last executing test programs:

9m23.282391177s ago: executing program 2 (id=3):
r0 = socket$inet6(0xa, 0x802, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x24, r2, 0x20, 0x2080, 0x40000002, {}, [@NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0x80000001}, @NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x80d1}, 0x20008004)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r2, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r4}, @void}}}, 0x28}, 0x1, 0x6c00}, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000000080)=0xa, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f00000002c0)={0x8400001e}, 0x10)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00011100ffffffffffffff81000000000000040000000014", @ANYRES8=<r6=>0x0, @ANYRES32=r5], 0x30}}, 0x0)
connect$inet6(r0, &(0x7f0000001940)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRES64=r6, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r7, &(0x7f00000021c0)={0x2020, 0x0, <r8=>0x0}, 0x2020)
write$FUSE_INIT(r7, &(0x7f0000000180)={0x50, 0x0, r8, {0x7, 0x29, 0x1000, 0xffffffff85000014, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800}}, 0x50)
r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x4b)
r10 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
read$FUSE(r10, &(0x7f0000000a80)={0x2020}, 0x7d)
syz_fuse_handle_req(r7, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r7, &(0x7f00000067c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00", 0x2000, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="780000000000000002000000000000040000000000000000000000000000000004"], 0x0, 0x0, 0x0, 0x0})
getdents(r9, &(0x7f0000000700)=""/90, 0x20000)
fsopen(&(0x7f0000000ec0)='ntfs3\x00', 0x1)

9m22.915697036s ago: executing program 2 (id=13):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
chdir(&(0x7f0000000440)='./bus\x00')
r5 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r5, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x5, 0x1, 0x8000000004007, 0xac, 0x3, 0x4, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0xc000, 0x0, 0xee00, 0x0, 0x3ff, 0x401}}, {0x0, 0x11}}}, 0xa0)
sendfile(r5, r5, &(0x7f0000000080), 0x7f03)

9m21.6454808s ago: executing program 2 (id=14):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x8a943, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
move_pages(0x0, 0x90249c01dd736e4b, &(0x7f0000000000)=[&(0x7f0000ffd000/0x3000)=nil], 0x0, &(0x7f0000000040), 0x0)
close(r3)
execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000040)={[&(0x7f00000002c0)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\xe5\xf5\x9d^\x0f\x121\xb3\xab?P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb8\x10\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\x03\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xe6\xa59\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf1\xc9\x06\t\xfa\xacw\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7vC\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\xc9\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']})
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000000c0), &(0x7f0000000100)=0xc)
syz_emit_ethernet(0x5e, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd6000d67a00280601fe8000000000000000000000000000aafe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="a0c20000907800001e0aa006ac1414aafc491e0aa0200a0101000000774de565d7296a273b3c21ba89649ab5fa988183279c3f82e831f16034bc8b1f5fb90d88b14161ed5f5b9237c4fc88365d9890e73ec38fb0be76cc7221ff3ed06532ac0ab0dfc9f5777e878730e3dda7f3fef9f19d61ec3cb84e4dd668ea0dd7b97acbc29a0435ff63ab83a741818eb66ac570d91f8877695ad211ddf88597238b50b7699be2a3b4fab26a"], 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7000000002060500000000000000000000000000120003006269746d61703a69700000616300000005000400000000000900020073797a3000000000240007800400028008000640000000020c0001800800014000000000080008400000001005000500020000000500010006"], 0x70}}, 0x0)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
r7 = socket$packet(0x11, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f00000004c0)=[{0x80000006, 0x0, 0x12, 0xf9}]}, 0x10)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r6, &(0x7f0000000d80)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf59f53121782a0a9370dc0feae13c8c2a1dcc8a3122aaa3dcd5b9247a915378e6492e5b94073dc", 0xb8}], 0x1}}, {{0x0, 0x0, &(0x7f0000000a80)=[{&(0x7f0000000140)="404e8269db2bfd39d0df9eda352d10", 0xf}], 0x1}}], 0x2, 0x480e0)
ioctl$KDSETMODE(r4, 0x4b3a, 0x3)
r8 = socket$isdn(0x22, 0x2, 0x10)
r9 = socket$isdn(0x22, 0x2, 0x2)
r10 = dup3(r9, r8, 0x0)
accept4$ax25(r10, 0x0, 0x0, 0x800)
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x0, 0x4, 0x5})
r11 = syz_open_dev$sg(&(0x7f0000000000), 0xb68, 0x0)
ioctl$SG_IO(r11, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0x6, 0x9, @buffer={0x0, 0x0, 0x0}, &(0x7f00000002c0)="a881e62881f1", 0x0, 0x8, 0x2, 0x2, 0x0})

9m6.402876732s ago: executing program 32 (id=14):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x8a943, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
move_pages(0x0, 0x90249c01dd736e4b, &(0x7f0000000000)=[&(0x7f0000ffd000/0x3000)=nil], 0x0, &(0x7f0000000040), 0x0)
close(r3)
execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000040)={[&(0x7f00000002c0)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\xe5\xf5\x9d^\x0f\x121\xb3\xab?P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb8\x10\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\x03\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xe6\xa59\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf1\xc9\x06\t\xfa\xacw\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7vC\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\xc9\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']})
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000000c0), &(0x7f0000000100)=0xc)
syz_emit_ethernet(0x5e, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd6000d67a00280601fe8000000000000000000000000000aafe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="a0c20000907800001e0aa006ac1414aafc491e0aa0200a0101000000774de565d7296a273b3c21ba89649ab5fa988183279c3f82e831f16034bc8b1f5fb90d88b14161ed5f5b9237c4fc88365d9890e73ec38fb0be76cc7221ff3ed06532ac0ab0dfc9f5777e878730e3dda7f3fef9f19d61ec3cb84e4dd668ea0dd7b97acbc29a0435ff63ab83a741818eb66ac570d91f8877695ad211ddf88597238b50b7699be2a3b4fab26a"], 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7000000002060500000000000000000000000000120003006269746d61703a69700000616300000005000400000000000900020073797a3000000000240007800400028008000640000000020c0001800800014000000000080008400000001005000500020000000500010006"], 0x70}}, 0x0)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
r7 = socket$packet(0x11, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f00000004c0)=[{0x80000006, 0x0, 0x12, 0xf9}]}, 0x10)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r6, &(0x7f0000000d80)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf59f53121782a0a9370dc0feae13c8c2a1dcc8a3122aaa3dcd5b9247a915378e6492e5b94073dc", 0xb8}], 0x1}}, {{0x0, 0x0, &(0x7f0000000a80)=[{&(0x7f0000000140)="404e8269db2bfd39d0df9eda352d10", 0xf}], 0x1}}], 0x2, 0x480e0)
ioctl$KDSETMODE(r4, 0x4b3a, 0x3)
r8 = socket$isdn(0x22, 0x2, 0x10)
r9 = socket$isdn(0x22, 0x2, 0x2)
r10 = dup3(r9, r8, 0x0)
accept4$ax25(r10, 0x0, 0x0, 0x800)
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x0, 0x4, 0x5})
r11 = syz_open_dev$sg(&(0x7f0000000000), 0xb68, 0x0)
ioctl$SG_IO(r11, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0x6, 0x9, @buffer={0x0, 0x0, 0x0}, &(0x7f00000002c0)="a881e62881f1", 0x0, 0x8, 0x2, 0x2, 0x0})

1m50.001103026s ago: executing program 5 (id=2043):
r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r7, 0x300000b, 0x11, r5, 0x0)
mmap$KVM_VCPU(&(0x7f0000f31000/0x3000)=nil, r7, 0x1000002, 0x213011, r2, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04)
mmap$KVM_VCPU(&(0x7f0000cd9000/0x1000)=nil, r9, 0x2, 0x11, r2, 0x0)
munmap(&(0x7f0000c00000/0x400000)=nil, 0x400000)

1m49.555977776s ago: executing program 5 (id=2048):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000640)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = dup2(r2, r2)
faccessat2(r3, &(0x7f0000000880)='\x00', 0x1, 0x1100)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000d00)=[{{0x0, 0x0, &(0x7f0000002c00)=[{&(0x7f0000000380)="08e0ac8fb1d99df61d7b518d0a62071e7ec69f658d5a52d7eb7ea31db43f8cf570f335a80860ac4cc240dc149d8468493db8aad089f590d62e0bcb9d1dcee636ee311ee51839b7201745baef82209b2ab741dc5ea481ae9dcebe39b1101a42a8c82de46107541c240ad0d9ee4a9340cffd72aaea692a60993637c81d23a0d0ebbae66f1eb2771df2482c043d", 0x8c}], 0x1}}], 0x1, 0x4000000)
r4 = fsopen(&(0x7f0000000080)='pstore\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000400)='rootcontext', &(0x7f0000000300)='5\xfd\x04\xc6\xc9]\v\xd6S9q\x0f#\x93\x9d\xeb\x00\xcf\xb2~9*\xa9\x1d:\x06u46N\xd93\xe1\xa2\x05\x83Z\xbc\xbeT\x16\xab\xfb=4\xa6\x10,\"\xee\xf8o+\x02\xd8\xaft_\r\x1d\"\xc8\\k\xcc4\x96\xdb\xb0\xadA\x02[\x16\xb4\xca\xa5n\x87\xdb\xb3\x1f\xbb\xc0\x9f\xc2\x9e\t[\xba\x9e\xfd\xc76#\x8f\xc6\xe7\x11\x8fL\xd97<cAZR\n w\xe6\x1c\xf0(\x96H\x88\x00\xd3\x1c\x16cj\x10\xd8\x92\xc9ad\xc0aR\x12\xd3\xc2J\xcb\x9a\xa5\xce#{e\xd3\x11\xc5}\xb4F1\xfb\xe6\xd4T\v\x87\x04\xcf\b.\xcaO\x04\x0f\x062\xcaL\x81\xa6\xbbp\xd3\xc6$4t (W\x92nr\xbe,\b\xdb\x7f[', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x5c0, 0x0, 0x1acc02, 0x148, 0x0, 0x10, 0x528, 0x2a8, 0x2a8, 0x528, 0x2a8, 0x3, 0x0, {[{{@ip={@local, @multicast2, 0xff, 0xffffff00, 'veth0_virt_wifi\x00', 'netdevsim0\x00', {0xff}, {}, 0x1}, 0x40000, 0x3f8, 0x458, 0x0, {0x0, 0x5803}, [@common=@inet=@policy={{0x158}, {[{@ipv4=@rand_addr=0x64010102, [0xff000000, 0xffffff00], @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, [0x0, 0xff000000, 0x0, 0xffffff00], 0x4d6, 0x0, 0x1, 0x1, 0x4, 0xc}, {@ipv4=@empty, [0xff, 0xffffffff, 0xff000000, 0xffffffff], @ipv4=@broadcast, [0xffffffff, 0xffffffff, 0x0, 0xff000000], 0x4d6, 0x3506, 0x0, 0x1, 0x2, 0xd}, {@ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [0x0, 0xffffff00, 0xffffff00, 0xffffff00], @ipv4=@private=0xa010100, [0xffffff00, 0xffffff00, 0xffffffff, 0xff], 0x4d2, 0x0, 0x8c, 0x1, 0xa, 0x2}, {@ipv6=@mcast1, [0xff, 0xff, 0xffff00, 0xffffff00], @ipv6=@private2, [0x0, 0xff, 0xff, 0xffffff00], 0x4d2, 0x0, 0x67, 0x1, 0x18, 0x10}], 0x1, 0x84}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @fd}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xb}, 0xff47, 0x4, [0x2a, 0x10, 0x6, 0x2c, 0x10, 0x3e, 0x7, 0x12, 0x32, 0x1, 0x21, 0xb, 0x3b, 0x1e, 0x2e, 0x1e], 0x1, 0x8000, 0x8000}}}, {{@ip={@remote, @multicast2, 0xffffff00, 0x0, 'virt_wifi0\x00', 'caif0\x00', {}, {0xff}, 0xd1b6c305b1e83769, 0x3, 0x2}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x2, 0x1, 0x5, 0x3, 0x4, 0x1], 0x6, 0x4}, {0x0, [0x1, 0x1, 0x1, 0x0, 0x6, 0x4], 0x2, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x620)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001280)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x18)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/cgroup.procs\x00', &(0x7f0000000800)=ANY=[@ANYBLOB="14"], &(0x7f0000001300), 0x600)

1m49.427764146s ago: executing program 5 (id=2050):
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
preadv(r0, &(0x7f00000000c0)=[{0x0}], 0x1, 0x145, 0x80000000)

1m49.288126124s ago: executing program 5 (id=2052):
syz_open_procfs$pagemap(0x0, &(0x7f0000000000))
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0xd, 0x20000000000000bb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1d, 0x0, 0x0, 0x0, 0x2000004, 0x0, 0x0, 0x1f00, 0x39, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x2, 0x200008, 0x3, 0x20000}, 0x10}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r0], 0x4c}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1m49.143139554s ago: executing program 5 (id=2056):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb0958730", 0x4c}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

1m48.994212096s ago: executing program 5 (id=2059):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0xa0380, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
close(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500))
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000a80)={'syzkaller0\x00', @broadcast})

1m33.312700383s ago: executing program 33 (id=2059):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0xa0380, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
close(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500))
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000a80)={'syzkaller0\x00', @broadcast})

30.828177909s ago: executing program 0 (id=2293):
socket$netlink(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1, 0x4)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$kcm(0x2b, 0x1, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xa43d, 0x80, 0x2, 0x3b9}, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
syz_open_dev$loop(0x0, 0x75f, 0xa382)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x20c01, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x13, 0x2})
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)

28.430684547s ago: executing program 0 (id=2299):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1c, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x10004e24}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9}, 0x94)
r4 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
fsmount(r4, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r3, 0xffffffffffffffff, 0x3, 0x0, @void}, 0x10)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)

21.083392788s ago: executing program 0 (id=2313):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f00000002c0)={0xb6, 0x0, 0x200000006})

18.576187684s ago: executing program 0 (id=2321):
r0 = socket$inet(0xa, 0x801, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x800000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000040)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x1f0, 0x288, 0x158, 0x0, 0x98, 0x320, 0x320, 0x320, 0x320, 0x320, 0x6, 0x0, {[{{@ip={@broadcast, @dev, 0xff, 0x0, 'pim6reg0\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x158}}, {{@ip={@rand_addr=0x64010100, @local, 0x0, 0x0, 'pim6reg1\x00', 'veth0_virt_wifi\x00', {0xff}, {}, 0x6, 0x3, 0x40}, 0x0, 0x90, 0xc0, 0x0, {}, [@common=@socket0={{0x20}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@uncond, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00', 0x0, {0xfe, 0x7}}}, {{@ip={@rand_addr, @local, 0x0, 0x0, 'syzkaller0\x00', 'macvlan0\x00', {0xff}, {0xff}, 0x33, 0x3}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0xff, 'ip6tnl0\x00', 'batadv_slave_1\x00', {}, {0xff}}, 0x0, 0x70, 0x98}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x4, 0x4, 0x5}, {0x0, 0x6, 0x5}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
setreuid(0xee01, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0xa, 0x2})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x30, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3, 0x30}, @flat=@weak_binder={0x77622a85, 0x100a, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
setreuid(0x0, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r5, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)

17.84403211s ago: executing program 0 (id=2323):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048801)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x4, 0xc0000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x3}, {0xa, 0xe}, {0x0, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_TARGET={0x8, 0x3, 0x4}]}}]}, 0x3c}}, 0x20004055)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x13d33d22e8a65c15}, 0x4008840)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

15.483987721s ago: executing program 1 (id=2333):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
sendmmsg$unix(r2, 0x0, 0x0, 0x40)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000b00)={{{@in6, @in=@initdev}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f0000000240)=0xe8)
geteuid()

14.941198119s ago: executing program 0 (id=2334):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/12], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6(0xa, 0x3, 0x3c)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000100)=@ethtool_link_settings={0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, [0xa1010000, 0x0, 0x0, 0x9, 0x832]}})
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4000, 0x0, @remote, 0x5}, 0x1c)

14.49863311s ago: executing program 1 (id=2340):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)
r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0xc8601, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000080)={0xfffffffe, "0600000000000000c64c3b6e6ff82a75e5318fca4288c2ffbd7e151ae70acd2c"})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@func={0x2, 0x2000, 0x0, 0xc, 0x2}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x28}, 0x28)

12.108192569s ago: executing program 1 (id=2342):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x10, 0x0, 0x7fff7ffc}]})
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = eventfd(0x3)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f00000000c0)={0xf000, 0xf000, 0x0, r3})
close_range(r0, 0xffffffffffffffff, 0x0)

12.099485298s ago: executing program 3 (id=2343):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
r1 = socket$packet(0x11, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006, 0x0, 0x4}]}, 0x10)
syz_emit_ethernet(0x33, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x25, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x11, 0x0, @gue={{0x2, 0x1, 0x1, 0xfd, 0x100, @val=0x80}, 'N'}}}}}}, 0x0)

11.795682324s ago: executing program 3 (id=2345):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
timerfd_gettime(0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)

10.384114632s ago: executing program 3 (id=2346):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x10004e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9}, 0x94)
r5 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
fsmount(r5, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r4, 0xffffffffffffffff, 0x3, 0x0, @void}, 0x10)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0)

10.329980319s ago: executing program 1 (id=2347):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000340)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
sendmmsg(r0, &(0x7f0000001300)=[{{0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000e40)='P', 0x1}], 0x1, &(0x7f00000010c0)=ANY=[], 0x10}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)=[{0x28, 0x110, 0x34f, "8bf70e18db2d0acd87f60b19b33b4ab02a"}, {0x1010, 0x11, 0x52b0, "4ea55e75487eafe63e6d297f7152e58efaffae3f07ec496de6f785d31370e27a8a0a347358e1ff84c2718cb4c4acdd3e4baa91177d1aa0a3ba22cd8d145da39896ebf1aacaea5694765471395199fecbca299a67e129efe286643183c528fc7832e1daef4f08f6aae5d98d2e47b4f90b7e6d329ec9d201c401ec19eef262709da2d8756fb73abb405289b3d41098463a3616f0fa411f8c9671ce383623ed0c8ea9e665831f7668809a08c43820837fc3d89e25d540e1c1a1a5be3368a3bff8acea7c22024d77dcc6ca3de4ee2f486355eddf0ffa0db3359338349654a16e7f9a91ddc1e740c4a34121024ef3ab07cbe8eee92a4340750445a2294dbd1ee5049bbfb5f80cd539fdcae2fefe3411c90280bd56c5f39f263819dfd8660528d5fdb2e3e062d99959648ef620f8ae9f40f8d4d9002006b7df34335c12345f3ed84f99be3b0bf8bcfb32e8afe8a74414e973212a8e50cfb062b391b5eba468a9d1d1920ccfe0c954c28317a7cf8701621694152388ab644a78ae041bfa0552db0f7bcf2e6f3ba5f946d39e42a2a859ab6512cce5c09d991087d35c14701642508b307e8136f59379c9dea2bd4fd3794fe92f0ae47c9b4c957d701566cb4074800232123c2cf218e7d52192212303f2ac71ae618138578f21ec5585a620b986a35e3c644a3378ea92e25abeed46bfe44f116e64925a9cf485875eb000ac047fe7274b8c6c2767ccf6d90f61cee179a920109db8e6ba7c43366153e22d546c5e0547701a841cd1713ace4b06aaed45dc46295d94e973efb34754426c8410aa57c22b3707ecb52e2bd33ed5404c104d7e0f69a947d53dbb4805397fe1a6eca67b58b684c2c68803994d6049f2fede6a15ba8f5fcb91bb0ee8b69d30690f2ca29b7145901f1f58fb03464afd7075a7afcaffb94dc679bf87b9bf99e98ec11030bcb64ffea9b7d66b6783671b4ab186aa67dc4e56fba81b9dd7bc69ac6406eed399a24c6261ecbf6bea548c2856eef3f988297a0eb0806ecbbceae999227e3a11f6551c0f5039f6a80ec9dd2ca70f5af5c91ee998727a3b2eb90a1f78cb8c257de3d25ca0184bf7ddbb6bee08f9b8c4e5240366eb242b91fca8aeb87ab41f01491d6919bc883509bccabb13281e2011439ca6689c5ef99417df246f62833a4142e74ac5c3ef72aa5b2f77eb96636fd203555f8d1426f017f96ea1d783786a9acd6b63140569fccd499182020361dfa520b7455a3741188b7ca3bf867929ca65e493eab74242abf494a7411a2c268a08db42db6a196a1f405eb3e37b7e5982a907eda24e520c0185b744b5f1819976695544a52a70283708a61bca37f8d03556ee5338ade063ca88e5f1993f8153338ef036af366185ea9723b66303914450f446d598a4493c20bc13c402be88dcc52693bd5b68e9f411d790b9969c3a4117269d45554f6819a86fcea883e8c1361a609fcdcc02678594e7447339dc036ec4f9396627357927511daae47dcf4a9cd723f4f58e177a3ec08c98deb71099cf3fd998e6fae2cde792727fa9c27e2e4fcafa2691f8b92a564a0e9ee0b7d69b97107352ea7daa1a804d57e4ef47b0395159e344ee7b01ccec23791180f2d6e430b64b0426feb575bc5deafcb7710a8d241610412abc484c2bb69ba7dcfc8387b03634609d6e1371061f4d6c31f1b8bbca69d02817564b962749bdcebd7d34d328851de4adfb29ec36b13ba2f47b1329f7af9f6ba8e39878721ed9709b8fc9a99080d629617b405581dee59b6a01607306eb00be468ee66ac2fca775d35eeb4c4aecf5e34a0d5911a1ca7c3e1420b1e6ecc8c28d7993ab4b103546468b11304cc825eef941192e64534400d298ff6232f262be8162e035e6fa951cda94ce16f2c9d6e9194a129d68b435699b61bce4b8a82934a2b6d093554723c02c89c93b4aba7447ddf9ed98d2764e27ca0acebfd0545bf598565168cf4511490092a7c2645953a301ae08388901f5e043cc931bf50542fae8aa8f9b146e5074ca2127d48ec76658f78cef8038bfd511ca1fc793e7f6833a8abf2b8239611e19bc0d0975312665373b8c2b5cb492f5934e50bf8096b2cea5d52907336b04c22ede617bf53cf45c9332566025da2466b281b2b6bbf033995b1905cc95aa75c23c997ee67fb9f6b0f3ed6195e0f26c48b3eb2ac5e085c3b3413989747d8249a97198094b19811c42b616c627740e15991b37e0ca928480561524a9787bb44eeb68b7359b91a682e7a8931907297207b6a9e1dc5256f3b7ef6aa675b2fc917a8bc52231fef625d0cec679f70638adfeb6f269b0718b71651b1414aafc541e675d929b03e6d22e944d945bc08cca902062bb2e7d61f25e3c7d48998fc683774a8e8ebefadd2cea34dedae1e38d5c83a6e1cf1e8ca0552358c28ce9ef461ad682cd74f282f6632af76ad624076a460286b9020804be43c78a0aa926b78ef848d70c07134127a4b14dfed2ccd3df7cefc8eebee5506c081953059dbdef9fad5091bf0e8e7d363e6c2768f9f987183d9bc9c22f6e8a37a24a23c6d90a44ac2b083c291670695f98080ae098ee34b260b433854c65141c751030bbae5ff95e9fe62def0ab7c7aa742304577f779fe9cefd923486d3b8950f979282a5ee22ff71ec6eae2b7c3fc89fa1dfacd3b4b3cfc39d5cf6cada43e2e5e3ee925c400da35149e245fd7d7ae0be53965314562ed960a86267302b9b6618c49052cff73cf573c4263d3c50fc9453bb35259792ac2d2e37acb329f07bde95d513688191b176e3a3a7670e59e8c7ea1098a09f86d788189024aa977ec141c6b886ed032c7570398b14d0ba94b0c6229d1a2e0b582eef17f93db84fd4a75c1ca9f348e67c5b6ff4eb403db9e00c24fbcf7fabfc29ad6fd76c26a28a2e56111d35f061f2b82509519fb9e27f3d78ff68c8af5b026536a060befdd0786630e9f64ad6b0b5c2f6681e64766163aee009596a6dc3ee05bf1f39c44ddf70bc6d839aa7bc60708543349343bfcfcd05b9374f05488570068303f2de34229a5641204d635421e65c2831510d47ce8fd3255c640125a4a8236781b267e3fe7dde480d643eaaab78bdcea98daf94cb1f65c62c0c9bac39e6e8fe65677a7bcf1e19a353870bab9fcb0c45a8bfa8c372d55bee710466a4dae27897ea23e25a9ad0beca7339502bacb54a822ca77feeb7459b6593705b051b49c3b9400059eed0fe37f6a2255f1a63c79b1eb1676288cc764ab1d3475088ce29ca0ab7f39acc105c4580624754910c95ec70c7465a399a950c25ba3c159fc685fa226b0cd759bceb83fbbbc7f3d25981b9f42ee838ca05e3ba8ed49b4449a87c89a27357e7533546b31ae823ad6f0a81dda46d6fca845c6eedf3acefc210b659f79d81d05c06ef3d583c5b8173cc2190b5b3af0b2f084b9203b5da285743ed101b0f88e584929333a3f09b6d95bdd404a1820768df56edb54488bc316996292217a69da720e41b9ed7fbd6c49e1e512809e87052d629a74c5ee242f467b87e537fdb09461c9f8e4c193ed454f2f8011bef1ce833062758174b9f88c7cfa33f02e323e3d509e71ee2e1017e5801aed41285b92c0527962b21facc4a5e5b84b1f673c84ce91315b1bcf12947a95bb9095fdb40ee5a9a02da69450c6b72e0f431936d7588576b04d119564eec72c203a3f2fb6a5cf621a713509c4a1e58e121ddb1afa90b2826f01ad98a16aa7e8f8c3025d7f9965e98240c1653d816b8a2596c342e4d7cd9956d0e8bc4ff11e1df23026e7e01ee208a3f852cb658a42431cece87c656146d09ff80b2c3edac24ff08f9b007832ded5ce6f64214ad4a06da59abd9c4c0bbcbb6bfc6aa23c72364eec906af664c3ae067f0b120580e4bdb0c238f58ac0cdb4e87f8c3fd8e7e2fa548899edb7cb02c168eea2f627275a3d67a97a0248270ce501604a436605904c7717b1cfdd18db19269d40684a90d0e19043a95bd10eb21a681f6b544c44d545509fa50be3b1c88f5ad86eb0dab632ead4d359b82f7c664d0b534d39933b945bb9d8da97b15991c0846224a6d7ee9bf4778dd4c66ac3c6bb6e4f1a64b473f6f7d7345e979d061106eb0f367658b5e5dfa065db6fa308eed312ba8815296b51f6a49afef58a4f693d61330021bb17f3b2780a6a9fc91ea0ec67a462b0828711f97f68b50887bf53f4c380ee33a409889f06ea88483527ada1441922daa5dfcd0f775e5db897d31308650122db49dcfb7e574a423fe4ce71d96e7562e0a5cb390bea82eb4440b5b180a56d28bc7b368a787e9369ab9ea0495b1a9221ed2520de338934e9b42a78ad8aea604bae8bf1d8a6d5d9b9e34a46e34d2768573dd7f7fd2ac3856639ea6813ef7cf284314260741bb0d884ecf9a4463a4953bd2044b7fb821a54f518a9edffa6af70d4c1e38bc80155fdd908d9ff96f26ef64042b6ffc42c0f64df0d21fd842924d0f12a017919dca02253b5c421d4a248362af598ed208b8b40fbd913b1ee988330611c65f0227005f7b425ccd2d4efedae549586a9df1fd2a2499a567eee02f6e8e97c75347ca01b9d43c0031871e663d53e86e51ea16187c9ece5b7de8d972394ea8808273b47350e11909d6f90ac6f35f9ef2b3afb097097713a2003a08a7d66c83e46201d8c28d77b67b9a20c9210ad7844eb55f8da78fe3e6a13c18f2f297a06432809c13bd923e275f0362568e6d6caedeb0e2817837634a0480de4f9bc228a6cbecca5adfd0c7af0faa82cfc5ef9325d19256ad8a45ac63ca80c75bf18ec49d447aee5633b84674d3fb6d30106f9b43ad773c83f2917bda611a508cd9fbf6e8ad397d1646fb8b0a01bd407ec3890254d6ee6be7a6c552e37779ca12f7aa6f705bbdbc8056ee4f92b4589fee9ebd069f4580a5bdc58d09f658f6e93594202552c74229e569db768a45e2d3a4c52014d9de06c2c53d46a24e0c6142f5cf59a5b873ccafe51d763298feea6a19041bbba03f36a2defe233f3abe0069d01df6f57a4f71eed6313db374a58c0e0082ee0175ab558299cf4dddff3271d96c0130ed12c4e63e50fb4f1467381b172d3384c54ac12e519489a26dc7a59133e8a6a19b214cad68c8f61c5b6296ec9e7536f2f033037f7d88030d840bbb6ac28d26977a5bd9393add97c0df664ecf16790414ad97f0525d27e98154891b5ed41cd6152a8403ca01aae18d2faf7fd04f22035e6ed4682c0b294e9d5e29b182fb384eebcc177ade3027f52e14227ebbdc6ea8337d74bbdb75de26a53fda31945209e6ac0924d80200ba1da21d979552651025f82550c2c384eadbb6cc48aa1d2465f1d433b4f16fa38dc76282ff9029ac66793209fe4646d468992d33c4d31dd4f24d0b2d8200415ea23e7a669c07eb4e68ab023f4ee5ec63ec0055d758db936c3d6e1085c9c8f31f8453a38ade31b98f3faa54195b63affc57cc991e6fe421f58a67822c45cd35e3c4e56bbc779e9f9bfadc05408ed4fc5effd16e2ffd62d1f4454ca375d49604573f167ac4ffa5db33e497fd1cc81038c7e16d7aa780a366c10810a578df188d661bba28a9b48c7eb4638943c40834e54b7ae245d834305d1febe42b0439c13287eaf9154c6dd43352c127e1119ea9d18bba6ca192dea24517cefd6dd0c2eeaa31a9966d1913d69ec4637982f0b79c1486f34c997d7fb2e6de3e0b1be1d28a3fdacbe667c1cd06eb9ce8eff4280aa35c564a531a46f9795a3ca411e9a264bb03c62b57e9bfe71d720c73af53aa7202a5ff23304871bf92f120e289d05507900fd2cdc877e01c"}, {0xa8, 0x109, 0x8114, "4f0c8c2813941acdff321d5a4f3bf9a522226c7c7013e2e825a57b78086fb9f0d1808fffc3d2903d85e2d58a70d276344d19212a189e268cf479f6707f473515850fe1af4f89c23181e2df9cba93f58cd6f03a0d6921f0be27f04e45c0665a04256411b69cad42963da76f20ced356ded45e07b83ebb8af87e2007d897c07859a23cead8e4af227b4c07e0adb8be1ce2aa"}, {0xf28, 0x3a, 0x8, "f3819ebf67807b48fc4f0108e19d79ef49ff96692868449173500223ead4bb0ba3e8d3844b79673cc4b555c8e5d78e5d5e3f31e1edd096c4f07c6f7cf21fb978837503601cc54ddf0711f80145dbae2117cb15faae8494c08a395f1428069138dbd473197fbf4df581c0ecdb2991a14d53d2fd7b2e4701c4063a2e428805d2a423adda13525c4ec1ac66c6701abc301f657c63b0d3e514ddbe68f7ae4186b917e2154a9cf1ca16d2abb000bff18a2ee07390aca7555c4ff1c6019245fa77b91bbd6ff12d065b7a9f8eede1ba426045b3390d149c7fb0c63b0a4014141ff954a9f50c107dd105bc7ec6e20c7b5876756b4d239fc61c9d22cdaa466fc1cfc15b891d4d7b678b42d4a082b2260d44dd3cac3bd9cd18a1ac59b0795a6feded0da1b2b07c8781633db5b265a7a2c34bcbe559b575738ef1ed0b46df0acd23c652a8504c0871da785ae9aa9a8f40d2f67510701598fbf6acb54245bbafcc91edf0360c61bd81ab57a5e0e0154561c776d548041d2f9bdb372abd6c9a06476edcfd91ec12340609579928d21806e9e17947a1f1dcb045a7c8acfd439acd0d539e87a9faea1137b0754e30784ac630186d9f280cc4701ee66dcda767e7bcad121f5f60584196bb098624c675558f6d4c163c8bea1d9a25982d83d3162b00f517965d9aab14e0d4b3fcdfa5da04929bc57b138b486d1376d30daa360ac67eb2ef462a4191dd85561a9dac62f79e7f026a65da644da5b19597866f6b26b33223e6421980126a424d62d8870fafde54c8d0482dc5cbc26ca96bef37127ae15ebc8afc671a1ded08d031992496093df5ebf397c9e9067058686599da8b0564501e1c454adb4a997b03f2b357627627fe3f1c93f6d1d38551068142c0cd4924a6b9b2c99ac01cbf28d383aebc7637d4d6cbfdc4a4e3687a7092453a3987f869dcf66551f63ac1ab5433baaa28c9c29179d41f4ca0cd85a90c2903c56ffcb40c0b516a7881c82f9dfc4cf25a874c67b4dc3e6efffa89f1f98fea8e0601530d761a95a77b58c591bdc1bdd37241d52f64edad5cde077756db34465116adb38beee25004bc2954120284f58b1daa9b0120992a63ef051ccbc0bef9e7c64402be47904604fcaad4dc07c16f0588b476c6a153c111c7fd5ce0571d7b5b777406bf76195e09e55c4cbf1f6b61b67b6c0917365f259e9778bf91935856f4d15f41332c0aa032635999ab61fa75b6e00166ced904d3d142538fb98746b7dcbfccf80ed0d778998b81e3df7538018308c3230bfed70c60548de58b0219dd48f73cad64421ab6d5cae86a3610cbbd9bb615b1e2e2137786a623ecafd11c69cbb5a0d47f055e0bc10f82ac2e422bb880a8a64f12fa6ed2c740c085e55e38d7841d18f4e66dfc4b1a6c90e69c26009841282ed46b1360fc0fee1c4aa141026985806f846ffd72414be38702626813e5bb9f4725fd511ffbbda4e5351982206b6358c41183bdceac49c34f5d5d627bc77f0c8dba584db4dc5d418895f1762d599d885ccaa2c7966a576e62a870c12cd1783b1c4f0b5212dfd91c70a5b9d3963f6f60b277cf96e94e6bc9d80a9d16e973f3a13357e0b32f75050cc7a63f5cf791fc264c271900fdeb16ebc365f9fbd5a88f63ce7bd76298a8c0c6514da54b1fa4f0ba1a3d0569bb6209c86faad394d34b766c8d46eb592e0e4e9fb3eedb8e79305675421a1633012fbdd0816e862ad40e1d221717fc7d447a9fb7e156327f49acfa4076f074b9b3209c6200dc450e31bc8640934fc8bd38f90fbf4ff9610cb946d37baf273d480ac54d0528def5f674bd13ae493216e9d1918debb10dab6f9117aa2a9cfb3109a28a733f6d14d316cf12c5eaa52cc65ffb3cab444c4157ec4d0acd815f9a3072e35c57b5061953b33301ccde5d8c2f8f74f3495fe6b984a5077de725eea73deea3169b037182a73dc8215c19fcb39868c04c3e71e5a4ca5b0fd13a38a4f19f70fa3371b0e1a3ae01cbfc1ab09c12c86dc20eb21347a4bd17773020046a8ef2f1c1a18d1d13116d11add5205dc43174648f5af98288003d2ceac71cd6aec172f6f96171a7385e50d503301157db10f41b06d27210603af5cce1b1cde91b26e7d3f6de06219bc0cc6b81ccb5be6481ef4bc6137429478cdf5feb7ab3c3eef891e3740ec4f72a850a2dc954fde82c910a51bf906c71f1d8af115f4073b482c83774f593a01098e04fd72711bf5179aef5a0db6aca33c552730cee532fddde8c9ac3aa15a83c2ae86857858f32fc55caae906ff24b74ffa75a561cb9813b63cd89a1d0c0d7d0614921988ac21d2e4becf95de961ba81398a05c7a82c79212b7f7066140a108ecf420746228fddc7f2fc3f544d5774f946d31adc5b6885777b3fd95fd71a7d15bcb865e9e9ef6b3d5376e104d09bbdfdc2cce503501c35d2d493c85eb3fb23d28c251727a0de694f2e8e75a26bff6d394e77bb4867ff575d7ef511f1061cbd35765a36cb7471159c65f289807cb6a4586e410ceb107287d0fc69ebaaaecfdce4d41b20b2aa62e74109d951c0f1c2ad78e60513845e20ca3f0343c40b817c61eddf770284207d628acb7e467cee954a8266cb5f998322523641ee67a9c078cccb100b61a5c87493c32ca749d2bcbad4f8368cf5219d580ae2249312b856bcf77453f59ecf133067cb6d79b65a325eac88de0db8b2af35edb92a7cf59ce75da127950ca0d4d96e161e4df1df6ca3c04e5cd0262f5451f0103c61236f22b0a50c7b1299874ede2747e303aace4e52217963ce405d6c67d01559e49065841a6c9e2f67690aad24ad3532866dfc88abf26c0877578026f8da170d41cdff6fd6dcaf4fddfd78874582b0f3704662d300b93005d93371adfb9575802a57e34a2109d4b86adb52b9c030d04b0271ce7b04a75264e412470b7ac73895037ccf4b216269e6d736db17b57077a650f85ecbdef38cc128d543e436ed667db1b3523d5af5b6e6423236e16539e0b6b830392dbd35a21457ef6a4c1f7c3781bbbe8abee181b1fe7d41babf769b4137742ee4d249c22ee94c0207fd0f86e4ea94a5eeaceed36e44682de4e0c46f866768201cd006b291667a09188e27094bf5aae7b48a824bfd7945387eb4e483ed65070fb4de15fb1a0c236defa4085f62aab08d4c9f0e29f2dbadefd8e82f84ff6045deee4ee6d5edd8b98430b3da9dce60b2f7d31192bb803b4b7e9ea3b6d6a10a0980214cc64bd6f622f7d9d4f0cafa2b324aa53aed7dceecbd3f1d5a9d67d2c8f60c5cb4e5df0696854fdea3d5f603a5dfcacf8276277adf89fc3ae8eae3166623791e3a4a8f9cb85d927e43170ccdf69c62ea64e89b29021b5ea0b8564b89cc703a33cef4ff4d24274e1e4653ed09dd20a4dbe7fd9919763078a215ae06be415a0d7f7b808ef9970491c518e040da457a393a654fabb00d614f87277b7111b068db22dd413955d40fc8c7680216a5c855d0c9dd48d37da172dbafe103bacc789df4ba7144564433053b591c0cee6611f91ac80a9b0d706d01c13c03d46f2bd02467e87ffdbab2d0e966a2881d1c3e2add3a7ad5ab87fd83e45a590a21f1bc1c52916376d1e01851627ad3ef93c612032d79a3d2f2d3c6e98fa945b7fb37adfdd60198f85b67e19c2c1bac842bb2c0b7595b907720840e86ff8ffd03500b288912db527b74e22ff1370a2333c201f0583422e8f417fade79b5d61ac3c6c7003e3cff35ea1d18a103368d0c9c4dcbcbb424548455d8c8b8b7007908de7724380b4eee1fdf8f4ffdfe8978831cdce79cc2bd2a58a0deea75d0cee0a87a8857e72b3dd8041859dc6dd9e3a434bd15e2efc264bb187dd2f71f980746aa2da1e3cd5ef98ffe8612eae8d491dd28cf5d3b3c883627b29cf3f655c174c0fbcfb74e25da40ddec12cdc9f6bc7008bf4c89b95abf761213d6526cff1afdcd4666f7a483a64afa0b81873dee788cfde980146de66704071be5c2cf5a5e89e12eb773802c1913e157b9ce0cdfea567f4e4e175ee15e8b22a1a6224e438f8c0504db092b13069547aa774c0e5cc80b3043d7a01f6cda81e5ede537f51e7a70d5add909640bfad9566faf40edf001708faa0a8ec0f33388e2392368eb045e4253e8a9031f94c2c080086a35df5e3d07de1dded47ac917d61e7195060a2f87fac4606dfff34dbf3bdc65a2307aa2d2634d23bf87564d838d283decb482de8938845d8a099eae5ffd978a0c7d201c46e7258dfd1aabc0ed02d477fb202c61184c33f2d6d61c7c9795b6a3332bec8e5a523ad8db109293a0147a423bbd7ed7570bf7303abe9b6ac39b98ef550fa8410fe3c536487d9d6dd97614d7545404df60533bdfed3be0e5845bbf79603c0603609ae3fe3ba6da922534dcecf3c63e7ae1ab938222bd422e06c573a19f61d41e2cf52e8d21f84756f0410f1d56fe4a914123643a64c85d3bbf6ce45cbec64f4681f544c5419f1c6739737c28618206d680abb646a6413bbeca3421da958b4a88307aefd8145cc4d7ed1d51f729ef44655dcc04e16deafd04dbf3289ae67836fb66911df8226ff04c82e224d17c9c0ff457a97d10e98787948a82c3135a04558515164420ab55d453d2b481ed62d535d71cc0ef04042152b70fdc21b3064b1d2beb90d04fcfbd72de3ac2ed57821da0bd5d3afbb56033f7bdd17818939b182b57bafc3fb5451cad5dce7eb316c14c2e4148568df2d82c4afb6668749aea3f3dd9703d7b0a3c2877691cac0e5b6c5792c8772095b2b689ccb5d20221eebabcbdfaeaea6adf0bdc1802a518d84af40b60ef1cfa3b9585c67ceda0ea4d91a493ecc21e3e0ce54fd1aec440c788ca1e8e20aed06223fb39c1cc367b1bcb35f76e62f02dfff9045e04239949ecd6c8fce3ced914367ecae1406fcb6c35c8c844374b0c718e0fdb828c57d785c0e00ed1db96b16b3c3ff701867bea25d851d3116a8d1165e654879ea97bba1d6dbce67c4609b4c869ffed24cbea971453bcec22413372dffbddced87eeb6a8d2e4db6ba107aa526b0f13e4fc30b311a17278f87fdbf7321aa5dbb3cb6817b4af9b505471ef7b48f3e5ac9bee4ca0d5a6609c093e26975286ee38b0c83ed38fe3bdf70ba17a15526a43052e059a50ffed24f418659e5ec1ab2f870c3481d6cc94d455dac38941405e21aa59da646db9d3e082d599d4c70d2e130841223335563b4c2a1e5a9724d15591df9202fb73320ff41e80625918048b3615ea21353f16a5708bffc35e9439cc0811cc2a133295fbd8e7629d101face42c4a0c328965f0c7c521ec78ec98c30d5c974a3e0c81643691c9fd4212217a6af0180971deeb55ea200b35618410dbc1b2dfac9da6745ef3e485171c6cf3a2eb7411349e9a2d8b4664ae6db66a7913fe3dd4bb8d583c65db6c9332ef10ce13644a813ae3f0f8d143ee9a42c96f1171c9fbb4742c34b0bfe0d0d100a9da40ccbd35f051f"}], 0x2008}}], 0x2, 0x5d2dd0c54751f8e3)

10.108089409s ago: executing program 1 (id=2349):
syz_open_procfs$pagemap(0x0, &(0x7f0000000000))
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0xd, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb714000008"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1d, 0x0, 0x0, 0x0, 0x2000004, 0x0, 0x0, 0x1f00, 0x39, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x2, 0x200008, 0x3, 0x20000}, 0x10}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a60000000000000050000001400050020010000000000000000", @ANYRES32=r0], 0x4c}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)

9.990127984s ago: executing program 1 (id=2350):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x4000000}, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x40000, 0x0, r0, 0xfff}, 0x50)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1c, &(0x7f0000000100)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x2}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xa, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x8}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
chdir(&(0x7f0000000000)='./cgroup\x00')
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents(r3, &(0x7f0000000040)=""/40, 0x28)
getdents64(r3, &(0x7f0000000f80)=""/4096, 0x1000)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x17, 0x4, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa807}, [@call={0x85, 0x0, 0x0, 0x67}]}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x5ac, 0x265, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xb0, 0x10, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x7, 0x8, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x7, 0x6, 0x20}}}}}]}}]}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b40200000000f21f61118c000000000085000000ce0000009500000000000000"], &(0x7f0000000380)='GPL\x00', 0x4, 0xc3, &(0x7f00000003c0)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000100), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x37)
setresgid(0xffffffffffffffff, 0x0, 0xee00)
r5 = socket$inet6(0xa, 0x2, 0x3a)
sendmmsg$inet6(r5, &(0x7f00000001c0)=[{{&(0x7f0000000380)={0xa, 0x4e23, 0x0, @mcast2={0xff, 0x5, '\x00', 0x0}}, 0x1c, &(0x7f0000000000)=[{&(0x7f0000000100)="a0002883781ecc0e", 0x8}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000180)={0x0, 0x1}, 0x4)
syz_usb_control_io$hid(r4, 0x0, 0x0)

9.161569017s ago: executing program 4 (id=2353):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x191)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819", 0x15}], 0x1}], 0x1, 0x40800)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
ioctl$FS_IOC_RESVSP(r0, 0xc0189436, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x9, 0x3})

7.655691699s ago: executing program 4 (id=2354):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
syz_emit_ethernet(0x5e, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x28, 0x3a, 0xff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @dev, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}}}}, 0x0)

5.45417389s ago: executing program 3 (id=2355):
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$vsock_stream(0x28, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000001200)='vfat\x00', 0x0, 0x0)

3.612012956s ago: executing program 3 (id=2356):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
r2 = dup3(r1, r0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000032680)=""/102400, 0x19000)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000002000)={0xffffffffffffffff}, 0x4)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001540)={r2, 0x0, 0x36, 0x1000, &(0x7f0000000180)="aa97ad865be8ff1640b268d178d74255d926587f2cccf65f2375acc48a8a5a632e3e9ace3a9f016f28edcff18f36d1b04a70088b4d1f", &(0x7f0000000440)=""/4096, 0x3, 0x0, 0xb, 0xc3, &(0x7f0000000240)="2a9c5a802cd1c1097adf95", &(0x7f0000001440)="f161f6250827d37a785307ca3e7a28e3a5b22de096d3d94f93090ca21d56820174ecdee3c1363c919a05c519f2a3731d106cdc599b9f4529576af67e3f9960dadb742ecbc7eac2c80a0592770de55d91ecdb81846e1fcd62338ee7667f8d8a1a546b16dd163cfa3ad230f481a7af76c7aaf94a0edb6bf73431c4d9d22302efbe5e1c936366f1ca028bb7217db000ac5202a33f57fe3d1002e7c50487c2798d1c220fe82dcd9eb02a1b6253b7506c9bd62a151e5589e554518221a259c4de95789f6761", 0x9}, 0x50)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x10, 0x0, &(0x7f0000000100)=[@clear_death={0x400c630f, 0x3}], 0x0, 0x0, 0x0})

3.611479076s ago: executing program 4 (id=2357):
r0 = openat$pfkey(0xffffffffffffff9c, 0x0, 0x800, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r1, 0x0, 0x0)
recvfrom(r1, 0x0, 0x0, 0x1, 0x0, 0x0)
setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000000)=0x1, 0x2)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setrlimit(0x8, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
setreuid(0xee01, 0x0)
r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x140, 0x0)
ioctl$RTC_UIE_ON(r7, 0x7003)
ioprio_set$uid(0x0, 0x0, 0x6007)
poll(&(0x7f0000000000)=[{r6, 0xa084}], 0x1, 0x581)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
connect$unix(r0, 0x0, 0x0)

2.385186038s ago: executing program 4 (id=2358):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x2, &(0x7f0000000000)=ANY=[@ANYBLOB="85000000840000009500000000000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)

2.055613909s ago: executing program 4 (id=2359):
syz_open_procfs$pagemap(0x0, &(0x7f0000000000))
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0xd, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb714000008"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1d, 0x0, 0x0, 0x0, 0x2000004, 0x0, 0x0, 0x1f00, 0x39, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x2, 0x200008, 0x3, 0x20000}, 0x10}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a60000000000000050000001400050020010000000000000000", @ANYRES32=r0], 0x4c}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1.72545845s ago: executing program 4 (id=2360):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x1, 0x0, @pic={0x7, 0xfe, 0xe1, 0xc, 0x6, 0xd9, 0x40, 0x41, 0xeb, 0x5e, 0xc, 0x0, 0x8, 0x40, 0x1, 0x5}})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x6e, 0x0, 0x0, 0x20, 0x3, 0x0, 0x106c, 0x80000001, 0x8000000000000, 0x80000004000080, 0x0, 0x400, 0x1, 0x4, 0x0, 0x3], 0x1, 0x3c4210})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

0s ago: executing program 3 (id=2361):
memfd_create(&(0x7f0000001080)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c;%\xb5\"\xe4\xf1x2\x8a\x19p\xfb\'\t\x19\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b\xca\xb3\xf0\x1e\xe9+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\xa7\x1dp\t\x9a\xceb \x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c<L\xaa\x87A\xcdN#\xfb\xb0\xf2\x1e\x0e#J\xd0hB<\xc0\x82A0)p\xe7&J\x82\x83\x83\xd14\x01\xcf\x1b\xa9\x1d\x1ef\x0f\x86(1\xd6l\xd2\x8f\xb0\xad\t\x15\xdb|\x87\xf1\xc4\xb8\xb2\x9a\xd2A\x80\xbf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd6\x80\x00\x00\x00\x00\x00\x00\xcdV&}\xd1\x00\x00\x00\xe6\xaf\t\x9f\x96\rN\xc9\x90\xbe\xed\x1ad\x14\xe7\x84\t\'\x8b\x00\xdd\xc9\x0f\x14v\xb6\x04\xf2U\xb4\xf6\xbe\xddT\xcb\x00\x00\x00\x00\x00\x00\xe9\x00\x00\x00\x00\x00\x00o:}\xa7jmH\xedn\x11\xfe\xe2\x0fT\x00\x94\xbc\xc6\x7f\x93eE1xp\xa3\xdc\xd7K9J<\xeb\xd2!\xf4\x19\xbd#\xb8\x83\x858\n\xf8\x12Z\x1a\x12\xfa\xcc\x04\r\xf3\xf4;\v\x15b^\xea\xa2\x04 \xe8\x99\xb3\x97\x9e\r\xb0\x05\xbb(f\xd0\x85\xc5\x15\xae#\x12Q\xacF\xfb\xc8\xbd\xcc#\v\x00\x00\x00\x00\x00\x00\x8f\x9b\x00\x03\xc8}\x11\xbc\x01\x8fi\xf5\x7f\xaf\x11\xfb\x16\x95\xdfc\xc9\x8a/&\x81w\xdf]ao\\\x88\xf7\xce\xbd\xb0\xa6J~\x8d\xf1\xe9\x1c\xcfo\xb3\xdc\x04Y\x8e\r\xf5\xa0\xeft\x06G0\xe3D\xd6\xa3L\xedN\x0e\xdc@7\xd8^\xae\xea\x92\xbe\x9c\xf9~c\xc1|\xca\x8d\x93R\xe5\xceU\xa5\x0f\xbf\xd8l\x96`\x0f\x00e\x8aR{\x17Y\x15m>\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00J[\xc4\x04\xc1\xa6\x10\xc2\x9d\x11\t|\xc0\t\xd9(\x80\xe6s\xaa\x88\x8a\xd6\xa2\x01\x10W]Z\x8d\xf7\xd1P\xf9d\x01|\xa3\x03hSq\x95\x8f\xe1J\xd3#/fcCz\xff\x80\xe2M\xa3-r\xf6\x1a\xd74\xdc\xe1\xe4\xc3\x9dU t}\x02\x9a{C|S\xf4\x98\x05\xb9\x15}\xfa\"\xdc\xc2r\xf9\a\xadnD\xb6\x06\xd3\'\x10\x9f|\x17\xd6\x89O\f\x98@\x85\xa5m\x9d\\&\x17o\x11Z=l\xfb\x93\x8exZj*\xa7z\xfd\xb9\n\xed\'\x92\xfe\xe7w\xf1$\xeax\xa7%(a\xba\xaee\xb6P}\x1f\x06og\"F\xeeL\x16[\xc6\xfbn\r\xa1\xbd\xa7\xdbm\x94G2v\xc6x\xa3\x8a\xfb\xfa\xbb\xcc\x8f\x8a\xfb-%6\x1a4\fbTR\xb4)5?NL\x96\x85\x14\fK\xfb<\xa4\f&g\n\xe1\xc8\x9f\"X\x84n\xce\tIo\x1c\xb4\xdeu_\x93Y\xb5\n\'\xba\xbdv\x8aU\x88\x88\xa9\xcaiv\xbcc\xc3\xb9\xb3\x1d\xea\xdf\x1cQ\x02\xf3\xe8+U\f(h\x1a+\x9d\xae\x19\xf2\x8fr\xca\xa4NUD\x00\xab\xe8\xbf+\xa5\xeb\xaf\x17\x8e\xfbQ\x05\xed!\xfe_L\xb1\x97\xe7\x02)\x1e\xd0\xfcj#r\xcb\xb4\xa6\t\xc3:w\x0f\x82,\xd3\xe5\r\xe1\x85\v\xc5y\x88\x89z_)\x8dV>M5\x90\xd3.\x8a_\xfa\x9d\x98\xef\x97\tiBY5\x84~\xff\x8d\xbb}I\xa1)\xea\xb5l\x19\x00\xac\xc1\x14#\xbc=\xf4\xac\xde}\xf5\x12\xc5\x83\xf6\v\x1b\x92\x02\"\x10^\n\x96\xc2\xbcK9\x02\xb74B\xb3\xcbt\xde\x9e\x82S\x8f\xdb\x94\x02\x90Sb\xb8\xcbS\xbb\xca\x83x\xd5j\x90\xf1\x91\xe0\x8aQl\n^\xbc\xea\x90$\xb7\xaa)\xad,\xb1g\x94UGj\x8c\xc6}U\x02\\\"fb\xc3\x0e\x84%F\xa5\x14\xfb\x89t\xef\a\xdb\xab/\xe3\x8c 5A\xcd\x02t', 0x2)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
r0 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)

kernel console output (not intermixed with test programs):

0x3a0
[  256.252891][ T7759]  ? __netlink_deliver_tap+0x807/0x850
[  256.252907][ T7759]  ? netlink_deliver_tap+0x2e/0x1b0
[  256.252928][ T7759]  ? netlink_deliver_tap+0x2e/0x1b0
[  256.252950][ T7759]  netlink_unicast+0x846/0xa10
[  256.252972][ T7759]  ? __pfx_netlink_unicast+0x10/0x10
[  256.252989][ T7759]  ? netlink_sendmsg+0x642/0xb30
[  256.253002][ T7759]  ? skb_put+0x11b/0x210
[  256.253022][ T7759]  netlink_sendmsg+0x805/0xb30
[  256.253035][ T7759]  ? is_bpf_text_address+0x26/0x2b0
[  256.253065][ T7759]  ? __pfx_netlink_sendmsg+0x10/0x10
[  256.253089][ T7759]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  256.253106][ T7759]  ? __pfx_netlink_sendmsg+0x10/0x10
[  256.253120][ T7759]  __sock_sendmsg+0x21c/0x270
[  256.253142][ T7759]  ____sys_sendmsg+0x508/0x820
[  256.253164][ T7759]  ? __pfx_____sys_sendmsg+0x10/0x10
[  256.253189][ T7759]  ? import_iovec+0x74/0xa0
[  256.253206][ T7759]  ___sys_sendmsg+0x21f/0x2a0
[  256.253224][ T7759]  ? __pfx____sys_sendmsg+0x10/0x10
[  256.253272][ T7759]  ? __fget_files+0x2a/0x420
[  256.253289][ T7759]  ? __fget_files+0x3a6/0x420
[  256.253318][ T7759]  __x64_sys_sendmsg+0x1a1/0x260
[  256.253340][ T7759]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  256.253366][ T7759]  ? __pfx_ksys_write+0x10/0x10
[  256.253386][ T7759]  ? do_syscall_64+0xbe/0xfa0
[  256.253406][ T7759]  do_syscall_64+0xfa/0xfa0
[  256.253431][ T7759]  ? lockdep_hardirqs_on+0x9c/0x150
[  256.253449][ T7759]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.253462][ T7759]  ? clear_bhb_loop+0x60/0xb0
[  256.253480][ T7759]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.253494][ T7759] RIP: 0033:0x7f43ec35f749
[  256.253509][ T7759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  256.253520][ T7759] RSP: 002b:00007f43ea5c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  256.253536][ T7759] RAX: ffffffffffffffda RBX: 00007f43ec5b5fa0 RCX: 00007f43ec35f749
[  256.253546][ T7759] RDX: 0000000020000000 RSI: 0000200000000100 RDI: 0000000000000003
[  256.253555][ T7759] RBP: 00007f43ea5c6090 R08: 0000000000000000 R09: 0000000000000000
[  256.253563][ T7759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  256.253571][ T7759] R13: 00007f43ec5b6038 R14: 00007f43ec5b5fa0 R15: 00007ffc0a08ae68
[  256.253597][ T7759]  </TASK>
[  256.826868][    T9] usb 6-1: new full-speed USB device number 18 using dummy_hcd
[  256.990145][    T9] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  256.990183][    T9] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64
[  256.990209][    T9] usb 6-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 20
[  256.992637][    T9] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  256.992664][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  256.992683][    T9] usb 6-1: SerialNumber: syz
[  257.119071][ T7765] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  257.342026][    T9] cdc_acm 6-1:1.0: Control and data interfaces are not separated!
[  257.352224][    T9] cdc_acm 6-1:1.0: ttyACM0: USB ACM device
[  257.366514][    T9] usb 6-1: USB disconnect, device number 18
[  257.746050][ T7785] netlink: 8 bytes leftover after parsing attributes in process `syz.1.524'.
[  257.746177][ T7785] netlink: 8 bytes leftover after parsing attributes in process `syz.1.524'.
[  258.006470][    C0] vkms_vblank_simulate: vblank timer overrun
[  258.255665][    C0] vkms_vblank_simulate: vblank timer overrun
[  258.522429][ T7792] veth0: entered promiscuous mode
[  258.532736][ T7790] veth0: left promiscuous mode
[  259.729492][ T7791] netlink: 20 bytes leftover after parsing attributes in process `syz.3.525'.
[  259.958363][    C0] vkms_vblank_simulate: vblank timer overrun
[  260.187437][ T7833] overlay: Unknown parameter 'pcr'
[  260.194186][    C0] vkms_vblank_simulate: vblank timer overrun
[  260.933068][    C0] vkms_vblank_simulate: vblank timer overrun
[  261.006955][    C0] vkms_vblank_simulate: vblank timer overrun
[  261.416487][ T7843] netlink: 68 bytes leftover after parsing attributes in process `syz.0.545'.
[  261.514290][ T7847] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  261.746480][ T5887] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  261.831292][  T994] libceph: connect (1)[c::]:6789 error -101
[  261.832043][  T994] libceph: mon0 (1)[c::]:6789 connect error
[  261.877182][ T7850] ceph: No mds server is up or the cluster is laggy
[  261.887636][  T994] libceph: connect (1)[c::]:6789 error -101
[  261.887840][  T994] libceph: mon0 (1)[c::]:6789 connect error
[  261.917400][ T5887] usb 6-1: Using ep0 maxpacket: 16
[  261.932878][ T5887] usb 6-1: unable to get BOS descriptor or descriptor too short
[  261.934729][ T5887] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  261.934751][ T5887] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  261.979631][ T5887] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  261.979670][ T5887] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  261.979689][ T5887] usb 6-1: Product: syz
[  261.979702][ T5887] usb 6-1: Manufacturer: syz
[  261.979716][ T5887] usb 6-1: SerialNumber: syz
[  262.262086][  T994] libceph: connect (1)[c::]:6789 error -101
[  262.264874][  T994] libceph: mon0 (1)[c::]:6789 connect error
[  262.898572][ T5887] usb 6-1: 0:2 : does not exist
[  262.904299][ T5887] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  262.922489][ T5887] usb 6-1: 5:0: cannot get min/max values for control 2 (id 5)
[  262.928015][ T5887] usb 6-1: 5:0: cannot get min/max values for control 3 (id 5)
[  262.940760][ T5887] usb 6-1: 5:0: failed to get current value for ch 1 (-22)
[  263.058679][ T5887] usb 6-1: 5:0: cannot get min/max values for control 3 (id 5)
[  263.085458][ T5887] usb 6-1: 5:0: cannot get min/max values for control 2 (id 5)
[  263.110726][ T5887] usb 6-1: USB disconnect, device number 19
[  263.233240][ T7855] Bluetooth: MGMT ver 1.23
[  263.245430][ T6916] udevd[6916]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  263.867133][ T7874] FAULT_INJECTION: forcing a failure.
[  263.867133][ T7874] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  263.867166][ T7874] CPU: 0 UID: 0 PID: 7874 Comm: syz.0.555 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  263.867186][ T7874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  263.867197][ T7874] Call Trace:
[  263.867205][ T7874]  <TASK>
[  263.867213][ T7874]  dump_stack_lvl+0x189/0x250
[  263.867243][ T7874]  ? __pfx____ratelimit+0x10/0x10
[  263.867265][ T7874]  ? __pfx_dump_stack_lvl+0x10/0x10
[  263.867290][ T7874]  ? __pfx__printk+0x10/0x10
[  263.867311][ T7874]  ? __might_fault+0xb0/0x130
[  263.867346][ T7874]  should_fail_ex+0x46c/0x600
[  263.867374][ T7874]  _copy_from_user+0x2d/0xb0
[  263.867395][ T7874]  userio_char_write+0xc3/0x490
[  263.867415][ T7874]  ? do_raw_spin_lock+0x121/0x290
[  263.867436][ T7874]  ? __pfx_userio_char_write+0x10/0x10
[  263.867458][ T7874]  ? rw_verify_area+0x25b/0x4e0
[  263.867478][ T7874]  ? __lock_acquire+0xab9/0xd20
[  263.867498][ T7874]  ? __pfx_userio_char_write+0x10/0x10
[  263.867517][ T7874]  vfs_write+0x287/0xb40
[  263.867541][ T7874]  ? __pfx_vfs_write+0x10/0x10
[  263.867572][ T7874]  ? __fget_files+0x2a/0x420
[  263.867598][ T7874]  ? __fget_files+0x2a/0x420
[  263.867619][ T7874]  ? __fget_files+0x3a6/0x420
[  263.867640][ T7874]  ? __fget_files+0x2a/0x420
[  263.867671][ T7874]  ksys_write+0x14b/0x260
[  263.867693][ T7874]  ? __pfx_ksys_write+0x10/0x10
[  263.867717][ T7874]  ? do_syscall_64+0xbe/0xfa0
[  263.867745][ T7874]  do_syscall_64+0xfa/0xfa0
[  263.867767][ T7874]  ? lockdep_hardirqs_on+0x9c/0x150
[  263.867790][ T7874]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.867807][ T7874]  ? clear_bhb_loop+0x60/0xb0
[  263.867829][ T7874]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.867846][ T7874] RIP: 0033:0x7f8c5e38f749
[  263.867862][ T7874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  263.867878][ T7874] RSP: 002b:00007f8c5c5ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  263.867897][ T7874] RAX: ffffffffffffffda RBX: 00007f8c5e5e5fa0 RCX: 00007f8c5e38f749
[  263.867911][ T7874] RDX: 0000000000000002 RSI: 0000200000000100 RDI: 0000000000000003
[  263.867922][ T7874] RBP: 00007f8c5c5ee090 R08: 0000000000000000 R09: 0000000000000000
[  263.867934][ T7874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  263.867945][ T7874] R13: 00007f8c5e5e6038 R14: 00007f8c5e5e5fa0 R15: 00007ffe8652e228
[  263.867977][ T7874]  </TASK>
[  264.304851][ T7883] netlink: 88 bytes leftover after parsing attributes in process `syz.5.556'.
[  264.320259][ T7883] binder: 7881:7883 ioctl 4018620d 0 returned -22
[  264.353138][ T7885] syzkaller0: entered promiscuous mode
[  264.353164][ T7885] syzkaller0: entered allmulticast mode
[  264.894240][    C0] vkms_vblank_simulate: vblank timer overrun
[  265.829010][    C0] vkms_vblank_simulate: vblank timer overrun
[  266.395124][ T7913] netlink: 88 bytes leftover after parsing attributes in process `syz.5.570'.
[  266.409403][ T7913] binder: 7912:7913 ioctl 4018620d 0 returned -22
[  266.706055][ T5890] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  266.751793][    C0] vkms_vblank_simulate: vblank timer overrun
[  266.836117][ T5890] usb 2-1: device descriptor read/64, error -71
[  266.887013][ T7920] netlink: 'syz.4.573': attribute type 21 has an invalid length.
[  266.887128][ T7920] netlink: 156 bytes leftover after parsing attributes in process `syz.4.573'.
[  267.076120][ T5890] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[  267.136053][ T5948] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  267.206308][ T5890] usb 2-1: device descriptor read/64, error -71
[  267.296090][ T5948] usb 1-1: Using ep0 maxpacket: 16
[  267.298375][ T5948] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  267.298400][ T5948] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  267.298418][ T5948] usb 1-1: config 0 has no interface number 0
[  267.298467][ T5948] usb 1-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  267.298514][ T5948] usb 1-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  267.298536][ T5948] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  267.313883][ T5948] usb 1-1: config 0 descriptor??
[  267.316335][ T5890] usb usb2-port1: attempt power cycle
[  267.335520][ T5948] usbhid 1-1:0.1: couldn't find an input interrupt endpoint
[  267.475726][    C0] vkms_vblank_simulate: vblank timer overrun
[  267.675535][ T7933] syzkaller0: entered promiscuous mode
[  267.675562][ T7933] syzkaller0: entered allmulticast mode
[  267.766123][ T5890] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  267.803035][    C0] vkms_vblank_simulate: vblank timer overrun
[  267.826674][ T5890] usb 2-1: device descriptor read/8, error -71
[  268.107094][ T5890] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  268.131876][ T5890] usb 2-1: device descriptor read/8, error -71
[  268.236623][ T5890] usb usb2-port1: unable to enumerate USB device
[  269.298439][ T7964] siw: device registration error -23
[  269.884215][ T5807] Bluetooth: hci5: Unable to find connection with handle 0x00c8
[  269.904107][    C0] vkms_vblank_simulate: vblank timer overrun
[  269.994508][ T5890] usb 1-1: USB disconnect, device number 19
[  271.249660][    C0] vkms_vblank_simulate: vblank timer overrun
[  271.699083][    C0] vkms_vblank_simulate: vblank timer overrun
[  272.254554][    C0] vkms_vblank_simulate: vblank timer overrun
[  273.956195][ T8005] netlink: 88 bytes leftover after parsing attributes in process `syz.5.605'.
[  273.957908][    C0] vkms_vblank_simulate: vblank timer overrun
[  274.008546][ T8005] binder: 8004:8005 ioctl 4018620d 0 returned -22
[  274.236066][ T5948] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  274.406236][ T5948] usb 4-1: Using ep0 maxpacket: 16
[  274.455371][    C0] vkms_vblank_simulate: vblank timer overrun
[  274.496875][ T8017] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  274.498753][ T8017] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  274.501274][ T8017] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  274.501588][ T8017] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  274.502603][ T8017] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  274.502810][ T8017] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  274.503665][ T8017] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  274.503862][ T8017] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  274.503882][ T8017] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[  274.806651][ T5948] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  274.806712][ T5948] usb 4-1: config 0 has no interface number 0
[  274.809381][ T5948] usb 4-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  274.809630][ T5948] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  274.809655][ T5948] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.352886][    C0] vkms_vblank_simulate: vblank timer overrun
[  275.354341][ T5810] Bluetooth: hci5: Unable to find connection with handle 0x00c8
[  275.370617][ T5948] usb 4-1: config 0 descriptor??
[  275.724054][ T5948] usbhid 4-1:0.1: couldn't find an input interrupt endpoint
[  275.796751][    C0] vkms_vblank_simulate: vblank timer overrun
[  277.089563][ T5887] usb 4-1: USB disconnect, device number 19
[  277.169033][ T8045] netlink: 88 bytes leftover after parsing attributes in process `syz.0.617'.
[  277.204488][ T8045] binder: 8044:8045 ioctl 4018620d 0 returned -22
[  277.755136][    C1] vkms_vblank_simulate: vblank timer overrun
[  277.882095][ T8062] overlayfs: failed to resolve './file1': -2
[  278.087605][    C1] vkms_vblank_simulate: vblank timer overrun
[  278.255349][    C1] vkms_vblank_simulate: vblank timer overrun
[  278.424499][    C1] vkms_vblank_simulate: vblank timer overrun
[  278.468252][    C1] vkms_vblank_simulate: vblank timer overrun
[  279.067075][    C1] vkms_vblank_simulate: vblank timer overrun
[  279.499766][    C1] vkms_vblank_simulate: vblank timer overrun
[  279.566199][ T5887] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  279.716027][ T5887] usb 1-1: Using ep0 maxpacket: 32
[  279.718683][ T5887] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  279.718709][ T5887] usb 1-1: config 0 has no interface number 0
[  279.722049][ T5887] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  279.722077][ T5887] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  279.722096][ T5887] usb 1-1: Product: syz
[  279.722110][ T5887] usb 1-1: Manufacturer: syz
[  279.722123][ T5887] usb 1-1: SerialNumber: syz
[  279.788169][ T5887] usb 1-1: config 0 descriptor??
[  279.817972][ T5887] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  280.104721][ T5887] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  280.159310][ T8082] netlink: 'syz.1.630': attribute type 12 has an invalid length.
[  280.159329][ T8082] netlink: 'syz.1.630': attribute type 29 has an invalid length.
[  280.159342][ T8082] netlink: 148 bytes leftover after parsing attributes in process `syz.1.630'.
[  280.159372][ T8082] netlink: 'syz.1.630': attribute type 2 has an invalid length.
[  280.159384][ T8082] netlink: 'syz.1.630': attribute type 3 has an invalid length.
[  280.164069][ T5887] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  280.245767][ T8067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  280.248715][ T8085] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 4, id = 0
[  280.250043][ T8067] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  280.386759][ T8088] overlayfs: failed to resolve './file1': -2
[  280.455362][ T5948] usb 2-1: new full-speed USB device number 15 using dummy_hcd
[  280.509170][    C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[  280.518769][ T5887] usb 1-1: USB disconnect, device number 20
[  280.535812][ T5887] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  280.553002][ T5887] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  280.554004][ T5887] quatech2 1-1:0.51: device disconnected
[  280.648482][ T5948] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  280.648516][ T5948] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  280.648544][ T5948] usb 2-1: config 0 interface 0 has no altsetting 0
[  280.648577][ T5948] usb 2-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  280.648600][ T5948] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.658979][ T5948] usb 2-1: config 0 descriptor??
[  280.667896][ T8082] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  281.092991][ T5948] hid_parser_main: 122 callbacks suppressed
[  281.093015][ T5948] hid-steam 0003:28DE:1102.000A: unknown main item tag 0x0
[  281.093046][ T5948] hid-steam 0003:28DE:1102.000A: unknown main item tag 0x0
[  281.094990][ T5948] hid-steam 0003:28DE:1102.000A: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.1-1/input0
[  281.186664][ T5948] hid-steam 0003:28DE:1102.000A: Steam Controller 'XXXXXXXXXX' connected
[  281.215654][ T5948] input: Steam Controller as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:28DE:1102.000A/input/input21
[  281.302712][    C1] vkms_vblank_simulate: vblank timer overrun
[  281.435084][ T8099] overlayfs: failed to resolve './file1': -2
[  282.045079][    C1] vkms_vblank_simulate: vblank timer overrun
[  282.088217][ T5948] hid-steam 0003:28DE:1102.000B: unknown main item tag 0x0
[  282.088254][ T5948] hid-steam 0003:28DE:1102.000B: unknown main item tag 0x0
[  282.163195][ T5948] hid-steam 0003:28DE:1102.000B: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.1-1/input0
[  282.344626][ T5948] usb 2-1: USB disconnect, device number 15
[  282.501037][ T8107] fido_id[8107]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  282.802617][ T5948] hid-steam 0003:28DE:1102.000A: Steam Controller 'XXXXXXXXXX' disconnected
[  283.977609][    C1] vkms_vblank_simulate: vblank timer overrun
[  285.115655][ T8139] syzkaller0: entered promiscuous mode
[  285.115682][ T8139] syzkaller0: entered allmulticast mode
[  287.756108][ T5890] usb 6-1: new full-speed USB device number 20 using dummy_hcd
[  287.758417][ T5947] usb 2-1: new full-speed USB device number 16 using dummy_hcd
[  287.911961][ T5890] usb 6-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  287.911996][ T5890] usb 6-1: config 0 interface 0 has no altsetting 0
[  287.912071][ T5890] usb 6-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[  287.912125][ T5890] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.003276][ T5890] usb 6-1: config 0 descriptor??
[  288.004657][ T8174] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  288.047996][ T8182] warning: `syz.4.663' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  289.073439][ T5947] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  289.073475][ T5947] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64
[  289.073517][ T5947] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 20
[  289.108412][ T5947] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  289.108442][ T5947] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  289.108462][ T5947] usb 2-1: SerialNumber: syz
[  289.165799][ T8175] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  289.422524][ T5947] cdc_acm 2-1:1.0: Control and data interfaces are not separated!
[  289.437080][ T5947] cdc_acm 2-1:1.0: ttyACM0: USB ACM device
[  289.518073][ T5947] usb 2-1: USB disconnect, device number 16
[  289.899249][    C0] vkms_vblank_simulate: vblank timer overrun
[  291.936528][ T8196] overlay: Unknown parameter 'pcr'
[  291.940602][ T8198] siw: device registration error -23
[  291.967397][    C0] vkms_vblank_simulate: vblank timer overrun
[  292.347976][ T5890] usbhid 6-1:0.0: can't add hid device: -71
[  292.348094][ T5890] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  292.656184][ T8203] Can't find a SQUASHFS superblock on nullb0
[  292.757222][ T8205] netlink: 156 bytes leftover after parsing attributes in process `syz.0.670'.
[  292.798816][    C0] vkms_vblank_simulate: vblank timer overrun
[  292.804458][ T5890] usb 6-1: USB disconnect, device number 20
[  293.552764][    C0] vkms_vblank_simulate: vblank timer overrun
[  293.651548][    C0] vkms_vblank_simulate: vblank timer overrun
[  293.712833][    C0] vkms_vblank_simulate: vblank timer overrun
[  295.416082][ T5890] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  295.646596][ T8240] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0.
[  296.156081][ T5947] usb 1-1: new full-speed USB device number 21 using dummy_hcd
[  296.308428][ T5890] usb 4-1: config 9 has an invalid interface number: 189 but max is 0
[  296.308457][ T5890] usb 4-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  296.308476][ T5890] usb 4-1: config 9 has no interface number 0
[  296.308525][ T5890] usb 4-1: config 9 interface 189 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 64
[  296.308551][ T5890] usb 4-1: config 9 interface 189 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  296.308573][ T5890] usb 4-1: config 9 interface 189 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 6
[  296.311654][ T5890] usb 4-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=97.e2
[  296.311682][ T5890] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.311702][ T5890] usb 4-1: Product: syz
[  296.311716][ T5890] usb 4-1: Manufacturer: syz
[  296.311730][ T5890] usb 4-1: SerialNumber: syz
[  296.411868][ T5947] usb 1-1: config 4 has an invalid interface number: 88 but max is 0
[  296.411895][ T5947] usb 1-1: config 4 has no interface number 0
[  296.411944][ T5947] usb 1-1: config 4 interface 88 altsetting 119 has an invalid endpoint descriptor of length 2, skipping
[  296.411966][ T5947] usb 1-1: config 4 interface 88 altsetting 119 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  296.411992][ T5947] usb 1-1: config 4 interface 88 has no altsetting 0
[  296.466038][ T5947] usb 1-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=af.e7
[  296.466071][ T5947] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.466101][ T5947] usb 1-1: Product: syz
[  296.466116][ T5947] usb 1-1: Manufacturer: syz
[  296.466130][ T5947] usb 1-1: SerialNumber: syz
[  296.788640][ T8249] overlay: Unknown parameter 'pcr'
[  297.559603][ T5948] usb 1-1: USB disconnect, device number 21
[  298.216204][ T1798] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  298.370169][ T1798] usb 5-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  298.370256][ T1798] usb 5-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  298.370282][ T1798] usb 5-1: config 0 interface 0 has no altsetting 0
[  298.370318][ T1798] usb 5-1: New USB device found, idVendor=04fc, idProduct=05d8, bcdDevice= 0.00
[  298.370340][ T1798] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  298.470457][ T1798] usb 5-1: config 0 descriptor??
[  299.944878][    C0] vkms_vblank_simulate: vblank timer overrun
[  300.009837][ T8256] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  300.011065][ T8256] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  300.064554][ T1798] usbhid 5-1:0.0: can't add hid device: -71
[  300.064843][ T1798] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  300.133839][ T1798] usb 5-1: USB disconnect, device number 12
[  300.191320][ T5890] hub 4-1:9.189: bad descriptor, ignoring hub
[  300.191362][ T5890] hub 4-1:9.189: probe with driver hub failed with error -5
[  300.231162][ T5890] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  300.231657][ T5890] gspca_pac7302: reg_w() failed i: ff v: 01 error -71
[  300.231751][ T5890] gspca_pac7302 4-1:9.189: probe with driver gspca_pac7302 failed with error -71
[  300.288366][ T5890] usb 4-1: USB disconnect, device number 20
[  300.813490][    C0] vkms_vblank_simulate: vblank timer overrun
[  300.963020][ T8294] overlay: Unknown parameter 'pcr'
[  300.964033][    C0] vkms_vblank_simulate: vblank timer overrun
[  301.629412][    C0] vkms_vblank_simulate: vblank timer overrun
[  301.818945][    C0] vkms_vblank_simulate: vblank timer overrun
[  302.017793][ T5887] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  302.021650][ T8298] siw: device registration error -23
[  302.173102][ T5887] usb 2-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e
[  302.173133][ T5887] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.173152][ T5887] usb 2-1: Product: syz
[  302.173166][ T5887] usb 2-1: Manufacturer: syz
[  302.173181][ T5887] usb 2-1: SerialNumber: syz
[  302.211375][ T5887] usb 2-1: config 0 descriptor??
[  302.426035][ T5873] usb 1-1: new full-speed USB device number 22 using dummy_hcd
[  302.432313][ T5887] mos7840 2-1:0.0: required endpoints missing
[  307.806692][ T5873] usb 1-1: unable to get BOS descriptor or descriptor too short
[  307.808377][ T5873] usb 1-1: unable to read config index 0 descriptor/start: -71
[  307.808401][ T5873] usb 1-1: can't read configurations, error -71
[  308.308903][ T1798] usb 2-1: USB disconnect, device number 17
[  308.784502][    C1] vkms_vblank_simulate: vblank timer overrun
[  309.507022][    C1] vkms_vblank_simulate: vblank timer overrun
[  310.132665][    C1] vkms_vblank_simulate: vblank timer overrun
[  311.135960][    C1] vkms_vblank_simulate: vblank timer overrun
[  311.558538][    C1] vkms_vblank_simulate: vblank timer overrun
[  311.660721][ T8347] FAULT_INJECTION: forcing a failure.
[  311.660721][ T8347] name failslab, interval 1, probability 0, space 0, times 0
[  311.660754][ T8347] CPU: 1 UID: 0 PID: 8347 Comm: syz.4.710 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  311.660781][ T8347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  311.660804][ T8347] Call Trace:
[  311.660812][ T8347]  <TASK>
[  311.660821][ T8347]  dump_stack_lvl+0x189/0x250
[  311.660852][ T8347]  ? __pfx____ratelimit+0x10/0x10
[  311.660877][ T8347]  ? __pfx_dump_stack_lvl+0x10/0x10
[  311.660902][ T8347]  ? __pfx__printk+0x10/0x10
[  311.660930][ T8347]  ? __pfx___might_resched+0x10/0x10
[  311.660955][ T8347]  should_fail_ex+0x46c/0x600
[  311.660985][ T8347]  should_failslab+0xa8/0x100
[  311.661012][ T8347]  __kmalloc_noprof+0xcc/0x7d0
[  311.661033][ T8347]  ? kfree+0x51/0x950
[  311.661054][ T8347]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  311.661083][ T8347]  tomoyo_realpath_from_path+0xe3/0x5d0
[  311.661106][ T8347]  ? tomoyo_domain+0xda/0x130
[  311.661134][ T8347]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  311.661161][ T8347]  tomoyo_path_number_perm+0x1e8/0x5a0
[  311.661191][ T8347]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  311.661221][ T8347]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  311.661247][ T8347]  ? lockdep_hardirqs_on+0x9c/0x150
[  311.661304][ T8347]  ? __fget_files+0x2a/0x420
[  311.661333][ T8347]  ? __fget_files+0x3a6/0x420
[  311.661355][ T8347]  ? __fget_files+0x2a/0x420
[  311.661383][ T8347]  security_file_ioctl+0xcb/0x2d0
[  311.661405][ T8347]  __se_sys_ioctl+0x47/0x170
[  311.661429][ T8347]  do_syscall_64+0xfa/0xfa0
[  311.661452][ T8347]  ? lockdep_hardirqs_on+0x9c/0x150
[  311.661475][ T8347]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.661493][ T8347]  ? clear_bhb_loop+0x60/0xb0
[  311.661515][ T8347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.661533][ T8347] RIP: 0033:0x7f5a2737f749
[  311.661549][ T8347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  311.661564][ T8347] RSP: 002b:00007f5a255de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  311.661584][ T8347] RAX: ffffffffffffffda RBX: 00007f5a275d5fa0 RCX: 00007f5a2737f749
[  311.661597][ T8347] RDX: 0000200000000480 RSI: 00000000c0cc5616 RDI: 0000000000000003
[  311.661609][ T8347] RBP: 00007f5a255de090 R08: 0000000000000000 R09: 0000000000000000
[  311.661621][ T8347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  311.661632][ T8347] R13: 00007f5a275d6038 R14: 00007f5a275d5fa0 R15: 00007fff0a133a88
[  311.661665][ T8347]  </TASK>
[  311.661780][ T8347] ERROR: Out of memory at tomoyo_realpath_from_path.
[  313.226716][ T8364] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  313.255194][    C1] vkms_vblank_simulate: vblank timer overrun
[  313.255654][ T5873] lo speed is unknown, defaulting to 1000
[  313.295992][    C1] vkms_vblank_simulate: vblank timer overrun
[  314.026183][ T1798] usb 1-1: new full-speed USB device number 24 using dummy_hcd
[  314.194885][ T1798] usb 1-1: unable to get BOS descriptor or descriptor too short
[  314.225204][ T1798] usb 1-1: not running at top speed; connect to a high speed hub
[  314.266355][ T1798] usb 1-1: config 1 interface 0 altsetting 221 endpoint 0x1 has invalid maxpacket 512, setting to 64
[  314.266400][ T1798] usb 1-1: config 1 interface 0 has no altsetting 0
[  314.592168][ T1798] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  314.592235][ T1798] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  314.592287][ T1798] usb 1-1: Product: ␁
[  314.592301][ T1798] usb 1-1: Manufacturer: Ѕ
[  314.592355][ T1798] usb 1-1: SerialNumber: syz
[  314.775831][ T8358] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  315.024675][ T1798] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 24 if 0 alt 221 proto 1 vid 0x0525 pid 0xA4A8
[  315.047454][ T1798] usb 1-1: USB disconnect, device number 24
[  315.080103][ T1798] usblp0: removed
[  316.100448][ T8387] overlayfs: failed to resolve './file1': -2
[  317.168320][ T1798] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  317.420806][ T1798] usb 2-1: Using ep0 maxpacket: 16
[  317.424283][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  317.459667][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  317.942029][ T1798] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  317.942055][ T1798] usb 2-1: config 0 has no interface number 0
[  317.942133][ T1798] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  317.942158][ T1798] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  317.942196][ T1798] usb 2-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  317.942219][ T1798] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  318.268862][ T1798] usb 2-1: config 0 descriptor??
[  318.398278][ T8411] syzkaller0: entered promiscuous mode
[  318.398315][ T8411] syzkaller0: entered allmulticast mode
[  318.874053][ T1798] uclogic 0003:28BD:0071.000C: pen parameters not found
[  318.874078][ T1798] uclogic 0003:28BD:0071.000C: interface is invalid, ignoring
[  318.905150][ T1798] usb 2-1: USB disconnect, device number 18
[  320.470223][    C0] vkms_vblank_simulate: vblank timer overrun
[  321.253647][    C0] vkms_vblank_simulate: vblank timer overrun
[  321.480372][    C0] vkms_vblank_simulate: vblank timer overrun
[  322.006474][ T5960] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  322.197970][ T5960] usb 6-1: Using ep0 maxpacket: 8
[  322.776875][ T5960] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=95.0d
[  322.776908][ T5960] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  322.776926][ T5960] usb 6-1: Product: syz
[  322.776940][ T5960] usb 6-1: Manufacturer: syz
[  322.776952][ T5960] usb 6-1: SerialNumber: syz
[  322.816131][ T5887] usb 1-1: new full-speed USB device number 25 using dummy_hcd
[  322.854583][ T5960] usb 6-1: config 0 descriptor??
[  323.084429][ T5887] usb 1-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  323.084464][ T5887] usb 1-1: config 0 interface 0 has no altsetting 0
[  323.084549][ T5887] usb 1-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[  323.084572][ T5887] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  323.204093][ T8474] siw: device registration error -23
[  323.971730][    C0] vkms_vblank_simulate: vblank timer overrun
[  324.099366][ T5887] usb 1-1: config 0 descriptor??
[  324.107888][ T8462] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  324.304338][ T5960] usb 6-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  324.316836][ T5960] dvb_usb_af9015 6-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  324.332492][ T5960] usb 6-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  324.332982][ T5960] dvb_usb_af9035 6-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  324.417937][ T5960] usb 6-1: USB disconnect, device number 21
[  324.845319][    C0] vkms_vblank_simulate: vblank timer overrun
[  324.974543][ T8492] overlayfs: failed to resolve './file1': -2
[  325.177975][    C0] vkms_vblank_simulate: vblank timer overrun
[  326.078375][    C0] vkms_vblank_simulate: vblank timer overrun
[  326.198380][    C0] vkms_vblank_simulate: vblank timer overrun
[  326.561071][ T8502] binder: 8499:8502 ioctl c0306201 0 returned -14
[  326.655019][ T5887] usbhid 1-1:0.0: can't add hid device: -71
[  326.655235][ T5887] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  326.685211][ T5887] usb 1-1: USB disconnect, device number 25
[  326.798391][ T8507] netlink: 'syz.5.758': attribute type 12 has an invalid length.
[  326.798415][ T8507] netlink: 'syz.5.758': attribute type 29 has an invalid length.
[  326.798429][ T8507] netlink: 148 bytes leftover after parsing attributes in process `syz.5.758'.
[  326.798454][ T8507] netlink: 'syz.5.758': attribute type 2 has an invalid length.
[  326.798466][ T8507] netlink: 'syz.5.758': attribute type 3 has an invalid length.
[  326.980391][ T8510] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  327.098330][ T5890] usb 6-1: new full-speed USB device number 22 using dummy_hcd
[  327.098819][ T5873] usb 5-1: new full-speed USB device number 13 using dummy_hcd
[  327.226055][ T5948] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  327.249774][ T5890] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  327.249802][ T5890] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  327.249816][ T5890] usb 6-1: config 0 interface 0 has no altsetting 0
[  327.249842][ T5890] usb 6-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  327.249854][ T5890] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  327.254154][ T5890] usb 6-1: config 0 descriptor??
[  327.255771][ T8507] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  327.287006][ T8519] misc userio: Invalid payload size
[  327.298911][ T8519] misc userio: Invalid payload size
[  327.299170][ T8519] misc userio: The device must be registered before sending interrupts
[  327.299308][ T8519] misc userio: Invalid payload size
[  327.314940][ T5873] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  327.314975][ T5873] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64
[  327.315000][ T5873] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 20
[  327.327373][ T5873] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  327.327402][ T5873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  327.327420][ T5873] usb 5-1: SerialNumber: syz
[  327.410826][ T8506] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  327.456002][ T5948] usb 1-1: Using ep0 maxpacket: 32
[  327.461783][ T5948] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  327.461807][ T5948] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  327.461826][ T5948] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  327.462850][ T5948] usb 1-1: language id specifier not provided by device, defaulting to English
[  327.496030][ T5948] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  327.496056][ T5948] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.496074][ T5948] usb 1-1: Product: 謦᝴䖖ᱵ㯍겶趈쩙㫹署ࣿ墴㫜鋯ᵞ⯲킕ࡒ蝉煖⯯蕏ኢ姙郄鞴䅼緙㩺ோ퐙콘峌瑝喺쉝ḕ崇
[  327.496093][ T5948] usb 1-1: Manufacturer: Щ
[  327.507449][ T5948] usb 1-1: SerialNumber: ᓗӯ㔶죹銉꿭맏黹ꗾ견騉째⏀뻞╧擎ꇆ㰱嶉ؾሪ坏崹⽒ཪ핾㻣娈ಈ壐쥛靿魉괌鍇攆䕯쵲ὠ纞썇\᱓붞깻㞑ᖅ홄瞬ꊍ㑶鮂钞玈㈸⑳ή㣰䠖뗹诂睃㫄䃲쾳瑟攁㌆郕ෲ䓼棴а謖绯镉僻︌㭧芕㝐
[  327.641414][ T5873] cdc_acm 5-1:1.0: Control and data interfaces are not separated!
[  327.656356][ T8522] netlink: 'syz.1.764': attribute type 10 has an invalid length.
[  327.688055][ T5873] cdc_acm 5-1:1.0: ttyACM0: USB ACM device
[  327.722832][ T8522] team_slave_0: left promiscuous mode
[  327.722962][ T8522] team_slave_1: left promiscuous mode
[  327.744449][ T5890] hid-steam 0003:28DE:1102.000D: unknown main item tag 0x0
[  327.744493][ T5890] hid-steam 0003:28DE:1102.000D: unknown main item tag 0x0
[  327.745546][ T5890] hid-steam 0003:28DE:1102.000D: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.5-1/input0
[  327.772998][ T5873] usb 5-1: USB disconnect, device number 13
[  327.796241][ T5890] hid-steam 0003:28DE:1102.000D: Steam Controller 'XXXXXXXXXX' connected
[  327.828705][ T5890] input: Steam Controller as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:28DE:1102.000D/input/input22
[  327.902233][ T5948] usb 1-1: 0:2 : does not exist
[  328.015344][ T5890] hid-steam 0003:28DE:1102.000E: unknown main item tag 0x0
[  328.015377][ T5890] hid-steam 0003:28DE:1102.000E: unknown main item tag 0x0
[  328.047870][ T5890] hid-steam 0003:28DE:1102.000E: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.5-1/input0
[  328.089537][ T5948] usb 1-1: USB disconnect, device number 26
[  328.156108][ T5890] usb 6-1: USB disconnect, device number 22
[  328.252263][ T6901] udevd[6901]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  328.459307][ T8531] veth1_to_bond: entered allmulticast mode
[  328.461536][ T8531] 9pnet_fd: Insufficient options for proto=fd
[  328.500190][ T8530] veth1_to_bond: left allmulticast mode
[  328.576617][ T5890] hid-steam 0003:28DE:1102.000D: Steam Controller 'XXXXXXXXXX' disconnected
[  328.910294][ T8542] netlink: 88 bytes leftover after parsing attributes in process `syz.3.771'.
[  328.930160][ T8542] binder: 8539:8542 ioctl 4018620d 0 returned -22
[  329.157005][ T8549] overlay: Unknown parameter 'pcr'
[  329.221412][ T5807] Bluetooth: hci0: unexpected event for opcode 0x1407
[  329.547191][ T1798] usb 6-1: new full-speed USB device number 23 using dummy_hcd
[  330.013745][ T1798] usb 6-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  330.013781][ T1798] usb 6-1: config 0 interface 0 has no altsetting 0
[  330.013815][ T1798] usb 6-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[  330.013836][ T1798] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.356908][ T1798] usb 6-1: config 0 descriptor??
[  330.463170][    C0] vkms_vblank_simulate: vblank timer overrun
[  330.468883][ T8544] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  330.766850][    C0] vkms_vblank_simulate: vblank timer overrun
[  331.168007][    C0] vkms_vblank_simulate: vblank timer overrun
[  331.739209][    C0] vkms_vblank_simulate: vblank timer overrun
[  332.065787][    C0] vkms_vblank_simulate: vblank timer overrun
[  332.246691][    C0] vkms_vblank_simulate: vblank timer overrun
[  332.581860][ T8572] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  332.646088][ T1798] usbhid 6-1:0.0: can't add hid device: -71
[  332.646221][ T1798] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  333.063271][ T1798] usb 6-1: USB disconnect, device number 23
[  333.096043][ T5890] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  333.246115][ T5890] usb 5-1: Using ep0 maxpacket: 32
[  333.250812][    C0] vkms_vblank_simulate: vblank timer overrun
[  333.344773][ T5890] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  333.344802][ T5890] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  333.344821][ T5890] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  333.345134][    C0] vkms_vblank_simulate: vblank timer overrun
[  333.346962][ T5890] usb 5-1: language id specifier not provided by device, defaulting to English
[  333.352236][ T5890] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  333.352265][ T5890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  333.352284][ T5890] usb 5-1: Product: 謦᝴䖖ᱵ㯍겶趈쩙㫹署ࣿ墴㫜鋯ᵞ⯲킕ࡒ蝉煖⯯蕏ኢ姙郄鞴䅼緙㩺ோ퐙콘峌瑝喺쉝ḕ崇
[  333.352304][ T5890] usb 5-1: Manufacturer: Щ
[  333.352318][ T5890] usb 5-1: SerialNumber: ᓗӯ㔶죹銉꿭맏黹ꗾ견騉째⏀뻞╧擎ꇆ㰱嶉ؾሪ坏崹⽒ཪ핾㻣娈ಈ壐쥛靿魉괌鍇攆䕯쵲ὠ纞썇\᱓붞깻㞑ᖅ홄瞬ꊍ㑶鮂钞玈㈸⑳ή㣰䠖뗹诂睃㫄䃲쾳瑟攁㌆郕ෲ䓼棴а謖绯镉僻︌㭧芕㝐
[  333.354586][ T8578] siw: device registration error -23
[  333.479166][    C0] vkms_vblank_simulate: vblank timer overrun
[  333.723645][ T5890] usb 5-1: 0:2 : does not exist
[  333.856852][    C0] vkms_vblank_simulate: vblank timer overrun
[  334.291817][ T5890] usb 5-1: USB disconnect, device number 14
[  334.738809][    C0] vkms_vblank_simulate: vblank timer overrun
[  334.789787][    C0] vkms_vblank_simulate: vblank timer overrun
[  334.837254][    C0] vkms_vblank_simulate: vblank timer overrun
[  335.085566][ T8600] syzkaller0: entered promiscuous mode
[  335.085591][ T8600] syzkaller0: entered allmulticast mode
[  335.256492][ T6916] udevd[6916]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  335.332644][ T8607] siw: device registration error -23
[  336.093199][    C0] vkms_vblank_simulate: vblank timer overrun
[  336.225760][   T37] audit: type=1800 audit(5288251253.535:37): pid=8612 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.791" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  336.265489][ T8615] FAULT_INJECTION: forcing a failure.
[  336.265489][ T8615] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  336.265524][ T8615] CPU: 1 UID: 0 PID: 8615 Comm: syz.0.793 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  336.265546][ T8615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  336.265557][ T8615] Call Trace:
[  336.265564][ T8615]  <TASK>
[  336.265571][ T8615]  dump_stack_lvl+0x189/0x250
[  336.265601][ T8615]  ? __pfx____ratelimit+0x10/0x10
[  336.265626][ T8615]  ? __pfx_dump_stack_lvl+0x10/0x10
[  336.265651][ T8615]  ? __pfx__printk+0x10/0x10
[  336.265673][ T8615]  ? __might_fault+0xb0/0x130
[  336.265709][ T8615]  should_fail_ex+0x46c/0x600
[  336.265739][ T8615]  _copy_to_iter+0x1de/0x1790
[  336.265757][ T8615]  ? do_raw_spin_lock+0x121/0x290
[  336.265789][ T8615]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  336.265814][ T8615]  ? __pfx__copy_to_iter+0x10/0x10
[  336.265840][ T8615]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  336.265867][ T8615]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  336.265896][ T8615]  ? page_copy_sane+0x4e/0x280
[  336.265915][ T8615]  copy_page_to_iter+0x10c/0x1c0
[  336.265937][ T8615]  anon_pipe_read+0x4d7/0x1040
[  336.265960][ T8615]  ? __lock_acquire+0xab9/0xd20
[  336.266010][ T8615]  ? __pfx_anon_pipe_read+0x10/0x10
[  336.266037][ T8615]  ? __pfx_autoremove_wake_function+0x10/0x10
[  336.266075][ T8615]  vfs_read+0x563/0xa30
[  336.266106][ T8615]  ? __pfx_vfs_read+0x10/0x10
[  336.266139][ T8615]  ? __fget_files+0x2a/0x420
[  336.266174][ T8615]  ksys_read+0x14b/0x260
[  336.266197][ T8615]  ? __pfx_ksys_read+0x10/0x10
[  336.266222][ T8615]  ? do_syscall_64+0xbe/0xfa0
[  336.266251][ T8615]  do_syscall_64+0xfa/0xfa0
[  336.266273][ T8615]  ? lockdep_hardirqs_on+0x9c/0x150
[  336.266296][ T8615]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.266314][ T8615]  ? clear_bhb_loop+0x60/0xb0
[  336.266337][ T8615]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.266354][ T8615] RIP: 0033:0x7f8c5e38f749
[  336.266370][ T8615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  336.266385][ T8615] RSP: 002b:00007f8c5c5ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  336.266405][ T8615] RAX: ffffffffffffffda RBX: 00007f8c5e5e5fa0 RCX: 00007f8c5e38f749
[  336.266418][ T8615] RDX: 0000000000002020 RSI: 0000200000002200 RDI: 0000000000000005
[  336.266430][ T8615] RBP: 00007f8c5c5ee090 R08: 0000000000000000 R09: 0000000000000000
[  336.266441][ T8615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  336.266453][ T8615] R13: 00007f8c5e5e6038 R14: 00007f8c5e5e5fa0 R15: 00007ffe8652e228
[  336.266485][ T8615]  </TASK>
[  336.690387][ T8617] mmap: syz.5.791 (8617) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  336.951228][ T8621] siw: device registration error -23
[  338.018966][ T8641] overlay: Unknown parameter 'pcr'
[  339.176034][    C0] vkms_vblank_simulate: vblank timer overrun
[  340.301480][ T8659] siw: device registration error -23
[  341.139668][    C0] vkms_vblank_simulate: vblank timer overrun
[  341.349888][ T8665] netlink: 65039 bytes leftover after parsing attributes in process `syz.3.807'.
[  342.409319][    C0] vkms_vblank_simulate: vblank timer overrun
[  342.904698][    C0] vkms_vblank_simulate: vblank timer overrun
[  343.373976][    C0] vkms_vblank_simulate: vblank timer overrun
[  343.475251][ T8691] overlay: Unknown parameter 'pcr'
[  343.968010][    C0] vkms_vblank_simulate: vblank timer overrun
[  343.968165][ T5873] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  344.250374][    C0] vkms_vblank_simulate: vblank timer overrun
[  344.376473][ T5873] usb 2-1: Using ep0 maxpacket: 32
[  344.845906][    C0] vkms_vblank_simulate: vblank timer overrun
[  344.853992][ T5873] usb 2-1: config 0 has an invalid interface number: 133 but max is 0
[  344.854018][ T5873] usb 2-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  344.854037][ T5873] usb 2-1: config 0 has no interface number 0
[  344.854085][ T5873] usb 2-1: config 0 interface 133 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  344.854105][ T5873] usb 2-1: config 0 interface 133 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  344.854127][ T5873] usb 2-1: config 0 interface 133 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  344.854151][ T5873] usb 2-1: config 0 interface 133 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  344.854175][ T5873] usb 2-1: config 0 interface 133 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  344.947740][ T5873] usb 2-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=71.1e
[  344.947770][ T5873] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.947790][ T5873] usb 2-1: Product: syz
[  344.947803][ T5873] usb 2-1: Manufacturer: syz
[  344.947817][ T5873] usb 2-1: SerialNumber: syz
[  344.953776][ T5873] usb 2-1: config 0 descriptor??
[  344.954556][ T8690] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  344.954674][ T8690] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  345.330141][ T5873] usb 2-1: probing VID:PID(0424:012C)   
[  345.345614][ T5873] usb 2-1: vub300 testing BULK OUT EndPoint(0) 0B
[  345.345638][ T5873] usb 2-1: vub300 testing UNKNOWN EndPoint(1) 8F
[  345.345657][ T5873] usb 2-1: vub300 ignoring EndPoint(1) 8F
[  345.345676][ T5873] usb 2-1: Could not find two sets of bulk-in/out endpoint pairs
[  345.345772][ T5873] vub300 2-1:0.133: probe with driver vub300 failed with error -22
[  345.394475][ T5873] usb 2-1: USB disconnect, device number 19
[  345.437824][ T8712] netlink: 172 bytes leftover after parsing attributes in process `syz.3.822'.
[  345.437862][ T8712] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  346.839164][    C0] vkms_vblank_simulate: vblank timer overrun
[  347.003835][    C0] vkms_vblank_simulate: vblank timer overrun
[  347.700609][    C0] vkms_vblank_simulate: vblank timer overrun
[  348.062639][ T8763] syz.5.837 uses obsolete (PF_INET,SOCK_PACKET)
[  348.286970][ T8758] syzkaller0: entered promiscuous mode
[  348.286995][ T8758] syzkaller0: entered allmulticast mode
[  350.254812][   T37] audit: type=1800 audit(5286154114.610:38): pid=8792 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.844" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  351.495217][ T8808] siw: device registration error -23
[  378.694602][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  378.694691][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  397.442855][   T37] audit: type=1800 audit(5286154161.800:39): pid=8830 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.856" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  397.523331][ T8831] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  397.826787][ T1798] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  398.485977][ T1798] usb 5-1: Using ep0 maxpacket: 32
[  398.490028][ T1798] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  398.490062][ T1798] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  398.490081][ T1798] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  398.490861][ T1798] usb 5-1: language id specifier not provided by device, defaulting to English
[  398.493134][ T1798] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  398.493168][ T1798] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.493188][ T1798] usb 5-1: Product: 謦᝴䖖ᱵ㯍겶趈쩙㫹署ࣿ墴㫜鋯ᵞ⯲킕ࡒ蝉煖⯯蕏ኢ姙郄鞴䅼緙㩺ோ퐙콘峌瑝喺쉝ḕ崇
[  398.493209][ T1798] usb 5-1: Manufacturer: Щ
[  398.493222][ T1798] usb 5-1: SerialNumber: ᓗӯ㔶죹銉꿭맏黹ꗾ견騉째⏀뻞╧擎ꇆ㰱嶉ؾሪ坏崹⽒ཪ핾㻣娈ಈ壐쥛靿魉괌鍇攆䕯쵲ὠ纞썇\᱓붞깻㞑ᖅ홄瞬ꊍ㑶鮂钞玈㈸⑳ή㣰䠖뗹诂睃㫄䃲쾳瑟攁㌆郕ෲ䓼棴а謖绯镉僻︌㭧芕㝐
[  398.906323][ T1798] usb 5-1: 0:2 : does not exist
[  398.977455][ T1798] usb 5-1: USB disconnect, device number 15
[  399.025986][ T5948] usb 6-1: new full-speed USB device number 24 using dummy_hcd
[  399.074885][ T8844] udevd[8844]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  399.086109][    T9] usb 1-1: new full-speed USB device number 27 using dummy_hcd
[  399.224661][ T5948] usb 6-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  399.224683][ T5948] usb 6-1: config 0 interface 0 has no altsetting 0
[  399.224702][ T5948] usb 6-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[  399.224715][ T5948] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  399.263890][ T5948] usb 6-1: config 0 descriptor??
[  399.267056][ T8833] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  399.279203][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  399.279289][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64
[  399.279315][    T9] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 20
[  399.284977][    T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  399.285054][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  399.285073][    T9] usb 1-1: SerialNumber: syz
[  399.333342][ T8851] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  399.616823][    T9] cdc_acm 1-1:1.0: Control and data interfaces are not separated!
[  399.765446][    T9] cdc_acm 1-1:1.0: ttyACM0: USB ACM device
[  399.905339][    T9] usb 1-1: USB disconnect, device number 27
[  401.493092][ T5948] usbhid 6-1:0.0: can't add hid device: -71
[  401.493173][ T5948] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  401.505340][ T5948] usb 6-1: USB disconnect, device number 24
[  403.363995][ T8886] netlink: 'syz.5.872': attribute type 3 has an invalid length.
[  403.474387][ T8886] bridge0: port 2(bridge_slave_1) entered disabled state
[  403.500111][ T8886] bridge0: port 1(bridge_slave_0) entered disabled state
[  404.266204][    C0] vkms_vblank_simulate: vblank timer overrun
[  404.319930][    C0] vkms_vblank_simulate: vblank timer overrun
[  405.041989][    C0] vkms_vblank_simulate: vblank timer overrun
[  405.976068][    T9] usb 1-1: new full-speed USB device number 28 using dummy_hcd
[  406.133331][    T9] usb 1-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  406.133367][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[  406.133400][    T9] usb 1-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[  406.133423][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.176326][    T9] usb 1-1: config 0 descriptor??
[  406.180740][ T8909] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  407.132594][    C0] vkms_vblank_simulate: vblank timer overrun
[  407.248272][    C0] vkms_vblank_simulate: vblank timer overrun
[  407.330190][ T8933] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0.
[  408.027312][    C0] vkms_vblank_simulate: vblank timer overrun
[  408.272377][    T9] usbhid 1-1:0.0: can't add hid device: -71
[  408.272639][    T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  408.356073][    T9] usb 1-1: USB disconnect, device number 28
[  408.624915][    C0] vkms_vblank_simulate: vblank timer overrun
[  409.064354][ T8945] misc userio: Invalid payload size
[  409.070228][ T8945] misc userio: Invalid payload size
[  409.070356][ T8945] misc userio: The device must be registered before sending interrupts
[  409.070510][ T8945] misc userio: Invalid payload size
[  409.185929][    C0] vkms_vblank_simulate: vblank timer overrun
[  409.283154][ T8950] netlink: 256 bytes leftover after parsing attributes in process `syz.4.888'.
[  409.837611][    C0] vkms_vblank_simulate: vblank timer overrun
[  409.993970][ T8959] siw: device registration error -23
[  410.009888][    C0] vkms_vblank_simulate: vblank timer overrun
[  411.096307][ T5890] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  412.149111][ T8966] binder: 8962:8966 ioctl c0306201 2000000004c0 returned -22
[  412.193630][ T5890] usb 4-1: Using ep0 maxpacket: 8
[  412.609402][    T9] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  412.833274][    T9] usb 1-1: config 1 has an invalid interface number: 7 but max is 0
[  412.833300][    T9] usb 1-1: config 1 has no interface number 0
[  412.833345][    T9] usb 1-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  412.833370][    T9] usb 1-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  412.833395][    T9] usb 1-1: config 1 interface 7 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  413.192839][    C1] vkms_vblank_simulate: vblank timer overrun
[  413.217897][ T8977] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0.
[  413.243017][    C1] vkms_vblank_simulate: vblank timer overrun
[  413.861060][    C1] vkms_vblank_simulate: vblank timer overrun
[  414.361821][    C1] vkms_vblank_simulate: vblank timer overrun
[  414.407977][ T5890] usb 4-1: device descriptor read/all, error -71
[  414.632337][    C1] vkms_vblank_simulate: vblank timer overrun
[  414.733517][    T9] usb 1-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  414.733548][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.733567][    T9] usb 1-1: Product: syz
[  414.787956][    T9] usb 1-1: can't set config #1, error -71
[  414.795634][    T9] usb 1-1: USB disconnect, device number 29
[  415.067963][ T8983] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  415.306044][ T5887] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  415.553127][ T5887] usb 6-1: Using ep0 maxpacket: 32
[  415.707867][ T5887] usb 6-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  415.707893][ T5887] usb 6-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  415.707913][ T5887] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  415.708741][ T5887] usb 6-1: language id specifier not provided by device, defaulting to English
[  415.711105][ T5887] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  415.711131][ T5887] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  415.711150][ T5887] usb 6-1: Product: 謦᝴䖖ᱵ㯍겶趈쩙㫹署ࣿ墴㫜鋯ᵞ⯲킕ࡒ蝉煖⯯蕏ኢ姙郄鞴䅼緙㩺ோ퐙콘峌瑝喺쉝ḕ崇
[  415.711170][ T5887] usb 6-1: Manufacturer: Щ
[  415.711184][ T5887] usb 6-1: SerialNumber: ᓗӯ㔶죹銉꿭맏黹ꗾ견騉째⏀뻞╧擎ꇆ㰱嶉ؾሪ坏崹⽒ཪ핾㻣娈ಈ壐쥛靿魉괌鍇攆䕯쵲ὠ纞썇\᱓붞깻㞑ᖅ홄瞬ꊍ㑶鮂钞玈㈸⑳ή㣰䠖뗹诂睃㫄䃲쾳瑟攁㌆郕ෲ䓼棴а謖绯镉僻︌㭧芕㝐
[  416.036479][ T5887] usb 6-1: 0:2 : does not exist
[  416.153264][ T5887] usb 6-1: USB disconnect, device number 25
[  416.276875][ T8844] udevd[8844]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  416.736243][ T5890] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  416.896103][ T5890] usb 1-1: Using ep0 maxpacket: 8
[  416.913467][ T5890] usb 1-1: config 0 interface 0 altsetting 108 endpoint 0x81 has invalid wMaxPacketSize 0
[  416.913496][ T5890] usb 1-1: config 0 interface 0 altsetting 108 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  416.913523][ T5890] usb 1-1: config 0 interface 0 has no altsetting 0
[  416.913555][ T5890] usb 1-1: New USB device found, idVendor=04b4, idProduct=0001, bcdDevice= 0.00
[  416.913577][ T5890] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.940035][ T5890] usb 1-1: config 0 descriptor??
[  417.389807][    C1] vkms_vblank_simulate: vblank timer overrun
[  418.001338][    C1] vkms_vblank_simulate: vblank timer overrun
[  418.003422][ T9018] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0.
[  418.031810][ T9021] overlay: Unknown parameter 'pcr'
[  418.157340][    C1] vkms_vblank_simulate: vblank timer overrun
[  418.228124][    C1] vkms_vblank_simulate: vblank timer overrun
[  418.382338][    C1] vkms_vblank_simulate: vblank timer overrun
[  418.593718][ T5890] cypress 0003:04B4:0001.000F: unknown main item tag 0x2
[  418.593755][ T5890] cypress 0003:04B4:0001.000F: item fetching failed at offset 8/164
[  418.594572][ T5890] cypress 0003:04B4:0001.000F: parse failed
[  418.594643][ T5890] cypress 0003:04B4:0001.000F: probe with driver cypress failed with error -22
[  419.173885][ T9032] netlink: 26 bytes leftover after parsing attributes in process `syz.0.910'.
[  420.591190][    C1] vkms_vblank_simulate: vblank timer overrun
[  421.179434][ T5960] usb 1-1: USB disconnect, device number 30
[  421.212391][   T37] audit: type=1326 audit(5286154185.570:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9038 comm="syz.1.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43ec35f749 code=0x7ffc0000
[  421.212802][   T37] audit: type=1326 audit(5286154185.570:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9038 comm="syz.1.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43ec35f749 code=0x7ffc0000
[  421.212842][   T37] audit: type=1326 audit(5286154185.570:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9038 comm="syz.1.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43ec35f749 code=0x7ffc0000
[  421.213899][   T37] audit: type=1326 audit(5286154185.570:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9038 comm="syz.1.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43ec35f749 code=0x7ffc0000
[  421.218679][   T37] audit: type=1326 audit(5286154185.580:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9038 comm="syz.1.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=446 compat=0 ip=0x7f43ec35f749 code=0x7ffc0000
[  421.218726][   T37] audit: type=1326 audit(5286154185.580:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9038 comm="syz.1.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43ec35f749 code=0x7ffc0000
[  421.218763][   T37] audit: type=1326 audit(5286154185.580:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9038 comm="syz.1.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43ec35f749 code=0x7ffc0000
[  421.218802][   T37] audit: type=1326 audit(5286154185.580:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9038 comm="syz.1.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43ec35f749 code=0x7ffc0000
[  421.229741][   T37] audit: type=1326 audit(5286154185.590:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9038 comm="syz.1.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f43ec35f749 code=0x7ffc0000
[  421.229790][   T37] audit: type=1326 audit(5286154185.590:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9038 comm="syz.1.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f43ec35f749 code=0x7ffc0000
[  421.486118][    T9] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[  421.659902][    T9] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  421.664006][    T9] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  421.664042][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  421.664079][    T9] usb 5-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  421.664100][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  421.794399][    T9] usb 5-1: config 0 descriptor??
[  421.795197][ T9040] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  421.883230][ T9057] FAULT_INJECTION: forcing a failure.
[  421.883230][ T9057] name failslab, interval 1, probability 0, space 0, times 0
[  421.883267][ T9057] CPU: 1 UID: 0 PID: 9057 Comm: syz.5.923 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  421.883288][ T9057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  421.883299][ T9057] Call Trace:
[  421.883307][ T9057]  <TASK>
[  421.883316][ T9057]  dump_stack_lvl+0x189/0x250
[  421.883352][ T9057]  ? __pfx____ratelimit+0x10/0x10
[  421.883376][ T9057]  ? __pfx_dump_stack_lvl+0x10/0x10
[  421.883402][ T9057]  ? __pfx__printk+0x10/0x10
[  421.883430][ T9057]  ? __pfx___might_resched+0x10/0x10
[  421.883455][ T9057]  should_fail_ex+0x46c/0x600
[  421.883485][ T9057]  should_failslab+0xa8/0x100
[  421.883512][ T9057]  __kmalloc_noprof+0xcc/0x7d0
[  421.883534][ T9057]  ? kfree+0x51/0x950
[  421.883551][ T9057]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  421.883577][ T9057]  tomoyo_realpath_from_path+0xe3/0x5d0
[  421.883599][ T9057]  ? tomoyo_domain+0xda/0x130
[  421.883625][ T9057]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  421.883653][ T9057]  tomoyo_path_number_perm+0x1e8/0x5a0
[  421.883683][ T9057]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  421.883714][ T9057]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  421.883740][ T9057]  ? lockdep_hardirqs_on+0x9c/0x150
[  421.883797][ T9057]  ? __fget_files+0x2a/0x420
[  421.883825][ T9057]  ? __fget_files+0x3a6/0x420
[  421.883847][ T9057]  ? __fget_files+0x2a/0x420
[  421.883875][ T9057]  security_file_ioctl+0xcb/0x2d0
[  421.883897][ T9057]  __se_sys_ioctl+0x47/0x170
[  421.883921][ T9057]  do_syscall_64+0xfa/0xfa0
[  421.883943][ T9057]  ? lockdep_hardirqs_on+0x9c/0x150
[  421.883967][ T9057]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.883985][ T9057]  ? clear_bhb_loop+0x60/0xb0
[  421.884007][ T9057]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.884024][ T9057] RIP: 0033:0x7f74e2f2f749
[  421.884041][ T9057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  421.884056][ T9057] RSP: 002b:00007f74e1196038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  421.884077][ T9057] RAX: ffffffffffffffda RBX: 00007f74e3185fa0 RCX: 00007f74e2f2f749
[  421.884090][ T9057] RDX: 00002000000002c0 RSI: 000000008008af26 RDI: 0000000000000003
[  421.884102][ T9057] RBP: 00007f74e1196090 R08: 0000000000000000 R09: 0000000000000000
[  421.884113][ T9057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  421.884124][ T9057] R13: 00007f74e3186038 R14: 00007f74e3185fa0 R15: 00007ffdfc5956d8
[  421.884158][ T9057]  </TASK>
[  421.902457][ T9057] ERROR: Out of memory at tomoyo_realpath_from_path.
[  422.623830][    T9] hid-steam 0003:28DE:1102.0010: unknown main item tag 0x0
[  422.623869][    T9] hid-steam 0003:28DE:1102.0010: unknown main item tag 0x0
[  422.625073][    T9] hid-steam 0003:28DE:1102.0010: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.4-1/input0
[  422.675994][    T9] hid-steam 0003:28DE:1102.0010: Steam Controller 'XXXXXXXXXX' connected
[  422.679965][    T9] input: Steam Controller as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:28DE:1102.0010/input/input24
[  422.741240][    T9] hid-steam 0003:28DE:1102.0011: unknown main item tag 0x0
[  422.741277][    T9] hid-steam 0003:28DE:1102.0011: unknown main item tag 0x0
[  422.816114][    T9] hid-steam 0003:28DE:1102.0011: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.4-1/input0
[  422.864817][ T9071] netlink: 20 bytes leftover after parsing attributes in process `syz.0.930'.
[  423.103138][ T9075] 9pnet_virtio: no channels available for device syz
[  423.313895][ T9079] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  423.412492][ T5890] usb 5-1: USB disconnect, device number 16
[  423.565408][ T9088] 9pnet_virtio: no channels available for device syz
[  423.648721][ T5890] hid-steam 0003:28DE:1102.0010: Steam Controller 'XXXXXXXXXX' disconnected
[  424.227098][ T9101] binder: 9098:9101 ioctl c0306201 200000000440 returned -14
[  426.018190][ T9130] syzkaller0: entered promiscuous mode
[  426.018217][ T9130] syzkaller0: entered allmulticast mode
[  426.402082][ T9138] netlink: 'syz.3.955': attribute type 1 has an invalid length.
[  426.484727][ T9141] binder: 9140:9141 unknown command 0
[  426.484747][ T9141] binder: 9140:9141 ioctl c0306201 200000000080 returned -22
[  426.644217][ T9138] 8021q: adding VLAN 0 to HW filter on device bond1
[  426.646278][ T9139] bond1: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  426.719314][ T9139] bond1: entered allmulticast mode
[  426.842965][ T9142] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  427.019952][ T9157] netlink: 4 bytes leftover after parsing attributes in process `syz.4.963'.
[  427.227987][ T9164] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes
[  427.674289][ T9168] "syz.5.967" (9168) uses obsolete ecb(arc4) skcipher
[  427.929168][ T9187] tmpfs: Unsupported parameter 'huge'
[  428.196060][ T5960] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  428.335764][ T9202] netlink: 8 bytes leftover after parsing attributes in process `syz.3.981'.
[  428.348161][ T5960] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  428.348187][ T5960] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  428.348203][ T5960] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  428.348244][ T5960] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  428.348264][ T5960] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  428.350419][ T5960] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  428.350438][ T5960] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  428.350448][ T5960] usb 5-1: Product: syz
[  428.350455][ T5960] usb 5-1: Manufacturer: syz
[  428.394452][ T5960] cdc_wdm 5-1:1.0: skipping garbage
[  428.394472][ T5960] cdc_wdm 5-1:1.0: skipping garbage
[  428.436245][ T5960] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  428.436283][ T5960] cdc_wdm 5-1:1.0: Unknown control protocol
[  428.584604][ T5807] Bluetooth: hci3: unexpected event for opcode 0x0413
[  429.026185][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  429.905086][ T9236] tmpfs: Unsupported parameter 'huge'
[  429.950562][    C1] vkms_vblank_simulate: vblank timer overrun
[  430.271212][    C1] vkms_vblank_simulate: vblank timer overrun
[  431.061216][    T9] usb 5-1: USB disconnect, device number 17
[  431.328749][ T9252] syzkaller0: entered promiscuous mode
[  431.328774][ T9252] syzkaller0: entered allmulticast mode
[  431.454788][ T9263] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1002'.
[  431.454811][ T9263] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1002'.
[  431.454836][ T9263] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1002'.
[  431.454966][ T9263] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1002'.
[  431.601888][    C1] vkms_vblank_simulate: vblank timer overrun
[  432.507650][ T9277] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  433.233360][ T9300] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  433.698012][ T9313] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  434.306344][ T5960] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  434.466044][ T5960] usb 2-1: Using ep0 maxpacket: 32
[  434.468489][ T5960] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[  434.468515][ T5960] usb 2-1: config 0 has no interface number 0
[  434.468563][ T5960] usb 2-1: config 0 interface 12 has no altsetting 0
[  434.473370][ T5960] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  434.473397][ T5960] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  434.473416][ T5960] usb 2-1: Product: syz
[  434.473429][ T5960] usb 2-1: Manufacturer: syz
[  434.473442][ T5960] usb 2-1: SerialNumber: syz
[  434.486672][ T5960] usb 2-1: config 0 descriptor??
[  434.491558][ T5960] f81534 2-1:0.12: required endpoints missing
[  434.526333][ T9344] binder: 9343:9344 ioctl c0306201 2000000001c0 returned -14
[  434.756113][ T5890] usb 2-1: USB disconnect, device number 20
[  434.867711][ T9352] evm: overlay not supported
[  435.891771][ T9366] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  435.985019][ T9365] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  436.884508][ T9365] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  437.369568][ T9365] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  437.723612][ T9365] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  437.973411][ T9424] random: crng reseeded on system resumption
[  438.022449][ T9424] binder: 9423:9424 ioctl c0306201 200000000640 returned -22
[  438.530560][ T6886] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  438.566683][ T9443] overlayfs: failed to resolve './file0': -2
[  438.689818][ T6886] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  438.755231][   T13] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  438.755279][   T13] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  439.080834][ T9465] syzkaller1: entered promiscuous mode
[  439.080860][ T9465] syzkaller1: entered allmulticast mode
[  439.251857][ T9474] overlayfs: failed to resolve './file0': -2
[  439.636611][ T9486] binder: 9484:9486 unknown command 0
[  439.636631][ T9486] binder: 9484:9486 ioctl c0306201 200000000080 returned -22
[  439.875734][ T9499] overlayfs: failed to resolve './file0': -2
[  440.131745][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  440.131814][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  440.286016][ T5947] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  440.448776][ T5947] usb 6-1: config index 0 descriptor too short (expected 23569, got 27)
[  440.449050][ T5947] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  440.453969][ T5947] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  440.453999][ T5947] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  440.454018][ T5947] usb 6-1: Manufacturer: syz
[  440.508215][ T5947] usb 6-1: config 0 descriptor??
[  440.636141][ T5947] rc_core: IR keymap rc-hauppauge not found
[  440.636162][ T5947] Registered IR keymap rc-empty
[  440.640813][ T5947] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[  440.643300][ T5947] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input25
[  440.761846][ T5890] usb 6-1: USB disconnect, device number 26
[  441.042216][ T9537] overlayfs: failed to resolve './file1': -2
[  441.530315][ T9549] kvm: kvm [9547]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0x4000006e) = 0x8004
[  442.793577][ T9593] binder_alloc: 9592: binder_alloc_buf, no vma
[  443.105340][ T9605] overlayfs: failed to resolve './file1': -2
[  443.248795][ T9614] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes
[  443.355681][ T9620] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1149'.
[  444.321215][ T9651] bond1: Unable to set up delay as MII monitoring is disabled
[  444.349828][ T9651] bond1 (unregistering): Released all slaves
[  445.332833][ T9672] syzkaller0: entered promiscuous mode
[  445.332863][ T9672] syzkaller0: entered allmulticast mode
[  445.363825][ T9674] kvm: kvm [9673]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0x4000006e) = 0x8004
[  445.818980][ T9688] overlayfs: failed to resolve './file0': -2
[  446.928067][ T9723] binder: 9722:9723 unknown command 0
[  446.928098][ T9723] binder: 9722:9723 ioctl c0306201 200000000080 returned -22
[  446.930060][ T9723] binder_alloc: 9722: binder_alloc_buf, no vma
[  447.532688][ T9749] binder: 9747:9749 unknown command 0
[  447.532710][ T9749] binder: 9747:9749 ioctl c0306201 200000000080 returned -22
[  447.534645][ T9749] binder_alloc: 9747: binder_alloc_buf, no vma
[  447.966356][ T5807] Bluetooth: hci0: command 0x0406 tx timeout
[  448.120278][ T9772] netlink: 'syz.3.1216': attribute type 1 has an invalid length.
[  448.215303][ T9772] 8021q: adding VLAN 0 to HW filter on device bond2
[  448.363955][ T9779] bond3: Unable to set up delay as MII monitoring is disabled
[  448.393742][ T9779] bond3 (unregistering): Released all slaves
[  448.413494][ T9784] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  448.528193][    C0] vkms_vblank_simulate: vblank timer overrun
[  448.928024][ T9804] netlink: 2384 bytes leftover after parsing attributes in process `syz.0.1226'.
[  448.939382][ T9804] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1226'.
[  448.993808][ T9810] binder: 9807:9810 unknown command 0
[  448.993827][ T9810] binder: 9807:9810 ioctl c0306201 200000000080 returned -22
[  449.632226][ T9840] binder_alloc: 9839: binder_alloc_buf, no vma
[  450.445010][ T9872] binder: 9870:9872 ioctl c0306201 0 returned -14
[  450.968782][ T9892] binder: 9890:9892 ioctl c0306201 0 returned -14
[  451.283353][ T9902] binder: 9898:9902 ioctl c0306201 0 returned -14
[  451.643678][ T9916] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  452.150269][ T9928] binder_alloc: 9927: binder_alloc_buf, no vma
[  452.367020][ T9932] binder: BINDER_SET_CONTEXT_MGR already set
[  452.367035][ T9932] binder: 9931:9932 ioctl 4018620d 200000000040 returned -16
[  452.402779][ T9934] binder: 9933:9934 unknown command 0
[  452.402798][ T9934] binder: 9933:9934 ioctl c0306201 200000000080 returned -22
[  452.425637][ T9934] binder: BINDER_SET_CONTEXT_MGR already set
[  452.425652][ T9934] binder: 9933:9934 ioctl 4018620d 200000000040 returned -16
[  452.687005][ T5807] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  453.188929][ T9955] syzkaller0: entered promiscuous mode
[  453.188956][ T9955] syzkaller0: entered allmulticast mode
[  453.291985][ T9969] binder: 9968:9969 unknown command 0
[  453.292007][ T9969] binder: 9968:9969 ioctl c0306201 200000000080 returned -22
[  453.300500][ T9969] binder: BINDER_SET_CONTEXT_MGR already set
[  453.300516][ T9969] binder: 9968:9969 ioctl 4018620d 200000000040 returned -16
[  453.907325][ T9985] netlink: 'syz.5.1299': attribute type 1 has an invalid length.
[  453.960513][ T9990] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1299'.
[  454.052526][ T9994] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1299'.
[  454.138616][ T9990] bond1: (slave bridge1): making interface the new active one
[  454.139702][ T9990] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  454.145852][ T9994] 8021q: adding VLAN 0 to HW filter on device bond1
[  454.301042][ T9998] syzkaller0: entered promiscuous mode
[  454.301067][ T9998] syzkaller0: entered allmulticast mode
[  454.578124][T10010] netlink: 'syz.1.1308': attribute type 1 has an invalid length.
[  454.803348][T10013] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  455.433497][T10048] netlink: 'syz.5.1320': attribute type 1 has an invalid length.
[  455.509297][T10048] 8021q: adding VLAN 0 to HW filter on device bond2
[  455.538600][T10050] bond2: (slave ip6gretap2): making interface the new active one
[  455.540477][T10050] bond2: (slave ip6gretap2): Enslaving as an active interface with an up link
[  456.366044][ T5810] Bluetooth: hci4: command 0x1003 tx timeout
[  456.366062][ T5807] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  457.791012][T10102] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1337'.
[  459.488212][T10133] binder: 10132:10133 ioctl c0306201 0 returned -14
[  459.723849][T10139] Bluetooth: Invalid byte 0b after esc byte
[  459.924704][T10143] binder: 10142:10143 unknown command 0
[  459.924724][T10143] binder: 10142:10143 ioctl c0306201 200000000080 returned -22
[  460.206821][T10102] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  460.276962][T10102] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  460.340401][T10102] bond0 (unregistering): Released all slaves
[  460.681270][T10165] binder: 10163:10165 unknown command 0
[  460.681292][T10165] binder: 10163:10165 ioctl c0306201 200000000080 returned -22
[  461.465625][T10193] binder: BINDER_SET_CONTEXT_MGR already set
[  461.465641][T10193] binder: 10192:10193 ioctl 4018620d 200000000040 returned -16
[  461.726137][ T5807] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  462.094277][ T5807] Bluetooth: hci0: unexpected event for opcode 0x2062
[  462.210194][T10203] syzkaller0: entered promiscuous mode
[  462.210224][T10203] syzkaller0: entered allmulticast mode
[  462.286460][    C1] vkms_vblank_simulate: vblank timer overrun
[  462.728307][T10220] binder: BINDER_SET_CONTEXT_MGR already set
[  462.728324][T10220] binder: 10219:10220 ioctl 4018620d 200000000040 returned -16
[  463.226235][T10223] lo speed is unknown, defaulting to 1000
[  463.639694][    C1] vkms_vblank_simulate: vblank timer overrun
[  464.084388][T10254] binder: BINDER_SET_CONTEXT_MGR already set
[  464.084498][T10254] binder: 10253:10254 ioctl 4018620d 200000000040 returned -16
[  466.129702][ T5807] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  466.130265][ T5807] Bluetooth: hci0: Injecting HCI hardware error event
[  466.134202][ T5807] Bluetooth: hci0: hardware error 0x00
[  466.292027][T10319] binder: 10318:10319 unknown command 0
[  466.292046][T10319] binder: 10318:10319 ioctl c0306201 200000000080 returned -22
[  466.402242][T10321] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  466.402262][T10321] IPv6: NLM_F_CREATE should be set when creating new route
[  466.601697][    C1] vkms_vblank_simulate: vblank timer overrun
[  466.889676][T10332] fuse: Bad value for 'fd'
[  467.750976][T10362] fuse: Bad value for 'fd'
[  468.290293][ T5807] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  468.592403][T10392] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1459'.
[  468.674265][T10396] binder: BINDER_SET_CONTEXT_MGR already set
[  468.674280][T10396] binder: 10395:10396 ioctl 4018620d 200000000040 returned -16
[  469.338923][T10426] macvlan2: entered promiscuous mode
[  469.531447][T10438] binder: 10433:10438 ioctl c0306201 0 returned -14
[  469.774257][T10447] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1481'.
[  469.812740][T10447] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1481'.
[  470.651238][T10477] usb usb8: usbfs: process 10477 (syz.4.1494) did not claim interface 0 before use
[  470.804529][T10483] overlayfs: missing 'lowerdir'
[  471.166493][ T5810] Bluetooth: hci5: command 0x0406 tx timeout
[  471.818903][T10515] lo speed is unknown, defaulting to 1000
[  473.092517][    C1] vkms_vblank_simulate: vblank timer overrun
[  474.623838][T10555] lo speed is unknown, defaulting to 1000
[  475.198852][T10574] fuse: Bad value for 'fd'
[  475.540439][T10583] netlink: 'syz.5.1534': attribute type 1 has an invalid length.
[  475.577729][T10583] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1534'.
[  475.603494][    C1] vkms_vblank_simulate: vblank timer overrun
[  475.605589][T10583] bond3: (slave bridge2): making interface the new active one
[  475.615374][T10583] bond3: (slave bridge2): Enslaving as an active interface with an up link
[  475.620137][T10583] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1534'.
[  475.693077][    C1] vkms_vblank_simulate: vblank timer overrun
[  476.013541][T10590] netlink: 'syz.5.1537': attribute type 10 has an invalid length.
[  476.032097][T10590] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  476.305275][T10607] tipc: Started in network mode
[  476.305308][T10607] tipc: Node identity 22e8ae973309, cluster identity 4711
[  476.325727][T10607] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  476.334780][T10607] syzkaller0: entered promiscuous mode
[  476.334802][T10607] syzkaller0: entered allmulticast mode
[  476.362432][T10607] tipc: Resetting bearer <eth:syzkaller0>
[  476.407877][T10606] tipc: Resetting bearer <eth:syzkaller0>
[  476.551462][T10606] tipc: Disabling bearer <eth:syzkaller0>
[  476.783186][T10617] netlink: 'syz.1.1546': attribute type 1 has an invalid length.
[  476.877838][T10617] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1546'.
[  476.916662][T10617] bond1: (slave bridge1): making interface the new active one
[  476.917368][T10617] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  476.929958][T10617] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1546'.
[  477.048656][T10626] netlink: 'syz.3.1550': attribute type 1 has an invalid length.
[  477.491428][T10649] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  477.637178][T10655] binder: 10654:10655 unknown command 0
[  477.637202][T10655] binder: 10654:10655 ioctl c0306201 200000000080 returned -22
[  477.809371][T10661] fuse: Bad value for 'fd'
[  477.916143][ T5948] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  478.081521][ T5948] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  478.081569][ T5948] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  478.081608][ T5948] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  478.081644][ T5948] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  478.102872][ T5948] usb 4-1: config 0 descriptor??
[  478.543715][ T5948] cm6533_jd 0003:0D8C:0022.0012: unknown main item tag 0x0
[  478.543849][ T5948] cm6533_jd 0003:0D8C:0022.0012: unknown main item tag 0x0
[  478.559117][ T5948] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.0012/input/input27
[  478.599053][T10682] binder: 10681:10682 unknown command 0
[  478.599074][T10682] binder: 10681:10682 ioctl c0306201 200000000080 returned -22
[  478.632136][T10682] binder: 10681:10682 ioctl 4018620d 0 returned -22
[  478.826195][ T5948] cm6533_jd 0003:0D8C:0022.0012: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0
[  478.866125][ T5948] usb 4-1: USB disconnect, device number 23
[  479.054189][T10695] fido_id[10695]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory
[  479.803647][T10732] netlink: 'syz.3.1590': attribute type 1 has an invalid length.
[  480.144205][ T5810] Bluetooth: Unexpected start frame (len 16)
[  480.528465][T10758] binder: 10756:10758 unknown command 0
[  480.528487][T10758] binder: 10756:10758 ioctl c0306201 200000000080 returned -22
[  480.530699][T10758] binder: 10756:10758 ioctl 4018620d 0 returned -22
[  480.872224][T10770] tipc: Started in network mode
[  480.872255][T10770] tipc: Node identity 7a807227deb9, cluster identity 4711
[  480.872552][T10770] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  480.882251][T10770] syzkaller0: entered promiscuous mode
[  480.882276][T10770] syzkaller0: entered allmulticast mode
[  480.947561][T10769] tipc: Resetting bearer <eth:syzkaller0>
[  481.150389][T10769] tipc: Disabling bearer <eth:syzkaller0>
[  481.186678][T10788] binder: 10785:10788 unknown command 0
[  481.186696][T10788] binder: 10785:10788 ioctl c0306201 200000000080 returned -22
[  481.189056][T10788] binder: 10785:10788 ioctl c0306201 0 returned -14
[  481.524131][T10802] netlink: 'syz.0.1620': attribute type 1 has an invalid length.
[  481.582792][T10804] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1620'.
[  483.284318][T10839] 9pnet_virtio: no channels available for device syz
[  483.409210][T10842] netlink: 'syz.5.1635': attribute type 1 has an invalid length.
[  483.472035][T10847] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1635'.
[  483.498201][ T5810] Bluetooth: hci3: unexpected event for opcode 0x2002
[  483.548407][T10850] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1635'.
[  483.607945][T10847] bond4: (slave bridge3): making interface the new active one
[  483.608569][T10847] bond4: (slave bridge3): Enslaving as an active interface with an up link
[  484.076412][T10871] fuse: Bad value for 'group_id'
[  484.076439][T10871] fuse: Bad value for 'group_id'
[  484.693665][T10877] lo speed is unknown, defaulting to 1000
[  484.976981][T10889] netlink: 'syz.3.1651': attribute type 1 has an invalid length.
[  485.029014][T10893] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1651'.
[  485.111508][T10897] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1651'.
[  485.350629][T10893] bond5: (slave bridge1): making interface the new active one
[  485.360748][T10893] bond5: (slave bridge1): Enslaving as an active interface with an up link
[  485.669641][T10913] syz.3.1658 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  485.740609][T10912] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  485.742169][T10912] syzkaller0: entered promiscuous mode
[  485.742193][T10912] syzkaller0: entered allmulticast mode
[  485.766398][T10911] tipc: Resetting bearer <eth:syzkaller0>
[  485.852004][    C1] vkms_vblank_simulate: vblank timer overrun
[  485.884456][T10911] tipc: Disabling bearer <eth:syzkaller0>
[  486.418944][T10928] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  486.418957][T10928] IPv6: NLM_F_CREATE should be set when creating new route
[  486.684109][T10940] netlink: 'syz.1.1669': attribute type 1 has an invalid length.
[  486.750071][T10944] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1669'.
[  486.906847][T10944] bond2: (slave bridge2): making interface the new active one
[  486.907496][T10944] bond2: (slave bridge2): Enslaving as an active interface with an up link
[  487.257922][    T9] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  487.417887][    T9] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  487.417918][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  487.525449][T10965] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1675'.
[  487.525472][T10965] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1675'.
[  487.551101][    T9] usb 5-1: config 0 descriptor??
[  487.563289][    T9] cp210x 5-1:0.0: cp210x converter detected
[  487.615855][T10965] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1675'.
[  487.618087][T10965] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1675'.
[  487.619054][   T59] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  487.620235][   T59] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  487.620272][   T59] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  487.620298][   T59] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  487.972430][    T9] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -71
[  487.973058][    T9] cp210x 5-1:0.0: failed to get vendor val 0x3711 size 2: -71
[  487.973080][    T9] cp210x 5-1:0.0: GPIO initialisation failed: -71
[  488.006625][    T9] usb 5-1: cp210x converter now attached to ttyUSB0
[  488.013233][    T9] usb 5-1: USB disconnect, device number 18
[  488.054700][    T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  488.062681][    T9] cp210x 5-1:0.0: device disconnected
[  488.445040][T10980] netlink: 'syz.5.1682': attribute type 1 has an invalid length.
[  488.474933][T10980] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1682'.
[  488.498785][T10980] bond5: (slave bridge4): making interface the new active one
[  488.501374][T10980] bond5: (slave bridge4): Enslaving as an active interface with an up link
[  488.504053][T10980] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1682'.
[  489.193103][T11004] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  489.348182][T11007] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1694'.
[  489.349367][T11007] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1694'.
[  490.437037][ T5807] Bluetooth: hci4: command 0x1003 tx timeout
[  490.437379][ T5810] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  491.144767][T11020] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1698'.
[  491.202719][T11024] binder: 11023:11024 unknown command 0
[  491.202740][T11024] binder: 11023:11024 ioctl c0306201 200000000080 returned -22
[  491.285362][T11027] netlink: 'syz.1.1702': attribute type 10 has an invalid length.
[  491.305736][T11027] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  491.364434][T11029] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  491.364457][T11029] IPv6: NLM_F_CREATE should be set when creating new route
[  491.668319][T11044] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  491.681091][T11037] syzkaller0: entered promiscuous mode
[  491.681118][T11037] syzkaller0: entered allmulticast mode
[  491.716567][T11035] tipc: Resetting bearer <eth:syzkaller0>
[  491.872611][T11035] tipc: Disabling bearer <eth:syzkaller0>
[  492.019718][T11055] binder: 11054:11055 unknown command 0
[  492.019740][T11055] binder: 11054:11055 ioctl c0306201 200000000080 returned -22
[  493.575299][ T5810] Bluetooth: hci2: unexpected event for opcode 0x2002
[  493.623801][ T5810] Bluetooth: hci2: unexpected Set CIG Parameters response data
[  493.634925][ T5810] Bluetooth: hci2: unexpected event for opcode 0x2062
[  494.742602][T11092] binder: 11091:11092 unknown command 0
[  494.742623][T11092] binder: 11091:11092 ioctl c0306201 200000000080 returned -22
[  497.552556][T11113] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1730'.
[  497.552580][T11113] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1730'.
[  497.646153][ T5810] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  497.646355][ T5810] Bluetooth: hci2: Injecting HCI hardware error event
[  497.650853][ T5807] Bluetooth: hci2: hardware error 0x00
[  497.666302][T11113] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1730'.
[  497.666321][T11113] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1730'.
[  497.697259][   T59] netdevsim netdevsim5 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  497.903378][   T59] netdevsim netdevsim5 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  497.912216][   T59] netdevsim netdevsim5 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  497.912280][   T59] netdevsim netdevsim5 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  497.929250][T11108] lo speed is unknown, defaulting to 1000
[  500.109612][ T5807] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  500.763476][T11146] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  500.763501][T11146] IPv6: NLM_F_CREATE should be set when creating new route
[  501.016631][T11149] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1742'.
[  501.309386][T11151] tipc: Started in network mode
[  501.309416][T11151] tipc: Node identity a6133ae0f3ab, cluster identity 4711
[  501.309626][T11151] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  501.310319][T11152] syzkaller0: entered promiscuous mode
[  501.310332][T11152] syzkaller0: entered allmulticast mode
[  501.459186][T11150] tipc: Resetting bearer <eth:syzkaller0>
[  501.496166][T11148] tipc: Resetting bearer <eth:syzkaller0>
[  501.592451][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  501.592525][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  501.776930][T11148] tipc: Disabling bearer <eth:syzkaller0>
[  501.948230][T11159] binder: 11158:11159 unknown command 0
[  501.948244][T11159] binder: 11158:11159 ioctl c0306201 200000000080 returned -22
[  502.516094][    T9] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  502.668804][    T9] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 223, changing to 11
[  502.668840][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  502.668873][    T9] usb 5-1: New USB device found, idVendor=056a, idProduct=030e, bcdDevice= 0.00
[  502.668897][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  502.675147][    T9] usb 5-1: config 0 descriptor??
[  502.727831][T11175] fuse: Bad value for 'fd'
[  503.132195][T11181] netlink: 'syz.5.1750': attribute type 12 has an invalid length.
[  503.366168][ T5887] usb 5-1: USB disconnect, device number 19
[  510.330040][T11260] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1779'.
[  510.916829][T11266] fuse: Bad value for 'fd'
[  512.754780][T11284] fuse: Bad value for 'user_id'
[  512.754802][T11284] fuse: Bad value for 'user_id'
[  515.878874][ T5890] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  516.026961][ T5890] usb 6-1: Using ep0 maxpacket: 32
[  516.029249][ T5890] usb 6-1: config 0 has an invalid interface number: 188 but max is 0
[  516.029275][ T5890] usb 6-1: config 0 has no interface number 0
[  516.029323][ T5890] usb 6-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  516.056037][ T5890] usb 6-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  516.056065][ T5890] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  516.056085][ T5890] usb 6-1: Product: syz
[  516.056098][ T5890] usb 6-1: Manufacturer: syz
[  516.056111][ T5890] usb 6-1: SerialNumber: syz
[  516.108289][ T5890] usb 6-1: config 0 descriptor??
[  516.114125][T11335] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  516.166221][ T5960] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  516.322690][T11335] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  516.336620][ T5960] usb 1-1: config 220 has an invalid interface number: 76 but max is 2
[  516.336648][ T5960] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  516.336752][ T5960] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  516.336774][ T5960] usb 1-1: config 220 has no interface number 2
[  516.336916][ T5960] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  516.336944][ T5960] usb 1-1: config 220 interface 0 has no altsetting 0
[  516.336962][ T5960] usb 1-1: config 220 interface 76 has no altsetting 0
[  516.336980][ T5960] usb 1-1: config 220 interface 1 has no altsetting 0
[  516.339918][ T5960] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  516.339945][ T5960] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  516.340016][ T5960] usb 1-1: Product: syz
[  516.340030][ T5960] usb 1-1: Manufacturer: syz
[  516.340043][ T5960] usb 1-1: SerialNumber: syz
[  516.930202][ T5890] asix 6-1:0.188 (unnamed net_device) (uninitialized): invalid hw address, using random
[  517.743854][ T5890] asix 6-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  517.743885][ T5890] asix 6-1:0.188 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  517.744490][ T5890] asix 6-1:0.188: probe with driver asix failed with error -71
[  517.797112][ T5890] usb 6-1: USB disconnect, device number 27
[  518.415156][T11379] syzkaller0: entered promiscuous mode
[  518.415182][T11379] syzkaller0: entered allmulticast mode
[  518.558796][T11384] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1824'.
[  518.837726][ T5960] usb 1-1: selecting invalid altsetting 0
[  518.868959][ T5960] uvcvideo 1-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  518.868993][ T5960] uvcvideo 1-1:220.0: No valid video chain found.
[  520.195224][ T5960] usb 1-1: selecting invalid altsetting 0
[  520.195264][ T5960] usbtest 1-1:220.1: probe with driver usbtest failed with error -22
[  520.231990][ T5960] usb 1-1: USB disconnect, device number 31
[  522.635013][T11432] autofs: Unknown parameter '0x0000000000000000'
[  522.893743][T11443] netlink: 'syz.3.1844': attribute type 1 has an invalid length.
[  522.894530][T11443] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1844'.
[  522.950762][T11444] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1844'.
[  524.467739][T11448] Illegal XDP return value 4294967294 on prog  (id 236) dev N/A, expect packet loss!
[  524.777090][T11461] autofs: Unknown parameter '0x0000000000000000'
[  524.838512][T11456] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1846'.
[  524.859606][T11456] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1846'.
[  524.860481][T11456] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1846'.
[  529.948513][T11498] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  530.154616][T11508] netlink: 'syz.5.1866': attribute type 3 has an invalid length.
[  530.154638][T11508] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1866'.
[  530.176120][ T5807] Bluetooth: hci3: unexpected event for opcode 0x2002
[  530.386009][ T5960] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  530.536014][ T5960] usb 1-1: Using ep0 maxpacket: 8
[  530.539131][ T5960] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  530.539157][ T5960] usb 1-1: config 179 has no interface number 0
[  530.539204][ T5960] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  530.539230][ T5960] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  530.539258][ T5960] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  530.539283][ T5960] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  530.539307][ T5960] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  530.539348][ T5960] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  530.539370][ T5960] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  530.576577][T11505] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  530.620891][T11522] fuse: Bad value for 'fd'
[  532.069847][ T5960] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input29
[  537.005199][ T5807] Bluetooth: hci5: Ignoring connect complete event for invalid link type
[  537.311556][T11575] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  537.353466][T11575] tipc: Resetting bearer <eth:syzkaller0>
[  537.464495][T11573] tipc: Disabling bearer <eth:syzkaller0>
[  537.536225][ T5948] usb 1-1: USB disconnect, device number 32
[  537.536223][    C1] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  537.536285][    C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  539.344867][T11596] fuse: Bad value for 'user_id'
[  539.344887][T11596] fuse: Bad value for 'user_id'
[  539.982775][T11628] netlink: 'syz.3.1908': attribute type 10 has an invalid length.
[  540.117313][T11628] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  540.236732][T11630] fuse: Bad value for 'fd'
[  540.679774][T11651] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1920'.
[  540.752525][T11654] fuse: Bad value for 'rootmode'
[  541.706249][T11666] fuse: Bad value for 'fd'
[  542.900797][T11703] fuse: Unknown parameter 'use00000000000000000000'
[  543.035033][T11712] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1943'.
[  543.828662][T11727] fuse: Bad value for 'fd'
[  543.889702][T11729] No control pipe specified
[  544.960035][T11757] fuse: Bad value for 'fd'
[  544.976668][T11753] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1959'.
[  545.233966][T11761] No control pipe specified
[  545.307910][T11762] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1962'.
[  545.851324][    C0] vkms_vblank_simulate: vblank timer overrun
[  546.852672][    C0] vkms_vblank_simulate: vblank timer overrun
[  546.948966][T11787] netlink: 'syz.3.1972': attribute type 1 has an invalid length.
[  547.005652][T11790] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1972'.
[  547.114376][T11787] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1972'.
[  547.432359][T11805] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1977'.
[  547.474833][T11806] No control pipe specified
[  547.475623][T11801] lo speed is unknown, defaulting to 1000
[  547.525241][T11808] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1980'.
[  547.541305][T11808] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1980'.
[  547.745542][    C0] vkms_vblank_simulate: vblank timer overrun
[  547.862210][    C0] vkms_vblank_simulate: vblank timer overrun
[  547.968667][    C0] vkms_vblank_simulate: vblank timer overrun
[  548.314457][T11826] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  549.242540][    C0] vkms_vblank_simulate: vblank timer overrun
[  549.884280][    C0] vkms_vblank_simulate: vblank timer overrun
[  550.238297][    C0] vkms_vblank_simulate: vblank timer overrun
[  550.635398][T11851] fuse: Bad value for 'fd'
[  550.689456][T11855] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  550.696844][T11854] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1995'.
[  550.809911][T11854] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1995'.
[  551.096447][    C0] vkms_vblank_simulate: vblank timer overrun
[  551.239116][T11854] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1995'.
[  551.264412][    C0] vkms_vblank_simulate: vblank timer overrun
[  551.398266][    C0] vkms_vblank_simulate: vblank timer overrun
[  551.705055][    C0] vkms_vblank_simulate: vblank timer overrun
[  551.912383][    C0] vkms_vblank_simulate: vblank timer overrun
[  553.510831][T11891] fuse: Unknown parameter '0x0000000000000003'
[  553.881531][T11898] lo speed is unknown, defaulting to 1000
[  553.980047][T11909] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2019'.
[  554.123319][T11909] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2019'.
[  554.296448][T11909] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2019'.
[  554.346590][T11924] fuse: Unknown parameter '0x0000000000000003'
[  554.561881][T11931] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  554.561907][T11931] IPv6: NLM_F_CREATE should be set when creating new route
[  555.480881][T11949] lo speed is unknown, defaulting to 1000
[  555.681350][T11965] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2038'.
[  555.713337][T11965] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2038'.
[  555.909755][T11971] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  555.909778][T11971] IPv6: NLM_F_CREATE should be set when creating new route
[  556.808711][T11998] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  556.882938][T12002] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  557.226572][T12017] fuse: Bad value for 'rootmode'
[  557.390689][T12014] syzkaller0: entered promiscuous mode
[  557.390716][T12014] syzkaller0: entered allmulticast mode
[  557.406527][    T9] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  557.557212][    T9] usb 5-1: Using ep0 maxpacket: 16
[  557.559658][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  557.559684][    T9] usb 5-1: config 0 has no interfaces?
[  557.559713][    T9] usb 5-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00
[  557.559736][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  557.635638][    T9] usb 5-1: config 0 descriptor??
[  558.831386][    T9] usb 5-1: USB disconnect, device number 20
[  559.303064][T12036] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  561.061124][T12065] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  563.012078][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  563.012174][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  573.173013][ T5810] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  573.229578][ T5810] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  573.230845][ T5810] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  573.232063][ T5810] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  573.232689][ T5810] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  574.269727][T12099] fuse: Unknown parameter '0x0000000000000003'
[  574.453288][T12106] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  574.453315][T12106] IPv6: NLM_F_CREATE should be set when creating new route
[  575.333322][ T5807] Bluetooth: hci4: command tx timeout
[  576.345045][T12078] lo speed is unknown, defaulting to 1000
[  576.544947][ T6876] netdevsim netdevsim5 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  576.544980][ T6876] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  576.655838][T12132] fuse: Unknown parameter 'grou00000000000000000000'
[  576.821162][ T6876] netdevsim netdevsim5 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  576.821194][ T6876] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  577.114339][T12142] fuse: Unknown parameter '0x0000000000000003'
[  577.116952][ T6876] netdevsim netdevsim5 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  577.116982][ T6876] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  577.442585][T12155] netlink: 'syz.0.2104': attribute type 1 has an invalid length.
[  577.525846][ T5807] Bluetooth: hci4: command tx timeout
[  577.580044][T12159] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2104'.
[  578.002038][ T6876] netdevsim netdevsim5 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  578.002556][ T6876] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  578.584957][T12155] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR
[  578.951242][T12172] fuse: Unknown parameter 'grou00000000000000000000'
[  580.091790][ T5807] Bluetooth: hci4: command tx timeout
[  582.126021][ T5807] Bluetooth: hci4: command tx timeout
[  582.248123][T12078] chnl_net:caif_netlink_parms(): no params data found
[  582.344451][T12206] fuse: Unknown parameter 'grou00000000000000000000'
[  583.554755][T12209] netlink: 'syz.4.2120': attribute type 12 has an invalid length.
[  584.001073][T12212] netlink: 'syz.1.2119': attribute type 1 has an invalid length.
[  584.054053][T12213] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2119'.
[  584.649011][T12213] bond3: (slave bridge3): Enslaving as an active interface with an up link
[  585.096183][ T6876] bridge_slave_1: left allmulticast mode
[  585.096210][ T6876] bridge_slave_1: left promiscuous mode
[  585.096651][ T6876] bridge0: port 2(bridge_slave_1) entered disabled state
[  585.189548][ T6876] bridge_slave_0: left allmulticast mode
[  585.189578][ T6876] bridge_slave_0: left promiscuous mode
[  585.190695][ T6876] bridge0: port 1(bridge_slave_0) entered disabled state
[  586.106936][ T6876] bond2 (unregistering): (slave ip6gretap2): Releasing active interface
[  587.307547][T12257] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  587.496516][ T6876] bond1 (unregistering): (slave bridge1): Releasing active interface
[  587.560238][T12262] fuse: Unknown parameter 'group_i00000000000000000000'
[  587.706783][ T6876] bond3 (unregistering): (slave bridge2): Releasing active interface
[  587.936830][ T6876] bond4 (unregistering): (slave bridge3): Releasing active interface
[  588.200212][T12279] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  588.230089][ T6876] bond5 (unregistering): (slave bridge4): Releasing active interface
[  588.333176][T12285] fuse: Unknown parameter 'group_i00000000000000000000'
[  592.496810][ T6876] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  592.576919][ T6876] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  592.669302][ T6876] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  592.674571][T12299] netlink: 'syz.0.2153': attribute type 1 has an invalid length.
[  592.718078][ T6876] bond0 (unregistering): Released all slaves
[  592.727146][T12300] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2153'.
[  592.779415][T12301] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2153'.
[  593.518635][ T6876] bond1 (unregistering): Released all slaves
[  594.322391][ T6876] bond2 (unregistering): Released all slaves
[  594.336912][ T6876] bond3 (unregistering): Released all slaves
[  594.347588][ T6876] bond4 (unregistering): Released all slaves
[  594.364287][ T6876] bond5 (unregistering): Released all slaves
[  595.147120][ T6876] tipc: Left network mode
[  596.542573][T12328] fuse: Bad value for 'fd'
[  596.741722][T12078] bridge0: port 1(bridge_slave_0) entered blocking state
[  596.741851][T12078] bridge0: port 1(bridge_slave_0) entered disabled state
[  596.742086][T12078] bridge_slave_0: entered allmulticast mode
[  596.758699][T12078] bridge_slave_0: entered promiscuous mode
[  596.856132][T12078] bridge0: port 2(bridge_slave_1) entered blocking state
[  596.856286][T12078] bridge0: port 2(bridge_slave_1) entered disabled state
[  596.875022][T12078] bridge_slave_1: entered allmulticast mode
[  596.897761][T12078] bridge_slave_1: entered promiscuous mode
[  597.102077][T12342] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2167'.
[  597.155789][T12346] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2167'.
[  598.370679][T12357] fuse: Bad value for 'fd'
[  600.263021][T12377] netlink: 'syz.0.2177': attribute type 1 has an invalid length.
[  600.315608][T12378] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2177'.
[  600.636688][T12386] fuse: Bad value for 'fd'
[  601.287140][ T5887] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  601.662494][ T5887] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  601.662528][ T5887] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  601.662550][ T5887] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  601.662592][ T5887] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  601.662614][ T5887] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  601.735147][ T5887] usb 2-1: config 0 descriptor??
[  601.758416][T12378] bond4: (slave bridge2): Enslaving as an active interface with an up link
[  601.939125][T12078] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  601.963877][T12078] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  602.234369][ T5887] plantronics 0003:047F:FFFF.0014: unbalanced delimiter at end of report description
[  602.249234][ T5887] plantronics 0003:047F:FFFF.0014: parse failed
[  602.249341][ T5887] plantronics 0003:047F:FFFF.0014: probe with driver plantronics failed with error -22
[  602.553093][T12413] kvm: emulating exchange as write
[  602.592608][T12416] fuse: Bad value for 'fd'
[  602.681613][T12419] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2195'.
[  602.741622][ T6876] hsr_slave_0: left promiscuous mode
[  602.745792][T12420] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2195'.
[  602.801478][ T6876] hsr_slave_1: left promiscuous mode
[  602.802540][ T6876] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  602.802564][ T6876] batman_adv: batadv0: Removing interface: batadv_slave_0
[  602.850824][ T6876] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  602.850846][ T6876] batman_adv: batadv0: Removing interface: batadv_slave_1
[  602.986071][    T9] usb 2-1: USB disconnect, device number 21
[  603.005123][ T6876] veth1_macvtap: left promiscuous mode
[  603.005229][ T6876] veth0_macvtap: left promiscuous mode
[  603.005481][ T6876] veth1_vlan: left promiscuous mode
[  603.005663][ T6876] veth0_vlan: left promiscuous mode
[  603.253756][T12428] fuse: Bad value for 'fd'
[  603.881322][T12440] fuse: Bad value for 'fd'
[  605.443764][   T37] kauditd_printk_skb: 1 callbacks suppressed
[  605.443782][   T37] audit: type=1326 audit(5286154369.790:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12445 comm="syz.0.2206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c5e38f749 code=0x7ffc0000
[  605.443835][   T37] audit: type=1326 audit(5286154369.790:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12445 comm="syz.0.2206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c5e38f749 code=0x7ffc0000
[  605.443876][   T37] audit: type=1326 audit(5286154369.790:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12445 comm="syz.0.2206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f8c5e38f749 code=0x7ffc0000
[  605.443914][   T37] audit: type=1326 audit(5286154369.800:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12445 comm="syz.0.2206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c5e38f749 code=0x7ffc0000
[  605.464632][   T37] audit: type=1326 audit(5286154369.800:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12445 comm="syz.0.2206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c5e38f749 code=0x7ffc0000
[  606.382903][T12453] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2208'.
[  606.571992][T12455] fuse: Bad value for 'fd'
[  607.697500][ T6876] team0 (unregistering): Port device team_slave_1 removed
[  607.936784][ T6876] team0 (unregistering): Port device team_slave_0 removed
[  610.595028][T12078] team0: Port device team_slave_0 added
[  610.830538][T12471] syzkaller0: entered promiscuous mode
[  610.830567][T12471] syzkaller0: entered allmulticast mode
[  610.854009][T12078] team0: Port device team_slave_1 added
[  613.225510][T12509] netlink: 'syz.0.2225': attribute type 1 has an invalid length.
[  613.478582][T12509] 8021q: adding VLAN 0 to HW filter on device bond5
[  613.718909][T12518] fuse: Unknown parameter 'fd0x0000000000000003'
[  614.678356][T12510] bond6: Unable to set up delay as MII monitoring is disabled
[  615.212521][T12510] bond6 (unregistering): Released all slaves
[  615.753003][T12078] batman_adv: batadv0: Adding interface: batadv_slave_0
[  615.753020][T12078] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  615.753045][T12078] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  615.808927][T12078] batman_adv: batadv0: Adding interface: batadv_slave_1
[  615.808944][T12078] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  615.808969][T12078] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  616.591347][T12540] syzkaller0: entered promiscuous mode
[  616.591374][T12540] syzkaller0: entered allmulticast mode
[  616.699781][T12078] hsr_slave_0: entered promiscuous mode
[  616.718617][T12078] hsr_slave_1: entered promiscuous mode
[  616.723542][T12078] debugfs: 'hsr0' already exists in 'hsr'
[  616.723569][T12078] Cannot create hsr debugfs directory
[  618.832997][T12078] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  618.935812][T12598] fuse: Unknown parameter 'use00000000000000000000'
[  618.996141][T12078] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  619.278063][T12078] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  619.578215][T12078] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  619.616258][ T5807] Bluetooth: hci4: link tx timeout
[  619.617148][ T5807] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  621.579452][T12632] fuse: Unknown parameter 'use00000000000000000000'
[  622.596816][ T5807] Bluetooth: hci4: command 0x0406 tx timeout
[  623.498791][T12078] 8021q: adding VLAN 0 to HW filter on device bond0
[  623.575178][T12078] 8021q: adding VLAN 0 to HW filter on device team0
[  623.614491][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  623.615120][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  623.681034][ T6876] bridge0: port 2(bridge_slave_1) entered blocking state
[  623.686164][ T6876] bridge0: port 2(bridge_slave_1) entered forwarding state
[  624.521242][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  624.521310][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  627.195176][T12078] 8021q: adding VLAN 0 to HW filter on device batadv0
[  627.713394][T12709] fuse: Unknown parameter 'user_i00000000000000000000'
[  628.265369][T12718] overlayfs: missing 'lowerdir'
[  630.152855][    T9] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  630.193723][T12078] veth0_vlan: entered promiscuous mode
[  630.326068][    T9] usb 1-1: Using ep0 maxpacket: 16
[  630.330585][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  630.330616][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  630.330653][    T9] usb 1-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00
[  630.330671][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  630.408345][    T9] usb 1-1: config 0 descriptor??
[  630.410766][T12078] veth1_vlan: entered promiscuous mode
[  633.254450][    T9] usbhid 1-1:0.0: can't add hid device: -71
[  633.254579][    T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  633.282626][T12078] veth0_macvtap: entered promiscuous mode
[  633.306351][    T9] usb 1-1: USB disconnect, device number 33
[  633.993227][T12760] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  633.993287][T12760] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  635.659441][T12080] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  635.674060][T12080] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  635.696113][T12080] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  635.713202][T12080] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  635.773203][T12080] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  636.995523][T12791] fuse: Unknown parameter 'group_i00000000000000000000'
[  637.600523][T12804] binder: BINDER_SET_CONTEXT_MGR already set
[  637.600539][T12804] binder: 12802:12804 ioctl 4018620d 200000004a80 returned -16
[  637.856025][ T5810] Bluetooth: hci5: command tx timeout
[  639.829387][T12769] lo speed is unknown, defaulting to 1000
[  639.896144][ T5810] Bluetooth: hci5: command tx timeout
[  641.976319][ T5810] Bluetooth: hci5: command tx timeout
[  644.093150][ T5810] Bluetooth: hci5: command tx timeout
[  644.313578][ T1529] bridge_slave_1: left allmulticast mode
[  644.313607][ T1529] bridge_slave_1: left promiscuous mode
[  644.313867][ T1529] bridge0: port 2(bridge_slave_1) entered disabled state
[  644.834526][ T1529] bridge_slave_0: left allmulticast mode
[  644.834554][ T1529] bridge_slave_0: left promiscuous mode
[  644.837775][ T1529] bridge0: port 1(bridge_slave_0) entered disabled state
[  647.476386][T12880] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  647.476445][T12880] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  647.645058][T12886] binder: BINDER_SET_CONTEXT_MGR already set
[  647.645074][T12886] binder: 12883:12886 ioctl 4018620d 200000004a80 returned -16
[  649.011429][T12900] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2325'.
[  649.082020][T12902] fuse: Unknown parameter 'group_id00000000000000000000'
[  649.676895][T12914] overlayfs: missing 'lowerdir'
[  650.800186][ T1529] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  650.856603][ T1529] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  650.902235][ T1529] bond0 (unregistering): Released all slaves
[  651.202013][T12928] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2335'.
[  651.483599][T12769] chnl_net:caif_netlink_parms(): no params data found
[  652.962182][ T1529] hsr_slave_0: left promiscuous mode
[  652.985977][ T1529] hsr_slave_1: left promiscuous mode
[  652.986966][ T1529] batman_adv: batadv0: Removing interface: batadv_slave_0
[  653.065748][ T1529] batman_adv: batadv0: Removing interface: batadv_slave_1
[  653.813922][ T1529] veth0_macvtap: left promiscuous mode
[  653.816220][ T1529] veth1_vlan: left promiscuous mode
[  653.816399][ T1529] veth0_vlan: left promiscuous mode
[  653.995760][T12958] overlayfs: missing 'lowerdir'
[  655.955515][T12980] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2349'.
[  656.698599][T12988] fuse: Bad value for 'fd'
[  656.974519][T12991] overlayfs: missing 'lowerdir'
[  660.447085][ T1529] team0 (unregistering): Port device team_slave_1 removed
[  662.073732][T13001] FAT-fs (loop7): unable to read boot sector
[  662.358403][ T1529] team0 (unregistering): Port device team_slave_0 removed
[  664.189926][T13011] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2359'.
[  666.185602][ T5804] ------------[ cut here ]------------
[  666.185624][ T5804] WARNING: CPU: 0 PID: 5804 at kernel/kcov.c:477 kcov_task_exit+0x13c/0x150
[  666.185670][ T5804] Modules linked in:
[  666.185695][ T5804] CPU: 0 UID: 0 PID: 5804 Comm: syz-executor Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  666.185718][ T5804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  666.185734][ T5804] RIP: 0010:kcov_task_exit+0x13c/0x150
[  666.185769][ T5804] Code: c7 c7 d0 45 c5 8e 48 c7 c6 c3 27 da 8c 48 c7 c2 89 fd d8 8c 4c 89 f9 e8 42 5d f1 02 4c 39 bb 98 00 00 00 0f 84 ff fe ff ff 90 <0f> 0b 90 4c 89 f7 5b 41 5e 41 5f e9 e4 3e 04 09 0f 1f 40 00 90 90
[  666.185787][ T5804] RSP: 0018:ffffc90004de7ac0 EFLAGS: 00010287
[  666.185804][ T5804] RAX: 8b633e6eebfeda00 RBX: ffff88814434cc00 RCX: 0000000000000000
[  666.185819][ T5804] RDX: 0000000000000000 RSI: ffffffff8b3ddfc0 RDI: 00000000ffffffff
[  666.185832][ T5804] RBP: ffffc90004de7c28 R08: 0000000000000000 R09: ffffffff8ac2eb41
[  666.185846][ T5804] R10: dffffc0000000000 R11: fffffbfff1dac84f R12: 1ffff110055f9f1d
[  666.185861][ T5804] R13: 0000000000000009 R14: ffff88814434cc08 R15: ffff888033313c00
[  666.185957][ T5804] FS:  000055558d5b3500(0000) GS:ffff888126df6000(0000) knlGS:0000000000000000
[  666.185975][ T5804] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  666.185988][ T5804] CR2: 00007ffc489d6f14 CR3: 0000000055e78000 CR4: 00000000003526f0
[  666.186004][ T5804] Call Trace:
[  666.186016][ T5804]  <TASK>
[  666.186027][ T5804]  do_exit+0x105/0x2300
[  666.186056][ T5804]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  666.186088][ T5804]  ? __lock_acquire+0xab9/0xd20
[  666.186121][ T5804]  ? __pfx_do_exit+0x10/0x10
[  666.186146][ T5804]  ? rt_mutex_slowunlock+0x493/0x8a0
[  666.186168][ T5804]  ? rt_spin_lock+0x1c1/0x3e0
[  666.186195][ T5804]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  666.186226][ T5804]  do_group_exit+0x21c/0x2d0
[  666.186244][ T5804]  ? rt_spin_unlock+0x161/0x200
[  666.186269][ T5804]  get_signal+0x125d/0x1310
[  666.186315][ T5804]  arch_do_signal_or_restart+0xa0/0x790
[  666.186336][ T5804]  ? __pfx___x64_sys_wait4+0x10/0x10
[  666.186356][ T5804]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  666.186395][ T5804]  ? exit_to_user_mode_loop+0x40/0x130
[  666.186423][ T5804]  exit_to_user_mode_loop+0x72/0x130
[  666.186448][ T5804]  do_syscall_64+0x2bd/0xfa0
[  666.186474][ T5804]  ? lockdep_hardirqs_on+0x9c/0x150
[  666.186501][ T5804]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  666.186520][ T5804]  ? clear_bhb_loop+0x60/0xb0
[  666.186544][ T5804]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  666.186562][ T5804] RIP: 0033:0x7f8c5e385897
[  666.186580][ T5804] Code: 89 7c 24 10 48 89 4c 24 18 e8 65 1c 03 00 4c 8b 54 24 18 8b 54 24 14 41 89 c0 48 8b 74 24 08 8b 7c 24 10 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 89 44 24 10 e8 b5 1c 03 00 8b 44
[  666.186597][ T5804] RSP: 002b:00007ffe8652e580 EFLAGS: 00000293 ORIG_RAX: 000000000000003d
[  666.186617][ T5804] RAX: fffffffffffffe00 RBX: 0000000000000552 RCX: 00007f8c5e385897
[  666.186632][ T5804] RDX: 0000000040000000 RSI: 00007ffe8652e5ec RDI: 00000000ffffffff
[  666.186645][ T5804] RBP: 00007ffe8652e5ec R08: 0000000000000000 R09: 0000000000000000
[  666.186659][ T5804] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000000001eb
[  666.186669][ T5804] R13: 000055558d5c6590 R14: 000000000009f25a R15: 00007ffe8652e640
[  666.186696][ T5804]  </TASK>
[  666.186710][ T5804] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  666.186726][ T5804] CPU: 0 UID: 0 PID: 5804 Comm: syz-executor Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  666.186747][ T5804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  666.186758][ T5804] Call Trace:
[  666.186777][ T5804]  <TASK>
[  666.186785][ T5804]  dump_stack_lvl+0x99/0x250
[  666.186816][ T5804]  ? __asan_memcpy+0x40/0x70
[  666.186840][ T5804]  ? __pfx_dump_stack_lvl+0x10/0x10
[  666.186871][ T5804]  ? __pfx__printk+0x10/0x10
[  666.186909][ T5804]  vpanic+0x237/0x6d0
[  666.186929][ T5804]  ? __pfx_vpanic+0x10/0x10
[  666.186960][ T5804]  panic+0xb9/0xc0
[  666.186977][ T5804]  ? __pfx_panic+0x10/0x10
[  666.187008][ T5804]  __warn+0x31b/0x4b0
[  666.187023][ T5804]  ? kcov_task_exit+0x13c/0x150
[  666.187049][ T5804]  ? kcov_task_exit+0x13c/0x150
[  666.187074][ T5804]  report_bug+0x2be/0x4f0
[  666.187100][ T5804]  ? kcov_task_exit+0x13c/0x150
[  666.187123][ T5804]  ? kcov_task_exit+0x13c/0x150
[  666.187147][ T5804]  ? kcov_task_exit+0x13e/0x150
[  666.187170][ T5804]  handle_bug+0x84/0x160
[  666.187189][ T5804]  exc_invalid_op+0x1a/0x50
[  666.187207][ T5804]  asm_exc_invalid_op+0x1a/0x20
[  666.187224][ T5804] RIP: 0010:kcov_task_exit+0x13c/0x150
[  666.187250][ T5804] Code: c7 c7 d0 45 c5 8e 48 c7 c6 c3 27 da 8c 48 c7 c2 89 fd d8 8c 4c 89 f9 e8 42 5d f1 02 4c 39 bb 98 00 00 00 0f 84 ff fe ff ff 90 <0f> 0b 90 4c 89 f7 5b 41 5e 41 5f e9 e4 3e 04 09 0f 1f 40 00 90 90
[  666.187266][ T5804] RSP: 0018:ffffc90004de7ac0 EFLAGS: 00010287
[  666.187282][ T5804] RAX: 8b633e6eebfeda00 RBX: ffff88814434cc00 RCX: 0000000000000000
[  666.187295][ T5804] RDX: 0000000000000000 RSI: ffffffff8b3ddfc0 RDI: 00000000ffffffff
[  666.187308][ T5804] RBP: ffffc90004de7c28 R08: 0000000000000000 R09: ffffffff8ac2eb41
[  666.187321][ T5804] R10: dffffc0000000000 R11: fffffbfff1dac84f R12: 1ffff110055f9f1d
[  666.187336][ T5804] R13: 0000000000000009 R14: ffff88814434cc08 R15: ffff888033313c00
[  666.187355][ T5804]  ? rt_spin_lock+0x1c1/0x3e0
[  666.187388][ T5804]  do_exit+0x105/0x2300
[  666.187416][ T5804]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  666.187446][ T5804]  ? __lock_acquire+0xab9/0xd20
[  666.187477][ T5804]  ? __pfx_do_exit+0x10/0x10
[  666.187502][ T5804]  ? rt_mutex_slowunlock+0x493/0x8a0
[  666.187524][ T5804]  ? rt_spin_lock+0x1c1/0x3e0
[  666.187550][ T5804]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  666.187581][ T5804]  do_group_exit+0x21c/0x2d0
[  666.187599][ T5804]  ? rt_spin_unlock+0x161/0x200
[  666.187623][ T5804]  get_signal+0x125d/0x1310
[  666.187666][ T5804]  arch_do_signal_or_restart+0xa0/0x790
[  666.187688][ T5804]  ? __pfx___x64_sys_wait4+0x10/0x10
[  666.187708][ T5804]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  666.187745][ T5804]  ? exit_to_user_mode_loop+0x40/0x130
[  666.187783][ T5804]  exit_to_user_mode_loop+0x72/0x130
[  666.187808][ T5804]  do_syscall_64+0x2bd/0xfa0
[  666.187834][ T5804]  ? lockdep_hardirqs_on+0x9c/0x150
[  666.187861][ T5804]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  666.187879][ T5804]  ? clear_bhb_loop+0x60/0xb0
[  666.187901][ T5804]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  666.187919][ T5804] RIP: 0033:0x7f8c5e385897
[  666.187934][ T5804] Code: 89 7c 24 10 48 89 4c 24 18 e8 65 1c 03 00 4c 8b 54 24 18 8b 54 24 14 41 89 c0 48 8b 74 24 08 8b 7c 24 10 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 89 44 24 10 e8 b5 1c 03 00 8b 44
[  666.187951][ T5804] RSP: 002b:00007ffe8652e580 EFLAGS: 00000293 ORIG_RAX: 000000000000003d
[  666.187971][ T5804] RAX: fffffffffffffe00 RBX: 0000000000000552 RCX: 00007f8c5e385897
[  666.187985][ T5804] RDX: 0000000040000000 RSI: 00007ffe8652e5ec RDI: 00000000ffffffff
[  666.187999][ T5804] RBP: 00007ffe8652e5ec R08: 0000000000000000 R09: 0000000000000000
[  666.188012][ T5804] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000000001eb
[  666.188023][ T5804] R13: 000055558d5c6590 R14: 000000000009f25a R15: 00007ffe8652e640
[  666.188055][ T5804]  </TASK>
[  666.188468][ T5804] Kernel Offset: disabled