 0 (id=6871):
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0})
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000740)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000940)={0x1, 0x0, [{0x100000, 0xdd, &(0x7f0000000780)=""/221}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f00000003c0)={&(0x7f0000000700)=[{0x0, 0x1601, 0x0, 0x0}], 0x1})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000004c0)={0x1ff, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_open_procfs(0x0, 0x0)
pread64(r4, &(0x7f0000001240)=""/102400, 0x200000, 0x0)
r5 = syz_open_dev$evdev(&(0x7f0000000200), 0x200, 0x0)
ioctl$EVIOCSCLOCKID(r5, 0x40084503, &(0x7f0000000000)=0xfffffffd)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = socket$kcm(0x2, 0x922000000001, 0x106)
sendmsg$inet(r6, &(0x7f0000000040)={&(0x7f0000000280)={0x2, 0x0, @local}, 0x10, 0x0}, 0x2404c0c5)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)

7.268462278s ago: executing program 0 (id=6878):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x7690c5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{0xffffffffffffffff, <r1=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000280)=0xffffffffffffffff, 0x4)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
linkat(r2, &(0x7f0000000240)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1000)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x13, 0x8000024, 0x4, 0x2, 0x0, r1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x3, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{r1}, &(0x7f0000000700), &(0x7f0000000740)=r3}, 0x20)
poll(&(0x7f0000000000), 0x49, 0x2)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000df2bfd404b0c0001cad70102030109021b0001000000080904450001c9cef200090502ff0300000000"], 0x0)
symlinkat(&(0x7f00000002c0)='./file0/file0\x00', r3, &(0x7f0000000340)='./file0\x00')
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000010000/0x18000)=nil, &(0x7f0000000300)=[@text16={0x10, 0x0}], 0x1, 0x50, 0x0, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r5, 0x4004ae8b, &(0x7f0000000040)=ANY=[])
ioctl$KVM_RUN(r5, 0xae80, 0x0)

5.43294392s ago: executing program 8 (id=6888):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x1, "00000000000000000004044f00"}}}]}, 0x48}}, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r3 = creat(&(0x7f0000000440)='./file0\x00', 0x0)
open_by_handle_at(r3, &(0x7f0000000200)=@OVL_FILEID_V1={0x18, 0xfb, {'\x00', {0x0, 0xfb, 0x15, 0x2, 0x5, "e8371f2efe0868327a31a705ec978547"}}}, 0x10002)

5.397722791s ago: executing program 0 (id=6889):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3)
connect$l2tp6(r0, &(0x7f0000000540)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x3}, 0x20)
write$uinput_user_dev(r1, &(0x7f0000000080)={'syz1\x00', {0x1b10, 0x0, 0x1, 0x2}, 0x2f, [0x2, 0x4, 0x704d, 0x1, 0x5, 0x1, 0x2, 0x7db, 0x4, 0xfffffc01, 0xfffffffb, 0x8, 0x1, 0x100, 0xfe, 0x48, 0x7, 0x5, 0x2ca, 0x5, 0x76, 0x8, 0x0, 0x81, 0x40, 0x19b1, 0x8000, 0x7, 0x7fff, 0x4000000, 0x7, 0x3, 0xe, 0x7, 0x1, 0x1, 0x5, 0xf, 0x7, 0x10001, 0x9, 0x7f, 0x8, 0x6, 0xc, 0x5, 0x6, 0x40, 0x7f, 0x9, 0x1, 0x6, 0x3, 0x2284919, 0x4, 0x5643fa73, 0xdffeffff, 0x6, 0x800, 0x2, 0x8a, 0x6, 0x1, 0x6], [0xffffffd2, 0x7fffffff, 0xffff, 0x8, 0xe62, 0x3, 0x0, 0x9, 0xc33, 0x3, 0x7, 0x800, 0x6c368000, 0x4, 0x7, 0x0, 0x10, 0x5, 0x8, 0x8001, 0x3, 0x7fff, 0x9, 0x0, 0x484d, 0x4, 0x7, 0x8, 0x40, 0xc0f, 0x80000001, 0x3, 0x3, 0x3, 0x7, 0x8, 0x8, 0x7, 0x4, 0x9, 0x5, 0x3, 0x2, 0x0, 0x0, 0x11e, 0xa4, 0x4, 0x5, 0xd69, 0x9, 0xf404, 0xf1, 0x3, 0x3, 0x1, 0x6, 0x6, 0x0, 0x6, 0x8, 0x6, 0x4, 0x68], [0x3, 0x1, 0x4, 0xfffffffc, 0x0, 0x7fff, 0x401, 0xfffffff7, 0x2, 0x1000, 0x7, 0x4, 0xd, 0x7, 0x6, 0xa, 0x6, 0x4, 0x5, 0x5, 0x2, 0x30000000, 0x644, 0x2, 0xfffffffd, 0x7, 0x5, 0x1ff, 0x7ff, 0xd, 0x400, 0xf, 0x41, 0x81, 0xc99, 0x25a, 0x2, 0x0, 0x2, 0x5d9fffa, 0x3ff, 0xff, 0x40, 0x8, 0x10000, 0xe7, 0x200, 0x7af5, 0x2, 0xb, 0x0, 0xffff, 0x9, 0x6, 0x2, 0x81, 0x8, 0x2, 0x7, 0x100, 0x8, 0xfffffffe, 0x3, 0x10], [0xffffff80, 0xd5800000, 0x0, 0x4, 0x2, 0x62a, 0x3, 0x7, 0xb343, 0x4, 0x1, 0x8, 0x8000, 0x6, 0xffffff81, 0x80000000, 0x5, 0x3, 0x200, 0xfff, 0x3, 0xfffffffd, 0x3c63, 0x7, 0x4c90, 0xe6, 0xffffffff, 0x3, 0x2, 0x7, 0x1, 0x7, 0x7, 0x8, 0x1, 0xf, 0x9, 0x17ce, 0x0, 0x3, 0x6fe, 0xe, 0x7, 0x13a, 0x7, 0x0, 0xb756, 0x2, 0xb9, 0x4, 0x50, 0x8c1, 0x0, 0x5, 0x4, 0xf, 0x100, 0x400, 0x9, 0x7fff, 0x81, 0xfffffffb, 0xc, 0x2]}, 0x45c)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x300400c1)
ioctl$UI_SET_ABSBIT(r1, 0x40045567, 0x0)
ioctl$UI_DEV_CREATE(r1, 0x5501)
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000040))
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r5, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000200)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "fb0800", 0x14, 0x6, 0x1, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc3, 0x0, 0x0, 0x40}}}}}}}, 0x0)
r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r7 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r7, 0xc0884113, &(0x7f0000000240)={0x1000000, 0x40, 0x0, 0x10001, 0x0, 0x0, 0x4, 0x200000000000, 0xfffffffffffffffd, 0x800004000000, 0xbffffff8, 0x1})
write$uinput_user_dev(r1, &(0x7f0000000600)={'syz0\x00', {0x6, 0x4433, 0x5, 0xffe0}, 0x22, [0x80000001, 0x100, 0x6, 0xfffffff6, 0x1ff, 0x1, 0xab6, 0x9, 0x4, 0xe3, 0x400, 0x401, 0x7fff, 0x101, 0x200, 0x6, 0x6, 0x80000000, 0xfffffffa, 0x80, 0xb56, 0x5, 0x9, 0x0, 0x2, 0x4, 0x22c2a727, 0x8, 0x9, 0x8, 0x4e1, 0x1ff, 0xfffffffd, 0x6, 0x1000, 0x9, 0x3, 0x5, 0x5, 0x9, 0x1, 0x3, 0xa73, 0xc, 0x6, 0x4, 0x0, 0x721, 0x200, 0x2, 0x1000, 0xffff, 0x401, 0x6, 0xce, 0x3, 0x8, 0x1, 0x7, 0x8, 0x2, 0x5, 0x7, 0x7], [0x117e, 0x6, 0x40000, 0xc9, 0x8, 0x80000001, 0x3, 0x5, 0xb, 0x8, 0x2, 0x62, 0x67a, 0x7, 0x7ff, 0x4, 0x8, 0x4, 0x2, 0x10001, 0xcc8c, 0x2400000, 0xe, 0x9, 0x95, 0x8, 0x3, 0xfffffff2, 0x2, 0x7, 0x8, 0x8, 0xc0d, 0x2, 0x6, 0x6, 0x40, 0xd4ae, 0x430, 0x9, 0x4, 0x0, 0x2, 0x3, 0x3, 0x2, 0xa9e, 0x7ff, 0x4, 0x3, 0x7, 0x3, 0xf1, 0x0, 0x8, 0xfffff162, 0x40000000, 0x3, 0x1, 0x2, 0xec5, 0x5, 0xb7, 0x600000], [0xffff, 0xfffffffb, 0xed58, 0x100, 0x6, 0x4, 0x4, 0x1, 0x7, 0x8000, 0x5, 0x8, 0x4, 0x0, 0x4, 0xbb1e, 0x5, 0x5, 0x7e5, 0xd, 0x4, 0x7f, 0x2, 0x4, 0x4, 0x2, 0x709e, 0x8, 0xffff, 0xe292, 0x5, 0x93c3, 0xa, 0x401, 0x4, 0x1, 0x101, 0x4, 0x9, 0x4, 0x1, 0x5, 0xc, 0xfff, 0x2, 0x6, 0x330b, 0x8, 0x6, 0xfffffff8, 0x3, 0x0, 0x6, 0x7, 0x401, 0xfffffffa, 0x0, 0x2, 0x1, 0x6af, 0x0, 0xa2, 0x2000, 0x6], [0x47b, 0xa051, 0x7a4c, 0x2, 0xfffffff5, 0x9, 0x8001, 0x6, 0x3, 0x101, 0x8, 0x3, 0x6, 0x0, 0x938a, 0xf985, 0x3f7, 0xf, 0x8, 0x94, 0x29f, 0x800000, 0x9a, 0x101, 0x87, 0x4, 0x3, 0x9, 0x6, 0x6, 0x5c, 0xbac8, 0x9, 0x544751ba, 0x8, 0x3, 0x4, 0x400, 0x3, 0x7fffffff, 0x1ff, 0x0, 0x1, 0x4, 0x4, 0xf, 0x4, 0x8001, 0x1, 0x8, 0x9, 0x5, 0xb46e, 0x401, 0x5, 0x7, 0x5, 0xc, 0x4, 0x0, 0x5, 0x0, 0xfffffffe, 0x800]}, 0x45c)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000300)={0x0, {{0xa, 0x0, 0x1, @mcast1, 0xf51}}}, 0x88)
r8 = msgget$private(0x0, 0x214)
r9 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000240)={0x0, <r10=>0x0, <r11=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r10)
msgsnd(r8, &(0x7f0000000980)=ANY=[@ANYBLOB="03"], 0x401, 0x0)
msgctl$IPC_SET(r8, 0x1, &(0x7f0000000040)={{0x2, r10, r11, 0x0, r11, 0x82, 0x2}, 0x0, 0x0, 0x3, 0x9c84, 0x1, 0x0, 0x0, 0xfffc, 0x1b})
sendmsg$nl_xfrm(r2, &(0x7f0000000c40)={&(0x7f0000000580), 0xc, &(0x7f00000005c0)={&(0x7f0000000a80)=@newsa={0x194, 0x10, 0x800, 0x70bd26, 0x25dfdbfc, {{@in=@multicast1, @in=@multicast1, 0x4e23, 0x2, 0x4e23, 0x8000, 0xa, 0xa0, 0x20, 0x2c, 0x0, r10}, {@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x4d4, 0xff}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {0x18, 0x2, 0x0, 0x8, 0x401, 0x976, 0x6, 0x4}, {0xfff, 0x8, 0x8000000000000000, 0x7fffffffffffffff}, {0x3, 0x1}, 0x70bd28, 0x3502, 0xa, 0x0, 0xc, 0x90}, [@policy_type={0xa, 0x10, {0x1}}, @algo_auth_trunc={0x96, 0x14, {{'hmac(sha1-avx2)\x00'}, 0x250, 0xc0, "26d09001eabcfeef1e817002bd8a45e22dcbb3ed49715ed3fe4a0502296ab7c5d4cd4fa58d75e6067e03a1f3f9152172c56d3861974fa76fb2671ffeb941bc76bff8d6e2cad369146f4d"}}]}, 0x194}, 0x1, 0x0, 0x0, 0x4008800}, 0x4050)

5.397148744s ago: executing program 6 (id=6890):
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, 0x0, <r0=>0x0], &(0x7f0000000200), 0x4})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, &(0x7f0000000500)={0x0, 0x1, &(0x7f0000000180)=[r1], &(0x7f00000000c0)=[0x2], &(0x7f0000000580)=[r0], &(0x7f0000000040)})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000900)={&(0x7f0000000800)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000840)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000880)=[0x0, 0x0, 0x0, <r2=>0x0, 0x0, 0x0, 0x0], &(0x7f00000008c0)=[0x0, 0x0], 0x6, 0x7, 0x7, 0x2})
r3 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r3, 0xc01064c8, &(0x7f0000000200)={0x2, 0x0, &(0x7f0000000300)=[0x0, <r4=>0x0]})
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r3, 0xc04064aa, &(0x7f00000003c0)={&(0x7f0000001280), 0x0, r4, 0x0, '\x00', 0x1ffffffffffffd64, 0x20})
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f00000009c0)={&(0x7f0000000980)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x0, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(0xffffffffffffffff, 0xc06864a2, &(0x7f0000000a40)={&(0x7f0000000940)=[0x0, r1, r2, r4], 0x4, 0x0, r5, 0x4, 0x8, 0xa0d, 0x9, {0xe, 0xffff, 0x7, 0xd5b, 0x7, 0x7, 0x5, 0x9, 0x7f, 0x9, 0x2, 0x4, 0x2, 0x3, "18909fe08b22fc3aa8bf50353e00834f4b6f1bcc26d679359ee5db40b5eb1c14"}})
socket$packet(0x11, 0x3, 0x300)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x21, &(0x7f0000000200)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x2}, {}, {}, [@tail_call, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @exit, @map_val={0x18, 0x6, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x6}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='syzkaller\x00', 0x4, 0xf1, &(0x7f0000000340)=""/241, 0x41100, 0x2, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0xa, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000480)=[0xffffffffffffffff, 0x1], &(0x7f00000004c0)=[{0x5, 0x4, 0xb, 0xb}, {0x1, 0x2, 0xf, 0x4}, {0x3, 0x2, 0x2, 0xc}], 0x10, 0xe, @void, @value}, 0x94)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', <r9=>0x0})
sendmsg$nl_route(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@bridge_dellink={0x20, 0x13, 0x5, 0x0, 0x0, {0x7, 0x0, 0x0, r9}}, 0x20}}, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r6, r9, 0x25, 0x5, @void}, 0x10)
socket$packet(0x11, 0x3, 0x300)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r10 = syz_io_uring_setup(0x24f9, &(0x7f0000000180)={0x0, 0x0, 0x10100, 0x0, 0x1000000}, &(0x7f0000000600)=<r11=>0x0, &(0x7f0000000140)=<r12=>0x0)
r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='rdma.current\x00', 0x275a, 0x0)
write$UHID_CREATE2(r13, &(0x7f00000000c0)=ANY=[@ANYRES16=r13], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r13, 0x0)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000640), 0x101000, 0x0)
syz_io_uring_submit(r11, r12, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r10, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

5.266496603s ago: executing program 8 (id=6892):
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
syz_open_dev$MSR(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = gettid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
io_setup(0x1, &(0x7f0000000280))
ptrace(0x8, r0)
ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x5453, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, 0x0)
pipe(0x0)
socket$alg(0x26, 0x5, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
openat$selinux_avc_cache_threshold(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
socket$phonet(0x23, 0x2, 0x1)
socket$rxrpc(0x21, 0x2, 0xa)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10)

5.266058776s ago: executing program 6 (id=6893):
socket$nl_generic(0x11, 0x3, 0x10)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="4800000010", @ANYRES32=0x0, @ANYBLOB="000000000001000028006b800b00010062726973091ea100180002800500e400070000020a0014000180c200000d000070e6405b5004c94c5b054d1205f4604d0c622863ce472eb6123952dfe49a915677cf175c0513ea1480ddd5155cdb0d8a7b433e5f77182ecf49e41818de55cb0f154cab160aefb4176fdf3ad484246c647c0fbfffc2d47747f78c39ed37c5fa31f24de6803f29dce9ed46f91442e5ad3e22f7c75182108ee060eea5538ce7fa3d2d9db0be7d85428496b9a9951bfdb4549bba70958bb3fad03eea09ca2f3ca0a0f14943"], 0x48}}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$igmp6(0xa, 0x3, 0x2)
bind$rose(0xffffffffffffffff, &(0x7f0000000200)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, 0x1, @null}, 0x1c)
shutdown(0xffffffffffffffff, 0x1)
socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000100)='v7\x00', 0x208000, 0x0)

3.514603389s ago: executing program 6 (id=6896):
syz_open_dev$usbfs(&(0x7f0000000040), 0x80000000003, 0x101301)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000180700000000f56ab810c9b3fb000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r1 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x1, 0x0, 0xa}, {}, {0x0, 0x2}, 0x0, 0x0, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8000, 0x33}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x7}}, 0xe8)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="0209000202"], 0x10}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f0000000100007000000000000000000fe880000000000000000000000000001e0000002000000000000000000000200"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fe800000000000000000000000000000000000002b000000ff01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000000000000000000000000000000000000000000000000000000000000a0002007000000000000000"], 0xf0}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xb, &(0x7f0000000340)=@framed={{}, [@printk={@p, {}, {}, {}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x5}, {}, {0x85, 0x0, 0x0, 0xb0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

3.513174869s ago: executing program 8 (id=6898):
io_setup(0x6, &(0x7f00000003c0)=<r0=>0x0)
write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000340)={0x230, 0x7d, 0x40, {{0x500, 0xef, 0x0, 0xb000000, {0x0, 0x2, 0x7}, 0x0, 0x0, 0x0, 0x5, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x14, '\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e<]\xb4Z', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1h\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\b\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x230)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}}], {0x14}}, 0x3c}}, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000943000/0x2000)=nil, 0x2000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x98, 0x0, &(0x7f0000003200)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1472, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000031c0)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000017c0000040000000c00018006000600800a000004050280ff0417"], 0x528}}, 0xc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r6, 0x1, 0x4c, &(0x7f0000000000), 0x4)
sendmsg$inet(r6, &(0x7f0000002a80)={0x0, 0x0, 0x0}, 0x0)
preadv(r6, &(0x7f0000000240)=[{&(0x7f0000000140)=""/41, 0x29}, {&(0x7f0000000200)=""/14, 0xe}], 0x2, 0x33df51a1, 0x40)
io_submit(r0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}])

3.418378184s ago: executing program 0 (id=6899):
r0 = socket$inet(0x2b, 0x801, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x3, 0x0, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4800)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f0000000100))
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_SET_TIME(r6, 0x4024700a, &(0x7f0000000200)={0x1, 0x3a, 0x0, 0x1, 0xa, 0x4f, 0xfffffffe})
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000280)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x8000)
r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r7, 0xc0045006, &(0x7f0000000080)=0x7f)
ioctl$SNDCTL_DSP_SPEED(r7, 0x40045017, &(0x7f00000000c0))
read$dsp(r7, &(0x7f00000002c0)=""/59, 0x3b)

3.305875691s ago: executing program 6 (id=6900):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
getpid() (async)
sched_setaffinity(0x0, 0x0, 0x0) (async)
r1 = syz_clone(0x55882000, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x4207, r1) (async)
ptrace$setregs(0xd, r1, 0x0, &(0x7f00000003c0)) (async)
ptrace$getregset(0x4205, r1, 0x1, &(0x7f0000000080)={&(0x7f00000000c0)=""/120, 0x78}) (async)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001500)=@newtaction={0x18, 0x32, 0x829, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r5, 0x0, 0xd}, 0x18) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) (async)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) (async)
sendmsg$NFT_BATCH(r6, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000190a013f937f6977a978b10000000000"], 0x14}}, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x400, 0x258, 0x268, 0x311, 0x258, 0x268, 0x390, 0x460, 0x460, 0x390, 0x460, 0x9, 0x0, {[{{@uncond, 0x160, 0x1f8, 0x220, 0x0, {0x9401}, [@common=@inet=@hashlimit2={{0x150}, {'hsr0\x00', {0x0, 0x9, 0x0, 0x0, 0x0, 0x5, 0x9}}}]}, @common=@unspec=@NFQUEUE2={0x28}}, {{@uncond, 0x0, 0xa8, 0x110, 0xe4030000}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x460) (async)
close_range(r2, 0xffffffffffffffff, 0x0)

3.214157339s ago: executing program 6 (id=6901):
r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, 0x0)
gettid()
timer_create(0x7, 0x0, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c41, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000340)={{0x7f, 0x45, 0x4c, 0x46, 0xe, 0x9, 0xfa, 0xb7, 0x401, 0x2, 0x3, 0x4000004, 0x2ef, 0x40, 0x303, 0x3, 0x4, 0x38, 0x1, 0x4, 0x4, 0xa}, [{0x3, 0x8000, 0x0, 0x7, 0x4000000000000b, 0x5, 0x406, 0xca8}]}, 0x78)
ioctl$SNDCTL_SEQ_PANIC(0xffffffffffffffff, 0x5100)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000ff01000000000000"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
mount$tmpfs(0x0, 0x0, 0x0, 0x101a001, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff)
sendto$inet(0xffffffffffffffff, &(0x7f0000000080)='}', 0x1, 0x0, &(0x7f0000000040)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x6, 0x0}}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000000300)="ab", 0xffcc, 0x0, 0x0, 0x0)

2.722123768s ago: executing program 8 (id=6902):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x0, 0x6, 0x9, 0x0, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x7, @void, @value, @void, @value}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3)
syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000340)=""/102392, 0x18ff8)
shmctl$IPC_RMID(0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ptrace$setregs(0xf, r0, 0x2, &(0x7f0000000200)="ec927915dcc3c743c488a56f2ce92f0ba46cea04c150a009339f984733e36ca49270bc04144480c234490a272005a5af12f470068b390bdcf5b886131982334cb1b828865b01f4ec21471efc7530163bb1ce027ce10e7426cde44e3a90e2e82445b8398a86c245bd0859a5d31535f02a2984de871968e72f4828fc3c2e0672e599d14352973b50bd97d44aa033cb145bd38083259cf81c70bf800a03837cc26bf0087d")
r3 = shmget$private(0x0, 0x2000, 0x200, &(0x7f0000ffe000/0x2000)=nil)
shmctl$IPC_INFO(r3, 0x3, &(0x7f0000019340)=""/161)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000140)=0x7)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000080)=0xff)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x9003000000000000, 0x40, &(0x7f0000000b40)=@raw={'raw\x00', 0x2, 0x3, 0x2c8, 0x0, 0x178, 0x178, 0x178, 0x178, 0x230, 0x230, 0x230, 0x230, 0x230, 0x3, 0x0, {[{{@uncond, 0x0, 0x158, 0x178, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'kmp\x00', "d9d9e63590ab5471c46924e95540949f0cd7e2b0a94d71d9d944acb7f0a1297674a95b30cee19db4c1725572ba928385b1635c89b58ae9a0e1ea500b26f006da3fa8a134552f7980e92de5a784cd4f46e799e191835d7d5ea776f04bef524e22f0bb6ed4b00f44ceb936943e13fa1caa6b4b159c673db1efa9a08b1ddc74ce6c", 0x43, 0x3}}, @common=@inet=@socket3={{0x28}, 0x51}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@set2={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x328)

2.525393759s ago: executing program 0 (id=6903):
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
syz_usb_connect(0x2, 0x16c, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000f56f9710100c000043c80102030109025a0101000000000904"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x202)
timer_create(0x2, &(0x7f0000000000)={0x0, 0x29, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040))
ioctl$TCFLSH(0xffffffffffffffff, 0x80045438, 0x300000000000000)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
clock_gettime(0xfffffffffffffff1, &(0x7f0000000000)={<r2=>0x0})
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x80000000)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
r3 = memfd_secret(0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYRES64=r2], &(0x7f0000000040)='syzkaller\x00', 0x0, 0xfffffffffffffdf5, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x76, 0x101301)
r4 = syz_io_uring_setup(0x3676, &(0x7f000000a9c0)={0x0, 0x0, 0x4}, &(0x7f000000aa40), &(0x7f000000aa80))
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r4, 0x2, &(0x7f0000002800)={0x0, 0x0, 0x0, 0x0}, 0x20)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
fcntl$lock(r5, 0x6, &(0x7f0000002000)={0x1})
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, 0x0, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1a, &(0x7f0000000280))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000340)={<r7=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r6, 0xc0182101, &(0x7f0000000180)={r7})

2.237968144s ago: executing program 7 (id=6904):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x0, {}, [@FRA_GENERIC_POLICY=@FRA_FWMASK={0x8, 0x10, 0x1000}]}, 0x24}}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0) (fail_nth: 5)

2.192725525s ago: executing program 6 (id=6905):
syz_usb_connect(0x0, 0x24, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d01020301090212000100000000090401"], 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f0000000000)=@filename='./file0\x00', r1, &(0x7f0000000080)='./file0\x00')
r2 = dup2(r0, r0)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f00000083c0)={{0x1, 0x3}})
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000cc0)={{0x3, 0x3, 0x1, 0x1, 0x9}})
ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f00000001c0)={'\x00', 0x40, 0x1000, 0x404, 0x40000004, 0x10})
sendmsg$kcm(r2, &(0x7f00000004c0)={&(0x7f0000000240)=@vsock={0x28, 0x0, 0x0, @my=0x1}, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)="14942cc57b0670814bccb1b7a39fa21c1a09a41a160948a517c41d28848f611e4441b3bb2833c3dd889d4f257f43ac3a74f8fc370e58de73106f4115dfe368fec7b6c9301f16fc55b5e1c4b389482b460b72ce70bbb0fa7c2b633be1edf72c5bd23d70603f80bd7d4168e21f5edd96288665d5afcc59b651fa5c9cd51f983c3531ab853eeb137ce426c51475b90e440c6f062df85749e8731d593af7f4be759bf5eb14bd728f0803cc6c182f18531bf1c332cdd7f308d10459fa55", 0xbb}, {&(0x7f0000000380)="10e2bcf9ceedcf921396d7abba0e025bb38c7fafc5871e70d1ce31140b6dad0f7cca212d09f62576dbcaa7645863086a18cc25ced0a4768746643c4c55cff76e91153625c5e3cb2f4191766c8ce1b31d", 0x50}, {&(0x7f0000000400)="87a10f6ac94934109901ca4a739f615c3e36136240fe544cac71d1c3377b43959a0f0a741de4ef6928dcf1ea0ac31b0b5e894193ae5ebba0a30e9a02bce8e696d4a35601ca16e431977affbc9f5823d56d789fb2ba7f3d2c8cf7400be363eb71c14be551763e9612cf16cede91", 0x6d}], 0x3}, 0x0)
ioctl$BLKTRACESTART(r0, 0x1274, 0x0)

2.087981041s ago: executing program 2 (id=6906):
socket$packet(0x11, 0x3, 0x300)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40014}, 0x2004c840)
socket(0x10, 0x803, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
r1 = syz_io_uring_setup(0x24f9, &(0x7f0000000180)={0x0, 0x0, 0x10100, 0x0, 0x1000000}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='rdma.current\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f00000000c0)=ANY=[@ANYRES16=r4], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

1.790461226s ago: executing program 7 (id=6907):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x40200, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0xd)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$TIOCNXCL(r0, 0x540d)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@ipv6_delroute={0x38, 0x19, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600}, [@RTA_PRIORITY={0x8, 0x1e}, @RTA_GATEWAY={0x14, 0x5, @loopback}]}, 0x38}}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NETID(r4, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x24, r5, 0x300, 0x70bd26, 0x25dfdbfc, {{}, {}, {0x8, 0x2, 0x7}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x20000011}, 0x20000090)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'veth1_virt_wifi\x00', 0xc201})
ioctl$TUNSETOFFLOAD(r3, 0x400454d0, 0x19)
ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000280)="c0", 0x1}], 0x1)

1.790156627s ago: executing program 7 (id=6908):
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
syz_open_dev$MSR(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = gettid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
io_setup(0x1, &(0x7f0000000280))
ptrace(0x8, r0)
ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x5453, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, 0x0)
pipe(0x0)
socket$alg(0x26, 0x5, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
openat$selinux_avc_cache_threshold(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
socket$phonet(0x23, 0x2, 0x1)
socket$rxrpc(0x21, 0x2, 0xa)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10)

1.771797886s ago: executing program 2 (id=6909):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001100), r0)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x3c, r1, 0x800, 0x70bd29, 0x25dfdbfd, {}, [@IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x5}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40841}, 0x10008004)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000140)) (async)
ioctl$PPPIOCSFLAGS1(r2, 0x40047459, &(0x7f00000000c0)=0x41) (async)
ioctl$PPPIOCATTACH(0xffffffffffffffff, 0x4004743d, &(0x7f0000000040)) (async)
pwritev(r2, &(0x7f0000000480)=[{&(0x7f0000000180)="80fd02000040", 0x42}], 0x1, 0x4, 0x0)

1.263650916s ago: executing program 2 (id=6910):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000080)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e21, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7fff}}}, 0x30) (fail_nth: 1)

1.18186227s ago: executing program 7 (id=6911):
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f00000002c0)=""/141, 0x8d, 0x1, &(0x7f00000003c0)=""/92, 0x5c}, &(0x7f0000000440)=0x40) (async)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f00000002c0)=""/141, 0x8d, 0x1, &(0x7f00000003c0)=""/92, 0x5c}, &(0x7f0000000440)=0x40)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = syz_io_uring_setup(0x5739, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) (async)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[], 0x118) (async)
write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) (async)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r1, 0x64b7, 0x20000, 0x0, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x20}]}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000480)={'team0\x00', <r5=>0x0})
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r7 = fanotify_init(0x202, 0x0)
fanotify_mark(r7, 0x1, 0x4800003e, r6, 0x0)
dup2(r7, r6) (async)
r8 = dup2(r7, r6)
read$FUSE(r8, &(0x7f0000001a40)={0x2020}, 0x2020) (async)
read$FUSE(r8, &(0x7f0000001a40)={0x2020}, 0x2020)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x3, 0x3, 0x81, 0x18002, 0x1, 0x5, '\x00', r5, 0xffffffffffffffff, 0x4, 0x5, 0x4, 0xb, @value=r8, @void, @value=r0}, 0x50) (async)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x3, 0x3, 0x81, 0x18002, 0x1, 0x5, '\x00', r5, 0xffffffffffffffff, 0x4, 0x5, 0x4, 0xb, @value=r8, @void, @value=r0}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r9, &(0x7f00000000c0), &(0x7f0000000000)=""/8, 0x2}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r9, &(0x7f0000000140)='P', &(0x7f0000000000)=""/8, 0x2}, 0x20)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
close(0x3) (async)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa1000000000000070100"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2000}, [@call={0x85, 0x0, 0x0, 0x75}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af0ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r11}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0100000004000000080000000b"], 0x50)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000380)={r9, &(0x7f00000001c0)="78bccb860a06ab8914885d14df47185638feb78d0490db884748d88bc32f83c1e4236478b3262cf40d4ae32b30d2d5a14dad2043eec751faf763948182c54be5cfcacec662e4df0177ce64b0ac804d3867cf5b0cdc0a513ea15134f4b52adb2e6d62a76ffce2c83bf0b79252816a5cc5b21c2f578d3b4f0b1794e887f0d99368fb386498203ac3d4de0d99ba667050160cfb24dbecb4d154b19141d539e517768c0319896a662e99294837fe165e5d8268ef918d0e102a659a542c9274cd457297a57fa760bd7a9c6dac9d2c225a806bd071da2216008746883d1b2e05d0f7bd9560c7f6b41fa4ed895e7a59204eccdf9f0000000000", 0x0}, 0x20) (async)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000380)={r9, &(0x7f00000001c0)="78bccb860a06ab8914885d14df47185638feb78d0490db884748d88bc32f83c1e4236478b3262cf40d4ae32b30d2d5a14dad2043eec751faf763948182c54be5cfcacec662e4df0177ce64b0ac804d3867cf5b0cdc0a513ea15134f4b52adb2e6d62a76ffce2c83bf0b79252816a5cc5b21c2f578d3b4f0b1794e887f0d99368fb386498203ac3d4de0d99ba667050160cfb24dbecb4d154b19141d539e517768c0319896a662e99294837fe165e5d8268ef918d0e102a659a542c9274cd457297a57fa760bd7a9c6dac9d2c225a806bd071da2216008746883d1b2e05d0f7bd9560c7f6b41fa4ed895e7a59204eccdf9f0000000000", 0x0}, 0x20)

582.567492ms ago: executing program 2 (id=6912):
io_setup(0x6, &(0x7f00000003c0)=<r0=>0x0)
write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000340)={0x230, 0x7d, 0x40, {{0x500, 0xef, 0x0, 0xb000000, {0x0, 0x2, 0x7}, 0x0, 0x0, 0x0, 0x5, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x14, '\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e<]\xb4Z', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1h\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\b\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x230)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}}], {0x14}}, 0x3c}}, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000943000/0x2000)=nil, 0x2000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x98, 0x0, &(0x7f0000003200)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1472, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000031c0)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000017c0000040000000c00018006000600800a000004050280ff0417"], 0x528}}, 0xc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r6, 0x1, 0x4c, &(0x7f0000000000), 0x4)
sendmsg$inet(r6, &(0x7f0000002a80)={0x0, 0x0, 0x0}, 0x0)
preadv(r6, &(0x7f0000000240)=[{&(0x7f0000000140)=""/41, 0x29}, {&(0x7f0000000200)=""/14, 0xe}], 0x2, 0x33df51a1, 0x40)
io_submit(r0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}])

564.146547ms ago: executing program 7 (id=6913):
r0 = mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x0, 0x0)
close(r0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000008b04cd48d47b95793211f07656b0dcb77a480665e430a8f6b5835c51b53e00c25b70e4388f75436b97ec628a3dbec6c4400266454170341031fff2bfe993e82f5ff8044075fd0efd87beaa5c3b9b722fecd660c87e3a3ca91beedc273f9045631831b393fd7c737a9be587652f7bcfed02fd51ff059eba4b5f000039184e183bace8c3c978836530e67b5c1d"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000000)={0x14, r3, 0x1, 0x0, 0x0, {{0x2}, {@void, @void}}}, 0x14}}, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
close(r0)
r4 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0xd)
openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a00000005000000020000000700000000000000", @ANYRES32=0x1, @ANYBLOB="000000aaa64f1b4cc034b15c8cd45a0f5abc0000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r5}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r8 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r7, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r8}, './file0\x00'})
r9 = socket(0x10, 0x3, 0x0)
r10 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000200)=@newqdisc={0x54, 0x24, 0xf0b, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0xc}, {0xffff, 0xffff}, {0x1, 0x9}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x24, 0x2, {{0x0, 0x0, 0x6c, 0x0, 0x0, 0xbfffffff}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}]}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x2004c0c4}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_lsm={0x1d, 0x10, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [@exit], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x1, 0x16, &(0x7f0000000300)=""/22, 0x41100, 0x4, '\x00', r11, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000000380)={0x4, 0x7, 0x64c, 0x7}, 0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r6}, 0xc)
io_setup(0x8, &(0x7f0000004200))
r12 = syz_io_uring_complete(0x0)
ioctl$BTRFS_IOC_SCRUB(r9, 0xc400941b, &(0x7f0000000880)={<r13=>0x0, 0x5, 0x7f, 0x1})
ioctl$BTRFS_IOC_DEV_INFO(r12, 0xd000941e, &(0x7f0000001500)={r13, "0eb3999d894dfffb7f91b4d073f0ca7f"})

366.003184ms ago: executing program 2 (id=6914):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) (async)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f00000000c0)={0xc, <r2=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000100)={0x28, 0x7, r2, 0x0, &(0x7f0000a30000/0x4000)=nil, 0x4000, 0x8}) (async)
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000100)={0x28, 0x7, r2, 0x0, &(0x7f0000a30000/0x4000)=nil, 0x4000, 0x8})
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0) (async)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89a2, 0x0)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x7d, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r3, 0x5607, 0x2c)
syz_open_dev$tty1(0xc, 0x4, 0x1) (async)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
ioctl$TIOCL_SETVESABLANK(r5, 0x560e, &(0x7f0000000140))
syz_open_dev$tty1(0xc, 0x4, 0x1) (async)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_BLANKSCREEN(r6, 0x541c, &(0x7f0000000000))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000200), 0x2001, 0x0)
write(r9, 0x0, 0x0) (async)
write(r9, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) (async)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r8, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0xffffffffffffffe0)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) (async)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) (async)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)

290.963118ms ago: executing program 7 (id=6915):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffc}, 0x23)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000009c0)='m ', 0x2}], 0x1}, 0x8005)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=ANY=[@ANYBLOB="850000002a00000084000000000000009500060000000000"], &(0x7f0000001840)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000040)=r3, 0x4)
syz_emit_ethernet(0x8a, &(0x7f0000000140)=ANY=[], 0x0)
recvmsg$unix(r0, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002)
recvmsg$unix(r0, &(0x7f0000000d00)={0x0, 0x0, 0x0}, 0x2)

290.059862ms ago: executing program 8 (id=6916):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x402101, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket(0x1e, 0x1, 0x0)
connect$tipc(r2, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
sendmmsg$unix(r2, &(0x7f0000002940)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x20000080}}, {{&(0x7f0000001580)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x40000}}], 0x2, 0x4008895)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x4, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4004556c, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r3 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000001400), 0x0, 0x0)
r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000015c0), 0x2040, 0x0)
ppoll(&(0x7f0000001600)=[{r3, 0x4c0}, {r4, 0x6010}], 0x2, 0x0, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x0, 0xfe, 0x0, 0x23, 0x6, 0xfe, 0x40, 0x1, 0x0, 0x8, 0x4, 0x0, 0x0, 0x40, 0x0, 0x3}})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x6, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, 0x8000000000000, 0x80000000000000, 0x0, 0x9, 0x0, 0x0, 0x0, 0x8001], 0x1, 0x3c4210})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

187.14511ms ago: executing program 8 (id=6917):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d000110000000090400"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r1, &(0x7f0000000040)="3f031c0003021400060056354700000000000000000000000000000000000000000000000009", 0x26, 0x8080, &(0x7f0000000540)={0xc9, 0x8100, 0x0, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}, 0x14)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r2, 0x40025b0c, &(0x7f0000000040))

186.686336ms ago: executing program 2 (id=6918):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = open(&(0x7f00009e1000)='./file0\x00', 0x48141, 0x0)
fcntl$getflags(r3, 0x401)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="12000000040000000400", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000003c0)=ANY=[@ANYRES32=r6, @ANYRES32=r5, @ANYBLOB="2600000000000000000000000a53acffd6273ae9e9369faf336425513865a14f", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r6, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r4}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000240)={r6, &(0x7f0000000200)}, 0x20)
clock_settime(0x0, &(0x7f0000003c80)={0x77359400})
ustat(0xfffffffeffffffff, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003700)=ANY=[@ANYBLOB="4400000010003b1500000000000000", @ANYRES32=0x0], 0x44}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x2, 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="8910000000000000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB], 0x7c}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="9feb0100180000000000000024000017f82677000000000000000900000000030000009c020000000200000000004db69d690021000000050000000000001bd869b59363b3ea69f36369100f5419eb334869845394409076035e15fa150f573f8ef2db905cfd8b3f5efa06ed3d7a965332d54c39ec3e22154c394cb881121f6374"], 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)

0s ago: executing program 0 (id=6919):
socket$packet(0x11, 0x3, 0x300)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40014}, 0x2004c840)
socket(0x10, 0x803, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
r1 = syz_io_uring_setup(0x24f9, &(0x7f0000000180)={0x0, 0x0, 0x10100, 0x0, 0x1000000}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='rdma.current\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f00000000c0)=ANY=[@ANYRES16=r4], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

80937][T29513]  should_fail_ex+0x497/0x5b0
[ 1996.085596][T29513]  _copy_to_user+0x32/0xd0
[ 1996.089993][T29513]  simple_read_from_buffer+0xd0/0x160
[ 1996.095346][T29513]  proc_fail_nth_read+0x198/0x270
[ 1996.100348][T29513]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1996.105871][T29513]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1996.111397][T29513]  vfs_read+0x1df/0xbe0
[ 1996.115527][T29513]  ? __fget_files+0x1fc/0x3a0
[ 1996.120193][T29513]  ? __pfx___mutex_lock+0x10/0x10
[ 1996.125209][T29513]  ? __pfx_vfs_read+0x10/0x10
[ 1996.129863][T29513]  ? __fget_files+0x206/0x3a0
[ 1996.134518][T29513]  ksys_read+0x12b/0x250
[ 1996.138735][T29513]  ? __pfx_ksys_read+0x10/0x10
[ 1996.143476][T29513]  do_syscall_64+0xcd/0x250
[ 1996.147957][T29513]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1996.153833][T29513] RIP: 0033:0x7f9a6798472c
[ 1996.158234][T29513] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1996.177928][T29513] RSP: 002b:00007f9a68728030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1996.186324][T29513] RAX: ffffffffffffffda RBX: 00007f9a67b75fa0 RCX: 00007f9a6798472c
[ 1996.194274][T29513] RDX: 000000000000000f RSI: 00007f9a687280a0 RDI: 0000000000000004
[ 1996.202224][T29513] RBP: 00007f9a68728090 R08: 0000000000000000 R09: 0000000000000000
[ 1996.210172][T29513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1996.218117][T29513] R13: 0000000000000000 R14: 00007f9a67b75fa0 R15: 00007ffffd44b688
[ 1996.226071][T29513]  </TASK>
[ 1996.348893][T16091] usb 1-1: USB disconnect, device number 117
[ 1996.424750][T29515] lo speed is unknown, defaulting to 1000
[ 1996.905687][T29524] vivid-007: disconnect
[ 1997.181614][T29518] vivid-007: reconnect
[ 1997.224062][T29520] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[ 1997.249278][   T29] audit: type=1400 audit(1734071821.625:1302): avc:  denied  { ioctl } for  pid=29519 comm="syz.8.6361" path="socket:[120514]" dev="sockfs" ino=120514 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[ 1997.368854][   T29] audit: type=1400 audit(1734071821.765:1303): avc:  denied  { write } for  pid=29532 comm="syz.0.6364" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1997.392004][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1997.498426][T29540] netlink: 324 bytes leftover after parsing attributes in process `syz.6.6366'.
[ 1997.535718][T29540] netlink: 68 bytes leftover after parsing attributes in process `syz.6.6366'.
[ 1998.247998][T29550] netlink: 132 bytes leftover after parsing attributes in process `syz.6.6369'.
[ 1998.261465][T29550] hub 2-0:1.0: USB hub found
[ 1998.266678][T29550] hub 2-0:1.0: 1 port detected
[ 1998.362863][   T29] audit: type=1326 audit(1734071822.765:1304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29556 comm="syz.8.6372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7968185d19 code=0x7ffc0000
[ 1998.419846][   T29] audit: type=1326 audit(1734071822.765:1305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29556 comm="syz.8.6372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7968185d19 code=0x7ffc0000
[ 1998.443316][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1998.533970][T29560] vivid-007: disconnect
[ 1998.627134][   T29] audit: type=1326 audit(1734071822.765:1306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29556 comm="syz.8.6372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f7968185d19 code=0x7ffc0000
[ 1998.701503][   T29] audit: type=1326 audit(1734071822.765:1307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29556 comm="syz.8.6372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7968185d19 code=0x7ffc0000
[ 1998.724998][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1998.987522][   T29] audit: type=1326 audit(1734071822.765:1308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29556 comm="syz.8.6372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7968185d19 code=0x7ffc0000
[ 1999.018402][   T29] audit: type=1326 audit(1734071822.765:1309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29556 comm="syz.8.6372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7f7968185d19 code=0x7ffc0000
[ 1999.042610][   T29] audit: type=1326 audit(1734071822.765:1310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29556 comm="syz.8.6372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7968185d19 code=0x7ffc0000
[ 1999.066231][   T29] audit: type=1326 audit(1734071822.765:1311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29556 comm="syz.8.6372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7968185d19 code=0x7ffc0000
[ 1999.197959][T29558] vivid-007: reconnect
[ 2000.016248][T29575] sp0: Synchronizing with TNC
[ 2000.050850][T29575] xt_socket: unknown flags 0x50
[ 2000.094170][T29578] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2000.219521][T29578] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2000.300814][T29562] team0 (unregistering): Port device team_slave_0 removed
[ 2000.327868][T29562] team0 (unregistering): Port device team_slave_1 removed
[ 2000.399930][T29587] FAULT_INJECTION: forcing a failure.
[ 2000.399930][T29587] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2000.415735][T29587] CPU: 0 UID: 0 PID: 29587 Comm: syz.7.6382 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[ 2000.426528][T29587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 2000.436582][T29587] Call Trace:
[ 2000.439843][T29587]  <TASK>
[ 2000.442756][T29587]  dump_stack_lvl+0x16c/0x1f0
[ 2000.447416][T29587]  should_fail_ex+0x497/0x5b0
[ 2000.452074][T29587]  ? fs_reclaim_acquire+0xae/0x150
[ 2000.457169][T29587]  should_fail_alloc_page+0xe7/0x130
[ 2000.462451][T29587]  prepare_alloc_pages.constprop.0+0x16f/0x560
[ 2000.468624][T29587]  __alloc_pages_noprof+0x190/0x25b0
[ 2000.473935][T29587]  ? hlock_class+0x4e/0x130
[ 2000.478429][T29587]  ? __lock_acquire+0x15a9/0x3c40
[ 2000.483447][T29587]  ? __pfx___alloc_pages_noprof+0x10/0x10
[ 2000.489184][T29587]  ? lock_acquire.part.0+0x11b/0x380
[ 2000.494470][T29587]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 2000.500351][T29587]  ? policy_nodemask+0xea/0x4e0
[ 2000.505196][T29587]  alloc_pages_mpol_noprof+0x2c9/0x610
[ 2000.510636][T29587]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[ 2000.516597][T29587]  ? lock_acquire+0x2f/0xb0
[ 2000.521092][T29587]  ? hugetlb_vma_lock_read+0xb2/0x140
[ 2000.526481][T29587]  __pmd_alloc+0x3f/0x860
[ 2000.530796][T29587]  huge_pte_alloc+0x292/0x3a0
[ 2000.535466][T29587]  hugetlb_fault+0x377/0x2fb0
[ 2000.540141][T29587]  ? __pfx_hugetlb_fault+0x10/0x10
[ 2000.545237][T29587]  ? find_vma+0xc0/0x140
[ 2000.549474][T29587]  ? __pfx_find_vma+0x10/0x10
[ 2000.554134][T29587]  handle_mm_fault+0x930/0xaa0
[ 2000.558896][T29587]  do_user_addr_fault+0x7a3/0x13f0
[ 2000.563993][T29587]  exc_page_fault+0x5c/0xc0
[ 2000.568489][T29587]  asm_exc_page_fault+0x26/0x30
[ 2000.573339][T29587] RIP: 0010:rep_movs_alternative+0x13/0x70
[ 2000.579163][T29587] Code: cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 83 f9 40 73 40 83 f9 08 73 21 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f
[ 2000.598771][T29587] RSP: 0018:ffffc90004a97d60 EFLAGS: 00050202
[ 2000.604825][T29587] RAX: 0000000000000001 RBX: 0000000020000040 RCX: 0000000000000004
[ 2000.612777][T29587] RDX: fffff52000952fbc RSI: 0000000020000040 RDI: ffffc90004a97de0
[ 2000.620730][T29587] RBP: 0000000000000004 R08: 0000000000000001 R09: fffff52000952fbc
[ 2000.628683][T29587] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000
[ 2000.636638][T29587] R13: ffffc90004a97de0 R14: 0000000000000000 R15: 0000000000000084
[ 2000.644627][T29587]  _copy_from_user+0x9a/0xd0
[ 2000.649211][T29587]  do_sock_getsockopt+0x5f6/0x800
[ 2000.654219][T29587]  ? trace_lock_acquire+0x130/0x1f0
[ 2000.659420][T29587]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 2000.664949][T29587]  ? lock_acquire+0x2f/0xb0
[ 2000.669433][T29587]  ? __fget_files+0x40/0x3a0
[ 2000.674008][T29587]  ? __fget_files+0x206/0x3a0
[ 2000.678664][T29587]  __sys_getsockopt+0x12f/0x260
[ 2000.684022][T29587]  __x64_sys_getsockopt+0xbd/0x160
[ 2000.689120][T29587]  ? do_syscall_64+0x91/0x250
[ 2000.693780][T29587]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2000.698959][T29587]  do_syscall_64+0xcd/0x250
[ 2000.703446][T29587]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2000.709321][T29587] RIP: 0033:0x7feeeed85d19
[ 2000.713718][T29587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2000.733323][T29587] RSP: 002b:00007feeefb1b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 2000.741722][T29587] RAX: ffffffffffffffda RBX: 00007feeeef75fa0 RCX: 00007feeeed85d19
[ 2000.749672][T29587] RDX: 0000000000000011 RSI: 0000000000000084 RDI: 0000000000000003
[ 2000.757706][T29587] RBP: 00007feeefb1b090 R08: 0000000020000040 R09: 0000000000000000
[ 2000.765664][T29587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2000.773636][T29587] R13: 0000000000000000 R14: 00007feeeef75fa0 R15: 00007fff663ed368
[ 2000.781598][T29587]  </TASK>
[ 2000.790210][T29589] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2000.799213][T29589] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2001.071952][T29596] overlayfs: failed to resolve './bus': -2
[ 2001.411523][T29597] lo speed is unknown, defaulting to 1000
[ 2002.637062][T21534] usb 1-1: new high-speed USB device number 118 using dummy_hcd
[ 2002.726566][T29627] 9pnet_fd: Insufficient options for proto=fd
[ 2002.809195][T21534] usb 1-1: Using ep0 maxpacket: 16
[ 2002.815623][T21534] usb 1-1: config 0 has an invalid interface number: 107 but max is 0
[ 2002.824467][T21534] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2002.840415][T21534] usb 1-1: config 0 has no interface number 0
[ 2002.858551][T21534] usb 1-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60
[ 2002.877196][T21534] usb 1-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3
[ 2002.885974][T21534] usb 1-1: Product: syz
[ 2002.890280][T21534] usb 1-1: Manufacturer: syz
[ 2002.894943][T21534] usb 1-1: SerialNumber: syz
[ 2002.902337][T21534] usb 1-1: config 0 descriptor??
[ 2002.919047][T21534] keyspan 1-1:0.107: Keyspan 4 port adapter converter detected
[ 2002.929226][T21534] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 81
[ 2002.937269][T21534] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 88
[ 2002.946360][T21534] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 1
[ 2002.969531][T21534] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB0
[ 2002.982918][T21534] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 2
[ 2002.992663][T21534] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB1
[ 2003.002283][T21534] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 4
[ 2003.023667][T21534] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB2
[ 2003.034546][T21534] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 6
[ 2003.043647][T21534] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB3
[ 2003.154653][T29151] usb 1-1: USB disconnect, device number 118
[ 2003.179652][T29151] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0
[ 2003.194073][T29151] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1
[ 2003.221040][T29151] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2
[ 2003.244336][T29151] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3
[ 2003.258128][T29151] keyspan 1-1:0.107: device disconnected
[ 2003.269215][    T8] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[ 2003.770553][T29642] FAULT_INJECTION: forcing a failure.
[ 2003.770553][T29642] name failslab, interval 1, probability 0, space 0, times 0
[ 2003.771580][    T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2003.794704][    T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2003.804591][    T8] usb 8-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[ 2003.820460][    T8] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2003.834995][    T8] usb 8-1: config 0 descriptor??
[ 2003.879944][T29642] CPU: 1 UID: 0 PID: 29642 Comm: syz.8.6396 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[ 2003.890766][T29642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 2003.900826][T29642] Call Trace:
[ 2003.904120][T29642]  <TASK>
[ 2003.907072][T29642]  dump_stack_lvl+0x16c/0x1f0
[ 2003.911782][T29642]  should_fail_ex+0x497/0x5b0
[ 2003.916480][T29642]  ? fs_reclaim_acquire+0xae/0x150
[ 2003.921607][T29642]  should_failslab+0xc2/0x120
[ 2003.926295][T29642]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[ 2003.932095][T29642]  ? __alloc_skb+0x2b1/0x380
[ 2003.936694][T29642]  __alloc_skb+0x2b1/0x380
[ 2003.941137][T29642]  ? __pfx___alloc_skb+0x10/0x10
[ 2003.946107][T29642]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 2003.952108][T29642]  netlink_alloc_large_skb+0x69/0x130
[ 2003.957519][T29642]  netlink_sendmsg+0x689/0xd70
[ 2003.962305][T29642]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2003.967632][T29642]  ____sys_sendmsg+0xaaf/0xc90
[ 2003.972421][T29642]  ? copy_msghdr_from_user+0x10b/0x160
[ 2003.977896][T29642]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2003.983183][T29642]  ___sys_sendmsg+0x135/0x1e0
[ 2003.987858][T29642]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2003.993060][T29642]  ? __pfx_lock_release+0x10/0x10
[ 2003.998074][T29642]  ? trace_lock_acquire+0x14e/0x1f0
[ 2004.003272][T29642]  ? __fget_files+0x206/0x3a0
[ 2004.007941][T29642]  __sys_sendmsg+0x16e/0x220
[ 2004.012526][T29642]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2004.017661][T29642]  do_syscall_64+0xcd/0x250
[ 2004.022156][T29642]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2004.028040][T29642] RIP: 0033:0x7f7968185d19
[ 2004.032443][T29642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2004.052040][T29642] RSP: 002b:00007f7968f8a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2004.060440][T29642] RAX: ffffffffffffffda RBX: 00007f7968375fa0 RCX: 00007f7968185d19
[ 2004.068403][T29642] RDX: 0000000000000000 RSI: 00000000200035c0 RDI: 0000000000000003
[ 2004.076375][T29642] RBP: 00007f7968f8a090 R08: 0000000000000000 R09: 0000000000000000
[ 2004.084333][T29642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2004.092289][T29642] R13: 0000000000000000 R14: 00007f7968375fa0 R15: 00007ffe2315a4d8
[ 2004.100256][T29642]  </TASK>
[ 2004.377086][    T8] pyra 0003:1E7D:2CF6.0033: unknown main item tag 0x0
[ 2004.396129][T29647] vivid-007: disconnect
[ 2004.598490][    T8] pyra 0003:1E7D:2CF6.0033: unknown main item tag 0x0
[ 2004.606913][    T8] pyra 0003:1E7D:2CF6.0033: unknown main item tag 0x0
[ 2004.615235][    T8] pyra 0003:1E7D:2CF6.0033: unknown main item tag 0x0
[ 2004.696979][T29645] vivid-007: reconnect
[ 2004.914317][    T8] pyra 0003:1E7D:2CF6.0033: unknown main item tag 0x0
[ 2004.932618][    T8] pyra 0003:1E7D:2CF6.0033: unknown main item tag 0x0
[ 2004.939723][    T8] pyra 0003:1E7D:2CF6.0033: unknown main item tag 0x0
[ 2004.955333][    T8] pyra 0003:1E7D:2CF6.0033: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.7-1/input0
[ 2004.975163][    T8] pyra 0003:1E7D:2CF6.0033: couldn't init struct pyra_device
[ 2004.983526][    T8] pyra 0003:1E7D:2CF6.0033: couldn't install mouse
[ 2004.997061][    T8] pyra 0003:1E7D:2CF6.0033: probe with driver pyra failed with error -32
[ 2005.012148][    T8] usb 8-1: USB disconnect, device number 23
[ 2005.258322][T29660] 9pnet_fd: Insufficient options for proto=fd
[ 2005.309173][T15917] usb 7-1: new high-speed USB device number 61 using dummy_hcd
[ 2005.380900][T29663] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6404'.
[ 2005.472218][T15917] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2005.581025][T15917] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2005.622229][T15917] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[ 2005.826133][T15917] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2005.860987][T15917] usb 7-1: config 0 descriptor??
[ 2005.866720][T29672] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2005.919428][T29672] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2005.980602][   T29] kauditd_printk_skb: 7 callbacks suppressed
[ 2005.980621][   T29] audit: type=1400 audit(1734071830.385:1319): avc:  denied  { ioctl } for  pid=29674 comm="syz.8.6408" path="socket:[121798]" dev="sockfs" ino=121798 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 2006.570815][T15917] pyra 0003:1E7D:2CF6.0034: unknown main item tag 0x0
[ 2006.577622][T15917] pyra 0003:1E7D:2CF6.0034: unknown main item tag 0x0
[ 2006.586676][T15917] pyra 0003:1E7D:2CF6.0034: unknown main item tag 0x0
[ 2006.593890][T15917] pyra 0003:1E7D:2CF6.0034: unknown main item tag 0x0
[ 2006.601727][T15917] pyra 0003:1E7D:2CF6.0034: unknown main item tag 0x0
[ 2006.608574][T15917] pyra 0003:1E7D:2CF6.0034: unknown main item tag 0x0
[ 2006.663007][T15917] pyra 0003:1E7D:2CF6.0034: unknown main item tag 0x0
[ 2006.742073][T15917] pyra 0003:1E7D:2CF6.0034: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.6-1/input0
[ 2007.200057][T15917] pyra 0003:1E7D:2CF6.0034: couldn't init struct pyra_device
[ 2007.207777][T15917] pyra 0003:1E7D:2CF6.0034: couldn't install mouse
[ 2007.211331][T29696] FAULT_INJECTION: forcing a failure.
[ 2007.211331][T29696] name failslab, interval 1, probability 0, space 0, times 0
[ 2007.277023][T15917] pyra 0003:1E7D:2CF6.0034: probe with driver pyra failed with error -71
[ 2007.287963][T15917] usb 7-1: USB disconnect, device number 61
[ 2007.352264][T29696] CPU: 1 UID: 0 PID: 29696 Comm: syz.2.6413 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[ 2007.363078][T29696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 2007.373141][T29696] Call Trace:
[ 2007.376402][T29696]  <TASK>
[ 2007.379311][T29696]  dump_stack_lvl+0x16c/0x1f0
[ 2007.383970][T29696]  should_fail_ex+0x497/0x5b0
[ 2007.388624][T29696]  ? fs_reclaim_acquire+0xae/0x150
[ 2007.393718][T29696]  should_failslab+0xc2/0x120
[ 2007.398371][T29696]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[ 2007.404169][T29696]  ? __alloc_skb+0x2b1/0x380
[ 2007.408745][T29696]  __alloc_skb+0x2b1/0x380
[ 2007.413140][T29696]  ? __pfx___alloc_skb+0x10/0x10
[ 2007.418057][T29696]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 2007.424031][T29696]  netlink_alloc_large_skb+0x69/0x130
[ 2007.429396][T29696]  netlink_sendmsg+0x689/0xd70
[ 2007.434142][T29696]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2007.439421][T29696]  ____sys_sendmsg+0xaaf/0xc90
[ 2007.444189][T29696]  ? copy_msghdr_from_user+0x10b/0x160
[ 2007.449642][T29696]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2007.454912][T29696]  ___sys_sendmsg+0x135/0x1e0
[ 2007.459569][T29696]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2007.464752][T29696]  ? __pfx_lock_release+0x10/0x10
[ 2007.469754][T29696]  ? trace_lock_acquire+0x14e/0x1f0
[ 2007.474936][T29696]  ? __fget_files+0x206/0x3a0
[ 2007.479591][T29696]  __sys_sendmsg+0x16e/0x220
[ 2007.484161][T29696]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2007.489258][T29696]  do_syscall_64+0xcd/0x250
[ 2007.493741][T29696]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2007.499632][T29696] RIP: 0033:0x7f2408d85d19
[ 2007.504023][T29696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2007.523604][T29696] RSP: 002b:00007f2409bd0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2007.531993][T29696] RAX: ffffffffffffffda RBX: 00007f2408f75fa0 RCX: 00007f2408d85d19
[ 2007.539940][T29696] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000003
[ 2007.547885][T29696] RBP: 00007f2409bd0090 R08: 0000000000000000 R09: 0000000000000000
[ 2007.555831][T29696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2007.563789][T29696] R13: 0000000000000000 R14: 00007f2408f75fa0 R15: 00007ffe249fd1e8
[ 2007.571743][T29696]  </TASK>
[ 2007.697055][T29700] netlink: 32 bytes leftover after parsing attributes in process `syz.7.6415'.
[ 2007.839215][T29702] sp0: Synchronizing with TNC
[ 2007.918735][T29702] xt_socket: unknown flags 0x50
[ 2007.961608][T29707] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6418'.
[ 2008.072451][T29709] 9pnet_fd: Insufficient options for proto=fd
[ 2008.265418][T29718] netlink: 188 bytes leftover after parsing attributes in process `syz.0.6414'.
[ 2008.301955][T29718] netlink: 'syz.0.6414': attribute type 1 has an invalid length.
[ 2008.970081][T29728] FAULT_INJECTION: forcing a failure.
[ 2008.970081][T29728] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2009.071543][T29728] CPU: 1 UID: 0 PID: 29728 Comm: syz.7.6424 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[ 2009.082350][T29728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 2009.092396][T29728] Call Trace:
[ 2009.095660][T29728]  <TASK>
[ 2009.098576][T29728]  dump_stack_lvl+0x16c/0x1f0
[ 2009.103248][T29728]  should_fail_ex+0x497/0x5b0
[ 2009.107918][T29728]  _copy_from_user+0x2e/0xd0
[ 2009.112527][T29728]  ucma_set_option+0xa6/0x530
[ 2009.117208][T29728]  ? __pfx_ucma_set_option+0x10/0x10
[ 2009.122484][T29728]  ? __might_fault+0xe3/0x190
[ 2009.127153][T29728]  ? __might_fault+0xe3/0x190
[ 2009.131823][T29728]  ? __pfx_ucma_set_option+0x10/0x10
[ 2009.137104][T29728]  ucma_write+0x1f9/0x330
[ 2009.141424][T29728]  ? __pfx_ucma_write+0x10/0x10
[ 2009.146264][T29728]  ? bpf_lsm_file_permission+0x9/0x10
[ 2009.151627][T29728]  ? security_file_permission+0x71/0x210
[ 2009.157252][T29728]  ? __pfx_ucma_write+0x10/0x10
[ 2009.162614][T29728]  vfs_write+0x24c/0x1150
[ 2009.166954][T29728]  ? __fget_files+0x1fc/0x3a0
[ 2009.171652][T29728]  ? __pfx_lock_release+0x10/0x10
[ 2009.176676][T29728]  ? __pfx_vfs_write+0x10/0x10
[ 2009.181428][T29728]  ? lock_acquire+0x2f/0xb0
[ 2009.185917][T29728]  ? __fget_files+0x40/0x3a0
[ 2009.190497][T29728]  ? __fget_files+0x206/0x3a0
[ 2009.195172][T29728]  ksys_write+0x207/0x250
[ 2009.199490][T29728]  ? __pfx_ksys_write+0x10/0x10
[ 2009.204334][T29728]  do_syscall_64+0xcd/0x250
[ 2009.208828][T29728]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2009.214713][T29728] RIP: 0033:0x7feeeed85d19
[ 2009.219115][T29728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2009.238711][T29728] RSP: 002b:00007feeefb1b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2009.247199][T29728] RAX: ffffffffffffffda RBX: 00007feeeef75fa0 RCX: 00007feeeed85d19
[ 2009.255176][T29728] RDX: 0000000000000020 RSI: 00000000200002c0 RDI: 0000000000000003
[ 2009.263135][T29728] RBP: 00007feeefb1b090 R08: 0000000000000000 R09: 0000000000000000
[ 2009.271092][T29728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2009.279049][T29728] R13: 0000000000000000 R14: 00007feeeef75fa0 R15: 00007fff663ed368
[ 2009.287021][T29728]  </TASK>
[ 2009.345744][T29735] netlink: 32 bytes leftover after parsing attributes in process `syz.8.6427'.
[ 2010.425524][T29750] FAULT_INJECTION: forcing a failure.
[ 2010.425524][T29750] name failslab, interval 1, probability 0, space 0, times 0
[ 2010.439207][T29750] CPU: 1 UID: 0 PID: 29750 Comm: syz.0.6432 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[ 2010.449996][T29750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 2010.460072][T29750] Call Trace:
[ 2010.463359][T29750]  <TASK>
[ 2010.466294][T29750]  dump_stack_lvl+0x16c/0x1f0
[ 2010.470961][T29750]  should_fail_ex+0x497/0x5b0
[ 2010.475626][T29750]  should_failslab+0xc2/0x120
[ 2010.480284][T29750]  __kmalloc_noprof+0xcb/0x510
[ 2010.485043][T29750]  io_cqring_event_overflow+0xcb/0x6f0
[ 2010.490482][T29750]  io_req_cqe_overflow+0x101/0x1e0
[ 2010.495598][T29750]  __io_submit_flush_completions+0x8d9/0x1c00
[ 2010.501649][T29750]  io_submit_sqes+0xa1c/0x25c0
[ 2010.506398][T29750]  __do_sys_io_uring_enter+0xd43/0x1620
[ 2010.511925][T29750]  ? __fget_files+0x206/0x3a0
[ 2010.516578][T29750]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[ 2010.522543][T29750]  ? fput+0x67/0x440
[ 2010.526418][T29750]  ? ksys_write+0x1ba/0x250
[ 2010.530900][T29750]  ? __pfx_ksys_write+0x10/0x10
[ 2010.535730][T29750]  do_syscall_64+0xcd/0x250
[ 2010.540237][T29750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2010.546109][T29750] RIP: 0033:0x7fdf6e585d19
[ 2010.550513][T29750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2010.570101][T29750] RSP: 002b:00007fdf6f350038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2010.578492][T29750] RAX: ffffffffffffffda RBX: 00007fdf6e775fa0 RCX: 00007fdf6e585d19
[ 2010.579130][ T5897] usb 7-1: new high-speed USB device number 62 using dummy_hcd
[ 2010.586447][T29750] RDX: 0000000000000000 RSI: 0000000000002d3e RDI: 0000000000000003
[ 2010.601997][T29750] RBP: 00007fdf6f350090 R08: 0000000000000000 R09: 0000000000000000
[ 2010.609946][T29750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2010.617893][T29750] R13: 0000000000000000 R14: 00007fdf6e775fa0 R15: 00007ffe7b9357f8
[ 2010.625848][T29750]  </TASK>
[ 2010.628853][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2010.789994][ T5897] usb 7-1: Using ep0 maxpacket: 8
[ 2010.810828][T15917] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[ 2010.823883][ T5897] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 2010.839146][ T5897] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 2010.856178][ T5897] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2011.004697][ T5897] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2011.022558][ T5897] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 2011.033582][ T5897] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2011.199177][T15917] usb 8-1: Using ep0 maxpacket: 32
[ 2011.206268][T15917] usb 8-1: config 0 has no interfaces?
[ 2011.211958][T15917] usb 8-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[ 2011.221108][T15917] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2011.237154][T15917] usb 8-1: config 0 descriptor??
[ 2011.557923][ T5897] usb 7-1: GET_CAPABILITIES returned 0
[ 2011.570866][ T5897] usbtmc 7-1:16.0: can't read capabilities
[ 2011.934351][ T5897] usb 7-1: USB disconnect, device number 62
[ 2011.967446][T29781] sp0: Synchronizing with TNC
[ 2012.014747][T29781] sp0: Found TNC
[ 2012.025920][T29780] lo speed is unknown, defaulting to 1000
[ 2012.079994][T29779] [U] è`
[ 2012.838577][T29794] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2012.863413][T29794] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2012.881131][T15917] usb 8-1: USB disconnect, device number 24
[ 2013.211817][T29802] vivid-007: disconnect
[ 2014.268609][T29799] vivid-007: reconnect
[ 2015.311425][T29828] vivid-007: disconnect
[ 2015.320652][    T8] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[ 2015.573092][T29825] vivid-007: reconnect
[ 2015.657267][T16091] libceph: connect (1)[c::]:6789 error -101
[ 2015.663435][T16091] libceph: mon0 (1)[c::]:6789 connect error
[ 2015.688599][T29835] block nbd8: NBD_DISCONNECT
[ 2015.705676][    T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2015.717237][    T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2015.727246][    T8] usb 8-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[ 2015.736657][    T8] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2015.738310][    T8] usb 8-1: config 0 descriptor??
[ 2015.773041][T29838] FAULT_INJECTION: forcing a failure.
[ 2015.773041][T29838] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2015.786504][T29838] CPU: 1 UID: 0 PID: 29838 Comm: syz.8.6454 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[ 2015.797283][T29838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 2015.807336][T29838] Call Trace:
[ 2015.810614][T29838]  <TASK>
[ 2015.813532][T29838]  dump_stack_lvl+0x16c/0x1f0
[ 2015.818196][T29838]  should_fail_ex+0x497/0x5b0
[ 2015.822885][T29838]  _copy_from_user+0x2e/0xd0
[ 2015.827487][T29838]  kstrtouint_from_user+0xd7/0x1c0
[ 2015.832608][T29838]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 2015.838344][T29838]  ? __pfx_lock_acquire.part.0+0x10/0x10
[ 2015.843971][T29838]  proc_fail_nth_write+0x84/0x250
[ 2015.848995][T29838]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 2015.854627][T29838]  ? ksys_write+0x12b/0x250
[ 2015.859135][T29838]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 2015.864768][T29838]  vfs_write+0x24c/0x1150
[ 2015.869085][T29838]  ? __fget_files+0x1fc/0x3a0
[ 2015.873763][T29838]  ? __pfx___mutex_lock+0x10/0x10
[ 2015.878791][T29838]  ? __pfx_vfs_write+0x10/0x10
[ 2015.883560][T29838]  ? __fget_files+0x206/0x3a0
[ 2015.888241][T29838]  ksys_write+0x12b/0x250
[ 2015.892555][T29838]  ? __pfx_ksys_write+0x10/0x10
[ 2015.897406][T29838]  do_syscall_64+0xcd/0x250
[ 2015.901909][T29838]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2015.907788][T29838] RIP: 0033:0x7f79681847cf
[ 2015.912189][T29838] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 2015.931789][T29838] RSP: 002b:00007f7968f69030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 2015.940192][T29838] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f79681847cf
[ 2015.948153][T29838] RDX: 0000000000000001 RSI: 00007f7968f690a0 RDI: 0000000000000007
[ 2015.956109][T29838] RBP: 00007f7968f69090 R08: 0000000000000000 R09: 0000000000000000
[ 2015.964065][T29838] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 2015.972018][T29838] R13: 0000000000000000 R14: 00007f7968376080 R15: 00007ffe2315a4d8
[ 2015.979974][T29838]  </TASK>
[ 2015.984249][T16091] libceph: connect (1)[c::]:6789 error -101
[ 2015.993406][T16091] libceph: mon0 (1)[c::]:6789 connect error
[ 2016.000148][T29835] tty tty1: ldisc open failed (-12), clearing slot 0
[ 2016.159487][T29831] ceph: No mds server is up or the cluster is laggy
[ 2016.201182][    T8] pyra 0003:1E7D:2CF6.0035: unknown main item tag 0x0
[ 2016.232342][    T8] pyra 0003:1E7D:2CF6.0035: unknown main item tag 0x0
[ 2016.244965][    T8] pyra 0003:1E7D:2CF6.0035: unknown main item tag 0x0
[ 2016.259317][    T8] pyra 0003:1E7D:2CF6.0035: unknown main item tag 0x0
[ 2016.274016][    T8] pyra 0003:1E7D:2CF6.0035: unknown main item tag 0x0
[ 2016.286314][    T8] pyra 0003:1E7D:2CF6.0035: unknown main item tag 0x0
[ 2016.300120][    T8] pyra 0003:1E7D:2CF6.0035: unknown main item tag 0x0
[ 2016.316862][    T8] pyra 0003:1E7D:2CF6.0035: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.7-1/input0
[ 2016.434231][ T5897] usb 9-1: new high-speed USB device number 32 using dummy_hcd
[ 2016.599867][ T5897] usb 9-1: Using ep0 maxpacket: 32
[ 2016.606875][    T8] pyra 0003:1E7D:2CF6.0035: couldn't init struct pyra_device
[ 2016.615742][    T8] pyra 0003:1E7D:2CF6.0035: couldn't install mouse
[ 2016.629408][ T5897] usb 9-1: config 0 has no interfaces?
[ 2016.637864][ T5897] usb 9-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[ 2016.650597][    T8] pyra 0003:1E7D:2CF6.0035: probe with driver pyra failed with error -71
[ 2016.668823][ T5897] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2016.682766][    T8] usb 8-1: USB disconnect, device number 25
[ 2016.690307][ T5897] usb 9-1: config 0 descriptor??
[ 2017.657475][    T8] kernel write not supported for file /1551/attr/keycreate (pid: 8 comm: kworker/0:0)
[ 2017.764590][T29861] vivid-007: disconnect
[ 2018.566917][T29857] vivid-007: reconnect
[ 2019.241729][    T8] usb 9-1: USB disconnect, device number 32
[ 2019.320993][T29879] 9pnet_fd: Insufficient options for proto=fd
[ 2020.332369][T15917] usb 1-1: new high-speed USB device number 119 using dummy_hcd
[ 2020.586913][T15917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2020.693357][T15917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2020.725484][T15917] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[ 2020.734902][T15917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2020.763349][T15917] usb 1-1: config 0 descriptor??
[ 2021.273123][T15917] pyra 0003:1E7D:2CF6.0036: unknown main item tag 0x0
[ 2021.281536][T15917] pyra 0003:1E7D:2CF6.0036: unknown main item tag 0x0
[ 2021.288344][T15917] pyra 0003:1E7D:2CF6.0036: unknown main item tag 0x0
[ 2021.295960][T15917] pyra 0003:1E7D:2CF6.0036: unknown main item tag 0x0
[ 2021.303924][T15917] pyra 0003:1E7D:2CF6.0036: unknown main item tag 0x0
[ 2021.311158][T15917] pyra 0003:1E7D:2CF6.0036: unknown main item tag 0x0
[ 2021.318130][T15917] pyra 0003:1E7D:2CF6.0036: unknown main item tag 0x0
[ 2021.848300][T16091] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[ 2021.863340][T15917] pyra 0003:1E7D:2CF6.0036: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.0-1/input0
[ 2021.877474][T15917] pyra 0003:1E7D:2CF6.0036: couldn't init struct pyra_device
[ 2021.886482][T15917] pyra 0003:1E7D:2CF6.0036: couldn't install mouse
[ 2021.897198][T15917] pyra 0003:1E7D:2CF6.0036: probe with driver pyra failed with error -32
[ 2021.915138][T15917] usb 1-1: USB disconnect, device number 119
[ 2022.005386][T16091] usb 8-1: Using ep0 maxpacket: 32
[ 2022.012596][T16091] usb 8-1: config 0 has no interfaces?
[ 2022.018265][T16091] usb 8-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[ 2022.027474][T16091] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2022.258175][T16091] usb 8-1: config 0 descriptor??
[ 2024.434640][T16091] usb 8-1: USB disconnect, device number 26
[ 2025.539995][    T8] usb 9-1: new high-speed USB device number 33 using dummy_hcd
[ 2025.615458][T29962] vivid-007: disconnect
[ 2025.690610][    T8] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2025.701700][    T8] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2025.711489][    T8] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[ 2025.720730][    T8] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2025.737005][    T8] usb 9-1: config 0 descriptor??
[ 2025.891348][T29959] vivid-007: reconnect
[ 2026.231236][    T8] pyra 0003:1E7D:2CF6.0037: unknown main item tag 0x0
[ 2026.240537][    T8] pyra 0003:1E7D:2CF6.0037: unknown main item tag 0x0
[ 2026.247599][    T8] pyra 0003:1E7D:2CF6.0037: unknown main item tag 0x0
[ 2026.256402][    T8] pyra 0003:1E7D:2CF6.0037: unknown main item tag 0x0
[ 2026.268273][    T8] pyra 0003:1E7D:2CF6.0037: unknown main item tag 0x0
[ 2026.275374][    T8] pyra 0003:1E7D:2CF6.0037: unknown main item tag 0x0
[ 2026.294489][    T8] pyra 0003:1E7D:2CF6.0037: unknown main item tag 0x0
[ 2026.353263][    T8] pyra 0003:1E7D:2CF6.0037: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.8-1/input0
[ 2026.634098][    T8] pyra 0003:1E7D:2CF6.0037: couldn't init struct pyra_device
[ 2026.643426][    T8] pyra 0003:1E7D:2CF6.0037: couldn't install mouse
[ 2026.670284][    T8] pyra 0003:1E7D:2CF6.0037: probe with driver pyra failed with error -71
[ 2026.716717][    T8] usb 9-1: USB disconnect, device number 33
[ 2026.814168][T29970] 9pnet_fd: Insufficient options for proto=fd
[ 2026.836800][T29151] hid-generic 0000:0000:0000.0038: unknown main item tag 0x0
[ 2026.857914][T29151] hid-generic 0000:0000:0000.0038: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 2026.975312][T29975] 9pnet_fd: Insufficient options for proto=fd
[ 2027.196135][   T29] audit: type=1400 audit(1734071851.595:1320): avc:  denied  { append } for  pid=29978 comm="syz.6.6497" name="usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 2027.756820][T29995] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 2027.862551][   T29] audit: type=1400 audit(1734071852.255:1321): avc:  denied  { map } for  pid=29993 comm="syz.7.6502" path="socket:[122634]" dev="sockfs" ino=122634 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 2028.102621][T29998] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[ 2029.363775][T30018] vivid-007: disconnect
[ 2029.825690][T30015] vivid-007: reconnect
[ 2030.181494][   T29] audit: type=1326 audit(1734071854.585:1322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30032 comm="syz.0.6512" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdf6e585d19 code=0x0
[ 2030.297843][T30036] tipc: Started in network mode
[ 2030.304337][T30036] tipc: Node identity ff010000000000000000000000000001, cluster identity 4711
[ 2030.319380][T30036] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[ 2030.419186][T15917] usb 7-1: new full-speed USB device number 63 using dummy_hcd
[ 2030.606165][T15917] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2030.617719][T15917] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 2030.829988][T15917] usb 7-1: New USB device found, idVendor=055d, idProduct=9001, bcdDevice=31.44
[ 2030.845944][T15917] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2030.860688][T15917] usb 7-1: config 0 descriptor??
[ 2031.269808][T30065] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 2031.346438][T29151] usb 7-1: USB disconnect, device number 63
[ 2031.902885][T30080] 9pnet_fd: Insufficient options for proto=fd
[ 2033.069647][   T29] audit: type=1400 audit(1734071856.925:1323): avc:  denied  { bind } for  pid=30078 comm="syz.0.6528" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[ 2034.552590][T30108] vivid-007: disconnect
[ 2034.557151][T30104] vivid-007: reconnect
[ 2035.376766][T29151] usb 9-1: new high-speed USB device number 34 using dummy_hcd
[ 2035.571199][T30131] netlink: 188 bytes leftover after parsing attributes in process `syz.6.6542'.
[ 2035.580501][T29151] usb 9-1: Using ep0 maxpacket: 8
[ 2035.593020][T29151] usb 9-1: config index 0 descriptor too short (expected 301, got 45)
[ 2035.601674][T29151] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2035.619919][T29151] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 2035.652570][T30131] netlink: 'syz.6.6542': attribute type 1 has an invalid length.
[ 2035.658946][T29151] usb 9-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 2035.977155][T29151] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2036.017822][T29151] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 2036.134516][T29151] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2036.157779][T29151] usbtmc 9-1:16.0: bulk endpoints not found
[ 2036.184669][T30138] 9pnet_fd: Insufficient options for proto=fd
[ 2036.996742][T16091] usb 7-1: new high-speed USB device number 64 using dummy_hcd
[ 2037.163528][T16091] usb 7-1: config 0 has an invalid interface number: 63 but max is 0
[ 2037.178315][T16091] usb 7-1: config 0 has no interface number 0
[ 2037.198308][T16091] usb 7-1: New USB device found, idVendor=10d6, idProduct=2200, bcdDevice= 1.00
[ 2037.211483][T16091] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2037.220033][T16091] usb 7-1: Product: syz
[ 2037.224482][T16091] usb 7-1: Manufacturer: syz
[ 2037.230516][T16091] usb 7-1: SerialNumber: syz
[ 2037.270901][T16091] usb 7-1: config 0 descriptor??
[ 2037.281990][T16091] usb-storage 7-1:0.63: USB Mass Storage device detected
[ 2038.859246][T16091] usb 7-1: USB disconnect, device number 64
[ 2038.973987][T20922] kernel write not supported for file /1629/attr/keycreate (pid: 20922 comm: kworker/1:1)
[ 2039.055562][T16091] usb 9-1: USB disconnect, device number 34
[ 2040.211775][T30193] syz.6.6559: attempt to access beyond end of device
[ 2040.211775][T30193] nbd6: rw=0, sector=1, nr_sectors = 1 limit=0
[ 2040.225479][T30193] VFS: could not find a valid V7 on nbd6.
[ 2040.767576][T30197] openvswitch: netlink: Message has 1255 unknown bytes.
[ 2040.782487][T30197] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 2041.172657][T30205] 9pnet_fd: Insufficient options for proto=fd
[ 2041.324720][ T5897] kernel write not supported for file /1746/attr/keycreate (pid: 5897 comm: kworker/0:7)
[ 2041.419987][T30206] sp0: Synchronizing with TNC
[ 2041.559971][T30216] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 2042.228443][T30206] xt_socket: unknown flags 0x50
[ 2042.308599][T30222] vivid-007: disconnect
[ 2042.318016][T30220] vivid-007: reconnect
[ 2042.509172][T20922] usb 1-1: new high-speed USB device number 120 using dummy_hcd
[ 2042.513998][T30226] FAULT_INJECTION: forcing a failure.
[ 2042.513998][T30226] name failslab, interval 1, probability 0, space 0, times 0
[ 2042.616563][T30226] CPU: 0 UID: 0 PID: 30226 Comm: syz.6.6569 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[ 2042.627366][T30226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 2042.637400][T30226] Call Trace:
[ 2042.640656][T30226]  <TASK>
[ 2042.643564][T30226]  dump_stack_lvl+0x16c/0x1f0
[ 2042.648224][T30226]  should_fail_ex+0x497/0x5b0
[ 2042.652882][T30226]  should_failslab+0xc2/0x120
[ 2042.657534][T30226]  kmem_cache_alloc_noprof+0x6e/0x3d0
[ 2042.662895][T30226]  ? skb_clone+0x190/0x3f0
[ 2042.667290][T30226]  skb_clone+0x190/0x3f0
[ 2042.671508][T30226]  netlink_deliver_tap+0xabd/0xd30
[ 2042.676605][T30226]  netlink_unicast+0x5e1/0x7f0
[ 2042.681353][T30226]  ? __pfx_netlink_unicast+0x10/0x10
[ 2042.686617][T30226]  netlink_sendmsg+0x8b8/0xd70
[ 2042.691362][T30226]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2042.696630][T30226]  ____sys_sendmsg+0xaaf/0xc90
[ 2042.701382][T30226]  ? copy_msghdr_from_user+0x10b/0x160
[ 2042.706828][T30226]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2042.712094][T30226]  ___sys_sendmsg+0x135/0x1e0
[ 2042.716750][T30226]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2042.721933][T30226]  ? __pfx_lock_release+0x10/0x10
[ 2042.726933][T30226]  ? trace_lock_acquire+0x14e/0x1f0
[ 2042.732113][T30226]  ? __fget_files+0x206/0x3a0
[ 2042.736769][T30226]  __sys_sendmsg+0x16e/0x220
[ 2042.741336][T30226]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2042.746435][T30226]  do_syscall_64+0xcd/0x250
[ 2042.750916][T30226]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2042.756785][T30226] RIP: 0033:0x7f9a67985d19
[ 2042.761191][T30226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2042.780789][T30226] RSP: 002b:00007f9a68728038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2042.789191][T30226] RAX: ffffffffffffffda RBX: 00007f9a67b75fa0 RCX: 00007f9a67985d19
[ 2042.797138][T30226] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000003
[ 2042.805085][T30226] RBP: 00007f9a68728090 R08: 0000000000000000 R09: 0000000000000000
[ 2042.813043][T30226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2042.821001][T30226] R13: 0000000000000000 R14: 00007f9a67b75fa0 R15: 00007ffffd44b688
[ 2042.828958][T30226]  </TASK>
[ 2042.839308][T30226] netlink: 'syz.6.6569': attribute type 10 has an invalid length.
[ 2042.891703][T20922] usb 1-1: Using ep0 maxpacket: 8
[ 2042.922150][T20922] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2042.933312][T20922] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2042.943227][T20922] usb 1-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00
[ 2042.952319][T20922] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2042.967619][T20922] usb 1-1: config 0 descriptor??
[ 2043.164841][   T29] audit: type=1400 audit(1734071867.565:1324): avc:  denied  { watch watch_reads } for  pid=30232 comm="syz.7.6572" path="pipe:[83169]" dev="pipefs" ino=83169 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 2043.262067][T30233] netlink: 28 bytes leftover after parsing attributes in process `syz.7.6572'.
[ 2043.514410][T30240] syz.6.6571: attempt to access beyond end of device
[ 2043.514410][T30240] nbd6: rw=0, sector=1, nr_sectors = 1 limit=0
[ 2043.527385][T30240] VFS: could not find a valid V7 on nbd6.
[ 2044.002404][T30221] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2044.010383][T20922] logitech 0003:046D:C24F.0039: item fetching failed at offset 3/5
[ 2044.011129][T30221] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2044.022457][T20922] logitech 0003:046D:C24F.0039: parse failed
[ 2044.059154][T20922] logitech 0003:046D:C24F.0039: probe with driver logitech failed with error -22
[ 2044.371986][T20922] usb 1-1: USB disconnect, device number 120
[ 2044.644655][T30250] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 2045.219163][T15917] usb 8-1: new high-speed USB device number 27 using dummy_hcd
[ 2045.429377][T15917] usb 8-1: Using ep0 maxpacket: 16
[ 2045.445240][T15917] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2045.589190][T15917] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2045.699585][T15917] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 2045.711492][T15917] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 2045.721332][T15917] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2045.878057][T15917] usb 8-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 2045.897536][T15917] usb 8-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 2046.028840][T15917] usb 8-1: Manufacturer: syz
[ 2046.039638][T15917] usb 8-1: config 0 descriptor??
[ 2046.429955][T15917] rc_core: IR keymap rc-hauppauge not found
[ 2046.436005][T15917] Registered IR keymap rc-empty
[ 2046.442731][T15917] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2046.469227][T15917] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2046.476981][T30274] netlink: 'syz.8.6582': attribute type 10 has an invalid length.
[ 2046.489547][T15917] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/rc/rc0
[ 2046.508309][T15917] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/rc/rc0/input135
[ 2046.524381][T30274] veth0_vlan: left promiscuous mode
[ 2046.530788][T30274] veth0_vlan: entered promiscuous mode
[ 2046.537382][T15917] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2046.547003][T30274] team0: Device veth0_vlan failed to register rx_handler
[ 2046.567104][T15917] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2046.589294][T15917] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2046.629296][T15917] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2046.692754][T29151] usb 7-1: new high-speed USB device number 65 using dummy_hcd
[ 2046.693908][T15917] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2046.986576][T15917] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2047.010426][T15917] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2047.039280][T15917] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2047.059386][T15917] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2047.079652][T15917] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2047.122817][T15917] mceusb 8-1:0.0: Registered 424242424242 with mce emulator interface version 1
[ 2047.132098][T15917] mceusb 8-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 2047.389927][T29151] usb 7-1: Using ep0 maxpacket: 8
[ 2047.391943][T15917] usb 8-1: USB disconnect, device number 27
[ 2047.397892][T29151] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 2047.419368][T29151] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2047.429485][T29151] usb 7-1: Product: syz
[ 2047.433845][T29151] usb 7-1: Manufacturer: syz
[ 2047.438798][T29151] usb 7-1: SerialNumber: syz
[ 2047.452509][T29151] usb 7-1: config 0 descriptor??
[ 2047.521422][T30288] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2047.540309][T30288] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2047.576424][T30292] netlink: 44 bytes leftover after parsing attributes in process `syz.8.6588'.
[ 2047.586487][T30292] netlink: 43 bytes leftover after parsing attributes in process `syz.8.6588'.
[ 2047.597725][T30292] netlink: 'syz.8.6588': attribute type 5 has an invalid length.
[ 2047.611137][T30292] netlink: 43 bytes leftover after parsing attributes in process `syz.8.6588'.
[ 2047.675266][T30272] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2047.685429][T30272] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2047.723509][T29151] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 2047.812026][T30300] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 2048.285854][T30303] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2048.294555][T30303] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2048.520789][T15917] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[ 2049.007872][T15917] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2049.009810][T29151] dvb_usb_rtl28xxu 7-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[ 2049.028017][T15917] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2049.646218][T30318] syz.8.6594: attempt to access beyond end of device
[ 2049.646218][T30318] nbd8: rw=0, sector=1, nr_sectors = 1 limit=0
[ 2049.661590][T30318] VFS: could not find a valid V7 on nbd8.
[ 2049.816846][T15917] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 2049.826604][T15917] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 2049.834689][T15917] usb 8-1: SerialNumber: syz
[ 2050.154262][T30322] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2050.174100][T30322] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2050.191221][T30325] 9pnet_fd: Insufficient options for proto=fd
[ 2050.204231][T30322] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2050.223118][T30322] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2050.675099][T15917] usb 8-1: skipping empty audio interface (v1)
[ 2050.710664][T15917] snd-usb-audio 8-1:1.0: probe with driver snd-usb-audio failed with error -22
[ 2050.729491][T16091] usb 7-1: USB disconnect, device number 65
[ 2050.738165][T15917] usb 8-1: USB disconnect, device number 28
[ 2050.778471][T30334] 9pnet_fd: Insufficient options for proto=fd
[ 2052.295942][T30353] overlayfs: failed to resolve './bus': -2
[ 2052.595723][T30356] lo speed is unknown, defaulting to 1000
[ 2053.280773][T30363] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 2054.667677][T30379] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2054.681753][T30379] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2055.951188][T30390] 9pnet_fd: Insufficient options for proto=fd
[ 2056.771201][T30412] 9pnet_fd: Insufficient options for proto=fd
[ 2056.881004][T29151] usb 9-1: new high-speed USB device number 35 using dummy_hcd
[ 2057.109231][T29151] usb 9-1: Using ep0 maxpacket: 32
[ 2057.616165][T29151] usb 9-1: config 0 has no interfaces?
[ 2057.621732][T29151] usb 9-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[ 2057.639211][T29151] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2057.723739][T29151] usb 9-1: config 0 descriptor??
[ 2059.389776][T15917] usb 9-1: USB disconnect, device number 35
[ 2059.403763][T30449] 9pnet_fd: Insufficient options for proto=fd
[ 2059.874830][   T29] audit: type=1400 audit(1734071884.275:1325): avc:  denied  { map } for  pid=30455 comm="syz.8.6631" path="/dev/radio0" dev="devtmpfs" ino=955 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[ 2060.078890][T30466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2060.094378][T30466] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2060.106723][T30466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2060.115510][T30466] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2060.137201][T30470] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6636'.
[ 2060.350734][T15917] usb 7-1: new high-speed USB device number 66 using dummy_hcd
[ 2060.639686][T15917] usb 7-1: device descriptor read/64, error -71
[ 2060.919299][T15917] usb 7-1: new high-speed USB device number 67 using dummy_hcd
[ 2061.069420][T15917] usb 7-1: device descriptor read/64, error -71
[ 2061.162939][T30495] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2061.190050][T30495] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2061.200234][T15917] usb usb7-port1: attempt power cycle
[ 2061.559293][T29151] usb 8-1: new high-speed USB device number 29 using dummy_hcd
[ 2061.629124][T15917] usb 7-1: new high-speed USB device number 68 using dummy_hcd
[ 2061.659539][T15917] usb 7-1: device descriptor read/8, error -71
[ 2061.721236][T29151] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2061.732941][T29151] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2061.743062][T29151] usb 8-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[ 2061.752248][T29151] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2061.761848][T29151] usb 8-1: config 0 descriptor??
[ 2061.909231][T15917] usb 7-1: new high-speed USB device number 69 using dummy_hcd
[ 2061.950963][T15917] usb 7-1: device descriptor read/8, error -71
[ 2062.070215][T15917] usb usb7-port1: unable to enumerate USB device
[ 2062.182682][T29151] pyra 0003:1E7D:2CF6.003A: unknown main item tag 0x0
[ 2062.198890][T29151] pyra 0003:1E7D:2CF6.003A: unknown main item tag 0x0
[ 2062.211151][T29151] pyra 0003:1E7D:2CF6.003A: unknown main item tag 0x0
[ 2062.226548][T29151] pyra 0003:1E7D:2CF6.003A: unknown main item tag 0x0
[ 2062.239261][T29151] pyra 0003:1E7D:2CF6.003A: unknown main item tag 0x0
[ 2062.262004][T29151] pyra 0003:1E7D:2CF6.003A: unknown main item tag 0x0
[ 2062.275922][T29151] pyra 0003:1E7D:2CF6.003A: unknown main item tag 0x0
[ 2062.291730][T29151] pyra 0003:1E7D:2CF6.003A: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.7-1/input0
[ 2062.369193][T15917] usb 1-1: new high-speed USB device number 121 using dummy_hcd
[ 2062.549102][T15917] usb 1-1: Using ep0 maxpacket: 8
[ 2062.555825][T15917] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[ 2062.564712][T15917] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2062.574668][T15917] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 2062.585736][T15917] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[ 2062.595684][T15917] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[ 2062.607031][T15917] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2062.607456][T29151] pyra 0003:1E7D:2CF6.003A: couldn't init struct pyra_device
[ 2062.620149][T15917] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 2062.620217][T15917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2062.623026][T15917] usbtmc 1-1:16.0: probe with driver usbtmc failed with error -22
[ 2062.674453][T29151] pyra 0003:1E7D:2CF6.003A: couldn't install mouse
[ 2062.687894][T29151] pyra 0003:1E7D:2CF6.003A: probe with driver pyra failed with error -71
[ 2062.715556][T29151] usb 8-1: USB disconnect, device number 29
[ 2064.232422][T30530] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6649'.
[ 2064.344714][   T29] audit: type=1400 audit(1734071888.745:1326): avc:  denied  { name_bind } for  pid=30525 comm="syz.8.6653" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[ 2064.831740][T30548] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 2065.342971][T30542] netlink: 40 bytes leftover after parsing attributes in process `syz.8.6653'.
[ 2065.380609][   T25] usb 1-1: USB disconnect, device number 121
[ 2065.558685][   T29] audit: type=1400 audit(1734071889.955:1327): avc:  denied  { read write } for  pid=30550 comm="syz.7.6658" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[ 2065.659254][   T29] audit: type=1400 audit(1734071889.965:1328): avc:  denied  { open } for  pid=30550 comm="syz.7.6658" path="/506/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[ 2065.806510][T30552] netlink: 256 bytes leftover after parsing attributes in process `syz.7.6658'.
[ 2065.839663][T30552] netlink: 20 bytes leftover after parsing attributes in process `syz.7.6658'.
[ 2066.114552][T30563] netlink: 'syz.8.6661': attribute type 4 has an invalid length.
[ 2066.133922][T30563] netlink: 'syz.8.6661': attribute type 4 has an invalid length.
[ 2066.524116][T30571] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 2068.377939][T30594] overlayfs: failed to resolve './bus': -2
[ 2068.618805][T30597] lo speed is unknown, defaulting to 1000
[ 2068.719342][   T25] usb 8-1: new high-speed USB device number 30 using dummy_hcd
[ 2068.796465][T30601] 9pnet_fd: Insufficient options for proto=fd
[ 2069.043175][   T25] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2069.059381][   T25] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2069.069483][   T25] usb 8-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[ 2069.078617][   T25] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2069.094561][   T25] usb 8-1: config 0 descriptor??
[ 2069.759419][ T5897] usb 1-1: new high-speed USB device number 122 using dummy_hcd
[ 2069.763073][T16091] usb 7-1: new full-speed USB device number 70 using dummy_hcd
[ 2069.870974][   T25] pyra 0003:1E7D:2CF6.003B: unknown main item tag 0x0
[ 2069.877771][   T25] pyra 0003:1E7D:2CF6.003B: unknown main item tag 0x0
[ 2069.884999][   T25] pyra 0003:1E7D:2CF6.003B: unknown main item tag 0x0
[ 2069.991982][   T25] pyra 0003:1E7D:2CF6.003B: unknown main item tag 0x0
[ 2069.998996][   T25] pyra 0003:1E7D:2CF6.003B: unknown main item tag 0x0
[ 2070.005974][   T25] pyra 0003:1E7D:2CF6.003B: unknown main item tag 0x0
[ 2070.049180][   T25] pyra 0003:1E7D:2CF6.003B: unknown main item tag 0x0
[ 2070.067356][   T25] pyra 0003:1E7D:2CF6.003B: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.7-1/input0
[ 2070.082325][ T5897] usb 1-1: Using ep0 maxpacket: 32
[ 2070.092304][T16091] usb 7-1: config 0 has too many interfaces: 125, using maximum allowed: 32
[ 2070.101589][T16091] usb 7-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[ 2070.199162][T16091] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2070.209458][T16091] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 125
[ 2070.219158][T16091] usb 7-1: config 0 has no interface number 0
[ 2070.225461][T16091] usb 7-1: too many endpoints for config 0 interface 88 altsetting 253: 68, using maximum allowed: 30
[ 2070.236676][T16091] usb 7-1: config 0 interface 88 altsetting 253 has 0 endpoint descriptors, different from the interface descriptor's value: 68
[ 2070.250092][T16091] usb 7-1: config 0 interface 88 has no altsetting 0
[ 2070.271113][T16091] usb 7-1: New USB device found, idVendor=1d7b, idProduct=0101, bcdDevice= 0.40
[ 2070.280651][T16091] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2070.288898][T16091] usb 7-1: Product: syz
[ 2070.293155][T16091] usb 7-1: Manufacturer: syz
[ 2070.304423][T16091] usb 7-1: SerialNumber: syz
[ 2070.310816][T16091] usb 7-1: config 0 descriptor??
[ 2070.345269][ T5897] usb 1-1: config 0 has no interfaces?
[ 2070.356073][ T5897] usb 1-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[ 2070.387154][ T5897] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2070.413295][ T5897] usb 1-1: config 0 descriptor??
[ 2070.509797][   T25] pyra 0003:1E7D:2CF6.003B: couldn't init struct pyra_device
[ 2070.517328][   T25] pyra 0003:1E7D:2CF6.003B: couldn't install mouse
[ 2070.525993][   T25] pyra 0003:1E7D:2CF6.003B: probe with driver pyra failed with error -71
[ 2070.541233][   T25] usb 8-1: USB disconnect, device number 30
[ 2070.577314][T30622] overlayfs: missing 'lowerdir'
[ 2070.584218][   T29] audit: type=1400 audit(1734071894.995:1329): avc:  denied  { shutdown } for  pid=30605 comm="syz.6.6674" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 2070.709159][T15917] usb 9-1: new high-speed USB device number 36 using dummy_hcd
[ 2070.879174][T15917] usb 9-1: Using ep0 maxpacket: 8
[ 2070.885976][T15917] usb 9-1: config index 0 descriptor too short (expected 301, got 45)
[ 2070.899791][T15917] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2070.909711][T15917] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 2070.919623][T15917] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2070.930275][T15917] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2070.943990][T15917] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 2070.953293][T15917] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2071.177630][T15917] usb 9-1: usb_control_msg returned -32
[ 2071.183560][T15917] usbtmc 9-1:16.0: can't read capabilities
[ 2071.823573][T30631] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6676'.
[ 2071.848396][T29151] usb 1-1: USB disconnect, device number 122
[ 2071.898444][T16091] usb 7-1: USB disconnect, device number 70
[ 2072.005381][T30641] 9pnet_fd: Insufficient options for proto=fd
[ 2073.515566][T15917] usb 9-1: USB disconnect, device number 36
[ 2073.797533][T30664] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 2074.601532][   T29] audit: type=1326 audit(1734071898.995:1330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30672 comm="syz.6.6691" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9a67985d19 code=0x0
[ 2075.009207][T29151] usb 9-1: new high-speed USB device number 37 using dummy_hcd
[ 2075.159142][T29151] usb 9-1: Using ep0 maxpacket: 32
[ 2075.165583][T29151] usb 9-1: config 0 has no interfaces?
[ 2075.171682][T29151] usb 9-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[ 2075.181481][T29151] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2075.242870][T29151] usb 9-1: config 0 descriptor??
[ 2075.816791][T30690] 9pnet_fd: Insufficient options for proto=fd
[ 2075.841661][T30692] overlayfs: failed to resolve './bus': -2
[ 2075.989813][ T5897] usb 7-1: new high-speed USB device number 71 using dummy_hcd
[ 2076.017713][T30694] lo speed is unknown, defaulting to 1000
[ 2076.359151][ T5897] usb 7-1: Using ep0 maxpacket: 16
[ 2076.367408][ T5897] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2076.376674][ T5897] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2076.397824][ T5897] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2076.442212][ T5897] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2076.451549][ T5897] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2076.459630][ T5897] usb 7-1: Product: syz
[ 2076.465236][ T5897] usb 7-1: Manufacturer: syz
[ 2076.476236][T30703] overlayfs: failed to resolve './bus': -2
[ 2076.484467][ T5897] usb 7-1: SerialNumber: syz
[ 2076.908390][T30705] lo speed is unknown, defaulting to 1000
[ 2077.234965][ T5897] usb 7-1: 0:2 : does not exist
[ 2077.853928][T30717] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 2078.423036][T30689] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2078.461035][T30689] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2078.484602][T30721] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2078.499421][    T8] usb 9-1: USB disconnect, device number 37
[ 2078.520694][T30721] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2078.584884][T30721] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2078.595207][T30721] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2078.780258][ T5897] usb 7-1: 1:0: failed to get current value for ch 0 (-22)
[ 2078.797427][ T5897] usb 7-1: USB disconnect, device number 71
[ 2078.988435][    T8] usb 9-1: new full-speed USB device number 38 using dummy_hcd
[ 2079.447753][T30734] vivid-007: disconnect
[ 2079.471145][    T8] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2079.483023][    T8] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 2079.497834][    T8] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 2079.620552][    T8] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 2079.631075][    T8] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 2079.650722][    T8] usb 9-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 2079.664437][    T8] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 2079.674113][    T8] usb 9-1: Product: syz
[ 2079.678472][    T8] usb 9-1: Manufacturer: syz
[ 2079.683598][    T8] usb 9-1: SerialNumber: syz
[ 2079.712996][    T8] usb 9-1: config 0 descriptor??
[ 2079.845018][T30743] overlayfs: failed to resolve './bus': -2
[ 2080.138630][T30746] lo speed is unknown, defaulting to 1000
[ 2080.158025][T30727] netlink: 24 bytes leftover after parsing attributes in process `syz.8.6706'.
[ 2080.191346][    T8] radio-si470x 9-1:0.0: si470x_get_report: usb_control_msg returned -71
[ 2080.201110][T30731] vivid-007: reconnect
[ 2080.245046][    T8] radio-si470x 9-1:0.0: probe with driver radio-si470x failed with error -5
[ 2080.262112][    T8] usb 9-1: USB disconnect, device number 38
[ 2080.992731][T15917] usb 7-1: new high-speed USB device number 72 using dummy_hcd
[ 2081.449220][T15917] usb 7-1: Using ep0 maxpacket: 16
[ 2081.753353][T15917] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2081.766324][T15917] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2081.774270][T30764] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2081.779068][T15917] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2081.785141][T30764] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2081.801576][    T8] usb 9-1: new high-speed USB device number 39 using dummy_hcd
[ 2081.825698][T15917] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2081.835051][T15917] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2081.843214][T15917] usb 7-1: Product: syz
[ 2081.847389][T15917] usb 7-1: Manufacturer: syz
[ 2081.851910][T30766] 9pnet_fd: Insufficient options for proto=fd
[ 2081.852027][T15917] usb 7-1: SerialNumber: syz
[ 2081.959404][    T8] usb 9-1: Using ep0 maxpacket: 32
[ 2081.965902][    T8] usb 9-1: config 0 has no interfaces?
[ 2081.971976][    T8] usb 9-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[ 2081.982796][    T8] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2081.993073][    T8] usb 9-1: config 0 descriptor??
[ 2082.003225][T30776] overlayfs: failed to resolve './bus': -2
[ 2082.120497][T30777] lo speed is unknown, defaulting to 1000
[ 2082.149944][T21534] usb 8-1: new high-speed USB device number 31 using dummy_hcd
[ 2082.350358][T21534] usb 8-1: Using ep0 maxpacket: 32
[ 2082.350498][T15917] usb 7-1: 0:2 : does not exist
[ 2082.403276][T21534] usb 8-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[ 2082.445248][T21534] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2082.461394][T21534] usb 8-1: config 0 descriptor??
[ 2082.472052][T21534] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[ 2082.517416][T30781] overlayfs: failed to resolve './bus': -2
[ 2082.795760][T21534] gspca_vc032x: reg_r err -71
[ 2082.823187][T21534] gspca_vc032x: I2c Bus Busy Wait 00
[ 2082.828915][T30751] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2082.829160][T30751] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2082.837370][T21534] gspca_vc032x: I2c Bus Busy Wait 00
[ 2082.850491][T21534] gspca_vc032x: I2c Bus Busy Wait 00
[ 2082.857274][T21534] gspca_vc032x: I2c Bus Busy Wait 00
[ 2082.864326][T21534] gspca_vc032x: I2c Bus Busy Wait 00
[ 2082.870166][T21534] gspca_vc032x: I2c Bus Busy Wait 00
[ 2082.879747][T21534] gspca_vc032x: I2c Bus Busy Wait 00
[ 2082.889794][T21534] gspca_vc032x: I2c Bus Busy Wait 00
[ 2082.896364][T21534] gspca_vc032x: I2c Bus Busy Wait 00
[ 2082.902018][T21534] gspca_vc032x: I2c Bus Busy Wait 00
[ 2082.909086][T21534] gspca_vc032x: I2c Bus Busy Wait 00
[ 2082.914471][T21534] gspca_vc032x: I2c Bus Busy Wait 00
[ 2082.920844][T21534] gspca_vc032x: I2c Bus Busy Wait 00
[ 2082.926610][T21534] gspca_vc032x: I2c Bus Busy Wait 00
[ 2082.932246][T21534] gspca_vc032x: I2c Bus Busy Wait 00
[ 2082.938045][T21534] gspca_vc032x: I2c Bus Busy Wait 00
[ 2082.943641][T21534] gspca_vc032x: I2c Bus Busy Wait 00
[ 2082.949457][T21534] gspca_vc032x: I2c Bus Busy Wait 00
[ 2082.955138][T21534] gspca_vc032x: Unknown sensor...
[ 2082.962038][T21534] vc032x 8-1:0.0: probe with driver vc032x failed with error -22
[ 2082.981792][T21534] usb 8-1: USB disconnect, device number 31
[ 2083.029208][T30782] lo speed is unknown, defaulting to 1000
[ 2083.291962][T15917] usb 7-1: 1:0: failed to get current value for ch 0 (-22)
[ 2083.915199][T15917] usb 7-1: USB disconnect, device number 72
[ 2084.250677][    T8] usb 9-1: USB disconnect, device number 39
[ 2084.479186][T30803] netlink: 188 bytes leftover after parsing attributes in process `syz.0.6729'.
[ 2084.488237][T30803] netlink: 'syz.0.6729': attribute type 1 has an invalid length.
[ 2085.261414][T30818] syz.2.6733: attempt to access beyond end of device
[ 2085.261414][T30818] nbd2: rw=0, sector=1, nr_sectors = 1 limit=0
[ 2085.279253][T30818] VFS: could not find a valid V7 on nbd2.
[ 2086.384156][    T8] usb 9-1: new high-speed USB device number 40 using dummy_hcd
[ 2086.470174][T30830] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6737'.
[ 2086.560645][    T8] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2086.577387][    T8] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2086.631990][    T8] usb 9-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 2086.642328][    T8] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 2086.656017][    T8] usb 9-1: SerialNumber: syz
[ 2086.779179][T29151] usb 1-1: new high-speed USB device number 123 using dummy_hcd
[ 2086.879682][    T8] usb 9-1: 0:2 : does not exist
[ 2086.893896][    T8] usb 9-1: USB disconnect, device number 40
[ 2086.939180][T29151] usb 1-1: Using ep0 maxpacket: 16
[ 2086.948594][T29151] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2086.968263][T29151] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2087.518506][T29151] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2087.539763][T29151] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2087.548853][T29151] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2087.563083][T29151] usb 1-1: Product: syz
[ 2087.567337][T29151] usb 1-1: Manufacturer: syz
[ 2087.572703][T29151] usb 1-1: SerialNumber: syz
[ 2087.769505][T30846] overlayfs: failed to resolve './bus': -2
[ 2088.108806][T30849] lo speed is unknown, defaulting to 1000
[ 2088.150579][T29151] usb 1-1: 0:2 : does not exist
[ 2088.571444][T30833] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2088.584419][T30833] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2088.948229][T29151] usb 1-1: 1:0: failed to get current value for ch 0 (-22)
[ 2089.045308][T29151] usb 1-1: USB disconnect, device number 123
[ 2091.458230][T30894] FAULT_INJECTION: forcing a failure.
[ 2091.458230][T30894] name failslab, interval 1, probability 0, space 0, times 0
[ 2091.471150][T30894] CPU: 0 UID: 0 PID: 30894 Comm: syz.7.6756 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[ 2091.481921][T30894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 2091.491968][T30894] Call Trace:
[ 2091.495241][T30894]  <TASK>
[ 2091.498160][T30894]  dump_stack_lvl+0x16c/0x1f0
[ 2091.502820][T30894]  should_fail_ex+0x497/0x5b0
[ 2091.507479][T30894]  ? fs_reclaim_acquire+0xae/0x150
[ 2091.512575][T30894]  should_failslab+0xc2/0x120
[ 2091.517244][T30894]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[ 2091.523037][T30894]  ? __alloc_skb+0x2b1/0x380
[ 2091.527625][T30894]  __alloc_skb+0x2b1/0x380
[ 2091.532048][T30894]  ? __pfx___alloc_skb+0x10/0x10
[ 2091.536987][T30894]  ? selinux_socket_getpeersec_dgram+0x1a5/0x370
[ 2091.543326][T30894]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[ 2091.549991][T30894]  netlink_alloc_large_skb+0x69/0x130
[ 2091.555369][T30894]  netlink_sendmsg+0x689/0xd70
[ 2091.560156][T30894]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2091.565442][T30894]  ____sys_sendmsg+0xaaf/0xc90
[ 2091.570197][T30894]  ? copy_msghdr_from_user+0x10b/0x160
[ 2091.575669][T30894]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2091.580985][T30894]  ___sys_sendmsg+0x135/0x1e0
[ 2091.585671][T30894]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2091.590871][T30894]  ? __pfx_lock_release+0x10/0x10
[ 2091.595881][T30894]  ? trace_lock_acquire+0x14e/0x1f0
[ 2091.601078][T30894]  ? __fget_files+0x206/0x3a0
[ 2091.605746][T30894]  __sys_sendmsg+0x16e/0x220
[ 2091.610330][T30894]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2091.615447][T30894]  do_syscall_64+0xcd/0x250
[ 2091.619944][T30894]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2091.625826][T30894] RIP: 0033:0x7feeeed85d19
[ 2091.630243][T30894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2091.649833][T30894] RSP: 002b:00007feeefb1b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2091.658231][T30894] RAX: ffffffffffffffda RBX: 00007feeeef75fa0 RCX: 00007feeeed85d19
[ 2091.666188][T30894] RDX: 0000000004040000 RSI: 00000000200000c0 RDI: 0000000000000003
[ 2091.674143][T30894] RBP: 00007feeefb1b090 R08: 0000000000000000 R09: 0000000000000000
[ 2091.682100][T30894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2091.690054][T30894] R13: 0000000000000000 R14: 00007feeeef75fa0 R15: 00007fff663ed368
[ 2091.698017][T30894]  </TASK>
[ 2092.229439][T29151] usb 8-1: new high-speed USB device number 32 using dummy_hcd
[ 2092.319234][    T8] usb 7-1: new high-speed USB device number 73 using dummy_hcd
[ 2092.415292][T30910] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2092.423921][T30910] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2092.431810][T29151] usb 8-1: Using ep0 maxpacket: 16
[ 2092.438377][T29151] usb 8-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2092.447182][T29151] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2092.457312][T29151] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2092.481265][T29151] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2092.490407][T29151] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2092.500453][T29151] usb 8-1: Product: syz
[ 2092.504647][T29151] usb 8-1: Manufacturer: syz
[ 2092.509350][    T8] usb 7-1: Using ep0 maxpacket: 16
[ 2092.514505][T29151] usb 8-1: SerialNumber: syz
[ 2092.525416][    T8] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2092.534221][    T8] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2092.544671][    T8] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2092.556294][    T8] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2092.565653][    T8] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2092.573816][    T8] usb 7-1: Product: syz
[ 2092.578110][    T8] usb 7-1: Manufacturer: syz
[ 2092.582854][    T8] usb 7-1: SerialNumber: syz
[ 2092.671128][T30912] netlink: 188 bytes leftover after parsing attributes in process `syz.0.6764'.
[ 2092.680280][T30912] netlink: 'syz.0.6764': attribute type 1 has an invalid length.
[ 2092.934499][T29151] usb 8-1: 0:2 : does not exist
[ 2093.751109][T30932] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2093.762702][T30932] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2093.910355][T30901] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2093.918960][T30901] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2094.558670][T30939] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2094.569394][T30939] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2094.582699][T29151] usb 8-1: 1:0: cannot get min/max values for control 4 (id 1)
[ 2094.606182][T29151] usb 8-1: USB disconnect, device number 32
[ 2094.949158][   T25] usb 1-1: new high-speed USB device number 124 using dummy_hcd
[ 2095.104795][   T25] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2095.123467][   T25] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2095.142762][   T25] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 2095.153939][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 2095.162296][   T25] usb 1-1: SerialNumber: syz
[ 2095.656875][    T8] usb 7-1: 0:2 : does not exist
[ 2095.668432][    T8] usb 7-1: 1:0: cannot get min/max values for control 4 (id 1)
[ 2095.680212][   T29] audit: type=1400 audit(1734071920.085:1331): avc:  denied  { setattr } for  pid=30949 comm="syz.7.6775" name="fd" dev="proc" ino=127342 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[ 2096.037876][    T8] usb 7-1: USB disconnect, device number 73
[ 2096.066183][   T25] usb 1-1: 0:2 : does not exist
[ 2096.137593][   T25] usb 1-1: USB disconnect, device number 124
[ 2096.701698][T30968] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=30245 sclass=netlink_xfrm_socket pid=30968 comm=syz.6.6778
[ 2096.967782][   T29] audit: type=1400 audit(1734071921.225:1332): avc:  denied  { read } for  pid=30965 comm="syz.6.6778" lport=49151 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[ 2098.238073][T30985] netlink: 88 bytes leftover after parsing attributes in process `syz.0.6783'.
[ 2100.201505][T31007] netlink: 188 bytes leftover after parsing attributes in process `syz.8.6788'.
[ 2100.212241][T31007] netlink: 'syz.8.6788': attribute type 1 has an invalid length.
[ 2101.587631][    T8] usb 7-1: new high-speed USB device number 74 using dummy_hcd
[ 2102.308184][T29151] usb 1-1: new high-speed USB device number 125 using dummy_hcd
[ 2102.473354][T26434] Bluetooth: hci4: command tx timeout
[ 2102.530265][    T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2102.541410][    T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2102.556624][    T8] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[ 2102.566750][    T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2102.579160][    T8] usb 7-1: config 0 descriptor??
[ 2102.639553][T29151] usb 1-1: Using ep0 maxpacket: 16
[ 2102.671210][T29151] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2102.702208][T29151] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2102.715421][T29151] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2102.746878][T29151] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2102.764463][T29151] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2102.779147][T29151] usb 1-1: Product: syz
[ 2102.817111][T29151] usb 1-1: Manufacturer: syz
[ 2102.827877][T29151] usb 1-1: SerialNumber: syz
[ 2103.026172][    T8] pyra 0003:1E7D:2CF6.003C: unknown main item tag 0x0
[ 2103.033608][    T8] pyra 0003:1E7D:2CF6.003C: unknown main item tag 0x0
[ 2103.041266][    T8] pyra 0003:1E7D:2CF6.003C: unknown main item tag 0x0
[ 2103.048286][    T8] pyra 0003:1E7D:2CF6.003C: unknown main item tag 0x0
[ 2103.055648][T31048] FAULT_INJECTION: forcing a failure.
[ 2103.055648][T31048] name failslab, interval 1, probability 0, space 0, times 0
[ 2103.069108][T31048] CPU: 1 UID: 0 PID: 31048 Comm: syz.2.6802 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[ 2103.079869][T31048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 2103.089915][T31048] Call Trace:
[ 2103.093181][T31048]  <TASK>
[ 2103.096093][T31048]  dump_stack_lvl+0x16c/0x1f0
[ 2103.100769][T31048]  should_fail_ex+0x497/0x5b0
[ 2103.105433][T31048]  ? fs_reclaim_acquire+0xae/0x150
[ 2103.110554][T31048]  should_failslab+0xc2/0x120
[ 2103.115222][T31048]  __kmalloc_noprof+0xcb/0x510
[ 2103.119978][T31048]  lsm_blob_alloc+0x68/0x90
[ 2103.124484][T31048]  security_shm_alloc+0x25/0x230
[ 2103.129410][T31048]  newseg+0x32f/0xe60
[ 2103.133388][T31048]  ? __pfx_newseg+0x10/0x10
[ 2103.137886][T31048]  ? vfs_write+0x306/0x1150
[ 2103.142385][T31048]  ipcget+0xf7/0xdc0
[ 2103.146289][T31048]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 2103.152254][T31048]  ? __pfx_ipcget+0x10/0x10
[ 2103.156764][T31048]  __x64_sys_shmget+0x13f/0x1b0
[ 2103.161608][T31048]  ? __pfx___x64_sys_shmget+0x10/0x10
[ 2103.166979][T31048]  do_syscall_64+0xcd/0x250
[ 2103.171484][T31048]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2103.177357][T31048] RIP: 0033:0x7f2408d85d19
[ 2103.181772][T31048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2103.201392][T31048] RSP: 002b:00007f2409baf038 EFLAGS: 00000246 ORIG_RAX: 000000000000001d
[ 2103.209811][T31048] RAX: ffffffffffffffda RBX: 00007f2408f76080 RCX: 00007f2408d85d19
[ 2103.217776][T31048] RDX: 0000000000000800 RSI: 0000000000003000 RDI: 0000000000000000
[ 2103.225729][T31048] RBP: 00007f2409baf090 R08: 0000000000000000 R09: 0000000000000000
[ 2103.233685][T31048] R10: 0000000020f9a000 R11: 0000000000000246 R12: 0000000000000001
[ 2103.241637][T31048] R13: 0000000000000000 R14: 00007f2408f76080 R15: 00007ffe249fd1e8
[ 2103.249619][T31048]  </TASK>
[ 2103.261509][T31021] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2103.275607][T31021] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2103.284241][    T8] pyra 0003:1E7D:2CF6.003C: unknown main item tag 0x0
[ 2103.292152][    T8] pyra 0003:1E7D:2CF6.003C: unknown main item tag 0x0
[ 2103.309127][   T25] usb 8-1: new high-speed USB device number 33 using dummy_hcd
[ 2103.309281][T29151] usb 1-1: 0:2 : does not exist
[ 2103.322333][    T8] pyra 0003:1E7D:2CF6.003C: unknown main item tag 0x0
[ 2103.333735][T29151] usb 1-1: USB disconnect, device number 125
[ 2103.341008][    T8] pyra 0003:1E7D:2CF6.003C: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.6-1/input0
[ 2103.352900][    T8] pyra 0003:1E7D:2CF6.003C: couldn't init struct pyra_device
[ 2103.361583][    T8] pyra 0003:1E7D:2CF6.003C: couldn't install mouse
[ 2103.372247][    T8] pyra 0003:1E7D:2CF6.003C: probe with driver pyra failed with error -71
[ 2103.385030][    T8] usb 7-1: USB disconnect, device number 74
[ 2103.459112][   T25] usb 8-1: Using ep0 maxpacket: 16
[ 2103.465960][   T25] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2103.477371][   T25] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2103.489879][   T25] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 2103.500778][   T25] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 2103.510637][   T25] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2103.524883][   T25] usb 8-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 2103.534077][   T25] usb 8-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 2103.542132][   T25] usb 8-1: Manufacturer: syz
[ 2103.554605][   T25] usb 8-1: config 0 descriptor??
[ 2103.820367][   T25] rc_core: IR keymap rc-hauppauge not found
[ 2103.826522][   T25] Registered IR keymap rc-empty
[ 2103.842590][   T25] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2103.929654][   T25] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2104.061622][   T25] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/rc/rc0
[ 2104.160119][   T25] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/rc/rc0/input136
[ 2104.228006][   T25] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2104.259804][   T25] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2104.279480][   T25] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2104.299765][   T25] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2104.349140][   T25] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2104.397668][   T25] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2104.425961][T31063] 9pnet_fd: Insufficient options for proto=fd
[ 2104.489952][   T25] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2104.519112][   T25] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2104.539134][   T25] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2104.569224][   T25] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2104.590771][   T25] mceusb 8-1:0.0: Registered 424242424242 with mce emulator interface version 1
[ 2104.603951][   T25] mceusb 8-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 2104.713204][   T29] audit: type=1326 audit(1734071929.115:1333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31049 comm="syz.2.6803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2408d85d19 code=0x7fc00000
[ 2105.116162][T31069] sp0: Synchronizing with TNC
[ 2105.163153][T31069] xt_socket: unknown flags 0x50
[ 2105.668444][T31082] openvswitch: netlink: Message has 1255 unknown bytes.
[ 2105.708765][T31082] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 2106.534286][T16091] usb 8-1: USB disconnect, device number 33
[ 2107.386583][T31110] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6814'.
[ 2107.439657][T16091] usb 1-1: new high-speed USB device number 126 using dummy_hcd
[ 2107.459098][    T8] usb 8-1: new high-speed USB device number 34 using dummy_hcd
[ 2107.610835][    T8] usb 8-1: Using ep0 maxpacket: 16
[ 2107.615927][T16091] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2107.627233][T16091] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2107.628684][    T8] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2107.648382][T16091] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[ 2107.657925][    T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2107.658655][T16091] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2107.679120][    T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 2107.680473][T16091] usb 1-1: config 0 descriptor??
[ 2107.688849][    T8] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 2107.714314][    T8] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2107.734769][    T8] usb 8-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 2107.744640][    T8] usb 8-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 2107.752900][    T8] usb 8-1: Manufacturer: syz
[ 2107.762489][    T8] usb 8-1: config 0 descriptor??
[ 2107.769632][   T29] audit: type=1400 audit(1734071932.175:1334): avc:  denied  { map } for  pid=31111 comm="syz.8.6822" path="socket:[127848]" dev="sockfs" ino=127848 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 2107.801043][   T29] audit: type=1400 audit(1734071932.175:1335): avc:  denied  { read accept } for  pid=31111 comm="syz.8.6822" path="socket:[127848]" dev="sockfs" ino=127848 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 2108.060111][    T8] rc_core: IR keymap rc-hauppauge not found
[ 2108.066378][    T8] Registered IR keymap rc-empty
[ 2108.085292][T31120] lo speed is unknown, defaulting to 1000
[ 2108.091379][    T8] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2108.107317][T16091] usbhid 1-1:0.0: can't add hid device: -71
[ 2108.113381][T16091] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 2108.133860][T16091] usb 1-1: USB disconnect, device number 126
[ 2108.149251][    T8] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2108.171584][    T8] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/rc/rc0
[ 2108.199859][    T8] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/rc/rc0/input137
[ 2108.223034][    T8] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2108.251485][    T8] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2108.290490][    T8] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2108.319487][    T8] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2108.339347][    T8] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2108.369599][    T8] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2108.389196][    T8] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2108.409441][    T8] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2108.429215][    T8] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2108.459151][    T8] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[ 2108.479997][    T8] mceusb 8-1:0.0: Registered 424242424242 with mce emulator interface version 1
[ 2108.490021][    T8] mceusb 8-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 2108.501361][    T8] usb 8-1: USB disconnect, device number 34
[ 2108.621728][T29151] usb 7-1: new high-speed USB device number 75 using dummy_hcd
[ 2108.820105][T29151] usb 7-1: Using ep0 maxpacket: 8
[ 2109.006669][T29151] usb 7-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2109.154546][T29151] usb 7-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2109.180993][T29151] usb 7-1: config 0 interface 0 has no altsetting 0
[ 2109.195608][T29151] usb 7-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00
[ 2109.233557][T29151] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2109.239716][T31138] option changes via remount are deprecated (pid=31137 comm=syz.8.6827)
[ 2109.253503][T29151] usb 7-1: config 0 descriptor??
[ 2109.307807][T31138] overlayfs: failed to resolve './file0': -2
[ 2109.540099][T31151] FAULT_INJECTION: forcing a failure.
[ 2109.540099][T31151] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2109.594044][T31151] CPU: 0 UID: 0 PID: 31151 Comm: syz.2.6830 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[ 2109.604856][T31151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 2109.614926][T31151] Call Trace:
[ 2109.618206][T31151]  <TASK>
[ 2109.621138][T31151]  dump_stack_lvl+0x16c/0x1f0
[ 2109.625827][T31151]  should_fail_ex+0x497/0x5b0
[ 2109.630518][T31151]  _copy_from_iter+0x2a1/0x1560
[ 2109.635384][T31151]  ? __pfx__copy_from_iter+0x10/0x10
[ 2109.640680][T31151]  ? __phys_addr+0xbc/0x150
[ 2109.645190][T31151]  ? __phys_addr+0xc6/0x150
[ 2109.649699][T31151]  ? __check_object_size+0x18c/0x710
[ 2109.654973][T31151]  ? __phys_addr_symbol+0x30/0x80
[ 2109.659980][T31151]  ? __check_object_size+0x488/0x710
[ 2109.665247][T31151]  kernfs_fop_write_iter+0x19d/0x500
[ 2109.670512][T31151]  vfs_write+0x5ae/0x1150
[ 2109.674816][T31151]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[ 2109.680616][T31151]  ? __pfx___mutex_lock+0x10/0x10
[ 2109.685624][T31151]  ? __pfx_vfs_write+0x10/0x10
[ 2109.690369][T31151]  ksys_write+0x12b/0x250
[ 2109.694672][T31151]  ? __pfx_ksys_write+0x10/0x10
[ 2109.699516][T31151]  do_syscall_64+0xcd/0x250
[ 2109.704019][T31151]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2109.709890][T31151] RIP: 0033:0x7f2408d85d19
[ 2109.714281][T31151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2109.733874][T31151] RSP: 002b:00007f2409baf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2109.742260][T31151] RAX: ffffffffffffffda RBX: 00007f2408f76080 RCX: 00007f2408d85d19
[ 2109.750213][T31151] RDX: 0000000000000006 RSI: 0000000020000100 RDI: 0000000000000005
[ 2109.758159][T31151] RBP: 00007f2409baf090 R08: 0000000000000000 R09: 0000000000000000
[ 2109.766104][T31151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2109.774050][T31151] R13: 0000000000000000 R14: 00007f2408f76080 R15: 00007ffe249fd1e8
[ 2109.782005][T31151]  </TASK>
[ 2109.883071][T29151] waltop 0003:172F:0037.003D: item fetching failed at offset 5/7
[ 2109.967514][T29151] waltop 0003:172F:0037.003D: probe with driver waltop failed with error -22
[ 2110.125673][T31162] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2110.134286][T31162] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2110.143395][ T5897] usb 7-1: USB disconnect, device number 75
[ 2110.357569][T31167] syz.8.6833: attempt to access beyond end of device
[ 2110.357569][T31167] nbd8: rw=0, sector=1, nr_sectors = 1 limit=0
[ 2110.370764][T31167] VFS: could not find a valid V7 on nbd8.
[ 2111.358185][T31181] FAULT_INJECTION: forcing a failure.
[ 2111.358185][T31181] name failslab, interval 1, probability 0, space 0, times 0
[ 2111.379284][T31181] CPU: 1 UID: 0 PID: 31181 Comm: syz.6.6842 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[ 2111.390100][T31181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 2111.400165][T31181] Call Trace:
[ 2111.403424][T31181]  <TASK>
[ 2111.406334][T31181]  dump_stack_lvl+0x16c/0x1f0
[ 2111.410998][T31181]  should_fail_ex+0x497/0x5b0
[ 2111.415657][T31181]  ? fs_reclaim_acquire+0xae/0x150
[ 2111.420767][T31181]  should_failslab+0xc2/0x120
[ 2111.425445][T31181]  __kmalloc_noprof+0xcb/0x510
[ 2111.430186][T31181]  ? d_absolute_path+0x137/0x1b0
[ 2111.435117][T31181]  ? rcu_is_watching+0x12/0xc0
[ 2111.439906][T31181]  tomoyo_encode2+0x100/0x3e0
[ 2111.444615][T31181]  tomoyo_encode+0x29/0x50
[ 2111.449049][T31181]  tomoyo_realpath_from_path+0x19d/0x720
[ 2111.454699][T31181]  tomoyo_path_number_perm+0x248/0x590
[ 2111.460154][T31181]  ? tomoyo_path_number_perm+0x235/0x590
[ 2111.465765][T31181]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2111.471759][T31181]  ? __pfx_lock_release+0x10/0x10
[ 2111.476776][T31181]  ? trace_lock_acquire+0x14e/0x1f0
[ 2111.481975][T31181]  ? lock_acquire+0x2f/0xb0
[ 2111.486461][T31181]  ? __fget_files+0x40/0x3a0
[ 2111.491056][T31181]  ? __fget_files+0x206/0x3a0
[ 2111.493350][T31185] syz.8.6841: attempt to access beyond end of device
[ 2111.493350][T31185] nbd8: rw=0, sector=1, nr_sectors = 1 limit=0
[ 2111.495733][T31181]  security_file_ioctl+0x9b/0x240
[ 2111.508491][T31185] VFS: could not find a valid V7 on nbd8.
[ 2111.513374][T31181]  __x64_sys_ioctl+0xb7/0x200
[ 2111.513407][T31181]  do_syscall_64+0xcd/0x250
[ 2111.513431][T31181]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2111.513454][T31181] RIP: 0033:0x7f9a67985d19
[ 2111.513472][T31181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2111.558143][T31181] RSP: 002b:00007f9a68728038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2111.566550][T31181] RAX: ffffffffffffffda RBX: 00007f9a67b75fa0 RCX: 00007f9a67985d19
[ 2111.574511][T31181] RDX: 0000000020000240 RSI: 000000000000127f RDI: 0000000000000003
[ 2111.582466][T31181] RBP: 00007f9a68728090 R08: 0000000000000000 R09: 0000000000000000
[ 2111.590421][T31181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2111.598377][T31181] R13: 0000000000000000 R14: 00007f9a67b75fa0 R15: 00007ffffd44b688
[ 2111.606342][T31181]  </TASK>
[ 2111.653440][T31181] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2111.660201][T31188] overlayfs: failed to resolve './bus': -2
[ 2113.316281][T31188] lo speed is unknown, defaulting to 1000
[ 2113.491222][T31206] FAULT_INJECTION: forcing a failure.
[ 2113.491222][T31206] name failslab, interval 1, probability 0, space 0, times 0
[ 2113.504172][T31206] CPU: 1 UID: 0 PID: 31206 Comm: syz.0.6851 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[ 2113.514953][T31206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 2113.525012][T31206] Call Trace:
[ 2113.528271][T31206]  <TASK>
[ 2113.531197][T31206]  dump_stack_lvl+0x16c/0x1f0
[ 2113.535889][T31206]  should_fail_ex+0x497/0x5b0
[ 2113.540587][T31206]  should_failslab+0xc2/0x120
[ 2113.545277][T31206]  kmem_cache_alloc_noprof+0x6e/0x3d0
[ 2113.548798][T31208] 9pnet_fd: Insufficient options for proto=fd
[ 2113.550651][T31206]  ? skb_clone+0x190/0x3f0
[ 2113.550677][T31206]  skb_clone+0x190/0x3f0
[ 2113.550695][T31206]  netlink_deliver_tap+0xabd/0xd30
[ 2113.550723][T31206]  netlink_unicast+0x5e1/0x7f0
[ 2113.550748][T31206]  ? __pfx_netlink_unicast+0x10/0x10
[ 2113.550780][T31206]  netlink_sendmsg+0x8b8/0xd70
[ 2113.550806][T31206]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2113.579117][ T5897] usb 7-1: new high-speed USB device number 76 using dummy_hcd
[ 2113.580595][T31206]  ____sys_sendmsg+0xaaf/0xc90
[ 2113.602919][T31206]  ? copy_msghdr_from_user+0x10b/0x160
[ 2113.608402][T31206]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2113.613720][T31206]  ___sys_sendmsg+0x135/0x1e0
[ 2113.618430][T31206]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2113.623670][T31206]  ? __pfx_lock_release+0x10/0x10
[ 2113.628715][T31206]  ? trace_lock_acquire+0x14e/0x1f0
[ 2113.633953][T31206]  ? __fget_files+0x206/0x3a0
[ 2113.638650][T31206]  __sys_sendmsg+0x16e/0x220
[ 2113.643261][T31206]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2113.648411][T31206]  do_syscall_64+0xcd/0x250
[ 2113.652938][T31206]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2113.658843][T31206] RIP: 0033:0x7fdf6e585d19
[ 2113.663264][T31206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2113.682885][T31206] RSP: 002b:00007fdf6f350038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2113.691318][T31206] RAX: ffffffffffffffda RBX: 00007fdf6e775fa0 RCX: 00007fdf6e585d19
[ 2113.699302][T31206] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[ 2113.707287][T31206] RBP: 00007fdf6f350090 R08: 0000000000000000 R09: 0000000000000000
[ 2113.715272][T31206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2113.723260][T31206] R13: 0000000000000000 R14: 00007fdf6e775fa0 R15: 00007ffe7b9357f8
[ 2113.729166][ T5897] usb 7-1: Using ep0 maxpacket: 8
[ 2113.731234][T31206]  </TASK>
[ 2113.769411][ T5897] usb 7-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[ 2113.778462][ T5897] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2113.805487][ T5897] usb 7-1: Product: syz
[ 2113.849437][ T5897] usb 7-1: Manufacturer: syz
[ 2113.857565][ T5897] usb 7-1: SerialNumber: syz
[ 2113.903693][ T5897] usb 7-1: config 0 descriptor??
[ 2113.911486][ T5897] gspca_main: sonixj-2.14.0 probing 0c45:613e
[ 2114.327965][T31222] syz.8.6854: attempt to access beyond end of device
[ 2114.327965][T31222] nbd8: rw=0, sector=1, nr_sectors = 1 limit=0
[ 2114.341004][T31222] VFS: could not find a valid V7 on nbd8.
[ 2114.419536][ T5897] gspca_sonixj: reg_w1 err -110
[ 2114.424730][ T5897] sonixj 7-1:0.0: probe with driver sonixj failed with error -110
[ 2115.138234][T31228] overlayfs: failed to resolve './bus': -2
[ 2115.170639][   T29] audit: type=1400 audit(1734071939.575:1336): avc:  denied  { append } for  pid=31229 comm="syz.7.6859" name="renderD128" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 2115.197020][T31230] netlink: 896 bytes leftover after parsing attributes in process `syz.7.6859'.
[ 2115.225389][T16091] usb 1-1: new high-speed USB device number 127 using dummy_hcd
[ 2115.524399][T31234] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6857'.
[ 2115.533548][T31234] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6857'.
[ 2116.120888][T31231] lo speed is unknown, defaulting to 1000
[ 2116.235466][T31247] sp0: Synchronizing with TNC
[ 2116.282951][ T5897] usb 7-1: USB disconnect, device number 76
[ 2116.307095][T16091] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 2116.316251][T16091] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2116.325333][T16091] usb 1-1: Product: syz
[ 2116.329570][T16091] usb 1-1: Manufacturer: syz
[ 2116.334183][T16091] usb 1-1: SerialNumber: syz
[ 2116.341022][T16091] usb 1-1: config 0 descriptor??
[ 2116.371900][T31247] xt_socket: unknown flags 0x50
[ 2116.409227][   T29] audit: type=1326 audit(1734071940.805:1337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31250 comm="syz.6.6863" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9a67985d19 code=0x0
[ 2116.410490][T31248] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2116.726571][T31248] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2116.756331][T16091] usb 1-1: Firmware: major: 0, minor: 248, hardware type: UNKNOWN (5)
[ 2116.874699][T31248] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2116.998496][T16091] usb 1-1: failed to fetch extended address, random address set
[ 2117.027121][T16091] usb 1-1: atusb_probe: initialization failed, error = -524
[ 2117.042096][T31248] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2117.048312][T16091] atusb 1-1:0.0: probe with driver atusb failed with error -524
[ 2117.077984][T31256] FAULT_INJECTION: forcing a failure.
[ 2117.077984][T31256] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2117.084029][T16091] usb 1-1: USB disconnect, device number 127
[ 2117.128124][T31256] CPU: 0 UID: 0 PID: 31256 Comm: syz.8.6865 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[ 2117.138929][T31256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 2117.148991][T31256] Call Trace:
[ 2117.152256][T31256]  <TASK>
[ 2117.155167][T31256]  dump_stack_lvl+0x16c/0x1f0
[ 2117.159827][T31256]  should_fail_ex+0x497/0x5b0
[ 2117.164486][T31256]  _copy_to_user+0x32/0xd0
[ 2117.168885][T31256]  bpf_test_finish.isra.0+0x52b/0x680
[ 2117.174241][T31256]  ? __pfx___static_call_update+0x10/0x10
[ 2117.179947][T31256]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[ 2117.185821][T31256]  ? 0xffffffffa00038c0
[ 2117.189951][T31256]  ? bpf_dispatcher_change_prog+0x54d/0xa80
[ 2117.195826][T31256]  bpf_prog_test_run_xdp+0xa13/0x1580
[ 2117.201178][T31256]  ? lock_acquire+0x2f/0xb0
[ 2117.205669][T31256]  ? __fget_files+0x40/0x3a0
[ 2117.210236][T31256]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[ 2117.216019][T31256]  ? __fget_files+0x206/0x3a0
[ 2117.220681][T31256]  ? fput+0x67/0x440
[ 2117.224560][T31256]  ? __bpf_prog_get+0xa0/0x290
[ 2117.229301][T31256]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[ 2117.235086][T31256]  __sys_bpf+0xfc6/0x49c0
[ 2117.239398][T31256]  ? __pfx_lock_release+0x10/0x10
[ 2117.244401][T31256]  ? __pfx___sys_bpf+0x10/0x10
[ 2117.249142][T31256]  ? vfs_write+0x306/0x1150
[ 2117.253624][T31256]  ? __mutex_unlock_slowpath+0x164/0x690
[ 2117.259242][T31256]  ? fput+0x67/0x440
[ 2117.263115][T31256]  ? ksys_write+0x1ba/0x250
[ 2117.267592][T31256]  ? __pfx_ksys_write+0x10/0x10
[ 2117.272445][T31256]  __x64_sys_bpf+0x78/0xc0
[ 2117.276847][T31256]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2117.282023][T31256]  do_syscall_64+0xcd/0x250
[ 2117.286508][T31256]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2117.292385][T31256] RIP: 0033:0x7f7968185d19
[ 2117.296776][T31256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2117.316361][T31256] RSP: 002b:00007f7968f8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2117.324772][T31256] RAX: ffffffffffffffda RBX: 00007f7968375fa0 RCX: 00007f7968185d19
[ 2117.332724][T31256] RDX: 0000000000000050 RSI: 0000000020000240 RDI: 000000000000000a
[ 2117.340685][T31256] RBP: 00007f7968f8a090 R08: 0000000000000000 R09: 0000000000000000
[ 2117.348657][T31256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2117.356635][T31256] R13: 0000000000000000 R14: 00007f7968375fa0 R15: 00007ffe2315a4d8
[ 2117.364596][T31256]  </TASK>
[ 2117.367715][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2117.406710][T31248] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2117.444672][T31248] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2117.454909][T31259] netlink: 'syz.8.6866': attribute type 1 has an invalid length.
[ 2117.480481][T31248] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2117.481310][T31259] netlink: 44 bytes leftover after parsing attributes in process `syz.8.6866'.
[ 2117.505294][T31248] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2117.623110][T31265] FAULT_INJECTION: forcing a failure.
[ 2117.623110][T31265] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2117.631600][T31268] overlayfs: failed to resolve './bus': -2
[ 2117.636393][T31265] CPU: 1 UID: 0 PID: 31265 Comm: syz.8.6867 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[ 2117.652692][T31265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 2117.662734][T31265] Call Trace:
[ 2117.665992][T31265]  <TASK>
[ 2117.668899][T31265]  dump_stack_lvl+0x16c/0x1f0
[ 2117.673584][T31265]  should_fail_ex+0x497/0x5b0
[ 2117.678294][T31265]  strncpy_from_user+0x3b/0x2d0
[ 2117.683173][T31265]  strncpy_from_user_nofault+0x7f/0x180
[ 2117.688410][T31266] overlay: ./file0 is not a directory
[ 2117.688721][T31265]  bpf_probe_read_compat_str+0xf1/0x170
[ 2117.699627][T31265]  bpf_prog_632764f3a8ec7cf7+0x57/0x64
[ 2117.705081][T31265]  bpf_trace_run3+0x240/0x5a0
[ 2117.709746][T31265]  ? trace_lock_acquire+0x14e/0x1f0
[ 2117.714947][T31265]  ? __pfx_bpf_trace_run3+0x10/0x10
[ 2117.720157][T31265]  ? lock_acquire+0x2f/0xb0
[ 2117.724645][T31265]  ? getname_flags.part.0+0x485/0x550
[ 2117.730014][T31265]  ? __virt_addr_valid+0x5e/0x590
[ 2117.735033][T31265]  kmem_cache_free+0x200/0x4c0
[ 2117.739790][T31265]  ? strncpy_from_user+0x1fe/0x2d0
[ 2117.744893][T31265]  getname_flags.part.0+0x485/0x550
[ 2117.750086][T31265]  __x64_sys_unlink+0xb0/0x110
[ 2117.754836][T31265]  do_syscall_64+0xcd/0x250
[ 2117.759332][T31265]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2117.765215][T31265] RIP: 0033:0x7f7968185d19
[ 2117.769618][T31265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2117.789299][T31265] RSP: 002b:00007f7968f8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[ 2117.797697][T31265] RAX: ffffffffffffffda RBX: 00007f7968375fa0 RCX: 00007f7968185d19
[ 2117.805656][T31265] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
[ 2117.813611][T31265] RBP: 00007f7968f8a090 R08: 0000000000000000 R09: 0000000000000000
[ 2117.821568][T31265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2117.829522][T31265] R13: 0000000000000000 R14: 00007f7968375fa0 R15: 00007ffe2315a4d8
[ 2117.837489][T31265]  </TASK>
[ 2117.852125][T31270] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6869'.
[ 2118.130339][T31268] lo speed is unknown, defaulting to 1000
[ 2118.138445][   T25] usb 9-1: new high-speed USB device number 41 using dummy_hcd
[ 2118.141268][T31266] fuse: Bad value for 'rootmode'
[ 2118.158541][   T29] audit: type=1400 audit(1734071942.545:1338): avc:  denied  { mounton } for  pid=31263 comm="syz.0.6869" path="/285/file0" dev="tmpfs" ino=1540 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[ 2118.368418][T31273] lo speed is unknown, defaulting to 1000
[ 2120.069466][ T5865] usb 7-1: new high-speed USB device number 77 using dummy_hcd
[ 2120.283163][ T5865] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 2120.342108][ T5865] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2120.366895][ T5865] usb 7-1: Product: syz
[ 2120.366918][ T5865] usb 7-1: Manufacturer: syz
[ 2120.366934][ T5865] usb 7-1: SerialNumber: syz
[ 2120.382002][ T5865] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 2120.402560][ T5897] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 2120.422188][T31303] FAULT_INJECTION: forcing a failure.
[ 2120.422188][T31303] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2120.422217][T31303] CPU: 1 UID: 0 PID: 31303 Comm: syz.2.6877 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[ 2120.422240][T31303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 2120.422251][T31303] Call Trace:
[ 2120.422260][T31303]  <TASK>
[ 2120.422269][T31303]  dump_stack_lvl+0x16c/0x1f0
[ 2120.422295][T31303]  should_fail_ex+0x497/0x5b0
[ 2120.422324][T31303]  _copy_to_user+0x32/0xd0
[ 2120.422353][T31303]  simple_read_from_buffer+0xd0/0x160
[ 2120.422383][T31303]  proc_fail_nth_read+0x198/0x270
[ 2120.422409][T31303]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2120.422437][T31303]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2120.422461][T31303]  vfs_read+0x1df/0xbe0
[ 2120.422478][T31303]  ? __fget_files+0x1fc/0x3a0
[ 2120.422497][T31303]  ? __pfx___mutex_lock+0x10/0x10
[ 2120.422519][T31303]  ? __pfx_vfs_read+0x10/0x10
[ 2120.422544][T31303]  ? __fget_files+0x206/0x3a0
[ 2120.422569][T31303]  ksys_read+0x12b/0x250
[ 2120.422585][T31303]  ? __pfx_ksys_read+0x10/0x10
[ 2120.422608][T31303]  do_syscall_64+0xcd/0x250
[ 2120.422632][T31303]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2120.422656][T31303] RIP: 0033:0x7f2408d8472c
[ 2120.422671][T31303] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 2120.422688][T31303] RSP: 002b:00007f2409baf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2120.422708][T31303] RAX: ffffffffffffffda RBX: 00007f2408f76080 RCX: 00007f2408d8472c
[ 2120.422721][T31303] RDX: 000000000000000f RSI: 00007f2409baf0a0 RDI: 0000000000000005
[ 2120.422732][T31303] RBP: 00007f2409baf090 R08: 0000000000000000 R09: 0000000000000000
[ 2120.422744][T31303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2120.422755][T31303] R13: 0000000000000000 R14: 00007f2408f76080 R15: 00007ffe249fd1e8
[ 2120.422785][T31303]  </TASK>
[ 2120.431649][T31273] netlink: 16 bytes leftover after parsing attributes in process `syz.8.6870'.
[ 2120.718488][T31273] netlink: 16 bytes leftover after parsing attributes in process `syz.8.6870'.
[ 2121.049172][T16091] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[ 2121.159282][T15917] usb 8-1: new low-speed USB device number 35 using dummy_hcd
[ 2121.269327][T20922] usb 7-1: USB disconnect, device number 77
[ 2121.277822][    C0] dummy_hcd dummy_hcd.6: timer fired with no URBs pending?
[ 2121.389329][T15917] usb 8-1: device descriptor read/64, error -71
[ 2121.406059][T16091] usb 1-1: config 0 has an invalid interface number: 69 but max is 0
[ 2121.428064][T16091] usb 1-1: config 0 has no interface number 0
[ 2121.562517][T16091] usb 1-1: config 0 interface 69 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10
[ 2121.578895][T16091] usb 1-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[ 2121.590642][T16091] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2121.598876][T16091] usb 1-1: Product: syz
[ 2121.603692][T16091] usb 1-1: Manufacturer: syz
[ 2121.608390][T16091] usb 1-1: SerialNumber: syz
[ 2121.628577][T16091] usb 1-1: config 0 descriptor??
[ 2121.655429][T16091] cyberjack 1-1:0.69: required endpoints missing
[ 2121.662120][T15917] usb 8-1: new low-speed USB device number 36 using dummy_hcd
[ 2121.682102][ T5897] usb 7-1: Service connection timeout for: 256
[ 2121.698724][ T5897] ath9k_htc 7-1:1.0: ath9k_htc: Unable to initialize HTC services
[ 2121.809363][T15917] usb 8-1: device descriptor read/64, error -71
[ 2121.989288][T15917] usb usb8-port1: attempt power cycle
[ 2122.000023][ T5865] usb 1-1: USB disconnect, device number 2
[ 2122.009755][ T5897] ath9k_htc: Failed to initialize the device
[ 2122.030030][T20922] usb 7-1: ath9k_htc: USB layer deinitialized
[ 2122.107331][T31328] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2122.116113][T31328] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2122.172592][T31330] openvswitch: netlink: Message has 1255 unknown bytes.
[ 2122.180086][T31330] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 2122.198417][T31331] vivid-007: disconnect
[ 2122.341721][T15917] usb 8-1: new low-speed USB device number 37 using dummy_hcd
[ 2122.400748][T15917] usb 8-1: device descriptor read/8, error -71
[ 2122.561006][T31325] vivid-007: reconnect
[ 2122.641268][T31333] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22)
[ 2122.660469][T15917] usb 8-1: new low-speed USB device number 38 using dummy_hcd
[ 2122.703385][T15917] usb 8-1: device descriptor read/8, error -71
[ 2122.709235][T31339] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6891'.
[ 2122.731037][T31337] input: syz1 as /devices/virtual/input/input138
[ 2122.820232][T15917] usb usb8-port1: unable to enumerate USB device
[ 2124.035487][T31347] syz.6.6893: attempt to access beyond end of device
[ 2124.035487][T31347] nbd6: rw=0, sector=1, nr_sectors = 1 limit=0
[ 2124.048245][T31347] VFS: could not find a valid V7 on nbd6.
[ 2124.069276][   T25] usb 9-1: device descriptor read/64, error -110
[ 2124.359233][   T25] usb 9-1: new high-speed USB device number 42 using dummy_hcd
[ 2124.529105][   T25] usb 9-1: device descriptor read/64, error -32
[ 2124.616809][T31359] openvswitch: netlink: Message has 1255 unknown bytes.
[ 2124.641784][T31359] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 2124.652262][   T25] usb usb9-port1: attempt power cycle
[ 2124.875358][    T8] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 2124.884071][    T8] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 2124.898610][T31371] netlink: 188 bytes leftover after parsing attributes in process `syz.7.6895'.
[ 2124.925904][T31371] netlink: 'syz.7.6895': attribute type 1 has an invalid length.
[ 2124.935123][    T8] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 2125.115316][    T8] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 2125.239384][    T8] rtc rtc0: __rtc_set_alarm: err=-22
[ 2125.319724][   T25] usb 9-1: new high-speed USB device number 43 using dummy_hcd
[ 2125.474703][   T25] usb 9-1: device descriptor read/8, error -32
[ 2125.589978][   T25] raw-gadget.1 gadget.8: failed to queue suspend event
[ 2125.598400][   T25] raw-gadget.1 gadget.8: failed to queue reset event
[ 2125.669491][   T25] raw-gadget.1 gadget.8: failed to queue resume event
[ 2125.789113][   T25] usb 9-1: new high-speed USB device number 44 using dummy_hcd
[ 2125.805124][T31382] FAULT_INJECTION: forcing a failure.
[ 2125.805124][T31382] name failslab, interval 1, probability 0, space 0, times 0
[ 2125.819294][    C1] raw-gadget.1 gadget.8: ignoring, device is not running
[ 2125.830557][   T25] usb 9-1: device descriptor read/8, error -32
[ 2125.865625][T31382] CPU: 0 UID: 0 PID: 31382 Comm: syz.7.6904 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[ 2125.876405][T31382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 2125.886454][T31382] Call Trace:
[ 2125.889732][T31382]  <TASK>
[ 2125.892665][T31382]  dump_stack_lvl+0x16c/0x1f0
[ 2125.897358][T31382]  should_fail_ex+0x497/0x5b0
[ 2125.902054][T31382]  should_failslab+0xc2/0x120
[ 2125.906736][T31382]  kmem_cache_alloc_noprof+0x6e/0x3d0
[ 2125.912124][T31382]  ? skb_clone+0x190/0x3f0
[ 2125.916565][T31382]  skb_clone+0x190/0x3f0
[ 2125.920808][T31382]  netlink_deliver_tap+0xabd/0xd30
[ 2125.925914][T31382]  netlink_unicast+0x5e1/0x7f0
[ 2125.930702][T31382]  ? __pfx_netlink_unicast+0x10/0x10
[ 2125.935990][T31382]  netlink_sendmsg+0x8b8/0xd70
[ 2125.940766][T31382]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2125.946039][T31382]  ____sys_sendmsg+0xaaf/0xc90
[ 2125.950791][T31382]  ? copy_msghdr_from_user+0x10b/0x160
[ 2125.956850][T31382]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2125.962134][T31382]  ___sys_sendmsg+0x135/0x1e0
[ 2125.966793][T31382]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2125.969316][   T25] raw-gadget.1 gadget.8: failed to queue suspend event
[ 2125.971981][T31382]  ? __pfx_lock_release+0x10/0x10
[ 2125.983803][T31382]  ? trace_lock_acquire+0x14e/0x1f0
[ 2125.988998][T31382]  ? __fget_files+0x206/0x3a0
[ 2125.993680][T31382]  __sys_sendmsg+0x16e/0x220
[ 2125.998254][T31382]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2126.003369][T31382]  do_syscall_64+0xcd/0x250
[ 2126.007853][T31382]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2126.013739][T31382] RIP: 0033:0x7feeeed85d19
[ 2126.018134][T31382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2126.037724][T31382] RSP: 002b:00007feeefb1b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2126.046119][T31382] RAX: ffffffffffffffda RBX: 00007feeeef75fa0 RCX: 00007feeeed85d19
[ 2126.054067][T31382] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[ 2126.062028][T31382] RBP: 00007feeefb1b090 R08: 0000000000000000 R09: 0000000000000000
[ 2126.069988][T31382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2126.077936][T31382] R13: 0000000000000000 R14: 00007feeeef75fa0 R15: 00007fff663ed368
[ 2126.085902][T31382]  </TASK>
[ 2126.092483][   T25] usb usb9-port1: unable to enumerate USB device
[ 2126.106539][T31382] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6904'.
[ 2126.249234][T20922] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[ 2126.399371][   T25] usb 7-1: new high-speed USB device number 78 using dummy_hcd
[ 2126.447256][T20922] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2126.466868][T20922] usb 1-1: New USB device found, idVendor=0c10, idProduct=0000, bcdDevice=c8.43
[ 2126.477664][T20922] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2126.498597][T20922] usb 1-1: Product: syz
[ 2126.506585][T20922] usb 1-1: Manufacturer: syz
[ 2126.520306][T20922] usb 1-1: SerialNumber: syz
[ 2126.542400][T20922] usb 1-1: config 0 descriptor??
[ 2126.579263][   T25] usb 7-1: Using ep0 maxpacket: 16
[ 2126.594067][   T25] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[ 2126.609150][   T25] usb 7-1: config 0 has no interface number 0
[ 2126.667967][   T25] usb 7-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[ 2126.678958][T31379] sp0: Synchronizing with TNC
[ 2126.695804][   T25] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2126.707562][   T25] usb 7-1: Product: syz
[ 2126.711776][   T25] usb 7-1: Manufacturer: syz
[ 2126.717177][   T25] usb 7-1: SerialNumber: syz
[ 2126.728903][   T25] usb 7-1: config 0 descriptor??
[ 2126.738815][   T25] gspca_main: spca1528-2.14.0 probing 04fc:1528
[ 2126.760000][T31379] xt_socket: unknown flags 0x50
[ 2126.767663][T31402] FAULT_INJECTION: forcing a failure.
[ 2126.767663][T31402] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2126.781832][T31402] CPU: 0 UID: 0 PID: 31402 Comm: syz.2.6910 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[ 2126.792617][T31402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 2126.802676][T31402] Call Trace:
[ 2126.805944][T31402]  <TASK>
[ 2126.808871][T31402]  dump_stack_lvl+0x16c/0x1f0
[ 2126.813558][T31402]  should_fail_ex+0x497/0x5b0
[ 2126.818258][T31402]  _copy_from_user+0x2e/0xd0
[ 2126.822874][T31402]  ucma_write+0x129/0x330
[ 2126.827222][T31402]  ? __pfx_ucma_write+0x10/0x10
[ 2126.832088][T31402]  ? bpf_lsm_file_permission+0x9/0x10
[ 2126.837480][T31402]  ? security_file_permission+0x71/0x210
[ 2126.843132][T31402]  ? __pfx_ucma_write+0x10/0x10
[ 2126.848002][T31402]  vfs_write+0x24c/0x1150
[ 2126.852341][T31402]  ? __fget_files+0x1fc/0x3a0
[ 2126.857027][T31402]  ? __pfx_lock_release+0x10/0x10
[ 2126.862042][T31402]  ? __pfx_vfs_write+0x10/0x10
[ 2126.866792][T31402]  ? lock_acquire+0x2f/0xb0
[ 2126.871275][T31402]  ? __fget_files+0x40/0x3a0
[ 2126.875992][T31402]  ? __fget_files+0x206/0x3a0
[ 2126.880697][T31402]  ksys_write+0x207/0x250
[ 2126.885030][T31402]  ? __pfx_ksys_write+0x10/0x10
[ 2126.889895][T31402]  do_syscall_64+0xcd/0x250
[ 2126.894421][T31402]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2126.900332][T31402] RIP: 0033:0x7f2408d85d19
[ 2126.904741][T31402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2126.924377][T31402] RSP: 002b:00007f2409bd0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2126.932793][T31402] RAX: ffffffffffffffda RBX: 00007f2408f75fa0 RCX: 00007f2408d85d19
[ 2126.940783][T31402] RDX: 0000000000000030 RSI: 0000000020000080 RDI: 0000000000000003
[ 2126.942685][   T29] audit: type=1400 audit(1734071951.345:1339): avc:  denied  { write } for  pid=31384 comm="syz.6.6905" name="file0" dev="tmpfs" ino=2921 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 2126.948747][T31402] RBP: 00007f2409bd0090 R08: 0000000000000000 R09: 0000000000000000
[ 2126.948762][T31402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2126.948774][T31402] R13: 0000000000000000 R14: 00007f2408f75fa0 R15: 00007ffe249fd1e8
[ 2126.948798][T31402]  </TASK>
[ 2126.971448][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2126.991092][T31386] block device autoloading is deprecated and will be removed.
[ 2126.996190][   T29] audit: type=1400 audit(1734071951.375:1340): avc:  denied  { open } for  pid=31384 comm="syz.6.6905" path="/534/file0" dev="tmpfs" ino=2921 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 2127.035200][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2127.259800][   T25] gspca_spca1528: reg_w err -110
[ 2127.279443][   T25] spca1528 7-1:0.1: probe with driver spca1528 failed with error -110
[ 2127.408094][T31408] openvswitch: netlink: Message has 1255 unknown bytes.
[ 2127.416574][T31408] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 2127.427881][    T8] usb 1-1: USB disconnect, device number 3
[ 2127.438014][   T29] audit: type=1400 audit(1734071951.845:1341): avc:  denied  { ioctl } for  pid=31384 comm="syz.6.6905" path="/534/file0" dev="tmpfs" ino=2921 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 2127.591303][ T5897] usb 7-1: USB disconnect, device number 78
[ 2127.802271][T31424] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2127.820168][T31424] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2128.104058][T31430] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6918'.
[ 2242.009096][    C0] ------------[ cut here ]------------
[ 2242.010032][    C0] WARNING: CPU: 0 PID: 12 at kernel/rcu/tree_stall.h:989 rcu_check_gp_start_stall.part.0+0x1c4/0x4b0
[ 2242.010075][    C0] Modules linked in:
[ 2242.010089][    C0] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:1 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[ 2242.010114][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 2242.010128][    C0] Workqueue: events_unbound toggle_allocation_gate
[ 2242.010152][    C0] RIP: 0010:rcu_check_gp_start_stall.part.0+0x1c4/0x4b0
[ 2242.010176][    C0] Code: 88 61 01 00 00 be 04 00 00 00 48 c7 c7 60 99 84 9a e8 90 b9 7c 00 b8 01 00 00 00 87 05 45 8d 04 19 85 c0 0f 85 3d 01 00 00 90 <0f> 0b 90 48 81 fd c0 66 1c 8e 48 c7 c3 b4 48 5f 90 74 5a 48 b8 00
[ 2242.010195][    C0] RSP: 0018:ffffc90000007df0 EFLAGS: 00010046
[ 2242.010213][    C0] RAX: 0000000000000000 RBX: 0000000000002904 RCX: ffffffff81800c10
[ 2242.010227][    C0] RDX: fffffbfff350932c RSI: 0000000000000004 RDI: ffffffff9a849960
[ 2242.010241][    C0] RBP: ffffffff8e1c66c0 R08: 0000000000000001 R09: fffffbfff350932c
[ 2242.010256][    C0] R10: 0000000000000003 R11: 0000000000000005 R12: 1ffffffff1bc2040
[ 2242.010270][    C0] R13: 0000000000000246 R14: ffffffff8e1c66c0 R15: ffff8880b863fb92
[ 2242.010285][    C0] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[ 2242.010306][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2242.010321][    C0] CR2: 0000000020000000 CR3: 000000000df7e000 CR4: 00000000003526f0
[ 2242.010335][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2242.010349][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2242.010362][    C0] Call Trace:
[ 2242.010370][    C0]  <IRQ>
[ 2242.010380][    C0]  ? __warn+0xea/0x3c0
[ 2242.010400][    C0]  ? rcu_check_gp_start_stall.part.0+0x1c4/0x4b0
[ 2242.010424][    C0]  ? report_bug+0x3c0/0x580
[ 2242.010451][    C0]  ? handle_bug+0x54/0xa0
[ 2242.010476][    C0]  ? exc_invalid_op+0x17/0x50
[ 2242.010501][    C0]  ? asm_exc_invalid_op+0x1a/0x20
[ 2242.010531][    C0]  ? rcu_check_gp_start_stall.part.0+0x1b0/0x4b0
[ 2242.010555][    C0]  ? rcu_check_gp_start_stall.part.0+0x1c4/0x4b0
[ 2242.010581][    C0]  rcu_core+0x4d0/0x14d0
[ 2242.010611][    C0]  ? __pfx_sched_balance_domains+0x10/0x10
[ 2242.010637][    C0]  ? __pfx_rcu_core+0x10/0x10
[ 2242.010673][    C0]  handle_softirqs+0x213/0x8f0
[ 2242.010703][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[ 2242.010733][    C0]  __irq_exit_rcu+0x109/0x170
[ 2242.010762][    C0]  irq_exit_rcu+0x9/0x30
[ 2242.010785][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 2242.010808][    C0]  </IRQ>
[ 2242.010816][    C0]  <TASK>
[ 2242.010825][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2242.010851][    C0] RIP: 0010:smp_call_function_many_cond+0x458/0x1300
[ 2242.010880][    C0] Code: 0c 00 85 ed 74 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 aa 0d 0c 00 f3 90 <41> 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 a7 0c 00 00 8b 43 08 31
[ 2242.010899][    C0] RSP: 0018:ffffc90000117998 EFLAGS: 00000293
[ 2242.010916][    C0] RAX: 0000000000000000 RBX: ffff8880b8744a40 RCX: ffffffff818df5fc
[ 2242.010931][    C0] RDX: ffff88801cef4880 RSI: ffffffff818df5d6 RDI: 0000000000000005
[ 2242.010945][    C0] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000
[ 2242.010958][    C0] R10: 0000000000000001 R11: 0000000000000006 R12: ffffed10170e8949
[ 2242.010972][    C0] R13: 0000000000000001 R14: ffff8880b8744a48 R15: ffff8880b863fe40
[ 2242.010993][    C0]  ? smp_call_function_many_cond+0x47c/0x1300
[ 2242.011020][    C0]  ? smp_call_function_many_cond+0x456/0x1300
[ 2242.011051][    C0]  ? smp_call_function_many_cond+0x456/0x1300
[ 2242.011079][    C0]  ? __pfx_do_sync_core+0x10/0x10
[ 2242.011112][    C0]  ? __pfx_do_sync_core+0x10/0x10
[ 2242.011138][    C0]  on_each_cpu_cond_mask+0x40/0x90
[ 2242.011166][    C0]  text_poke_bp_batch+0x22b/0x760
[ 2242.011199][    C0]  ? __pfx_text_poke_bp_batch+0x10/0x10
[ 2242.011225][    C0]  ? __jump_label_patch+0x1db/0x400
[ 2242.011258][    C0]  ? arch_jump_label_transform_queue+0xc0/0x120
[ 2242.011294][    C0]  text_poke_finish+0x30/0x40
[ 2242.011320][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[ 2242.011349][    C0]  jump_label_update+0x1d7/0x400
[ 2242.011380][    C0]  static_key_enable_cpuslocked+0x1b7/0x270
[ 2242.011410][    C0]  static_key_enable+0x1a/0x20
[ 2242.011438][    C0]  toggle_allocation_gate+0xfc/0x260
[ 2242.011462][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[ 2242.011498][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[ 2242.011527][    C0]  ? process_one_work+0x921/0x1ba0
[ 2242.011551][    C0]  ? lock_acquire+0x2f/0xb0
[ 2242.011572][    C0]  ? process_one_work+0x921/0x1ba0
[ 2242.011598][    C0]  process_one_work+0x9c5/0x1ba0
[ 2242.011628][    C0]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[ 2242.011661][    C0]  ? __pfx_process_one_work+0x10/0x10
[ 2242.011683][    C0]  ? rcu_is_watching+0x12/0xc0
[ 2242.011717][    C0]  ? assign_work+0x1a0/0x250
[ 2242.011740][    C0]  worker_thread+0x6c8/0xf00
[ 2242.011779][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 2242.011801][    C0]  kthread+0x2c1/0x3a0
[ 2242.011827][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2242.011849][    C0]  ? __pfx_kthread+0x10/0x10
[ 2242.011876][    C0]  ret_from_fork+0x45/0x80
[ 2242.011896][    C0]  ? __pfx_kthread+0x10/0x10
[ 2242.011923][    C0]  ret_from_fork_asm+0x1a/0x30
[ 2242.011964][    C0]  </TASK>
[ 2242.011975][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 2242.011986][    C0] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:1 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0
[ 2242.012009][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 2242.012021][    C0] Workqueue: events_unbound toggle_allocation_gate
[ 2242.012043][    C0] Call Trace:
[ 2242.012050][    C0]  <IRQ>
[ 2242.012058][    C0]  dump_stack_lvl+0x3d/0x1f0
[ 2242.012082][    C0]  panic+0x71d/0x800
[ 2242.012112][    C0]  ? __pfx_panic+0x10/0x10
[ 2242.012141][    C0]  ? show_trace_log_lvl+0x29d/0x3d0
[ 2242.012170][    C0]  ? check_panic_on_warn+0x1f/0xb0
[ 2242.012201][    C0]  ? rcu_check_gp_start_stall.part.0+0x1c4/0x4b0
[ 2242.012223][    C0]  check_panic_on_warn+0xab/0xb0
[ 2242.012253][    C0]  __warn+0xf6/0x3c0
[ 2242.012271][    C0]  ? rcu_check_gp_start_stall.part.0+0x1c4/0x4b0
[ 2242.012294][    C0]  report_bug+0x3c0/0x580
[ 2242.012320][    C0]  handle_bug+0x54/0xa0
[ 2242.012344][    C0]  exc_invalid_op+0x17/0x50
[ 2242.012370][    C0]  asm_exc_invalid_op+0x1a/0x20
[ 2242.012392][    C0] RIP: 0010:rcu_check_gp_start_stall.part.0+0x1c4/0x4b0
[ 2242.012414][    C0] Code: 88 61 01 00 00 be 04 00 00 00 48 c7 c7 60 99 84 9a e8 90 b9 7c 00 b8 01 00 00 00 87 05 45 8d 04 19 85 c0 0f 85 3d 01 00 00 90 <0f> 0b 90 48 81 fd c0 66 1c 8e 48 c7 c3 b4 48 5f 90 74 5a 48 b8 00
[ 2242.012432][    C0] RSP: 0018:ffffc90000007df0 EFLAGS: 00010046
[ 2242.012449][    C0] RAX: 0000000000000000 RBX: 0000000000002904 RCX: ffffffff81800c10
[ 2242.012463][    C0] RDX: fffffbfff350932c RSI: 0000000000000004 RDI: ffffffff9a849960
[ 2242.012477][    C0] RBP: ffffffff8e1c66c0 R08: 0000000000000001 R09: fffffbfff350932c
[ 2242.012491][    C0] R10: 0000000000000003 R11: 0000000000000005 R12: 1ffffffff1bc2040
[ 2242.012503][    C0] R13: 0000000000000246 R14: ffffffff8e1c66c0 R15: ffff8880b863fb92
[ 2242.012524][    C0]  ? rcu_check_gp_start_stall.part.0+0x1b0/0x4b0
[ 2242.012552][    C0]  rcu_core+0x4d0/0x14d0
[ 2242.012581][    C0]  ? __pfx_sched_balance_domains+0x10/0x10
[ 2242.012606][    C0]  ? __pfx_rcu_core+0x10/0x10
[ 2242.012641][    C0]  handle_softirqs+0x213/0x8f0
[ 2242.012669][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[ 2242.012699][    C0]  __irq_exit_rcu+0x109/0x170
[ 2242.012722][    C0]  irq_exit_rcu+0x9/0x30
[ 2242.012745][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 2242.012771][    C0]  </IRQ>
[ 2242.012778][    C0]  <TASK>
[ 2242.012787][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2242.012812][    C0] RIP: 0010:smp_call_function_many_cond+0x458/0x1300
[ 2242.012840][    C0] Code: 0c 00 85 ed 74 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 aa 0d 0c 00 f3 90 <41> 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 a7 0c 00 00 8b 43 08 31
[ 2242.012859][    C0] RSP: 0018:ffffc90000117998 EFLAGS: 00000293
[ 2242.012875][    C0] RAX: 0000000000000000 RBX: ffff8880b8744a40 RCX: ffffffff818df5fc
[ 2242.012889][    C0] RDX: ffff88801cef4880 RSI: ffffffff818df5d6 RDI: 0000000000000005
[ 2242.012902][    C0] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000
[ 2242.012915][    C0] R10: 0000000000000001 R11: 0000000000000006 R12: ffffed10170e8949
[ 2242.012928][    C0] R13: 0000000000000001 R14: ffff8880b8744a48 R15: ffff8880b863fe40
[ 2242.012949][    C0]  ? smp_call_function_many_cond+0x47c/0x1300
[ 2242.012976][    C0]  ? smp_call_function_many_cond+0x456/0x1300
[ 2242.013006][    C0]  ? smp_call_function_many_cond+0x456/0x1300
[ 2242.013034][    C0]  ? __pfx_do_sync_core+0x10/0x10
[ 2242.013065][    C0]  ? __pfx_do_sync_core+0x10/0x10
[ 2242.013091][    C0]  on_each_cpu_cond_mask+0x40/0x90
[ 2242.013119][    C0]  text_poke_bp_batch+0x22b/0x760
[ 2242.013152][    C0]  ? __pfx_text_poke_bp_batch+0x10/0x10
[ 2242.013177][    C0]  ? __jump_label_patch+0x1db/0x400
[ 2242.013210][    C0]  ? arch_jump_label_transform_queue+0xc0/0x120
[ 2242.013246][    C0]  text_poke_finish+0x30/0x40
[ 2242.013272][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[ 2242.013300][    C0]  jump_label_update+0x1d7/0x400
[ 2242.013331][    C0]  static_key_enable_cpuslocked+0x1b7/0x270
[ 2242.013361][    C0]  static_key_enable+0x1a/0x20
[ 2242.013389][    C0]  toggle_allocation_gate+0xfc/0x260
[ 2242.013412][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[ 2242.013435][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[ 2242.013464][    C0]  ? process_one_work+0x921/0x1ba0
[ 2242.013487][    C0]  ? lock_acquire+0x2f/0xb0
[ 2242.013506][    C0]  ? process_one_work+0x921/0x1ba0
[ 2242.013532][    C0]  process_one_work+0x9c5/0x1ba0
[ 2242.013563][    C0]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[ 2242.013594][    C0]  ? __pfx_process_one_work+0x10/0x10
[ 2242.013615][    C0]  ? rcu_is_watching+0x12/0xc0
[ 2242.013649][    C0]  ? assign_work+0x1a0/0x250
[ 2242.013673][    C0]  worker_thread+0x6c8/0xf00
[ 2242.013707][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 2242.013729][    C0]  kthread+0x2c1/0x3a0
[ 2242.013757][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2242.013778][    C0]  ? __pfx_kthread+0x10/0x10
[ 2242.013805][    C0]  ret_from_fork+0x45/0x80
[ 2242.013824][    C0]  ? __pfx_kthread+0x10/0x10
[ 2242.013850][    C0]  ret_from_fork_asm+0x1a/0x30
[ 2242.013890][    C0]  </TASK>
[ 2243.095517][    C0] Shutting down cpus with NMI
[ 2243.095738][    C0] Kernel Offset: disabled