last executing test programs: 4.790122655s ago: executing program 2 (id=64): mkdirat(0xffffffffffffff9c, 0x0, 0x1c1) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x4044844) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000040)=""/106, &(0x7f0000000380)=0x6a) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x100, 0x5, 0x6, 0x4002, 0x5, 0x37, 0xefffffffffffffff, 0x0, 0x0, 0x2000005, 0xfffffffface6e3cd, 0x40000000001c, 0x1, 0xffffffffffffffff, 0xfd]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.617642341s ago: executing program 2 (id=65): ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a3525c373b8be3e8d2672540e4fff5fe7", 0x0, 0x18}) syz_open_dev$evdev(&(0x7f0000000240), 0x20000, 0x8000) (async, rerun: 32) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) (rerun: 32) syz_usb_control_io$hid(r0, 0x0, 0x0) (async, rerun: 64) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0x8, '\t\x00'}, @local=@item_4={0x3, 0x2, 0x0, "112000"}, @main=@item_4={0x3, 0x0, 0xb, "7488dffc"}]}}, 0x0}, 0x0) (async, rerun: 64) syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x6000) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x14b000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202}) (async, rerun: 32) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async, rerun: 32) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3.724287182s ago: executing program 2 (id=70): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = socket$inet_udp(0x2, 0x2, 0x0) accept4(r3, 0x0, 0x0, 0x80000) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, &(0x7f0000000840)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00220f000000540b4550182195f51584b3"], 0x0}, 0x0) r5 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x40) ioctl$HIDIOCGUSAGE(r5, 0xc018480b, 0x0) ioctl$HIDIOCGREPORT(r5, 0x400c4807, &(0x7f0000000040)={0x3, 0x100, 0x7}) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="280000002000010002000000000000000a00000002"], 0x28}], 0x1, 0x0, 0x0, 0x8000}, 0x0) ioctl$KVM_NMI(r2, 0xae9a) r6 = socket$packet(0x11, 0x2, 0x300) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x2000000000032, 0xffffffffffffffff, 0x0) setsockopt$packet_int(r6, 0x107, 0xc, &(0x7f0000000100)=0x40049, 0x4) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r7 = socket$pppl2tp(0x18, 0x1, 0x1) accept(r7, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.29840149s ago: executing program 3 (id=78): writev(0xffffffffffffffff, &(0x7f0000000240)=[{0x0}, {}], 0x2) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x2d, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x2, 0x5, 0x3fe, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x7f, 0x2, 0x2, 0x6, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0x6, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x204, 0x1c, 0x7, 0x1, 0x9, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x9000003, 0x5, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x8000, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x3437, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x5, 0x2, 0x6, 0x8000, 0xf65, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0xfffc, 0xfffffffd, 0x8, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0xc, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x7, 0xfffffffa, 0x32d, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x3, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x4, 0xfffffffd, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x3, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0xc0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x40000000000180, 0x2, 0x80000000, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x0, 0x5, 0x4, 0x8], 0x25000, 0x304}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 2.554990318s ago: executing program 1 (id=86): r0 = socket(0xa, 0x3, 0x3a) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) r2 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r2, &(0x7f0000000000)={0x18, 0x2, {0x2, @local}}, 0x1e) connect$pptp(r2, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'vcan0\x00', 0x0}) setsockopt$pppl2tp_PPPOL2TP_SO_REORDERTO(r0, 0x111, 0x5, 0x4, 0x4) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={@private0, 0x1c, r3}) syz_usb_connect(0x0, 0x24, &(0x7f0000000540)=ANY=[@ANYBLOB="120100006cf96b10e8096200f280010203010902120001000000000904"], 0x0) socket(0xa, 0x3, 0x3a) (async) socket$inet6_udplite(0xa, 0x2, 0x88) (async) socket$pptp(0x18, 0x1, 0x2) (async) bind$pptp(r2, &(0x7f0000000000)={0x18, 0x2, {0x2, @local}}, 0x1e) (async) connect$pptp(r2, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'vcan0\x00'}) (async) setsockopt$pppl2tp_PPPOL2TP_SO_REORDERTO(r0, 0x111, 0x5, 0x4, 0x4) (async) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={@private0, 0x1c, r3}) (async) syz_usb_connect(0x0, 0x24, &(0x7f0000000540)=ANY=[@ANYBLOB="120100006cf96b10e8096200f280010203010902120001000000000904"], 0x0) (async) 2.352916906s ago: executing program 3 (id=89): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0a41, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002}) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r3, 0x0, 0x25a5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000200)={'ip6_vti0\x00', &(0x7f0000000180)={'syztnl1\x00', r5, 0x29, 0x6, 0x6, 0x6, 0x40, @empty, @private2, 0x7, 0x19, 0x7, 0x1}}) sendmsg$ETHTOOL_MSG_RINGS_SET(r4, 0x0, 0x4004844) sched_setaffinity(0x0, 0x8, &(0x7f0000002240)=0x400000bce) r6 = syz_open_dev$MSR(&(0x7f0000000100), 0x2041, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) mremap(&(0x7f0000ff8000/0x3000)=nil, 0x7fffdf00a000, 0x3000, 0x3, &(0x7f0000ff5000/0x3000)=nil) write$tun(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="030103000400c4001000459800d4006800004d2f9078e0000001ffffffff0c21880b001900001c794c5fcd565649050022835ac3ac97cb9fb274d4d9998212080008007fb5875c8cb1e5103810f3514c5859085f8bcd044121d872d527be9db6ccba47166b45027b4ebb9222f071ff96f3443ec4461c3204006f9698e1f011fa3bfab0dedf7bd62f68af010086dd080088be000000031a0317040100000000000005080022eb0000000eff4c020000000000000800081e120800655800000003a33ce789860dc984c201b1e28a9fe3cd0d2bcc93a01e611df412f11b"], 0xde) 1.460902827s ago: executing program 3 (id=94): r0 = socket$netlink(0x10, 0x3, 0x0) munlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) umount2(&(0x7f0000000040)='./file0\x00', 0x4) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x89b0, &(0x7f0000001440)={'team_slave_1\x00', &(0x7f0000000180)=@ethtool_cmd={0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x6, 0x0, 0x0, 0x0, 0x2, 0x0, 0xc0}}) fstat(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x814010, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYRES64=r2, @ANYRES16=r3, @ANYRESHEX=r2, @ANYRESDEC=r0], 0x34}}, 0x0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r4, 0x28, 0x2, &(0x7f0000000280)=0x8001, 0x8) 1.437454669s ago: executing program 3 (id=95): syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$cont(0x19, r0, 0xd, 0x4) syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000d7dda4108911930800000102030109022400020000000009046802006e02c0000904680001253e5300090508"], 0x0) syz_usb_connect$cdc_ecm(0x4, 0x58, &(0x7f00000000c0)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x46, 0x1, 0x1, 0xe, 0x30, 0x13, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x2, 0x6, 0x0, 0x1, {{0x7, 0x24, 0x6, 0x0, 0x0, 'Za'}, {0x5, 0x24, 0x0, 0x7}, {0xd, 0x24, 0xf, 0x1, 0x34, 0x401, 0x6, 0x62}}, {[{{0x9, 0x5, 0x81, 0x3, 0x400, 0x7, 0x7f, 0x6}}], {{0x9, 0x5, 0x82, 0x2, 0x40, 0x2, 0x7, 0x1}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0xf, 0x8, 0x9}}}}}]}}]}}, &(0x7f0000000240)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x300, 0x8, 0x7f, 0x5, 0xff, 0x3}, 0x58, &(0x7f0000000280)=ANY=[@ANYBLOB="050f5800033f1002a74392675c7522bd2f47e6d2f04c1f3a5282d6903b99c66955a1ba8f78dcf218c2d978ab32cd1d9124cf2ecbc90c80b1b52330b294626e9783c91c20d0df050a10030209000402ffff0a1003020c0004020000"], 0x1, [{0x29, &(0x7f0000000200)=@string={0x29, 0x3, "dc753561fb493d31ce8275888eaa4a83cb063b78100b8aa3446d89b25d3815126e8d9a84aee090"}}]}) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$sock_int(r1, 0x1, 0x28, &(0x7f0000000000)=0x1, 0x4) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xec) 927.410926ms ago: executing program 0 (id=99): r0 = getpid() r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) getsockopt$bt_BT_POWER(r1, 0x112, 0x9, 0x0, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x30) prctl$PR_SET_SECUREBITS(0x8, 0x0) getsockopt$bt_BT_RCVMTU(r1, 0x112, 0xf, 0x0, &(0x7f0000000180)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x2c, 0x2, 0x3, 0x101, 0x0, 0x0, {}, [@NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x2e}, @NFQA_CFG_CMD={0x8, 0x1, {0x0, 0x0, 0xf}}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}]}, 0x2c}}, 0x814) r3 = syz_pidfd_open(r0, 0x0) setns(r3, 0x24020000) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000003c0)="11"}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xc0000, 0x8c) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0) r5 = openat$incfs(r4, &(0x7f00000001c0)='.pending_reads\x00', 0x0, 0x130) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0xa5) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000080)='./file1/file0\x00', 0x0, 0x1287008, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000280), 0x80, 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file0\x00', 0x0) ioctl$TIOCL_GETKMSGREDIRECT(r5, 0xc058671e, &(0x7f00000000c0)) 896.088369ms ago: executing program 0 (id=100): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x2d, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x2, 0x5, 0x3fe, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x7f, 0x2, 0x2, 0x6, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0x6, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x204, 0x1c, 0x7, 0x1, 0x9, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x9000003, 0x5, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x8000, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x3437, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x5, 0x2, 0x6, 0x8000, 0xf65, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0xfffc, 0xfffffffd, 0x8, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0xc, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x7, 0xfffffffa, 0x32d, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x3, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x4, 0xfffffffd, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x3, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, 0x0, 0xc0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x40000000000180, 0x2, 0x80000000, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x0, 0x5, 0x4, 0x8], 0x25000, 0x304}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 792.257158ms ago: executing program 1 (id=101): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x442, 0x40) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x4044844) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000040)=""/106, &(0x7f0000000380)=0x6a) ioctl$KVM_NMI(r3, 0xae9a) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x10000, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040040}, 0x20000010) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x100, 0x5, 0x6, 0x4002, 0x5, 0x37, 0xefffffffffffffff, 0x0, 0x0, 0x2000005, 0xfffffffface6e3cd, 0x40000000001c, 0x1, 0xffffffffffffffff, 0xfd]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 774.485439ms ago: executing program 2 (id=102): r0 = socket$inet6(0xa, 0x1, 0x0) openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000002340)={0x40, 0x100, 0x20}, 0x18) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000040)=0x80000004, 0x4) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xb}}}, 0x1c) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) inotify_add_watch(r1, 0x0, 0x3000004) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x800) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x10001, 0x4, 0x7000, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) r3 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4) setsockopt$sock_int(r3, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4) ioctl$RTC_ALM_READ(r2, 0x80247008, &(0x7f0000000080)) bind$inet(r3, &(0x7f0000e15000)={0x2, 0x4e20, @empty}, 0x10) 761.662851ms ago: executing program 2 (id=103): syz_clone(0x140011, 0x0, 0x0, 0x0, 0x0, 0x0) syz_usb_connect(0x2, 0x24, &(0x7f0000000540)={{0x12, 0x1, 0x1ff, 0xd8, 0xa7, 0x40, 0x40, 0x1c04, 0x15, 0xe244, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x5f, 0x65, 0x50, 0x70, [{{0x9, 0x4, 0xd5, 0x9, 0x0, 0xff, 0x10, 0x2f, 0xf7}}]}}]}}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, 0x0, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x4, @none}, 0xe) prctl$PR_SET_DUMPABLE(0x4, 0x0) 743.140082ms ago: executing program 1 (id=104): r0 = socket$nl_generic(0x11, 0x3, 0x10) sendmsg(r0, &(0x7f0000000640)={&(0x7f0000000000)=@nfc_llcp={0x27, 0x0, 0x1, 0x3, 0x6, 0x6, "f5c16b3695efbc8000e20eb6c073d7d53d8d3ae47e96e6f7aee58c3c780d38edf0c116a87daf8994a39acd53ac6d31c061e83e1035438a42d825d0e9f54076", 0x3a}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x11000000}, 0xc0010) 701.707246ms ago: executing program 1 (id=105): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x4044844) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000040)=""/106, &(0x7f0000000380)=0x6a) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040040}, 0x20000010) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x100, 0x5, 0x6, 0x4002, 0x5, 0x37, 0xefffffffffffffff, 0x0, 0x0, 0x2000005, 0xfffffffface6e3cd, 0x40000000001c, 0x1, 0xffffffffffffffff, 0xfd]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 2) 701.093026ms ago: executing program 0 (id=106): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x4044844) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000040)=""/106, &(0x7f0000000380)=0x6a) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x100, 0x5, 0x6, 0x4002, 0x5, 0x37, 0xefffffffffffffff, 0x0, 0x0, 0x2000005, 0xfffffffface6e3cd, 0x40000000001c, 0x1, 0xffffffffffffffff, 0xfd]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 204.337741ms ago: executing program 1 (id=107): writev(0xffffffffffffffff, &(0x7f0000000240)=[{0x0}, {}], 0x2) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x2d, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x2, 0x5, 0x3fe, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x7f, 0x2, 0x2, 0x6, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0x6, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x204, 0x1c, 0x7, 0x1, 0x9, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x9000003, 0x5, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x8000, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x3437, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x5, 0x2, 0x6, 0x8000, 0xf65, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0xfffc, 0xfffffffd, 0x8, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0xc, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x7, 0xfffffffa, 0x32d, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x3, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x4, 0xfffffffd, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x3, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={0x14, 0x0, 0x1, 0x70bd2a, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0xc0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x40000000000180, 0x2, 0x80000000, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x0, 0x5, 0x4, 0x8], 0x25000, 0x304}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 203.926051ms ago: executing program 0 (id=108): r0 = getpid() r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) getsockopt$bt_BT_POWER(r1, 0x112, 0x9, 0x0, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x30) prctl$PR_SET_SECUREBITS(0x8, 0x0) getsockopt$bt_BT_RCVMTU(r1, 0x112, 0xf, 0x0, &(0x7f0000000180)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x2c, 0x2, 0x3, 0x101, 0x0, 0x0, {}, [@NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x2e}, @NFQA_CFG_CMD={0x8, 0x1, {0x0, 0x0, 0xf}}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}]}, 0x2c}}, 0x814) r3 = syz_pidfd_open(r0, 0x0) setns(r3, 0x24020000) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000003c0)="11"}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xc0000, 0x8c) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0) r5 = openat$incfs(r4, &(0x7f00000001c0)='.pending_reads\x00', 0x0, 0x130) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0xa5) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000080)='./file1/file0\x00', 0x0, 0x1287008, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000280), 0x80, 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file0\x00', 0x0) ioctl$TIOCL_GETKMSGREDIRECT(r5, 0xc058671e, &(0x7f00000000c0)) 203.566581ms ago: executing program 3 (id=109): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xfec0, 0x0, @loopback, 0x7}, 0x1c) 150.036706ms ago: executing program 3 (id=110): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0x7) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x7f) r1 = socket(0x2, 0x1, 0x0) listen(r1, 0x0) accept$inet6(r1, 0x0, 0x0) shutdown(r1, 0x1) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup(r3) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r2, &(0x7f0000000180)=ANY=[@ANYBLOB="70000000ffffffffffffaac8386e467654306d00002c00004000002f9078ac1e0001e00000010000655800189078040000000000000086ddffff00000000"], 0x3e) r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_CONTROL(r5, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0xf00, 0x0, 0x2, 0x0, 0x0}) 149.175686ms ago: executing program 0 (id=111): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000100)="9ea1d0081f", 0x5) recvmmsg(r3, &(0x7f00000008c0), 0x10, 0x0, 0x0) close(r2) ioctl$TUNSETLINK(r1, 0x400454cd, 0x306) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'team0\x00', 0x0}) setsockopt$packet_drop_memb(0xffffffffffffffff, 0x107, 0x2, &(0x7f00000001c0)={r4, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2f}}, 0x10) r5 = socket$inet6(0xa, 0x2, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) ioctl$sock_SIOCETHTOOL(r5, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x9, 0x0, 0x8a, 0x0, 0x0, 0x2000000}}) r6 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x2a, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e24, 0x3, @local, 0x9}, 0x1c) dup3(r6, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 81.284972ms ago: executing program 1 (id=112): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x442, 0x40) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x4044844) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000040)=""/106, &(0x7f0000000380)=0x6a) ioctl$KVM_NMI(r3, 0xae9a) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x10000, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040040}, 0x20000010) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x100, 0x5, 0x6, 0x4002, 0x5, 0x37, 0xefffffffffffffff, 0x0, 0x0, 0x2000005, 0xfffffffface6e3cd, 0x40000000001c, 0x1, 0xffffffffffffffff, 0xfd]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 46.081126ms ago: executing program 2 (id=113): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000009cc0), r0) sendmsg$NFC_CMD_GET_TARGET(r0, &(0x7f0000009d80)={0x0, 0x0, &(0x7f0000009d40)={&(0x7f0000009d00)={0x14, r1, 0x701, 0x70bd2c, 0x25dfdbfd, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x810}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f0000000040), 0x10001, &(0x7f00000001c0)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x8000}}) creat(&(0x7f0000000100)='./file0\x00', 0x20) ioctl$KVM_GET_MSRS_cpu(r4, 0xc008ae88, &(0x7f0000000100)={0x1, 0x0, [{0x48a, 0x0, 0xffff}]}) 0s ago: executing program 0 (id=114): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$incfs(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x1018040, &(0x7f0000000280)={[{@rlog_pages={'rlog_pages', 0x3d, 0x810}}]}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.174' (ED25519) to the list of known hosts. [ 21.632253][ T36] audit: type=1400 audit(1771357411.750:64): avc: denied { mounton } for pid=284 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.635952][ T284] cgroup: Unknown subsys name 'net' [ 21.654975][ T36] audit: type=1400 audit(1771357411.750:65): avc: denied { mount } for pid=284 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.682323][ T36] audit: type=1400 audit(1771357411.780:66): avc: denied { unmount } for pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.682896][ T284] cgroup: Unknown subsys name 'devices' [ 21.867987][ T284] cgroup: Unknown subsys name 'hugetlb' [ 21.873624][ T284] cgroup: Unknown subsys name 'rlimit' [ 21.969395][ T36] audit: type=1400 audit(1771357412.090:67): avc: denied { setattr } for pid=284 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.992705][ T36] audit: type=1400 audit(1771357412.090:68): avc: denied { mounton } for pid=284 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.017481][ T36] audit: type=1400 audit(1771357412.090:69): avc: denied { mount } for pid=284 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.048000][ T286] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 22.056930][ T36] audit: type=1400 audit(1771357412.180:70): avc: denied { relabelto } for pid=286 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.082374][ T36] audit: type=1400 audit(1771357412.180:71): avc: denied { write } for pid=286 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.108438][ T36] audit: type=1400 audit(1771357412.230:72): avc: denied { read } for pid=284 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.134157][ T36] audit: type=1400 audit(1771357412.230:73): avc: denied { open } for pid=284 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.134795][ T284] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.901167][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.912901][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.920087][ T291] bridge_slave_0: entered allmulticast mode [ 22.927040][ T291] bridge_slave_0: entered promiscuous mode [ 22.933815][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.940906][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.948017][ T291] bridge_slave_1: entered allmulticast mode [ 22.954425][ T291] bridge_slave_1: entered promiscuous mode [ 23.092775][ T297] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.100019][ T297] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.107274][ T297] bridge_slave_0: entered allmulticast mode [ 23.113522][ T297] bridge_slave_0: entered promiscuous mode [ 23.119971][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.127072][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.134377][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.141451][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.155838][ T297] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.162987][ T297] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.170166][ T297] bridge_slave_1: entered allmulticast mode [ 23.176874][ T297] bridge_slave_1: entered promiscuous mode [ 23.233894][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.241112][ T295] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.248319][ T295] bridge_slave_0: entered allmulticast mode [ 23.254709][ T295] bridge_slave_0: entered promiscuous mode [ 23.264325][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.271467][ T295] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.278650][ T295] bridge_slave_1: entered allmulticast mode [ 23.284906][ T295] bridge_slave_1: entered promiscuous mode [ 23.294603][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.301728][ T296] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.308921][ T296] bridge_slave_0: entered allmulticast mode [ 23.315144][ T296] bridge_slave_0: entered promiscuous mode [ 23.324593][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.331681][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.338822][ T296] bridge_slave_1: entered allmulticast mode [ 23.345082][ T296] bridge_slave_1: entered promiscuous mode [ 23.453658][ T297] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.460779][ T297] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.468132][ T297] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.475189][ T297] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.497431][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.505208][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.512697][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.527230][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.534446][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.589652][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.596762][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.611412][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.618573][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.647139][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.654214][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.663153][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.670219][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.687246][ T291] veth0_vlan: entered promiscuous mode [ 23.696410][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.703501][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.711188][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.718286][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.747921][ T291] veth1_macvtap: entered promiscuous mode [ 23.777868][ T297] veth0_vlan: entered promiscuous mode [ 23.792991][ T295] veth0_vlan: entered promiscuous mode [ 23.807047][ T296] veth0_vlan: entered promiscuous mode [ 23.820759][ T295] veth1_macvtap: entered promiscuous mode [ 23.828337][ T297] veth1_macvtap: entered promiscuous mode [ 23.849303][ T296] veth1_macvtap: entered promiscuous mode [ 23.868638][ T291] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 23.930953][ T333] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 24.000570][ T343] ======================================================= [ 24.000570][ T343] WARNING: The mand mount option has been deprecated and [ 24.000570][ T343] and is ignored by this kernel. Remove the mand [ 24.000570][ T343] option from the mount to silence this warning. [ 24.000570][ T343] ======================================================= [ 24.057347][ T343] ext2: Unknown parameter '^..}' [ 24.211976][ T350] rust_binder: Failed to allocate buffer. len:1024, is_oneway:true [ 24.412395][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 24.435696][ T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 24.475407][ T68] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 24.565689][ T10] usb 2-1: device descriptor read/64, error -71 [ 24.626712][ T68] usb 3-1: config 0 has an invalid interface number: 31 but max is 0 [ 24.634895][ T68] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 24.645062][ T68] usb 3-1: config 0 has no interface number 0 [ 24.652981][ T68] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 24.662181][ T68] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 24.670225][ T68] usb 3-1: Product: syz [ 24.674452][ T68] usb 3-1: Manufacturer: syz [ 24.679108][ T68] usb 3-1: SerialNumber: syz [ 24.684847][ T68] usb 3-1: config 0 descriptor?? [ 24.690912][ T68] hub 3-1:0.31: bad descriptor, ignoring hub [ 24.696983][ T68] hub 3-1:0.31: probe with driver hub failed with error -5 [ 24.704603][ T68] usb 3-1: Found UVC 0.04 device syz (046d:08c3) [ 24.711143][ T68] uvcvideo 3-1:0.31: Entity type for entity Output 6 was not initialized! [ 24.719941][ T68] usb 3-1: Failed to create links for entity 6 [ 24.726754][ T68] usb 3-1: Failed to register entities (-22). [ 24.835401][ T10] usb 2-1: device descriptor read/64, error -71 [ 24.894819][ T363] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 24.904334][ T363] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 25.015539][ T31] usb 3-1: USB disconnect, device number 2 [ 25.075464][ T10] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 25.141001][ T406] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 25.205440][ T10] usb 2-1: device descriptor read/64, error -71 [ 25.445772][ T10] usb 2-1: device descriptor read/64, error -71 [ 25.555467][ T10] usb usb2-port1: attempt power cycle [ 25.905385][ T10] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 25.927330][ T10] usb 2-1: device descriptor read/8, error -71 [ 26.056886][ T10] usb 2-1: device descriptor read/8, error -71 [ 26.295369][ T10] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 26.318355][ T10] usb 2-1: device descriptor read/8, error -71 [ 26.446601][ T10] usb 2-1: device descriptor read/8, error -71 [ 26.485400][ T375] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 26.485409][ T376] Bluetooth: hci0: command 0x1003 tx timeout [ 26.555486][ T10] usb usb2-port1: unable to enumerate USB device [ 26.585380][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 26.746544][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.757552][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 26.767549][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 26.780680][ T9] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 26.790127][ T36] kauditd_printk_skb: 79 callbacks suppressed [ 26.790144][ T36] audit: type=1400 audit(1771357416.910:151): avc: denied { unmount } for pid=296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 26.816433][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.826291][ T454] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 26.826650][ T9] usb 1-1: config 0 descriptor?? [ 26.845132][ T36] audit: type=1400 audit(1771357416.960:152): avc: denied { create } for pid=453 comm="syz.2.37" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 26.900389][ T36] audit: type=1400 audit(1771357417.020:153): avc: denied { connect } for pid=453 comm="syz.2.37" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 26.903065][ T454] process 'syz.2.37' launched './file1' with NULL argv: empty string added [ 26.920007][ T36] audit: type=1400 audit(1771357417.020:154): avc: denied { write } for pid=453 comm="syz.2.37" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 26.947664][ T36] audit: type=1400 audit(1771357417.020:155): avc: denied { execute } for pid=453 comm="syz.2.37" name="file1" dev="tmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 26.969625][ T36] audit: type=1400 audit(1771357417.050:156): avc: denied { execute_no_trans } for pid=453 comm="syz.2.37" path="/12/file1" dev="tmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 26.993072][ T36] audit: type=1400 audit(1771357417.050:157): avc: denied { mounton } for pid=453 comm="syz.2.37" path="/12/file1" dev="tmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 27.277406][ T9] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 27.287516][ T9] plantronics 0003:047F:FFFF.0001: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 27.407605][ T374] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 27.415362][ T10] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 27.566845][ T10] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 27.585415][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.606001][ T10] usb 3-1: config 0 descriptor?? [ 27.788936][ T36] audit: type=1400 audit(1771357417.910:158): avc: denied { name_bind } for pid=479 comm="syz.3.45" src=65152 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 27.887345][ T36] audit: type=1400 audit(1771357418.010:159): avc: denied { read } for pid=451 comm="syz.0.36" dev="nsfs" ino=4026532457 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 27.908252][ T36] audit: type=1400 audit(1771357418.010:160): avc: denied { open } for pid=451 comm="syz.0.36" path="net:[4026532457]" dev="nsfs" ino=4026532457 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 28.015059][ T10] pyra 0003:1E7D:2CF6.0002: hidraw1: USB HID v10.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.2-1/input0 [ 28.065359][ T31] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 28.193414][ T489] netlink: 4 bytes leftover after parsing attributes in process `syz.1.48'. [ 28.202923][ T489] incfs: ino conflict with backing FS 1 [ 28.214548][ T484] usb 3-1: USB disconnect, device number 3 [ 28.226734][ T31] usb 4-1: Using ep0 maxpacket: 8 [ 28.233632][ T31] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 28.244979][ T31] usb 4-1: too many endpoints for config 1 interface 0 altsetting 160: 215, using maximum allowed: 30 [ 28.256755][ T31] usb 4-1: config 1 interface 0 altsetting 160 has 0 endpoint descriptors, different from the interface descriptor's value: 215 [ 28.280962][ T491] kvm: pic: non byte write [ 28.298903][ T31] usb 4-1: config 1 interface 0 has no altsetting 0 [ 28.309738][ T31] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 28.318990][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 28.332392][ T31] usb 4-1: SerialNumber: syz [ 28.339554][ T31] cdc_ether 4-1:1.0: invalid descriptor buffer length [ 28.347830][ T31] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22 [ 28.586635][ T10] usb 4-1: USB disconnect, device number 2 [ 28.679448][ T500] kvm: kvm [499]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x11e) = 0x80000000000 [ 28.690997][ T500] kvm: kvm [499]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x186) = 0x80000000000 [ 28.700644][ T500] kvm: kvm [499]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x187) = 0x80000000000 [ 29.545614][ T484] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 29.725771][ T484] usb 1-1: device firmware changed [ 29.733676][ T31] usb 1-1: USB disconnect, device number 2 [ 29.765538][ T64] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 29.904508][ T31] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 29.916527][ T64] usb 3-1: config 0 interface 0 has no altsetting 0 [ 29.923206][ T64] usb 3-1: New USB device found, idVendor=056a, idProduct=032a, bcdDevice= 0.00 [ 29.932752][ T64] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.941894][ T64] usb 3-1: config 0 descriptor?? [ 30.035385][ T403] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 30.056512][ T31] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.067728][ T31] usb 1-1: New USB device found, idVendor=17ef, idProduct=60a3, bcdDevice= 0.00 [ 30.077130][ T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.089486][ T31] usb 1-1: config 0 descriptor?? [ 30.150612][ T64] wacom 0003:056A:032A.0003: unknown main item tag 0x0 [ 30.165008][ T64] wacom 0003:056A:032A.0003: unknown main item tag 0x0 [ 30.174817][ T64] wacom 0003:056A:032A.0003: unknown main item tag 0x0 [ 30.191063][ T64] wacom 0003:056A:032A.0003: hidraw0: USB HID vff.ff Device [HID 056a:032a] on usb-dummy_hcd.2-1/input0 [ 30.204444][ T64] usb 3-1: USB disconnect, device number 4 [ 30.213047][ T403] usb 2-1: too many endpoints for config 0 interface 0 altsetting 12: 36, using maximum allowed: 30 [ 30.223971][ T403] usb 2-1: config 0 interface 0 altsetting 12 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.235043][ T403] usb 2-1: config 0 interface 0 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 36 [ 30.248424][ T403] usb 2-1: config 0 interface 0 has no altsetting 0 [ 30.255194][ T403] usb 2-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 30.273246][ T403] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.280828][ T543] fido_id[543]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 30.287150][ T403] usb 2-1: config 0 descriptor?? [ 30.505401][ T31] lenovo 0003:17EF:60A3.0004: hidraw0: USB HID v0.00 Device [HID 17ef:60a3] on usb-dummy_hcd.0-1/input0 [ 30.518710][ T536] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 30.537450][ T536] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 30.685384][ T64] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 30.737159][ T31] usb 1-1: USB disconnect, device number 3 [ 30.758376][ T403] nintendo 0003:057E:200E.0005: unbalanced delimiter at end of report description [ 30.771154][ T403] nintendo 0003:057E:200E.0005: HID parse failed [ 30.777976][ T403] nintendo 0003:057E:200E.0005: probe - fail = -22 [ 30.784657][ T403] nintendo 0003:057E:200E.0005: probe with driver nintendo failed with error -22 [ 30.846540][ T64] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.857533][ T64] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 30.867624][ T64] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 30.880764][ T64] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 30.890077][ T64] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.899601][ T64] usb 3-1: config 0 descriptor?? [ 30.958067][ T31] usb 2-1: USB disconnect, device number 6 [ 31.124612][ T562] capability: warning: `syz.1.67' uses deprecated v2 capabilities in a way that may be insecure [ 31.198859][ T64] usbhid 3-1:0.0: can't add hid device: -71 [ 31.204880][ T64] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 31.229500][ T64] usb 3-1: USB disconnect, device number 5 [ 31.565382][ T64] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 31.726536][ T64] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 31.745333][ T64] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 31.765536][ T64] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 31.793145][ T64] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 31.815668][ T36] kauditd_printk_skb: 13 callbacks suppressed [ 31.815687][ T36] audit: type=1400 audit(1771357421.940:174): avc: denied { append } for pid=603 comm="syz.1.80" name="001" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 31.855371][ T64] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 31.874624][ T64] usb 3-1: config 0 descriptor?? [ 31.890184][ T36] audit: type=1400 audit(1771357421.970:175): avc: denied { read } for pid=603 comm="syz.1.80" name="usbmon7" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 32.045173][ T36] audit: type=1400 audit(1771357421.970:176): avc: denied { open } for pid=603 comm="syz.1.80" path="/dev/usbmon7" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 32.084551][ T609] netlink: 104 bytes leftover after parsing attributes in process `syz.1.82'. [ 32.087757][ T36] audit: type=1400 audit(1771357421.970:177): avc: denied { ioctl } for pid=603 comm="syz.1.80" path="socket:[7148]" dev="sockfs" ino=7148 ioctlcmd=0x5882 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 32.095842][ T609] batadv_slave_1: entered promiscuous mode [ 32.155348][ T36] audit: type=1400 audit(1771357422.200:178): avc: denied { name_bind } for pid=608 comm="syz.1.82" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 32.179826][ T608] batadv_slave_1: left promiscuous mode [ 32.197766][ T36] audit: type=1400 audit(1771357422.200:179): avc: denied { nlmsg_read } for pid=608 comm="syz.1.82" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 32.316810][ T36] audit: type=1400 audit(1771357422.440:180): avc: denied { create } for pid=616 comm="syz.1.85" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 32.330158][ T64] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 32.348466][ T64] plantronics 0003:047F:FFFF.0006: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 32.391714][ T36] audit: type=1400 audit(1771357422.440:181): avc: denied { listen } for pid=616 comm="syz.1.85" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 32.425493][ T36] audit: type=1400 audit(1771357422.450:182): avc: denied { connect } for pid=616 comm="syz.1.85" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 32.457141][ T36] audit: type=1400 audit(1771357422.490:183): avc: denied { read } for pid=616 comm="syz.1.85" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 32.523677][ T625] fuse: Unknown parameter 'rootmgde' [ 32.685395][ T64] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 32.693919][ T635] overlay: filesystem on ./bus not supported as upperdir [ 32.706394][ T635] incfs: mount failed -22 [ 32.855349][ T64] usb 2-1: Using ep0 maxpacket: 16 [ 32.863253][ T64] usb 2-1: New USB device found, idVendor=09e8, idProduct=0062, bcdDevice=80.f2 [ 32.876941][ T64] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 32.885023][ T64] usb 2-1: Product: syz [ 33.369546][ T64] usb 2-1: Manufacturer: syz [ 33.374315][ T64] usb 2-1: SerialNumber: syz [ 33.383636][ T64] usb 2-1: config 0 descriptor?? [ 33.393013][ T64] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 33.412727][ T331] udevd[331]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 33.591294][ T622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 33.602752][ T622] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 33.612881][ T403] usb 2-1: USB disconnect, device number 7 [ 33.785382][ T31] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 33.935473][ T31] usb 4-1: Using ep0 maxpacket: 16 [ 33.942024][ T31] usb 4-1: config 0 has an invalid interface number: 104 but max is 1 [ 33.951224][ T31] usb 4-1: config 0 has an invalid interface number: 104 but max is 1 [ 33.959677][ T31] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 33.968624][ T31] usb 4-1: config 0 has no interface number 0 [ 33.974747][ T31] usb 4-1: config 0 interface 104 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 33.984802][ T31] usb 4-1: config 0 interface 104 has no altsetting 1 [ 33.992952][ T31] usb 4-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice= 0.00 [ 34.002020][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 34.010150][ T31] usb 4-1: Product: syz [ 34.014348][ T31] usb 4-1: Manufacturer: syz [ 34.019241][ T31] usb 4-1: SerialNumber: syz [ 34.024884][ T31] usb 4-1: config 0 descriptor?? [ 34.031075][ T31] asix 4-1:0.104: probe with driver asix failed with error -22 [ 34.050532][ T668] overlay: filesystem on ./bus not supported as upperdir [ 34.058621][ T668] incfs: mount failed -22 [ 34.242680][ T10] usb 4-1: USB disconnect, device number 3 [ 34.267033][ T684] FAULT_INJECTION: forcing a failure. [ 34.267033][ T684] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 34.280426][ T684] CPU: 1 UID: 0 PID: 684 Comm: syz.1.105 Not tainted syzkaller #0 e92730fa182d0321ab783e890b83e46c5a8dda99 [ 34.280463][ T684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 34.280484][ T684] Call Trace: [ 34.280491][ T684] [ 34.280499][ T684] __dump_stack+0x21/0x30 [ 34.280537][ T684] dump_stack_lvl+0x140/0x1c0 [ 34.280564][ T684] ? __cfi_dump_stack_lvl+0x10/0x10 [ 34.280594][ T684] dump_stack+0x19/0x20 [ 34.280619][ T684] should_fail_ex+0x3d7/0x530 [ 34.280640][ T684] should_fail+0xf/0x20 [ 34.280658][ T684] should_fail_usercopy+0x1e/0x30 [ 34.280680][ T684] __kvm_read_guest_page+0x177/0x210 [ 34.280710][ T684] kvm_vcpu_read_guest+0x3a6/0x510 [ 34.280744][ T684] read_emulate+0x30/0x50 [ 34.280764][ T684] emulator_read_write_onepage+0x7df/0xd20 [ 34.280788][ T684] emulator_read_write+0x1ef/0x580 [ 34.280810][ T684] emulator_read_emulated+0x40/0x50 [ 34.280839][ T684] ? __cfi_emulator_read_emulated+0x10/0x10 [ 34.280868][ T684] segmented_read+0x1c5/0x400 [ 34.280902][ T684] x86_emulate_insn+0x777/0x3fe0 [ 34.280949][ T684] ? xaddq_rax_rdx+0x10/0x10 [ 34.280979][ T684] x86_emulate_instruction+0xb5c/0x1a30 [ 34.281006][ T684] kvm_mmu_page_fault+0x336/0x970 [ 34.281031][ T684] handle_ept_violation+0x256/0x450 [ 34.281051][ T684] ? vmx_vcpu_run+0x1116/0x1f70 [ 34.281080][ T684] ? __cfi_handle_ept_violation+0x10/0x10 [ 34.281101][ T684] vmx_handle_exit+0x12c0/0x1b10 [ 34.281128][ T684] ? kvm_deliver_exception_payload+0xd7/0x200 [ 34.281155][ T684] ? __cfi_vmx_vcpu_run+0x10/0x10 [ 34.281183][ T684] ? vmx_handle_exit_irqoff+0xe9/0x780 [ 34.281213][ T684] vcpu_run+0x49f7/0x7840 [ 34.281252][ T684] ? signal_pending+0xc0/0xc0 [ 34.281290][ T684] ? complete_emulated_mmio+0x4fb/0x790 [ 34.281314][ T684] kvm_arch_vcpu_ioctl_run+0x1167/0x1bd0 [ 34.281339][ T684] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 34.281365][ T684] ? kstrtoull+0x13b/0x1e0 [ 34.281386][ T684] ? kstrtouint+0x78/0xf0 [ 34.281405][ T684] ? ioctl_has_perm+0x1bc/0x500 [ 34.281426][ T684] ? __asan_memcpy+0x5a/0x80 [ 34.281450][ T684] ? ioctl_has_perm+0x408/0x500 [ 34.281471][ T684] ? has_cap_mac_admin+0xd0/0xd0 [ 34.281492][ T684] ? __kasan_check_write+0x18/0x20 [ 34.281516][ T684] ? mutex_lock_killable+0x97/0x1d0 [ 34.281542][ T684] ? __cfi_mutex_lock_killable+0x10/0x10 [ 34.281569][ T684] ? proc_fail_nth_write+0x184/0x220 [ 34.281591][ T684] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 34.281614][ T684] kvm_vcpu_ioctl+0xa48/0x1000 [ 34.281643][ T684] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 34.281674][ T684] ? __cfi_vfs_write+0x10/0x10 [ 34.281699][ T684] ? __kasan_check_write+0x18/0x20 [ 34.281724][ T684] ? mutex_unlock+0x90/0x240 [ 34.281748][ T684] ? __cfi_mutex_unlock+0x10/0x10 [ 34.281774][ T684] ? __fget_files+0x2c5/0x340 [ 34.281804][ T684] ? __fget_files+0x2c5/0x340 [ 34.281833][ T684] ? bpf_lsm_file_ioctl+0xd/0x20 [ 34.281853][ T684] ? security_file_ioctl+0x3e/0x110 [ 34.281874][ T684] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 34.281904][ T684] __se_sys_ioctl+0x135/0x1b0 [ 34.281933][ T684] __x64_sys_ioctl+0x7f/0xa0 [ 34.281963][ T684] x64_sys_call+0x1878/0x2ee0 [ 34.281993][ T684] do_syscall_64+0x57/0xf0 [ 34.282011][ T684] ? clear_bhb_loop+0x50/0xa0 [ 34.282031][ T684] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 34.282061][ T684] RIP: 0033:0x7f8fcbf9c629 [ 34.282089][ T684] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 34.282105][ T684] RSP: 002b:00007f8fccdd7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 34.282135][ T684] RAX: ffffffffffffffda RBX: 00007f8fcc215fa0 RCX: 00007f8fcbf9c629 [ 34.282152][ T684] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 34.282164][ T684] RBP: 00007f8fccdd7090 R08: 0000000000000000 R09: 0000000000000000 [ 34.282177][ T684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 34.282189][ T684] R13: 00007f8fcc216038 R14: 00007f8fcc215fa0 R15: 00007ffe92e02498 [ 34.282208][ T684] [ 34.684049][ T484] usb 3-1: USB disconnect, device number 6 [ 34.788525][ T692] overlay: filesystem on ./bus not supported as upperdir [ 34.796930][ T692] incfs: mount failed -22 [ 34.935618][ T709] ------------[ cut here ]------------ [ 34.941145][ T709] WARNING: CPU: 0 PID: 709 at mm/page_alloc.c:5235 __alloc_pages_noprof+0x109/0x7e0 [ 34.950619][ T709] Modules linked in: [ 34.954551][ T709] CPU: 0 UID: 0 PID: 709 Comm: syz.0.114 Not tainted syzkaller #0 e92730fa182d0321ab783e890b83e46c5a8dda99 [ 34.965996][ T709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 34.976127][ T709] RIP: 0010:__alloc_pages_noprof+0x109/0x7e0 [ 34.982164][ T709] Code: 00 0f 1f 44 00 00 83 fb 0b 72 28 b8 00 20 00 00 23 44 24 40 75 1d 80 3d 4a ab 0b 06 00 0f 85 c2 00 00 00 c6 05 3d ab 0b 06 01 <0f> 0b 31 c0 e9 b4 00 00 00 83 fb 0a 0f 87 a9 00 00 00 44 8b 64 24 [ 35.001980][ T709] RSP: 0018:ffffc9000e56f860 EFLAGS: 00010246 [ 35.008125][ T709] RAX: 0000000000000000 RBX: 000000000000000b RCX: 0000000000000000 [ 35.016177][ T709] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000e56f918 [ 35.024197][ T709] RBP: ffffc9000e56f988 R08: ffffc9000e56f917 R09: 0000000000000000 [ 35.032255][ T709] R10: ffffc9000e56f900 R11: fffff52001cadf23 R12: ffffc9000e56f8a0 [ 35.040311][ T709] R13: dffffc0000000000 R14: 1ffff92001cadf10 R15: 0000000000000000 [ 35.048355][ T709] FS: 00007f11578ca6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 35.057354][ T709] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.063982][ T709] CR2: 0000001b2ef23ffc CR3: 0000000120a38000 CR4: 00000000003526b0 [ 35.072017][ T709] Call Trace: [ 35.075367][ T709] [ 35.078320][ T709] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 35.084450][ T709] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 35.090264][ T709] ? incfs_realloc_mount_info+0xa7/0x4d0 [ 35.095991][ T709] ___kmalloc_large_node+0x81/0x210 [ 35.101235][ T709] ? incfs_realloc_mount_info+0xa7/0x4d0 [ 35.107024][ T709] __kmalloc_large_node_noprof+0x1e/0xd0 [ 35.112706][ T709] ? incfs_realloc_mount_info+0xa7/0x4d0 [ 35.118423][ T709] __kmalloc_noprof+0x326/0x500 [ 35.123358][ T709] ? __cfi_lockref_get+0x10/0x10 [ 35.128398][ T709] incfs_realloc_mount_info+0xa7/0x4d0 [ 35.134077][ T709] ? incfs_add_sysfs_node+0x118/0x230 [ 35.139522][ T709] incfs_alloc_mount_info+0x478/0x5f0 [ 35.144952][ T709] incfs_mount_fs+0x3ca/0x970 [ 35.149759][ T709] ? __cfi_incfs_mount_fs+0x10/0x10 [ 35.155005][ T709] ? vfs_parse_fs_string+0x10f/0x180 [ 35.160382][ T709] ? selinux_capable+0x38/0x50 [ 35.165204][ T709] legacy_get_tree+0x103/0x1b0 [ 35.170063][ T709] ? __cfi_incfs_mount_fs+0x10/0x10 [ 35.175336][ T709] vfs_get_tree+0x9e/0x290 [ 35.179795][ T709] do_new_mount+0x251/0xb30 [ 35.184365][ T709] path_mount+0x682/0x1010 [ 35.188881][ T709] __se_sys_mount+0x2bf/0x480 [ 35.193626][ T709] ? __x64_sys_mount+0xf0/0xf0 [ 35.198484][ T709] ? __kasan_check_write+0x18/0x20 [ 35.203736][ T709] ? fpregs_restore_userregs+0x11c/0x260 [ 35.209483][ T709] __x64_sys_mount+0xc3/0xf0 [ 35.214119][ T709] x64_sys_call+0x2021/0x2ee0 [ 35.218861][ T709] do_syscall_64+0x57/0xf0 [ 35.223309][ T709] ? clear_bhb_loop+0x50/0xa0 [ 35.228305][ T709] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 35.234247][ T709] RIP: 0033:0x7f115699c629 [ 35.238806][ T709] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 35.258552][ T709] RSP: 002b:00007f11578ca028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 35.267066][ T709] RAX: ffffffffffffffda RBX: 00007f1156c15fa0 RCX: 00007f115699c629 [ 35.275113][ T709] RDX: 0000200000000140 RSI: 0000200000000100 RDI: 00002000000000c0 [ 35.283184][ T709] RBP: 00007f1156a32b39 R08: 0000200000000280 R09: 0000000000000000 [ 35.291248][ T709] R10: 0000000001018040 R11: 0000000000000246 R12: 0000000000000000 [ 35.299381][ T709] R13: 00007f1156c16038 R14: 00007f1156c15fa0 R15: 00007fffba5353e8 [ 35.307446][ T709] [ 35.310498][ T709] ---[ end trace 0000000000000000 ]--- [ 35.316111][ T709] incfs: Error allocating mount info. -12 [ 35.322012][ T709] incfs: mount failed -12