last executing test programs:

7.744731835s ago: executing program 3 (id=1421):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200))
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$setperm(0x5, 0x0, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f0000000140), 0x0, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYBLOB=',rootmode=', @ANYRESDEC=0x0, @ANYBLOB=',group_i', @ANYRESDEC=0x0])
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080), &(0x7f0000000180)=0xc)
write$FUSE_INIT(r2, &(0x7f0000000380)={0x50}, 0x50)
close_range(r1, 0xffffffffffffffff, 0x0)

7.239535049s ago: executing program 0 (id=1423):
io_uring_setup(0x2e34, &(0x7f0000000000)) (async)
r0 = io_uring_setup(0x2e34, &(0x7f0000000000))
r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r1, &(0x7f00000001c0)={0x1a, 0x30f, 0x84, 0x1, 0x20, 0x0, @random="a6375a8603fe"}, 0x10) (async)
connect$llc(r1, &(0x7f00000001c0)={0x1a, 0x30f, 0x84, 0x1, 0x20, 0x0, @random="a6375a8603fe"}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)
eventfd2(0x0, 0x0) (async)
r2 = eventfd2(0x0, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r5=>0x0)
io_submit(r5, 0x3, &(0x7f0000000140)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x9, r3, 0x0, 0x0, 0x0, 0x0, 0x0, r2}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x7, 0x9, r4, 0x0, 0x0, 0x2}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x4000000000, 0x0, 0x1}]) (async)
io_submit(r5, 0x3, &(0x7f0000000140)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x9, r3, 0x0, 0x0, 0x0, 0x0, 0x0, r2}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x7, 0x9, r4, 0x0, 0x0, 0x2}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x4000000000, 0x0, 0x1}])
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x7) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x7)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
ioctl$VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000200)={0x5, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {0x0, 0x5}], 0x0, 0x0, 0x7}}) (async)
ioctl$VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000200)={0x5, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {0x0, 0x5}], 0x0, 0x0, 0x7}})
mkdir(0x0, 0x0) (async)
mkdir(0x0, 0x0)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40088a01, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000040)={0x80000006})
bind$inet6(r7, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x25}}, 0x1c)
openat(0xffffffffffffffff, &(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x480000, 0x104)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000cc0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
syz_emit_ethernet(0x32, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaa00aaaaaaaaaabb88a800008100000008004500001cf40000000002907800000000ffff54924a5c2c9cd97cc25e"], 0x0) (async)
syz_emit_ethernet(0x32, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaa00aaaaaaaaaabb88a800008100000008004500001cf40000000002907800000000ffff54924a5c2c9cd97cc25e"], 0x0)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r9)
socket$packet(0x11, 0x3, 0x300) (async)
socket$packet(0x11, 0x3, 0x300)
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
write$cgroup_subtree(r8, &(0x7f0000000180)=ANY=[], 0x24)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) (async)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="5c0000002a00090000000000000000000400002e45001180"], 0x5c}, 0x1, 0x3000000}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)

7.126563672s ago: executing program 4 (id=1424):
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
mknod(&(0x7f0000000540)='./file1\x00', 0x0, 0x0)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000006c0)='./file1\x00', &(0x7f0000000000), 0x0, &(0x7f0000000700)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}})
close(r0)

6.574022657s ago: executing program 3 (id=1425):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$vcsa(&(0x7f0000000140), 0x1, 0x0)
lseek(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_setup(0x45b4, &(0x7f00000035c0)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000040)=<r1=>0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
syz_io_uring_submit(r0, r1, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r2, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000080)={0xc})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="5800000010000104000000000000000000030000", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b00010067656e657665000014000280080001000100000005000300000000001400030067656e65766531000000000000000000facced964c0377c80016bb"], 0x58}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r4, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x4c, r5, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x7b}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x76}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x68}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x5e}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20040800}, 0x40000)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000140)={&(0x7f0000000480)={0x30, r7, 0x8, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x1, 0x67}, @val={0x8}, @val={0xc, 0x99, {0x2, 0x6f}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c140}, 0x0)
socket(0x10, 0x3, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r8, &(0x7f0000006440)={0x0, 0x0, &(0x7f00000063c0)}, 0x0)
r9 = socket(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000580)={'veth1_virt_wifi\x00', <r10=>0x0})
setsockopt$SO_TIMESTAMPING(r9, 0x1, 0x41, &(0x7f0000000140)=0x9de, 0x4)
bind$packet(r9, &(0x7f0000000080)={0x11, 0x0, r10, 0x1, 0x0, 0x6, @multicast}, 0x14)
sendto$packet(r9, &(0x7f0000000040)="bb53a945842851722bb479853e60", 0xe, 0x0, 0x0, 0x0)
recvmmsg(r9, &(0x7f00000046c0)=[{{&(0x7f00000004c0)=@hci, 0x80, &(0x7f00000005c0)=[{&(0x7f00000008c0)=""/86, 0x56}, {&(0x7f00000002c0)=""/35, 0x23}, {&(0x7f0000000380)=""/44, 0x2c}], 0x3, &(0x7f0000000940)=""/103, 0x67}, 0x3}, {{0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000009c0)=""/169, 0xa9}, {&(0x7f0000000a80)=""/13, 0xd}, {&(0x7f0000000ac0)=""/200, 0xc8}, {&(0x7f0000000bc0)=""/196, 0xc4}, {&(0x7f0000000cc0)=""/13, 0xd}, {&(0x7f0000000d00)=""/64, 0x40}, {&(0x7f0000000d40)=""/217, 0xd9}, {&(0x7f0000000e40)=""/62, 0x3e}, {&(0x7f0000000e80)=""/40, 0x28}, {&(0x7f0000000ec0)=""/76, 0x4c}], 0xa, &(0x7f0000001000)=""/4096, 0x1000}, 0x7ff}, {{&(0x7f0000002000)=@un=@abs, 0x80, &(0x7f0000004540)=[{&(0x7f0000002080)=""/84, 0x54}, {&(0x7f0000002100)=""/105, 0x69}, {&(0x7f0000002180)=""/25, 0x19}, {&(0x7f00000021c0)=""/4096, 0x1000}, {&(0x7f00000031c0)=""/4096, 0x1000}, {&(0x7f00000041c0)=""/157, 0x9d}, {&(0x7f0000004280)=""/224, 0xe0}, {&(0x7f0000004380)=""/79, 0x4f}, {&(0x7f0000004400)=""/165, 0xa5}, {&(0x7f00000044c0)=""/81, 0x51}], 0xa, &(0x7f0000004600)=""/177, 0xb1}, 0xffff5975}], 0x3, 0x12040, &(0x7f0000004780))
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(0xffffffffffffffff, 0x3b72, 0x0)

6.014913017s ago: executing program 4 (id=1426):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x396100, 0x0)
syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000006000000000084e27fa40000000f000000c5000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6000ed6a000b2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa2c000003"], 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x13, r2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)=<r5=>0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6)
sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r7, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}]}, 0x1c}}, 0x0)
write$nci(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="1069010805"], 0x5)
r8 = dup2(r1, r3)
bind$inet(r3, &(0x7f00000005c0)={0x2, 0x4c21, @empty}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200408c4, &(0x7f0000000200)={0x2, 0x4e21, @local}, 0x10)
r9 = syz_open_dev$vim2m(&(0x7f0000000180), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r9, 0xc0d05604, &(0x7f0000000280)={0x9, @raw_data="4c5d3e144f8b7cd57053474f0efec924dee607941d590db41c2cfb356281d23e9f3fceb2023d7033052cedd690a4d38cb9480b3e7a25903197017aafb6a837ea72165335c6586d60d50b9ac7b055ae8b9d9f23db423d5839c30a601adddbcf2156b3d4cb747766d2ca6180c0272a2661cb0d8c41e5f123d80f73f10e57b16253b676f4a04e288ef167ca5dfa22726dc00468c2b90f9161e1c6d9c8e2ad31bfaa7a8ab944d671feeecdb89827a56b82ca4c87e65ec3a6af8ca3ee954b397fd953521a547984731de3"})
write$P9_RCLUNK(r8, &(0x7f0000000180)={0x7}, 0xfffffe1c)
ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000000000)={0x1})
getsockname$netrom(0xffffffffffffffff, &(0x7f0000000880)={{0x3, @netrom}, [@rose, @netrom, @bcast, @rose, @null, @bcast, @rose]}, &(0x7f0000000900)=0x48)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r8, 0x84, 0x1e, &(0x7f0000000080)=0x8, 0x4)
read(r1, &(0x7f00000002c0)=""/69, 0x40)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)

5.8187681s ago: executing program 1 (id=1429):
socket(0x1e, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c)
socket$inet6(0xa, 0x2, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa)
bind$inet6(r2, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000000)=0x8006, 0x4)
bind$inet6(r3, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c)

5.667464697s ago: executing program 1 (id=1430):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r0, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000080))
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0)
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(0xffffffffffffffff, 0x7a6, &(0x7f0000000040))
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCDARP(r2, 0x8953, &(0x7f0000000180)={{0x2, 0x4e21, @empty}, {0x1, @remote}, 0x12, {0x2, 0x4e22, @loopback}, 'bridge_slave_0\x00'})
pipe2(&(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000279600"})
write$UHID_INPUT(r3, &(0x7f0000000200)={0x8, {"dc6b2335ff75a03037b1c165eee0565d50055a5a0cc5acc2852751509b6549d13f429ed1f4a25bf60654ed1d04bb071a59c2134936a732c86335784e94d9dce2df5a4ccc1b0f63e20fe01269eba1fcfd89e590e103af31bfcaf157feb77ef169c1ef2e5860071a6b7f424c5bef4645b39a17a0dc5e5951fa1104274f99f0db3eacc759d567e2f35b41b3c5bd44ef7ed2bc652d2d0e4d52d89b5be83b94b76f53a675166c53071d0538b93d8ad8e2a9a7ec6c06dcd93e34b5dc6f251cac14c4358f82b2f5f5ccd320c0d62ce8d39b9e57ed1ed1282acf6a09c9c3791fa4be59e5d1f9c1881af0c44ec52b1701a132665d6082be0918ba5190c537c03fe99d21805c67c2b787e55803ba9086bddb509366ddeaad1f686cdbbbd664c53e92536ee1cd132a3cee6077304f3f5daeb45d4b8c265f576361f1a0968e3ebcebabf23fd2cda787217362e151cfed34050d88c5e4ff4fb80a6e041fcf1bdec73f692465df9085bc9f05252566d5a44a18fb93947060c91b2d34cd7c0db227760f516b88e4a5351636c576956f8bc828d5305cb7637601970b563b591058847a949a3a58ffb16bb1f647162a5781f154063648fc08674ecdae8bacc9250de05fe25c1c2bd88fa8aeeffc441e8120f2473889f2e7be10d887e4cae2cef152d6afc610746696d275bae9a412e4b9874bd06c50950bed22feb3accbe1d187c79e95da7cb4b61fb4e24e425b7ecf44fd7664dc9f6944e1ba0c298acb01d16e775c0a45a58e8444d2b3b02217cc85932f7b900853b9364a38cab97a7a1e877d370f3cbb16798acc706cb1035615e38214dbf5a6c6c4403573f9c05e2485b228f99e07deb08f2aa1502284b7800e345680dd43b61fc081b5e4ebe0c865b2e8aa8d27f5e67e4464d3b3ff9b10cf90c48362a0457aca5886e1a6b87f4ddef73ff9a40316bcaf0c3e97bec2ceb21aba1d68f06aee65369637e1e4424cb5a579d6f548d8f00c8427b1bef795a72db6a5184868593b4f28a2d0c5f030850c484e3f30854741e1296430948569aeeec6be3e10a41793f3b68e4722fcffa2c836f7eb80146f866424bfe8b263386a06b3e9e70a4105296ebd255ca38bbbbe28819034abb3229210f1649fd4646d011e579f219144a444dee144e67263a4dcdaf282d64f57a89a35c7ad9f0743f952d46b3e6c4ca94e11dded7dd7ea4e2e75cabda7a6a9b9d41bdf44e7459c9d35b047447c886db97f5ce22f44f6088cfe42ec245bca0abb451cd60a8ea14fc90f27cf29dde237eaebd5a944c9d18a330a62fd016f2653c11f8cf06c092b53892edaf2afc0490fe7d909244574f13de676cd3db73a8a3946b8aa588a9b76c867a1e151dacbdfac9993f1ec9f1897118813c3dbfb33b3cb6fde698dbab08775fa06664a83debdcaf8ad1d713de0c8a7961d7405291fce96941fac2d2e0e8ef98dadf6eade614e6c716975bcac20c8500130e7f6b37c0ff4eaa0e7868be8feeb4b3aaabb6d9f11549efb5b1c03d822afadeb51cc0125907467f46b555247dab8e71d8d81edd73b5e9a2715ebcad39ac106f6a61eb53cc634eb3f298e92a39c8ccc9d71d1488ceca41f1eb1bb4989c900a9c7bf7c4815ea00c9c4c50171b489c8bb3c2059b8a9effa864c4e709041d8da1a8289a2edb05b1a4726a6ec22ce9642f6e40db813e5f13b2eb7c552b5ac3f9e4c4a8cfe7761e942aeeeb8bab36f1641606a2e4d4beb910a178a6ec9180c515bb3486a4703c2756dd38e796f3103ec4b102423926bbfb6166bb45933e641922e2d79534542c3d862ce0f69cc7e7b77876a64cf8fbf4788bf018284e2c465f0733bda629b63b55697446175fae45edec0e6a85e9d9cccc4774e26ef10285baeee1cd047f30aacd0969cdfdc8481346da7195bda178a3f35358bfae821e39a6ad6b88ae6c378d85750cd218b39abb385fdfa71fd59089c47083915aee7b4ef4728478bc6f2617c38a0c6b22fa21fe85d2d6dabe6161b6aa62fa40ea2a6455726ec6d981713dc8ff946a32081161d30491bd46d56f4e159fd04685804936afab8e5706caecb60ba8eab104a97093afb49ddd3fd91d07b00cea2c10ad1e7feaa77a240a25652a916f64c5034617857ba5b1a6adb179324e6f96058a838bd39028e20557321240292127835f7a5c63d11951c5c076c03058bd2bf3cd734ae416fb95efe37a187ca4981ce77abdb0e7e3b2e57141d2b3d674361f02b364d15137b7067d3a9845ad150973456b7b4aac1afd1a8f5821bcbd1c777c843b9501a6549db03c48e60043759d5ca543828162f7293f784ae75c425c745c8b943dd38597304862ee167b1d6179131a8219b39cfb2da9263f247339272d1d69c22cf327b41980b19be77e73cabde0d230f63f5ed20100e0afa1905ea17ed936db80b4ce9b7f24f127a8b0b31a78ee94492e6973707868583e23df7584d5eaec9c105e09203fbf3a49379dae565009866860b429c877233df60fc0ffc98107c989fa4f1ba3094759cf37e04447f004087ff955b8cd0458504632c3509f3ce4130fa495b727db0e166e906e465eecd80aef492e71e57b119c82c85ed725b549959e675f31acf96e29f7e642fffddb0347fa5a57e1900c7818bf63cf019886602e8afeb9aec53ddfe2249c85d8eaa2a45d8ad85ce96ddd04667941e204cbf18d74dd81aed7c20e5cfd1e74ad87a7b5f8a2a2f3dc1973833ea2f8c7f047d9a8ee0589831c4957da1f663aae551e062096db678a75066e8e9b267f3d6022672e16a070b30478f58f7c898f0be92de4267bbb4f9f1b6006fb5ecc110d494a878b0c8fff2799a867e2fce1049d49f7490ed2561f96424c8f030689e8aaa94448c95a5a7092d519ac274dfcbf774d89ff5dfb39d1ab5c122034c69e2f2e85f5e428469998b93005544b6b6f2b32e8def989fde8bc7048456bc5a83def8ba81e434918e8a7fdc909295faf1bb1f7f2f0469a8a5cdba5fcdae75ea00bdb7128915f93d09ddb763df81a8201cf5ad1b3e832c009bfa8e7528ac81703a068e4ccee86069661d0c5cc73e4f3bce7e091be86ace8d908228e69828aa78f9edfd24b11cdb6c8ac07744513d089f0694b4e6515415cee4980c43f273662696797e75b719572b4d2606930c9a42ebae41c8f80d5bfc3c35a2302260b9234f7b770db5e35a230b21fe92324a2a04f5e3ce29c1aaab3aaa58e99a2c494d601193c0577d671245678948302bdf6661fb4a271571e6402399b9b40afe1a72abd07fdae5fc5ef08c894c6ba9679f7914525ee46efe1a07ec2cc8fb8023cb07dcc9399830aa86da4e4669a090a7978751afff1758d2a0e7e5ccf81596c2781804c9da52b72f7bc714e5414472ac19fd43eb86f43bbb57081639c5097312efb0c62d248021e22531516d309644e9e8a55c62d7230c72b1bdb6e1175baff47a1fef6904fb03f68e44bf67e776f71c0167bf8c1878522c238ecc10eb3066f65e51048a2afcd0a400d9ba18b79483a72f46516548df42dc0461439c03faacd529ea6b8853435fe844cc74d3890ebc1e9e809ef22163c1e62f5fb9ad35503c54c9825def25704e2d3f453a1a03f11b5fc1c7ee57743da6a85dca1bb21d02ef8191c74f14633dfd179858218da1c5e5528d736973696f9977dba158473e455c60680e2e01146fb803a793b7b52bba751ba94936aad9836dcf1f17c773a76204b57087b8ba4d8ac1ec162c7c8b730142e75d3b8de495d2c690ce71a6c8825cfa34ce1c49acce79dd9b199a8d7fd3509c736833667c20d8afaed2bdd12ff9f89ac83fa400e041cfde8e57e54e456c96374086101ae024237a32fbf7ec6435a1d5c4ca7751c04acf8bdb421dccd6eda29346770671217fd7180e282dda55124509ac53b0b78b6bd72c10c565cbaab91057731378253a065c5f4753135a0455b1f4554649f898e01f8773020bcb446dad958d92d2226383d957a08154141fb210340ed228ed85d1f2b35dc2b4f569d82495fc1bd3b3fe552b360b739494572fd1e7450bb1c2e5eb77257dd2feac7946d178a78a6c0412d03d3162afe23e109fc6e6be680a5bca6a3100d4e2647f51bcd88de41bd18302e163fca82d3ac536407e005d5a080c0cbf7ace25805bfbf3342bc399ade36fa8903d78f7a206c6557a5373687a44fd9f155083358920033ad08a9f31509154fff799a17e753db2475a0259b0588bdaf432dc52f5fa10dd2da8a84eeec10d62d8b4868ae3e4585691df60b582f63e3396a1a0ba3d40799b0aec562ff251b0138eaf784adecd7b46e2056904d19302e229350a53ed8c127a427b4dcdf6bd06d51011324cab02cf1cb674d4a3f3de975c4d60537e57793c6ccbb436b76354248d366513cfb7bf0551f96385fabfe6865c0641b4147bd8e8681e65ecef86c6aaa4e448ad5e55dc8bace1ca8225412ae85c29821f6b70a8e9fd4101ba25a8855762cf0710da5e9efe169d53ac591fac6ae6e640df7b94004fc766fb25d08dd0c37c757c59f2aac6d8a23a39918b2ca7dce583174941208b59bcf210ef6e1db2b1eed6238220a24d5194ab9cd43f0fb9094ba28ab986b8aaf2c926489deab6ebe6706fc6f86c2167a1d85f8aa3dc1c0b0bb931529222a47d71d72ae27cd41db55cbb536f514f8cfa11a99403861f6e975290555d8d06a2c41bc0b3793da98be2ade3064caf3d4ee57876b0e35112986d0fc620df9c0e8ec8cea60959071a1bf950b8db247961a68553927f11bde20a140bb0f90e9224941c8baf0b09bbf90d380cc06262a0fc678e33ecbdcf5a4136cfbf438403d0206160a7d01a8e5f0fb8134c4cdf03dabfedc5bc09b05136c8f8d173dd33c2bb6e9c129467efc1e9a874f35f683b1176eaef2995a7f738e26bdc3e93a967eda1d6c4a97251e80bb1381698acefb5c148abf003c9695bb9f6aed6270d7b590823570206cda2508329b85ae13c0b2d058661b4f2702809a448fa44bef8f230e9951eec7c63950d8b4d3c8a007ab34a6fcb89c4ab44c7527d56e44e61b3fcd0a4f287d8adfe4b791fa2b86f00eb5288eeff0b7cdf77631bb5d3ed0217bca115e39fa5375ec2a61f583240d4a5d0e77aa76a7ff3e71f60856a0f8a10592de75a7cdfb6a120205e7ed641b034ba279a5f715870f10f636db5740e8c8c101a35f66cb68e887a0975680b9d50ff3ca4d054b7507c22307d5e45ee3253ee4f7099ac33813238293187bde608991d1d5eaa424791732ea2648dcb74bca88ffb4f65aaf026f2c3d791b30ce328683286e278f2144bf6b25055541c6a31f363fef5d572d52cb954da000a6b15df9f342e89dc836ae281f6001d6af6fcdc4864c5c7234c0c811a6204bad7232e75d6cb083a6d6e89dc3fe4c41f9dce9e1779e466e5fecb93b0eb151e6736d742eb7396ff508a2053c495d42942a9e74e5eb271784b8edc4175b8b66ea99dabb8a089d9e8872b680e4fc00dd9372230c2354e4bdf5f013a0cc90ffd64bf4942023e2c406d148156abcb6cb1b2cab46105f5af47864b7cf8ed77fa350dd016e7f21d9a6f39f32082a5a9047301f0b959b91d35be0e02c5b0f1c5df45f1d686b84c084d4d3f084bbe269428b78cbcb1997bc913ae29cd57b8d46b258fb9526f97866ecae09bbbb2c84aec8d80f6c44f8367255f38f1c9677cc335ad575a2070e37b7ae906af4ad4d84c941a7e10e3b05ca1ded870a80bbd9e3ed87f948b670d2cdfa5513cc42e0335c3f77044f8abb10f069a51155fb2a25b105fa0e8571607a87fd72d1290569abf143fa0eede87c2f0cef1c29aa37aa99243", 0x1000}}, 0x1006)
syz_open_pts(r5, 0x0)
ioctl$TIOCSLCKTRMIOS(r5, 0x802c542a, &(0x7f0000000040))
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x0, 0x8, 0x0, 0xfffff004}, {0x6}]}, 0x10)

4.978778553s ago: executing program 4 (id=1431):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x10, 0xffffffffffffffff, 0x0)
add_key$user(0x0, 0x0, &(0x7f0000000140)="00c2", 0x2, 0xfffffffffffffffd)
r0 = socket$kcm(0xf, 0x3, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa}, 0x48)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), 0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r1}, 0x38)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000140)={<r5=>r4})
sendmsg$key(r5, 0x0, 0x2400c010)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r4)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58)
r8 = accept4$alg(r7, 0x0, 0x0, 0x0)
sendmmsg$sock(r8, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000340)="8224aca5f41b9e0ec5e7a706c919e7c0e343f0cd0a779c17e7f992396b09252009d2d12e9475a57ec39f71417044cf4151af34ac1dfd5d87cdd80bc4c24478821f64d4d971bbc1fc7bdd181a839344917165bb9cd0fa568aac55d8e38ee30fd3a9bc63e2656b6941c812e6ea0692ec276deb2b7b817906cf8c5429a42164e8bb521e216e554d509a0fd0d86729b5f4b9a01fb336bef1be8a68a628452b83a7404087d4bcb64f6ecad05459d12595d5b8b2657f2f29656a15e5a18e3168946dcb5faa59f7b404bad393ba06734d170b0513aeb0d051", 0xd5}, {&(0x7f00000004c0)="62c99e05d98775ed1beb5d67431ead896f7060f03e5b8671b283168d0df1573bef271f3a22b9cac06e27c7e87b34a19188d3e10e670bc070f0d3eb88d2f891d242747e0deec4a10609b12d4058b0fbff28bb01e6e49b533b03b11288ff4da1ab3226a2e3ba5fc47969142f1a1a0ca9ba4cece2ac9a5fcd89343de7e57dfcbb6216499555bd04f2fcb91c3c6c72868a3797ec63f8138ab74b5034878812df8b0445704cb33f81bffed93c3e645a206db134f626a59f4fac53fbf23489cf2f45d05d735e64033376671da045df97bcb989bda1d17ba14afbfd19e32a8222ebf934c17fed237b86aef2e830", 0xea}, {&(0x7f00000005c0)="f2b314c96d500b66f7fd46493862d9eb11d188464208592330ac482436286448", 0x20000}], 0x3}}], 0x1, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r6, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r10, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)
sendmsg$inet(r0, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="02", 0x1}], 0x1}, 0x0)
add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0x0)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8000, &(0x7f0000000000)=0x9, 0x4, 0x2)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="4c7eabd6952ed9d2c66c00000010000304000000", @ANYRES32=0x0, @ANYBLOB="0005000000000000240012800b00010067726574617000001400028005000a000000000005000900000000000800250004000000"], 0x4c}}, 0x0)

3.872255528s ago: executing program 4 (id=1432):
r0 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r0, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x4e24, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x24, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x14, 0x9, 0x3, 0x0, [{@initdev={0xac, 0x1e, 0x0, 0x0}}, {@local}]}]}}}], 0x28}, 0x0)

3.861441898s ago: executing program 3 (id=1433):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702"], 0x0}, 0x90)
syz_usb_connect(0x1, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904010003fe03010009cd8d1f00020000000905050200de7e00100905"], 0x0)

3.839108993s ago: executing program 1 (id=1434):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, 0x0, &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb01001800000000000000200000002000000002000000000000000000000d0a400000000000000100000604"], &(0x7f0000000f40)=""/4089, 0x3a, 0xff9, 0x8}, 0x20)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r1, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r2, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r4 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0)
ioctl$EVIOCSKEYCODE_V2(r4, 0x80104592, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0xfffffffe, "002107200000001200000000000900"})
r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r6 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$DCCPDIAG_GETSOCK(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="5c0000001300213100"/56, @ANYRES32=0x0, @ANYBLOB="0000000000000000000010000100085ab87211536c484f6994e6000000000000"], 0x5c}}, 0x0)
r7 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000040)='dctcp-reno\x00', 0xb)
setsockopt$inet_opts(r7, 0x0, 0x17, &(0x7f0000000a80)='U', 0x1)
set_mempolicy(0x4, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$KVM_CREATE_VCPU(r5, 0x8010aebc, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040ed5000410"], 0x11)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000340)=<r9=>0x0)
r10 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r10)
ptrace$setregs(0xffffffffffffffff, r10, 0xc, &(0x7f0000000000))
r11 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000003c0), 0x80102, 0x0)
syz_clone3(&(0x7f0000000400)={0x110000, &(0x7f0000000080), &(0x7f0000000140), &(0x7f0000000180), {0x2d}, &(0x7f0000000200)=""/40, 0x28, &(0x7f0000000240)=""/27, &(0x7f0000000380)=[r9, r10, 0x0], 0x3, {r11}}, 0x58)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r8}, 0x10)
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)

3.744696073s ago: executing program 4 (id=1435):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200))
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$setperm(0x5, 0x0, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f0000000140), 0x0, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYBLOB=',rootmode=', @ANYRESDEC=0x0, @ANYBLOB=',group_i', @ANYRESDEC=0x0])
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080), &(0x7f0000000180)=0xc)
write$FUSE_INIT(r2, &(0x7f0000000380)={0x50}, 0x50)
close_range(r1, 0xffffffffffffffff, 0x0)

3.699745648s ago: executing program 0 (id=1436):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @host}, 0x10)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10)
r2 = accept4(r0, 0x0, 0x0, 0x0)
recvmsg(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000240)=""/97, 0x40000}], 0x1}, 0x10140)
r3 = socket$xdp(0x2c, 0x3, 0x0)
mmap$xdp(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x11, r3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb181118000000000000007d14c96038db"], &(0x7f0000001f80)=""/218, 0x26, 0xda, 0x2}, 0x20)
socket$kcm(0x2, 0x1000000000000002, 0x0)

3.620833665s ago: executing program 0 (id=1437):
r0 = open(0x0, 0x0, 0x0)
fcntl$setsig(r0, 0xa, 0x21)
creat(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x3)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = fcntl$dupfd(r2, 0x0, r3)
ioctl$PPPIOCGCHAN(r4, 0x80047437, &(0x7f0000000440))
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = getpgrp(0x0)
ioperm(0x0, 0x3, 0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
sched_setscheduler(0x0, 0x0, 0x0)
socket(0x6, 0x0, 0x2)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
ioctl$TIOCL_SETSEL(r7, 0x541c, &(0x7f0000000100))
ioctl$TIOCL_SETSEL(r7, 0x541c, &(0x7f0000000040)={0x2, {0x2, 0x6227, 0x0, 0x0, 0x9, 0x2}})
newfstatat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, <r8=>0x0}, 0x0)
setresuid(0x0, r8, 0x0)
r9 = getpid()
rt_tgsigqueueinfo(r9, r5, 0x15, &(0x7f00000002c0)={0x20, 0x2, 0x3})

3.326457541s ago: executing program 1 (id=1438):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
write(r0, &(0x7f0000000040)='\f', 0x1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
gettid()
io_setup(0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0xf, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES32=r2], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000000c0)=r3, 0x4)
sendmsg$inet(r1, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[], 0x34}}, 0x0)
modify_ldt$read_default(0x2, &(0x7f0000000480)=""/148, 0x94)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x4000}})
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={0x0, r6}, 0x10)
read$FUSE(r5, &(0x7f00000021c0)={0x2020, 0x0, <r7=>0x0}, 0x2020)
write$FUSE_NOTIFY_INVAL_ENTRY(r5, &(0x7f0000000200)={0x29, 0x3, 0x0, {0x0, 0x8, 0x0, 'group_id'}}, 0x29)
write$FUSE_INIT(r5, &(0x7f0000000040)={0x50, 0x0, r7}, 0x50)
syz_open_dev$tty1(0xc, 0x4, 0x1)

3.209238015s ago: executing program 4 (id=1439):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x8, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x7, 0x1, 0xb, 0x0, 0x0, 0x20}]}, &(0x7f0000000040)='syzkaller\x00', 0x2}, 0x90)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x100400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
set_mempolicy(0x0, &(0x7f00000003c0)=0x8000000000000001, 0xe0)
syz_usbip_server_init(0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_int(r1, 0x0, 0x13, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000a68daa40d35b7c315e040000000c0902120001000100000904000000ef"], 0x0)
r2 = socket$inet(0x2, 0x80000, 0x0)
bind$inet(r2, &(0x7f0000000380)={0x2, 0x4e22, @empty}, 0xfffffffffffffef0)
listen(r1, 0x0)
fchdir(0xffffffffffffffff)
syz_usbip_server_init(0x4)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r3 = syz_open_dev$sg(0x0, 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000040)=ANY=[])
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
socket$nl_crypto(0x10, 0x3, 0x15)
r4 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x0, 0x0, 0x32315559, 0x8}})
r5 = creat(&(0x7f0000000e00)='./file2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
write$UHID_GET_REPORT_REPLY(r5, &(0x7f0000000200), 0xa)
setxattr$security_ima(&(0x7f0000000240)='./file2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000040), &(0x7f0000000180)=ANY=[], 0x2, 0x0)
syz_emit_vhci(&(0x7f0000001140)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR}, 0x3)

3.2005332s ago: executing program 2 (id=1440):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xae}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x3, &(0x7f0000000580)=@framed, &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020702500000000002080a47b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

2.839574927s ago: executing program 2 (id=1441):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140))
r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r3}, 0x10)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100))
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000340)={@flat, @flat=@weak_binder, @flat=@weak_binder={0x70742a85}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})

2.65933111s ago: executing program 1 (id=1442):
r0 = socket$kcm(0xa, 0x4, 0x106)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$alg(0x26, 0x5, 0x0)
r3 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x800)
ioctl$CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f0000000380)={'\v\x00', 0x0, 0x5, 0x2, 0x0, 0x0, "f759e10000001000000000fc6300", '\x00\x00\a\x00', "0300", "e859ad13", ["8bada940edff000a00", "c2fed6bf0400000000000040", "000000ff0000000000000020", "0000000000000000000100"]})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)="d800000019008111e00212ba0d81050402610200ff0f040b067c55a1bc000900b8000699f3ffffff15001500fe808178a800150003000140020024f89a27c8d889cb591401ba86000901ac040000d67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f00000e9703000000000000", 0xd8}], 0x1}, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f00000008c0)={"8a2596dd", 0x0, 0x0, 0x0, 0x0, 0x0, "000000000000000000000000000081", "643aa6bf", "69c7c4a9", "f7bf0700", ["87b700", "275f27336448602a553ae850", "5d6fd1214703bf778b51fce0", "4973dce60c23eb4573635a16"]})
bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x5f)
r7 = accept$alg(r2, 0x0, 0x0)
write$binfmt_script(r7, &(0x7f0000000180)={'#! ', './file0', [], 0xa, "41331062655e414d4b58352b76fced1a601975ad12e2bc2063754491ca9f8f0d9573ce08eb44a06351a623b4848d965c34211640dd8a6dad4380ad6f25791e407facd9c871dd169eda3a6a8e3d22216962d03ac0080d29e2978e011211961429178de7def02450"}, 0xfdef)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0x208e24b)
ioctl$USBDEVFS_SETINTERFACE(0xffffffffffffffff, 0x80085504, &(0x7f0000000000)={0x8, 0x6})
setsockopt$inet_int(r1, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x1a, &(0x7f0000000200)={0x1, 'netdevsim0\x00'}, 0x18)
syz_emit_ethernet(0xbf, &(0x7f0000000300)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb1, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @private, @dev, {[@cipso={0x86, 0x71, 0x0, [{0x0, 0xc, "e256b28c599d1681fb52"}, {0x0, 0x9, "789607671442eb"}, {0x0, 0xe, "7434954373561de584b703c8"}, {0x0, 0x9, "e706d30bd224f8"}, {0x0, 0x7, "cfa11cab1a"}, {0x0, 0x10, "8475be675de6a70a05a0dc91e5c6"}, {0x0, 0xa, "6580a5e97612fe86"}, {0x0, 0x12, "73bc2300ad9d19a30000000000000000"}, {0x0, 0xc, "c8f46976e79e56c7a95e"}]}, @cipso={0x86, 0xc, 0x0, [{0x0, 0x6, "7f36c525"}]}]}}, '\a'}}}}}, 0x0)
sendmsg$kcm(r0, 0x0, 0x20000800)
r8 = socket(0x10, 0x803, 0x0)
sendto(r8, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r8, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x1b0}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

2.593438807s ago: executing program 2 (id=1443):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x10, 0xffffffffffffffff, 0x0)
add_key$user(0x0, 0x0, &(0x7f0000000140)="00c2", 0x2, 0xfffffffffffffffd)
r0 = socket$kcm(0xf, 0x3, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa}, 0x48)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), 0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000570000"], 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r1}, 0x38)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000140)={<r5=>r4})
sendmsg$key(r5, 0x0, 0x2400c010)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r4)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58)
r8 = accept4$alg(r7, 0x0, 0x0, 0x0)
sendmmsg$sock(r8, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000340)="8224aca5f41b9e0ec5e7a706c919e7c0e343f0cd0a779c17e7f992396b09252009d2d12e9475a57ec39f71417044cf4151af34ac1dfd5d87cdd80bc4c24478821f64d4d971bbc1fc7bdd181a839344917165bb9cd0fa568aac55d8e38ee30fd3a9bc63e2656b6941c812e6ea0692ec276deb2b7b817906cf8c5429a42164e8bb521e216e554d509a0fd0d86729b5f4b9a01fb336bef1be8a68a628452b83a7404087d4bcb64f6ecad05459d12595d5b8b2657f2f29656a15e5a18e3168946dcb5faa59f7b404bad393ba06734d170b0513aeb0d051", 0xd5}, {&(0x7f00000004c0)="62c99e05d98775ed1beb5d67431ead896f7060f03e5b8671b283168d0df1573bef271f3a22b9cac06e27c7e87b34a19188d3e10e670bc070f0d3eb88d2f891d242747e0deec4a10609b12d4058b0fbff28bb01e6e49b533b03b11288ff4da1ab3226a2e3ba5fc47969142f1a1a0ca9ba4cece2ac9a5fcd89343de7e57dfcbb6216499555bd04f2fcb91c3c6c72868a3797ec63f8138ab74b5034878812df8b0445704cb33f81bffed93c3e645a206db134f626a59f4fac53fbf23489cf2f45d05d735e64033376671da045df97bcb989bda1d17ba14afbfd19e32a8222ebf934c17fed237b86aef2e830", 0xea}, {&(0x7f00000005c0)="f2b314c96d500b66f7fd46493862d9eb11d188464208592330ac482436286448", 0x20000}], 0x3}}], 0x1, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r6, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r10, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)
sendmsg$inet(r0, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="02", 0x1}], 0x1}, 0x0)
add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0x0)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8000, &(0x7f0000000000)=0x9, 0x4, 0x2)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="4c7eabd6952ed9d2c66c00000010000304000000", @ANYRES32=0x0, @ANYBLOB="0005000000000000240012800b00010067726574617000001400028005000a000000000005000900000000000800250004000000"], 0x4c}}, 0x0)

2.281560771s ago: executing program 2 (id=1444):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$vcsa(&(0x7f0000000140), 0x1, 0x0)
lseek(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_setup(0x45b4, &(0x7f00000035c0)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000040)=<r1=>0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
syz_io_uring_submit(r0, r1, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r2, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000080)={0xc})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="5800000010000104000000000000000000030000", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b00010067656e657665000014000280080001000100000005000300000000001400030067656e65766531000000000000000000facced964c0377c80016bb"], 0x58}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r4, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x4c, r5, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x7b}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x76}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x68}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x5e}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20040800}, 0x40000)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000140)={&(0x7f0000000480)={0x30, r7, 0x8, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x1, 0x67}, @val={0x8}, @val={0xc, 0x99, {0x2, 0x6f}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c140}, 0x0)
socket(0x10, 0x3, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r8, &(0x7f0000006440)={0x0, 0x0, &(0x7f00000063c0)}, 0x0)
r9 = socket(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000580)={'veth1_virt_wifi\x00', <r10=>0x0})
setsockopt$SO_TIMESTAMPING(r9, 0x1, 0x41, &(0x7f0000000140)=0x9de, 0x4)
bind$packet(r9, &(0x7f0000000080)={0x11, 0x0, r10, 0x1, 0x0, 0x6, @multicast}, 0x14)
sendto$packet(r9, &(0x7f0000000040)="bb53a945842851722bb479853e60", 0xe, 0x0, 0x0, 0x0)
recvmmsg(r9, &(0x7f00000046c0)=[{{&(0x7f00000004c0)=@hci, 0x80, &(0x7f00000005c0)=[{&(0x7f00000008c0)=""/86, 0x56}, {&(0x7f00000002c0)=""/35, 0x23}, {&(0x7f0000000380)=""/44, 0x2c}], 0x3, &(0x7f0000000940)=""/103, 0x67}, 0x3}, {{0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000009c0)=""/169, 0xa9}, {&(0x7f0000000a80)=""/13, 0xd}, {&(0x7f0000000ac0)=""/200, 0xc8}, {&(0x7f0000000bc0)=""/196, 0xc4}, {&(0x7f0000000cc0)=""/13, 0xd}, {&(0x7f0000000d00)=""/64, 0x40}, {&(0x7f0000000d40)=""/217, 0xd9}, {&(0x7f0000000e40)=""/62, 0x3e}, {&(0x7f0000000e80)=""/40, 0x28}, {&(0x7f0000000ec0)=""/76, 0x4c}], 0xa, &(0x7f0000001000)=""/4096, 0x1000}, 0x7ff}, {{&(0x7f0000002000)=@un=@abs, 0x80, &(0x7f0000004540)=[{&(0x7f0000002080)=""/84, 0x54}, {&(0x7f0000002100)=""/105, 0x69}, {&(0x7f0000002180)=""/25, 0x19}, {&(0x7f00000021c0)=""/4096, 0x1000}, {&(0x7f00000031c0)=""/4096, 0x1000}, {&(0x7f00000041c0)=""/157, 0x9d}, {&(0x7f0000004280)=""/224, 0xe0}, {&(0x7f0000004380)=""/79, 0x4f}, {&(0x7f0000004400)=""/165, 0xa5}, {&(0x7f00000044c0)=""/81, 0x51}], 0xa, &(0x7f0000004600)=""/177, 0xb1}, 0xffff5975}], 0x3, 0x12040, &(0x7f0000004780))
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(0xffffffffffffffff, 0x3b72, 0x0)

2.04955429s ago: executing program 3 (id=1445):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x0)

1.95678674s ago: executing program 2 (id=1446):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800"/11], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={r0, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter}, 0x40) (async)
syz_emit_ethernet(0x3a, &(0x7f00000000c0)=ANY=[@ANYBLOB="0180c20000000000000000008100000086dd6006211100003c00feae8d000000000000000000000000bbff020000000000000000000000000001"], 0x0) (async)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) (async)
syz_usb_connect(0x0, 0x24, &(0x7f00000002c0)={{0x12, 0x1, 0x0, 0xbc, 0xf2, 0xea, 0x40, 0xe41, 0x534d, 0x7ba3, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x6b, 0x92, 0xce}}]}}]}}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0) (async)
syz_emit_ethernet(0x1546, &(0x7f0000000300)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x27}, @multicast, @val={@val={0x88a8, 0x7, 0x0, 0x2}, {0x8100, 0x7, 0x0, 0x4}}, {@ipv6={0x86dd, @udp={0x1, 0x6, "5651af", 0x1508, 0x11, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @remote, {[@srh={0x0, 0xe, 0x4, 0x7, 0x10, 0x60, 0x66b, [@private1={0xfc, 0x1, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, @loopback, @private1, @dev={0xfe, 0x80, '\x00', 0x12}, @mcast2, @local]}, @routing={0x8, 0xa, 0x1, 0xd2, 0x0, [@mcast1, @loopback, @ipv4={'\x00', '\xff\xff', @remote}, @mcast1, @mcast2]}, @routing={0x89, 0x8, 0x1, 0x2, 0x0, [@loopback, @loopback, @mcast1, @empty]}, @routing={0x2, 0x14, 0x1, 0x3, 0x0, [@local, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @remote, @private2, @dev={0xfe, 0x80, '\x00', 0x39}, @empty, @loopback, @mcast1, @private1={0xfc, 0x1, '\x00', 0x1}, @empty]}, @hopopts={0x6, 0x24, '\x00', [@padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @generic={0x6, 0x66, "55ce08d4470dcf0af81c9738e2b8af9162171e38c0927ed30d3eae710bb3f167358e7d0cbbbb9c3f494d321f2cbd3cefe78783f9c463a2176a64d11aaf143cf9f7f71aa20b5019ba260d95e590a572ed3f6d327c8d7259e29d91e8e4af37dc2cb151ff0c80ae"}, @generic={0xf9, 0x9b, "40b4f58e3ebe05557f77b2e8e099cb9c6a8ed577c271cd5ec2b2edcaaf2ae5d5b7b2c8f56a14144e760cf44e7f4f981044a0287c9350f4b8f9c99a94cfb558b502e19f1316ac2df64c8e2daa217ace12c1713c486d101f1034b9c3cf18481f965b607dc29be399b5a840b965098344663e57502f081014bb4ce69769ce4acd203ce6e5d16cc45538182b39868ade0f7fa522d981f77fe8b2c620ec"}, @jumbo={0xc2, 0x4, 0x9}, @hao={0xc9, 0x10, @ipv4={'\x00', '\xff\xff', @local}}]}, @hopopts={0x1, 0x201, '\x00', [@generic={0x8, 0x1000, "9983780b6ec177505082d4b8d538ec42bb39dd660c99f0a1d0f5f7b6199b2638d220d0df06a36d50907c9f669255320e2af323a2057e6b883b959875e81698241af781ee228d3c8b8b771b12706614e7ec811bdce50bdc9c8059e824434b2150e99457b00f8de553588d94525b0acc7a1bb1aac23326cc7f08568ae0d03a3b9a6c148da140aa09b88b96748dfd17e842a981b736e65966f0c9f4d8700ca1e990493b953e67b9b6cbfdb7419fe2d71a151e4a31466365b5f317c11bd85d29fb0476d123aa69af154a09a37e52c36ecc89a2fcc654279ade48cf583028771a6df85d7f0f8b32bdf8747039c180be86bfc562d96a9d17557e07fe0c7057a7c5211692ef2ea6aaddd534c35828fa03a444401fba3b6aa6a4070ea0692c7f4dcc62d2075f2de56b319ab452465d496d0cd445f7fd536ac0cf04779f46e3f4349a2a7a1cf9fe1bbf9db64e40eb26fb8c074f59b698cb8f2dd1ff483f7cdf50a0ed73d0a288c06429172a095abc49d0acc644e5b48cacc215e0a8956794868c4975acd7cb346cd1d0c80c5c247a44c94d02b6c80dc5f62b33288eb8f068c226defc2469f02a40aa45bc75dc3a98e674b1c09677ce0840ebbdde6c9fab9683dd0a71ac91d78f179008165280a241a6f0900ff1f16f8be5712175a463ca583b8e976396491cf3f07e4df134721885b0e52b58ba810f09ad06d8c1eba395eb08d34130c3083273f87bd2d1194d20472c06b30742e4b17688e44eeb963a3d469c8f395af4734930cff7b68d3c70dcea374cbc33b1343eccb466fd966b203f3055dcef90e5553d77e50630e0bca066d59bea120ab7f41ab3bfdd60f0d91cf6900e04caef89e8dc2ea43a50a4224fcb1434b4888c302e0a7feeccfd1ab8fbfe5273636bd2fe1706846cb2658231391206fa18e17b84d6caeed7724f3b5148f1bdf02de0e626d1c08eb319b96fb419300c7a328df2e410ea0b0726b52259f53523bc2abfd210800c26b85078a331c42c3fe9dfe8d6ecc84382514bb7d4965ad72d22772bcba95e06fc2c251c2b2e30f93fe638a67fa640cad429d7d7b3e2fe67f0f6bc8714e903bca44814c08e8ce85ad68bebaa5b45e15264b95be087c4300e3c1f892fae0bb9b5d520f1936435a0debb9960fd06e396700f84f79194d50cc90c13ae67292c0fb44e58e723f60adc5900b01362af56482ea715fd5cafe8baacd72d43b033204ae348596abb35259c751e8b12a80f2fa8a317984bde58b3c2b9f7938181eb5f388e37655afe97ce0a415b9ce16f3f18f61459ee2c826af9d17ff6fb2fb30bf6a1d0c909960f0689923418b97c352f3fdd698c1de1eab8b8f3960f5c1a2000c28698ab70303de02bb4b27ff368f104b8c40db8e8cd3021399958b3cc325494adb7fcb0532214c431bbd51bf66f79e293b723fc285f4eabe41f98bc65c435cae9966a0b7e6e934c8f1d964e64a87d1d8bb70bfc8f06f22c2d377fdeb4955c57ed1d706af5c27132076772b52caf9921a07a449b47416738c7fff9194930c4944f008a618dd1e9c507ee927af23e0621ab3c19615430a80e99a0c762d3f24326b789bb2623e7ce75fc0901d8dde04af317d2c06b2ca855517062e312aec46d9d8378d8730e4ed81bc990adf0444fb533209d05439d63f069b80d3a97388c715495556efa5f1f0d3f0a60a61be10d396bff105490a66987e8228022431d836bbe181c0b0dc66e860d088307cac4e5a7512fcd0687776e4bf6db290625e25e3bef1bbe497a6b4e50615a4ba053ccadaed86b78a5d322a25d650c2278c549d656a0b35445d716e1cf02c4142b12eff2b71adad4a271313490ed42c5415379247b8e9e97ddc44c08a924f15a7768bd9c6b481f309fc2b6ac97078ddf94942c587a427fa67770c1636d9668c13edf52efaf6ad419d4b3386485cbc46fdf88377952f02567e1627514be34f7f477524d7d4e89070aed7482036f93a60b4521610d8f56accda7e05dc00c8bf24e1e7c72abca5134f3885d6aa0e3ae27929dc09eac79e243d4eb5d2ac159fb46120eebab9a3bc89cc4fd84f7bbcef5f9b738d45e91415ab5e358aefb629eac85989fad55c5939b67bb33a458a4c73acfc17a9b4c46d1068abd046ce1760619001d85a307519e54e6301737a6eeb84a33da419b827fb9a47a3b41ae6a32a9e7f7413b31427e06957d1ce063b8009a87f65b24882d10f27aa0737f12a26e14bca1f44534bb6a293353ac50c6927d2ae3bd4a0d439b123119ff1ce0f2e4ca70c8c362fa8b04a63a0ef9a3a3a0d00f0e51b5007ea4a388ba99013f245321ccb115e95abd4330b497dea8306471686840ec6c76d22be8a9d53ba67775e337f43677fa18c072d1fa2f2fd1f068ee22c5f8d48beb6867ac363f1a51be55152f5366ea9cb90d90ffa5cd251e5c36408ed3d0f29c0d74e1deefc1f35157eb206bc531cafffb8f16b4a985592c754e855751b30f0f68aa4d71c3621614402e42f331c090ca7db2bfeb0279f2a49000a2cfd2e0be273bb4bd2f78a633a9542a7756b42dc2aad9f622a9bbebb9b4cecce817f11acb68198458b5ae3c1eb1892aa6d23e0da20afe26e86ed4622247a6fbf680ed64f0e6a81a2793f75a44f19c26bc14e2df842e5e9ddaf149ea9c91a4f00395412f7deb3c2843625a46ed623f7ab9819f12d365e1136d965aa2946da3b15687b2b9f3db2aad3768ab42367686f5b079128c3246e4df90c854f2f46c46392b8fcefcc3568facedca4c3dafd649612a52905b6095cacbba575ca1143326718d7ab41f2a597b42440a5296f38cffbeab544d08c7e71360c15f2c78c8fd3fcc6d24da58d7d5441df12344ff3126d456ac4563dda65e2de51cf83c14960a9c9d99e3d6dfe723683d516b65e4bcc690ee2b6328cd26d0352760586b4043f8a7d9223324aa277ae3ae54b4eb16a09c0d7dc74ab69d9f6307c7da1e494aa3dae52d834b9978dd64859a732f40daeddf4b12dc6d8607650d6b4b2179324b407509d3cdabcd2c125e70f91f5aaaed65d8d3535a353e2927bf266d6ac168efc40a43a333ba1c27092e8a6a407e89d54208edb654c49b6e5ae8205f69a191df96e2c74c872ea4f54a7c54287aa2f96df2104d391df50096bf26501ab193045b375279e9323a60e11161146f6e4211f5a3535879935a2bca088517bf72f8a1313e24f07026149539743eb93e486b34671f40722204615b5253f096b6eeec5373d1228fc379713e386891c6959153385766555fb2cced49c17ca130f83df7398a0219fcd07cfe341b69344417054f195e929be3c844e764efa92209f962fe39444315eb92d418fec6ac080e54399d80605ee3092820b40b2a435a16448575a9327f7de0eee2ae4d442fa1c2297b9a2066f595a0812a81d890d7ec5593a3db4564a233a4bb6a4b500a9141437e2318fe86a14d35e97572c8be31085573d914e0ac1ce903e43742298c54020248f361fbd6d032088461690e2823a8192e19c48d96fe960050cf5f257e81fb4e947c0bdaf2bd77cd336bd14c3447f2748106c9e5a6634605ae0045131fa633334e281e3bd8a7c419a1ea39a1c780591d49069c5d29d465799db2d25d1fa8e39d83813b2a034a1a84b91509cc9ecd335c81eceef54c8a8cc6ed2d810c741bf7e474028f8d2c1601d7a824c907fb027c94067631c7e15bd16751ed1f403cc5ee40fb1ca6fe6b6a186c97d838f5a424daed2a4d75b1176afb81a20bf794f34eab9868afea5965f90f6b0b520b7c731565c92281e6da635e9d6ec2b44e2b000aba9aa9488ef1e500b0b16b0621e9ef6e98081e9d6d62a260877ab8340feba622b7a2c8a219efcd8b68fce051be498f99c04e24c225ad3b4cda06d62f2e96208794a23889c4b2f26ed1ea5b860d894c3da869b856e5fb9efd011a00ee87f85663d15db500909e27af50fd59739cb46d08c6929df0b9fdd1ba6f10a0cf8e2eeb43d48198eb000a4f39219e9793b3691c45f8fe4e1786966255c403b6f376eadd00e2a3cbc4fee398a0e3065947594c15f932b7566da4c0cb500772febcb9037c39bcbbdd71ab99e722cef36cb24871942c5ca52ee8701acf8efadbe50816705e36ea6f7f7e85cd176ccaae4e8f55b910957fa4d55fe9755b7ff5dfe70a8627e6a7597cce719b456cfe4165b3aa193ed52214b3fda881d335fbec42868304e796f87ced41bb1dcdc18569b09b6d40392e0139fb273d4b4c6f4a6b56df8e9e0378315ce9c9bee38ba2d1ec5c305708be6d0ddc284614ce285425128d54a7d6181b8d81278dd1546b9cec32ea8f72b6452a5eb84436cae13cbb11b234349b9d2809700a0f85feeb90ce03c3f3710addb752945c039a5c799608e63a726df7b831ea18948d7b59f27954d923f86e8840ab32d07563a995a9a547dfa592069f5a78f2482c81df75a97d688f69a85c385d8083d55706c27acfd46d4c9b6ca63e10671978cadf266a127365e912b3f1efd5b53e91926b5c6d73d257a433b7dbcf9bc9d40879f4a765ec158c5d569e04b111822a633c60f300397da03e669253d2eb5604c3630fd0a4a6ed3d4d67831bbe79a90b71e5a73bb76d3537bd070cbb93023388da99a1ab1296b1457eb677a9ea0b1218defa7e6bb09946e9403faf107e8308c828a78670d506b42904d77e947691c586b4969fc4fa33f6cc2466eb1f9f5d5d68e10080e74fbaaec7230e9285f2e52dc2c9be2fd2abab27dca9099a22a0a0fe3fe737958c5f0e6b04dad095f87b81056f93814ce36054917655f423e6f580970e032d2a643934d15498dcff06a354c880b9dbc97199727a38d7a00a77eb6649c35856eff2c2841f0e8feb33ff59a72dad127618f7ad0075c929ecc8a768dab3b520355e2f5a510c723baa8cfe351cb1c207bfd0614b26b86693d0555bbdb58dbbe61f19d29e99209f6f31d2459b448082606891f741bf757b38294d8c312fd7dff6e06425c18485a2016b559b114c12c9077f6f009487f2303b5e9e822f11f1ba725ac8f006f506452ba6f25a2abd582adcdca52ef1a83baf15475d02995e28be03a1d75ae2c7f57c35d402585fd98c5ea2dd28be329c29f93379ed2124f55e5e1fb388edb5364ef9c90539f12a5e0e0b1b0f7da95b8763911768253dce939c93f0ba0e1e38cbf17da83f84969d3babf6c74863f44575efe207cc109ba4cc5d388bc861c85d29417efbca121555a3b9dd205cf14b6b598d064901592bb78b9245419ff172e926544eec215b51e8130c832a84def3d8ff98eb18ceb12c59ad0efaef889f450ac88e47d03b2d8db93e396313ede194a172076d3bdbd81156035ef84d408ffc0ab4245f8eeb1a3c62e76d6972613cd29993dc29d5b9472537da201b42fb26d4edaa145087d9624f94b23b55f6d24dc92a849644acbdf9c54680c11c8decac4ad5dfe5891799621b7b426a99a3aadd8fc817ffb2834290955b936167f843883b55e4e1a7b0ab23d72c370d3c589d1e3986fc1f8e387916b875322737b3a27f52b00fb1676896fc9cce941a5029907e08522e9816e4945f23f3faa48cf6482fb3aef43d12f199520380d18f27f7ba9b0c738506ea8896edb2b554e2a014b5e8505ad65e68d7dffad5acbdfa25c78e8351c77b9caa43100750d17f220fb155e81728aa5430c718d45580212ec7d6b9fa38b8850066e8dab318f4020291b902e0a418c18197596fdb31b983b0706e65373cfc7f7e4d4c57938216159c8e9ed1919623a50618d462b87c41e89d27da135d71faa610a720dd351f05226e227410a4ec624b2306767f03"}, @jumbo={0xc2, 0x4, 0x7}]}, @dstopts={0x3b, 0x16, '\x00', [@calipso={0x7, 0x48, {0x0, 0x10, 0x0, 0x5, [0x4, 0x1, 0x2, 0xffff, 0x8, 0x80000001, 0x800, 0x0]}}, @jumbo, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x73}, @hao={0xc9, 0x10, @private2={0xfc, 0x2, '\x00', 0x1}}, @calipso={0x7, 0x30, {0x0, 0xa, 0x81, 0x1, [0x4, 0x1, 0x6, 0x9, 0x7fffffff]}}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x1ff}, @jumbo={0xc2, 0x4, 0x8}, @ra={0x5, 0x2, 0x91d}]}, @srh={0x2f, 0xe, 0x4, 0x7, 0x6, 0x20, 0x79, [@loopback, @local, @dev={0xfe, 0x80, '\x00', 0xc}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @loopback, @private1={0xfc, 0x1, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}]}, @dstopts={0x9, 0x9, '\x00', [@calipso={0x7, 0x40, {0x3, 0xe, 0x0, 0x8, [0x6cb4, 0x2, 0xff, 0x3, 0x3, 0x8, 0x7]}}, @jumbo={0xc2, 0x4, 0x9}]}, @routing={0x5c, 0x6, 0x2, 0x3, 0x0, [@private1, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}]}], {0x4e24, 0x4e24, 0x48, 0x0, @wg=@cookie={0x3, 0xfffffffc, "8ff6c8cf90b378d0f92f107b7c48525de7508af25a5b4631", "afb6e8af061b884cfab92e4c624fb748057bfc4a37fb13a02ee410538925d00b"}}}}}}}, &(0x7f0000000080)={0x0, 0x2, [0x314, 0x408, 0xbd1, 0xa78]}) (async)
syz_usb_connect(0x0, 0x35, &(0x7f0000000000)=ANY=[@ANYBLOB="120100002555224082057d00993f000000010902230001000000000904"], 0x0)

1.371590946s ago: executing program 1 (id=1447):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x6000c3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x1f, 0x80000000, 0xfff, 0x8, 0x2000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x4}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000340)={{r1}, &(0x7f00000002c0), &(0x7f0000000300)='%ps    \x00'}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000004c0)='kfree\x00', r2}, 0x10)
write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000500)=ANY=[@ANYBLOB="6c6f636b206e68ee6500"], 0xa)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x89f1, &(0x7f0000000040)={'ip6_vti0\x00', @random='\a\x00\x00 \x00'})
sched_setscheduler(0x0, 0x0, &(0x7f0000000540)=0x7)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000180), 0x40000)
mount$9p_fd(0x0, &(0x7f00000007c0)='./file1/file0\x00', &(0x7f00000003c0), 0xa036a56c9bd60783, &(0x7f0000000700)=ANY=[@ANYRES16=0x0, @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRES8=0x0, @ANYBLOB=',privport,aname=obj_role,fowner<', @ANYRESDEC=r3, @ANYBLOB=',permit_directio,measure,subj_usuz=workdir,\x00'])
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x0, 0x20000001)
recvmmsg(r6, &(0x7f0000000400), 0x0, 0x40000020, 0x0)
sched_getattr(r5, &(0x7f0000000580)={0x38}, 0x38, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000280)='devlink_hwerr\x00'}, 0x10)
socket$netlink(0x10, 0x3, 0x12)
symlinkat(&(0x7f0000000140)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', r0, &(0x7f0000000000)='./file0\x00')
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')

1.240617841s ago: executing program 0 (id=1448):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0) (async)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56561, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x9}}}}]}, 0x58}}, 0x0)
setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) (async)
socket$inet6_dccp(0xa, 0x6, 0x0) (async, rerun: 64)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) (rerun: 64)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYRES32], 0x118) (async)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r5, &(0x7f0000000200)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}, {&(0x7f0000000680)=""/87, 0x57}], 0x2, 0x0, 0x4) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0) (async)
r7 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0}) (async)
ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000740)=r7) (async, rerun: 32)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1, r7}) (rerun: 32)
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000500)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f0000000840)=""/87, &(0x7f0000000480)=""/67}) (async)
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000940)={0x1, 0x0, [{0x0, 0xe4, &(0x7f0000000580)=""/228}]}) (async)
ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r5, 0xc0945662, &(0x7f0000000780)={0xfffffff7, 0x0, '\x00', {0x0, @bt={0x8, 0xffff, 0x0, 0x0, 0xffffffffffff5f00, 0xc65, 0x2206, 0x80000001, 0xffffffff, 0x0, 0x8, 0x6, 0x3ff, 0x125, 0x4, 0xa, {0x0, 0x6}, 0x1, 0xf}}}) (async)
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x20000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r8, 0x84, 0xc, &(0x7f00000001c0), 0x4) (async)
r9 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r9, 0x29, 0x2a, &(0x7f0000000080)={0xffff, {{0xa, 0x4e21, 0x1, @remote, 0x8}}}, 0x88)
r10 = socket$inet6(0xa, 0x1, 0x8)
bind$inet6(r10, &(0x7f0000000140)={0xa, 0xe22, 0x0, @loopback={0xff00000000000000}}, 0x1c)

832.74263ms ago: executing program 0 (id=1449):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200))
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$setperm(0x5, 0x0, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f0000000140), 0x0, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_i', @ANYRESDEC=0x0])
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080), &(0x7f0000000180)=0xc)
write$FUSE_INIT(r2, &(0x7f0000000380)={0x50}, 0x50)
close_range(r1, 0xffffffffffffffff, 0x0)

186.992705ms ago: executing program 3 (id=1450):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x1}]}}}]}]}], {0x14}}, 0xd4}}, 0x0)

119.634295ms ago: executing program 2 (id=1451):
ioprio_set$pid(0x1, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = inotify_init1(0x0)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
fcntl$getownex(r0, 0x10, &(0x7f0000000380)={0x0, <r1=>0x0})
setpgid(0x0, r1)
listxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x149a82, 0x0)
sendfile(r2, r2, 0x0, 0x1)

44.167885ms ago: executing program 0 (id=1452):
prlimit64(0xffffffffffffffff, 0x7, &(0x7f00000006c0)={0x8, 0x4}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
userfaultfd(0x1)
socket$caif_stream(0x25, 0x1, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x8001000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x200, 0x168, 0x11, 0x148, 0xd0, 0x0, 0x168, 0x2a8, 0x2a8, 0x168, 0x2a8, 0x3, 0x0, {[{{@ip={@remote, @remote, 0x0, 0x0, 'hsr0\x00', 'netpci0\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@inet=@TCPMSS={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x260)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000600)=[{&(0x7f0000000a00)=""/4096}, {&(0x7f0000000280)=""/2}, {&(0x7f00000002c0)}, {&(0x7f0000000300)=""/97}, {&(0x7f0000000380)=""/181}, {&(0x7f0000000440)=""/126}, {&(0x7f00000004c0)=""/79}, {&(0x7f0000000540)=""/18}, {&(0x7f0000000580)=""/122}], 0x1000007d, 0x0, 0x3f0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = dup(r2)
write$UHID_INPUT(r3, &(0x7f0000001040)={0xc, {"a2e3ad9bed0d52f91b5a090987f70e06d038e7ff7fc6e5539b5b43078b089b3b39326d090890e0878f0e1ac6e7049b3371959b719a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074c0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x3b3cc1e9e7df1ab7}}, 0x9b)
ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000080)={'ip6erspan0\x00', @random="201a4847569b"})
socket$tipc(0x1e, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000009c0)='net/tcp6\x00')
ioperm(0x7, 0x81, 0x2)
futex_waitv(0x0, 0x0, 0x2, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0xffffffffffffffe2}, 0x1, 0x0, 0x0, 0x8096}, 0x4000040)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket(0x40000000015, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
r4 = userfaultfd(0x801)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$bt_hci(0xffffffffffffffff, &(0x7f00000002c0)={0x27, 0x0, 0x2}, 0x6)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

0s ago: executing program 3 (id=1453):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140))
r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r3}, 0x10)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100))
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000340)={@flat, @flat=@weak_binder, @flat=@weak_binder={0x70742a85}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

000 R11: 0000000000000246 R12: 0000000000000001
[  411.216078][ T9692] R13: 000000000000000b R14: 00007f1340103f60 R15: 00007ffd2cd3e568
[  411.224100][ T9692]  </TASK>
[  411.257965][ T8855] cp210x 1-1:0.0: failed to get vendor val 0x0010 size 3: -121
[  411.298748][ T5187] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  411.319126][ T9696] FAULT_INJECTION: forcing a failure.
[  411.319126][ T9696] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  411.333145][ T9696] CPU: 1 PID: 9696 Comm: syz.1.1068 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
[  411.343353][ T9696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  411.353461][ T9696] Call Trace:
[  411.356790][ T9696]  <TASK>
[  411.359757][ T9696]  dump_stack_lvl+0x241/0x360
[  411.364485][ T9696]  ? __pfx_dump_stack_lvl+0x10/0x10
[  411.369824][ T9696]  ? __pfx__printk+0x10/0x10
[  411.374466][ T9696]  ? snprintf+0xda/0x120
[  411.378762][ T9696]  should_fail_ex+0x3b0/0x4e0
[  411.383580][ T9696]  _copy_to_user+0x2f/0xb0
[  411.388051][ T9696]  simple_read_from_buffer+0xca/0x150
[  411.393470][ T9696]  proc_fail_nth_read+0x1e9/0x250
[  411.398538][ T9696]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  411.404143][ T9696]  ? rw_verify_area+0x520/0x6b0
[  411.409037][ T9696]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  411.414715][ T9696]  vfs_read+0x204/0xbc0
[  411.418917][ T9696]  ? __pfx_lock_release+0x10/0x10
[  411.423993][ T9696]  ? __pfx_vfs_read+0x10/0x10
[  411.428724][ T9696]  ? __fget_files+0x29/0x470
[  411.433452][ T9696]  ? __fget_files+0x3f6/0x470
[  411.438189][ T9696]  ksys_read+0x1a0/0x2c0
[  411.442484][ T9696]  ? __pfx_ksys_read+0x10/0x10
[  411.447285][ T9696]  ? do_syscall_64+0x100/0x230
[  411.452081][ T9696]  ? do_syscall_64+0xb6/0x230
[  411.456781][ T9696]  do_syscall_64+0xf3/0x230
[  411.461299][ T9696]  ? clear_bhb_loop+0x35/0x90
[  411.466006][ T9696]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  411.471927][ T9696] RIP: 0033:0x7f2edbf7457c
[  411.476370][ T9696] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  411.496006][ T9696] RSP: 002b:00007f2edb9ff040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  411.504533][ T9696] RAX: ffffffffffffffda RBX: 00007f2edc103f60 RCX: 00007f2edbf7457c
[  411.512520][ T9696] RDX: 000000000000000f RSI: 00007f2edb9ff0b0 RDI: 0000000000000004
[  411.520595][ T9696] RBP: 00007f2edb9ff0a0 R08: 0000000000000000 R09: 0000000000000000
[  411.528581][ T9696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  411.536567][ T9696] R13: 000000000000000b R14: 00007f2edc103f60 R15: 00007ffd1563e668
[  411.544573][ T9696]  </TASK>
[  411.571291][ T8855] cp210x 1-1:0.0: failed to get vendor val 0x000e size 678: -121
[  411.584815][ T8855] cp210x 1-1:0.0: GPIO initialisation failed: -121
[  411.602663][ T8855] usb 1-1: cp210x converter now attached to ttyUSB0
[  411.635790][ T5147] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  411.658048][ T5187] usb 4-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad
[  411.667434][ T5187] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  411.681146][ T5187] usb 4-1: config 0 descriptor??
[  411.832738][ T5147] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  411.851089][ T5147] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  411.882433][ T5147] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  411.921140][ T5147] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  411.939869][ T9676] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1060'.
[  411.961325][ T5147] usb 3-1: config 0 descriptor??
[  411.988692][ T5187] snd-usb-hiface 4-1:0.0: probe with driver snd-usb-hiface failed with error -22
[  412.020304][ T5187] usb 1-1: USB disconnect, device number 46
[  412.037075][ T5187] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  412.045458][ T5187] cp210x 1-1:0.0: device disconnected
[  412.238459][ T9682] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  412.255271][ T9682] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  412.295505][ T5187] usb 4-1: USB disconnect, device number 48
[  412.427794][ T5147] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving
[  412.456586][ T5147] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  412.596033][ T5145] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  412.767661][ T5187] usb 3-1: USB disconnect, device number 43
[  412.780532][ T5145] usb 5-1: device descriptor read/64, error -71
[  413.085872][ T5145] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  413.255793][ T5145] usb 5-1: device descriptor read/64, error -71
[  413.378861][ T5145] usb usb5-port1: attempt power cycle
[  413.509477][ T9743] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  413.682998][ T9749] FAULT_INJECTION: forcing a failure.
[  413.682998][ T9749] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  413.696572][ T9749] CPU: 1 PID: 9749 Comm: syz.2.1081 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
[  413.706344][ T9749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  413.716436][ T9749] Call Trace:
[  413.719755][ T9749]  <TASK>
[  413.722722][ T9749]  dump_stack_lvl+0x241/0x360
[  413.727452][ T9749]  ? __pfx_dump_stack_lvl+0x10/0x10
[  413.732702][ T9749]  ? __pfx__printk+0x10/0x10
[  413.737336][ T9749]  ? __pfx_lock_release+0x10/0x10
[  413.742497][ T9749]  ? __local_bh_enable_ip+0x168/0x200
[  413.747925][ T9749]  should_fail_ex+0x3b0/0x4e0
[  413.752658][ T9749]  _copy_to_user+0x2f/0xb0
[  413.757142][ T9749]  sctp_getsockopt_primary_addr+0x443/0x5b0
[  413.763105][ T9749]  ? __pfx_sctp_getsockopt_primary_addr+0x10/0x10
[  413.769598][ T9749]  ? sctp_getsockopt+0x13a/0xbb0
[  413.774569][ T9749]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  413.780310][ T9749]  sctp_getsockopt+0xa67/0xbb0
[  413.785082][ T9749]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  413.790997][ T9749]  do_sock_getsockopt+0x373/0x850
[  413.796041][ T9749]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  413.801621][ T9749]  ? __fget_files+0x3f6/0x470
[  413.806316][ T9749]  __sys_getsockopt+0x271/0x330
[  413.811189][ T9749]  ? __pfx___sys_getsockopt+0x10/0x10
[  413.816580][ T9749]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  413.822912][ T9749]  ? do_syscall_64+0x100/0x230
[  413.827772][ T9749]  __x64_sys_getsockopt+0xb5/0xd0
[  413.832811][ T9749]  do_syscall_64+0xf3/0x230
[  413.837329][ T9749]  ? clear_bhb_loop+0x35/0x90
[  413.842017][ T9749]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.847918][ T9749] RIP: 0033:0x7f27d3175a99
[  413.852334][ T9749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  413.871968][ T9749] RSP: 002b:00007f27d3ee4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  413.880390][ T9749] RAX: ffffffffffffffda RBX: 00007f27d3303f60 RCX: 00007f27d3175a99
[  413.888402][ T9749] RDX: 0000000000000006 RSI: 0000000000000084 RDI: 0000000000000000
[  413.896648][ T9749] RBP: 00007f27d3ee40a0 R08: 0000000020000340 R09: 0000000000000000
[  413.904824][ T9749] R10: 0000000020000440 R11: 0000000000000246 R12: 0000000000000001
[  413.912810][ T9749] R13: 000000000000000b R14: 00007f27d3303f60 R15: 00007ffc76da99a8
[  413.920804][ T9749]  </TASK>
[  413.996345][ T5147] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  414.025738][ T5145] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  414.098287][ T5145] usb 5-1: device descriptor read/8, error -71
[  414.227825][ T5147] usb 4-1: too many configurations: 12, using maximum allowed: 8
[  414.331210][ T5147] usb 4-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e
[  414.360374][ T5147] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  414.385902][ T5145] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  414.409934][ T5147] usb 4-1: config 0 descriptor??
[  414.437584][ T5145] usb 5-1: device descriptor read/8, error -71
[  414.518516][ T9737] overlayfs: failed to get index nlink (file1/bus, err=-61)
[  414.590487][ T5145] usb usb5-port1: unable to enumerate USB device
[  415.009514][ T9763] netlink: 9412 bytes leftover after parsing attributes in process `syz.1.1083'.
[  415.853162][ T9743] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(8)
[  415.859834][ T9743] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  415.877997][ T5189] vhci_hcd: vhci_device speed not set
[  415.939359][ T9743] vhci_hcd vhci_hcd.0: Device attached
[  416.135703][ T5145] vhci_hcd: vhci_device speed not set
[  416.207201][ T5145] usb 15-2: new full-speed USB device number 8 using vhci_hcd
[  416.279041][ T9773] kvm: emulating exchange as write
[  416.669332][ T9784] nbd: couldn't find device at index 0
[  416.709102][ T9784] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  417.612043][ T9766] vhci_hcd: connection reset by peer
[  417.619486][ T5147] usb 4-1: string descriptor 0 read error: -71
[  417.627487][  T149] vhci_hcd: stop threads
[  417.642729][  T149] vhci_hcd: release socket
[  417.652041][ T5147] usb 4-1: USB disconnect, device number 49
[  417.656095][  T149] vhci_hcd: disconnect device
[  417.686865][ T9797] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  417.785989][ T8855] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  418.019694][ T8855] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  418.068211][ T8855] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  418.101721][ T8855] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  418.113649][ T8855] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  418.163688][ T8855] usb 2-1: config 0 descriptor??
[  418.327458][ T9821] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  418.650752][ T8855] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving
[  418.689149][ T8855] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  418.805682][ T5147] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  418.963557][ T5146] usb 2-1: USB disconnect, device number 43
[  419.106391][ T5147] usb 3-1: too many configurations: 12, using maximum allowed: 8
[  419.138656][ T9830] netlink: 'syz.4.1101': attribute type 2 has an invalid length.
[  419.146596][ T9830] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1101'.
[  419.923079][ T5147] usb 3-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e
[  419.955159][ T5147] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  419.992709][ T5147] usb 3-1: config 0 descriptor??
[  420.217213][   T29] kauditd_printk_skb: 52 callbacks suppressed
[  420.217234][   T29] audit: type=1326 audit(1721260352.543:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9839 comm="syz.1.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2edbf75a99 code=0x7ffc0000
[  420.436628][   T29] audit: type=1326 audit(1721260352.583:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9839 comm="syz.1.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2edbf75a99 code=0x7ffc0000
[  420.445971][ T9846] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  420.555200][   T29] audit: type=1326 audit(1721260352.623:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9839 comm="syz.1.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7f2edbf75a99 code=0x7ffc0000
[  420.635187][ T9849] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(9)
[  420.641762][ T9849] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  420.673376][ T9849] vhci_hcd vhci_hcd.0: Device attached
[  420.675693][ T5187] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  420.715882][   T29] audit: type=1326 audit(1721260352.623:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9839 comm="syz.1.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2edbf75a99 code=0x7ffc0000
[  420.839331][   T29] audit: type=1326 audit(1721260352.623:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9839 comm="syz.1.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2edbf75a99 code=0x7ffc0000
[  420.862798][ T8855] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  420.934631][   T29] audit: type=1326 audit(1721260352.623:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9839 comm="syz.1.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2edbf75a99 code=0x7ffc0000
[  420.974553][ T5187] usb 2-1: descriptor type invalid, skip
[  420.985405][ T5187] usb 2-1: descriptor type invalid, skip
[  421.004453][ T5146] vhci_hcd: vhci_device speed not set
[  421.027313][ T5187] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32
[  421.078777][   T29] audit: type=1326 audit(1721260352.623:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9839 comm="syz.1.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2edbf75a99 code=0x7ffc0000
[  421.139733][ T5187] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  421.163906][ T5187] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  421.194761][   T29] audit: type=1326 audit(1721260352.633:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9839 comm="syz.1.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2edbf75a99 code=0x7ffc0000
[  421.195657][ T5146] usb 13-2: new full-speed USB device number 9 using vhci_hcd
[  421.228019][ T5187] usb 2-1: Product: ࠝ
[  421.232233][ T5187] usb 2-1: Manufacturer: Ḩ
[  421.253807][ T8855] usb 5-1: too many configurations: 12, using maximum allowed: 8
[  421.317360][   T29] audit: type=1326 audit(1721260352.643:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9839 comm="syz.1.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2edbf75a99 code=0x7ffc0000
[  421.389924][ T5145] vhci_hcd: vhci_device speed not set
[  421.450577][   T29] audit: type=1326 audit(1721260352.643:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9839 comm="syz.1.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f2edbf75a99 code=0x7ffc0000
[  421.465005][ T8855] usb 5-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e
[  421.545506][ T8855] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  422.223449][ T9841] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1103'.
[  422.277358][ T8855] usb 5-1: config 0 descriptor??
[  422.346183][ T5187] cdc_ncm 2-1:1.0: bind() failure
[  422.389518][ T5187] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  422.470393][ T9850] vhci_hcd: connection reset by peer
[  422.476563][ T8737] vhci_hcd: stop threads
[  422.481621][ T8737] vhci_hcd: release socket
[  422.492824][ T5147] usb 3-1: string descriptor 0 read error: -71
[  422.508389][ T5187] cdc_ncm 2-1:1.1: bind() failure
[  422.535986][ T8737] vhci_hcd: disconnect device
[  422.564505][ T5147] usb 3-1: USB disconnect, device number 44
[  422.575786][ T5187] usb 2-1: USB disconnect, device number 44
[  422.618484][ T9846] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(8)
[  422.625047][ T9846] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  422.648651][ T9846] vhci_hcd vhci_hcd.0: Device attached
[  422.925908][ T5148] vhci_hcd: vhci_device speed not set
[  423.005752][ T5148] usb 17-2: new full-speed USB device number 10 using vhci_hcd
[  423.785426][ T9864] vhci_hcd: connection reset by peer
[  423.791546][   T12] vhci_hcd: stop threads
[  423.798334][ T8855] usb 5-1: string descriptor 0 read error: -71
[  423.816978][   T12] vhci_hcd: release socket
[  423.832097][ T8855] usb 5-1: USB disconnect, device number 48
[  423.832981][   T12] vhci_hcd: disconnect device
[  424.135661][ T5150] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  425.025668][ T5187] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  425.071223][ T5150] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  425.105776][ T5150] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  425.137212][ T5150] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  425.152419][ T5150] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  425.164545][ T5150] usb 4-1: config 0 descriptor??
[  425.227793][ T5187] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  425.244791][ T5187] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  425.260817][ T5187] usb 3-1: config 0 descriptor??
[  425.284403][ T5187] cp210x 3-1:0.0: cp210x converter detected
[  426.023417][ T5150] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving
[  426.110485][ T5150] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  426.379081][ T5187] cp210x 3-1:0.0: failed to get vendor val 0x0010 size 3: -121
[  426.447480][ T9915] FAULT_INJECTION: forcing a failure.
[  426.447480][ T9915] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  426.462416][ T9915] CPU: 1 PID: 9915 Comm: syz.1.1122 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
[  426.472182][ T9915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  426.482258][ T9915] Call Trace:
[  426.485551][ T9915]  <TASK>
[  426.488502][ T9915]  dump_stack_lvl+0x241/0x360
[  426.493219][ T9915]  ? __pfx_dump_stack_lvl+0x10/0x10
[  426.498461][ T9915]  ? __pfx__printk+0x10/0x10
[  426.503101][ T9915]  ? __pfx_lock_release+0x10/0x10
[  426.508149][ T9915]  should_fail_ex+0x3b0/0x4e0
[  426.512851][ T9915]  strncpy_from_user+0x36/0x2e0
[  426.517718][ T9915]  ? kmem_cache_alloc_noprof+0x185/0x2a0
[  426.518983][ T5146] vhci_hcd: vhci_device speed not set
[  426.523382][ T9915]  getname_flags+0xf1/0x540
[  426.533366][ T9915]  user_path_at+0x24/0x60
[  426.537740][ T9915]  path_setxattr+0xaf/0x2a0
[  426.542275][ T9915]  ? __pfx_path_setxattr+0x10/0x10
[  426.547424][ T9915]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  426.553790][ T9915]  ? do_syscall_64+0x100/0x230
[  426.558771][ T9915]  __x64_sys_lsetxattr+0xb8/0xd0
[  426.563750][ T9915]  do_syscall_64+0xf3/0x230
[  426.568291][ T9915]  ? clear_bhb_loop+0x35/0x90
[  426.573003][ T9915]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.578938][ T9915] RIP: 0033:0x7f2edbf75a99
[  426.583382][ T9915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  426.603005][ T9915] RSP: 002b:00007f2edb9ff048 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  426.611442][ T9915] RAX: ffffffffffffffda RBX: 00007f2edc103f60 RCX: 00007f2edbf75a99
[  426.619447][ T9915] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
[  426.627436][ T9915] RBP: 00007f2edb9ff0a0 R08: 0000000000000004 R09: 0000000000000000
[  426.635433][ T9915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  426.643445][ T9915] R13: 000000000000000b R14: 00007f2edc103f60 R15: 00007ffd1563e668
[  426.651452][ T9915]  </TASK>
[  426.781067][ T5150] usb 4-1: USB disconnect, device number 50
[  426.801614][ T5187] cp210x 3-1:0.0: failed to get vendor val 0x000e size 678: -121
[  426.826926][ T5187] cp210x 3-1:0.0: GPIO initialisation failed: -121
[  426.870715][ T5187] usb 3-1: cp210x converter now attached to ttyUSB0
[  426.873557][ T9918] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  427.164913][ T9888] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1114'.
[  427.395789][ T5187] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  428.111012][ T5145] usb 3-1: USB disconnect, device number 45
[  428.117778][ T5187] usb 1-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad
[  428.163499][ T5187] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  428.177216][ T5145] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  428.185942][ T5148] vhci_hcd: vhci_device speed not set
[  428.188475][ T5145] cp210x 3-1:0.0: device disconnected
[  428.197811][ T5187] usb 1-1: config 0 descriptor??
[  428.260665][ T9928] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1125'.
[  428.415021][ T5187] snd-usb-hiface 1-1:0.0: probe with driver snd-usb-hiface failed with error -22
[  428.512242][ T9935] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  428.618794][ T9913] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  428.639364][ T9913] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  428.681427][ T5145] usb 1-1: USB disconnect, device number 47
[  428.855707][ T5187] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  429.077017][ T5187] usb 2-1: too many configurations: 12, using maximum allowed: 8
[  429.191035][ T5187] usb 2-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e
[  429.226720][ T5187] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.258121][ T5187] usb 2-1: config 0 descriptor??
[  429.715605][ T9935] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(8)
[  429.722182][ T9935] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  429.771915][ T9935] vhci_hcd vhci_hcd.0: Device attached
[  430.770958][ T5147] vhci_hcd: vhci_device speed not set
[  431.034301][ T5147] usb 11-2: new full-speed USB device number 9 using vhci_hcd
[  431.043274][ T8855] usb 5-1: new low-speed USB device number 49 using dummy_hcd
[  433.498458][   T29] kauditd_printk_skb: 51 callbacks suppressed
[  433.498480][   T29] audit: type=1326 audit(1721260363.993:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9963 comm="syz.0.1135" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc87a975a99 code=0x0
[  434.218508][ T8855] usb 5-1: device descriptor read/all, error -71
[  434.317846][ T5187] usb 2-1: string descriptor 0 read error: -32
[  434.410023][ T9977] FAULT_INJECTION: forcing a failure.
[  434.410023][ T9977] name failslab, interval 1, probability 0, space 0, times 0
[  434.427419][ T9977] CPU: 1 PID: 9977 Comm: syz.4.1138 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
[  434.437203][ T9977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  434.447302][ T9977] Call Trace:
[  434.450615][ T9977]  <TASK>
[  434.454701][ T9977]  dump_stack_lvl+0x241/0x360
[  434.459595][ T9977]  ? __pfx_dump_stack_lvl+0x10/0x10
[  434.464832][ T9977]  ? __pfx__printk+0x10/0x10
[  434.469467][ T9977]  ? __pfx___might_resched+0x10/0x10
[  434.474787][ T9977]  ? dynamic_dname+0x141/0x1b0
[  434.479605][ T9977]  should_fail_ex+0x3b0/0x4e0
[  434.484327][ T9977]  ? tomoyo_encode+0x26f/0x540
[  434.489150][ T9977]  should_failslab+0x9/0x20
[  434.493707][ T9977]  __kmalloc_noprof+0xd8/0x400
[  434.498523][ T9977]  tomoyo_encode+0x26f/0x540
[  434.503182][ T9977]  ? __pfx_anon_inodefs_dname+0x10/0x10
[  434.508762][ T9977]  tomoyo_realpath_from_path+0x59e/0x5e0
[  434.514523][ T9977]  tomoyo_path_number_perm+0x23a/0x880
[  434.520018][ T9977]  ? tomoyo_path_number_perm+0x208/0x880
[  434.525687][ T9977]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  434.531729][ T9977]  ? __fget_files+0x29/0x470
[  434.536342][ T9977]  ? __fget_files+0x3f6/0x470
[  434.541033][ T9977]  ? __fget_files+0x29/0x470
[  434.545646][ T9977]  security_file_ioctl+0x75/0xb0
[  434.550606][ T9977]  __se_sys_ioctl+0x47/0x170
[  434.555312][ T9977]  do_syscall_64+0xf3/0x230
[  434.559834][ T9977]  ? clear_bhb_loop+0x35/0x90
[  434.564527][ T9977]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.570431][ T9977] RIP: 0033:0x7f133ff75a99
[  434.574856][ T9977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  434.594477][ T9977] RSP: 002b:00007f1340d7f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  434.602906][ T9977] RAX: ffffffffffffffda RBX: 00007f1340103f60 RCX: 00007f133ff75a99
[  434.610906][ T9977] RDX: 0000000020000640 RSI: 000000004018aee2 RDI: 0000000000000005
[  434.618886][ T9977] RBP: 00007f1340d7f0a0 R08: 0000000000000000 R09: 0000000000000000
[  434.626871][ T9977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  434.634863][ T9977] R13: 000000000000000b R14: 00007f1340103f60 R15: 00007ffd2cd3e568
[  434.642859][ T9977]  </TASK>
[  434.652832][ T9977] ERROR: Out of memory at tomoyo_realpath_from_path.
[  434.670084][ T9976] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1136'.
[  434.726411][ T5146] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  434.843810][ T9984] FAULT_INJECTION: forcing a failure.
[  434.843810][ T9984] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  434.858072][ T9984] CPU: 0 PID: 9984 Comm: syz.0.1140 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
[  434.867838][ T9984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  434.877940][ T9984] Call Trace:
[  434.881258][ T9984]  <TASK>
[  434.884314][ T9984]  dump_stack_lvl+0x241/0x360
[  434.889042][ T9984]  ? __pfx_dump_stack_lvl+0x10/0x10
[  434.894290][ T9984]  ? __pfx__printk+0x10/0x10
[  434.898934][ T9984]  ? __pfx_lock_release+0x10/0x10
[  434.904117][ T9984]  should_fail_ex+0x3b0/0x4e0
[  434.908868][ T9984]  _copy_from_user+0x2f/0xe0
[  434.913513][ T9984]  copy_msghdr_from_user+0xae/0x680
[  434.918777][ T9984]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  434.924641][ T9984]  __sys_sendmsg+0x23d/0x3a0
[  434.929280][ T9984]  ? __pfx___sys_sendmsg+0x10/0x10
[  434.934430][ T9984]  ? vfs_write+0x7c4/0xc90
[  434.938929][ T9984]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  434.945289][ T9984]  ? do_syscall_64+0x100/0x230
[  434.950067][ T9984]  ? do_syscall_64+0xb6/0x230
[  434.954788][ T9984]  do_syscall_64+0xf3/0x230
[  434.959335][ T9984]  ? clear_bhb_loop+0x35/0x90
[  434.964061][ T9984]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.970012][ T9984] RIP: 0033:0x7fc87a975a99
[  434.974478][ T9984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  434.994136][ T9984] RSP: 002b:00007fc87b737048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  435.002600][ T9984] RAX: ffffffffffffffda RBX: 00007fc87ab03f60 RCX: 00007fc87a975a99
[  435.010617][ T9984] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005
[  435.018630][ T9984] RBP: 00007fc87b7370a0 R08: 0000000000000000 R09: 0000000000000000
[  435.026640][ T9984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  435.034642][ T9984] R13: 000000000000000b R14: 00007fc87ab03f60 R15: 00007ffcc6262f38
[  435.042646][ T9984]  </TASK>
[  435.097579][ T5146] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  435.120934][ T5146] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  435.125905][ T5187] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  435.153172][ T5146] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  435.170647][ T5146] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  435.187670][ T5146] usb 4-1: config 0 descriptor??
[  435.327926][ T5187] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  435.351686][ T5187] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  435.373267][ T5187] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  435.384210][ T5187] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  435.433176][ T5187] usb 3-1: config 0 descriptor??
[  435.542526][ T9951] vhci_hcd: connection reset by peer
[  435.548781][ T5145] usb 2-1: USB disconnect, device number 45
[  435.579068][   T12] vhci_hcd: stop threads
[  435.584251][   T12] vhci_hcd: release socket
[  435.589507][   T12] vhci_hcd: disconnect device
[  435.651836][ T5146] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving
[  435.676789][ T5146] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  436.181841][ T5147] vhci_hcd: vhci_device speed not set
[  436.633040][ T5187] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving
[  436.679923][ T5187] plantronics 0003:047F:FFFF.000D: hiddev1,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  436.706483][ T5150] usb 4-1: USB disconnect, device number 51
[  436.740408][ T5187] usb 3-1: USB disconnect, device number 46
[  436.915766][   T59] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  437.005769][ T5146] usb 2-1: new low-speed USB device number 46 using dummy_hcd
[  437.095698][   T59] usb 5-1: Using ep0 maxpacket: 8
[  437.111322][   T59] usb 5-1: New USB device found, idVendor=337d, idProduct=503c, bcdDevice=22.8c
[  437.120568][   T59] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.128718][   T59] usb 5-1: Product: syz
[  437.132921][   T59] usb 5-1: Manufacturer: syz
[  437.144429][   T59] usb 5-1: SerialNumber: syz
[  437.151090][   T59] usb 5-1: config 0 descriptor??
[  437.207819][ T5146] usb 2-1: config 16 has an invalid interface number: 1 but max is 0
[  437.216375][ T5146] usb 2-1: config 16 has no interface number 0
[  437.223089][ T5146] usb 2-1: config 16 interface 1 altsetting 0 endpoint 0x5 is Bulk; changing to Interrupt
[  437.233136][ T5146] usb 2-1: config 16 interface 1 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  437.254313][ T5146] usb 2-1: config 16 interface 1 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  437.269117][ T5146] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  437.278637][ T5146] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  437.293031][ T5146] usbtmc 2-1:16.1: bulk endpoints not found
[  437.470159][T10018] FAULT_INJECTION: forcing a failure.
[  437.470159][T10018] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  437.483918][T10018] CPU: 0 PID: 10018 Comm: syz.3.1151 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
[  437.493776][T10018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  437.503868][T10018] Call Trace:
[  437.507173][T10018]  <TASK>
[  437.510132][T10018]  dump_stack_lvl+0x241/0x360
[  437.514858][T10018]  ? __pfx_dump_stack_lvl+0x10/0x10
[  437.520100][T10018]  ? __pfx__printk+0x10/0x10
[  437.524698][T10018]  ? __pfx_lock_release+0x10/0x10
[  437.529754][T10018]  ? __local_bh_enable_ip+0x168/0x200
[  437.535260][T10018]  ? copy_fpstate_to_sigframe+0x175/0xd90
[  437.541041][T10018]  should_fail_ex+0x3b0/0x4e0
[  437.545770][T10018]  copy_fpstate_to_sigframe+0xa87/0xd90
[  437.551369][T10018]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  437.555254][ T5150] usb 2-1: USB disconnect, device number 46
[  437.557461][T10018]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  437.557503][T10018]  ? __pfx_lock_acquire+0x10/0x10
[  437.557537][T10018]  ? do_raw_spin_lock+0x14f/0x370
[  437.557562][T10018]  ? fpu__alloc_mathframe+0xab/0x130
[  437.557596][T10018]  get_sigframe+0x55d/0x700
[  437.557637][T10018]  ? __pfx_get_sigframe+0x10/0x10
[  437.594678][T10018]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  437.600697][T10018]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  437.607036][T10018]  ? _raw_spin_lock_irq+0xdf/0x120
[  437.612177][T10018]  x64_setup_rt_frame+0x180/0xcc0
[  437.617232][T10018]  ? lockdep_hardirqs_on+0x99/0x150
[  437.622461][T10018]  ? _raw_spin_unlock_irq+0x2e/0x50
[  437.627702][T10018]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[  437.633283][T10018]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  437.639326][T10018]  arch_do_signal_or_restart+0x458/0x860
[  437.644993][T10018]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  437.651172][T10018]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  437.657200][T10018]  ? syscall_exit_to_user_mode+0xa3/0x370
[  437.662950][T10018]  syscall_exit_to_user_mode+0xc9/0x370
[  437.668525][T10018]  do_syscall_64+0x100/0x230
[  437.673146][T10018]  ? clear_bhb_loop+0x35/0x90
[  437.677852][T10018]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  437.683775][T10018] RIP: 0033:0x7f8819375a97
[  437.688295][T10018] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[  437.708199][T10018] RSP: 002b:00007f881a131048 EFLAGS: 00000246 ORIG_RAX: 0000000000000116
[  437.716637][T10018] RAX: 0000000000000116 RBX: 00007f8819503f60 RCX: 00007f8819375a99
[  437.724630][T10018] RDX: 000000000000000f RSI: 00000000200014c0 RDI: 0000000000000004
[  437.732625][T10018] RBP: 00007f881a1310a0 R08: 0000000000000000 R09: 0000000000000000
[  437.740608][T10018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  437.748610][T10018] R13: 000000000000000b R14: 00007f8819503f60 R15: 00007ffed7218268
[  437.756611][T10018]  </TASK>
[  437.764921][T10020] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1150'.
[  438.064214][T10031] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  438.437866][ T5146] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  438.558449][T10043] x_tables: ip_tables: ah match: only valid for protocol 51
[  438.738240][ T5146] usb 3-1: too many configurations: 12, using maximum allowed: 8
[  438.845397][ T5146] usb 3-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e
[  438.868481][ T5146] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  438.900029][ T5146] usb 3-1: config 0 descriptor??
[  439.260874][T10031] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(9)
[  439.267538][T10031] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  439.339399][T10031] vhci_hcd vhci_hcd.0: Device attached
[  439.525815][ T5147] vhci_hcd: vhci_device speed not set
[  439.565597][T10055] 9p: Unknown Cache mode or invalid value l
[  439.606093][ T5147] usb 13-2: new full-speed USB device number 10 using vhci_hcd
[  440.019472][ T8855] usb 5-1: USB disconnect, device number 51
[  445.531469][ T5146] usb 3-1: string descriptor 0 read error: -32
[  445.807082][ T1251] ieee802154 phy0 wpan0: encryption failed: -22
[  445.813481][ T1251] ieee802154 phy1 wpan1: encryption failed: -22
[  446.727063][T10050] vhci_hcd: connection reset by peer
[  446.740554][ T9490] vhci_hcd: stop threads
[  446.744838][ T9490] vhci_hcd: release socket
[  446.750299][ T5145] usb 3-1: USB disconnect, device number 47
[  446.788859][ T9490] vhci_hcd: disconnect device
[  446.875974][ T5147] vhci_hcd: vhci_device speed not set
[  447.075646][T10072] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1163'.
[  447.091063][ T5111] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  447.111523][ T5111] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  447.130116][ T5111] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  447.138328][T10083] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  447.147740][ T5111] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  447.156776][ T5111] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  447.168374][ T5111] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  447.453189][ T9489] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  447.658100][ T8855] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  447.737575][ T9489] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  447.897532][ T8855] usb 1-1: too many configurations: 12, using maximum allowed: 8
[  448.015848][ T8855] usb 1-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e
[  448.031943][ T8855] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  448.048248][ T8855] usb 1-1: config 0 descriptor??
[  448.099700][ T9489] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.299977][ T9489] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.312030][T10083] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(8)
[  448.318596][T10083] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  448.335634][T10083] vhci_hcd vhci_hcd.0: Device attached
[  448.551301][ T5189] vhci_hcd: vhci_device speed not set
[  448.685773][ T5189] usb 9-2: new full-speed USB device number 8 using vhci_hcd
[  449.205672][ T5103] Bluetooth: hci2: command tx timeout
[  449.247264][ T9489] bridge_slave_1: left allmulticast mode
[  449.253143][ T9489] bridge_slave_1: left promiscuous mode
[  449.261244][ T9489] bridge0: port 2(bridge_slave_1) entered disabled state
[  449.274084][T10096] vhci_hcd: connection reset by peer
[  449.274150][   T29] audit: type=1326 audit(1721260381.583:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10102 comm="syz.2.1169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  449.281369][ T8855] usb 1-1: string descriptor 0 read error: -71
[  449.342370][ T8855] usb 1-1: USB disconnect, device number 48
[  449.343819][ T9490] vhci_hcd: stop threads
[  449.374245][ T9489] bridge_slave_0: left allmulticast mode
[  449.395063][T10109] netlink: 9412 bytes leftover after parsing attributes in process `syz.1.1168'.
[  449.409152][ T9490] vhci_hcd: release socket
[  449.418377][ T9489] bridge_slave_0: left promiscuous mode
[  449.421070][   T29] audit: type=1326 audit(1721260381.583:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10102 comm="syz.2.1169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  449.424189][ T9489] bridge0: port 1(bridge_slave_0) entered disabled state
[  449.485846][ T9490] vhci_hcd: disconnect device
[  449.503249][   T29] audit: type=1326 audit(1721260381.643:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10102 comm="syz.2.1169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  449.582263][   T29] audit: type=1326 audit(1721260381.643:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10102 comm="syz.2.1169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  449.607849][   T29] audit: type=1326 audit(1721260381.643:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10102 comm="syz.2.1169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  449.663924][   T29] audit: type=1326 audit(1721260381.643:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10102 comm="syz.2.1169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  449.702929][   T29] audit: type=1326 audit(1721260381.643:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10102 comm="syz.2.1169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  449.727058][ T5187] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  449.743007][   T29] audit: type=1326 audit(1721260381.643:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10102 comm="syz.2.1169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  449.781624][   T29] audit: type=1326 audit(1721260381.643:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10102 comm="syz.2.1169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  449.810685][   T29] audit: type=1326 audit(1721260381.643:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10102 comm="syz.2.1169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  449.846835][ T5145] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  449.965976][ T5187] usb 3-1: descriptor type invalid, skip
[  449.971877][ T5187] usb 3-1: descriptor type invalid, skip
[  450.012014][ T5187] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32
[  450.067678][ T5145] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  450.082505][ T5145] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  450.095260][ T5145] usb 4-1: config 0 descriptor??
[  450.104087][ T5145] cp210x 4-1:0.0: cp210x converter detected
[  450.121593][ T5187] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  450.144361][ T5187] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  450.154939][ T5187] usb 3-1: Product: ࠝ
[  450.162197][ T5187] usb 3-1: Manufacturer: Ḩ
[  450.531345][ T9489] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  450.551273][ T9489] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  450.589885][ T9489] bond0 (unregistering): Released all slaves
[  450.658263][T10104] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1169'.
[  450.678676][ T5145] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -121
[  450.727053][T10080] chnl_net:caif_netlink_parms(): no params data found
[  450.740316][ T5187] cdc_ncm 3-1:1.0: bind() failure
[  450.774266][ T5187] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  450.794729][ T5187] cdc_ncm 3-1:1.1: bind() failure
[  450.859362][ T5187] usb 3-1: USB disconnect, device number 48
[  450.885459][ T5145] cp210x 4-1:0.0: failed to get vendor val 0x000e size 678: -121
[  450.913012][ T5145] cp210x 4-1:0.0: GPIO initialisation failed: -121
[  450.943660][ T5145] usb 4-1: cp210x converter now attached to ttyUSB0
[  451.219766][T10113] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1170'.
[  451.278175][ T5103] Bluetooth: hci2: command tx timeout
[  451.290433][ T5149] usb 4-1: USB disconnect, device number 52
[  451.298130][T10127] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  451.321467][ T5149] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  451.346857][ T5149] cp210x 4-1:0.0: device disconnected
[  451.473240][ T9489] hsr_slave_0: left promiscuous mode
[  451.490618][ T9489] hsr_slave_1: left promiscuous mode
[  451.515888][ T9489] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  451.524580][ T9489] batman_adv: batadv0: Removing interface: batadv_slave_0
[  451.540882][ T9489] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  451.555936][ T9489] batman_adv: batadv0: Removing interface: batadv_slave_1
[  451.575693][ T5187] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  451.612290][ T9489] veth1_macvtap: left promiscuous mode
[  451.624433][ T9489] veth0_macvtap: left promiscuous mode
[  451.631632][ T9489] veth1_vlan: left promiscuous mode
[  451.637212][ T9489] veth0_vlan: left promiscuous mode
[  451.642689][ T5147] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  451.795644][ T5187] usb 2-1: Using ep0 maxpacket: 16
[  451.814803][ T5187] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  451.840519][ T5147] usb 1-1: too many configurations: 12, using maximum allowed: 8
[  451.875328][ T5187] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87
[  451.924384][ T5187] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 152, changing to 11
[  451.973830][ T5187] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 8285, setting to 1024
[  451.987517][ T5147] usb 1-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e
[  452.015143][ T5147] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  452.054613][ T5147] usb 1-1: config 0 descriptor??
[  452.062527][ T5187] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  452.139060][ T5187] usb 2-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  452.192519][ T5187] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  452.268765][ T5187] usb 2-1: Product: syz
[  452.294013][ T5187] usb 2-1: Manufacturer: syz
[  452.307836][T10127] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(9)
[  452.314395][T10127] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  452.333759][ T5187] usb 2-1: SerialNumber: syz
[  452.359517][T10127] vhci_hcd vhci_hcd.0: Device attached
[  452.382206][ T5187] usb 2-1: config 0 descriptor??
[  452.653382][ T5187] appledisplay 2-1:0.0: Error while getting initial brightness: -71
[  452.674000][ T5187] appledisplay 2-1:0.0: probe with driver appledisplay failed with error -71
[  452.737631][ T5187] usb 2-1: USB disconnect, device number 47
[  453.134394][ T9489] team0 (unregistering): Port device team_slave_1 removed
[  453.357582][ T5103] Bluetooth: hci2: command tx timeout
[  453.455786][ T5187] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  453.675670][ T5187] usb 2-1: Using ep0 maxpacket: 8
[  453.701745][ T5187] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  453.718012][ T5187] usb 2-1: config 0 has no interface number 0
[  453.732765][ T5187] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  453.783558][ T5187] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  453.815251][ T5187] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  453.864103][ T5187] usb 2-1: config 0 descriptor??
[  453.898940][ T5187] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  453.969103][T10141] vhci_hcd: connection reset by peer
[  453.976086][ T5147] usb 1-1: string descriptor 0 read error: -71
[  453.992761][   T35] vhci_hcd: stop threads
[  454.006092][ T5147] usb 1-1: USB disconnect, device number 49
[  454.012154][   T35] vhci_hcd: release socket
[  454.022309][   T35] vhci_hcd: disconnect device
[  454.113316][T10126] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  454.124023][T10126] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  454.124049][ T5189] vhci_hcd: vhci_device speed not set
[  454.321966][T10140] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1176'.
[  454.373583][T10126] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  454.374665][T10080] bridge0: port 1(bridge_slave_0) entered blocking state
[  454.397888][T10126] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  454.422647][T10126] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  454.426553][T10080] bridge0: port 1(bridge_slave_0) entered disabled state
[  454.440096][T10126] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  454.445863][T10080] bridge_slave_0: entered allmulticast mode
[  454.463854][T10080] bridge_slave_0: entered promiscuous mode
[  454.492108][T10080] bridge0: port 2(bridge_slave_1) entered blocking state
[  454.521741][T10080] bridge0: port 2(bridge_slave_1) entered disabled state
[  454.543087][T10080] bridge_slave_1: entered allmulticast mode
[  454.567186][T10080] bridge_slave_1: entered promiscuous mode
[  454.647329][T10154] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1180'.
[  454.651902][T10080] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  454.721005][T10080] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  454.822893][T10080] team0: Port device team_slave_0 added
[  454.836936][T10080] team0: Port device team_slave_1 added
[  454.970947][T10080] batman_adv: batadv0: Adding interface: batadv_slave_0
[  454.986741][T10080] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  455.020055][T10080] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  455.052690][T10080] batman_adv: batadv0: Adding interface: batadv_slave_1
[  455.063040][T10080] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  455.091409][T10080] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  455.445329][T10080] hsr_slave_0: entered promiscuous mode
[  455.445803][ T5103] Bluetooth: hci2: command tx timeout
[  455.460280][T10080] hsr_slave_1: entered promiscuous mode
[  455.475806][T10167] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1182'.
[  455.503885][T10080] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  455.545069][T10080] Cannot create hsr debugfs directory
[  457.868061][ T8855] usb 2-1: USB disconnect, device number 48
[  457.890908][ T8855] iowarrior 2-1:0.1: I/O-Warror #0 now disconnected
[  457.994332][   T29] kauditd_printk_skb: 56 callbacks suppressed
[  457.994351][   T29] audit: type=1326 audit(1721260390.313:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10179 comm="syz.2.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  458.040890][   T29] audit: type=1326 audit(1721260390.363:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10179 comm="syz.2.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  458.065741][   T29] audit: type=1326 audit(1721260390.383:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10179 comm="syz.2.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  458.095082][   T29] audit: type=1326 audit(1721260390.383:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10179 comm="syz.2.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  458.117144][   T29] audit: type=1326 audit(1721260390.383:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10179 comm="syz.2.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  458.140118][   T29] audit: type=1326 audit(1721260390.413:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10179 comm="syz.2.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  458.187852][   T29] audit: type=1326 audit(1721260390.413:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10179 comm="syz.2.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  458.223943][   T29] audit: type=1326 audit(1721260390.413:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10179 comm="syz.2.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  458.251920][   T29] audit: type=1326 audit(1721260390.413:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10179 comm="syz.2.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  458.277130][ T5187] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  458.290731][   T29] audit: type=1326 audit(1721260390.413:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10179 comm="syz.2.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  458.356797][ T5189] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  458.425749][ T8855] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  458.509505][ T5187] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  458.524701][T10080] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  458.531906][ T5187] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  458.548789][ T5187] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  458.550161][T10080] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  458.558693][ T5187] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  458.577537][ T5187] usb 1-1: config 0 descriptor??
[  458.591722][ T5189] usb 3-1: descriptor type invalid, skip
[  458.597841][ T5189] usb 3-1: descriptor type invalid, skip
[  458.612079][ T5189] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32
[  458.625307][ T8855] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  458.638724][T10080] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  458.649022][ T8855] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  458.692773][T10080] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  458.693157][ T5189] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  458.711181][ T8855] usb 2-1: New USB device found, idVendor=046d, idProduct=c623, bcdDevice= 0.00
[  458.734876][ T8855] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  458.743489][ T5189] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  458.752314][ T5189] usb 3-1: Product: ࠝ
[  458.773211][ T8855] usb 2-1: config 0 descriptor??
[  458.779788][ T5189] usb 3-1: Manufacturer: Ḩ
[  458.798066][ T8855] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  459.041714][ T5187] usbhid 1-1:0.0: can't add hid device: -71
[  459.042922][T10080] 8021q: adding VLAN 0 to HW filter on device bond0
[  459.071448][ T5187] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  459.075908][T10181] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1184'.
[  459.083711][ T5187] usb 1-1: USB disconnect, device number 50
[  459.122740][T10080] 8021q: adding VLAN 0 to HW filter on device team0
[  459.149688][ T5189] cdc_ncm 3-1:1.0: bind() failure
[  459.166561][ T5147] bridge0: port 1(bridge_slave_0) entered blocking state
[  459.173746][ T5147] bridge0: port 1(bridge_slave_0) entered forwarding state
[  459.184514][ T5189] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  459.192773][ T5189] cdc_ncm 3-1:1.1: bind() failure
[  459.214017][ T5147] bridge0: port 2(bridge_slave_1) entered blocking state
[  459.221282][ T5147] bridge0: port 2(bridge_slave_1) entered forwarding state
[  459.229945][ T5189] usb 3-1: USB disconnect, device number 49
[  459.381685][T10193] FAULT_INJECTION: forcing a failure.
[  459.381685][T10193] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  459.403326][T10193] CPU: 1 PID: 10193 Comm: syz.3.1188 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
[  459.413374][T10193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  459.423463][T10193] Call Trace:
[  459.426768][T10193]  <TASK>
[  459.429741][T10193]  dump_stack_lvl+0x241/0x360
[  459.434470][T10193]  ? __pfx_dump_stack_lvl+0x10/0x10
[  459.439723][T10193]  ? __pfx__printk+0x10/0x10
[  459.444369][T10193]  ? __pfx_lock_release+0x10/0x10
[  459.449443][T10193]  should_fail_ex+0x3b0/0x4e0
[  459.454174][T10193]  _copy_to_user+0x2f/0xb0
[  459.458637][T10193]  sctp_getsockopt_pr_assocstatus+0x6f2/0x850
[  459.464740][T10193]  ? __local_bh_enable_ip+0x168/0x200
[  459.470132][T10193]  ? __pfx_sctp_getsockopt_pr_assocstatus+0x10/0x10
[  459.476741][T10193]  ? sctp_getsockopt+0x13a/0xbb0
[  459.481703][T10193]  sctp_getsockopt+0x9d1/0xbb0
[  459.486490][T10193]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  459.492416][T10193]  do_sock_getsockopt+0x373/0x850
[  459.497486][T10193]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  459.503064][T10193]  ? __fget_files+0x3f6/0x470
[  459.507783][T10193]  __sys_getsockopt+0x271/0x330
[  459.512687][T10193]  ? __pfx___sys_getsockopt+0x10/0x10
[  459.518106][T10193]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  459.524453][T10193]  ? do_syscall_64+0x100/0x230
[  459.529242][T10193]  __x64_sys_getsockopt+0xb5/0xd0
[  459.534299][T10193]  do_syscall_64+0xf3/0x230
[  459.538815][T10193]  ? clear_bhb_loop+0x35/0x90
[  459.543511][T10193]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.549417][T10193] RIP: 0033:0x7f8819375a99
[  459.553845][T10193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  459.573460][T10193] RSP: 002b:00007f881a110048 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  459.581898][T10193] RAX: ffffffffffffffda RBX: 00007f8819504038 RCX: 00007f8819375a99
[  459.589883][T10193] RDX: 0000000000000073 RSI: 0000000000000084 RDI: 0000000000000003
[  459.597862][T10193] RBP: 00007f881a1100a0 R08: 0000000020000200 R09: 0000000000000000
[  459.605928][T10193] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000001
[  459.613910][T10193] R13: 000000000000006e R14: 00007f8819504038 R15: 00007ffed7218268
[  459.621911][T10193]  </TASK>
[  459.716120][T10080] 8021q: adding VLAN 0 to HW filter on device batadv0
[  459.925018][T10206] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  460.074137][T10212] [U] 
[  460.077279][T10212] [U] 
[  460.080011][T10212] [U] 
[  460.082753][T10212] [U] 
[  460.094658][T10212] [U] 
[  460.097403][T10212] [U] 
[  460.100096][T10212] [U] 
[  460.102786][T10212] [U] 
[  460.110191][T10212] [U] 
[  460.113042][T10212] [U] 
[  460.115802][T10212] [U] 
[  460.118531][T10212] [U] 
[  460.126166][T10212] [U] 
[  460.128923][T10212] [U] 
[  460.131652][T10212] [U] 
[  460.134385][T10212] [U] 
[  460.139982][T10212] [U] 
[  460.142719][T10212] [U] 
[  460.145459][T10212] [U] 
[  460.148192][T10212] [U] 
[  460.166789][T10212] [U] 
[  460.169540][T10212] [U] 
[  460.172269][T10212] [U] 
[  460.175007][T10212] [U] 
[  460.215350][T10212] [U] 
[  460.218126][T10212] [U] 
[  460.220254][T10197] trusted_key: encrypted_key: master key parameter '��g9*pm�s-H�8��E����$�v����×' is invalid
[  460.220836][T10212] [U] 
[  460.234450][T10212] [U] 
[  460.280624][T10212] [U] 
[  460.283399][T10212] [U] 
[  460.286140][T10212] [U] 
[  460.288870][T10212] [U] 
[  460.330662][T10212] [U] 
[  460.333437][T10212] [U] 
[  460.336182][T10212] [U] 
[  460.338928][T10212] [U] 
[  460.365690][ T8855] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  460.374477][T10212] [U] 
[  460.377253][T10212] [U] 
[  460.379985][T10212] [U] 
[  460.382712][T10212] [U] 
[  460.420266][T10212] [U] 
[  460.423022][T10212] [U] 
[  460.425765][T10212] [U] 
[  460.428498][T10212] [U] 
[  460.455728][ T5189] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  460.471876][T10212] [U] 
[  460.474662][T10212] [U] 
[  460.477396][T10212] [U] 
[  460.480122][T10212] [U] 
[  460.534648][T10080] veth0_vlan: entered promiscuous mode
[  460.548325][T10080] veth1_vlan: entered promiscuous mode
[  460.553454][T10212] [U] 
[  460.556538][T10212] [U] 
[  460.559273][T10212] [U] 
[  460.562021][T10212] [U] 
[  460.587158][T10212] [U] 
[  460.589927][T10212] [U] 
[  460.592686][T10212] [U] 
[  460.595416][T10212] [U] 
[  460.611981][T10212] [U] 
[  460.614830][T10212] [U] 
[  460.617549][T10212] [U] 
[  460.620252][T10212] [U] 
[  460.650190][ T8855] usb 1-1: too many configurations: 12, using maximum allowed: 8
[  460.651408][T10212] [U] 
[  460.660844][T10212] [U] 
[  460.663578][T10212] [U] 
[  460.666310][T10212] [U] 
[  460.676282][ T5189] usb 4-1: Using ep0 maxpacket: 16
[  460.687268][T10197] dccp_invalid_packet: P.type (CLOSE) not Data || [Data]Ack, while P.X == 0
[  460.699380][T10212] [U] 
[  460.702195][T10212] [U] 
[  460.704932][T10212] [U] 
[  460.707671][T10212] [U] 
[  460.735125][T10080] veth0_macvtap: entered promiscuous mode
[  460.736754][T10212] [U] 
[  460.743704][T10212] [U] 
[  460.746438][T10212] [U] 
[  460.749166][T10212] [U] 
[  460.769998][T10212] [U] 
[  460.772752][T10212] [U] 
[  460.775468][T10212] [U] 
[  460.778206][T10212] [U] 
[  460.789306][T10212] [U] 
[  460.792104][T10212] [U] 
[  460.794841][T10212] [U] 
[  460.797573][T10212] [U] 
[  460.805656][T10212] [U] 
[  460.808417][T10212] [U] 
[  460.811140][T10212] [U] 
[  460.813864][T10212] [U] 
[  460.816350][T10080] veth1_macvtap: entered promiscuous mode
[  460.889106][ T5189] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  460.892113][T10212] [U] 
[  460.900917][T10212] [U] 
[  460.903656][T10212] [U] 
[  460.906396][T10212] [U] 
[  460.915885][ T5189] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  460.923965][ T5189] usb 4-1: Product: syz
[  460.942280][T10080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  460.953538][ T5189] usb 4-1: Manufacturer: syz
[  460.963480][ T8855] usb 1-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e
[  460.974934][ T5189] usb 4-1: SerialNumber: syz
[  460.979764][ T8855] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.988125][T10080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  460.991818][T10212] [U] 
[  461.000657][T10212] [U] 
[  461.003350][T10212] [U] 
[  461.006042][T10212] [U] 
[  461.016953][ T8855] usb 1-1: config 0 descriptor??
[  461.029941][T10080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  461.033584][T10212] [U] 
[  461.043190][T10212] [U] 
[  461.045885][T10212] [U] 
[  461.048577][T10212] [U] 
[  461.104238][T10080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  461.119855][ T5189] r8152-cfgselector 4-1: Unknown version 0x0000
[  461.125492][T10212] [U] 
[  461.126363][ T5189] r8152-cfgselector 4-1: config 0 descriptor??
[  461.128826][T10212] [U] 
[  461.135283][T10080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  461.137653][T10212] [U] 
[  461.137695][T10212] [U] 
[  461.175642][T10080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  461.183056][T10212] [U] 
[  461.188221][T10212] [U] 
[  461.190967][T10212] [U] 
[  461.193692][T10212] [U] 
[  461.207049][T10212] [U] 
[  461.209802][T10212] [U] 
[  461.212536][T10212] [U] 
[  461.215261][T10212] [U] 
[  461.227029][T10212] [U] 
[  461.229779][T10212] [U] 
[  461.232512][T10212] [U] 
[  461.235233][T10212] [U] 
[  461.248199][T10212] [U] 
[  461.250975][T10212] [U] 
[  461.253700][T10212] [U] 
[  461.256431][T10212] [U] 
[  461.270394][T10212] [U] 
[  461.273160][T10212] [U] 
[  461.275904][T10212] [U] 
[  461.278629][T10212] [U] 
[  461.293085][T10212] [U] 
[  461.295900][T10212] [U] 
[  461.298631][T10212] [U] 
[  461.301359][T10212] [U] 
[  461.341024][T10212] [U] 
[  461.343798][T10212] [U] 
[  461.346533][T10212] [U] 
[  461.375744][T10080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  461.389941][T10080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  461.413902][T10206] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(9)
[  461.420464][T10206] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  461.432417][T10206] vhci_hcd vhci_hcd.0: Device attached
[  461.437768][T10080] batman_adv: batadv0: Interface activated: batadv_slave_0
[  461.916285][ T5148] vhci_hcd: vhci_device speed not set
[  461.959382][T10080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  462.177079][T10222] vhci_hcd: connection closed
[  462.178281][ T9489] vhci_hcd: stop threads
[  462.186847][ T8855] usb 1-1: string descriptor 0 read error: -71
[  462.187379][ T9489] vhci_hcd: release socket
[  462.199218][ T9489] vhci_hcd: disconnect device
[  462.216019][ T5148] usb 9-2: new full-speed USB device number 9 using vhci_hcd
[  462.229463][T10080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  462.242109][ T8855] usb 1-1: USB disconnect, device number 51
[  462.254495][ T5148] usb 9-2: enqueue for inactive port 1
[  462.263350][T10080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  462.292368][ T5150] usb 2-1: USB disconnect, device number 49
[  462.300038][T10080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  462.310442][T10080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  462.326971][ T5148] vhci_hcd: vhci_device speed not set
[  462.333778][T10080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  462.354437][T10080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  462.399023][T10080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  462.417538][T10080] batman_adv: batadv0: Interface activated: batadv_slave_1
[  462.459396][T10211] [U] 
[  462.462844][ T5189] r8152-cfgselector 4-1: Unknown version 0x0000
[  462.493667][T10080] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  462.504543][ T5189] r8152-cfgselector 4-1: bad CDC descriptors
[  462.515719][T10080] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  462.526236][ T5189] r8152-cfgselector 4-1: USB disconnect, device number 53
[  462.534723][T10080] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  462.546446][T10080] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  463.621130][ T9489] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  463.655818][ T9489] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  463.828162][ T9489] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  463.869060][ T9489] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  464.035861][ T5187] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  464.238589][ T5187] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  464.253900][ T5187] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  464.273562][ T5187] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  464.285895][ T5187] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  464.298219][ T5187] usb 1-1: config 0 descriptor??
[  464.776048][ T5187] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving
[  464.861346][ T5187] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  464.979673][T10263] FAULT_INJECTION: forcing a failure.
[  464.979673][T10263] name failslab, interval 1, probability 0, space 0, times 0
[  465.075073][T10263] CPU: 1 PID: 10263 Comm: syz.2.1201 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
[  465.084943][T10263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  465.095063][T10263] Call Trace:
[  465.098385][T10263]  <TASK>
[  465.101351][T10263]  dump_stack_lvl+0x241/0x360
[  465.106158][T10263]  ? __pfx_dump_stack_lvl+0x10/0x10
[  465.111410][T10263]  ? __pfx__printk+0x10/0x10
[  465.116049][T10263]  ? __pfx___might_resched+0x10/0x10
[  465.121403][T10263]  ? prepend_path+0x2f/0xbe0
[  465.126045][T10263]  should_fail_ex+0x3b0/0x4e0
[  465.130773][T10263]  ? tomoyo_encode+0x26f/0x540
[  465.135590][T10263]  should_failslab+0x9/0x20
[  465.140141][T10263]  __kmalloc_noprof+0xd8/0x400
[  465.144960][T10263]  tomoyo_encode+0x26f/0x540
[  465.149612][T10263]  tomoyo_realpath_from_path+0x59e/0x5e0
[  465.155329][T10263]  tomoyo_path_number_perm+0x23a/0x880
[  465.160850][T10263]  ? tomoyo_path_number_perm+0x208/0x880
[  465.166538][T10263]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  465.172610][T10263]  ? __fget_files+0x29/0x470
[  465.177255][T10263]  ? __fget_files+0x3f6/0x470
[  465.181979][T10263]  ? __fget_files+0x29/0x470
[  465.186627][T10263]  security_file_ioctl+0x75/0xb0
[  465.191623][T10263]  __se_sys_ioctl+0x47/0x170
[  465.196261][T10263]  do_syscall_64+0xf3/0x230
[  465.200811][T10263]  ? clear_bhb_loop+0x35/0x90
[  465.205615][T10263]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  465.211552][T10263] RIP: 0033:0x7f27d3175a99
[  465.216007][T10263] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  465.235651][T10263] RSP: 002b:00007f27d3ee4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  465.244104][T10263] RAX: ffffffffffffffda RBX: 00007f27d3303f60 RCX: 00007f27d3175a99
[  465.252119][T10263] RDX: 0000000020000c80 RSI: 0000000000005452 RDI: 0000000000000003
[  465.260141][T10263] RBP: 00007f27d3ee40a0 R08: 0000000000000000 R09: 0000000000000000
[  465.268153][T10263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  465.276160][T10263] R13: 000000000000000b R14: 00007f27d3303f60 R15: 00007ffc76da99a8
[  465.284193][T10263]  </TASK>
[  465.309711][T10263] ERROR: Out of memory at tomoyo_realpath_from_path.
[  465.365207][   T59] usb 1-1: USB disconnect, device number 52
[  465.921734][T10274] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1203'.
[  466.336993][T10281] FAULT_INJECTION: forcing a failure.
[  466.336993][T10281] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  466.443636][T10281] CPU: 1 PID: 10281 Comm: syz.0.1205 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
[  466.453492][T10281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  466.463552][T10281] Call Trace:
[  466.466838][T10281]  <TASK>
[  466.469786][T10281]  dump_stack_lvl+0x241/0x360
[  466.474533][T10281]  ? __pfx_dump_stack_lvl+0x10/0x10
[  466.479751][T10281]  ? __pfx__printk+0x10/0x10
[  466.484484][T10281]  ? vfs_write+0x7c4/0xc90
[  466.488925][T10281]  should_fail_ex+0x3b0/0x4e0
[  466.493624][T10281]  _copy_from_user+0x2f/0xe0
[  466.498241][T10281]  move_addr_to_kernel+0x82/0x150
[  466.503284][T10281]  __sys_bind+0x168/0x2f0
[  466.507654][T10281]  ? __pfx___sys_bind+0x10/0x10
[  466.512530][T10281]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  466.518894][T10281]  ? do_syscall_64+0x100/0x230
[  466.523677][T10281]  __x64_sys_bind+0x7a/0x90
[  466.528194][T10281]  do_syscall_64+0xf3/0x230
[  466.532797][T10281]  ? clear_bhb_loop+0x35/0x90
[  466.537588][T10281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.543522][T10281] RIP: 0033:0x7fc87a975a99
[  466.547961][T10281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  466.567596][T10281] RSP: 002b:00007fc87b737048 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  466.576036][T10281] RAX: ffffffffffffffda RBX: 00007fc87ab03f60 RCX: 00007fc87a975a99
[  466.584186][T10281] RDX: 000000000000001c RSI: 0000000020000000 RDI: 0000000000000003
[  466.592178][T10281] RBP: 00007fc87b7370a0 R08: 0000000000000000 R09: 0000000000000000
[  466.600160][T10281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  466.608136][T10281] R13: 000000000000000b R14: 00007fc87ab03f60 R15: 00007ffcc6262f38
[  466.616127][T10281]  </TASK>
[  466.923688][T10283] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1207'.
[  468.326805][ T5103] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  468.335500][ T5103] Bluetooth: hci2: Injecting HCI hardware error event
[  468.344568][ T5103] Bluetooth: hci2: hardware error 0x00
[  468.466454][ T5150] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  468.708375][ T5150] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  468.726938][ T5150] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  468.753848][ T5150] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  468.770085][ T5150] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.799705][ T5150] usb 4-1: config 0 descriptor??
[  469.231008][ T5150] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving
[  469.267611][ T5150] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  469.513347][T10337] overlayfs: missing 'lowerdir'
[  469.568121][T10337] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1221'.
[  469.640373][ T5150] usb 4-1: USB disconnect, device number 54
[  469.662095][T10338] plantronics 0003:047F:FFFF.000F: usb_submit_urb(ctrl) failed: -19
[  469.924229][T10341] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1222'.
[  470.395852][ T5103] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  470.554284][ T5103] Bluetooth: hci3: Ignoring connect complete event for invalid link type
[  471.091160][T10381] pim6reg9: entered allmulticast mode
[  471.689287][T10397] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1238'.
[  472.071974][T10402] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1240'.
[  472.428673][ T5150] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  472.639275][ T5150] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  472.698091][ T5150] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  472.743233][ T5150] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  472.772703][ T5150] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  472.814392][ T5150] usb 4-1: config 0 descriptor??
[  473.280939][ T5150] plantronics 0003:047F:FFFF.0010: No inputs registered, leaving
[  473.361187][ T5150] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  473.378012][T10421] FAULT_INJECTION: forcing a failure.
[  473.378012][T10421] name failslab, interval 1, probability 0, space 0, times 0
[  473.575667][T10421] CPU: 0 PID: 10421 Comm: syz.2.1246 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
[  473.585546][T10421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  473.595624][T10421] Call Trace:
[  473.598922][T10421]  <TASK>
[  473.601874][T10421]  dump_stack_lvl+0x241/0x360
[  473.606590][T10421]  ? __pfx_dump_stack_lvl+0x10/0x10
[  473.611830][T10421]  ? __pfx__printk+0x10/0x10
[  473.616499][T10421]  ? __pfx___might_resched+0x10/0x10
[  473.621816][T10421]  ? prepend_path+0x2f/0xbe0
[  473.626452][T10421]  should_fail_ex+0x3b0/0x4e0
[  473.631163][T10421]  ? tomoyo_encode+0x26f/0x540
[  473.635956][T10421]  should_failslab+0x9/0x20
[  473.640497][T10421]  __kmalloc_noprof+0xd8/0x400
[  473.645330][T10421]  tomoyo_encode+0x26f/0x540
[  473.649966][T10421]  tomoyo_realpath_from_path+0x59e/0x5e0
[  473.655657][T10421]  tomoyo_path_number_perm+0x23a/0x880
[  473.661152][T10421]  ? tomoyo_path_number_perm+0x208/0x880
[  473.666901][T10421]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  473.672961][T10421]  ? __fget_files+0x29/0x470
[  473.677673][T10421]  ? __fget_files+0x3f6/0x470
[  473.682393][T10421]  ? __fget_files+0x29/0x470
[  473.687042][T10421]  security_file_ioctl+0x75/0xb0
[  473.692020][T10421]  __se_sys_ioctl+0x47/0x170
[  473.696643][T10421]  do_syscall_64+0xf3/0x230
[  473.701260][T10421]  ? clear_bhb_loop+0x35/0x90
[  473.705972][T10421]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  473.711899][T10421] RIP: 0033:0x7f27d3175a99
[  473.716332][T10421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  473.736000][T10421] RSP: 002b:00007f27d3ee4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  473.744467][T10421] RAX: ffffffffffffffda RBX: 00007f27d3303f60 RCX: 00007f27d3175a99
[  473.752497][T10421] RDX: 0000000020000340 RSI: 0000000040189206 RDI: 0000000000000003
[  473.760512][T10421] RBP: 00007f27d3ee40a0 R08: 0000000000000000 R09: 0000000000000000
[  473.768528][T10421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  473.776534][T10421] R13: 000000000000000b R14: 00007f27d3303f60 R15: 00007ffc76da99a8
[  473.784563][T10421]  </TASK>
[  474.157797][T10421] ERROR: Out of memory at tomoyo_realpath_from_path.
[  474.277228][ T5145] usb 4-1: USB disconnect, device number 55
[  474.277611][T10429] plantronics 0003:047F:FFFF.0010: usb_submit_urb(ctrl) failed: -19
[  474.947676][T10440] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1250'.
[  475.269898][T10449] netlink: 'syz.3.1252': attribute type 2 has an invalid length.
[  475.279772][T10449] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1252'.
[  479.524959][ T5111] Bluetooth: hci0: command 0x0406 tx timeout
[  480.844689][T10468] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1258'.
[  481.125644][ T8855] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  481.325714][ T8855] usb 3-1: Using ep0 maxpacket: 16
[  481.332691][ T8855] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  481.347475][ T8855] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  481.358721][ T8855] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  481.485434][ T8855] usb 3-1: config 0 descriptor??
[  481.998406][T10468] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  482.027283][T10468] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  482.073430][ T8855] hid (null): bogus close delimiter
[  482.087170][ T8855] hid (null): unknown global tag 0x83
[  482.107978][ T8855] hid (null): unknown global tag 0xc
[  482.132743][ T8855] hid-generic 0003:0158:0100.0011: unknown main item tag 0x1
[  482.153885][T10482] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1263'.
[  482.173499][ T8855] hid-generic 0003:0158:0100.0011: unexpected long global item
[  482.189537][ T8855] hid-generic 0003:0158:0100.0011: probe with driver hid-generic failed with error -22
[  482.292213][ T8855] usb 3-1: USB disconnect, device number 50
[  482.624011][T10497] FAULT_INJECTION: forcing a failure.
[  482.624011][T10497] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  482.661574][T10497] CPU: 0 PID: 10497 Comm: syz.4.1265 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
[  482.671439][T10497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  482.681538][T10497] Call Trace:
[  482.684843][T10497]  <TASK>
[  482.687800][T10497]  dump_stack_lvl+0x241/0x360
[  482.692512][T10497]  ? __pfx_dump_stack_lvl+0x10/0x10
[  482.697735][T10497]  ? __pfx__printk+0x10/0x10
[  482.702359][T10497]  ? snprintf+0xda/0x120
[  482.706727][T10497]  should_fail_ex+0x3b0/0x4e0
[  482.711465][T10497]  _copy_to_user+0x2f/0xb0
[  482.715934][T10497]  simple_read_from_buffer+0xca/0x150
[  482.721358][T10497]  proc_fail_nth_read+0x1e9/0x250
[  482.726509][T10497]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  482.732098][T10497]  ? rw_verify_area+0x520/0x6b0
[  482.737071][T10497]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  482.742745][T10497]  vfs_read+0x204/0xbc0
[  482.747000][T10497]  ? do_sock_setsockopt+0x3e2/0x720
[  482.752271][T10497]  ? __pfx_vfs_read+0x10/0x10
[  482.756989][T10497]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  482.762934][T10497]  ? do_sock_setsockopt+0x3e2/0x720
[  482.768188][T10497]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  482.773807][T10497]  ksys_read+0x1a0/0x2c0
[  482.778087][T10497]  ? __pfx_ksys_read+0x10/0x10
[  482.782903][T10497]  ? do_syscall_64+0x100/0x230
[  482.787708][T10497]  ? do_syscall_64+0xb6/0x230
[  482.792425][T10497]  do_syscall_64+0xf3/0x230
[  482.796959][T10497]  ? clear_bhb_loop+0x35/0x90
[  482.801675][T10497]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  482.807608][T10497] RIP: 0033:0x7f0e8717457c
[  482.812056][T10497] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  482.831693][T10497] RSP: 002b:00007f0e87eef040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  482.840170][T10497] RAX: ffffffffffffffda RBX: 00007f0e87303f60 RCX: 00007f0e8717457c
[  482.848168][T10497] RDX: 000000000000000f RSI: 00007f0e87eef0b0 RDI: 0000000000000004
[  482.856173][T10497] RBP: 00007f0e87eef0a0 R08: 0000000000000000 R09: 0000000000000000
[  482.864171][T10497] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001
[  482.872172][T10497] R13: 000000000000000b R14: 00007f0e87303f60 R15: 00007ffef28f3a58
[  482.880202][T10497]  </TASK>
[  483.030373][T10504] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1268'.
[  483.555333][T10527] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1276'.
[  484.013095][T10536] FAULT_INJECTION: forcing a failure.
[  484.013095][T10536] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  484.035603][T10536] CPU: 1 PID: 10536 Comm: syz.4.1279 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
[  484.045505][T10536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  484.055602][T10536] Call Trace:
[  484.058926][T10536]  <TASK>
[  484.061889][T10536]  dump_stack_lvl+0x241/0x360
[  484.066874][T10536]  ? __pfx_dump_stack_lvl+0x10/0x10
[  484.072122][T10536]  ? __pfx__printk+0x10/0x10
[  484.076778][T10536]  ? __pfx_lock_release+0x10/0x10
[  484.081860][T10536]  ? __lock_acquire+0x1346/0x1fd0
[  484.086931][T10536]  should_fail_ex+0x3b0/0x4e0
[  484.091752][T10536]  _copy_from_user+0x2f/0xe0
[  484.096394][T10536]  xsk_setsockopt+0x34e/0x950
[  484.101204][T10536]  ? __pfx_xsk_setsockopt+0x10/0x10
[  484.106473][T10536]  ? __pfx_lock_acquire+0x10/0x10
[  484.111538][T10536]  ? __fget_files+0x29/0x470
[  484.116164][T10536]  ? __mutex_unlock_slowpath+0x21d/0x750
[  484.121866][T10536]  ? __pfx_lock_release+0x10/0x10
[  484.126924][T10536]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  484.132512][T10536]  ? security_socket_setsockopt+0x87/0xb0
[  484.138267][T10536]  ? __pfx_xsk_setsockopt+0x10/0x10
[  484.143594][T10536]  do_sock_setsockopt+0x3af/0x720
[  484.148675][T10536]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  484.154266][T10536]  ? __fget_files+0x29/0x470
[  484.158902][T10536]  ? __fget_files+0x3f6/0x470
[  484.163640][T10536]  __sys_setsockopt+0x1ae/0x250
[  484.168537][T10536]  __x64_sys_setsockopt+0xb5/0xd0
[  484.173629][T10536]  do_syscall_64+0xf3/0x230
[  484.178173][T10536]  ? clear_bhb_loop+0x35/0x90
[  484.182978][T10536]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  484.188908][T10536] RIP: 0033:0x7f0e87175a99
[  484.193533][T10536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  484.213161][T10536] RSP: 002b:00007f0e87ece048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  484.221583][T10536] RAX: ffffffffffffffda RBX: 00007f0e87304038 RCX: 00007f0e87175a99
[  484.229558][T10536] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000009
[  484.237535][T10536] RBP: 00007f0e87ece0a0 R08: 0000000000000020 R09: 0000000000000000
[  484.245511][T10536] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000001
[  484.253500][T10536] R13: 000000000000006e R14: 00007f0e87304038 R15: 00007ffef28f3a58
[  484.261509][T10536]  </TASK>
[  484.488958][T10550] FAULT_INJECTION: forcing a failure.
[  484.488958][T10550] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  484.514885][T10550] CPU: 1 PID: 10550 Comm: syz.2.1283 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
[  484.524880][T10550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  484.534942][T10550] Call Trace:
[  484.538219][T10550]  <TASK>
[  484.541145][T10550]  dump_stack_lvl+0x241/0x360
[  484.545838][T10550]  ? __pfx_dump_stack_lvl+0x10/0x10
[  484.551036][T10550]  ? __pfx__printk+0x10/0x10
[  484.555641][T10550]  ? snprintf+0xda/0x120
[  484.559909][T10550]  should_fail_ex+0x3b0/0x4e0
[  484.564592][T10550]  _copy_to_user+0x2f/0xb0
[  484.569021][T10550]  simple_read_from_buffer+0xca/0x150
[  484.574411][T10550]  proc_fail_nth_read+0x1e9/0x250
[  484.579451][T10550]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  484.585010][T10550]  ? rw_verify_area+0x520/0x6b0
[  484.589888][T10550]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  484.595452][T10550]  vfs_read+0x204/0xbc0
[  484.599629][T10550]  ? do_sock_setsockopt+0x3e2/0x720
[  484.604845][T10550]  ? __pfx_vfs_read+0x10/0x10
[  484.609530][T10550]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  484.615173][T10550]  ? __pfx_netlink_setsockopt+0x10/0x10
[  484.620752][T10550]  ? do_sock_setsockopt+0x3e2/0x720
[  484.625983][T10550]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  484.631547][T10550]  ksys_read+0x1a0/0x2c0
[  484.635802][T10550]  ? __pfx_ksys_read+0x10/0x10
[  484.640599][T10550]  ? do_syscall_64+0x100/0x230
[  484.645385][T10550]  ? do_syscall_64+0xb6/0x230
[  484.650074][T10550]  do_syscall_64+0xf3/0x230
[  484.654707][T10550]  ? clear_bhb_loop+0x35/0x90
[  484.659401][T10550]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  484.665314][T10550] RIP: 0033:0x7f27d317457c
[  484.669740][T10550] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  484.689359][T10550] RSP: 002b:00007f27d3ee4040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  484.697794][T10550] RAX: ffffffffffffffda RBX: 00007f27d3303f60 RCX: 00007f27d317457c
[  484.705784][T10550] RDX: 000000000000000f RSI: 00007f27d3ee40b0 RDI: 0000000000000004
[  484.713814][T10550] RBP: 00007f27d3ee40a0 R08: 0000000000000000 R09: 0000000000000000
[  484.721799][T10550] R10: 00000000200004c0 R11: 0000000000000246 R12: 0000000000000001
[  484.729854][T10550] R13: 000000000000000b R14: 00007f27d3303f60 R15: 00007ffc76da99a8
[  484.737865][T10550]  </TASK>
[  485.043314][T10561] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1289'.
[  485.046123][T10563] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  485.236969][T10562] Bluetooth: hci5: Frame reassembly failed (-84)
[  485.259186][ T2868] Bluetooth: hci5: Frame reassembly failed (-84)
[  485.372874][T10567] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1288'.
[  485.594964][ T5111] Bluetooth: hci0: unexpected event for opcode 0x1004
[  485.793141][T10580] FAULT_INJECTION: forcing a failure.
[  485.793141][T10580] name failslab, interval 1, probability 0, space 0, times 0
[  485.810417][T10580] CPU: 1 PID: 10580 Comm: syz.2.1293 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
[  485.820285][T10580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  485.830367][T10580] Call Trace:
[  485.833828][T10580]  <TASK>
[  485.836766][T10580]  dump_stack_lvl+0x241/0x360
[  485.841458][T10580]  ? __pfx_dump_stack_lvl+0x10/0x10
[  485.846721][T10580]  ? __pfx__printk+0x10/0x10
[  485.851341][T10580]  ? netlink_insert+0x10b7/0x14b0
[  485.856395][T10580]  should_fail_ex+0x3b0/0x4e0
[  485.861085][T10580]  ? __alloc_skb+0x1c3/0x440
[  485.865700][T10580]  should_failslab+0x9/0x20
[  485.870240][T10580]  kmem_cache_alloc_node_noprof+0x71/0x320
[  485.876066][T10580]  __alloc_skb+0x1c3/0x440
[  485.880671][T10580]  ? __pfx___alloc_skb+0x10/0x10
[  485.885662][T10580]  ? netlink_autobind+0xd6/0x2f0
[  485.890616][T10580]  ? netlink_autobind+0x2b0/0x2f0
[  485.895657][T10580]  netlink_sendmsg+0x638/0xcb0
[  485.900454][T10580]  ? __pfx_netlink_sendmsg+0x10/0x10
[  485.905759][T10580]  ? __import_iovec+0x536/0x820
[  485.910631][T10580]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  485.916015][T10580]  ? security_socket_sendmsg+0x87/0xb0
[  485.921490][T10580]  ? __pfx_netlink_sendmsg+0x10/0x10
[  485.926786][T10580]  __sock_sendmsg+0x221/0x270
[  485.931474][T10580]  ____sys_sendmsg+0x525/0x7d0
[  485.936274][T10580]  ? __pfx_____sys_sendmsg+0x10/0x10
[  485.941583][T10580]  __sys_sendmsg+0x2b0/0x3a0
[  485.946200][T10580]  ? __pfx___sys_sendmsg+0x10/0x10
[  485.951323][T10580]  ? vfs_write+0x7c4/0xc90
[  485.955879][T10580]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  485.962218][T10580]  ? do_syscall_64+0x100/0x230
[  485.966994][T10580]  ? do_syscall_64+0xb6/0x230
[  485.971683][T10580]  do_syscall_64+0xf3/0x230
[  485.976198][T10580]  ? clear_bhb_loop+0x35/0x90
[  485.980886][T10580]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  485.986806][T10580] RIP: 0033:0x7f27d3175a99
[  485.991225][T10580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  486.010936][T10580] RSP: 002b:00007f27d3ee4048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  486.019463][T10580] RAX: ffffffffffffffda RBX: 00007f27d3303f60 RCX: 00007f27d3175a99
[  486.027466][T10580] RDX: 0000000000000000 RSI: 0000000020000b80 RDI: 0000000000000003
[  486.035488][T10580] RBP: 00007f27d3ee40a0 R08: 0000000000000000 R09: 0000000000000000
[  486.043501][T10580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  486.051479][T10580] R13: 000000000000000b R14: 00007f27d3303f60 R15: 00007ffc76da99a8
[  486.059468][T10580]  </TASK>
[  486.125680][ T5149] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  486.319220][ T5149] usb 5-1: too many configurations: 12, using maximum allowed: 8
[  486.354433][T10590] trusted_key: syz.3.1296 sent an empty control message without MSG_MORE.
[  486.395063][ T5149] usb 5-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e
[  486.405991][ T5149] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  486.418241][ T5149] usb 5-1: config 0 descriptor??
[  487.257870][ T5111] Bluetooth: hci5: command 0x1003 tx timeout
[  487.284630][ T5103] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  487.552947][T10568] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(9)
[  487.559530][T10568] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  487.578908][T10568] vhci_hcd vhci_hcd.0: Device attached
[  487.586361][T10601] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1301'.
[  487.791336][ T5150] vhci_hcd: vhci_device speed not set
[  487.869221][ T5150] usb 17-2: new full-speed USB device number 11 using vhci_hcd
[  487.919257][T10611] vhci_hcd: connection reset by peer
[  487.925043][   T63] vhci_hcd: stop threads
[  487.940011][ T5149] usb 5-1: string descriptor 0 read error: -71
[  487.952548][   T63] vhci_hcd: release socket
[  487.957247][   T63] vhci_hcd: disconnect device
[  487.986454][ T5149] usb 5-1: USB disconnect, device number 52
[  488.004703][T10618] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1304'.
[  488.126277][T10623] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1307'.
[  488.226630][T10623] macsec1: entered allmulticast mode
[  488.478348][T10597] overlayfs: failed to get index nlink (file1/bus, err=-61)
[  488.862222][T10650] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1314'.
[  489.355252][T10668] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1321'.
[  489.513140][ T5103] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  489.522095][ T5103] Bluetooth: hci0: Injecting HCI hardware error event
[  489.531613][ T5103] Bluetooth: hci0: hardware error 0x00
[  489.719178][ T5111] Bluetooth: hci0: unexpected event for opcode 0x1004
[  489.908577][T10686] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1326'.
[  489.944592][T10687] FAULT_INJECTION: forcing a failure.
[  489.944592][T10687] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  489.987686][T10687] CPU: 0 PID: 10687 Comm: syz.4.1325 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
[  489.997575][T10687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  490.007742][T10687] Call Trace:
[  490.011044][T10687]  <TASK>
[  490.013998][T10687]  dump_stack_lvl+0x241/0x360
[  490.018694][T10687]  ? __pfx_dump_stack_lvl+0x10/0x10
[  490.023949][T10687]  ? __pfx__printk+0x10/0x10
[  490.028595][T10687]  should_fail_ex+0x3b0/0x4e0
[  490.033295][T10687]  _copy_from_user+0x2f/0xe0
[  490.037923][T10687]  sctp_setsockopt+0xcc/0x11c0
[  490.042728][T10687]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  490.048642][T10687]  do_sock_setsockopt+0x3af/0x720
[  490.053703][T10687]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  490.059357][T10687]  ? __fget_files+0x29/0x470
[  490.063969][T10687]  ? __fget_files+0x3f6/0x470
[  490.068692][T10687]  __sys_setsockopt+0x1ae/0x250
[  490.073576][T10687]  __x64_sys_setsockopt+0xb5/0xd0
[  490.078626][T10687]  do_syscall_64+0xf3/0x230
[  490.083150][T10687]  ? clear_bhb_loop+0x35/0x90
[  490.087845][T10687]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  490.093751][T10687] RIP: 0033:0x7f0e87175a99
[  490.098179][T10687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  490.117798][T10687] RSP: 002b:00007f0e87eef048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  490.126232][T10687] RAX: ffffffffffffffda RBX: 00007f0e87303f60 RCX: 00007f0e87175a99
[  490.134226][T10687] RDX: 0000000000000019 RSI: 0000000000000084 RDI: 0000000000000003
[  490.142204][T10687] RBP: 00007f0e87eef0a0 R08: 0000000000000008 R09: 0000000000000000
[  490.150270][T10687] R10: 0000000020000340 R11: 0000000000000246 R12: 0000000000000001
[  490.158248][T10687] R13: 000000000000000b R14: 00007f0e87303f60 R15: 00007ffef28f3a58
[  490.166242][T10687]  </TASK>
[  490.172934][   T29] kauditd_printk_skb: 57 callbacks suppressed
[  490.172953][   T29] audit: type=1326 audit(1721260422.408:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10688 comm="syz.1.1327" exe="/root/syz-executor" sig=31 arch=c000003e syscall=317 compat=0 ip=0x7f2edbf75a99 code=0x0
[  490.458327][T10695] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1328'.
[  491.658884][ T5103] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  492.781314][T10746] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1345'.
[  492.882819][T10750] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  492.930660][ T5150] vhci_hcd: vhci_device speed not set
[  493.508317][ T5149] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  493.705572][ T5149] usb 1-1: too many configurations: 12, using maximum allowed: 8
[  493.840434][ T5149] usb 1-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e
[  493.859957][ T5149] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  493.881997][ T5149] usb 1-1: config 0 descriptor??
[  495.217344][T10752] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(9)
[  495.223919][T10752] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  495.303075][T10752] vhci_hcd vhci_hcd.0: Device attached
[  495.494191][ T8855] vhci_hcd: vhci_device speed not set
[  495.589563][ T8855] usb 9-2: new full-speed USB device number 10 using vhci_hcd
[  495.736081][   T59] usb 2-1: new full-speed USB device number 50 using dummy_hcd
[  496.083984][   T59] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  496.120572][   T59] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  496.137906][T10790] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1357'.
[  496.154703][   T59] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 3328, setting to 64
[  496.173358][   T59] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  496.192427][   T59] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  496.202179][   T59] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  496.211092][   T59] usb 2-1: SerialNumber: syz
[  496.240607][   T59] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[  496.253734][   T59] usb-storage 2-1:1.0: USB Mass Storage device detected
[  496.324701][ T5149] usb 1-1: string descriptor 0 read error: -71
[  496.325704][T10772] vhci_hcd: connection reset by peer
[  496.345680][   T59] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  496.385196][ T5149] usb 1-1: USB disconnect, device number 53
[  496.394014][ T8737] vhci_hcd: stop threads
[  496.400989][ T8737] vhci_hcd: release socket
[  496.405703][ T8737] vhci_hcd: disconnect device
[  497.004106][T10807] FAULT_INJECTION: forcing a failure.
[  497.004106][T10807] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  497.036656][T10807] CPU: 0 PID: 10807 Comm: syz.2.1360 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
[  497.046503][T10807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  497.056590][T10807] Call Trace:
[  497.059888][T10807]  <TASK>
[  497.062820][T10807]  dump_stack_lvl+0x241/0x360
[  497.067524][T10807]  ? __pfx_dump_stack_lvl+0x10/0x10
[  497.072751][T10807]  ? __pfx__printk+0x10/0x10
[  497.077350][T10807]  ? __pfx_lock_release+0x10/0x10
[  497.082389][T10807]  should_fail_ex+0x3b0/0x4e0
[  497.087086][T10807]  _copy_from_user+0x2f/0xe0
[  497.091688][T10807]  core_sys_select+0x639/0x910
[  497.096471][T10807]  ? __pfx_core_sys_select+0x10/0x10
[  497.101764][T10807]  ? rcu_read_lock_any_held+0xb7/0x160
[  497.107231][T10807]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  497.112939][T10807]  ? __pfx_set_user_sigmask+0x10/0x10
[  497.118325][T10807]  ? __pfx_do_sys_openat2+0x10/0x10
[  497.123541][T10807]  __se_sys_pselect6+0x319/0x3f0
[  497.128497][T10807]  ? __pfx___se_sys_pselect6+0x10/0x10
[  497.133985][T10807]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  497.140338][T10807]  ? do_syscall_64+0x100/0x230
[  497.145111][T10807]  ? __x64_sys_pselect6+0x21/0xf0
[  497.150146][T10807]  do_syscall_64+0xf3/0x230
[  497.154673][T10807]  ? clear_bhb_loop+0x35/0x90
[  497.159357][T10807]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  497.165253][T10807] RIP: 0033:0x7f27d3175a99
[  497.169685][T10807] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  497.189315][T10807] RSP: 002b:00007f27d3ee4048 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  497.197748][T10807] RAX: ffffffffffffffda RBX: 00007f27d3303f60 RCX: 00007f27d3175a99
[  497.205749][T10807] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000040
[  497.213781][T10807] RBP: 00007f27d3ee40a0 R08: 0000000000000000 R09: 0000000000000000
[  497.221792][T10807] R10: 00000000200002c0 R11: 0000000000000246 R12: 0000000000000001
[  497.229800][T10807] R13: 000000000000000b R14: 00007f27d3303f60 R15: 00007ffc76da99a8
[  497.237825][T10807]  </TASK>
[  498.745476][ T5148] usb 2-1: USB disconnect, device number 50
[  499.121081][T10837] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1369'.
[  499.362116][T10846] FAULT_INJECTION: forcing a failure.
[  499.362116][T10846] name failslab, interval 1, probability 0, space 0, times 0
[  499.381521][T10846] CPU: 0 PID: 10846 Comm: syz.1.1371 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
[  499.391386][T10846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  499.401470][T10846] Call Trace:
[  499.404779][T10846]  <TASK>
[  499.407738][T10846]  dump_stack_lvl+0x241/0x360
[  499.412465][T10846]  ? __pfx_dump_stack_lvl+0x10/0x10
[  499.417793][T10846]  ? __pfx__printk+0x10/0x10
[  499.422422][T10846]  ? __pfx___might_resched+0x10/0x10
[  499.427761][T10846]  ? validate_chain+0x11e/0x5900
[  499.432761][T10846]  should_fail_ex+0x3b0/0x4e0
[  499.437499][T10846]  should_failslab+0x9/0x20
[  499.442058][T10846]  kmalloc_node_trace_noprof+0x74/0x300
[  499.447741][T10846]  ? __get_vm_area_node+0x113/0x270
[  499.452992][T10846]  __get_vm_area_node+0x113/0x270
[  499.458080][T10846]  __vmalloc_node_range_noprof+0x3bc/0x1460
[  499.464014][T10846]  ? bpf_prog_alloc_no_stats+0x4d/0x4b0
[  499.469590][T10846]  ? mark_lock+0x9a/0x350
[  499.473984][T10846]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  499.480330][T10846]  ? bpf_prog_alloc_no_stats+0x4d/0x4b0
[  499.485878][T10846]  __vmalloc_noprof+0x79/0x90
[  499.490557][T10846]  ? bpf_prog_alloc_no_stats+0x4d/0x4b0
[  499.496373][T10846]  bpf_prog_alloc_no_stats+0x4d/0x4b0
[  499.501772][T10846]  ? bpf_prog_alloc+0x28/0x1b0
[  499.506552][T10846]  bpf_prog_alloc+0x3a/0x1b0
[  499.511176][T10846]  bpf_prog_load+0x7f7/0x20f0
[  499.515865][T10846]  ? __pfx_bpf_prog_load+0x10/0x10
[  499.520986][T10846]  ? __pfx___might_resched+0x10/0x10
[  499.526310][T10846]  ? __might_fault+0xc6/0x120
[  499.531043][T10846]  ? bpf_lsm_bpf+0x9/0x10
[  499.535380][T10846]  ? security_bpf+0x87/0xb0
[  499.539894][T10846]  __sys_bpf+0x4ee/0x810
[  499.544147][T10846]  ? __pfx___sys_bpf+0x10/0x10
[  499.548927][T10846]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  499.554918][T10846]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  499.561269][T10846]  ? do_syscall_64+0x100/0x230
[  499.566050][T10846]  __x64_sys_bpf+0x7c/0x90
[  499.570598][T10846]  do_syscall_64+0xf3/0x230
[  499.575125][T10846]  ? clear_bhb_loop+0x35/0x90
[  499.579834][T10846]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.585823][T10846] RIP: 0033:0x7f2edbf75a99
[  499.590238][T10846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  499.610010][T10846] RSP: 002b:00007f2edb9ff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  499.618445][T10846] RAX: ffffffffffffffda RBX: 00007f2edc103f60 RCX: 00007f2edbf75a99
[  499.626445][T10846] RDX: 0000000000000090 RSI: 0000000020000400 RDI: 0000000000000005
[  499.634436][T10846] RBP: 00007f2edb9ff0a0 R08: 0000000000000000 R09: 0000000000000000
[  499.642422][T10846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  499.650394][T10846] R13: 000000000000000b R14: 00007f2edc103f60 R15: 00007ffd1563e668
[  499.658379][T10846]  </TASK>
[  499.733703][T10846] syz.1.1371: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz1,mems_allowed=0-1
[  499.797166][T10846] CPU: 0 PID: 10846 Comm: syz.1.1371 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
[  499.807130][T10846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  499.817220][T10846] Call Trace:
[  499.820540][T10846]  <TASK>
[  499.823500][T10846]  dump_stack_lvl+0x241/0x360
[  499.828236][T10846]  ? __pfx_dump_stack_lvl+0x10/0x10
[  499.833582][T10846]  ? __pfx__printk+0x10/0x10
[  499.838227][T10846]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[  499.844694][T10846]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[  499.851288][T10846]  warn_alloc+0x278/0x410
[  499.855670][T10846]  ? __pfx_warn_alloc+0x10/0x10
[  499.860599][T10846]  ? __get_vm_area_node+0x113/0x270
[  499.865857][T10846]  ? __get_vm_area_node+0x261/0x270
[  499.871129][T10846]  __vmalloc_node_range_noprof+0x3e0/0x1460
[  499.877150][T10846]  ? mark_lock+0x9a/0x350
[  499.881556][T10846]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  499.887965][T10846]  ? bpf_prog_alloc_no_stats+0x4d/0x4b0
[  499.893554][T10846]  __vmalloc_noprof+0x79/0x90
[  499.898276][T10846]  ? bpf_prog_alloc_no_stats+0x4d/0x4b0
[  499.903877][T10846]  bpf_prog_alloc_no_stats+0x4d/0x4b0
[  499.909287][T10846]  ? bpf_prog_alloc+0x28/0x1b0
[  499.914073][T10846]  bpf_prog_alloc+0x3a/0x1b0
[  499.918680][T10846]  bpf_prog_load+0x7f7/0x20f0
[  499.923388][T10846]  ? __pfx_bpf_prog_load+0x10/0x10
[  499.928524][T10846]  ? __pfx___might_resched+0x10/0x10
[  499.933838][T10846]  ? __might_fault+0xc6/0x120
[  499.938537][T10846]  ? bpf_lsm_bpf+0x9/0x10
[  499.942901][T10846]  ? security_bpf+0x87/0xb0
[  499.947427][T10846]  __sys_bpf+0x4ee/0x810
[  499.951684][T10846]  ? __pfx___sys_bpf+0x10/0x10
[  499.956472][T10846]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  499.962471][T10846]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  499.968811][T10846]  ? do_syscall_64+0x100/0x230
[  499.973594][T10846]  __x64_sys_bpf+0x7c/0x90
[  499.978031][T10846]  do_syscall_64+0xf3/0x230
[  499.982552][T10846]  ? clear_bhb_loop+0x35/0x90
[  499.987250][T10846]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.993154][T10846] RIP: 0033:0x7f2edbf75a99
[  499.997579][T10846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  500.017195][T10846] RSP: 002b:00007f2edb9ff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  500.025638][T10846] RAX: ffffffffffffffda RBX: 00007f2edc103f60 RCX: 00007f2edbf75a99
[  500.033615][T10846] RDX: 0000000000000090 RSI: 0000000020000400 RDI: 0000000000000005
[  500.041591][T10846] RBP: 00007f2edb9ff0a0 R08: 0000000000000000 R09: 0000000000000000
[  500.049571][T10846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  500.057545][T10846] R13: 000000000000000b R14: 00007f2edc103f60 R15: 00007ffd1563e668
[  500.065535][T10846]  </TASK>
[  500.112962][T10846] Mem-Info:
[  500.116357][T10846] active_anon:277 inactive_anon:3123 isolated_anon:0
[  500.116357][T10846]  active_file:6151 inactive_file:44731 isolated_file:0
[  500.116357][T10846]  unevictable:768 dirty:395 writeback:0
[  500.116357][T10846]  slab_reclaimable:9330 slab_unreclaimable:97779
[  500.116357][T10846]  mapped:14867 shmem:1625 pagetables:733
[  500.116357][T10846]  sec_pagetables:0 bounce:0
[  500.116357][T10846]  kernel_misc_reclaimable:0
[  500.116357][T10846]  free:1389350 free_pcp:2630 free_cma:0
[  500.205078][T10846] Node 0 active_anon:2508kB inactive_anon:11192kB active_file:24488kB inactive_file:178924kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:60924kB dirty:1576kB writeback:0kB shmem:4964kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10172kB pagetables:2932kB sec_pagetables:0kB all_unreclaimable? no
[  500.247469][T10846] Node 1 active_anon:0kB inactive_anon:0kB active_file:116kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:44kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  500.286685][T10846] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  500.316744][T10846] lowmem_reserve[]: 0 2571 2571 0 0
[  500.322141][T10846] Node 0 DMA32 free:1605296kB boost:0kB min:35108kB low:43884kB high:52660kB reserved_highatomic:0KB active_anon:2504kB inactive_anon:11160kB active_file:24224kB inactive_file:178868kB unevictable:1536kB writepending:1576kB present:3129332kB managed:2659832kB mlocked:0kB bounce:0kB free_pcp:1532kB local_pcp:796kB free_cma:0kB
[  500.360179][T10846] lowmem_reserve[]: 0 0 0 0 0
[  500.366956][T10846] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:4kB inactive_anon:32kB active_file:264kB inactive_file:56kB unevictable:0kB writepending:0kB present:1048576kB managed:360kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB
[  500.407384][T10846] lowmem_reserve[]: 0 0 0 0 0
[  500.412179][T10846] Node 1 Normal free:3935808kB boost:0kB min:54788kB low:68484kB high:82180kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:116kB inactive_file:0kB unevictable:1536kB writepending:4kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:9632kB local_pcp:0kB free_cma:0kB
[  500.443632][T10846] lowmem_reserve[]: 0 0 0 0 0
[  500.451521][T10846] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  500.474907][   T59] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  500.493698][T10846] Node 0 DMA32: 449*4kB (UM) 454*8kB (UME) 739*16kB (UME) 487*32kB (UME) 694*64kB (UME) 67*128kB (UME) 49*256kB (UM) 23*512kB (UME) 8*1024kB (UME) 3*2048kB (M) 361*4096kB (UM) = 1603140kB
[  500.514005][T10846] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  500.534248][T10846] Node 1 Normal: 4*4kB (UM) 8*8kB (UM) 19*16kB (UM) 12*32kB (UM) 11*64kB (UM) 7*128kB (UM) 7*256kB (UM) 3*512kB (UM) 2*1024kB (U) 2*2048kB (UM) 958*4096kB (UM) = 3935808kB
[  500.572004][T10846] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  500.607639][T10846] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  500.619328][T10846] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  500.629627][T10846] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  500.640422][T10846] 52157 total pagecache pages
[  500.645652][T10846] 0 pages in swap cache
[  500.649914][T10846] Free swap  = 124440kB
[  500.654648][T10846] Total swap = 124996kB
[  500.658833][T10846] 2097051 pages RAM
[  500.661467][ T8855] vhci_hcd: vhci_device speed not set
[  500.667118][   T59] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  500.799555][T10846] 0 pages HighMem/MovableOnly
[  500.804381][   T59] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 7
[  500.825962][T10846] 400883 pages reserved
[  500.839040][T10846] 0 pages cma reserved
[  500.848836][   T59] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de
[  500.886424][   T59] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  500.923865][   T59] usb 5-1: config 0 descriptor??
[  501.072220][ T5189] IPVS: starting estimator thread 0...
[  501.175239][T10881] IPVS: using max 25 ests per chain, 60000 per kthread
[  501.255235][T10861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  501.270043][T10861] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  501.377843][ T1251] ieee802154 phy0 wpan0: encryption failed: -22
[  501.384536][ T1251] ieee802154 phy1 wpan1: encryption failed: -22
[  501.552666][   T59] ath6kl: Failed to submit usb control message: -71
[  501.563731][   T59] ath6kl: unable to send the bmi data to the device: -71
[  501.583514][   T59] ath6kl: Unable to send get target info: -71
[  501.602819][T10890] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1384'.
[  501.611424][   T59] ath6kl: Failed to init ath6kl core: -71
[  501.635662][   T59] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71
[  501.665212][   T59] usb 5-1: USB disconnect, device number 53
[  501.837136][T10879] ALSA: mixer_oss: invalid OSS volume ''
[  501.899764][T10879] ALSA: mixer_oss: invalid OSS volume 'ԩ6�~f�`{�����XS�Ԓj��?)]0���\'
[  501.957612][T10879] ALSA: mixer_oss: invalid OSS volume '��]qM��3�T��=���\S��1�2$��*'
[  501.981048][T10879] ALSA: mixer_oss: invalid OSS volume ';*��7�������c�+P��q�g���W'
[  502.032478][T10879] ALSA: mixer_oss: invalid OSS volume '��h���v9gO��=�Rpр�H[�t�77�'
[  502.067148][T10879] ALSA: mixer_oss: invalid OSS volume 'վ��H�r��8I����=q�+��:����@�'
[  502.113489][T10879] ALSA: mixer_oss: invalid OSS volume '��W+�p�uuq���'
[  502.151699][T10879] ALSA: mixer_oss: invalid OSS volume 'J��xN@�'
[  502.178355][T10879] ALSA: mixer_oss: invalid OSS volume '�����_��Nػb�ޔM��X>�w��ŭ?+'
[  502.206431][T10879] ALSA: mixer_oss: invalid OSS volume '��br,��(��.��2i�������UĢׅ"_'
[  502.257722][T10879] ALSA: mixer_oss: invalid OSS volume '�f�/���i��1���#���'
[  502.290524][T10879] ALSA: mixer_oss: invalid OSS volume '�dw����`�`��k�<��������ߥ���,>'
[  502.685212][   T29] audit: type=1326 audit(1721260435.321:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10919 comm="syz.2.1389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  502.766925][   T29] audit: type=1326 audit(1721260435.321:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10919 comm="syz.2.1389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  502.809743][   T29] audit: type=1326 audit(1721260435.382:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10919 comm="syz.2.1389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  502.833710][   T29] audit: type=1326 audit(1721260435.382:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10919 comm="syz.2.1389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  502.881834][   T29] audit: type=1326 audit(1721260435.382:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10919 comm="syz.2.1389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  502.927820][   T29] audit: type=1326 audit(1721260435.382:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10919 comm="syz.2.1389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  502.953907][   T29] audit: type=1326 audit(1721260435.382:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10919 comm="syz.2.1389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  502.980647][   T29] audit: type=1326 audit(1721260435.382:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10919 comm="syz.2.1389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  503.015178][   T29] audit: type=1326 audit(1721260435.382:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10919 comm="syz.2.1389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  503.052352][   T29] audit: type=1326 audit(1721260435.382:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10919 comm="syz.2.1389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d3175a99 code=0x7ffc0000
[  503.078802][   T59] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  503.274076][   T59] usb 3-1: descriptor type invalid, skip
[  503.280377][   T59] usb 3-1: descriptor type invalid, skip
[  503.303406][   T59] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32
[  503.358531][   T59] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  503.358595][   T59] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  503.358621][   T59] usb 3-1: Product: ࠝ
[  503.358641][   T59] usb 3-1: Manufacturer: Ḩ
[  503.601116][   T59] cdc_ncm 3-1:1.0: bind() failure
[  503.621402][   T59] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  503.629201][   T59] cdc_ncm 3-1:1.1: bind() failure
[  503.640679][   T59] usb 3-1: USB disconnect, device number 51
[  503.667589][ T5150] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  503.771375][T10947] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1398'.
[  503.867213][ T5150] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  503.877707][ T5150] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 7
[  503.889234][ T5150] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de
[  503.899697][ T5150] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  503.916689][ T5150] usb 1-1: config 0 descriptor??
[  504.282488][T10941] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  504.309804][T10941] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  504.650894][ T5150] ath6kl: Failed to submit usb control message: -71
[  504.666010][ T5150] ath6kl: unable to send the bmi data to the device: -71
[  504.697617][ T5150] ath6kl: Unable to send get target info: -71
[  504.723212][ T5150] ath6kl: Failed to init ath6kl core: -71
[  504.739334][ T5150] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  504.832594][ T5150] usb 1-1: USB disconnect, device number 54
[  504.845344][T10983] bridge_slave_0: default FDB implementation only supports local addresses
[  505.012923][ T5103] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  505.021744][ T5103] Bluetooth: hci3: Injecting HCI hardware error event
[  505.030922][ T5103] Bluetooth: hci3: hardware error 0x00
[  506.072556][   T59] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  506.286650][   T59] usb 5-1: descriptor type invalid, skip
[  506.293191][   T59] usb 5-1: descriptor type invalid, skip
[  506.304084][   T59] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32
[  506.331712][   T59] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  506.341551][   T59] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  506.349768][   T59] usb 5-1: Product: ࠝ
[  506.354599][   T59] usb 5-1: Manufacturer: Ḩ
[  506.608788][T11008] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1412'.
[  506.679432][   T59] cdc_ncm 5-1:1.0: bind() failure
[  506.705550][   T59] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  506.708004][T11022] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1415'.
[  506.738216][   T59] cdc_ncm 5-1:1.1: bind() failure
[  506.749718][   T59] usb 5-1: USB disconnect, device number 54
[  506.754227][T11029] binder: 11028:11029 ioctl 4018620d 0 returned -22
[  506.930638][T11037] FAULT_INJECTION: forcing a failure.
[  506.930638][T11037] name failslab, interval 1, probability 0, space 0, times 0
[  506.953579][T11037] CPU: 1 PID: 11037 Comm: syz.0.1422 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
[  506.964466][T11037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  506.964488][T11037] Call Trace:
[  506.964501][T11037]  <TASK>
[  506.964512][T11037]  dump_stack_lvl+0x241/0x360
[  506.964552][T11037]  ? __pfx_dump_stack_lvl+0x10/0x10
[  506.990893][T11037]  ? __pfx__printk+0x10/0x10
[  506.990931][T11037]  ? __pfx___might_resched+0x10/0x10
[  507.000889][T11037]  ? prepend_path+0x2f/0xbe0
[  507.005494][T11037]  should_fail_ex+0x3b0/0x4e0
[  507.010195][T11037]  ? tomoyo_encode+0x26f/0x540
[  507.015007][T11037]  should_failslab+0x9/0x20
[  507.019540][T11037]  __kmalloc_noprof+0xd8/0x400
[  507.024321][T11037]  tomoyo_encode+0x26f/0x540
[  507.028937][T11037]  tomoyo_realpath_from_path+0x59e/0x5e0
[  507.034599][T11037]  tomoyo_path_number_perm+0x23a/0x880
[  507.040189][T11037]  ? tomoyo_path_number_perm+0x208/0x880
[  507.045831][T11037]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  507.051875][T11037]  ? __fget_files+0x29/0x470
[  507.056495][T11037]  ? __fget_files+0x3f6/0x470
[  507.061180][T11037]  ? __fget_files+0x29/0x470
[  507.065791][T11037]  security_file_ioctl+0x75/0xb0
[  507.070774][T11037]  __se_sys_ioctl+0x47/0x170
[  507.075382][T11037]  do_syscall_64+0xf3/0x230
[  507.079899][T11037]  ? clear_bhb_loop+0x35/0x90
[  507.084587][T11037]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  507.090503][T11037] RIP: 0033:0x7fc87a975a99
[  507.094947][T11037] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  507.114586][T11037] RSP: 002b:00007fc87b737048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  507.123011][T11037] RAX: ffffffffffffffda RBX: 00007fc87ab03f60 RCX: 00007fc87a975a99
[  507.131262][T11037] RDX: 00000000200005c0 RSI: 00000000c040563e RDI: 0000000000000003
[  507.139334][T11037] RBP: 00007fc87b7370a0 R08: 0000000000000000 R09: 0000000000000000
[  507.147349][T11037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  507.155338][T11037] R13: 000000000000000b R14: 00007fc87ab03f60 R15: 00007ffcc6262f38
[  507.163348][T11037]  </TASK>
[  507.177650][ T5103] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  507.200805][T11037] ERROR: Out of memory at tomoyo_realpath_from_path.
[  507.242377][ T5150] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  507.433105][ T5150] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  507.453290][ T5150] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 7
[  507.502027][ T5150] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de
[  507.520578][ T5150] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  507.545029][ T5150] usb 2-1: config 0 descriptor??
[  507.871548][T11031] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  507.885771][T11031] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  508.110786][T11041] syzkaller0: entered promiscuous mode
[  508.120428][T11041] syzkaller0: entered allmulticast mode
[  508.215995][ T5150] ath6kl: Failed to submit usb control message: -71
[  508.223434][ T5150] ath6kl: unable to send the bmi data to the device: -71
[  508.241484][ T5150] ath6kl: Unable to send get target info: -71
[  508.263061][ T5150] ath6kl: Failed to init ath6kl core: -71
[  508.292446][ T5150] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[  508.339330][ T5150] usb 2-1: USB disconnect, device number 51
[  508.782372][T11064] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  509.159331][ T5150] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  509.354441][ T5150] usb 3-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad
[  509.364024][ T5150] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  509.385860][ T5150] usb 3-1: config 0 descriptor??
[  509.605111][ T5150] snd-usb-hiface 3-1:0.0: probe with driver snd-usb-hiface failed with error -22
[  509.757489][T11075] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1431'.
[  509.811740][T11062] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  509.825373][T11062] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  510.724449][ T5150] usb 3-1: USB disconnect, device number 52
[  510.801469][T11080] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1434'.
[  511.044410][ T5187] usb 4-1: new low-speed USB device number 56 using dummy_hcd
[  511.265208][ T5187] usb 4-1: config 16 has an invalid interface number: 1 but max is 0
[  511.295299][ T5187] usb 4-1: config 16 has no interface number 0
[  511.325564][ T5187] usb 4-1: config 16 interface 1 altsetting 0 endpoint 0x5 is Bulk; changing to Interrupt
[  511.381287][ T5187] usb 4-1: config 16 interface 1 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  511.406097][ T5187] usb 4-1: config 16 interface 1 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  511.443166][ T5187] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  511.501529][ T5187] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  511.582864][ T5187] usbtmc 4-1:16.1: bulk endpoints not found
[  511.651461][T11104] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  511.792704][ T5187] usb 4-1: USB disconnect, device number 56
[  511.828527][T11108] binder: BINDER_SET_CONTEXT_MGR already set
[  511.846692][T11108] binder: 11107:11108 ioctl 4018620d 20000100 returned -16
[  512.018288][ T5149] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  512.114021][T11110] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1443'.
[  512.258838][ T5149] usb 5-1: too many configurations: 12, using maximum allowed: 8
[  512.371731][ T5149] usb 5-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e
[  512.390258][ T5149] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  512.433157][ T5149] usb 5-1: config 0 descriptor??
[  512.868769][T11106] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(9)
[  512.875341][T11106] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  512.898577][T11106] vhci_hcd vhci_hcd.0: Device attached
[  513.121523][   T59] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  513.133166][ T5150] vhci_hcd: vhci_device speed not set
[  513.230916][ T5150] usb 17-2: new full-speed USB device number 12 using vhci_hcd
[  513.364959][   T59] usb 3-1: New USB device found, idVendor=0e41, idProduct=534d, bcdDevice=7b.a3
[  513.397595][   T59] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  513.444431][   T59] usb 3-1: Product: syz
[  513.465763][   T59] usb 3-1: Manufacturer: syz
[  513.488879][   T59] usb 3-1: SerialNumber: syz
[  513.526007][   T59] usb 3-1: config 0 descriptor??
[  513.574281][   T59] snd_usb_variax 3-1:0.0: Line 6 Variax Workbench found
[  513.602501][   T59] usb 3-1: selecting invalid altsetting 1
[  513.626367][   T59] snd_usb_variax 3-1:0.0: set_interface failed
[  513.654020][   T59] snd_usb_variax 3-1:0.0: Line 6 Variax Workbench now disconnected
[  513.698716][   T59] snd_usb_variax 3-1:0.0: probe with driver snd_usb_variax failed with error -22
[  513.760212][T11123] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  513.787204][T11123] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  513.843043][ T5187] usb 3-1: USB disconnect, device number 53
[  514.312552][T11126] vhci_hcd: connection reset by peer
[  514.322519][ T5149] usb 5-1: string descriptor 0 read error: -71
[  514.347881][   T12] vhci_hcd: stop threads
[  514.401081][   T12] vhci_hcd: release socket
[  514.401330][ T5149] usb 5-1: USB disconnect, device number 55
[  514.410055][   T12] vhci_hcd: disconnect device
[  514.427890][T11131] overlayfs: failed to resolve './file1': -2
[  514.599721][T11147] Cannot find del_set index 0 as target
[  514.637204][T11148] 
[  514.637219][T11148] ======================================================
[  514.637232][T11148] WARNING: possible circular locking dependency detected
[  514.637244][T11148] 6.10.0-syzkaller-04472-g51835949dda3 #0 Not tainted
[  514.637261][T11148] ------------------------------------------------------
[  514.637272][T11148] syz.2.1451/11148 is trying to acquire lock:
[  514.637287][T11148] ffff888061b3e940 (&sbi->pipe_mutex){+.+.}-{3:3}, at: autofs_notify_daemon+0x71f/0xf80
[  514.637350][T11148] 
[  514.637350][T11148] but task is already holding lock:
[  514.637359][T11148] ffff88802f09f488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500
[  514.637418][T11148] 
[  514.637418][T11148] which lock already depends on the new lock.
[  514.637418][T11148] 
[  514.637427][T11148] 
[  514.637427][T11148] the existing dependency chain (in reverse order) is:
[  514.637437][T11148] 
[  514.637437][T11148] -> #2 (&of->mutex){+.+.}-{3:3}:
[  514.637479][T11148]        lock_acquire+0x1ed/0x550
[  514.637507][T11148]        __mutex_lock+0x136/0xd70
[  514.637538][T11148]        kernfs_fop_write_iter+0x1eb/0x500
[  514.637566][T11148]        iter_file_splice_write+0xbd7/0x14e0
[  514.637591][T11148]        do_splice+0xd77/0x1900
[  514.637615][T11148]        __se_sys_splice+0x331/0x4a0
[  514.637639][T11148]        do_syscall_64+0xf3/0x230
[  514.637664][T11148]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  514.637691][T11148] 
[  514.637691][T11148] -> #1 (&pipe->mutex){+.+.}-{3:3}:
[  514.637724][T11148]        lock_acquire+0x1ed/0x550
[  514.637749][T11148]        __mutex_lock+0x136/0xd70
[  514.637779][T11148]        pipe_write+0x1c9/0x1a40
[  514.637808][T11148]        __kernel_write_iter+0x47e/0x900
[  514.637833][T11148]        __kernel_write+0x120/0x180
[  514.637864][T11148]        autofs_notify_daemon+0x732/0xf80
[  514.637886][T11148]        autofs_wait+0x10b8/0x1b30
[  514.637908][T11148]        autofs_mount_wait+0x170/0x330
[  514.637928][T11148]        autofs_d_automount+0x555/0x710
[  514.637949][T11148]        __traverse_mounts+0x2ba/0x580
[  514.637980][T11148]        step_into+0x5e5/0x1080
[  514.638028][T11148]        path_lookupat+0x16f/0x450
[  514.638048][T11148]        filename_lookup+0x256/0x610
[  514.638069][T11148]        user_path_at+0x3a/0x60
[  514.638091][T11148]        __x64_sys_listxattr+0x109/0x230
[  514.638121][T11148]        do_syscall_64+0xf3/0x230
[  514.638145][T11148]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  514.638171][T11148] 
[  514.638171][T11148] -> #0 (&sbi->pipe_mutex){+.+.}-{3:3}:
[  514.638218][T11148]        validate_chain+0x18e0/0x5900
[  514.638249][T11148]        __lock_acquire+0x1346/0x1fd0
[  514.638274][T11148]        lock_acquire+0x1ed/0x550
[  514.638317][T11148]        __mutex_lock+0x136/0xd70
[  514.638349][T11148]        autofs_notify_daemon+0x71f/0xf80
[  514.638372][T11148]        autofs_wait+0x10b8/0x1b30
[  514.638394][T11148]        autofs_mount_wait+0x170/0x330
[  514.638417][T11148]        autofs_d_automount+0x555/0x710
[  514.638439][T11148]        __traverse_mounts+0x2ba/0x580
[  514.638471][T11148]        step_into+0x5e5/0x1080
[  514.638502][T11148]        path_lookupat+0x16f/0x450
[  514.638523][T11148]        filename_lookup+0x256/0x610
[  514.638544][T11148]        kern_path+0x35/0x50
[  514.638564][T11148]        lookup_bdev+0xc5/0x290
[  514.638591][T11148]        resume_store+0x1a0/0x710
[  514.638612][T11148]        kernfs_fop_write_iter+0x3a1/0x500
[  514.638641][T11148]        iter_file_splice_write+0xbd7/0x14e0
[  514.638666][T11148]        direct_splice_actor+0x11e/0x220
[  514.638690][T11148]        splice_direct_to_actor+0x58e/0xc90
[  514.638714][T11148]        do_splice_direct+0x28c/0x3e0
[  514.638737][T11148]        do_sendfile+0x56d/0xe20
[  514.638770][T11148]        __se_sys_sendfile64+0x17c/0x1e0
[  514.638801][T11148]        do_syscall_64+0xf3/0x230
[  514.638826][T11148]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  514.638858][T11148] 
[  514.638858][T11148] other info that might help us debug this:
[  514.638858][T11148] 
[  514.638867][T11148] Chain exists of:
[  514.638867][T11148]   &sbi->pipe_mutex --> &pipe->mutex --> &of->mutex
[  514.638867][T11148] 
[  514.638908][T11148]  Possible unsafe locking scenario:
[  514.638908][T11148] 
[  514.638917][T11148]        CPU0                    CPU1
[  514.638925][T11148]        ----                    ----
[  514.638933][T11148]   lock(&of->mutex);
[  514.638951][T11148]                                lock(&pipe->mutex);
[  514.638971][T11148]                                lock(&of->mutex);
[  514.638989][T11148]   lock(&sbi->pipe_mutex);
[  514.639008][T11148] 
[  514.639008][T11148]  *** DEADLOCK ***
[  514.639008][T11148] 
[  514.639015][T11148] 3 locks held by syz.2.1451/11148:
[  514.639031][T11148]  #0: ffff88802fd1c420 (sb_writers#8){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x220
[  514.639098][T11148]  #1: ffff88802f09f488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500
[  514.639164][T11148]  #2: ffff888017aa44b8 (kn->active#64){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500
[  514.639234][T11148] 
[  514.639234][T11148] stack backtrace:
[  514.639244][T11148] CPU: 0 PID: 11148 Comm: syz.2.1451 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
[  515.126551][T11148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  515.126569][T11148] Call Trace:
[  515.126578][T11148]  <TASK>
[  515.126588][T11148]  dump_stack_lvl+0x241/0x360
[  515.126618][T11148]  ? __pfx_dump_stack_lvl+0x10/0x10
[  515.126645][T11148]  ? print_circular_bug+0x130/0x1a0
[  515.126674][T11148]  check_noncircular+0x36a/0x4a0
[  515.126704][T11148]  ? __pfx_check_noncircular+0x10/0x10
[  515.126741][T11148]  validate_chain+0x18e0/0x5900
[  515.126779][T11148]  ? __pfx_validate_chain+0x10/0x10
[  515.126805][T11148]  ? __pfx___bfs+0x10/0x10
[  515.126826][T11148]  ? check_noncircular+0x259/0x4a0
[  515.126851][T11148]  ? __pfx_lockdep_unlock+0x10/0x10
[  515.126888][T11148]  ? mark_lock+0x9a/0x350
[  515.126912][T11148]  __lock_acquire+0x1346/0x1fd0
[  515.126943][T11148]  lock_acquire+0x1ed/0x550
[  515.126964][T11148]  ? autofs_notify_daemon+0x71f/0xf80
[  515.126994][T11148]  ? __pfx_lock_acquire+0x10/0x10
[  515.127017][T11148]  ? __pfx___might_resched+0x10/0x10
[  515.127038][T11148]  ? autofs_notify_daemon+0x6c6/0xf80
[  515.127057][T11148]  ? __pfx_lock_release+0x10/0x10
[  515.127083][T11148]  __mutex_lock+0x136/0xd70
[  515.127109][T11148]  ? autofs_notify_daemon+0x71f/0xf80
[  515.127129][T11148]  ? __mutex_unlock_slowpath+0x21d/0x750
[  515.127156][T11148]  ? autofs_notify_daemon+0x71f/0xf80
[  515.127175][T11148]  ? __pfx___mutex_lock+0x10/0x10
[  515.127200][T11148]  ? from_kgid_munged+0x1fe/0x7a0
[  515.127225][T11148]  ? __pfx_from_kgid_munged+0x10/0x10
[  515.127247][T11148]  ? kasan_save_track+0x51/0x80
[  515.127266][T11148]  ? kasan_save_track+0x3f/0x80
[  515.127285][T11148]  ? __kasan_kmalloc+0x98/0xb0
[  515.127305][T11148]  ? autofs_notify_daemon+0x48c/0xf80
[  515.127326][T11148]  autofs_notify_daemon+0x71f/0xf80
[  515.127344][T11148]  ? iter_file_splice_write+0xbd7/0x14e0
[  515.127368][T11148]  ? __pfx_autofs_notify_daemon+0x10/0x10
[  515.127407][T11148]  ? __init_waitqueue_head+0xae/0x150
[  515.127430][T11148]  autofs_wait+0x10b8/0x1b30
[  515.127458][T11148]  ? __pfx_autofs_wait+0x10/0x10
[  515.127475][T11148]  ? preempt_schedule_common+0x84/0xd0
[  515.127499][T11148]  ? preempt_schedule+0xe1/0xf0
[  515.127521][T11148]  ? __pfx_preempt_schedule+0x10/0x10
[  515.127544][T11148]  ? __pfx_lock_release+0x10/0x10
[  515.127566][T11148]  ? path_has_submounts+0x10b/0x170
[  515.127588][T11148]  autofs_mount_wait+0x170/0x330
[  515.127609][T11148]  autofs_d_automount+0x555/0x710
[  515.127631][T11148]  __traverse_mounts+0x2ba/0x580
[  515.127663][T11148]  step_into+0x5e5/0x1080
[  515.127691][T11148]  ? __up_read+0x2c2/0x6b0
[  515.127718][T11148]  ? __pfx___up_read+0x10/0x10
[  515.127744][T11148]  ? make_vfsuid+0x46/0x90
[  515.127771][T11148]  ? __pfx_step_into+0x10/0x10
[  515.127801][T11148]  ? walk_component+0x18d/0x410
[  515.127830][T11148]  path_lookupat+0x16f/0x450
[  515.127852][T11148]  filename_lookup+0x256/0x610
[  515.127874][T11148]  ? __pfx_filename_lookup+0x10/0x10
[  515.127903][T11148]  ? getname_kernel+0x59/0x2f0
[  515.127929][T11148]  ? rcu_is_watching+0x15/0xb0
[  515.127951][T11148]  ? getname_kernel+0x59/0x2f0
[  515.127981][T11148]  ? getname_kernel+0x140/0x2f0
[  515.128013][T11148]  kern_path+0x35/0x50
[  515.128030][T11148]  lookup_bdev+0xc5/0x290
[  515.128054][T11148]  ? rcu_is_watching+0x15/0xb0
[  515.128077][T11148]  ? __pfx_lookup_bdev+0x10/0x10
[  515.128098][T11148]  ? kmalloc_node_track_caller_noprof+0x242/0x440
[  515.128128][T11148]  ? __asan_memcpy+0x40/0x70
[  515.128150][T11148]  resume_store+0x1a0/0x710
[  515.128172][T11148]  ? __pfx_resume_store+0x10/0x10
[  515.128196][T11148]  ? sysfs_kf_write+0x182/0x2a0
[  515.128224][T11148]  ? __pfx_sysfs_kf_write+0x10/0x10
[  515.128250][T11148]  kernfs_fop_write_iter+0x3a1/0x500
[  515.128278][T11148]  iter_file_splice_write+0xbd7/0x14e0
[  515.128314][T11148]  ? __pfx_iter_file_splice_write+0x10/0x10
[  515.128341][T11148]  ? rcu_read_lock_any_held+0xb7/0x160
[  515.128372][T11148]  ? __pfx_iter_file_splice_write+0x10/0x10
[  515.128393][T11148]  direct_splice_actor+0x11e/0x220
[  515.128416][T11148]  splice_direct_to_actor+0x58e/0xc90
[  515.128446][T11148]  ? __pfx_direct_splice_actor+0x10/0x10
[  515.128467][T11148]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  515.128488][T11148]  ? __fget_files+0x29/0x470
[  515.128512][T11148]  ? __pfx_lock_release+0x10/0x10
[  515.128535][T11148]  do_splice_direct+0x28c/0x3e0
[  515.128558][T11148]  ? __pfx_do_splice_direct+0x10/0x10
[  515.128596][T11148]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  515.128623][T11148]  ? rw_verify_area+0x1d2/0x6b0
[  515.128646][T11148]  do_sendfile+0x56d/0xe20
[  515.128680][T11148]  ? __pfx_do_sendfile+0x10/0x10
[  515.128715][T11148]  __se_sys_sendfile64+0x17c/0x1e0
[  515.128745][T11148]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  515.128773][T11148]  ? do_syscall_64+0x100/0x230
[  515.128795][T11148]  ? do_syscall_64+0xb6/0x230
[  515.128818][T11148]  do_syscall_64+0xf3/0x230
[  515.128839][T11148]  ? clear_bhb_loop+0x35/0x90
[  515.128863][T11148]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  515.128886][T11148] RIP: 0033:0x7f27d3175a99
[  515.128903][T11148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  515.128920][T11148] RSP: 002b:00007f27d3ec3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  515.128942][T11148] RAX: ffffffffffffffda RBX: 00007f27d3304038 RCX: 00007f27d3175a99
[  515.128957][T11148] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004
[  515.128974][T11148] RBP: 00007f27d31e4e5d R08: 0000000000000000 R09: 0000000000000000
[  515.128987][T11148] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[  515.129000][T11148] R13: 000000000000006e R14: 00007f27d3304038 R15: 00007ffc76da99a8
[  515.129023][T11148]  </TASK>
[  515.381565][T11148] PM: Image not found (code -6)
[  515.813347][T11146] caif:caif_disconnect_client(): nothing to disconnect
[  518.370991][ T5150] vhci_hcd: vhci_device speed not set