last executing test programs:

14.091677917s ago: executing program 4 (id=940):
r0 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xaed\x1a\xa9\xfd\xfa\xad\xd1Ud\xc8\x85HX\xa9%\f\x1aO\xe0\b\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\x00\x00z\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xff^\xff\xf0\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000300)=0x2, 0x4)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r4 = syz_open_dev$vbi(&(0x7f0000000180), 0x1, 0x2)
ioctl$VIDIOC_TRY_FMT(r4, 0xc0d05640, &(0x7f0000000500)={0x7, @sdr={0x38414762, 0x3}})

12.070409826s ago: executing program 0 (id=946):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000c40)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000440), 0x0, 0x8000)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
openat$audio(0xffffffffffffff9c, 0x0, 0x9e966e64318092aa, 0x0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000680), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
utime(&(0x7f0000000e00)='./file0\x00', 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
read$FUSE(r7, &(0x7f0000002140)={0x2020, 0x0, <r8=>0x0}, 0x2020)
write$FUSE_INIT(r6, &(0x7f0000000380)={0x50, 0x0, r8, {0x7, 0x29, 0x10001, 0x0, 0xc, 0x0, 0x9, 0x40}}, 0x50)
syz_fuse_handle_req(r6, &(0x7f0000004200)="bf6cfd123544686492166aa4d39ddae6b3db71bf402e492e4fc2fae5af064040d1577a76cf067fdb6db25396c648213a4dbda636843aa2cd905c8a0a8c33ee1da35f6110c2b706fe72aeec19bed39e584d8f7b375aa7e59c7d3a4f418994a93cef912037e77db3af8cd4c43cee5b5a43360c5e11ff1cd9bdb57d62a9fe582f2f06ed3edb193766852dd0cfed12144138d96dbd023e9eeaa0314b20ba4071a342d7d42fe9b36d400fed85aee3da1833379c3df6c365b4055992d228c09a59af2c4a5a162c37c3cbddb5608fb49a22b070a245920d2d9288b550315a3a26b3df076e1e1b6a7b9ce2655d5cf7ae9c3577290405471a2e1357166b98562a2ba612deb7450d6c2accfdd407c6bfddaf590e9f753de41cee1a0add82a3709a2f8b84b9c284a2d6a1b74a69ab3b72746482599f139f23626e98a1b33ec8becafffe9eca25e7c02c3f30f64287ba3b2462f7596f8809c78dad012389cfeac1e7f924b0222894d444a40e7d765def1c34edd37e1d90b650d796a3d2730bdba3522c3d685e8eb5c3e60f2f78a3b8aa146c5eace1953a666b1130dce0a37799e1d50b03502d449e3c09f1be874faccfcf092630648c28c85bd5c07e0911ccf55f474ce4e44a04655ade4eee9f6d5e37b71705f09abdc6e2d9bd63ce408e8cdd2197969d8a385862f77e0d7b598ca767090ec7b93717b34b1b098d0d608e5698e0b0613b672a3f33165756366519d35f64ee8be78d4c29c1385053918e05f325aca43e12ffb0d0b2cbe846ad6e5527a032ca57f738fe87ea24b67f873aed31da8650b2a7713b5e5dae0fe7730c33da557f5393e5aad62bde18e20eed96335b0b92895345cc19dc851bfcd21666b6a0398f9585d40a64fd9a541473ed3ccd3857d5cb3a2d134f750b2c1fdd157e3f255f726a9b4e77b61b34eb4820b1fd080043b5a1a04dc985f59c762ec837db525164b3a0a8aa5c9dbcc0d696b1d75b058afc10599dd06d541e48004353732e96e591324da2a6281a5662765afb27ab55eac1e0b56f341fa1aa04bdf2f4ca546e5f5bcb33acd8d664a51564361cf81b8ad8c722497f6bfb0fece234ce76cd1d4e13047cbac99473046735f67b0b5b90f8ecfc1fff473b14d7a640ed6f131e6e446583da47c6ee83a2f662bff87acf63be8781db597d37fea61da2559f5362ec974a288923852ad07641a577dc223e8977cb3080abf9a5c4621c384b42ae0bc19ef91ae842e262e44157c1a20917dcf3e85911d4bf20098dcde8a070f6ccbd57e808abcb394d94cd27ee996e9ab77ec9bc08e429726939189d9ddb612b7816f385c33b671798fabc518ebc2a2330ecc1aa3d134cacc459cc853291047ba52f4eb8f4a630fe2c1ceefe0a6e2096e725e63a7288e45e8a0b04b6d01a48858a73ca6400ff2e3f6151ca5a071616eecfd46dcc084030d637fc051b02e21f55f5a348c75aa8d0487ae4f724d748b8f44c80deea44724cc99fadde776ac214456aabc8ee2fa31325f0e2f8dab980fe513e54adfb22871a71e55126db04eee0cd73d35b0a269090a212b54eb1f138ace2adb4f043302bd8ea5eed550fa958fccd1387585cd7301f0b9287f1ee2354899ed43d10b5c4a5be2654e213b5f422a9e9b785321b898cdb2bb6590815b80c56f07d06ab88c28efc7ee1bfd02c849da8550dc4b2a3128738bd571310447bb6bd6f190e494e9056c4bb5d651398d7a9b9fc3a96a262e4cda9d181cfbdc92087a57769e1fc860fca716b2b406b6309378efdac65650c99e4f37fad02c11febbb626836887ccaa7b6a0ce8c2bd6bff67e44de25aa27bf30bbe0d980949ac1dbd979d02d50a8d2c36a016e18e838166cd88c0b677b17c37c76c0ef6fc8c835d9e01c0f6c1500b3af105883591083a2df7773f21c93c30c56edbbc649bbb5cbf16824fdc58e5e34d148da0f0e0ec43b94260723afcb020347ade5a27fd2f2bc45a0d30728a4804559f6306646a65e982f11c49dbd428276389eec8514d7840917b31a24b81a44b99c64e55962b4ff25b80daca9526a9ef5b04cb282a9b13512d1fc79ca94973b7dd4923332621b762c7dc6f96c7bdbad42697998a71e42a76a5979b3d0d92e7ffc73b88cc9db0e9da56a907d7235c0c90432db03bffff9675afd77d1467c75226ef1c2575cb8c59f5ffa4ce7db7e290d40060fce39c9487c657b20a275cae75565d37c68a5324d19cc53e0541eff7b089d79f4692e8a07e643848d6f73314eb5894c60d54bfa747e98502166a683377901b3dd4fb9d5246a8bb8f56542c78a5fcc4d87c4f2c24ed7b8ad10be1aa00d56b8dca29055f405329c834c1a54a38db546769476854f5e495c7f59e53eb2f192afe86d1c20493f8117182d6303f16b3ea4fd530fd1d73bb389f7f8818df714256a4a2c07f80eb166f15e64ef595d42adcf2089361070fec1de6aceca8d52edf413aef39ec5b9540999810665cda98b9071e8289fed8a31f79b8d02626a560b4908884ee34222e32355b2c081fa79e0488b932e5ae47ed025ecf7a6cddf0a2e1935f52980ae6fc90a1b15b8bc01eac7789d97cbca2b9edde0540e351ddc0c6d4939327c4ee975f0173953f958bdfffb021867eb5f946ef66af07a138a1cd9975b4e6e3fe0824dbc936a54b28a9d2e000221b754acdce4abe36109fdd48bedee4a90872e6145875c10b39226e0eb6a49e01a23dd10a93d2d1c9f740f5882cfba5132bd3683e54d1893223d9c695253b3a442c040f07530cce1608f8b1f7f96b5789491b819588d8c07a4f11cf5461c5648f6b2253c1506d2ecfb1765879f246046f57d062bb5e362bb077f3ed6f231d2324d09df5ae56c17ed38aa45a323102b01c90fd5aeb4c50f3a0f4fa7261b859bc5e66d6ea746f72209dc625e6ad36418d6f8d845b10496b4e2f7e87170627646acedc7295be3cae5f587e20f2437dc970ae1162f72e86e454839cec106f60a8b69bcf1be462af8129581cad16b8e7dc8ff34f46bab5f8ed65068684c590792fb054c11c59b9848ed1b8eb63c8d08c73c410830858d762461105f82ab739f7243531d0df0d49392a0296394e645df6773e7590f8c0c9bb02470a12ce4828ad184449d9292827e59ccb0e344a443ed89cdb5572010fac5999b579a56f4cee60af581c61b56abdca76545b5b4b0369654730f2598437b311b386f6f4832b92b2ddaa7bc89f38c7b132cbf3b60657c89e4c4821aba26ffa324ed2f05650d48958f4ed0ff1c1ea785ef78983107d0351e2faa050f137466b6f85e13684052b7c71611e7f7810e56210358934cc5b2ffc34f6a595be166ef1437d37f768e47dccdc26d08f30ab61cfd1965e1d53c312c5c025394f10bd500690e1c6847414bcbe46fc65493634f502a2fb4c3480e352b6336ab30fb7691740b6252093146723d78d03fdad8d4fab12c5304b61f949f877f0cbb7d859a5bda4a83a9da7d5ceca444db698c4f446f217a921b14eab4b7005c212dd2b2dc7315d03aed360596ce4171ee8bef6dabccecdf717dfd60982a7fbcd5548609f47c9b3339b818d7db959ca1df348e3203a9edb95e37d7e47fa0b489e67e0c64f30dd9da93a74ffdd7cab7d03c8906435baa9b306f064ebe91858dde4b07e362b835773512f71d8a4efd16527578a0b8354f896d89e4592acec8f2dc285c0664feadc43984bf5f128a9ca5309682b8633a3c4b5b2c240c2abc316bedf9c43617c9b86be20c5375307d634cb1f8c7390160b31cf88b17f8cba5ab1f30fd45be2cd81453e6de11acabb97f98a2a9e299f824d1743ef157daeb416baa1a0fdb21f00846e31f729b3e84e19a96910b75786e44e085d25d192aa44ec87a220cda9d80baf0ceb051e3847d360dbe9257277ae378780b5dbd567ced4124d708ae2f941ff33942114082dc7f0b0bc9f2ff297293f9c9102dd3631bacbe21740314c78d9dbf0f459eddced803c8022a860d2a1c9ff7758b33a6438b93a11ab8409ef2e12754567035ccc7a0a4b25f6c97d4cccdfeb864121e9a58acd13a84936bc6849e39fbb081a4a5f854a15c87f41fb6cf1990588b28d86544fac07706258af5199d72893adf6f495b2a723804c7fa3bc9c45236703d5b5aa4857d00b2817c5bfdd74c75c76914569f7f391d5d733542e53d403b2e35563e715e725eb843e80d033e7b5e14e6ac1270ce68331d396c8817cf2ba72443fc8553707bb50df798e49f678344444993efc5616cef1aade9e8616e01cf0a1afe65142b93b26271f43d8823f075ec836db0c688c3607f9ca8488808681aa4669516f7a1711f928bd6ae7cae0cefd31394d7ade078996265506ca016d20ce18ad7baf2b98cbac85e4cb4dfdcf9120c45c620dd482262e38ca6cb8d5f8cf34135e1b2c92738cf321b41ec5ad6c27b53974bd6b32f8866d625739f54b7a1e3e969dfdc7ddcd4411111da9ec3330c9d3165bb80b441d18a2ed76213fc5cf91d246a4f75971abbf7c5e312021e2b7d88ada65052772ed37a1705f6f5fcb50c9cff34f3f8afc94d010f3a9b92494a3ceeff67b9169d84e90e04e9d96ac56678b7a96f12d11e9a8a999e0b3231be2e98e412075050fa84edde02beef5f1ea1c737603dd5abe79007180f4baa2fa68d461523f1f81011c0e5124b041bd7d78048c2e92b74c58ab2c92e0a99ab83697910affdc4d831557b820bb624964b27ebf3ec74a671ae01522f401484722b0a21d0c3db91dbba3e6ff09a795ab6742ec355711e6a031d9dca8a4739eb3ad65fad53c6365276648e49334498251b6a5eedcf8b8c816baef260eea9dbd93a3a2df276b1298846adb481a5d66c981e04ba632b8229640bff0b48e3ec426f7554f423b04f8e5a3617163ccc1b635db7dfcf1de4e19acc41a8fe4968580d82cb7b9336b1bc1da4daeb4d5026d5f52ff16babd9a2c716d8cdfd105efbf0338fdef20737efb29619b96dfb91d38f619947fcf6116509226d61f4d67784a0607f1aed366a178fa17493742b21ae648b448d8f6de7c8744a7a306a6e831f9e5533111e1552de5ca8963ee594f3e5e7677721c252952035f3fa492ca2d0318f034e0936b3ab2f38360896360f6d4149edfe6cd3990bf1dbddd9f6efe6d122520b6e973e971e3841f58c1acaa5602b09e3e133c2dec8c7f82ccc696d050069c6cf6ed398196adca39f2158188f6af9500e2b46da5000ff573b01423967413c6d35b94cfee1b37637c8ef85e9482eaac678e93a02b48116f284700c003f4f0bff37a54912b591993778e6a3f4d886b03f7d80212032351a9b25fc8057c8219238e7d0cdb49fb877d42cd258823fe2e82ac795a2db4f0055141de68f5087b7889872739b6628739912af72bfd923aaf19ba5577416a3430616c3946d423e7923be9e27d7d7d9a9d5c8dc0490ceee579124872f9dd6858d0988ccba675d801f8d84f29aa8e0f1eb79333c434b44b090ae334ef2ae27d77be290750bb47ec716855195972d1360df2114ccd6ea07afcbe46d5627456fbfdfe1226d6952a57c6f8e35a38f659d3cee77c5bc05fdbee8880b1fea65bafa830c57514a10cf596abeab0dd5805651fc21c3dbe917bb81a857dcb5c7eb2d7ac1362594a1cb0d22b3d275e3b2b3bf9aaf07484d44fad49b4a7293a424520fa800841d26b8e4959655c62f8c19b7bb4f13a8e743236caa35d86df8ffd005d48718ca3ba03938d164ca22cf2b993ce997fe004fe36e54fda58c54d3ebf62a526b830c5434dff01abe238c03ff1e70d2084d54ff24ba9d7fbb93654f18ed8f9283b07c70eca0aa02a12cea47c4b36622a50e7440a0a2852863ee53aeee1e39979ef156f49ba09e3821bb35300fb368e0e491ee0a8304087fdf9f767b119522279bfb29546b8ffd41588bce693aa068465ac19e3b89b8ab4fe6986256f6acc452b8325d236ac006319f8e19180f6df39c6da5b3448d5ae047dec7ac08980b4254f05dedfca1b5df07a253cba9e7235f2ac599f9781a21bc96b383dedb59c5e6769d6277ff7419ad67d99bb3386213f8eb2912dd28bd4710fc25014e163eb85f920b4f1200224465a6117615db2db91d03b63b8e010390be211a9274e94714d43f9e1815f2d4537b543cf498540a90403d07fd1d44cd1b83e5f244d3cb80804091043e67f025203bf548dd269d36e9bb44313b27509dbef92c428414140f59564171a664895d8631d6af1a76ec2162b99fbf128b69a40d60775bccadd0d666277f83279805cd17724bbe59c23419396dfa0044d0f231701fcb2fb01cf2f16a3d3fcbe8ca2607431f08d00626e6499155a544a3ac9060ad0b4ae2303d4d66021b1b73e88843ba990e5e0ff54dfd9e303956b5cf7e02c9779fe7b66d3738000f68cee9a47a1be6847361122212147fe82b83b28bda3dbc7a176c5062a7d323c8cdf36e36692e73ce176a67e4ac5cecbe0fb18f2c13eee93a00e74f6852caa319e798c4ed6023a2cf9de1d5ec08589bfbd36feea5616237ce28169faf883c795da0e83d8c1a43fcb1b01a3ab8745fe4383b8fa4ad25aa1392cb70ceb6d5266e3bbe425cfb77c889d5905ef7645340ad4b43ed4072f648f8b284d76204ed62e34cb42423cc66bf4994281e9be8cfadef463830ccd827bdc06b972ddf23a8db22a9cbf0ab7cb5bc92db73c1f71af8e1a6588ce34e40286ac88c6b82f723b514058229f4969a984731fee52d0617604c01cfe200ad62f20b48c219eefd85705f93c157d551de23ea92c6b8f77385d772d86855c38f87e004d492d35afa757808c1433be3b60faf44fdc2abb7fa6a7ab64017643b98217bf7895315f53114ec45682e13ff0e7d28b4a3c941a23a1a123aee0243ac31be667a445e655064b4c8611d827170d166a5d57be53602b252e8ea4f7148cafa1ab5d88b0daed51b89cfb21744cb47dfb6ad47ef7938dce7e39103df8b3f747debfd7a5848f7aaf16b4e9a54828ae2065564ca9c7306c1ccfb58f8f32389bc22411034dbcd7a1b636eb3502e2fd73c6e33c84cddfc61e00a05c0dfc4ddeefd2bd2cd537b8c08b5450c2e073bfc9afe89b2c986f1fa621b9d6d10d676be22e90622043c55917641fab4e836b3294e65284568c022ba0ed747c0ba8a9800bb581922d0555ab291e8a88f78c9dc16a820ac5aade847f39aa360205cc29a16e87f87639f0ff1080c8de738b7e1b95c32d8232065359098b224eb7f128a76a284c8ce8c80f22c42b1f8107252134957d12c51acda4cfeb8c0787276c8474a480623fcaba3624f9351866459250cb31d64b700644928a6a27715b9c8e5bc7126f55b73f2a59782ef61874539ad341dc6230462de0e9f4af529cc97f9c4ea9528f1798867b79c99c48aa6715437d255940bc7493c850de58be7b5d4d7ce988969bf7ce993dedcdea96c2f96e02b2f1b82204bf9a39b56280ceaff19984cdc537fe9da707ffac23876d1c5208bd0f3232be346b56de24dd17db01129c961d77deb591a3d4f03292cbae8edfaf09bdd3464f166d5cfde6330ce738902a0711f2168f9f661d5c47675b37692c715356145c30b7f1a1faad00ed73613a54785b9b09b5ddf3b162cadf8a986afa95bdea54bcd77d6a6f27712b8e53a247ee8e42b7c9f1a61b331b0aedfd212bbedeb7f898b862cbd32acf0a024fb4a4cf0df1066231858fdd97c5bd27bbb98a92aa60d4eea842504d89ca74860c3929ba158749c37607355c2c85852feaf458e81605be16c0699c3df2d3d3381cfc63cf8593f87439e5e06e1fe14101a9461023ea38ae5dd55b09e3397dbcd561785531228e30bba5af79e36f61df39e20b6db6b6833a15edd61f02fd54997363f389ec17983c316ade70588c6a1bd1a4b99137fdd1a8f075528c84e069ce1258d9af2f2bbd05fba22621d39a2225af03983b89531a8ac1bbc6783a82b5bb671d7cf14ffd7ecab2067ac11a11e5bff62841830c78d7e38e2fe018625a3d74f680680ce6f64e676a6072691f87747d2c44acde2b4f7b1c04224c0c6bb6119f8a27a7673db49ad1aa07405b320d2bce1a931893184a8c0c9c355f07c1e3eb1eb6a2ee083283c3183f06f4cf491588ed38a12bba20ef46bbef3098dc4019d15570bbf27b80549a8a62a722a966f838f8dc6d3552b961e66f2a4a8555f6a2a26bbb392aa1bca2460fc0cd3b02491d82e5dbdb79ecb8dc05d00d2de5e597c449668e8c8ec4ed52f52c8c95057e957e771e25bc1e5a9f2f84bd957227430420dd3874901006deb4e76a3f9c6d1125b2ce37b8a92bd31d31eeaebe1db6d5bc0d4f94b66db399d50e20dfb2b0596d702a3ed942c439def9fcfca0fd703ae627f836b2c7d129641fa2864fc243b193fd528cd040950f37abf0a411adb986dfb60d7db78a037d4d0832516d3293c1a219b80d88eab190c3d8811aaf2deabf41fd2caa3cbb8e0442e790961706521352c934becaa94f1dd8adf07e27d516846f3e6086a47b8c436398af220e75d0e6a41f6b24cf42a1d7a15a385d3332c572f5d425f23b488111f460aa785890afca62edbc5fda2764b3bd4c2d8724a8032d788c038208f214f534023015c956145342121d59795172e576dae3011becf62133717941bf3b222fede03327f8f77b628552f571eee1baa043f11753453f8aa6504a937fa39920fe5cf5ab629a545d879a451dec7986b1db7a40583836cd98cf5c6ad4b3a23d465e15f682392e1bcbe093628204186781626161e14b86c514c0367467209f292a443e5368f6afc3c3db5a69e8331cbb223f069012bd1318f90bfc34cf7374a667a2d0b1575bdca5a8bbd963e2eca0550d1100bbcf842436f66a75acf6a9a54b015c04deec57e888478f93e6a2eda2e9286a7eb303cb3620b1ed526a310aaee6ea090565e51a073a8310a4f30ff41cde51242a3eeca7049dffb78c56c8db168d056cf6410f35c63bacd2668e04f0baba1dcf261348ebf4f9eef0a36be372da2543fe65db757d73c30faf882baa721e2c6084d94fd69242438cc1592805612d180c5c6cf6371714027a8cef6dcd795b7f031da738fb7b7fc84a332f6e9e846b060586b8cd4574c4cbc30764dae1f2e95e5ba0fd457b3fdea0330ef4c43fca88a887983116495b7b232235e5f9429ed93844fd61604207a4cd7aa98757a97cf98a6ebc0404c0f27fd372668c1663a8c648d046acddbe08594ce08ed3c19aa5b4818e6120b3420f4667f89a67d829d6fa4a4a38f7f582fe05920f1745a1546a67b6666562a10470fdc9e263f71a77c9f56077ade196709447e1f9c51dd1ad3caf9ad2a40bcad503bd56a14270b1058374659aee1af6bf271aecb00c00d704b97c470d8167d5354751d5d093001e80a2c58c0cf548ae38b8b039360573be1de5baaf3e54e573b82f32f20defbf0587ef8891dbc9988a7d6bcf273fe318f2ffd66b6074472fd74ec4c1941b8c553cc807d5ddeb8c61abde5151cafcf688de1c912e0b7e3981206d74374a02c861ea461eac3358cb8958798e8b05c982807968e6280a26a1f30cd2ec6c025514eea53422f3ab55d90c5c4cf7c008a2cec150da05e60c96f63d3f16ec24252d83f155c5b30d35e3efc311fec8d46b383f1ecef8c8f0149e889c50fc32c1c96d69812dd4711589e56d05856e2799e6c5ee98c68dec606d13586f48e24d49e09dc32900ce4d91bcbbe35fcb4f093aa3c116ef776abade75b19fccf74e97bf526c53f2b3b4b7a2a4a17c347b906b7813b3230d41193f99af95125b3db83ff33359daf873b22ab41bc35893d21acccd22b99a4677e0ae6c9e0ec21aa7c043976c09a6712df3ba80793faa5a78c343ceb084cee838bfa23d19dc5167e7294214617a852223403abd9e90577957c2bfb7b41b6bf0774b6336a89fb5b1c06f9d90f582b8e05df2c4653b27dddafe8852a4a64574838d299f2909321ea641c111c383100799b343c36431ad843bb86ee58c5734224821104e5b84ce25061c6d79fbf6911e28515dd1f14501ffe8de6890f03c72f4b13aaacdfb8445e971c677ee0b0c5d4204fc6f542540a3b0361d414b9a3a7f7184c3a672cf101ddc9691da8571333e28ff194e550528bea9954ff54439ce79a1f5472e2c6e191a142d48ec9e356a77ba4d750b0e90115d76a8dbd1f021ed0877bc95b061c596bfdf1378d5c8237e653a5b5c0b5504078c19b8c9cedb2057781a7d75d77ff18dfaa77f9fb015299f5394dd68eb752e4a0f24ff909fd97b4a66ee4340190ae9ebf375cb3186f5b1c5a3ca618856d405027238303f2c2eb4c0e8abbbe0245e24d97247b529b359e6b0229ab14b850f7d1495a3ca74a322ecb08998e5b64471dee26b3eb4993ca63f9f1f960c8e4fcc81a450577d7f9af87fb5791197914775ec27f6f4fccbbac4a3455161a9e55dae79516d4245cece37e6addb1ea2df024550bc36e0ef4cf96560b7be60c75a76a3a8b30fe0fe956aaee0a9625ce7e7d24e7993a14b0a8172b71da7280adfd9c833b653761f999b708684fb490070cb517b6ba369bccf9b291be0bfb031787ae3421e718a0faa5272107bf49554a1c616d9dab5a7490107618e3d8cbb6ade323d8a14a30a3f13100b3838dcc250d5e6987524b35c6a62a7d0930cd5256f61f56add16ad449747e60e54286b6fea425226b37203d48cd00072c39abe7759c9af9ab4d75473dcc0786d720a7b8f0ac360edc2194965fd9ae3c6c7945735bbcc25f102106f39e4968748f45a4afb000d57f18665216a0217ed0d3bfe027e697f8a55acb113f5c1e3751e5f6ae8b9d4eed38476a7bb70039416e081cb06b564d1f69276770e4062a95e2285cc94da0691e7a8d23876e815fd5c0f56a581b79aae45c9c3937b839a29732272f3909bd9357aa7c3c7fc3cf7e601797b82d24d5e0cd02f86bc1f639fda10d6b356502145051eedb2623c5e20a184e7f343ba1d846df02b1bf2896f3c99065bab4ca72eb0b1fc5e9b932eb727780fbe3092a0971fc5e0f53886723a054634a7f270154cd20522673063d68c68001dae21c28d95bb465da72abafe2d9d56aedba32b02c8e4dfa11f9c42d1fbf36c809d87116e105c73aed60c0c287e558e3abd4211fb4578fbd530dafe03d505161d7cfab9fe156c88642bf698e759aa41340bc20cd6ae2a49a3e88a76236bbaeba6cf051f9d736b2073d3018b4d6f4a884749cd4254af9b2b16787168e23cf50bd5f45214ec2ae694d1a42a7688ce658598548f1c2e935f3be5bba5fb8a708055e447d5b8450245ce83192115253e82b6a44960295df0f03d0f257032e2f042dcc376377b04b0f89f7bc29675721d4cb61c23c89ca607056c404e94afa3c479ce1bbd794274b20e8a7a3004ef194e50c2e886333bebb107db275c50dbf03ef9a07f5088b23046b55cf86475b1fde626ca822e2a1657e247815d3771e052472ea4c82d092fd67d97170d2b243f4d011f1377b8c663e3bee6431c240acf6892d10d5ecdca17376ab77e66a24788329b2ceb1471a56619e857bebf179e0a6d6439aac3f7a680743077d9d458bfeefa002c235918d9709ea846cc0e45fc5ae13afa2e5f0ede2488007bc12c2888d092c6c37c44ca5ead1ffc383e8668195bd09ad64292c442919", 0x2000, &(0x7f0000000fc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x8000000, 0x20, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffff}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
r9 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000480), 0x50200, 0x0)
write$binfmt_elf32(r9, &(0x7f0000001080)=ANY=[@ANYBLOB="7f454c46062108ef020000000000000002003e00050000005b01000038000000c4000000060000000800200003003500ff0781000000000007000000100000000100000001f0ffff08000000a0650000060000000008000000000060080000008d0000002effffff060000000700000007000000090000000600000030000000040000000f0000006000000002000000090000000500000029bc6b0c9aae20d5a6e6ee5bdfec811c77abf5850fcc4eae87b894f8d624cea207468d32b7907f94637e98fbc22d62c06e1dee1749c3ec72ab4639d4449010ad7b2bc49058c9a7ab8682a3dee855a4b6130c32e4efd46b6ae402c50a70eb94e24c4159744e18dea1c6f72eabdf858fec78753fbc98dad726a9b3fcf8f267a05538cf16d1ef5cf1ba4783f0d6ec79fee03ff4e1d8145fc748bf1e0ea89886b7ca9cf0789d00"/572], 0x23c)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r10=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r10, 0x1, 0x0, 0x6, @local}, 0x14)

10.83086702s ago: executing program 0 (id=948):
r0 = syz_usb_connect(0x3, 0x2d, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x5a, 0xe4, 0xc4, 0x10, 0x596, 0x1, 0x5f5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xd6, 0x0, 0x1, 0xb5, 0xe1, 0x45, 0x0, [], [{{0x9, 0x5, 0x83, 0x0, 0x3ff, 0x3, 0x7, 0x4}}]}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000c80)={0x44, &(0x7f0000000a00)={0x40, 0x0, 0x10, "467b727d89e87f94d14d056d359a6db6"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async, rerun: 32)
r1 = socket$inet_smc(0x2b, 0x1, 0x0) (rerun: 32)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x6, 0x176, [0x0, 0x20001700, 0x200019e4, 0x20001b5a], 0x0, 0x0, &(0x7f0000001700)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{0x0, 0x7f8a2ba10316323a, 0x22eb, 'dvmrp0\x00', 'team_slave_1\x00', 'veth1_macvtap\x00', 'vlan0\x00', @broadcast, [0xff, 0xff], @local, [0x0, 0xff, 0xff, 0xff, 0xff], 0x6e, 0x6e, 0xe6, [], [], @common=@NFLOG={'NFLOG\x00', 0x50, {{0x3, 0x200, 0x7, 0x0, 0x0, "6f16fefb9ee065ffe3fcb732e2df9ff0bef3497fee76bf501886ea7885ff2abf0cccb863c736d0a0b7f160206485e383800dda71dc63f20f88e8d6e5133b45b0"}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x3}]}, 0x1ee) (async)
syz_usb_control_io$uac1(r0, 0x0, 0x0)

10.7821993s ago: executing program 2 (id=949):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r0, 0xf504, 0x0)
socket(0x11, 0x800000003, 0x0)
socket$netlink(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, 0x0, &(0x7f0000000100))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r3, 0x1, 0x3c, &(0x7f0000000180)=0x800001, 0x4)
sched_setattr(0x0, 0x0, 0x0)
syz_80211_inject_frame(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r4 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r4, &(0x7f0000000840)={0x2, 0x4e21, @private=0xa010100}, 0x10)
r5 = gettid()
r6 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x109580)
ioctl$VIDIOC_DQEVENT(r6, 0x80885659, 0x0)
rt_sigqueueinfo(r5, 0x21, &(0x7f0000000040)={0xfdff, 0x0, 0xfffffffb})
ioctl$VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f00000000c0)={0xc, 0xe})
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000140)=ANY=[@ANYBLOB], 0xac}}, 0x4004)

10.290605773s ago: executing program 3 (id=952):
r0 = getpid()
r1 = syz_open_procfs(r0, &(0x7f0000000000)='net/softnet_stat\x00')
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r3 = syz_open_dev$amidi(&(0x7f0000000080), 0x4, 0x10100)
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f00000000c0)=[r2, r3, r1], 0x3)
stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0})
newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x400)
mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x20, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@posixacl}, {@access_any}, {@cache_fscache}, {@access_user}], [{@fowner_gt={'fowner>', r4}}, {@uid_gt={'uid>', r6}}, {@dont_measure}, {@subj_user={'subj_user', 0x3d, '/dev/full\x00'}}]}})
r7 = syz_open_dev$media(&(0x7f0000000400), 0x4, 0x22a01)
r8 = syz_open_dev$MSR(&(0x7f0000000440), 0x7, 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r7, 0x8008f511, &(0x7f0000000480))
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000500), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan3\x00', <r11=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r9, &(0x7f0000000640)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x74, r10, 0x10, 0x70bd2c, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_LEVEL={0x1c, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x4}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000001}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_SEC_LEVEL={0xc, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x81}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x74}, 0x1, 0x0, 0x0, 0xb4192f6b9bdadde8}, 0x4)
r12 = syz_genetlink_get_family_id$nfc(&(0x7f00000006c0), r9)
sendmsg$NFC_CMD_LLC_SET_PARAMS(r9, &(0x7f00000007c0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x5c, r12, 0x8, 0x70bd2d, 0x25dfdbfe, {}, [@NFC_ATTR_LLC_PARAM_RW={0x5}, @NFC_ATTR_LLC_PARAM_LTO={0x5, 0xf, 0x8}, @NFC_ATTR_LLC_PARAM_RW={0x5, 0x10, 0xe}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x2f8}, @NFC_ATTR_LLC_PARAM_RW={0x5, 0x10, 0x9}, @NFC_ATTR_LLC_PARAM_RW={0x5, 0x10, 0xc}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x495}, @NFC_ATTR_LLC_PARAM_RW={0x5, 0x10, 0xc}, @NFC_ATTR_LLC_PARAM_RW={0x5, 0x10, 0x4}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4004c11}, 0x44000)
r13 = fsopen(&(0x7f0000000800)='virtiofs\x00', 0x1)
mount$pvfs2(&(0x7f0000000840), &(0x7f0000000880)='./file0\x00', &(0x7f00000008c0), 0x10000, &(0x7f0000000900)={[{}, {'\x95!'}, {'rfdno'}, {'%}-'}, {'%\\$-gU[}\'&\'&,'}, {',-!'}, {'trans=fd,'}, {'wpan3\x00'}], [{@dont_appraise}]})
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000009c0)=@nat={'nat\x00', 0x1b, 0x5, 0x640, 0x1e0, 0x0, 0xffffffff, 0x320, 0x320, 0x570, 0x570, 0xffffffff, 0x570, 0x570, 0x5, &(0x7f0000000940), {[{{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x5, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @ipv6=@private2, @gre_key=0x9, @icmp_id=0x67}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0xa, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv6=@dev={0xfe, 0x80, '\x00', 0x2b}, @gre_key=0x9, @icmp_id=0x66}}}, {{@uncond, 0x0, 0xf8, 0x140, 0x0, {}, [@common=@inet=@tos={{0x28}, {0x4, 0x4}}, @common=@eui64={{0x28}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x10, @ipv4=@multicast2, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @gre_key=0x7, @gre_key=0xfe00}}}, {{@uncond, 0x0, 0x208, 0x250, 0x0, {}, [@common=@inet=@socket3={{0x28}, 0x4}, @common=@rt={{0x138}, {0x100, [0x8, 0x9], 0x5, 0x10, 0x1, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2, @loopback, @private2, @local, @private0={0xfc, 0x0, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x3f}, @ipv4={'\x00', '\xff\xff', @multicast1}, @private0, @private2, @mcast2, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, @private2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}], 0x6}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0xd, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, @ipv6=@private2, @port=0x4e23, @gre_key=0x3}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6a0)
ioctl$KDDELIO(r8, 0x4b35, 0x6)
splice(r13, &(0x7f0000001080), r2, &(0x7f00000010c0)=0x9, 0x7fffffffffffffff, 0x8)
newfstatat(0xffffffffffffff9c, &(0x7f0000001180)='./file0\x00', &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, <r14=>0x0}, 0x4000)
mount$tmpfs(0x0, &(0x7f0000001100)='./file0\x00', &(0x7f0000001140), 0x3001802, &(0x7f0000001240)={[{@huge_within_size}, {@gid={'gid', 0x3d, r5}}, {@inode32}, {@quota}], [{@context={'context', 0x3d, 'sysadm_u'}}, {@obj_type={'obj_type', 0x3d, '*'}}, {@uid_eq={'uid', 0x3d, r14}}, {@seclabel}, {@smackfstransmute={'smackfstransmute', 0x3d, '-['}}]})
linkat(r2, &(0x7f0000001300)='./file0\x00', r1, &(0x7f0000001340)='./file0\x00', 0x0)
r15 = syz_genetlink_get_family_id$nl802154(&(0x7f00000013c0), r9)
sendmsg$NL802154_CMD_GET_SEC_DEV(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000001380)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001480)={&(0x7f0000001400)={0x4c, r15, 0x4, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000010}, 0x8d0)
mknod(&(0x7f0000001500)='./file0\x00', 0x1000, 0x5)
bpf$MAP_CREATE(0x0, &(0x7f0000001540)=@bloom_filter={0x1e, 0x5, 0x34e, 0x7, 0x8020, r1, 0x9, '\x00', 0x0, r2, 0x9109, 0x2, 0x0, 0x4, @value=r1, @void, @void, @value}, 0x50)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000015c0)={0x7, 0x9, 0x8, 0x8, 0x3ff, 0x5, 0x1, 0x3}, 0x20)

10.017795118s ago: executing program 4 (id=953):
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="130100002add1e20ef"], 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd/3\x00')
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])

9.684447486s ago: executing program 3 (id=955):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="01000000030000000200000004"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x1, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x20000, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xf00, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2a, 0x25dfdbfe, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bond0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4c0, 0x0)
mount$fuseblk(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c00000080002000003d", @ANYRESDEC=0x0])
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{}, &(0x7f0000000040), &(0x7f0000000140)}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000040)}, 0x20)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x3, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000008900000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fdffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000018110000", @ANYRES32=r1], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000100), 0x1001)

8.500783421s ago: executing program 3 (id=957):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000740)={{r0}, &(0x7f00000006c0), &(0x7f0000000700)='%pS    \x00'}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4000000)
r2 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x8000000000)
r4 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$inet(r4, &(0x7f0000000600)={&(0x7f00000001c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000640)}], 0x1}, 0xfc)
clock_gettime(0x6, &(0x7f0000000100))
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x14, 0x42, 0xa01, 0x0, 0x0, {0xa}}, 0x14}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="a400000000010104000000000000000002000000380001801400018008000100ac1e000108000200e00000010c000280"], 0xa4}}, 0x0)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000003d0007010000000000000000047c0000040008800c00018006000600800a0000100002800c001400050019"], 0x34}}, 0xc000)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000180), r5)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x103a42, 0x0)
ftruncate(r7, 0x6000000)
copy_file_range(r7, 0x0, r7, &(0x7f00000004c0)=0x100, 0x9, 0x0)
sendmsg$inet(r4, &(0x7f0000000500)={&(0x7f0000000080)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000200)="cd", 0x1}], 0x1}, 0x240448c4)
read$char_usb(r3, &(0x7f00000001c0)=""/188, 0xbc)
syz_usb_disconnect(r2)

8.125803968s ago: executing program 1 (id=958):
r0 = memfd_create(&(0x7f0000000280)='%\x00', 0x4)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x200000f, 0x4002012, r0, 0x0) (async)
r1 = io_uring_setup(0x3eae, &(0x7f0000000080)) (async, rerun: 32)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async, rerun: 32)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async, rerun: 64)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) (rerun: 64)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 32)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}) (rerun: 32)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) (async, rerun: 64)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (rerun: 64)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, 0x0, &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
read$FUSE(0xffffffffffffffff, &(0x7f0000004580)={0x2020}, 0x2020) (async)
mkdir(0x0, 0x29) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r7=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f00)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000feffffff0f00000008000300", @ANYRES32=r7, @ANYBLOB="0000ef"], 0x24}, 0x1, 0x0, 0x0, 0x48008}, 0x20044000)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001440), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r8, 0x0, 0x80)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000580)=ANY=[@ANYBLOB="3400000054f15cfb67eaab5e40f0c5d4bc5aac0c3dc6ee3be026d6633649326a6888efda18161fb38348cb214cc4c67caa9253822ee0780acb689c22ee16259b5723d64b150d643b3602b33be0549f22258c2cf09334991aecc7409671ca0bed7b60a8d9cf5625f4af1f3a3945397b25b020a42ac5632e018bafb46f7cec483922883992b40542110c1da7895fdbf50e491ba1bcad6591c2247543000f96d482fdbf4d97379c48ed1c1731c4cf4cf3000000000000000000", @ANYRES16=r9, @ANYBLOB="0100004000000000000014000000180001801400020073797a5f74756e000000000000000000080003000000000a"], 0x34}}, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x800) (async)
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) (async, rerun: 64)
syz_open_dev$vim2m(&(0x7f0000000100), 0x1000007ff, 0x2) (rerun: 64)

7.660159915s ago: executing program 2 (id=959):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000c40)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000440), 0x0, 0x8000)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
openat$audio(0xffffffffffffff9c, 0x0, 0x9e966e64318092aa, 0x0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000680), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
utime(&(0x7f0000000e00)='./file0\x00', 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
read$FUSE(r7, &(0x7f0000002140)={0x2020, 0x0, <r8=>0x0}, 0x2020)
write$FUSE_INIT(r6, &(0x7f0000000380)={0x50, 0x0, r8, {0x7, 0x29, 0x10001, 0x0, 0xc, 0x0, 0x9, 0x40}}, 0x50)
syz_fuse_handle_req(r6, &(0x7f0000004200)="bf6cfd123544686492166aa4d39ddae6b3db71bf402e492e4fc2fae5af064040d1577a76cf067fdb6db25396c648213a4dbda636843aa2cd905c8a0a8c33ee1da35f6110c2b706fe72aeec19bed39e584d8f7b375aa7e59c7d3a4f418994a93cef912037e77db3af8cd4c43cee5b5a43360c5e11ff1cd9bdb57d62a9fe582f2f06ed3edb193766852dd0cfed12144138d96dbd023e9eeaa0314b20ba4071a342d7d42fe9b36d400fed85aee3da1833379c3df6c365b4055992d228c09a59af2c4a5a162c37c3cbddb5608fb49a22b070a245920d2d9288b550315a3a26b3df076e1e1b6a7b9ce2655d5cf7ae9c3577290405471a2e1357166b98562a2ba612deb7450d6c2accfdd407c6bfddaf590e9f753de41cee1a0add82a3709a2f8b84b9c284a2d6a1b74a69ab3b72746482599f139f23626e98a1b33ec8becafffe9eca25e7c02c3f30f64287ba3b2462f7596f8809c78dad012389cfeac1e7f924b0222894d444a40e7d765def1c34edd37e1d90b650d796a3d2730bdba3522c3d685e8eb5c3e60f2f78a3b8aa146c5eace1953a666b1130dce0a37799e1d50b03502d449e3c09f1be874faccfcf092630648c28c85bd5c07e0911ccf55f474ce4e44a04655ade4eee9f6d5e37b71705f09abdc6e2d9bd63ce408e8cdd2197969d8a385862f77e0d7b598ca767090ec7b93717b34b1b098d0d608e5698e0b0613b672a3f33165756366519d35f64ee8be78d4c29c1385053918e05f325aca43e12ffb0d0b2cbe846ad6e5527a032ca57f738fe87ea24b67f873aed31da8650b2a7713b5e5dae0fe7730c33da557f5393e5aad62bde18e20eed96335b0b92895345cc19dc851bfcd21666b6a0398f9585d40a64fd9a541473ed3ccd3857d5cb3a2d134f750b2c1fdd157e3f255f726a9b4e77b61b34eb4820b1fd080043b5a1a04dc985f59c762ec837db525164b3a0a8aa5c9dbcc0d696b1d75b058afc10599dd06d541e48004353732e96e591324da2a6281a5662765afb27ab55eac1e0b56f341fa1aa04bdf2f4ca546e5f5bcb33acd8d664a51564361cf81b8ad8c722497f6bfb0fece234ce76cd1d4e13047cbac99473046735f67b0b5b90f8ecfc1fff473b14d7a640ed6f131e6e446583da47c6ee83a2f662bff87acf63be8781db597d37fea61da2559f5362ec974a288923852ad07641a577dc223e8977cb3080abf9a5c4621c384b42ae0bc19ef91ae842e262e44157c1a20917dcf3e85911d4bf20098dcde8a070f6ccbd57e808abcb394d94cd27ee996e9ab77ec9bc08e429726939189d9ddb612b7816f385c33b671798fabc518ebc2a2330ecc1aa3d134cacc459cc853291047ba52f4eb8f4a630fe2c1ceefe0a6e2096e725e63a7288e45e8a0b04b6d01a48858a73ca6400ff2e3f6151ca5a071616eecfd46dcc084030d637fc051b02e21f55f5a348c75aa8d0487ae4f724d748b8f44c80deea44724cc99fadde776ac214456aabc8ee2fa31325f0e2f8dab980fe513e54adfb22871a71e55126db04eee0cd73d35b0a269090a212b54eb1f138ace2adb4f043302bd8ea5eed550fa958fccd1387585cd7301f0b9287f1ee2354899ed43d10b5c4a5be2654e213b5f422a9e9b785321b898cdb2bb6590815b80c56f07d06ab88c28efc7ee1bfd02c849da8550dc4b2a3128738bd571310447bb6bd6f190e494e9056c4bb5d651398d7a9b9fc3a96a262e4cda9d181cfbdc92087a57769e1fc860fca716b2b406b6309378efdac65650c99e4f37fad02c11febbb626836887ccaa7b6a0ce8c2bd6bff67e44de25aa27bf30bbe0d980949ac1dbd979d02d50a8d2c36a016e18e838166cd88c0b677b17c37c76c0ef6fc8c835d9e01c0f6c1500b3af105883591083a2df7773f21c93c30c56edbbc649bbb5cbf16824fdc58e5e34d148da0f0e0ec43b94260723afcb020347ade5a27fd2f2bc45a0d30728a4804559f6306646a65e982f11c49dbd428276389eec8514d7840917b31a24b81a44b99c64e55962b4ff25b80daca9526a9ef5b04cb282a9b13512d1fc79ca94973b7dd4923332621b762c7dc6f96c7bdbad42697998a71e42a76a5979b3d0d92e7ffc73b88cc9db0e9da56a907d7235c0c90432db03bffff9675afd77d1467c75226ef1c2575cb8c59f5ffa4ce7db7e290d40060fce39c9487c657b20a275cae75565d37c68a5324d19cc53e0541eff7b089d79f4692e8a07e643848d6f73314eb5894c60d54bfa747e98502166a683377901b3dd4fb9d5246a8bb8f56542c78a5fcc4d87c4f2c24ed7b8ad10be1aa00d56b8dca29055f405329c834c1a54a38db546769476854f5e495c7f59e53eb2f192afe86d1c20493f8117182d6303f16b3ea4fd530fd1d73bb389f7f8818df714256a4a2c07f80eb166f15e64ef595d42adcf2089361070fec1de6aceca8d52edf413aef39ec5b9540999810665cda98b9071e8289fed8a31f79b8d02626a560b4908884ee34222e32355b2c081fa79e0488b932e5ae47ed025ecf7a6cddf0a2e1935f52980ae6fc90a1b15b8bc01eac7789d97cbca2b9edde0540e351ddc0c6d4939327c4ee975f0173953f958bdfffb021867eb5f946ef66af07a138a1cd9975b4e6e3fe0824dbc936a54b28a9d2e000221b754acdce4abe36109fdd48bedee4a90872e6145875c10b39226e0eb6a49e01a23dd10a93d2d1c9f740f5882cfba5132bd3683e54d1893223d9c695253b3a442c040f07530cce1608f8b1f7f96b5789491b819588d8c07a4f11cf5461c5648f6b2253c1506d2ecfb1765879f246046f57d062bb5e362bb077f3ed6f231d2324d09df5ae56c17ed38aa45a323102b01c90fd5aeb4c50f3a0f4fa7261b859bc5e66d6ea746f72209dc625e6ad36418d6f8d845b10496b4e2f7e87170627646acedc7295be3cae5f587e20f2437dc970ae1162f72e86e454839cec106f60a8b69bcf1be462af8129581cad16b8e7dc8ff34f46bab5f8ed65068684c590792fb054c11c59b9848ed1b8eb63c8d08c73c410830858d762461105f82ab739f7243531d0df0d49392a0296394e645df6773e7590f8c0c9bb02470a12ce4828ad184449d9292827e59ccb0e344a443ed89cdb5572010fac5999b579a56f4cee60af581c61b56abdca76545b5b4b0369654730f2598437b311b386f6f4832b92b2ddaa7bc89f38c7b132cbf3b60657c89e4c4821aba26ffa324ed2f05650d48958f4ed0ff1c1ea785ef78983107d0351e2faa050f137466b6f85e13684052b7c71611e7f7810e56210358934cc5b2ffc34f6a595be166ef1437d37f768e47dccdc26d08f30ab61cfd1965e1d53c312c5c025394f10bd500690e1c6847414bcbe46fc65493634f502a2fb4c3480e352b6336ab30fb7691740b6252093146723d78d03fdad8d4fab12c5304b61f949f877f0cbb7d859a5bda4a83a9da7d5ceca444db698c4f446f217a921b14eab4b7005c212dd2b2dc7315d03aed360596ce4171ee8bef6dabccecdf717dfd60982a7fbcd5548609f47c9b3339b818d7db959ca1df348e3203a9edb95e37d7e47fa0b489e67e0c64f30dd9da93a74ffdd7cab7d03c8906435baa9b306f064ebe91858dde4b07e362b835773512f71d8a4efd16527578a0b8354f896d89e4592acec8f2dc285c0664feadc43984bf5f128a9ca5309682b8633a3c4b5b2c240c2abc316bedf9c43617c9b86be20c5375307d634cb1f8c7390160b31cf88b17f8cba5ab1f30fd45be2cd81453e6de11acabb97f98a2a9e299f824d1743ef157daeb416baa1a0fdb21f00846e31f729b3e84e19a96910b75786e44e085d25d192aa44ec87a220cda9d80baf0ceb051e3847d360dbe9257277ae378780b5dbd567ced4124d708ae2f941ff33942114082dc7f0b0bc9f2ff297293f9c9102dd3631bacbe21740314c78d9dbf0f459eddced803c8022a860d2a1c9ff7758b33a6438b93a11ab8409ef2e12754567035ccc7a0a4b25f6c97d4cccdfeb864121e9a58acd13a84936bc6849e39fbb081a4a5f854a15c87f41fb6cf1990588b28d86544fac07706258af5199d72893adf6f495b2a723804c7fa3bc9c45236703d5b5aa4857d00b2817c5bfdd74c75c76914569f7f391d5d733542e53d403b2e35563e715e725eb843e80d033e7b5e14e6ac1270ce68331d396c8817cf2ba72443fc8553707bb50df798e49f678344444993efc5616cef1aade9e8616e01cf0a1afe65142b93b26271f43d8823f075ec836db0c688c3607f9ca8488808681aa4669516f7a1711f928bd6ae7cae0cefd31394d7ade078996265506ca016d20ce18ad7baf2b98cbac85e4cb4dfdcf9120c45c620dd482262e38ca6cb8d5f8cf34135e1b2c92738cf321b41ec5ad6c27b53974bd6b32f8866d625739f54b7a1e3e969dfdc7ddcd4411111da9ec3330c9d3165bb80b441d18a2ed76213fc5cf91d246a4f75971abbf7c5e312021e2b7d88ada65052772ed37a1705f6f5fcb50c9cff34f3f8afc94d010f3a9b92494a3ceeff67b9169d84e90e04e9d96ac56678b7a96f12d11e9a8a999e0b3231be2e98e412075050fa84edde02beef5f1ea1c737603dd5abe79007180f4baa2fa68d461523f1f81011c0e5124b041bd7d78048c2e92b74c58ab2c92e0a99ab83697910affdc4d831557b820bb624964b27ebf3ec74a671ae01522f401484722b0a21d0c3db91dbba3e6ff09a795ab6742ec355711e6a031d9dca8a4739eb3ad65fad53c6365276648e49334498251b6a5eedcf8b8c816baef260eea9dbd93a3a2df276b1298846adb481a5d66c981e04ba632b8229640bff0b48e3ec426f7554f423b04f8e5a3617163ccc1b635db7dfcf1de4e19acc41a8fe4968580d82cb7b9336b1bc1da4daeb4d5026d5f52ff16babd9a2c716d8cdfd105efbf0338fdef20737efb29619b96dfb91d38f619947fcf6116509226d61f4d67784a0607f1aed366a178fa17493742b21ae648b448d8f6de7c8744a7a306a6e831f9e5533111e1552de5ca8963ee594f3e5e7677721c252952035f3fa492ca2d0318f034e0936b3ab2f38360896360f6d4149edfe6cd3990bf1dbddd9f6efe6d122520b6e973e971e3841f58c1acaa5602b09e3e133c2dec8c7f82ccc696d050069c6cf6ed398196adca39f2158188f6af9500e2b46da5000ff573b01423967413c6d35b94cfee1b37637c8ef85e9482eaac678e93a02b48116f284700c003f4f0bff37a54912b591993778e6a3f4d886b03f7d80212032351a9b25fc8057c8219238e7d0cdb49fb877d42cd258823fe2e82ac795a2db4f0055141de68f5087b7889872739b6628739912af72bfd923aaf19ba5577416a3430616c3946d423e7923be9e27d7d7d9a9d5c8dc0490ceee579124872f9dd6858d0988ccba675d801f8d84f29aa8e0f1eb79333c434b44b090ae334ef2ae27d77be290750bb47ec716855195972d1360df2114ccd6ea07afcbe46d5627456fbfdfe1226d6952a57c6f8e35a38f659d3cee77c5bc05fdbee8880b1fea65bafa830c57514a10cf596abeab0dd5805651fc21c3dbe917bb81a857dcb5c7eb2d7ac1362594a1cb0d22b3d275e3b2b3bf9aaf07484d44fad49b4a7293a424520fa800841d26b8e4959655c62f8c19b7bb4f13a8e743236caa35d86df8ffd005d48718ca3ba03938d164ca22cf2b993ce997fe004fe36e54fda58c54d3ebf62a526b830c5434dff01abe238c03ff1e70d2084d54ff24ba9d7fbb93654f18ed8f9283b07c70eca0aa02a12cea47c4b36622a50e7440a0a2852863ee53aeee1e39979ef156f49ba09e3821bb35300fb368e0e491ee0a8304087fdf9f767b119522279bfb29546b8ffd41588bce693aa068465ac19e3b89b8ab4fe6986256f6acc452b8325d236ac006319f8e19180f6df39c6da5b3448d5ae047dec7ac08980b4254f05dedfca1b5df07a253cba9e7235f2ac599f9781a21bc96b383dedb59c5e6769d6277ff7419ad67d99bb3386213f8eb2912dd28bd4710fc25014e163eb85f920b4f1200224465a6117615db2db91d03b63b8e010390be211a9274e94714d43f9e1815f2d4537b543cf498540a90403d07fd1d44cd1b83e5f244d3cb80804091043e67f025203bf548dd269d36e9bb44313b27509dbef92c428414140f59564171a664895d8631d6af1a76ec2162b99fbf128b69a40d60775bccadd0d666277f83279805cd17724bbe59c23419396dfa0044d0f231701fcb2fb01cf2f16a3d3fcbe8ca2607431f08d00626e6499155a544a3ac9060ad0b4ae2303d4d66021b1b73e88843ba990e5e0ff54dfd9e303956b5cf7e02c9779fe7b66d3738000f68cee9a47a1be6847361122212147fe82b83b28bda3dbc7a176c5062a7d323c8cdf36e36692e73ce176a67e4ac5cecbe0fb18f2c13eee93a00e74f6852caa319e798c4ed6023a2cf9de1d5ec08589bfbd36feea5616237ce28169faf883c795da0e83d8c1a43fcb1b01a3ab8745fe4383b8fa4ad25aa1392cb70ceb6d5266e3bbe425cfb77c889d5905ef7645340ad4b43ed4072f648f8b284d76204ed62e34cb42423cc66bf4994281e9be8cfadef463830ccd827bdc06b972ddf23a8db22a9cbf0ab7cb5bc92db73c1f71af8e1a6588ce34e40286ac88c6b82f723b514058229f4969a984731fee52d0617604c01cfe200ad62f20b48c219eefd85705f93c157d551de23ea92c6b8f77385d772d86855c38f87e004d492d35afa757808c1433be3b60faf44fdc2abb7fa6a7ab64017643b98217bf7895315f53114ec45682e13ff0e7d28b4a3c941a23a1a123aee0243ac31be667a445e655064b4c8611d827170d166a5d57be53602b252e8ea4f7148cafa1ab5d88b0daed51b89cfb21744cb47dfb6ad47ef7938dce7e39103df8b3f747debfd7a5848f7aaf16b4e9a54828ae2065564ca9c7306c1ccfb58f8f32389bc22411034dbcd7a1b636eb3502e2fd73c6e33c84cddfc61e00a05c0dfc4ddeefd2bd2cd537b8c08b5450c2e073bfc9afe89b2c986f1fa621b9d6d10d676be22e90622043c55917641fab4e836b3294e65284568c022ba0ed747c0ba8a9800bb581922d0555ab291e8a88f78c9dc16a820ac5aade847f39aa360205cc29a16e87f87639f0ff1080c8de738b7e1b95c32d8232065359098b224eb7f128a76a284c8ce8c80f22c42b1f8107252134957d12c51acda4cfeb8c0787276c8474a480623fcaba3624f9351866459250cb31d64b700644928a6a27715b9c8e5bc7126f55b73f2a59782ef61874539ad341dc6230462de0e9f4af529cc97f9c4ea9528f1798867b79c99c48aa6715437d255940bc7493c850de58be7b5d4d7ce988969bf7ce993dedcdea96c2f96e02b2f1b82204bf9a39b56280ceaff19984cdc537fe9da707ffac23876d1c5208bd0f3232be346b56de24dd17db01129c961d77deb591a3d4f03292cbae8edfaf09bdd3464f166d5cfde6330ce738902a0711f2168f9f661d5c47675b37692c715356145c30b7f1a1faad00ed73613a54785b9b09b5ddf3b162cadf8a986afa95bdea54bcd77d6a6f27712b8e53a247ee8e42b7c9f1a61b331b0aedfd212bbedeb7f898b862cbd32acf0a024fb4a4cf0df1066231858fdd97c5bd27bbb98a92aa60d4eea842504d89ca74860c3929ba158749c37607355c2c85852feaf458e81605be16c0699c3df2d3d3381cfc63cf8593f87439e5e06e1fe14101a9461023ea38ae5dd55b09e3397dbcd561785531228e30bba5af79e36f61df39e20b6db6b6833a15edd61f02fd54997363f389ec17983c316ade70588c6a1bd1a4b99137fdd1a8f075528c84e069ce1258d9af2f2bbd05fba22621d39a2225af03983b89531a8ac1bbc6783a82b5bb671d7cf14ffd7ecab2067ac11a11e5bff62841830c78d7e38e2fe018625a3d74f680680ce6f64e676a6072691f87747d2c44acde2b4f7b1c04224c0c6bb6119f8a27a7673db49ad1aa07405b320d2bce1a931893184a8c0c9c355f07c1e3eb1eb6a2ee083283c3183f06f4cf491588ed38a12bba20ef46bbef3098dc4019d15570bbf27b80549a8a62a722a966f838f8dc6d3552b961e66f2a4a8555f6a2a26bbb392aa1bca2460fc0cd3b02491d82e5dbdb79ecb8dc05d00d2de5e597c449668e8c8ec4ed52f52c8c95057e957e771e25bc1e5a9f2f84bd957227430420dd3874901006deb4e76a3f9c6d1125b2ce37b8a92bd31d31eeaebe1db6d5bc0d4f94b66db399d50e20dfb2b0596d702a3ed942c439def9fcfca0fd703ae627f836b2c7d129641fa2864fc243b193fd528cd040950f37abf0a411adb986dfb60d7db78a037d4d0832516d3293c1a219b80d88eab190c3d8811aaf2deabf41fd2caa3cbb8e0442e790961706521352c934becaa94f1dd8adf07e27d516846f3e6086a47b8c436398af220e75d0e6a41f6b24cf42a1d7a15a385d3332c572f5d425f23b488111f460aa785890afca62edbc5fda2764b3bd4c2d8724a8032d788c038208f214f534023015c956145342121d59795172e576dae3011becf62133717941bf3b222fede03327f8f77b628552f571eee1baa043f11753453f8aa6504a937fa39920fe5cf5ab629a545d879a451dec7986b1db7a40583836cd98cf5c6ad4b3a23d465e15f682392e1bcbe093628204186781626161e14b86c514c0367467209f292a443e5368f6afc3c3db5a69e8331cbb223f069012bd1318f90bfc34cf7374a667a2d0b1575bdca5a8bbd963e2eca0550d1100bbcf842436f66a75acf6a9a54b015c04deec57e888478f93e6a2eda2e9286a7eb303cb3620b1ed526a310aaee6ea090565e51a073a8310a4f30ff41cde51242a3eeca7049dffb78c56c8db168d056cf6410f35c63bacd2668e04f0baba1dcf261348ebf4f9eef0a36be372da2543fe65db757d73c30faf882baa721e2c6084d94fd69242438cc1592805612d180c5c6cf6371714027a8cef6dcd795b7f031da738fb7b7fc84a332f6e9e846b060586b8cd4574c4cbc30764dae1f2e95e5ba0fd457b3fdea0330ef4c43fca88a887983116495b7b232235e5f9429ed93844fd61604207a4cd7aa98757a97cf98a6ebc0404c0f27fd372668c1663a8c648d046acddbe08594ce08ed3c19aa5b4818e6120b3420f4667f89a67d829d6fa4a4a38f7f582fe05920f1745a1546a67b6666562a10470fdc9e263f71a77c9f56077ade196709447e1f9c51dd1ad3caf9ad2a40bcad503bd56a14270b1058374659aee1af6bf271aecb00c00d704b97c470d8167d5354751d5d093001e80a2c58c0cf548ae38b8b039360573be1de5baaf3e54e573b82f32f20defbf0587ef8891dbc9988a7d6bcf273fe318f2ffd66b6074472fd74ec4c1941b8c553cc807d5ddeb8c61abde5151cafcf688de1c912e0b7e3981206d74374a02c861ea461eac3358cb8958798e8b05c982807968e6280a26a1f30cd2ec6c025514eea53422f3ab55d90c5c4cf7c008a2cec150da05e60c96f63d3f16ec24252d83f155c5b30d35e3efc311fec8d46b383f1ecef8c8f0149e889c50fc32c1c96d69812dd4711589e56d05856e2799e6c5ee98c68dec606d13586f48e24d49e09dc32900ce4d91bcbbe35fcb4f093aa3c116ef776abade75b19fccf74e97bf526c53f2b3b4b7a2a4a17c347b906b7813b3230d41193f99af95125b3db83ff33359daf873b22ab41bc35893d21acccd22b99a4677e0ae6c9e0ec21aa7c043976c09a6712df3ba80793faa5a78c343ceb084cee838bfa23d19dc5167e7294214617a852223403abd9e90577957c2bfb7b41b6bf0774b6336a89fb5b1c06f9d90f582b8e05df2c4653b27dddafe8852a4a64574838d299f2909321ea641c111c383100799b343c36431ad843bb86ee58c5734224821104e5b84ce25061c6d79fbf6911e28515dd1f14501ffe8de6890f03c72f4b13aaacdfb8445e971c677ee0b0c5d4204fc6f542540a3b0361d414b9a3a7f7184c3a672cf101ddc9691da8571333e28ff194e550528bea9954ff54439ce79a1f5472e2c6e191a142d48ec9e356a77ba4d750b0e90115d76a8dbd1f021ed0877bc95b061c596bfdf1378d5c8237e653a5b5c0b5504078c19b8c9cedb2057781a7d75d77ff18dfaa77f9fb015299f5394dd68eb752e4a0f24ff909fd97b4a66ee4340190ae9ebf375cb3186f5b1c5a3ca618856d405027238303f2c2eb4c0e8abbbe0245e24d97247b529b359e6b0229ab14b850f7d1495a3ca74a322ecb08998e5b64471dee26b3eb4993ca63f9f1f960c8e4fcc81a450577d7f9af87fb5791197914775ec27f6f4fccbbac4a3455161a9e55dae79516d4245cece37e6addb1ea2df024550bc36e0ef4cf96560b7be60c75a76a3a8b30fe0fe956aaee0a9625ce7e7d24e7993a14b0a8172b71da7280adfd9c833b653761f999b708684fb490070cb517b6ba369bccf9b291be0bfb031787ae3421e718a0faa5272107bf49554a1c616d9dab5a7490107618e3d8cbb6ade323d8a14a30a3f13100b3838dcc250d5e6987524b35c6a62a7d0930cd5256f61f56add16ad449747e60e54286b6fea425226b37203d48cd00072c39abe7759c9af9ab4d75473dcc0786d720a7b8f0ac360edc2194965fd9ae3c6c7945735bbcc25f102106f39e4968748f45a4afb000d57f18665216a0217ed0d3bfe027e697f8a55acb113f5c1e3751e5f6ae8b9d4eed38476a7bb70039416e081cb06b564d1f69276770e4062a95e2285cc94da0691e7a8d23876e815fd5c0f56a581b79aae45c9c3937b839a29732272f3909bd9357aa7c3c7fc3cf7e601797b82d24d5e0cd02f86bc1f639fda10d6b356502145051eedb2623c5e20a184e7f343ba1d846df02b1bf2896f3c99065bab4ca72eb0b1fc5e9b932eb727780fbe3092a0971fc5e0f53886723a054634a7f270154cd20522673063d68c68001dae21c28d95bb465da72abafe2d9d56aedba32b02c8e4dfa11f9c42d1fbf36c809d87116e105c73aed60c0c287e558e3abd4211fb4578fbd530dafe03d505161d7cfab9fe156c88642bf698e759aa41340bc20cd6ae2a49a3e88a76236bbaeba6cf051f9d736b2073d3018b4d6f4a884749cd4254af9b2b16787168e23cf50bd5f45214ec2ae694d1a42a7688ce658598548f1c2e935f3be5bba5fb8a708055e447d5b8450245ce83192115253e82b6a44960295df0f03d0f257032e2f042dcc376377b04b0f89f7bc29675721d4cb61c23c89ca607056c404e94afa3c479ce1bbd794274b20e8a7a3004ef194e50c2e886333bebb107db275c50dbf03ef9a07f5088b23046b55cf86475b1fde626ca822e2a1657e247815d3771e052472ea4c82d092fd67d97170d2b243f4d011f1377b8c663e3bee6431c240acf6892d10d5ecdca17376ab77e66a24788329b2ceb1471a56619e857bebf179e0a6d6439aac3f7a680743077d9d458bfeefa002c235918d9709ea846cc0e45fc5ae13afa2e5f0ede2488007bc12c2888d092c6c37c44ca5ead1ffc383e8668195bd09ad64292c442919", 0x2000, &(0x7f0000000fc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x8000000, 0x20, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffff}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
r9 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000480), 0x50200, 0x0)
write$binfmt_elf32(r9, &(0x7f0000001080)=ANY=[@ANYBLOB="7f454c46062108ef020000000000000002003e00050000005b01000038000000c4000000060000000800200003003500ff0781000000000007000000100000000100000001f0ffff08000000a0650000060000000008000000000060080000008d0000002effffff060000000700000007000000090000000600000030000000040000000f0000006000000002000000090000000500000029bc6b0c9aae20d5a6e6ee5bdfec811c77abf5850fcc4eae87b894f8d624cea207468d32b7907f94637e98fbc22d62c06e1dee1749c3ec72ab4639d4449010ad7b2bc49058c9a7ab8682a3dee855a4b6130c32e4efd46b6ae402c50a70eb94e24c4159744e18dea1c6f72eabdf858fec78753fbc98dad726a9b3fcf8f267a05538cf16d1ef5cf1ba4783f0d6ec79fee03ff4e1d8145fc748bf1e0ea89886b7ca9cf0789d00"/572], 0x23c)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r10=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r10, 0x1, 0x0, 0x6, @local}, 0x14)

7.659828253s ago: executing program 1 (id=960):
socket$inet_smc(0x2b, 0x1, 0x0)
socket$inet(0x2, 0x4000000805, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x597}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000540)={0x8000, 0xba, {<r0=>0x0}, {}, 0x5, 0x5})
sched_setaffinity(r0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x42280, 0x0)
close(0x4)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r3, 0x4020aed2, &(0x7f0000000000)={0x303000, 0x606000, 0x8})
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00001f0000), 0x1000002, 0x0)
r6 = dup(r5)
r7 = open(&(0x7f0000000000)='./bus\x00', 0x44542, 0x2)
ftruncate(r7, 0xee72)
sendfile(r6, r7, 0x0, 0x8000fffffffe)
r8 = fcntl$dupfd(r6, 0x0, r7)
r9 = dup3(r5, r8, 0x80000)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000040)=0x1b)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000a, 0x5d031, 0xffffffffffffffff, 0x0)
openat$incfs(0xffffffffffffffff, &(0x7f0000000440)='.pending_reads\x00', 0x2, 0x4)
r10 = userfaultfd(0x801)
ioctl$UFFDIO_API(r10, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r10, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})

7.659453173s ago: executing program 0 (id=961):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x800, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000000500000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x18)
getrusage(0x0, &(0x7f00000004c0))
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r4, 0x0, 0x0, 0x0)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f00000083c0)={{0x1}})
sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8040}, 0x400c0)
readv(r5, &(0x7f0000000580)=[{&(0x7f0000000680)=""/116, 0x74}], 0x1)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r5, 0x40505412, &(0x7f00000000c0)={0x0, 0x9, 0x0, 0x0, 0xf})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0x20, &(0x7f0000000280)={&(0x7f0000000380)=""/229, 0xe5, <r7=>0x0, &(0x7f0000000480)=""/93, 0x5d}}, 0x10)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001500000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0857f9f582f0300000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

6.326513839s ago: executing program 2 (id=962):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
dup3(r2, r2, 0x0)
r3 = socket(0x1d, 0x2, 0x6)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000004240)='/proc/cgroups\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000000200)={0x2020}, 0x2020)
r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000080)={0x0, "4fcb813dd28b42bee2b094a3de6dbfd30a74457bcd1cfd5feffe5c019f45d57f", <r6=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r6, 0xc0303e03, &(0x7f0000000180)={"000000149c0286e08ffad43c40fc0a000000ab65a29e23546aad0281b3aff5eb", r6, <r7=>0xffffffffffffffff})
ioctl$SYNC_IOC_FILE_INFO(r7, 0xc0383e04, 0x0)
bind$can_j1939(r3, 0x0, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r3, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000044}, 0x40)
close(r3)
r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="300000002c0001000000000000000000050000801c0011802e"], 0x30}], 0x1}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000009c0)=@newchain={0x24, 0x1e, 0x1, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {}, {0x4, 0x7}, {0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x8004}, 0x44814)

6.241676112s ago: executing program 0 (id=963):
r0 = dup(0xffffffffffffffff)
connect$inet6(r0, 0x0, 0x0)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0x40, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
dup(r3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
add_key(&(0x7f0000000040)='asymmetric\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
r6 = syz_pidfd_open(0x0, 0x0)
setns(r6, 0x8020000)
syz_clone3(&(0x7f00000008c0)={0x14860000, 0x0, 0x0, 0x0, {0x28}, 0x0, 0x0, 0x0, 0x0}, 0x58)
sendmsg$NFT_BATCH(r5, 0x0, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180200000004000000000000000000008500000036000000850000002a00000095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000100)={r7, r2, 0x25, 0x0, @val=@tracing}, 0x40)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

5.900334122s ago: executing program 4 (id=964):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$usbmon(&(0x7f0000000240), 0x5, 0x6421c1)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000480), 0xffffffffffffffff)
mkdir(&(0x7f0000000040)='./file0\x00', 0x43)
mount(&(0x7f0000000000)=@nullb, &(0x7f0000000100)='./file0\x00', &(0x7f00000000c0)='xfs\x00', 0x80c0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x270, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="0203"], 0x10}}, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}])
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r2, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x7, 0x0, &(0x7f0000000040), 0x0, 0x0}})
sendmsg$DEVLINK_CMD_RATE_DEL(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000004c0)={0x44, r1, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000010}, 0x4000)
ioperm(0xa891, 0x20, 0x80007ff)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r4 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$VIDIOC_G_PARM(r4, 0xc0cc5615, &(0x7f0000000c40)={0xb, @capture={0x1000, 0x1, {0x7, 0x80}, 0x400, 0xa}})
close(r3)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r6 = open$dir(&(0x7f0000000200)='./file0\x00', 0x8402, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RENAMEAT={0x23, 0x75, 0x0, 0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000180)='./file1\x00', r6, 0x0, 0x1, {0x0, r5}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb1d8, @void, @value}, 0x94)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r7, &(0x7f0000000340)="23000000010006", 0x7)

4.717004412s ago: executing program 2 (id=965):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$vcsn(&(0x7f00000000c0), 0x10000, 0x440)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r3 = socket$nl_sock_diag(0x10, 0x3, 0x4)
setuid(0x0)
sendmsg$SOCK_DIAG_BY_FAMILY(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="58000000140001ed13bd7000000000000a84"], 0x58}}, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWRULE={0x7c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0xb}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SOCKET_LEVEL={0x8, 0x3, 0x89}]}}}, {0x18, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0xc}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x1}]}], {0x14}}, 0xa4}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14)
socket(0x10, 0x3, 0x0)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000003c0), r0)
sendmsg$IEEE802154_ASSOCIATE_REQ(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)={0x2c, r5, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x2}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xfffe}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x1a}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x40000)

4.317059407s ago: executing program 3 (id=966):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000140)='15', 0x2}], 0x8)
mknodat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000040)={0x1, 0x2, 0x4, 0xffff, 0x0, "008ef14ba278887cb0baba08431799317e6324"})
r2 = dup(r1)
write$UHID_INPUT(r2, &(0x7f0000001040)={0x18, {"a2e3ad21ed6b52f99cfbf4c087f70c9b3e6ee7ff7fc6e5539b9b3b0e8b9b411b5d30091b080d29428f0e1ac6e7049b3468959b4c9a242a9b67f3988f7ef319520100ffe8d178708c523c921b1b25380a169b63d336cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x100d}}, 0xfffffdef)

4.290262235s ago: executing program 0 (id=967):
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9e, 0x17, 0x36, 0x10, 0x17ef, 0x721e, 0xde06, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
socket(0x10, 0x80002, 0x0)

4.259527734s ago: executing program 1 (id=968):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f0000000200)={0x2020, 0x0, <r2=>0x0}, 0x2020)
open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
write$FUSE_INIT(r1, &(0x7f0000002300)={0x50, 0x0, r2, {0x7, 0x9, 0x0, 0x1030002}}, 0x50)
read$FUSE(r1, &(0x7f0000004580)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r1, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r3}, 0x10)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
dup3(r4, r1, 0x0)
r5 = openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0x40, 0x0)
ioctl$FBIOPUTCMAP(r5, 0x4605, &(0x7f0000000840)={0x5, 0x5, &(0x7f0000000200)=[0x8000, 0x5, 0x8, 0x401, 0x7ff], &(0x7f0000000240), &(0x7f0000000480), &(0x7f0000000240)})
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r6, 0x0)

4.044211479s ago: executing program 4 (id=969):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x2, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89d0080b8785d96000100", "2809e8db03000000000000004afac100000020a1a93c5240f45f819e00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6, 0x3]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
add_key$user(&(0x7f0000000200), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
r4 = dup(r3)
accept$inet6(r4, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000e8000000000040d900008500000023000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_TSC_KHZ(r7, 0xaea2, 0x401)
fcntl$getflags(0xffffffffffffffff, 0xb)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000000000001000000000000000f0ffffffffffffff10"])
syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x0, 0x4a}, @l2cap_cid_signaling={{0x46}, [@l2cap_cmd_rej_unk={{0x1, 0x4, 0x2}, {0x89f}}, @l2cap_conn_rsp={{0x3, 0xfd, 0x8}, {0x7, 0xf3c, 0x9, 0x88}}, @l2cap_cmd_rej_unk={{0x1, 0xa, 0x2}, {0x5}}, @l2cap_move_chan_cfm={{0x10, 0x2, 0x4}, {0x2, 0x40}}, @l2cap_conf_req={{0x4, 0xe2, 0x16}, {0x20, 0x8, [@l2cap_conf_efs={0x6, 0x10, {0x2, 0x1, 0x7, 0x2, 0x1}}]}}, @l2cap_conn_rsp={{0x3, 0x6, 0x8}, {0x4, 0x5, 0x9, 0x5}}]}}, 0x4f)
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r8, &(0x7f0000000000)={0x0, 0x9, &(0x7f0000000100)=[{&(0x7f0000000040)="1800000072006bcd9e3fe3dc6e0800000709000000010000", 0x18}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

3.318515399s ago: executing program 1 (id=970):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'hsr0\x00', <r0=>0x0})
r1 = socket$igmp(0x2, 0x3, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x13, &(0x7f00000003c0)=ANY=[@ANYBLOB="180800001bc81a00000200000000003303d037e73efe00001800000020f09f6a988f4915ca492bd51a9b5d243423c82d4e5aa3041bce3512ecf67782cc2f16ffecc50714646a00561811e7fd2287e73f950560eadaccb16f59c0aa7a916a92e24b55", @ANYRES32, @ANYBLOB="00000000000000006608000000000101180000000000000000000000000000009500000000000000360a000000000000180100002020782500"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000700)={'tunl0\x00', &(0x7f0000000840)={'gretap0\x00', 0x0, 0xf890, 0x0, 0x6, 0x4, {{0x5, 0x4, 0x2, 0x5, 0x14, 0x66, 0x0, 0x7, 0x4, 0x0, @private=0xa010101, @initdev={0xac, 0x1e, 0x1, 0x0}}}}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$netlink(0x10, 0x3, 0x0)
socket(0x200000000000011, 0x2, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}]}, 0x34}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x1, 0xfa, 0x41b}}}, 0x7)
setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f00000000c0)={0x0, 0x8, 0x1, 0xfffffffa, @vifc_lcl_ifindex=r0, @local}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000e40)=ANY=[], 0x54}}, 0x44091)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@ipmr_delroute={0x1c, 0x19, 0x1, 0x0, 0x0, {0x80, 0x80, 0x0, 0xff, 0xff, 0x11, 0x0, 0x9}}, 0x1c}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a03000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000180003801400010076657468305f746f5f6873720000000008000240000000005c000000160a0101000b000000000000010000000900020073797a30400000000900010073797a3000000000300003"], 0xfc}, 0x1, 0x0, 0x0, 0x804}, 0x40000)
ioctl$TCFLSH(0xffffffffffffffff, 0x40045436, 0x2)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="2eec0a0009000070e2db620ba0", 0xd}], 0x1}, 0x20000000)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)=ANY=[], 0x20)
write$rfkill(0xffffffffffffffff, 0x0, 0x0)

3.316843908s ago: executing program 2 (id=971):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x0, 0x13, &(0x7f0000000340)=@raw=[@alu={0x7, 0x1, 0x3, 0x0, 0x0, 0xc, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x2}, @map_val={0x18, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xc14a}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @func={0x85, 0x0, 0x1, 0x0, 0x2}], &(0x7f0000000400)='GPL\x00', 0x8, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0xb, 0x5, 0x9}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000540)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1], &(0x7f0000000580)=[{0x2, 0x1, 0x9, 0x2}, {0x3, 0x4, 0x6, 0x4}], 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000180)='mem_disconnect\x00', r0, 0x0, 0xc36}, 0x18)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket(0x200000000000011, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000001c0)='sched_switch\x00', r3}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
unshare(0x22020600)
r4 = socket(0x10, 0x3, 0x0)
write(r4, &(0x7f0000000080)="3300000058001f000307f4f9002304000a04f55f0800010002010002170003800500000099db973b91aa057972513500b04067", 0x33)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'syz_tun\x00', <r5=>0x0})
write$cgroup_type(0xffffffffffffffff, &(0x7f00000000c0), 0x9)
bind$packet(r2, &(0x7f0000000080)={0x11, 0x800, r5, 0x1, 0x0, 0x6, @random="518440db9de1"}, 0x14)
r6 = socket(0x200000000000011, 0x2, 0x0)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r7, 0x29, 0x19, &(0x7f0000000040)=0x3, 0x4)
syz_emit_ethernet(0x6e, &(0x7f0000000780)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa0086dd6002adf70038010000000000000000000000ffff0a010102ff02000000000068b60000000000000102009078000000006000641a00003a00ff01000000000000000000000000000100000000000000000000ffff640101011e520b4c951ee12ee2c6a9cfcab695786d8ca9f6554916dbebffba39f210e2b9856dcfd8dcfc62c78dda609ffffd3ec1c742445e42e7ffcc8fcc4f54a3d1a8deca6ea6a59a57bdcfbc1f6d6f4f019c4f8b3f3ebe6a4b2960646a242cdd8094"], 0x0)
r8 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r8, 0xc0285700, &(0x7f00000000c0)={0xffffffff, "030000000000000023000000debd12ffff00000000000000000020000400", <r9=>0xffffffffffffffff})
r10 = epoll_create1(0x0)
ppoll(&(0x7f0000000080)=[{r9, 0x94a0}], 0x1, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r9, &(0x7f0000000040))
recvmmsg(r7, &(0x7f0000002780)=[{{0x0, 0xfffffffffffffde1, 0x0}}], 0x1, 0x2140, 0x0)
bind$packet(r6, &(0x7f0000000080)={0x11, 0x800, r5, 0x1, 0x0, 0x6, @multicast}, 0x14)
r11 = socket(0x200000000000011, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000300)={'syz_tun\x00', <r12=>0x0})
bind$packet(r11, &(0x7f0000000080)={0x11, 0x800, r12, 0x1, 0x0, 0x6, @multicast}, 0x14)

2.536882719s ago: executing program 4 (id=972):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000c40)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000440), 0x0, 0x8000)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
openat$audio(0xffffffffffffff9c, 0x0, 0x9e966e64318092aa, 0x0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000680), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
utime(0x0, 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
read$FUSE(r7, &(0x7f0000002140)={0x2020, 0x0, <r8=>0x0}, 0x2020)
write$FUSE_INIT(r6, &(0x7f0000000380)={0x50, 0x0, r8, {0x7, 0x29, 0x10001, 0x0, 0xc, 0x0, 0x9, 0x40}}, 0x50)
syz_fuse_handle_req(r6, &(0x7f0000004200)="bf6cfd123544686492166aa4d39ddae6b3db71bf402e492e4fc2fae5af064040d1577a76cf067fdb6db25396c648213a4dbda636843aa2cd905c8a0a8c33ee1da35f6110c2b706fe72aeec19bed39e584d8f7b375aa7e59c7d3a4f418994a93cef912037e77db3af8cd4c43cee5b5a43360c5e11ff1cd9bdb57d62a9fe582f2f06ed3edb193766852dd0cfed12144138d96dbd023e9eeaa0314b20ba4071a342d7d42fe9b36d400fed85aee3da1833379c3df6c365b4055992d228c09a59af2c4a5a162c37c3cbddb5608fb49a22b070a245920d2d9288b550315a3a26b3df076e1e1b6a7b9ce2655d5cf7ae9c3577290405471a2e1357166b98562a2ba612deb7450d6c2accfdd407c6bfddaf590e9f753de41cee1a0add82a3709a2f8b84b9c284a2d6a1b74a69ab3b72746482599f139f23626e98a1b33ec8becafffe9eca25e7c02c3f30f64287ba3b2462f7596f8809c78dad012389cfeac1e7f924b0222894d444a40e7d765def1c34edd37e1d90b650d796a3d2730bdba3522c3d685e8eb5c3e60f2f78a3b8aa146c5eace1953a666b1130dce0a37799e1d50b03502d449e3c09f1be874faccfcf092630648c28c85bd5c07e0911ccf55f474ce4e44a04655ade4eee9f6d5e37b71705f09abdc6e2d9bd63ce408e8cdd2197969d8a385862f77e0d7b598ca767090ec7b93717b34b1b098d0d608e5698e0b0613b672a3f33165756366519d35f64ee8be78d4c29c1385053918e05f325aca43e12ffb0d0b2cbe846ad6e5527a032ca57f738fe87ea24b67f873aed31da8650b2a7713b5e5dae0fe7730c33da557f5393e5aad62bde18e20eed96335b0b92895345cc19dc851bfcd21666b6a0398f9585d40a64fd9a541473ed3ccd3857d5cb3a2d134f750b2c1fdd157e3f255f726a9b4e77b61b34eb4820b1fd080043b5a1a04dc985f59c762ec837db525164b3a0a8aa5c9dbcc0d696b1d75b058afc10599dd06d541e48004353732e96e591324da2a6281a5662765afb27ab55eac1e0b56f341fa1aa04bdf2f4ca546e5f5bcb33acd8d664a51564361cf81b8ad8c722497f6bfb0fece234ce76cd1d4e13047cbac99473046735f67b0b5b90f8ecfc1fff473b14d7a640ed6f131e6e446583da47c6ee83a2f662bff87acf63be8781db597d37fea61da2559f5362ec974a288923852ad07641a577dc223e8977cb3080abf9a5c4621c384b42ae0bc19ef91ae842e262e44157c1a20917dcf3e85911d4bf20098dcde8a070f6ccbd57e808abcb394d94cd27ee996e9ab77ec9bc08e429726939189d9ddb612b7816f385c33b671798fabc518ebc2a2330ecc1aa3d134cacc459cc853291047ba52f4eb8f4a630fe2c1ceefe0a6e2096e725e63a7288e45e8a0b04b6d01a48858a73ca6400ff2e3f6151ca5a071616eecfd46dcc084030d637fc051b02e21f55f5a348c75aa8d0487ae4f724d748b8f44c80deea44724cc99fadde776ac214456aabc8ee2fa31325f0e2f8dab980fe513e54adfb22871a71e55126db04eee0cd73d35b0a269090a212b54eb1f138ace2adb4f043302bd8ea5eed550fa958fccd1387585cd7301f0b9287f1ee2354899ed43d10b5c4a5be2654e213b5f422a9e9b785321b898cdb2bb6590815b80c56f07d06ab88c28efc7ee1bfd02c849da8550dc4b2a3128738bd571310447bb6bd6f190e494e9056c4bb5d651398d7a9b9fc3a96a262e4cda9d181cfbdc92087a57769e1fc860fca716b2b406b6309378efdac65650c99e4f37fad02c11febbb626836887ccaa7b6a0ce8c2bd6bff67e44de25aa27bf30bbe0d980949ac1dbd979d02d50a8d2c36a016e18e838166cd88c0b677b17c37c76c0ef6fc8c835d9e01c0f6c1500b3af105883591083a2df7773f21c93c30c56edbbc649bbb5cbf16824fdc58e5e34d148da0f0e0ec43b94260723afcb020347ade5a27fd2f2bc45a0d30728a4804559f6306646a65e982f11c49dbd428276389eec8514d7840917b31a24b81a44b99c64e55962b4ff25b80daca9526a9ef5b04cb282a9b13512d1fc79ca94973b7dd4923332621b762c7dc6f96c7bdbad42697998a71e42a76a5979b3d0d92e7ffc73b88cc9db0e9da56a907d7235c0c90432db03bffff9675afd77d1467c75226ef1c2575cb8c59f5ffa4ce7db7e290d40060fce39c9487c657b20a275cae75565d37c68a5324d19cc53e0541eff7b089d79f4692e8a07e643848d6f73314eb5894c60d54bfa747e98502166a683377901b3dd4fb9d5246a8bb8f56542c78a5fcc4d87c4f2c24ed7b8ad10be1aa00d56b8dca29055f405329c834c1a54a38db546769476854f5e495c7f59e53eb2f192afe86d1c20493f8117182d6303f16b3ea4fd530fd1d73bb389f7f8818df714256a4a2c07f80eb166f15e64ef595d42adcf2089361070fec1de6aceca8d52edf413aef39ec5b9540999810665cda98b9071e8289fed8a31f79b8d02626a560b4908884ee34222e32355b2c081fa79e0488b932e5ae47ed025ecf7a6cddf0a2e1935f52980ae6fc90a1b15b8bc01eac7789d97cbca2b9edde0540e351ddc0c6d4939327c4ee975f0173953f958bdfffb021867eb5f946ef66af07a138a1cd9975b4e6e3fe0824dbc936a54b28a9d2e000221b754acdce4abe36109fdd48bedee4a90872e6145875c10b39226e0eb6a49e01a23dd10a93d2d1c9f740f5882cfba5132bd3683e54d1893223d9c695253b3a442c040f07530cce1608f8b1f7f96b5789491b819588d8c07a4f11cf5461c5648f6b2253c1506d2ecfb1765879f246046f57d062bb5e362bb077f3ed6f231d2324d09df5ae56c17ed38aa45a323102b01c90fd5aeb4c50f3a0f4fa7261b859bc5e66d6ea746f72209dc625e6ad36418d6f8d845b10496b4e2f7e87170627646acedc7295be3cae5f587e20f2437dc970ae1162f72e86e454839cec106f60a8b69bcf1be462af8129581cad16b8e7dc8ff34f46bab5f8ed65068684c590792fb054c11c59b9848ed1b8eb63c8d08c73c410830858d762461105f82ab739f7243531d0df0d49392a0296394e645df6773e7590f8c0c9bb02470a12ce4828ad184449d9292827e59ccb0e344a443ed89cdb5572010fac5999b579a56f4cee60af581c61b56abdca76545b5b4b0369654730f2598437b311b386f6f4832b92b2ddaa7bc89f38c7b132cbf3b60657c89e4c4821aba26ffa324ed2f05650d48958f4ed0ff1c1ea785ef78983107d0351e2faa050f137466b6f85e13684052b7c71611e7f7810e56210358934cc5b2ffc34f6a595be166ef1437d37f768e47dccdc26d08f30ab61cfd1965e1d53c312c5c025394f10bd500690e1c6847414bcbe46fc65493634f502a2fb4c3480e352b6336ab30fb7691740b6252093146723d78d03fdad8d4fab12c5304b61f949f877f0cbb7d859a5bda4a83a9da7d5ceca444db698c4f446f217a921b14eab4b7005c212dd2b2dc7315d03aed360596ce4171ee8bef6dabccecdf717dfd60982a7fbcd5548609f47c9b3339b818d7db959ca1df348e3203a9edb95e37d7e47fa0b489e67e0c64f30dd9da93a74ffdd7cab7d03c8906435baa9b306f064ebe91858dde4b07e362b835773512f71d8a4efd16527578a0b8354f896d89e4592acec8f2dc285c0664feadc43984bf5f128a9ca5309682b8633a3c4b5b2c240c2abc316bedf9c43617c9b86be20c5375307d634cb1f8c7390160b31cf88b17f8cba5ab1f30fd45be2cd81453e6de11acabb97f98a2a9e299f824d1743ef157daeb416baa1a0fdb21f00846e31f729b3e84e19a96910b75786e44e085d25d192aa44ec87a220cda9d80baf0ceb051e3847d360dbe9257277ae378780b5dbd567ced4124d708ae2f941ff33942114082dc7f0b0bc9f2ff297293f9c9102dd3631bacbe21740314c78d9dbf0f459eddced803c8022a860d2a1c9ff7758b33a6438b93a11ab8409ef2e12754567035ccc7a0a4b25f6c97d4cccdfeb864121e9a58acd13a84936bc6849e39fbb081a4a5f854a15c87f41fb6cf1990588b28d86544fac07706258af5199d72893adf6f495b2a723804c7fa3bc9c45236703d5b5aa4857d00b2817c5bfdd74c75c76914569f7f391d5d733542e53d403b2e35563e715e725eb843e80d033e7b5e14e6ac1270ce68331d396c8817cf2ba72443fc8553707bb50df798e49f678344444993efc5616cef1aade9e8616e01cf0a1afe65142b93b26271f43d8823f075ec836db0c688c3607f9ca8488808681aa4669516f7a1711f928bd6ae7cae0cefd31394d7ade078996265506ca016d20ce18ad7baf2b98cbac85e4cb4dfdcf9120c45c620dd482262e38ca6cb8d5f8cf34135e1b2c92738cf321b41ec5ad6c27b53974bd6b32f8866d625739f54b7a1e3e969dfdc7ddcd4411111da9ec3330c9d3165bb80b441d18a2ed76213fc5cf91d246a4f75971abbf7c5e312021e2b7d88ada65052772ed37a1705f6f5fcb50c9cff34f3f8afc94d010f3a9b92494a3ceeff67b9169d84e90e04e9d96ac56678b7a96f12d11e9a8a999e0b3231be2e98e412075050fa84edde02beef5f1ea1c737603dd5abe79007180f4baa2fa68d461523f1f81011c0e5124b041bd7d78048c2e92b74c58ab2c92e0a99ab83697910affdc4d831557b820bb624964b27ebf3ec74a671ae01522f401484722b0a21d0c3db91dbba3e6ff09a795ab6742ec355711e6a031d9dca8a4739eb3ad65fad53c6365276648e49334498251b6a5eedcf8b8c816baef260eea9dbd93a3a2df276b1298846adb481a5d66c981e04ba632b8229640bff0b48e3ec426f7554f423b04f8e5a3617163ccc1b635db7dfcf1de4e19acc41a8fe4968580d82cb7b9336b1bc1da4daeb4d5026d5f52ff16babd9a2c716d8cdfd105efbf0338fdef20737efb29619b96dfb91d38f619947fcf6116509226d61f4d67784a0607f1aed366a178fa17493742b21ae648b448d8f6de7c8744a7a306a6e831f9e5533111e1552de5ca8963ee594f3e5e7677721c252952035f3fa492ca2d0318f034e0936b3ab2f38360896360f6d4149edfe6cd3990bf1dbddd9f6efe6d122520b6e973e971e3841f58c1acaa5602b09e3e133c2dec8c7f82ccc696d050069c6cf6ed398196adca39f2158188f6af9500e2b46da5000ff573b01423967413c6d35b94cfee1b37637c8ef85e9482eaac678e93a02b48116f284700c003f4f0bff37a54912b591993778e6a3f4d886b03f7d80212032351a9b25fc8057c8219238e7d0cdb49fb877d42cd258823fe2e82ac795a2db4f0055141de68f5087b7889872739b6628739912af72bfd923aaf19ba5577416a3430616c3946d423e7923be9e27d7d7d9a9d5c8dc0490ceee579124872f9dd6858d0988ccba675d801f8d84f29aa8e0f1eb79333c434b44b090ae334ef2ae27d77be290750bb47ec716855195972d1360df2114ccd6ea07afcbe46d5627456fbfdfe1226d6952a57c6f8e35a38f659d3cee77c5bc05fdbee8880b1fea65bafa830c57514a10cf596abeab0dd5805651fc21c3dbe917bb81a857dcb5c7eb2d7ac1362594a1cb0d22b3d275e3b2b3bf9aaf07484d44fad49b4a7293a424520fa800841d26b8e4959655c62f8c19b7bb4f13a8e743236caa35d86df8ffd005d48718ca3ba03938d164ca22cf2b993ce997fe004fe36e54fda58c54d3ebf62a526b830c5434dff01abe238c03ff1e70d2084d54ff24ba9d7fbb93654f18ed8f9283b07c70eca0aa02a12cea47c4b36622a50e7440a0a2852863ee53aeee1e39979ef156f49ba09e3821bb35300fb368e0e491ee0a8304087fdf9f767b119522279bfb29546b8ffd41588bce693aa068465ac19e3b89b8ab4fe6986256f6acc452b8325d236ac006319f8e19180f6df39c6da5b3448d5ae047dec7ac08980b4254f05dedfca1b5df07a253cba9e7235f2ac599f9781a21bc96b383dedb59c5e6769d6277ff7419ad67d99bb3386213f8eb2912dd28bd4710fc25014e163eb85f920b4f1200224465a6117615db2db91d03b63b8e010390be211a9274e94714d43f9e1815f2d4537b543cf498540a90403d07fd1d44cd1b83e5f244d3cb80804091043e67f025203bf548dd269d36e9bb44313b27509dbef92c428414140f59564171a664895d8631d6af1a76ec2162b99fbf128b69a40d60775bccadd0d666277f83279805cd17724bbe59c23419396dfa0044d0f231701fcb2fb01cf2f16a3d3fcbe8ca2607431f08d00626e6499155a544a3ac9060ad0b4ae2303d4d66021b1b73e88843ba990e5e0ff54dfd9e303956b5cf7e02c9779fe7b66d3738000f68cee9a47a1be6847361122212147fe82b83b28bda3dbc7a176c5062a7d323c8cdf36e36692e73ce176a67e4ac5cecbe0fb18f2c13eee93a00e74f6852caa319e798c4ed6023a2cf9de1d5ec08589bfbd36feea5616237ce28169faf883c795da0e83d8c1a43fcb1b01a3ab8745fe4383b8fa4ad25aa1392cb70ceb6d5266e3bbe425cfb77c889d5905ef7645340ad4b43ed4072f648f8b284d76204ed62e34cb42423cc66bf4994281e9be8cfadef463830ccd827bdc06b972ddf23a8db22a9cbf0ab7cb5bc92db73c1f71af8e1a6588ce34e40286ac88c6b82f723b514058229f4969a984731fee52d0617604c01cfe200ad62f20b48c219eefd85705f93c157d551de23ea92c6b8f77385d772d86855c38f87e004d492d35afa757808c1433be3b60faf44fdc2abb7fa6a7ab64017643b98217bf7895315f53114ec45682e13ff0e7d28b4a3c941a23a1a123aee0243ac31be667a445e655064b4c8611d827170d166a5d57be53602b252e8ea4f7148cafa1ab5d88b0daed51b89cfb21744cb47dfb6ad47ef7938dce7e39103df8b3f747debfd7a5848f7aaf16b4e9a54828ae2065564ca9c7306c1ccfb58f8f32389bc22411034dbcd7a1b636eb3502e2fd73c6e33c84cddfc61e00a05c0dfc4ddeefd2bd2cd537b8c08b5450c2e073bfc9afe89b2c986f1fa621b9d6d10d676be22e90622043c55917641fab4e836b3294e65284568c022ba0ed747c0ba8a9800bb581922d0555ab291e8a88f78c9dc16a820ac5aade847f39aa360205cc29a16e87f87639f0ff1080c8de738b7e1b95c32d8232065359098b224eb7f128a76a284c8ce8c80f22c42b1f8107252134957d12c51acda4cfeb8c0787276c8474a480623fcaba3624f9351866459250cb31d64b700644928a6a27715b9c8e5bc7126f55b73f2a59782ef61874539ad341dc6230462de0e9f4af529cc97f9c4ea9528f1798867b79c99c48aa6715437d255940bc7493c850de58be7b5d4d7ce988969bf7ce993dedcdea96c2f96e02b2f1b82204bf9a39b56280ceaff19984cdc537fe9da707ffac23876d1c5208bd0f3232be346b56de24dd17db01129c961d77deb591a3d4f03292cbae8edfaf09bdd3464f166d5cfde6330ce738902a0711f2168f9f661d5c47675b37692c715356145c30b7f1a1faad00ed73613a54785b9b09b5ddf3b162cadf8a986afa95bdea54bcd77d6a6f27712b8e53a247ee8e42b7c9f1a61b331b0aedfd212bbedeb7f898b862cbd32acf0a024fb4a4cf0df1066231858fdd97c5bd27bbb98a92aa60d4eea842504d89ca74860c3929ba158749c37607355c2c85852feaf458e81605be16c0699c3df2d3d3381cfc63cf8593f87439e5e06e1fe14101a9461023ea38ae5dd55b09e3397dbcd561785531228e30bba5af79e36f61df39e20b6db6b6833a15edd61f02fd54997363f389ec17983c316ade70588c6a1bd1a4b99137fdd1a8f075528c84e069ce1258d9af2f2bbd05fba22621d39a2225af03983b89531a8ac1bbc6783a82b5bb671d7cf14ffd7ecab2067ac11a11e5bff62841830c78d7e38e2fe018625a3d74f680680ce6f64e676a6072691f87747d2c44acde2b4f7b1c04224c0c6bb6119f8a27a7673db49ad1aa07405b320d2bce1a931893184a8c0c9c355f07c1e3eb1eb6a2ee083283c3183f06f4cf491588ed38a12bba20ef46bbef3098dc4019d15570bbf27b80549a8a62a722a966f838f8dc6d3552b961e66f2a4a8555f6a2a26bbb392aa1bca2460fc0cd3b02491d82e5dbdb79ecb8dc05d00d2de5e597c449668e8c8ec4ed52f52c8c95057e957e771e25bc1e5a9f2f84bd957227430420dd3874901006deb4e76a3f9c6d1125b2ce37b8a92bd31d31eeaebe1db6d5bc0d4f94b66db399d50e20dfb2b0596d702a3ed942c439def9fcfca0fd703ae627f836b2c7d129641fa2864fc243b193fd528cd040950f37abf0a411adb986dfb60d7db78a037d4d0832516d3293c1a219b80d88eab190c3d8811aaf2deabf41fd2caa3cbb8e0442e790961706521352c934becaa94f1dd8adf07e27d516846f3e6086a47b8c436398af220e75d0e6a41f6b24cf42a1d7a15a385d3332c572f5d425f23b488111f460aa785890afca62edbc5fda2764b3bd4c2d8724a8032d788c038208f214f534023015c956145342121d59795172e576dae3011becf62133717941bf3b222fede03327f8f77b628552f571eee1baa043f11753453f8aa6504a937fa39920fe5cf5ab629a545d879a451dec7986b1db7a40583836cd98cf5c6ad4b3a23d465e15f682392e1bcbe093628204186781626161e14b86c514c0367467209f292a443e5368f6afc3c3db5a69e8331cbb223f069012bd1318f90bfc34cf7374a667a2d0b1575bdca5a8bbd963e2eca0550d1100bbcf842436f66a75acf6a9a54b015c04deec57e888478f93e6a2eda2e9286a7eb303cb3620b1ed526a310aaee6ea090565e51a073a8310a4f30ff41cde51242a3eeca7049dffb78c56c8db168d056cf6410f35c63bacd2668e04f0baba1dcf261348ebf4f9eef0a36be372da2543fe65db757d73c30faf882baa721e2c6084d94fd69242438cc1592805612d180c5c6cf6371714027a8cef6dcd795b7f031da738fb7b7fc84a332f6e9e846b060586b8cd4574c4cbc30764dae1f2e95e5ba0fd457b3fdea0330ef4c43fca88a887983116495b7b232235e5f9429ed93844fd61604207a4cd7aa98757a97cf98a6ebc0404c0f27fd372668c1663a8c648d046acddbe08594ce08ed3c19aa5b4818e6120b3420f4667f89a67d829d6fa4a4a38f7f582fe05920f1745a1546a67b6666562a10470fdc9e263f71a77c9f56077ade196709447e1f9c51dd1ad3caf9ad2a40bcad503bd56a14270b1058374659aee1af6bf271aecb00c00d704b97c470d8167d5354751d5d093001e80a2c58c0cf548ae38b8b039360573be1de5baaf3e54e573b82f32f20defbf0587ef8891dbc9988a7d6bcf273fe318f2ffd66b6074472fd74ec4c1941b8c553cc807d5ddeb8c61abde5151cafcf688de1c912e0b7e3981206d74374a02c861ea461eac3358cb8958798e8b05c982807968e6280a26a1f30cd2ec6c025514eea53422f3ab55d90c5c4cf7c008a2cec150da05e60c96f63d3f16ec24252d83f155c5b30d35e3efc311fec8d46b383f1ecef8c8f0149e889c50fc32c1c96d69812dd4711589e56d05856e2799e6c5ee98c68dec606d13586f48e24d49e09dc32900ce4d91bcbbe35fcb4f093aa3c116ef776abade75b19fccf74e97bf526c53f2b3b4b7a2a4a17c347b906b7813b3230d41193f99af95125b3db83ff33359daf873b22ab41bc35893d21acccd22b99a4677e0ae6c9e0ec21aa7c043976c09a6712df3ba80793faa5a78c343ceb084cee838bfa23d19dc5167e7294214617a852223403abd9e90577957c2bfb7b41b6bf0774b6336a89fb5b1c06f9d90f582b8e05df2c4653b27dddafe8852a4a64574838d299f2909321ea641c111c383100799b343c36431ad843bb86ee58c5734224821104e5b84ce25061c6d79fbf6911e28515dd1f14501ffe8de6890f03c72f4b13aaacdfb8445e971c677ee0b0c5d4204fc6f542540a3b0361d414b9a3a7f7184c3a672cf101ddc9691da8571333e28ff194e550528bea9954ff54439ce79a1f5472e2c6e191a142d48ec9e356a77ba4d750b0e90115d76a8dbd1f021ed0877bc95b061c596bfdf1378d5c8237e653a5b5c0b5504078c19b8c9cedb2057781a7d75d77ff18dfaa77f9fb015299f5394dd68eb752e4a0f24ff909fd97b4a66ee4340190ae9ebf375cb3186f5b1c5a3ca618856d405027238303f2c2eb4c0e8abbbe0245e24d97247b529b359e6b0229ab14b850f7d1495a3ca74a322ecb08998e5b64471dee26b3eb4993ca63f9f1f960c8e4fcc81a450577d7f9af87fb5791197914775ec27f6f4fccbbac4a3455161a9e55dae79516d4245cece37e6addb1ea2df024550bc36e0ef4cf96560b7be60c75a76a3a8b30fe0fe956aaee0a9625ce7e7d24e7993a14b0a8172b71da7280adfd9c833b653761f999b708684fb490070cb517b6ba369bccf9b291be0bfb031787ae3421e718a0faa5272107bf49554a1c616d9dab5a7490107618e3d8cbb6ade323d8a14a30a3f13100b3838dcc250d5e6987524b35c6a62a7d0930cd5256f61f56add16ad449747e60e54286b6fea425226b37203d48cd00072c39abe7759c9af9ab4d75473dcc0786d720a7b8f0ac360edc2194965fd9ae3c6c7945735bbcc25f102106f39e4968748f45a4afb000d57f18665216a0217ed0d3bfe027e697f8a55acb113f5c1e3751e5f6ae8b9d4eed38476a7bb70039416e081cb06b564d1f69276770e4062a95e2285cc94da0691e7a8d23876e815fd5c0f56a581b79aae45c9c3937b839a29732272f3909bd9357aa7c3c7fc3cf7e601797b82d24d5e0cd02f86bc1f639fda10d6b356502145051eedb2623c5e20a184e7f343ba1d846df02b1bf2896f3c99065bab4ca72eb0b1fc5e9b932eb727780fbe3092a0971fc5e0f53886723a054634a7f270154cd20522673063d68c68001dae21c28d95bb465da72abafe2d9d56aedba32b02c8e4dfa11f9c42d1fbf36c809d87116e105c73aed60c0c287e558e3abd4211fb4578fbd530dafe03d505161d7cfab9fe156c88642bf698e759aa41340bc20cd6ae2a49a3e88a76236bbaeba6cf051f9d736b2073d3018b4d6f4a884749cd4254af9b2b16787168e23cf50bd5f45214ec2ae694d1a42a7688ce658598548f1c2e935f3be5bba5fb8a708055e447d5b8450245ce83192115253e82b6a44960295df0f03d0f257032e2f042dcc376377b04b0f89f7bc29675721d4cb61c23c89ca607056c404e94afa3c479ce1bbd794274b20e8a7a3004ef194e50c2e886333bebb107db275c50dbf03ef9a07f5088b23046b55cf86475b1fde626ca822e2a1657e247815d3771e052472ea4c82d092fd67d97170d2b243f4d011f1377b8c663e3bee6431c240acf6892d10d5ecdca17376ab77e66a24788329b2ceb1471a56619e857bebf179e0a6d6439aac3f7a680743077d9d458bfeefa002c235918d9709ea846cc0e45fc5ae13afa2e5f0ede2488007bc12c2888d092c6c37c44ca5ead1ffc383e8668195bd09ad64292c442919", 0x2000, &(0x7f0000000fc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x8000000, 0x20, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffff}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
r9 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000480), 0x50200, 0x0)
write$binfmt_elf32(r9, &(0x7f0000001080)=ANY=[@ANYBLOB="7f454c46062108ef020000000000000002003e00050000005b01000038000000c4000000060000000800200003003500ff0781000000000007000000100000000100000001f0ffff08000000a0650000060000000008000000000060080000008d0000002effffff060000000700000007000000090000000600000030000000040000000f0000006000000002000000090000000500000029bc6b0c9aae20d5a6e6ee5bdfec811c77abf5850fcc4eae87b894f8d624cea207468d32b7907f94637e98fbc22d62c06e1dee1749c3ec72ab4639d4449010ad7b2bc49058c9a7ab8682a3dee855a4b6130c32e4efd46b6ae402c50a70eb94e24c4159744e18dea1c6f72eabdf858fec78753fbc98dad726a9b3fcf8f267a05538cf16d1ef5cf1ba4783f0d6ec79fee03ff4e1d8145fc748bf1e0ea89886b7ca9cf0789d00"/572], 0x23c)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r10=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r10, 0x1, 0x0, 0x6, @local}, 0x14)

2.305258949s ago: executing program 3 (id=973):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000ec0)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_KEY(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x34, 0x0, 0x1, 0x0, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_KEY={0x18, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x14, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}]}]}]}, 0x34}}, 0x810)
syz_genetlink_get_family_id$nfc(&(0x7f0000000340), r1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
shutdown(r4, 0x1)
connect$bt_l2cap(r4, 0x0, 0x0)

1.25650691s ago: executing program 3 (id=974):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_emit_ethernet(0x5e, 0x0, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x22)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000240)={0x48})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="ae29ace5bffbc200dcef2baf5bbc28ac204007cc4c0784e23101dc35cce21e5a5715d965b5a69a59cb035e5c23e652aadca701e62946a0674a7656ae3a6b4405dc1bed87d00942fe0b2a51a2ccf301cc8535a94dd879801de36f7d241b90f38b5e1d807b220645", @ANYRES32=0x0, @ANYRESHEX=r1], 0x70}, 0x1, 0x0, 0x0, 0x20008010}, 0x4)
sendmsg$nl_route(r1, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000680)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)
ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(0xffffffffffffffff, 0x3ba0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r2=>0x0})
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000440)={0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x48801}, 0x4)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x15, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000800000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000a0000000bf090000000000005509010000030000950000000000000085100000f5ffffffbf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000240)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, @sk_reuseport, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000140)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r4}, 0x18)
r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r5, 0x40186f40, 0x20000502)
socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r6, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"})
flock(0xffffffffffffffff, 0x2)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x20008014, &(0x7f0000000340)={0x11, 0x2, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14)
renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='befs\x00', 0x109, 0x0)
socket$inet(0x2, 0x2, 0x7)

1.237466113s ago: executing program 1 (id=975):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x2, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89d0080b8785d96000100", "2809e8db03000000000000004afac100000020a1a93c5240f45f819e00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6, 0x3]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_TSC_KHZ(r5, 0xaea2, 0x401)

1.143924296s ago: executing program 2 (id=976):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0)
r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_ep_write(r2, 0x82, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[], 0x0, 0x3e, 0x0, 0x0, 0x1, 0x0, @void, @value}, 0x28)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8936, &(0x7f0000000000)={'nicvf0\x00', 0x0})
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x15)
bind$xdp(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x1}, 0x10)
ioctl$TCFLSH(r3, 0x404c4701, 0x20000000)
ioctl$VHOST_VDPA_GET_VRING_NUM(r1, 0x8002af76, &(0x7f00000000c0))
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$IP6T_SO_GET_REVISION_MATCH(r4, 0x29, 0x44, &(0x7f0000000180)={'NETMAP\x00'}, &(0x7f00000001c0)=0x1e)
r5 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x4000)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000808500000015000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0857f9f582f0300000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$CEC_G_MODE(r5, 0x80046108, &(0x7f0000000140))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xc2dfe590433f74cd, 0x4008031, 0xffffffffffffffff, 0x58f6a000)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401"], 0x0)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card3/oss_mixer\x00', 0x0, 0x0)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x2})

1.034542654s ago: executing program 4 (id=977):
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$igmp(0x2, 0x3, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x13, &(0x7f00000003c0)=ANY=[@ANYBLOB="180800001bc81a00000200000000003303d037e73efe00001800000020f09f6a988f4915ca492bd51a9b5d243423c82d4e5aa3041bce3512ecf67782cc2f16ffecc50714646a00561811e7fd2287e73f950560eadaccb16f59c0aa7a916a92e24b55", @ANYRES32, @ANYBLOB="00000000000000006608000000000101180000000000000000000000000000009500000000000000360a000000000000180100002020782500"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000700)={'tunl0\x00', &(0x7f0000000840)={'gretap0\x00', 0x0, 0xf890, 0x0, 0x6, 0x4, {{0x5, 0x4, 0x2, 0x5, 0x14, 0x66, 0x0, 0x7, 0x4, 0x0, @private=0xa010101, @initdev={0xac, 0x1e, 0x1, 0x0}}}}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$netlink(0x10, 0x3, 0x0)
socket(0x200000000000011, 0x2, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}]}, 0x34}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x1, 0xfa, 0x41b}}}, 0x7)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000000c0)={0x0, 0x8, 0x1, 0xfffffffa, @vifc_lcl_ifindex, @local}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000e40)=ANY=[], 0x54}}, 0x44091)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@ipmr_delroute={0x1c, 0x19, 0x1, 0x0, 0x0, {0x80, 0x80, 0x0, 0xff, 0xff, 0x11, 0x0, 0x9}}, 0x1c}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a03000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000180003801400010076657468305f746f5f6873720000000008000240000000005c000000160a0101000b000000000000010000000900020073797a30400000000900010073797a3000000000300003"], 0xfc}, 0x1, 0x0, 0x0, 0x804}, 0x40000)
ioctl$TCFLSH(0xffffffffffffffff, 0x40045436, 0x2)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="2eec0a0009000070e2db620ba0", 0xd}], 0x1}, 0x20000000)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)=ANY=[], 0x20)
write$rfkill(0xffffffffffffffff, 0x0, 0x0)

849.994064ms ago: executing program 0 (id=978):
socket$inet_smc(0x2b, 0x1, 0x0)
socket$inet(0x2, 0x4000000805, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x597}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000540)={0x8000, 0xba, {<r0=>0x0}, {}, 0x5, 0x5})
sched_setaffinity(r0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x42280, 0x0)
close(0x4)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r3, 0x4020aed2, &(0x7f0000000000)={0x303000, 0x606000, 0x8})
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00001f0000), 0x1000002, 0x0)
r6 = dup(r5)
r7 = open(&(0x7f0000000000)='./bus\x00', 0x44542, 0x2)
ftruncate(r7, 0xee72)
sendfile(r6, r7, 0x0, 0x8000fffffffe)
r8 = fcntl$dupfd(r6, 0x0, r7)
r9 = dup3(r5, r8, 0x80000)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000040)=0x1b)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000a, 0x5d031, 0xffffffffffffffff, 0x0)
openat$incfs(0xffffffffffffffff, &(0x7f0000000440)='.pending_reads\x00', 0x2, 0x4)
r10 = userfaultfd(0x801)
ioctl$UFFDIO_API(r10, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r10, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})

0s ago: executing program 1 (id=979):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$usbmon(&(0x7f0000000240), 0x5, 0x6421c1)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000480), 0xffffffffffffffff)
mkdir(&(0x7f0000000040)='./file0\x00', 0x43)
mount(&(0x7f0000000000)=@nullb, &(0x7f0000000100)='./file0\x00', &(0x7f00000000c0)='xfs\x00', 0x80c0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x270, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="0203"], 0x10}}, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}])
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r2, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x7, 0x0, &(0x7f0000000040), 0x0, 0x0}})
sendmsg$DEVLINK_CMD_RATE_DEL(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000004c0)={0x44, r1, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000010}, 0x4000)
ioperm(0xa891, 0x20, 0x80007ff)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$VIDIOC_G_PARM(r3, 0xc0cc5615, &(0x7f0000000c40)={0xb, @capture={0x1000, 0x1, {0x7, 0x80}, 0x400, 0xa}})
r4 = syz_io_uring_setup(0x4300, &(0x7f0000000380)={0x0, 0xfffffffe, 0x10100, 0x2, 0xd0}, &(0x7f0000000040), &(0x7f00000000c0)=<r5=>0x0)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
r7 = open$dir(&(0x7f0000000200)='./file0\x00', 0x8402, 0x0)
syz_io_uring_submit(0x0, r5, &(0x7f00000001c0)=@IORING_OP_RENAMEAT={0x23, 0x75, 0x0, 0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000180)='./file1\x00', r7, 0x0, 0x1, {0x0, r6}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb1d8, @void, @value}, 0x94)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r8, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r8, &(0x7f0000000340)="23000000010006", 0x7)

kernel console output (not intermixed with test programs):

72461][    T8] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 87
[  188.315790][    T8] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 81
[  188.325298][    T8] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 82
[  188.338434][    T8] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 1
[  188.355413][    T8] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 2
[  188.367175][    T8] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 85
[  188.378619][    T8] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 5
[  188.403057][    T8] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[  188.532374][    T8] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 83
[  188.588922][ T5923] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  188.637456][    T8] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 84
[  188.637964][ T7126] netlink: 12 bytes leftover after parsing attributes in process `syz.4.334'.
[  188.764545][ T5923] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  188.767785][ T5923] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  188.767815][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.767836][ T5923] usb 2-1: Product: syz
[  188.767851][ T5923] usb 2-1: Manufacturer: syz
[  188.767865][ T5923] usb 2-1: SerialNumber: syz
[  188.797737][ T7133] vhci_hcd: connection reset by peer
[  188.798034][    T8] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 3
[  188.798117][    T8] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 4
[  188.798158][    T8] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 86
[  188.798198][    T8] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 6
[  188.801074][   T12] vhci_hcd: stop threads
[  188.801130][   T12] vhci_hcd: release socket
[  188.801646][   T12] vhci_hcd: disconnect device
[  188.802060][    T8] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[  188.822893][    T8] usb 3-1: USB disconnect, device number 12
[  188.933298][ T5900] usb 5-1: string descriptor 0 read error: -71
[  188.966047][ T5900] pegasus 5-1:0.163: probe with driver pegasus failed with error -71
[  188.995503][    T8] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[  189.013092][ T5900] usb 5-1: USB disconnect, device number 9
[  189.043436][    T8] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[  189.068385][    T8] keyspan 3-1:0.11: device disconnected
[  189.956432][ T5923] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42
[  189.965347][ T5923] cdc_ncm 2-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  190.023521][ T5923] cdc_ncm 2-1:1.0: setting rx_max = 2048
[  190.159066][ T5923] cdc_ncm 2-1:1.0: setting tx_max = 88
[  190.171702][   T29] audit: type=1800 audit(1738033945.549:18): pid=7159 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.342" name="file1" dev="tmpfs" ino=377 res=0 errno=0
[  190.426696][ T5923] cdc_ncm 2-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  191.262737][ T5923] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  191.416466][ T5923] usb 3-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.05
[  191.436399][ T5923] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.440742][ T7187] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  191.455859][ T5923] usb 3-1: Product: syz
[  191.466157][ T5923] usb 3-1: Manufacturer: syz
[  191.477497][ T5923] usb 3-1: SerialNumber: syz
[  191.493877][ T5923] usb 3-1: config 0 descriptor??
[  191.513042][ T7187] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  191.543417][ T5923] go7007 3-1:0.0: probe with driver go7007 failed with error -12
[  191.582815][ T6282] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  191.614457][    T8] usb 2-1: USB disconnect, device number 10
[  191.621267][    T8] cdc_ncm 2-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM (NO ZLP)
[  191.762334][ T6282] usb 4-1: config 0 has an invalid interface number: 107 but max is 0
[  191.828549][ T6282] usb 4-1: config 0 has no interface number 0
[  191.946531][ T6282] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 10
[  192.081380][ T6282] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  192.212776][ T6282] usb 4-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60
[  192.244353][ T6282] usb 4-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3
[  192.262762][ T7173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  192.273057][ T6282] usb 4-1: Product: syz
[  192.277790][ T6282] usb 4-1: Manufacturer: syz
[  192.287954][ T6282] usb 4-1: SerialNumber: syz
[  192.293092][ T7173] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  192.324610][ T5923] kernel write not supported for file /input/event2 (pid: 5923 comm: kworker/1:6)
[  192.336508][ T6282] usb 4-1: config 0 descriptor??
[  192.344363][ T7173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  192.370679][ T6282] keyspan 4-1:0.107: Keyspan 4 port adapter converter detected
[  192.378889][ T7173] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  192.402756][ T6282] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 81
[  192.431563][ T5923] usb 3-1: USB disconnect, device number 13
[  192.449453][ T6282] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 1
[  192.488441][ T6282] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB0
[  192.527682][ T6282] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 2
[  192.557756][ T6282] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB1
[  192.605256][ T6282] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 4
[  192.622013][ T6282] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB2
[  192.664335][ T6282] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 6
[  192.709321][ T6282] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB3
[  192.814323][ T5900] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  192.993734][ T5900] usb 5-1: Using ep0 maxpacket: 32
[  193.010794][ T5900] usb 5-1: config 1 has an invalid interface number: 236 but max is 0
[  193.033380][ T5900] usb 5-1: config 1 has no interface number 0
[  193.059043][ T5900] usb 5-1: config 1 interface 236 altsetting 2 bulk endpoint 0x5 has invalid maxpacket 1024
[  193.092780][    T8] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  193.113256][ T5900] usb 5-1: config 1 interface 236 has no altsetting 0
[  193.122844][    T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  193.135749][ T5900] usb 5-1: New USB device found, idVendor=0451, idProduct=5152, bcdDevice=aa.6a
[  193.155292][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.175605][ T5900] usb 5-1: Product: syz
[  193.179831][ T5900] usb 5-1: Manufacturer: syz
[  193.184831][ T5870] vhci_hcd: vhci_device speed not set
[  193.201182][ T5900] usb 5-1: SerialNumber: syz
[  193.222294][ T7202] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  193.249329][ T5900] ti_usb_3410_5052 5-1:1.236: TI USB 5052 2 port adapter converter detected
[  193.275481][    T9] usb 1-1: config 0 has an invalid interface number: 163 but max is 0
[  193.284105][    T8] usb 2-1: config 0 has an invalid interface number: 11 but max is 0
[  193.292233][    T8] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  193.306236][    T9] usb 1-1: config 0 has no interface number 0
[  193.312373][    T9] usb 1-1: too many endpoints for config 0 interface 163 altsetting 237: 140, using maximum allowed: 30
[  193.335206][    T8] usb 2-1: config 0 has no interface number 0
[  193.341515][    T8] usb 2-1: config 0 interface 11 altsetting 253 endpoint 0x7 has invalid wMaxPacketSize 0
[  193.352134][    T9] usb 1-1: config 0 interface 163 altsetting 237 has 0 endpoint descriptors, different from the interface descriptor's value: 140
[  193.366406][    T8] usb 2-1: config 0 interface 11 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  193.380135][    T9] usb 1-1: config 0 interface 163 has no altsetting 0
[  193.387063][    T9] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  193.396241][    T8] usb 2-1: config 0 interface 11 has no altsetting 0
[  193.403330][    T8] usb 2-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  193.412485][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.421459][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.430846][    T9] usb 1-1: config 0 descriptor??
[  193.441664][    T8] usb 2-1: config 0 descriptor??
[  193.455210][    T8] keyspan 2-1:0.11: Keyspan 2 port adapter converter detected
[  193.473203][    T8] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 87
[  193.482971][    T8] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 81
[  193.490818][    T8] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 82
[  193.502149][ T7202] sp0: Synchronizing with TNC
[  193.520881][    T8] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 1
[  193.538020][    T8] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 2
[  193.555464][    T8] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 85
[  193.582756][    T8] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 5
[  193.593021][    T8] usb 2-1: Keyspan 2 port adapter converter now attached to ttyUSB4
[  193.609751][ T6282] usb 5-1: USB disconnect, device number 10
[  193.623802][    T8] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 83
[  193.646890][ T7211] netlink: 12 bytes leftover after parsing attributes in process `syz.0.353'.
[  193.688164][    T8] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 84
[  193.688247][    T8] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 3
[  193.688290][    T8] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 4
[  193.688357][    T8] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 86
[  193.688400][    T8] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 6
[  193.693464][    T8] usb 2-1: Keyspan 2 port adapter converter now attached to ttyUSB5
[  193.788100][ T6282] usb 2-1: USB disconnect, device number 11
[  193.791210][ T6282] keyspan_2 ttyUSB4: Keyspan 2 port adapter converter now disconnected from ttyUSB4
[  193.821317][ T6282] keyspan_2 ttyUSB5: Keyspan 2 port adapter converter now disconnected from ttyUSB5
[  193.842040][    T9] usb 1-1: string descriptor 0 read error: -71
[  193.871197][    T9] pegasus 1-1:0.163: probe with driver pegasus failed with error -71
[  193.881016][ T6282] keyspan 2-1:0.11: device disconnected
[  193.889860][    T9] usb 1-1: USB disconnect, device number 8
[  194.419033][ T5870] usb 4-1: USB disconnect, device number 10
[  194.518244][ T5870] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0
[  194.583063][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  194.589442][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  194.639380][ T5870] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1
[  194.711448][ T5870] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2
[  195.066416][ T5870] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3
[  195.103415][ T5870] keyspan 4-1:0.107: device disconnected
[  195.134732][ T6282] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  195.825430][ T6282] usb 3-1: config 0 has an invalid interface number: 163 but max is 0
[  195.861601][ T6282] usb 3-1: config 0 has no interface number 0
[  195.910390][ T6282] usb 3-1: too many endpoints for config 0 interface 163 altsetting 237: 140, using maximum allowed: 30
[  195.950613][ T6282] usb 3-1: config 0 interface 163 altsetting 237 has 0 endpoint descriptors, different from the interface descriptor's value: 140
[  196.038313][ T6282] usb 3-1: config 0 interface 163 has no altsetting 0
[  196.065685][ T6282] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  196.104400][ T6282] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.219120][ T6282] usb 3-1: config 0 descriptor??
[  196.569583][ T7233] netlink: 12 bytes leftover after parsing attributes in process `syz.2.357'.
[  197.795954][ T6282] usb 3-1: string descriptor 0 read error: -71
[  197.836624][ T6282] pegasus 3-1:0.163: probe with driver pegasus failed with error -71
[  197.874653][ T7264] FAULT_INJECTION: forcing a failure.
[  197.874653][ T7264] name failslab, interval 1, probability 0, space 0, times 0
[  197.893110][ T6282] usb 3-1: USB disconnect, device number 14
[  197.988842][ T7264] CPU: 0 UID: 0 PID: 7264 Comm: syz.3.366 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  197.988868][ T7264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  197.988878][ T7264] Call Trace:
[  197.988884][ T7264]  <TASK>
[  197.988891][ T7264]  dump_stack_lvl+0x241/0x360
[  197.988916][ T7264]  ? __pfx_dump_stack_lvl+0x10/0x10
[  197.988932][ T7264]  ? __pfx__printk+0x10/0x10
[  197.988956][ T7264]  ? fs_reclaim_acquire+0x93/0x130
[  197.988974][ T7264]  ? __pfx___might_resched+0x10/0x10
[  197.988990][ T7264]  ? dynamic_dname+0x141/0x1b0
[  197.989015][ T7264]  should_fail_ex+0x40a/0x550
[  197.989038][ T7264]  should_failslab+0xac/0x100
[  197.989060][ T7264]  __kmalloc_noprof+0xdd/0x4c0
[  197.989079][ T7264]  ? tomoyo_encode+0x26f/0x540
[  197.989106][ T7264]  tomoyo_encode+0x26f/0x540
[  197.989129][ T7264]  ? __pfx_sockfs_dname+0x10/0x10
[  197.989149][ T7264]  tomoyo_realpath_from_path+0x59e/0x5e0
[  197.989191][ T7264]  tomoyo_path_number_perm+0x236/0x860
[  197.989210][ T7264]  ? __lock_acquire+0x1397/0x2100
[  197.989231][ T7264]  ? tomoyo_path_number_perm+0x206/0x860
[  197.989253][ T7264]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  197.989313][ T7264]  ? __fget_files+0x2a/0x410
[  197.989336][ T7264]  ? __fget_files+0x2a/0x410
[  197.989360][ T7264]  security_file_ioctl+0xc6/0x2a0
[  197.989383][ T7264]  __se_sys_ioctl+0x46/0x170
[  197.989402][ T7264]  do_syscall_64+0xf3/0x230
[  197.989423][ T7264]  ? clear_bhb_loop+0x35/0x90
[  197.989447][ T7264]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.989465][ T7264] RIP: 0033:0x7f2d3db8cd29
[  197.989480][ T7264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  197.989494][ T7264] RSP: 002b:00007f2d3e961038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  197.989513][ T7264] RAX: ffffffffffffffda RBX: 00007f2d3dda5fa0 RCX: 00007f2d3db8cd29
[  197.989525][ T7264] RDX: 0000000020000b40 RSI: 0000000000008922 RDI: 0000000000000004
[  197.989536][ T7264] RBP: 00007f2d3e961090 R08: 0000000000000000 R09: 0000000000000000
[  197.989546][ T7264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  197.989555][ T7264] R13: 0000000000000000 R14: 00007f2d3dda5fa0 R15: 00007ffe36094ce8
[  197.989582][ T7264]  </TASK>
[  197.989598][ T7264] ERROR: Out of memory at tomoyo_realpath_from_path.
[  198.773022][ T5923] usb 1-1: new full-speed USB device number 9 using dummy_hcd
[  198.950493][ T5923] usb 1-1: config 0 has an invalid interface number: 11 but max is 0
[  199.026690][ T5923] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  199.129966][ T5923] usb 1-1: config 0 has no interface number 0
[  199.197516][ T5923] usb 1-1: config 0 interface 11 altsetting 253 endpoint 0x7 has invalid wMaxPacketSize 0
[  199.243241][ T5923] usb 1-1: config 0 interface 11 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  199.338836][ T5923] usb 1-1: config 0 interface 11 has no altsetting 0
[  199.402701][ T5923] usb 1-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  199.456458][ T5923] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  199.539566][ T5923] usb 1-1: config 0 descriptor??
[  199.577101][ T5923] keyspan 1-1:0.11: Keyspan 2 port adapter converter detected
[  199.596153][ T5923] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 87
[  199.683264][ T5923] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 81
[  199.732759][ T5923] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 82
[  199.760022][ T5923] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 1
[  199.782777][ T5870] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  199.811373][ T7302] deleting an unspecified loop device is not supported.
[  199.832961][ T5923] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 2
[  199.855472][ T5923] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 85
[  199.893603][ T5923] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 5
[  199.952947][ T5923] usb 1-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[  199.965960][ T5870] usb 3-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.05
[  199.986571][ T5923] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 83
[  200.012694][ T5870] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.032982][ T5923] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 84
[  200.040798][ T5923] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 3
[  200.067298][ T5870] usb 3-1: Product: syz
[  200.071527][ T5870] usb 3-1: Manufacturer: syz
[  200.090235][ T5870] usb 3-1: SerialNumber: syz
[  200.095925][ T5923] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 4
[  200.132502][ T5870] usb 3-1: config 0 descriptor??
[  200.133977][ T5923] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 86
[  200.182722][ T5923] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 6
[  200.220908][ T5923] usb 1-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[  200.271067][ T5923] usb 1-1: USB disconnect, device number 9
[  200.331012][ T5923] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[  200.344793][ T5870] go7007 3-1:0.0: probe with driver go7007 failed with error -12
[  200.505139][ T5923] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[  200.534275][ T5923] keyspan 1-1:0.11: device disconnected
[  200.562875][ T7294] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  200.609188][ T7294] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  200.646888][ T7317] netlink: zone id is out of range
[  200.652050][ T7317] netlink: zone id is out of range
[  200.664163][ T7294] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  200.688563][ T7294] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  200.697667][ T7317] netlink: zone id is out of range
[  200.725528][ T5923] usb 3-1: USB disconnect, device number 15
[  200.746815][ T7317] netlink: get zone limit has 4 unknown bytes
[  200.945668][   T29] audit: type=1326 audit(1738033956.449:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7323 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5b178cd29 code=0x7ffc0000
[  201.008387][   T29] audit: type=1326 audit(1738033956.459:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7323 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fb5b178cd29 code=0x7ffc0000
[  202.243253][   T29] audit: type=1326 audit(1738033956.459:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7323 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5b178cd29 code=0x7ffc0000
[  202.264864][   T29] audit: type=1326 audit(1738033956.459:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7323 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5b178cd29 code=0x7ffc0000
[  202.682800][   T29] audit: type=1326 audit(1738033956.459:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7323 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fb5b178cd29 code=0x7ffc0000
[  202.796689][   T29] audit: type=1326 audit(1738033956.459:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7323 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5b178cd29 code=0x7ffc0000
[  202.976566][   T29] audit: type=1326 audit(1738033956.459:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7323 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5b178cd29 code=0x7ffc0000
[  203.112707][   T29] audit: type=1326 audit(1738033956.459:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7323 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7fb5b178cd29 code=0x7ffc0000
[  203.426291][   T29] audit: type=1326 audit(1738033956.469:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7323 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5b178cd29 code=0x7ffc0000
[  203.566855][   T29] audit: type=1326 audit(1738033956.469:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7323 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5b178cd29 code=0x7ffc0000
[  206.549889][ T5901] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  207.610269][ T5901] usb 3-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.05
[  207.623549][ T5901] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.632071][ T5901] usb 3-1: Product: syz
[  207.637389][ T5901] usb 3-1: Manufacturer: syz
[  207.642019][ T5901] usb 3-1: SerialNumber: syz
[  207.653383][ T5901] usb 3-1: config 0 descriptor??
[  207.662097][ T5901] go7007 3-1:0.0: probe with driver go7007 failed with error -12
[  208.736509][ T7397] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  208.761490][ T5135] Bluetooth: hci4: unexpected event for opcode 0x041b
[  208.782346][ T7397] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  208.962003][ T7375] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  209.030492][ T7375] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  209.075791][    T9] usb 3-1: USB disconnect, device number 16
[  209.171868][ T7402] fuse: Unknown parameter 'grou00000000000000000000'
[  209.233236][ T7400] netlink: 20 bytes leftover after parsing attributes in process `syz.1.405'.
[  209.243112][   T29] kauditd_printk_skb: 15 callbacks suppressed
[  209.243129][   T29] audit: type=1800 audit(1738033964.739:44): pid=7402 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.406" name="file1" dev="tmpfs" ino=481 res=0 errno=0
[  210.573418][ T5901] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  210.771269][ T5901] usb 1-1: device descriptor read/64, error -71
[  211.112894][ T5901] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  211.973156][ T5901] usb 1-1: device descriptor read/64, error -71
[  212.088623][ T5901] usb usb1-port1: attempt power cycle
[  214.540085][    T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  214.732899][    T9] usb 1-1: device descriptor read/64, error -71
[  215.170035][    T9] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  215.375360][    T9] usb 1-1: device descriptor read/64, error -71
[  215.714413][    T9] usb usb1-port1: attempt power cycle
[  216.409918][    T9] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  216.707319][    T9] usb 1-1: device descriptor read/8, error -71
[  217.254537][ T7491] fuse: Unknown parameter 'grou00000000000000000000'
[  217.263917][   T29] audit: type=1800 audit(1738033972.769:45): pid=7491 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.430" name="file1" dev="tmpfs" ino=503 res=0 errno=0
[  217.573903][ T7498] netlink: 'syz.1.431': attribute type 22 has an invalid length.
[  217.584898][ T7497] binder: 7493:7497 ioctl c0306201 0 returned -14
[  217.682870][ T7498] netlink: 36 bytes leftover after parsing attributes in process `syz.1.431'.
[  218.922910][ T5870] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  219.873978][ T5870] usb 3-1: config index 0 descriptor too short (expected 4114, got 18)
[  219.947605][ T5870] usb 3-1: New USB device found, idVendor=066b, idProduct=20f9, bcdDevice=ff.94
[  219.955490][ T6282] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  219.965123][ T5870] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  219.982872][ T5870] usb 3-1: Product: syz
[  219.987208][ T5870] usb 3-1: Manufacturer: syz
[  219.993553][ T5870] usb 3-1: SerialNumber: syz
[  220.003947][ T5870] usb 3-1: config 0 descriptor??
[  220.238699][ T6282] usb 5-1: config 0 has an invalid interface number: 11 but max is 0
[  220.647638][ T6282] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  220.676694][ T6282] usb 5-1: config 0 has no interface number 0
[  220.695595][ T7507] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  220.714788][ T6282] usb 5-1: config 0 interface 11 altsetting 253 endpoint 0x7 has invalid wMaxPacketSize 0
[  220.753338][ T6282] usb 5-1: config 0 interface 11 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  220.772828][ T7507] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  220.792727][ T6282] usb 5-1: config 0 interface 11 has no altsetting 0
[  220.817192][ T6282] usb 5-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  220.837983][ T5870] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  220.840507][ T6282] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.903590][ T6282] usb 5-1: config 0 descriptor??
[  220.948845][ T6282] keyspan 5-1:0.11: Keyspan 2 port adapter converter detected
[  221.019564][ T5870] asix 3-1:0.0: probe with driver asix failed with error -71
[  221.032861][ T5870] usb 3-1: USB disconnect, device number 17
[  221.146426][ T6282] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 87
[  221.379395][ T6282] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 81
[  221.479284][ T6282] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 82
[  221.558982][ T6282] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 1
[  221.688961][ T6282] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 2
[  221.712689][ T6282] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 85
[  221.786688][ T6282] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 5
[  222.256926][ T6282] usb 5-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[  222.293736][ T6282] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 83
[  222.301577][ T6282] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 84
[  222.352872][ T6282] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 3
[  222.360616][ T6282] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 4
[  222.413089][ T6282] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 86
[  222.431507][ T6282] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 6
[  222.453642][ T6282] usb 5-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[  222.494489][ T6282] usb 5-1: USB disconnect, device number 11
[  222.626653][ T6282] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[  222.653468][ T6282] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[  222.732714][   T46] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  222.760356][ T7536] overlayfs: failed to resolve './file1': -2
[  222.794045][ T6282] keyspan 5-1:0.11: device disconnected
[  223.632855][   T46] usb 1-1: Using ep0 maxpacket: 32
[  223.657564][   T46] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  223.729706][   T46] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  223.740635][   T46] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  223.768749][   T46] usb 1-1: Product: syz
[  224.013600][   T46] usb 1-1: Manufacturer: syz
[  224.018616][   T46] usb 1-1: SerialNumber: syz
[  224.088748][   T46] usb 1-1: config 0 descriptor??
[  224.188998][ T7556] binder: 7550:7556 ioctl c0306201 20000680 returned -14
[  224.279912][ T7555] =======================================================
[  224.279912][ T7555] WARNING: The mand mount option has been deprecated and
[  224.279912][ T7555]          and is ignored by this kernel. Remove the mand
[  224.279912][ T7555]          option from the mount to silence this warning.
[  224.279912][ T7555] =======================================================
[  224.315441][    C0] vkms_vblank_simulate: vblank timer overrun
[  224.341158][ T7541] netlink: 1 bytes leftover after parsing attributes in process `syz.0.445'.
[  224.352857][ T7541] openvswitch: netlink: Actions may not be safe on all matching packets
[  224.426888][ T7563] netlink: 4 bytes leftover after parsing attributes in process `syz.0.445'.
[  224.496858][ T5900] usb 1-1: USB disconnect, device number 17
[  230.750142][ T5135] Bluetooth: hci4: unexpected event for opcode 0x041b
[  230.767158][ T7622] netlink: 44 bytes leftover after parsing attributes in process `syz.3.465'.
[  230.921709][ T7634] ipvlan1: entered allmulticast mode
[  230.927179][ T7634] veth0_vlan: entered allmulticast mode
[  231.151030][ T7633] FAULT_INJECTION: forcing a failure.
[  231.151030][ T7633] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  231.164233][ T7633] CPU: 0 UID: 0 PID: 7633 Comm: syz.2.466 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  231.164255][ T7633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  231.164266][ T7633] Call Trace:
[  231.164272][ T7633]  <TASK>
[  231.164279][ T7633]  dump_stack_lvl+0x241/0x360
[  231.164304][ T7633]  ? __pfx_dump_stack_lvl+0x10/0x10
[  231.164321][ T7633]  ? __pfx__printk+0x10/0x10
[  231.164345][ T7633]  ? __pfx_lock_release+0x10/0x10
[  231.164373][ T7633]  should_fail_ex+0x40a/0x550
[  231.164396][ T7633]  _copy_from_user+0x2d/0xb0
[  231.164413][ T7633]  __sys_bpf+0x1a4/0x810
[  231.164433][ T7633]  ? __pfx___sys_bpf+0x10/0x10
[  231.164463][ T7633]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  231.164486][ T7633]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  231.164507][ T7633]  ? do_syscall_64+0x100/0x230
[  231.164533][ T7633]  __x64_sys_bpf+0x7c/0x90
[  231.164549][ T7633]  do_syscall_64+0xf3/0x230
[  231.164569][ T7633]  ? clear_bhb_loop+0x35/0x90
[  231.164592][ T7633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  231.164612][ T7633] RIP: 0033:0x7f0b5578cd29
[  231.164627][ T7633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  231.164641][ T7633] RSP: 002b:00007f0b565f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  231.164658][ T7633] RAX: ffffffffffffffda RBX: 00007f0b559a6160 RCX: 00007f0b5578cd29
[  231.164670][ T7633] RDX: 0000000000000048 RSI: 0000000020000080 RDI: 0000000000000005
[  231.164681][ T7633] RBP: 00007f0b565f6090 R08: 0000000000000000 R09: 0000000000000000
[  231.164692][ T7633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  231.164702][ T7633] R13: 0000000000000000 R14: 00007f0b559a6160 R15: 00007fff3dcb3f98
[  231.164728][ T7633]  </TASK>
[  231.348276][    C0] vkms_vblank_simulate: vblank timer overrun
[  231.720174][ T5901] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  231.905015][ T5901] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  231.941952][ T5901] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  231.965112][ T5901] usb 1-1: New USB device found, idVendor=07c0, idProduct=1524, bcdDevice= 0.00
[  231.987261][ T5901] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  232.016073][ T5901] usb 1-1: config 0 descriptor??
[  232.651225][ T7645] gre1: entered promiscuous mode
[  232.656491][ T7645] gre1: entered allmulticast mode
[  232.670064][ T7648] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  232.678810][ T7648] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  233.054633][ T7645] xt_CT: You must specify a L4 protocol and not use inversions on it
[  234.182651][    T8] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  234.186730][ T5923] usb 1-1: USB disconnect, device number 18
[  234.256886][ T5135] Bluetooth: hci1: unexpected event for opcode 0x041b
[  234.376886][    T8] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  234.680360][    T8] usb 4-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[  234.702694][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.710785][    T8] usb 4-1: Product: syz
[  234.852681][    T8] usb 4-1: Manufacturer: syz
[  235.602609][    T8] usb 4-1: SerialNumber: syz
[  235.609545][    T8] usb 4-1: config 0 descriptor??
[  235.985667][ T5923] usb 4-1: USB disconnect, device number 11
[  236.399217][ T7693] FAULT_INJECTION: forcing a failure.
[  236.399217][ T7693] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  236.417538][ T7693] CPU: 0 UID: 0 PID: 7693 Comm: syz.2.482 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  236.417563][ T7693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  236.417574][ T7693] Call Trace:
[  236.417580][ T7693]  <TASK>
[  236.417587][ T7693]  dump_stack_lvl+0x241/0x360
[  236.417622][ T7693]  ? __pfx_dump_stack_lvl+0x10/0x10
[  236.417638][ T7693]  ? __pfx__printk+0x10/0x10
[  236.417662][ T7693]  ? __pfx_lock_release+0x10/0x10
[  236.417690][ T7693]  should_fail_ex+0x40a/0x550
[  236.417713][ T7693]  _copy_from_user+0x2d/0xb0
[  236.417730][ T7693]  copy_msghdr_from_user+0xae/0x680
[  236.417749][ T7693]  ? __pfx___might_resched+0x10/0x10
[  236.417770][ T7693]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  236.417794][ T7693]  ? do_recvmmsg+0x44e/0xab0
[  236.417817][ T7693]  ? __might_fault+0xaa/0x120
[  236.417844][ T7693]  do_recvmmsg+0x3bd/0xab0
[  236.417877][ T7693]  ? __pfx_do_recvmmsg+0x10/0x10
[  236.417915][ T7693]  ? ksys_write+0x22a/0x2b0
[  236.417931][ T7693]  ? __pfx_lock_release+0x10/0x10
[  236.417956][ T7693]  ? sb_end_write+0xe9/0x1c0
[  236.417976][ T7693]  ? vfs_write+0x7fa/0xd10
[  236.417994][ T7693]  ? __mutex_unlock_slowpath+0x227/0x800
[  236.418022][ T7693]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  236.418041][ T7693]  ? __fget_files+0x2a/0x410
[  236.418075][ T7693]  __x64_sys_recvmmsg+0x199/0x250
[  236.418101][ T7693]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  236.418124][ T7693]  ? do_syscall_64+0x100/0x230
[  236.418147][ T7693]  ? do_syscall_64+0xb6/0x230
[  236.418168][ T7693]  do_syscall_64+0xf3/0x230
[  236.418187][ T7693]  ? clear_bhb_loop+0x35/0x90
[  236.418211][ T7693]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  236.418231][ T7693] RIP: 0033:0x7f0b5578cd29
[  236.418246][ T7693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  236.418260][ T7693] RSP: 002b:00007f0b56651038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  236.418278][ T7693] RAX: ffffffffffffffda RBX: 00007f0b559a5fa0 RCX: 00007f0b5578cd29
[  236.418290][ T7693] RDX: 000000000000072a RSI: 0000000020000080 RDI: 0000000000000004
[  236.418300][ T7693] RBP: 00007f0b56651090 R08: 0000000000000000 R09: 0000000000000000
[  236.418310][ T7693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  236.418320][ T7693] R13: 0000000000000000 R14: 00007f0b559a5fa0 R15: 00007fff3dcb3f98
[  236.418346][ T7693]  </TASK>
[  240.136310][ T7729] ubi0: attaching mtd0
[  240.153476][ T7729] ubi0: scanning is finished
[  240.158191][ T7729] ubi0: empty MTD device detected
[  240.624349][ T7738] FAULT_INJECTION: forcing a failure.
[  240.624349][ T7738] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  240.644371][ T7738] CPU: 0 UID: 0 PID: 7738 Comm: syz.2.494 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  240.644398][ T7738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  240.644408][ T7738] Call Trace:
[  240.644414][ T7738]  <TASK>
[  240.644421][ T7738]  dump_stack_lvl+0x241/0x360
[  240.644445][ T7738]  ? __pfx_dump_stack_lvl+0x10/0x10
[  240.644462][ T7738]  ? __pfx__printk+0x10/0x10
[  240.644486][ T7738]  ? __pfx_lock_release+0x10/0x10
[  240.644514][ T7738]  should_fail_ex+0x40a/0x550
[  240.644534][ T7738]  _copy_from_user+0x2d/0xb0
[  240.644550][ T7738]  copy_msghdr_from_user+0xae/0x680
[  240.644576][ T7738]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  240.644592][ T7738]  ? __fget_files+0x2a/0x410
[  240.644615][ T7738]  ? __fget_files+0x2a/0x410
[  240.644642][ T7738]  __sys_sendmsg+0x209/0x350
[  240.644669][ T7738]  ? __pfx___sys_sendmsg+0x10/0x10
[  240.644702][ T7738]  ? do_sys_openat2+0x17a/0x1d0
[  240.644746][ T7738]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  240.644768][ T7738]  ? do_syscall_64+0x100/0x230
[  240.644790][ T7738]  ? do_syscall_64+0xb6/0x230
[  240.644811][ T7738]  do_syscall_64+0xf3/0x230
[  240.644830][ T7738]  ? clear_bhb_loop+0x35/0x90
[  240.644852][ T7738]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  240.644872][ T7738] RIP: 0033:0x7f0b5578cd29
[  240.644886][ T7738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  240.644900][ T7738] RSP: 002b:00007f0b56651038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  240.644918][ T7738] RAX: ffffffffffffffda RBX: 00007f0b559a5fa0 RCX: 00007f0b5578cd29
[  240.644930][ T7738] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
[  240.644940][ T7738] RBP: 00007f0b56651090 R08: 0000000000000000 R09: 0000000000000000
[  240.644949][ T7738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  240.644958][ T7738] R13: 0000000000000000 R14: 00007f0b559a5fa0 R15: 00007fff3dcb3f98
[  240.644982][ T7738]  </TASK>
[  240.863849][ T7737] syz.3.495: attempt to access beyond end of device
[  240.863849][ T7737] loop3: rw=0, sector=2, nr_sectors = 2 limit=0
[  240.877744][ T7737] syz.3.495: attempt to access beyond end of device
[  240.877744][ T7737] loop3: rw=0, sector=16, nr_sectors = 2 limit=0
[  240.928779][ T7729] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  240.936633][ T7729] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  240.944312][ T7729] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  240.951283][ T7729] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  240.958750][ T7729] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  240.965594][ T7729] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  240.973625][ T7729] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1536255090
[  240.983955][ T7729] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  241.007872][ T7741] ubi0: background thread "ubi_bgt0d" started, PID 7741
[  241.218112][ T7749] fuse: Unknown parameter 'group_id00000000000000000000'
[  241.227345][   T29] audit: type=1800 audit(1738033996.729:46): pid=7749 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.498" name="file1" dev="tmpfs" ino=552 res=0 errno=0
[  241.343846][ T5900] usb 1-1: new full-speed USB device number 19 using dummy_hcd
[  241.534327][ T5900] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  241.554588][ T5900] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 32512, setting to 64
[  241.629722][ T5900] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  241.643920][ T5900] usb 1-1: config 1 interface 0 altsetting 12 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  241.659007][ T5900] usb 1-1: config 1 interface 0 has no altsetting 1
[  241.672951][ T5900] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  241.684776][ T5900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  241.695423][ T5900] usb 1-1: SerialNumber: syz
[  241.720488][ T5900] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  241.762011][ T5900] usb-storage 1-1:1.0: USB Mass Storage device detected
[  241.791150][ T5900] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  241.921558][ T5900] usb 1-1: USB disconnect, device number 19
[  242.419690][ T7771] FAULT_INJECTION: forcing a failure.
[  242.419690][ T7771] name failslab, interval 1, probability 0, space 0, times 0
[  242.433139][ T7771] CPU: 0 UID: 0 PID: 7771 Comm: syz.2.503 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  242.433160][ T7771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  242.433168][ T7771] Call Trace:
[  242.433173][ T7771]  <TASK>
[  242.433179][ T7771]  dump_stack_lvl+0x241/0x360
[  242.433199][ T7771]  ? __pfx_dump_stack_lvl+0x10/0x10
[  242.433212][ T7771]  ? __pfx__printk+0x10/0x10
[  242.433233][ T7771]  ? ref_tracker_alloc+0x332/0x490
[  242.433251][ T7771]  should_fail_ex+0x40a/0x550
[  242.433268][ T7771]  should_failslab+0xac/0x100
[  242.433284][ T7771]  ? skb_clone+0x20c/0x390
[  242.433295][ T7771]  kmem_cache_alloc_noprof+0x70/0x380
[  242.433315][ T7771]  skb_clone+0x20c/0x390
[  242.433330][ T7771]  __netlink_deliver_tap+0x3cc/0x7f0
[  242.433355][ T7771]  ? netlink_deliver_tap+0x2e/0x1b0
[  242.433371][ T7771]  netlink_deliver_tap+0x19d/0x1b0
[  242.433388][ T7771]  __netlink_sendskb+0x60/0xd0
[  242.433405][ T7771]  netlink_dump+0x9f0/0xe10
[  242.433429][ T7771]  ? __pfx_netlink_dump+0x10/0x10
[  242.433465][ T7771]  __netlink_dump_start+0x5a2/0x790
[  242.433488][ T7771]  netlink_diag_handler_dump+0x1a4/0x240
[  242.433503][ T7771]  ? irqentry_exit+0x63/0x90
[  242.433517][ T7771]  ? lockdep_hardirqs_on+0x99/0x150
[  242.433531][ T7771]  ? __pfx_netlink_diag_handler_dump+0x10/0x10
[  242.433546][ T7771]  ? __pfx_netlink_diag_dump+0x10/0x10
[  242.433559][ T7771]  ? __pfx_netlink_diag_dump_done+0x10/0x10
[  242.433574][ T7771]  ? __pfx_netlink_diag_handler_dump+0x10/0x10
[  242.433589][ T7771]  ? sock_diag_rcv_msg+0x488/0x5f0
[  242.433608][ T7771]  ? __pfx_netlink_diag_handler_dump+0x10/0x10
[  242.433624][ T7771]  sock_diag_rcv_msg+0x3dc/0x5f0
[  242.433645][ T7771]  netlink_rcv_skb+0x1e3/0x430
[  242.433662][ T7771]  ? __pfx_sock_diag_rcv_msg+0x10/0x10
[  242.433681][ T7771]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  242.433714][ T7771]  ? __rcu_read_unlock+0xa1/0x110
[  242.433732][ T7771]  netlink_unicast+0x7f6/0x990
[  242.433753][ T7771]  ? __pfx_netlink_unicast+0x10/0x10
[  242.433774][ T7771]  ? __virt_addr_valid+0x45f/0x530
[  242.433792][ T7771]  ? __phys_addr_symbol+0x2f/0x70
[  242.433807][ T7771]  ? __check_object_size+0x47a/0x730
[  242.433826][ T7771]  netlink_sendmsg+0x8e4/0xcb0
[  242.433851][ T7771]  ? __pfx_netlink_sendmsg+0x10/0x10
[  242.433877][ T7771]  ? __pfx_netlink_sendmsg+0x10/0x10
[  242.433893][ T7771]  __sock_sendmsg+0x221/0x270
[  242.433909][ T7771]  sock_write_iter+0x2d7/0x3f0
[  242.433924][ T7771]  ? __pfx_sock_write_iter+0x10/0x10
[  242.433943][ T7771]  ? __pfx_lock_acquire+0x10/0x10
[  242.433966][ T7771]  do_iter_readv_writev+0x71a/0x9d0
[  242.433984][ T7771]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  242.434004][ T7771]  ? rw_verify_area+0x239/0x630
[  242.434025][ T7771]  vfs_writev+0x38b/0xbc0
[  242.434051][ T7771]  ? __pfx_vfs_writev+0x10/0x10
[  242.434077][ T7771]  ? __fget_files+0x2a/0x410
[  242.434093][ T7771]  ? __fget_files+0x395/0x410
[  242.434107][ T7771]  ? __fget_files+0x2a/0x410
[  242.434129][ T7771]  do_writev+0x1b6/0x360
[  242.434142][ T7771]  ? irqentry_exit+0x63/0x90
[  242.434155][ T7771]  ? lockdep_hardirqs_on+0x99/0x150
[  242.434172][ T7771]  ? __pfx_do_writev+0x10/0x10
[  242.434195][ T7771]  do_syscall_64+0xf3/0x230
[  242.434210][ T7771]  ? clear_bhb_loop+0x35/0x90
[  242.434228][ T7771]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  242.434243][ T7771] RIP: 0033:0x7f0b5578cd29
[  242.434255][ T7771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  242.434266][ T7771] RSP: 002b:00007f0b5660f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  242.434280][ T7771] RAX: ffffffffffffffda RBX: 00007f0b559a6160 RCX: 00007f0b5578cd29
[  242.434289][ T7771] RDX: 0000000000000001 RSI: 0000000020000100 RDI: 0000000000000005
[  242.434297][ T7771] RBP: 00007f0b5660f090 R08: 0000000000000000 R09: 0000000000000000
[  242.434305][ T7771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  242.434312][ T7771] R13: 0000000000000000 R14: 00007f0b559a6160 R15: 00007fff3dcb3f98
[  242.434333][ T7771]  </TASK>
[  243.766951][ T7781] netlink: 8 bytes leftover after parsing attributes in process `syz.2.508'.
[  244.760216][ T7790] FAULT_INJECTION: forcing a failure.
[  244.760216][ T7790] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  244.783122][ T7790] CPU: 0 UID: 0 PID: 7790 Comm: syz.1.510 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  244.783147][ T7790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  244.783157][ T7790] Call Trace:
[  244.783163][ T7790]  <TASK>
[  244.783170][ T7790]  dump_stack_lvl+0x241/0x360
[  244.783196][ T7790]  ? __pfx_dump_stack_lvl+0x10/0x10
[  244.783211][ T7790]  ? __pfx__printk+0x10/0x10
[  244.783235][ T7790]  ? __pfx_lock_release+0x10/0x10
[  244.783260][ T7790]  should_fail_ex+0x40a/0x550
[  244.783284][ T7790]  _copy_from_user+0x2d/0xb0
[  244.783301][ T7790]  copy_msghdr_from_user+0xae/0x680
[  244.783325][ T7790]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  244.783342][ T7790]  ? __fget_files+0x2a/0x410
[  244.783364][ T7790]  ? __fget_files+0x2a/0x410
[  244.783392][ T7790]  __sys_sendmsg+0x209/0x350
[  244.783418][ T7790]  ? __pfx___sys_sendmsg+0x10/0x10
[  244.783452][ T7790]  ? do_sys_openat2+0x17a/0x1d0
[  244.783496][ T7790]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  244.783517][ T7790]  ? do_syscall_64+0x100/0x230
[  244.783539][ T7790]  ? do_syscall_64+0xb6/0x230
[  244.783559][ T7790]  do_syscall_64+0xf3/0x230
[  244.783577][ T7790]  ? clear_bhb_loop+0x35/0x90
[  244.783601][ T7790]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.783621][ T7790] RIP: 0033:0x7f9bb2b8cd29
[  244.783635][ T7790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  244.783649][ T7790] RSP: 002b:00007f9bb39c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  244.783666][ T7790] RAX: ffffffffffffffda RBX: 00007f9bb2da5fa0 RCX: 00007f9bb2b8cd29
[  244.783678][ T7790] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004
[  244.783689][ T7790] RBP: 00007f9bb39c7090 R08: 0000000000000000 R09: 0000000000000000
[  244.783699][ T7790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  244.783708][ T7790] R13: 0000000000000000 R14: 00007f9bb2da5fa0 R15: 00007ffdcf7dd008
[  244.783734][ T7790]  </TASK>
[  244.988702][    C0] vkms_vblank_simulate: vblank timer overrun
[  245.415906][ T6282] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  245.836746][ T7803] sctp: [Deprecated]: syz.1.515 (pid 7803) Use of int in maxseg socket option.
[  245.836746][ T7803] Use struct sctp_assoc_value instead
[  245.852929][ T6282] usb 1-1: Using ep0 maxpacket: 8
[  245.859351][ T6282] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  245.872697][ T6282] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  245.904066][ T7802] syz.3.516 uses obsolete (PF_INET,SOCK_PACKET)
[  245.924031][ T6282] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  245.972413][ T6282] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  246.000045][ T6282] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  246.043034][ T6282] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  246.052126][ T6282] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.252777][ T5923] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  246.269585][ T7812] netlink: 'syz.3.519': attribute type 3 has an invalid length.
[  246.296738][ T6282] usb 1-1: usb_control_msg returned -32
[  246.303907][ T7812] netlink: 'syz.3.519': attribute type 1 has an invalid length.
[  246.311704][ T6282] usbtmc 1-1:16.0: can't read capabilities
[  246.329589][ T7812] netlink: 220 bytes leftover after parsing attributes in process `syz.3.519'.
[  246.361380][ T6282] usb 1-1: USB disconnect, device number 20
[  246.424285][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  246.495627][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  246.557499][ T5923] usb 3-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00
[  246.652095][ T5923] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.796575][ T5923] usb 3-1: config 0 descriptor??
[  247.025272][ T5900] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  247.047368][ T7830] netlink: 12 bytes leftover after parsing attributes in process `syz.1.524'.
[  247.193521][ T5900] usb 4-1: Using ep0 maxpacket: 32
[  247.200431][ T5900] usb 4-1: config 0 has an invalid interface number: 247 but max is 0
[  247.209269][ T5900] usb 4-1: config 0 has no interface number 0
[  247.224258][ T5900] usb 4-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[  247.231261][ T5923] wacom 0003:056A:00F8.0003: hidraw0: USB HID v0.00 Device [HID 056a:00f8] on usb-dummy_hcd.2-1/input0
[  247.242842][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0
[  247.259161][ T5900] usb 4-1: Product: syz
[  247.271459][ T5900] usb 4-1: Manufacturer: syz
[  247.290687][ T5900] usb 4-1: config 0 descriptor??
[  247.469215][ T5900] usb 3-1: USB disconnect, device number 18
[  247.926534][ T7821] netlink: 60 bytes leftover after parsing attributes in process `syz.3.521'.
[  248.314422][ T7846] netlink: 'syz.0.531': attribute type 21 has an invalid length.
[  248.322393][ T7846] netlink: 'syz.0.531': attribute type 20 has an invalid length.
[  248.371524][ T7846] IPv6: NLM_F_CREATE should be specified when creating new route
[  250.333181][ T7869] openvswitch: netlink: Port -1 exceeds max allowable 65535
[  250.362923][   T46] usb 4-1: USB disconnect, device number 12
[  250.650007][   T29] audit: type=1804 audit(1738034006.149:47): pid=7874 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.2.535" name="/newroot/88/file1" dev="fuse" ino=1 res=1 errno=0
[  251.362049][   T29] audit: type=1800 audit(1738034006.149:48): pid=7874 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.535" name="/" dev="fuse" ino=1 res=0 errno=0
[  251.362092][   T29] audit: type=1804 audit(1738034006.159:49): pid=7874 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.2.535" name="/newroot/88/file1" dev="fuse" ino=1 res=1 errno=0
[  251.362122][   T29] audit: type=1804 audit(1738034006.159:50): pid=7874 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.2.535" name="/newroot/88/file1" dev="fuse" ino=1 res=1 errno=0
[  251.362147][   T29] audit: type=1800 audit(1738034006.159:51): pid=7874 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.535" name="/" dev="fuse" ino=1 res=0 errno=0
[  251.602179][ T7888] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  251.602210][ T7888] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  251.602293][ T7888] vhci_hcd vhci_hcd.0: Device attached
[  251.604588][ T5135] Bluetooth: hci0: ISO packet for unknown connection handle 1024
[  251.792738][ T6282] vhci_hcd: vhci_device speed not set
[  251.852715][ T6282] usb 33-1: new full-speed USB device number 2 using vhci_hcd
[  251.903965][ T7889] vhci_hcd: connection closed
[  251.904302][ T6046] vhci_hcd: stop threads
[  251.904322][ T6046] vhci_hcd: release socket
[  251.904367][ T6046] vhci_hcd: disconnect device
[  251.953362][ T6282] usb 33-1: enqueue for inactive port 0
[  252.022969][ T6282] vhci_hcd: vhci_device speed not set
[  252.232976][ T7894] fuse: Bad value for 'user_id'
[  252.237921][ T7894] fuse: Bad value for 'user_id'
[  252.272073][   T29] audit: type=1800 audit(1738034007.769:52): pid=7894 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.543" name="file1" dev="tmpfs" ino=488 res=0 errno=0
[  253.334692][ T7901] overlayfs: failed to resolve './file1': -2
[  255.998645][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  256.007807][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  258.953879][ T7959] netlink: 44 bytes leftover after parsing attributes in process `syz.1.560'.
[  258.972718][ T5135] Bluetooth: hci2: unexpected event for opcode 0x041b
[  260.313487][ T7952] overlayfs: failed to resolve './file1': -2
[  260.703120][ T5870] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  260.872950][ T5870] usb 2-1: Using ep0 maxpacket: 32
[  260.886688][ T5870] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  260.906444][ T5870] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  260.937130][ T5870] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  260.970732][ T5870] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 2763, setting to 1024
[  261.708518][ T5870] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[  261.720907][ T5870] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  261.720938][ T5870] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  261.720961][ T5870] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  261.720998][ T5870] usb 2-1: New USB device found, idVendor=03f0, idProduct=0004, bcdDevice= 0.40
[  261.721020][ T5870] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  261.723873][ T5870] usb 2-1: config 0 descriptor??
[  261.726330][ T7974] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  261.807791][ T5870] usblp0: Disabling reads from problematic bidirectional printer
[  261.990977][ T7991] netlink: 12 bytes leftover after parsing attributes in process `syz.0.572'.
[  262.041335][ T5870] usblp 2-1:0.0: usblp0: USB Unidirectional printer dev 12 if 0 alt 0 proto 3 vid 0x03F0 pid 0x0004
[  262.066590][ T5870] usb 2-1: USB disconnect, device number 12
[  262.109168][ T5870] usblp0: removed
[  263.660962][ T8008] vlan2: entered promiscuous mode
[  263.666194][ T8008] vlan2: entered allmulticast mode
[  263.674497][ T8008] xfrm0: entered allmulticast mode
[  263.680017][ T8008] xfrm0: entered promiscuous mode
[  263.704397][ T8008] team0: Port device vlan2 added
[  264.322036][ T8009] netlink: 44 bytes leftover after parsing attributes in process `syz.0.576'.
[  264.424139][ T5135] Bluetooth: hci0: unexpected event for opcode 0x041b
[  267.487564][ T5135] Bluetooth: hci2: unexpected event for opcode 0x041b
[  267.966072][ T8035] netlink: 52 bytes leftover after parsing attributes in process `syz.0.584'.
[  268.223039][ T5870] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  268.433038][   T25] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  268.485705][ T5870] usb 1-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.05
[  268.512696][ T5870] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  268.520736][ T5870] usb 1-1: Product: syz
[  268.569652][ T5870] usb 1-1: Manufacturer: syz
[  268.582697][ T5870] usb 1-1: SerialNumber: syz
[  268.604598][ T5870] usb 1-1: config 0 descriptor??
[  268.628482][ T5870] go7007 1-1:0.0: probe with driver go7007 failed with error -12
[  268.633091][   T25] usb 3-1: Using ep0 maxpacket: 32
[  268.693259][   T25] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[  268.722932][   T25] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  268.745630][   T25] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[  268.762639][   T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 2763, setting to 1024
[  268.827876][   T25] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[  268.831070][ T8035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  269.062877][ T8035] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  269.093137][   T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  269.166923][   T25] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  269.178574][ T8035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  269.206565][   T25] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  269.206782][ T8035] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  269.280608][   T25] usb 3-1: New USB device found, idVendor=03f0, idProduct=0004, bcdDevice= 0.40
[  269.326369][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.369734][ T5870] usb 1-1: USB disconnect, device number 21
[  269.387291][   T25] usb 3-1: config 0 descriptor??
[  269.461008][ T8042] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  269.480320][   T25] usblp0: Disabling reads from problematic bidirectional printer
[  269.705660][ T8047] overlayfs: failed to resolve './file1': -2
[  269.724382][   T25] usblp 3-1:0.0: usblp0: USB Unidirectional printer dev 19 if 0 alt 0 proto 3 vid 0x03F0 pid 0x0004
[  270.664092][   T25] usb 3-1: USB disconnect, device number 19
[  270.690653][   T25] usblp0: removed
[  276.472934][ T5923] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  277.135401][ T5923] usb 1-1: Using ep0 maxpacket: 32
[  277.147583][ T5923] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  277.182914][ T5923] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  277.191564][ T5923] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  277.227479][ T5923] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 2763, setting to 1024
[  277.255798][ T5923] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[  277.293071][ T5923] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  277.326780][ T5923] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  277.632307][ T5923] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  277.757008][ T8123] kvm: user requested TSC rate below hardware speed
[  277.804089][ T5135] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  278.250035][ T5923] usb 1-1: New USB device found, idVendor=03f0, idProduct=0004, bcdDevice= 0.40
[  278.260068][ T5923] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.294860][ T5923] usb 1-1: config 0 descriptor??
[  278.322367][ T8108] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  278.338750][ T5923] usblp0: Disabling reads from problematic bidirectional printer
[  278.672727][ T5900] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  278.735513][ T5923] usblp 1-1:0.0: usblp0: USB Unidirectional printer dev 22 if 0 alt 0 proto 3 vid 0x03F0 pid 0x0004
[  278.755280][ T5923] usb 1-1: USB disconnect, device number 22
[  279.588185][ T5923] usblp0: removed
[  279.673594][ T5900] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  280.074277][ T5900] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  280.090283][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  280.119550][ T5900] usb 4-1: Product: syz
[  280.129864][ T5900] usb 4-1: Manufacturer: syz
[  280.142593][ T5900] usb 4-1: SerialNumber: syz
[  280.498589][ T5923] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  280.884368][ T5923] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  280.926936][ T5923] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  280.960770][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  280.979241][ T5923] usb 5-1: Product: syz
[  280.990121][ T5923] usb 5-1: Manufacturer: syz
[  281.002740][ T5923] usb 5-1: SerialNumber: syz
[  281.347900][ T5900] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[  281.384906][ T5900] cdc_ncm 4-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  281.451577][ T5900] cdc_ncm 4-1:1.0: setting rx_max = 2048
[  281.583403][ T5900] cdc_ncm 4-1:1.0: setting tx_max = 88
[  281.735031][ T5900] cdc_ncm 4-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  281.944379][ T5135] Bluetooth: hci1: unexpected event for opcode 0x041b
[  282.383219][ T5923] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42
[  282.422038][ T5923] cdc_ncm 5-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  282.462860][ T5923] cdc_ncm 5-1:1.0: setting rx_max = 2048
[  282.593705][ T5923] cdc_ncm 5-1:1.0: setting tx_max = 88
[  282.643738][ T5923] cdc_ncm 5-1:1.0 eth2: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  283.470620][ T5900] usb 4-1: USB disconnect, device number 13
[  283.545490][ T5900] cdc_ncm 4-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP)
[  283.776731][ T8139] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  283.865797][ T8139] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  284.967587][ T5923] usb 5-1: USB disconnect, device number 12
[  284.991124][ T5923] cdc_ncm 5-1:1.0 eth2: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM (NO ZLP)
[  287.974152][ T8256] overlayfs: failed to resolve './file0': -2
[  288.353684][ T8264] binder: 8261:8264 ioctl c0306201 0 returned -14
[  289.679529][ T8273] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  290.402647][    T9] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  290.572605][    T9] usb 4-1: Using ep0 maxpacket: 16
[  290.584048][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  290.632688][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  290.639367][    T9] usb 4-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00
[  290.679790][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.714643][    T9] usb 4-1: config 0 descriptor??
[  291.150348][ T8283] kvm: user requested TSC rate below hardware speed
[  291.179835][    T9] usb 4-1: string descriptor 0 read error: -71
[  291.224675][ T5135] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  291.417021][    T9] usb 4-1: USB disconnect, device number 14
[  291.702699][   T25] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  291.898939][   T25] usb 3-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1
[  291.922732][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  291.952866][   T25] usb 3-1: Product: syz
[  291.957091][   T25] usb 3-1: Manufacturer: syz
[  291.982075][   T25] usb 3-1: SerialNumber: syz
[  292.130886][   T25] usb 3-1: config 0 descriptor??
[  292.422912][    T9] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  292.849567][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  292.886135][ T8297] overlayfs: failed to resolve './file1': -2
[  292.987357][    T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  293.019560][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  293.056910][    T9] usb 1-1: Product: syz
[  293.061216][    T9] usb 1-1: Manufacturer: syz
[  293.283777][    T9] usb 1-1: SerialNumber: syz
[  293.872736][ T8304] netlink: 8 bytes leftover after parsing attributes in process `syz.4.653'.
[  294.963568][   T25] int51x1 3-1:0.0: probe with driver int51x1 failed with error -71
[  295.085007][   T25] usb 3-1: USB disconnect, device number 20
[  295.095594][    T9] usb 1-1: can't set config #1, error -71
[  295.099034][ T8312] binder: 8307:8312 ioctl c0306201 0 returned -14
[  295.114672][    T9] usb 1-1: USB disconnect, device number 23
[  295.742773][ T8319] netlink: 12 bytes leftover after parsing attributes in process `syz.0.658'.
[  296.008668][ T8311] overlayfs: failed to resolve './file1': -2
[  296.631750][ T8332] kvm: user requested TSC rate below hardware speed
[  296.722853][ T5135] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  297.908898][ T8341] overlayfs: failed to resolve './file1': -2
[  298.792685][    T9] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  299.072684][    T9] usb 5-1: Using ep0 maxpacket: 32
[  299.084313][    T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  299.096409][    T9] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  299.108189][    T9] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  300.073141][    T9] usb 5-1: Product: syz
[  300.077349][    T9] usb 5-1: Manufacturer: syz
[  300.081950][    T9] usb 5-1: SerialNumber: syz
[  300.111242][    T9] usb 5-1: config 0 descriptor??
[  300.123504][ T8347] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  300.286702][ T8360] binder: 8359:8360 ioctl c0306201 0 returned -14
[  300.415227][ T8347] netlink: 1 bytes leftover after parsing attributes in process `syz.4.665'.
[  300.424231][ T8347] openvswitch: netlink: Actions may not be safe on all matching packets
[  300.548554][ T8347] netlink: 4 bytes leftover after parsing attributes in process `syz.4.665'.
[  300.710706][   T25] usb 5-1: USB disconnect, device number 13
[  301.322945][ T8369] netlink: 12 bytes leftover after parsing attributes in process `syz.1.672'.
[  301.521200][ T8364] overlayfs: failed to resolve './file1': -2
[  302.819366][   T29] audit: type=1804 audit(1738034058.289:53): pid=8387 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.678" name="/newroot/162/file1" dev="fuse" ino=1 res=1 errno=0
[  303.148511][   T29] audit: type=1800 audit(1738034058.299:54): pid=8387 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.678" name="/" dev="fuse" ino=1 res=0 errno=0
[  303.335561][   T29] audit: type=1804 audit(1738034058.299:55): pid=8387 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.678" name="/newroot/162/file1" dev="fuse" ino=1 res=1 errno=0
[  303.362681][   T29] audit: type=1804 audit(1738034058.299:56): pid=8387 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.678" name="/newroot/162/file1" dev="fuse" ino=1 res=1 errno=0
[  303.402635][   T29] audit: type=1800 audit(1738034058.299:57): pid=8387 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.678" name="/" dev="fuse" ino=1 res=0 errno=0
[  303.648325][ T8392] netlink: 52 bytes leftover after parsing attributes in process `syz.0.682'.
[  304.077713][    T9] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  304.464740][    T9] usb 1-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.05
[  304.492568][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  304.520991][    T9] usb 1-1: Product: syz
[  304.531150][    T9] usb 1-1: Manufacturer: syz
[  304.535827][ T8406] sctp: [Deprecated]: syz.2.684 (pid 8406) Use of int in maxseg socket option.
[  304.535827][ T8406] Use struct sctp_assoc_value instead
[  304.576376][    T9] usb 1-1: SerialNumber: syz
[  304.604797][    T9] usb 1-1: config 0 descriptor??
[  304.621570][    T9] go7007 1-1:0.0: probe with driver go7007 failed with error -12
[  304.841356][ T8392] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  304.868544][ T8392] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  304.893753][ T8413] sctp: [Deprecated]: syz.3.685 (pid 8413) Use of int in maxseg socket option.
[  304.893753][ T8413] Use struct sctp_assoc_value instead
[  304.922755][ T8392] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  304.957362][ T8392] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  305.000582][    T9] usb 1-1: USB disconnect, device number 24
[  305.249557][ T8419] netlink: 12 bytes leftover after parsing attributes in process `syz.4.687'.
[  305.550877][ T5135] Bluetooth: hci2: unexpected event for opcode 0x041b
[  307.565981][ T8448] netlink: 8 bytes leftover after parsing attributes in process `syz.1.695'.
[  307.604596][ T8437] sctp: failed to load transform for md5: -2
[  307.970328][ T5135] Bluetooth: hci4: unexpected event for opcode 0x041b
[  308.491454][ T8469] sctp: [Deprecated]: syz.0.699 (pid 8469) Use of int in maxseg socket option.
[  308.491454][ T8469] Use struct sctp_assoc_value instead
[  309.330534][ T8477] netlink: 52 bytes leftover after parsing attributes in process `syz.3.701'.
[  309.732829][ T5900] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  309.961555][ T5900] usb 4-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.05
[  309.999902][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.009227][ T5900] usb 4-1: Product: syz
[  310.042663][ T5900] usb 4-1: Manufacturer: syz
[  310.042685][ T5900] usb 4-1: SerialNumber: syz
[  310.050403][ T5900] usb 4-1: config 0 descriptor??
[  310.055781][ T5900] go7007 4-1:0.0: probe with driver go7007 failed with error -12
[  310.199789][ T8492] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8)
[  310.199816][ T8492] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  310.199895][ T8492] vhci_hcd vhci_hcd.0: Device attached
[  310.257252][ T8477] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  310.257477][ T8477] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  310.258441][ T8477] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  310.258640][ T8477] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  310.260167][    T9] usb 4-1: USB disconnect, device number 15
[  310.358365][ T5135] Bluetooth: hci3: ISO packet for unknown connection handle 1024
[  310.384768][   T25] vhci_hcd: vhci_device speed not set
[  310.442859][   T25] usb 41-1: new full-speed USB device number 3 using vhci_hcd
[  311.267431][ T8494] vhci_hcd: connection reset by peer
[  311.274215][ T3926] vhci_hcd: stop threads
[  311.560877][ T3926] vhci_hcd: release socket
[  311.732701][ T3926] vhci_hcd: disconnect device
[  312.165299][ T5135] Bluetooth: hci0: unexpected event for opcode 0x041b
[  312.865473][ T8528] sctp: [Deprecated]: syz.3.714 (pid 8528) Use of int in maxseg socket option.
[  312.865473][ T8528] Use struct sctp_assoc_value instead
[  313.173482][ T8534] overlayfs: failed to resolve './file1': -2
[  313.418561][ T8538] FAULT_INJECTION: forcing a failure.
[  313.418561][ T8538] name failslab, interval 1, probability 0, space 0, times 0
[  313.432671][    T8] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  313.492806][ T8538] CPU: 0 UID: 0 PID: 8538 Comm: syz.2.718 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  313.492832][ T8538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  313.492842][ T8538] Call Trace:
[  313.492848][ T8538]  <TASK>
[  313.492856][ T8538]  dump_stack_lvl+0x241/0x360
[  313.492881][ T8538]  ? __pfx_dump_stack_lvl+0x10/0x10
[  313.492897][ T8538]  ? __pfx__printk+0x10/0x10
[  313.492920][ T8538]  ? kmem_cache_alloc_noprof+0x48/0x380
[  313.492941][ T8538]  ? __pfx___might_resched+0x10/0x10
[  313.492964][ T8538]  should_fail_ex+0x40a/0x550
[  313.492986][ T8538]  should_failslab+0xac/0x100
[  313.493006][ T8538]  ? alloc_empty_file+0x9e/0x1d0
[  313.493025][ T8538]  kmem_cache_alloc_noprof+0x70/0x380
[  313.493048][ T8538]  alloc_empty_file+0x9e/0x1d0
[  313.493069][ T8538]  alloc_file_pseudo+0x1da/0x290
[  313.493092][ T8538]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  313.493114][ T8538]  ? security_inode_alloc+0xd2/0x310
[  313.493141][ T8538]  sock_alloc_file+0xb8/0x280
[  313.493162][ T8538]  do_accept+0x36f/0x6d0
[  313.493186][ T8538]  ? __pfx_do_accept+0x10/0x10
[  313.493224][ T8538]  __sys_accept4+0x11f/0x1d0
[  313.493245][ T8538]  ? __pfx___sys_accept4+0x10/0x10
[  313.493264][ T8538]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  313.493284][ T8538]  ? do_syscall_64+0x100/0x230
[  313.493307][ T8538]  __x64_sys_accept4+0x9a/0xb0
[  313.493329][ T8538]  do_syscall_64+0xf3/0x230
[  313.493347][ T8538]  ? clear_bhb_loop+0x35/0x90
[  313.493370][ T8538]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.493390][ T8538] RIP: 0033:0x7f0b5578cd29
[  313.493405][ T8538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  313.493418][ T8538] RSP: 002b:00007f0b56651038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  313.493435][ T8538] RAX: ffffffffffffffda RBX: 00007f0b559a5fa0 RCX: 00007f0b5578cd29
[  313.493447][ T8538] RDX: 0000000020000000 RSI: 0000000020002300 RDI: 0000000000000003
[  313.493458][ T8538] RBP: 00007f0b56651090 R08: 0000000000000000 R09: 0000000000000000
[  313.493468][ T8538] R10: 0000000000080000 R11: 0000000000000246 R12: 0000000000000001
[  313.493478][ T8538] R13: 0000000000000000 R14: 00007f0b559a5fa0 R15: 00007fff3dcb3f98
[  313.493503][ T8538]  </TASK>
[  313.974724][    T8] usb 2-1: Using ep0 maxpacket: 32
[  313.996730][    T8] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  314.006144][    T8] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  314.851974][    T8] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  314.872878][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 2763, setting to 1024
[  314.902697][    T8] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[  314.922663][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  314.932450][    T8] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  314.956240][    T8] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  314.992971][    T8] usb 2-1: New USB device found, idVendor=03f0, idProduct=0004, bcdDevice= 0.40
[  315.002058][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.091187][    T8] usb 2-1: config 0 descriptor??
[  315.110927][ T8529] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  315.126949][    T8] usblp0: Disabling reads from problematic bidirectional printer
[  315.915713][   T25] vhci_hcd: vhci_device speed not set
[  315.930064][    T8] usblp 2-1:0.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 0 proto 3 vid 0x03F0 pid 0x0004
[  316.743914][    T8] usb 2-1: USB disconnect, device number 13
[  316.760733][    T8] usblp0: removed
[  317.265199][   T29] audit: type=1804 audit(1738034072.679:58): pid=8568 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.2.724" name="/newroot/122/file1" dev="fuse" ino=1 res=1 errno=0
[  317.373045][   T29] audit: type=1800 audit(1738034072.679:59): pid=8568 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.724" name="/" dev="fuse" ino=1 res=0 errno=0
[  317.392178][   T29] audit: type=1804 audit(1738034072.679:60): pid=8568 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.2.724" name="/newroot/122/file1" dev="fuse" ino=1 res=1 errno=0
[  317.417023][   T29] audit: type=1804 audit(1738034072.679:61): pid=8568 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.2.724" name="/newroot/122/file1" dev="fuse" ino=1 res=1 errno=0
[  317.440967][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  317.457872][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  317.474439][   T29] audit: type=1800 audit(1738034072.679:62): pid=8568 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.724" name="/" dev="fuse" ino=1 res=0 errno=0
[  317.790106][ T8575] ubi0: detaching mtd0
[  317.871898][ T5135] Bluetooth: hci0: unexpected event for opcode 0x041b
[  318.370643][ T8575] ubi0: mtd0 is detached
[  318.999177][ T8587] FAULT_INJECTION: forcing a failure.
[  318.999177][ T8587] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  319.232879][ T8587] CPU: 0 UID: 0 PID: 8587 Comm: syz.0.733 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  319.232906][ T8587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  319.232917][ T8587] Call Trace:
[  319.232924][ T8587]  <TASK>
[  319.232931][ T8587]  dump_stack_lvl+0x241/0x360
[  319.232956][ T8587]  ? __pfx_dump_stack_lvl+0x10/0x10
[  319.232972][ T8587]  ? __pfx__printk+0x10/0x10
[  319.232997][ T8587]  ? __pfx_lock_release+0x10/0x10
[  319.233026][ T8587]  should_fail_ex+0x40a/0x550
[  319.233050][ T8587]  _copy_from_user+0x2d/0xb0
[  319.233067][ T8587]  copy_msghdr_from_user+0xae/0x680
[  319.233093][ T8587]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  319.233109][ T8587]  ? __fget_files+0x2a/0x410
[  319.233133][ T8587]  ? __fget_files+0x2a/0x410
[  319.233160][ T8587]  __sys_sendmsg+0x209/0x350
[  319.233188][ T8587]  ? __pfx___sys_sendmsg+0x10/0x10
[  319.233229][ T8587]  ? do_sys_openat2+0x17a/0x1d0
[  319.233274][ T8587]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  319.233296][ T8587]  ? do_syscall_64+0x100/0x230
[  319.233320][ T8587]  ? do_syscall_64+0xb6/0x230
[  319.233341][ T8587]  do_syscall_64+0xf3/0x230
[  319.233361][ T8587]  ? clear_bhb_loop+0x35/0x90
[  319.233387][ T8587]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  319.233407][ T8587] RIP: 0033:0x7fb50298cd29
[  319.233422][ T8587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  319.233436][ T8587] RSP: 002b:00007fb503884038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  319.233454][ T8587] RAX: ffffffffffffffda RBX: 00007fb502ba5fa0 RCX: 00007fb50298cd29
[  319.233466][ T8587] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000004
[  319.233476][ T8587] RBP: 00007fb503884090 R08: 0000000000000000 R09: 0000000000000000
[  319.233486][ T8587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  319.233496][ T8587] R13: 0000000000000000 R14: 00007fb502ba5fa0 R15: 00007ffff84916a8
[  319.233522][ T8587]  </TASK>
[  319.438580][    C0] vkms_vblank_simulate: vblank timer overrun
[  320.508398][ T8605] sctp: [Deprecated]: syz.0.736 (pid 8605) Use of int in maxseg socket option.
[  320.508398][ T8605] Use struct sctp_assoc_value instead
[  320.969569][ T8611] overlayfs: failed to resolve './file1': -2
[  321.128940][ T8593] overlayfs: failed to resolve './file1': -2
[  321.513337][ T8620] FAULT_INJECTION: forcing a failure.
[  321.513337][ T8620] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  321.572629][ T8620] CPU: 0 UID: 0 PID: 8620 Comm: syz.2.741 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  321.572656][ T8620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  321.572665][ T8620] Call Trace:
[  321.572671][ T8620]  <TASK>
[  321.572678][ T8620]  dump_stack_lvl+0x241/0x360
[  321.572702][ T8620]  ? __pfx_dump_stack_lvl+0x10/0x10
[  321.572718][ T8620]  ? __pfx__printk+0x10/0x10
[  321.572744][ T8620]  ? snprintf+0xda/0x120
[  321.572762][ T8620]  should_fail_ex+0x40a/0x550
[  321.572784][ T8620]  _copy_to_user+0x31/0xb0
[  321.572802][ T8620]  simple_read_from_buffer+0xca/0x150
[  321.572825][ T8620]  proc_fail_nth_read+0x1e9/0x250
[  321.572846][ T8620]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  321.572868][ T8620]  ? rw_verify_area+0x243/0x630
[  321.572888][ T8620]  ? __asan_memset+0x23/0x50
[  321.572910][ T8620]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  321.572937][ T8620]  vfs_read+0x1f8/0xb40
[  321.572968][ T8620]  ? __pfx_vfs_read+0x10/0x10
[  321.572990][ T8620]  ? __asan_memset+0x23/0x50
[  321.573011][ T8620]  ? smack_file_ioctl+0x29e/0x3a0
[  321.573033][ T8620]  ? sock_ioctl+0x17c/0x8e0
[  321.573059][ T8620]  ksys_read+0x18f/0x2b0
[  321.573076][ T8620]  ? __pfx_ksys_read+0x10/0x10
[  321.573093][ T8620]  ? do_syscall_64+0x100/0x230
[  321.573116][ T8620]  ? do_syscall_64+0xb6/0x230
[  321.573137][ T8620]  do_syscall_64+0xf3/0x230
[  321.573157][ T8620]  ? clear_bhb_loop+0x35/0x90
[  321.573180][ T8620]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.573200][ T8620] RIP: 0033:0x7f0b5578b73c
[  321.573214][ T8620] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  321.573228][ T8620] RSP: 002b:00007f0b56651030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  321.573247][ T8620] RAX: ffffffffffffffda RBX: 00007f0b559a5fa0 RCX: 00007f0b5578b73c
[  321.573259][ T8620] RDX: 000000000000000f RSI: 00007f0b566510a0 RDI: 0000000000000004
[  321.573269][ T8620] RBP: 00007f0b56651090 R08: 0000000000000000 R09: 0000000000000000
[  321.573279][ T8620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  321.573289][ T8620] R13: 0000000000000000 R14: 00007f0b559a5fa0 R15: 00007fff3dcb3f98
[  321.573314][ T8620]  </TASK>
[  321.799255][    C0] vkms_vblank_simulate: vblank timer overrun
[  322.557561][ T8631] netlink: 128 bytes leftover after parsing attributes in process `syz.1.745'.
[  323.818371][ T8642] netlink: 12 bytes leftover after parsing attributes in process `syz.2.748'.
[  324.518485][ T8644] overlayfs: failed to resolve './file1': -2
[  325.377467][ T5135] Bluetooth: hci4: unexpected event for opcode 0x041b
[  325.646870][ T8665] netlink: 44 bytes leftover after parsing attributes in process `syz.3.752'.
[  328.578506][ T8715] mkiss: ax0: crc mode is auto.
[  328.664070][ T8715] netlink: 'syz.1.765': attribute type 8 has an invalid length.
[  329.602821][  T975] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  329.842846][  T975] usb 2-1: Using ep0 maxpacket: 32
[  329.860796][  T975] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  329.892680][  T975] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  329.910469][  T975] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  329.943177][  T975] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 2763, setting to 1024
[  329.965967][  T975] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[  330.036620][  T975] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  330.162616][  T975] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  330.206033][  T975] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  330.310920][  T975] usb 2-1: New USB device found, idVendor=03f0, idProduct=0004, bcdDevice= 0.40
[  330.402250][  T975] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.660674][  T975] usb 2-1: config 0 descriptor??
[  330.684370][ T8728] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  330.738651][  T975] usblp0: Disabling reads from problematic bidirectional printer
[  331.320174][  T975] usblp 2-1:0.0: usblp0: USB Unidirectional printer dev 14 if 0 alt 0 proto 3 vid 0x03F0 pid 0x0004
[  331.453978][  T975] usb 2-1: USB disconnect, device number 14
[  331.475009][  T975] usblp0: removed
[  331.573949][ T8757] binder: 8756:8757 ioctl c0306201 0 returned -14
[  332.321373][ T8763] FAULT_INJECTION: forcing a failure.
[  332.321373][ T8763] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  332.374385][ T8763] CPU: 1 UID: 0 PID: 8763 Comm: syz.1.777 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  332.374412][ T8763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  332.374422][ T8763] Call Trace:
[  332.374428][ T8763]  <TASK>
[  332.374436][ T8763]  dump_stack_lvl+0x241/0x360
[  332.374461][ T8763]  ? __pfx_dump_stack_lvl+0x10/0x10
[  332.374478][ T8763]  ? __pfx__printk+0x10/0x10
[  332.374503][ T8763]  ? __pfx_lock_release+0x10/0x10
[  332.374532][ T8763]  should_fail_ex+0x40a/0x550
[  332.374555][ T8763]  _copy_from_user+0x2d/0xb0
[  332.374573][ T8763]  memdup_user_nul+0x6c/0x100
[  332.374597][ T8763]  smk_write_rules_list+0x15a/0x450
[  332.374619][ T8763]  ? rcu_is_watching+0x15/0xb0
[  332.374643][ T8763]  ? __pfx_smk_write_rules_list+0x10/0x10
[  332.374665][ T8763]  ? smack_privileged_cred+0xb9/0x380
[  332.374687][ T8763]  ? __pfx_smk_write_change_rule+0x10/0x10
[  332.374711][ T8763]  vfs_write+0x29f/0xd10
[  332.374729][ T8763]  ? fdget_pos+0x254/0x320
[  332.374749][ T8763]  ? __mutex_unlock_slowpath+0x227/0x800
[  332.374772][ T8763]  ? __pfx_vfs_write+0x10/0x10
[  332.374786][ T8763]  ? do_sys_openat2+0x17a/0x1d0
[  332.374809][ T8763]  ? __fget_files+0x2a/0x410
[  332.374830][ T8763]  ? __fget_files+0x395/0x410
[  332.374847][ T8763]  ? __fget_files+0x2a/0x410
[  332.374877][ T8763]  ksys_write+0x18f/0x2b0
[  332.374895][ T8763]  ? __pfx_ksys_write+0x10/0x10
[  332.374912][ T8763]  ? do_syscall_64+0x100/0x230
[  332.374934][ T8763]  ? do_syscall_64+0xb6/0x230
[  332.374957][ T8763]  do_syscall_64+0xf3/0x230
[  332.374976][ T8763]  ? clear_bhb_loop+0x35/0x90
[  332.375001][ T8763]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.375021][ T8763] RIP: 0033:0x7f9bb2b8cd29
[  332.375036][ T8763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  332.375049][ T8763] RSP: 002b:00007f9bb39c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  332.375067][ T8763] RAX: ffffffffffffffda RBX: 00007f9bb2da5fa0 RCX: 00007f9bb2b8cd29
[  332.375079][ T8763] RDX: 000000000000000f RSI: 0000000020000340 RDI: 0000000000000003
[  332.375096][ T8763] RBP: 00007f9bb39c7090 R08: 0000000000000000 R09: 0000000000000000
[  332.375107][ T8763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  332.375116][ T8763] R13: 0000000000000000 R14: 00007f9bb2da5fa0 R15: 00007ffdcf7dd008
[  332.375144][ T8763]  </TASK>
[  337.097448][ T8807] overlay: ./file1 is not a directory
[  337.911938][ T8816] netlink: 24 bytes leftover after parsing attributes in process `syz.3.793'.
[  337.914885][  T975] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  338.144656][  T975] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  338.193731][  T975] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  338.212682][  T975] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  338.246842][  T975] usb 5-1: Product: syz
[  338.266052][  T975] usb 5-1: Manufacturer: syz
[  338.270825][  T975] usb 5-1: SerialNumber: syz
[  339.685244][  T975] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42
[  339.726811][  T975] cdc_ncm 5-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  339.782013][  T975] cdc_ncm 5-1:1.0: setting rx_max = 2048
[  339.915342][  T975] cdc_ncm 5-1:1.0: setting tx_max = 88
[  340.064283][  T975] cdc_ncm 5-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  340.472303][ T8842] kvm: user requested TSC rate below hardware speed
[  341.626665][ T8845] netlink: 4 bytes leftover after parsing attributes in process `syz.1.802'.
[  341.889016][ T8814] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  341.938727][ T8814] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  343.835776][    T9] usb 5-1: USB disconnect, device number 14
[  343.842462][    T9] cdc_ncm 5-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM (NO ZLP)
[  345.215618][ T8909] kvm: user requested TSC rate below hardware speed
[  346.569247][ T5135] Bluetooth: hci1: unexpected event for opcode 0x041b
[  347.233939][ T8921] netlink: 44 bytes leftover after parsing attributes in process `syz.2.817'.
[  347.534742][   T29] audit: type=1804 audit(1738034102.919:63): pid=8929 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.4.812" name="/newroot/156/file1" dev="fuse" ino=1 res=1 errno=0
[  347.559682][   T29] audit: type=1800 audit(1738034102.919:64): pid=8929 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.812" name="/" dev="fuse" ino=1 res=0 errno=0
[  347.585256][   T29] audit: type=1804 audit(1738034102.919:65): pid=8929 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.4.812" name="/newroot/156/file1" dev="fuse" ino=1 res=1 errno=0
[  347.605658][   T29] audit: type=1804 audit(1738034102.919:66): pid=8929 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.4.812" name="/newroot/156/file1" dev="fuse" ino=1 res=1 errno=0
[  347.625261][   T29] audit: type=1800 audit(1738034102.919:67): pid=8929 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.812" name="/" dev="fuse" ino=1 res=0 errno=0
[  350.532210][ T8955] kvm: user requested TSC rate below hardware speed
[  350.594373][ T5135] Bluetooth: hci0: ACL packet for unknown connection handle 201
[  351.505278][ T8953] netlink: 80 bytes leftover after parsing attributes in process `syz.1.822'.
[  352.503598][ T8963] sctp: [Deprecated]: syz.0.827 (pid 8963) Use of int in maxseg socket option.
[  352.503598][ T8963] Use struct sctp_assoc_value instead
[  353.127836][   T29] audit: type=1804 audit(1738034108.619:68): pid=8970 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.4.826" name="/newroot/157/file1" dev="fuse" ino=1 res=1 errno=0
[  353.177603][ T8949] overlayfs: failed to resolve './file1': -2
[  353.189520][   T29] audit: type=1800 audit(1738034108.619:69): pid=8970 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.826" name="/" dev="fuse" ino=1 res=0 errno=0
[  353.342783][   T29] audit: type=1804 audit(1738034108.619:70): pid=8970 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.4.826" name="/newroot/157/file1" dev="fuse" ino=1 res=1 errno=0
[  353.488718][ T5135] Bluetooth: hci0: unexpected event for opcode 0x2023
[  353.489215][  T975] kernel write not supported for file /sysvipc/msg (pid: 975 comm: kworker/1:2)
[  353.502969][   T29] audit: type=1804 audit(1738034108.619:71): pid=8970 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.4.826" name="/newroot/157/file1" dev="fuse" ino=1 res=1 errno=0
[  353.525790][   T29] audit: type=1800 audit(1738034108.619:72): pid=8970 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.826" name="/" dev="fuse" ino=1 res=0 errno=0
[  356.332627][    T9] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  357.080388][    T9] usb 3-1: Using ep0 maxpacket: 32
[  357.242702][    T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  357.275296][    T9] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  357.289611][    T9] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  357.313192][    T9] usb 3-1: Product: syz
[  357.317421][    T9] usb 3-1: Manufacturer: syz
[  357.322763][ T9005] sctp: [Deprecated]: syz.1.837 (pid 9005) Use of int in maxseg socket option.
[  357.322763][ T9005] Use struct sctp_assoc_value instead
[  357.352656][    T9] usb 3-1: SerialNumber: syz
[  357.379075][    T9] usb 3-1: config 0 descriptor??
[  357.393169][ T8990] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  357.482795][ T5900] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  357.638550][ T8990] netlink: 1 bytes leftover after parsing attributes in process `syz.2.834'.
[  357.642670][   T25] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  357.647806][ T8990] openvswitch: netlink: Actions may not be safe on all matching packets
[  357.675162][ T8990] netlink: 4 bytes leftover after parsing attributes in process `syz.2.834'.
[  357.684127][ T5900] usb 4-1: Using ep0 maxpacket: 16
[  357.690797][ T5900] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  357.711607][ T5900] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[  357.734191][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  357.759405][ T5900] usb 4-1: Product: syz
[  357.763980][ T5900] usb 4-1: Manufacturer: syz
[  357.768670][ T5900] usb 4-1: SerialNumber: syz
[  357.785747][ T5900] usb 4-1: config 0 descriptor??
[  357.796414][   T46] usb 3-1: USB disconnect, device number 21
[  357.801422][ T5900] dm9601 4-1:0.0: probe with driver dm9601 failed with error -22
[  357.826178][ T5900] sr9700 4-1:0.0: probe with driver sr9700 failed with error -22
[  358.017547][   T25] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  358.037290][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  358.045665][   T25] usb 1-1: Product: syz
[  358.049867][   T25] usb 1-1: Manufacturer: syz
[  358.062888][   T25] usb 1-1: SerialNumber: syz
[  358.094175][   T25] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  359.129144][  T975] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  359.366992][ T5900] usb 5-1: new full-speed USB device number 15 using dummy_hcd
[  360.094736][ T5900] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  360.206451][ T5900] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  360.224627][  T975] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  360.241677][  T975] ath9k_htc: Failed to initialize the device
[  360.245046][ T5900] usb 5-1: New USB device found, idVendor=056a, idProduct=0090, bcdDevice= 0.00
[  360.275301][ T5900] usb 5-1: New USB device strings: Mfr=0, Product=23, SerialNumber=0
[  360.285146][  T975] usb 1-1: ath9k_htc: USB layer deinitialized
[  360.300014][ T5900] usb 5-1: Product: syz
[  360.549919][ T5900] usb 5-1: config 0 descriptor??
[  360.967244][ T9041] netlink: 80 bytes leftover after parsing attributes in process `syz.1.847'.
[  361.017688][ T5900] wacom 0003:056A:0090.0004: ignoring exceeding usage max
[  361.055536][ T5900] wacom 0003:056A:0090.0004: hidraw0: USB HID v40.00 Device [syz] on usb-dummy_hcd.4-1/input0
[  361.847482][   T46] usb 4-1: USB disconnect, device number 16
[  361.933324][    T9] usb 1-1: USB disconnect, device number 25
[  362.001776][ T5900] usb 5-1: USB disconnect, device number 15
[  363.002715][ T6282] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  363.587946][ T9067] sctp: [Deprecated]: syz.2.854 (pid 9067) Use of int in maxseg socket option.
[  363.587946][ T9067] Use struct sctp_assoc_value instead
[  363.644185][ T6282] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  363.658166][ T6282] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  363.667590][ T6282] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  363.676073][ T6282] usb 5-1: Product: syz
[  363.680416][ T6282] usb 5-1: Manufacturer: syz
[  363.685297][ T6282] usb 5-1: SerialNumber: syz
[  363.747402][ T9070] FAULT_INJECTION: forcing a failure.
[  363.747402][ T9070] name failslab, interval 1, probability 0, space 0, times 0
[  363.760688][ T9070] CPU: 1 UID: 0 PID: 9070 Comm: syz.0.853 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  363.760711][ T9070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  363.760722][ T9070] Call Trace:
[  363.760728][ T9070]  <TASK>
[  363.760735][ T9070]  dump_stack_lvl+0x241/0x360
[  363.760768][ T9070]  ? __pfx_dump_stack_lvl+0x10/0x10
[  363.760785][ T9070]  ? __pfx__printk+0x10/0x10
[  363.760811][ T9070]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  363.760833][ T9070]  ? __pfx___might_resched+0x10/0x10
[  363.760857][ T9070]  should_fail_ex+0x40a/0x550
[  363.760882][ T9070]  should_failslab+0xac/0x100
[  363.760903][ T9070]  kmem_cache_alloc_node_noprof+0x77/0x380
[  363.760923][ T9070]  ? __alloc_skb+0x1c3/0x440
[  363.760949][ T9070]  __alloc_skb+0x1c3/0x440
[  363.760974][ T9070]  ? __pfx___alloc_skb+0x10/0x10
[  363.760995][ T9070]  ? queue_delayed_work_on+0x267/0x390
[  363.761016][ T9070]  ? queue_delayed_work_on+0x271/0x390
[  363.761038][ T9070]  rtmsg_ifa+0x1f0/0x3b0
[  363.761062][ T9070]  ? __pfx_rtmsg_ifa+0x10/0x10
[  363.761095][ T9070]  __inet_insert_ifa+0xa54/0xc90
[  363.761130][ T9070]  ? __pfx___inet_insert_ifa+0x10/0x10
[  363.761166][ T9070]  devinet_ioctl+0x126c/0x1ac0
[  363.761197][ T9070]  inet_ioctl+0x3d7/0x4f0
[  363.761216][ T9070]  ? __pfx_inet_ioctl+0x10/0x10
[  363.761235][ T9070]  ? __schedule+0x18c4/0x4c40
[  363.761269][ T9070]  ? tomoyo_path_number_perm+0x206/0x860
[  363.761291][ T9070]  ? packet_ioctl+0x287/0x350
[  363.761317][ T9070]  sock_do_ioctl+0x158/0x460
[  363.761340][ T9070]  ? __pfx_sock_do_ioctl+0x10/0x10
[  363.761368][ T9070]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  363.761396][ T9070]  sock_ioctl+0x626/0x8e0
[  363.761415][ T9070]  ? __pfx_sock_ioctl+0x10/0x10
[  363.761438][ T9070]  ? __pfx_sock_ioctl+0x10/0x10
[  363.761453][ T9070]  ? __pfx_sock_ioctl+0x10/0x10
[  363.761469][ T9070]  ? do_vfs_ioctl+0x152/0x2e40
[  363.761484][ T9070]  ? __se_sys_ioctl+0x8e/0x170
[  363.761497][ T9070]  ? __se_sys_ioctl+0xe6/0x170
[  363.761513][ T9070]  ? __pfx_sock_ioctl+0x10/0x10
[  363.761532][ T9070]  __se_sys_ioctl+0xf5/0x170
[  363.761550][ T9070]  do_syscall_64+0xf3/0x230
[  363.761569][ T9070]  ? clear_bhb_loop+0x35/0x90
[  363.761594][ T9070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  363.761614][ T9070] RIP: 0033:0x7fb50298cd29
[  363.761634][ T9070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  363.761648][ T9070] RSP: 002b:00007fb503842038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  363.761666][ T9070] RAX: ffffffffffffffda RBX: 00007fb502ba6160 RCX: 00007fb50298cd29
[  363.761678][ T9070] RDX: 00000000200000c0 RSI: 0000000000008916 RDI: 0000000000000007
[  363.761689][ T9070] RBP: 00007fb503842090 R08: 0000000000000000 R09: 0000000000000000
[  363.761699][ T9070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  363.761709][ T9070] R13: 0000000000000000 R14: 00007fb502ba6160 R15: 00007ffff84916a8
[  363.761736][ T9070]  </TASK>
[  365.000691][   T29] audit: type=1804 audit(1738034120.499:73): pid=9080 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.851" name="/newroot/195/file1" dev="fuse" ino=1 res=1 errno=0
[  365.257544][  T975] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  365.303218][ T6282] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42
[  365.350269][ T6282] cdc_ncm 5-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  365.365221][   T29] audit: type=1800 audit(1738034120.499:74): pid=9080 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.851" name="/" dev="fuse" ino=1 res=0 errno=0
[  365.418262][ T6282] cdc_ncm 5-1:1.0: setting rx_max = 2048
[  365.474356][   T29] audit: type=1804 audit(1738034120.499:75): pid=9080 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.851" name="/newroot/195/file1" dev="fuse" ino=1 res=1 errno=0
[  365.512716][  T975] usb 3-1: Using ep0 maxpacket: 32
[  365.522700][ T6282] cdc_ncm 5-1:1.0: setting tx_max = 88
[  365.538492][  T975] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  365.552223][ T6282] cdc_ncm 5-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  365.573758][  T975] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  365.583298][   T29] audit: type=1804 audit(1738034120.499:76): pid=9080 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.851" name="/newroot/195/file1" dev="fuse" ino=1 res=1 errno=0
[  365.613588][  T975] usb 3-1: config 0 descriptor??
[  365.631356][  T975] gspca_main: sunplus-2.14.0 probing 041e:400b
[  365.642734][   T29] audit: type=1800 audit(1738034120.499:77): pid=9080 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.851" name="/" dev="fuse" ino=1 res=0 errno=0
[  366.096565][ T9085] overlay: Unknown parameter 'subj_role'
[  366.117853][ T9085] overlayfs: missing 'lowerdir'
[  367.033559][  T975] gspca_sunplus: reg_w_riv err -110
[  367.061415][  T975] sunplus 3-1:0.0: probe with driver sunplus failed with error -110
[  367.100059][    T9] usb 5-1: USB disconnect, device number 16
[  367.106521][    T9] cdc_ncm 5-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM (NO ZLP)
[  367.242285][  T975] usb 3-1: USB disconnect, device number 22
[  367.810823][ T9095] overlayfs: failed to resolve './file1': -2
[  367.931326][ T9114] FAULT_INJECTION: forcing a failure.
[  367.931326][ T9114] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  367.993673][ T9114] CPU: 0 UID: 0 PID: 9114 Comm: syz.1.862 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  367.993699][ T9114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  367.993709][ T9114] Call Trace:
[  367.993715][ T9114]  <TASK>
[  367.993722][ T9114]  dump_stack_lvl+0x241/0x360
[  367.993747][ T9114]  ? __pfx_dump_stack_lvl+0x10/0x10
[  367.993763][ T9114]  ? __pfx__printk+0x10/0x10
[  367.993787][ T9114]  ? __pfx_lock_release+0x10/0x10
[  367.993815][ T9114]  should_fail_ex+0x40a/0x550
[  367.993837][ T9114]  _copy_from_user+0x2d/0xb0
[  367.993855][ T9114]  copy_msghdr_from_user+0xae/0x680
[  367.993878][ T9114]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  367.993894][ T9114]  ? __fget_files+0x2a/0x410
[  367.993916][ T9114]  ? __fget_files+0x2a/0x410
[  367.993940][ T9114]  __sys_sendmsg+0x209/0x350
[  367.993962][ T9114]  ? __pfx___sys_sendmsg+0x10/0x10
[  367.993990][ T9114]  ? do_sys_openat2+0x17a/0x1d0
[  367.994031][ T9114]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  367.994052][ T9114]  ? do_syscall_64+0x100/0x230
[  367.994072][ T9114]  ? do_syscall_64+0xb6/0x230
[  367.994091][ T9114]  do_syscall_64+0xf3/0x230
[  367.994110][ T9114]  ? clear_bhb_loop+0x35/0x90
[  367.994132][ T9114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  367.994150][ T9114] RIP: 0033:0x7f9bb2b8cd29
[  367.994164][ T9114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  367.994177][ T9114] RSP: 002b:00007f9bb39c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  367.994195][ T9114] RAX: ffffffffffffffda RBX: 00007f9bb2da5fa0 RCX: 00007f9bb2b8cd29
[  367.994206][ T9114] RDX: 0000000000000000 RSI: 0000000020002080 RDI: 0000000000000003
[  367.994215][ T9114] RBP: 00007f9bb39c7090 R08: 0000000000000000 R09: 0000000000000000
[  367.994224][ T9114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  367.994233][ T9114] R13: 0000000000000000 R14: 00007f9bb2da5fa0 R15: 00007ffdcf7dd008
[  367.994258][ T9114]  </TASK>
[  368.400432][ T9124] sctp: [Deprecated]: syz.2.866 (pid 9124) Use of int in maxseg socket option.
[  368.400432][ T9124] Use struct sctp_assoc_value instead
[  368.549031][ T9129] kvm: user requested TSC rate below hardware speed
[  369.087135][ T5135] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  369.581358][ T5135] Bluetooth: hci0: unexpected event for opcode 0x041b
[  369.588378][ T9132] netlink: 44 bytes leftover after parsing attributes in process `syz.0.865'.
[  371.502713][ T6282] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  371.686738][ T6282] usb 4-1: Using ep0 maxpacket: 32
[  371.713106][ T6282] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  371.752046][ T6282] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  371.778643][ T6282] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  371.815075][ T6282] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 2763, setting to 1024
[  371.849081][ T6282] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[  371.891223][ T6282] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  371.925422][ T9185] fuse: Unknown parameter '0x0000000000000004'
[  371.942753][ T6282] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  371.963491][   T29] audit: type=1800 audit(1738034127.459:78): pid=9185 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.878" name="file1" dev="tmpfs" ino=865 res=0 errno=0
[  371.983329][ T6282] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  372.025558][ T6282] usb 4-1: New USB device found, idVendor=03f0, idProduct=0004, bcdDevice= 0.40
[  372.388926][ T9190] overlayfs: failed to resolve './file0': -2
[  372.858043][ T6282] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.884546][ T6282] usb 4-1: config 0 descriptor??
[  372.892384][ T9161] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  372.902996][ T6282] usblp0: Disabling reads from problematic bidirectional printer
[  373.115550][ T9194] sctp: [Deprecated]: syz.2.880 (pid 9194) Use of int in maxseg socket option.
[  373.115550][ T9194] Use struct sctp_assoc_value instead
[  373.219822][ T6282] usblp 4-1:0.0: usblp0: USB Unidirectional printer dev 17 if 0 alt 0 proto 3 vid 0x03F0 pid 0x0004
[  373.313151][ T9197] kvm: user requested TSC rate below hardware speed
[  373.332357][ T5135] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  373.628526][ T6282] usb 4-1: USB disconnect, device number 17
[  373.821520][ T6282] usblp0: removed
[  374.395733][ T9210] netlink: 12 bytes leftover after parsing attributes in process `syz.3.884'.
[  375.884027][ T9227] netlink: 12 bytes leftover after parsing attributes in process `syz.0.889'.
[  375.915250][ T9204] overlayfs: failed to resolve './file1': -2
[  375.945624][ T9229] FAULT_INJECTION: forcing a failure.
[  375.945624][ T9229] name failslab, interval 1, probability 0, space 0, times 0
[  375.945647][ T9229] CPU: 0 UID: 0 PID: 9229 Comm: syz.3.888 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  375.945658][ T9229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  375.945664][ T9229] Call Trace:
[  375.945667][ T9229]  <TASK>
[  375.945672][ T9229]  dump_stack_lvl+0x241/0x360
[  375.945686][ T9229]  ? __pfx_dump_stack_lvl+0x10/0x10
[  375.945696][ T9229]  ? __pfx__printk+0x10/0x10
[  375.945717][ T9229]  should_fail_ex+0x40a/0x550
[  375.945730][ T9229]  should_failslab+0xac/0x100
[  375.945743][ T9229]  ? skb_clone+0x20c/0x390
[  375.945751][ T9229]  kmem_cache_alloc_noprof+0x70/0x380
[  375.945767][ T9229]  skb_clone+0x20c/0x390
[  375.945777][ T9229]  __netlink_deliver_tap+0x3cc/0x7f0
[  375.945805][ T9229]  ? netlink_deliver_tap+0x2e/0x1b0
[  375.945818][ T9229]  netlink_deliver_tap+0x19d/0x1b0
[  375.945832][ T9229]  netlink_unicast+0x7c4/0x990
[  375.945848][ T9229]  ? __pfx_netlink_unicast+0x10/0x10
[  375.945859][ T9229]  ? __virt_addr_valid+0x45f/0x530
[  375.945873][ T9229]  ? __phys_addr_symbol+0x2f/0x70
[  375.945885][ T9229]  ? __check_object_size+0x47a/0x730
[  375.945899][ T9229]  netlink_sendmsg+0x8e4/0xcb0
[  375.945918][ T9229]  ? __pfx_netlink_sendmsg+0x10/0x10
[  375.945938][ T9229]  ? __pfx_netlink_sendmsg+0x10/0x10
[  375.945954][ T9229]  __sock_sendmsg+0x221/0x270
[  375.945966][ T9229]  ____sys_sendmsg+0x52a/0x7e0
[  375.945984][ T9229]  ? __pfx_____sys_sendmsg+0x10/0x10
[  375.945996][ T9229]  ? __fget_files+0x2a/0x410
[  375.946010][ T9229]  ? __fget_files+0x2a/0x410
[  375.946026][ T9229]  __sys_sendmsg+0x269/0x350
[  375.946042][ T9229]  ? __pfx___sys_sendmsg+0x10/0x10
[  375.946062][ T9229]  ? do_sys_openat2+0x17a/0x1d0
[  375.946088][ T9229]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  375.946101][ T9229]  ? do_syscall_64+0x100/0x230
[  375.946115][ T9229]  ? do_syscall_64+0xb6/0x230
[  375.946128][ T9229]  do_syscall_64+0xf3/0x230
[  375.946139][ T9229]  ? clear_bhb_loop+0x35/0x90
[  375.946154][ T9229]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.946166][ T9229] RIP: 0033:0x7f2d3db8cd29
[  375.946175][ T9229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  375.946183][ T9229] RSP: 002b:00007f2d3e961038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  375.946194][ T9229] RAX: ffffffffffffffda RBX: 00007f2d3dda5fa0 RCX: 00007f2d3db8cd29
[  375.946200][ T9229] RDX: 0000000004080084 RSI: 00000000200007c0 RDI: 0000000000000003
[  375.946206][ T9229] RBP: 00007f2d3e961090 R08: 0000000000000000 R09: 0000000000000000
[  375.946212][ T9229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  375.946218][ T9229] R13: 0000000000000000 R14: 00007f2d3dda5fa0 R15: 00007ffe36094ce8
[  375.946232][ T9229]  </TASK>
[  376.193333][ T9231] fuse: Unknown parameter '0x0000000000000004'
[  376.208570][   T29] audit: type=1800 audit(1738034131.699:79): pid=9231 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.890" name="file1" dev="tmpfs" ino=977 res=0 errno=0
[  376.366123][ T5135] Bluetooth: hci4: unexpected event for opcode 0x041b
[  376.536060][ T9235] netlink: 44 bytes leftover after parsing attributes in process `syz.3.891'.
[  376.790908][ T9238] overlayfs: failed to resolve './file1': -2
[  378.094726][ T9259] kvm: user requested TSC rate below hardware speed
[  378.103993][ T5135] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  378.882966][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  378.883051][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  379.418566][ T9242] tty tty22: ldisc open failed (-12), clearing slot 21
[  380.082674][ T9271] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  380.089249][ T9271] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  380.370622][ T9271] vhci_hcd vhci_hcd.0: Device attached
[  380.442675][ T5135] Bluetooth: hci1: ISO packet for unknown connection handle 1024
[  380.542755][ T6282] vhci_hcd: vhci_device speed not set
[  380.602829][ T6282] usb 37-1: new full-speed USB device number 3 using vhci_hcd
[  380.862646][   T46] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  380.873551][ T9276] vhci_hcd: connection reset by peer
[  380.892540][ T8215] vhci_hcd: stop threads
[  380.896850][ T8215] vhci_hcd: release socket
[  380.906412][ T8215] vhci_hcd: disconnect device
[  380.949523][ T9290] overlayfs: failed to resolve './file1': -2
[  381.039480][   T46] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[  381.063407][   T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  381.075447][   T25] libceph: connect (1)[c::]:6789 error -101
[  381.115678][ T9298] netlink: 16 bytes leftover after parsing attributes in process `syz.0.906'.
[  381.125667][   T25] libceph: mon0 (1)[c::]:6789 connect error
[  381.157352][ T9298] gretap1: entered allmulticast mode
[  381.173135][   T46] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  381.182227][   T46] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  381.199188][   T25] libceph: connect (1)[c::]:6789 error -101
[  381.219988][ T9295] ceph: No mds server is up or the cluster is laggy
[  381.227340][   T25] libceph: mon0 (1)[c::]:6789 connect error
[  381.237297][   T46] usb 4-1: Manufacturer: syz
[  381.410991][   T46] usb 4-1: config 0 descriptor??
[  382.127268][   T25] libceph: connect (1)[c::]:6789 error -101
[  382.148736][   T25] libceph: mon0 (1)[c::]:6789 connect error
[  382.272648][   T46] rc_core: IR keymap rc-hauppauge not found
[  382.278610][   T46] Registered IR keymap rc-empty
[  382.343315][   T46] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  382.367712][   T46] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input14
[  382.417405][   T46] usb 4-1: USB disconnect, device number 18
[  382.919448][ T5135] Bluetooth: hci0: unexpected event for opcode 0x041b
[  383.653117][ T9327] netlink: 12 bytes leftover after parsing attributes in process `syz.4.911'.
[  383.881641][ T9319] netlink: 44 bytes leftover after parsing attributes in process `syz.0.910'.
[  385.435506][ T9355] binder: 9354:9355 ioctl c0306201 0 returned -14
[  385.760552][ T6282] vhci_hcd: vhci_device speed not set
[  389.272831][ T5135] Bluetooth: hci0: command 0x0c1a tx timeout
[  389.279032][ T9372] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  390.033557][ T9372] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  390.244258][ T9372] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  390.263068][ T9372] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  390.269448][ T9372] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  390.397983][ T9420] FAULT_INJECTION: forcing a failure.
[  390.397983][ T9420] name failslab, interval 1, probability 0, space 0, times 0
[  390.428768][ T9420] CPU: 0 UID: 0 PID: 9420 Comm: syz.3.936 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  390.428794][ T9420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  390.428803][ T9420] Call Trace:
[  390.428809][ T9420]  <TASK>
[  390.428816][ T9420]  dump_stack_lvl+0x241/0x360
[  390.428841][ T9420]  ? __pfx_dump_stack_lvl+0x10/0x10
[  390.428856][ T9420]  ? __pfx__printk+0x10/0x10
[  390.428888][ T9420]  should_fail_ex+0x40a/0x550
[  390.428910][ T9420]  should_failslab+0xac/0x100
[  390.428929][ T9420]  ? skb_clone+0x20c/0x390
[  390.428942][ T9420]  kmem_cache_alloc_noprof+0x70/0x380
[  390.428965][ T9420]  skb_clone+0x20c/0x390
[  390.428983][ T9420]  __netlink_deliver_tap+0x3cc/0x7f0
[  390.429014][ T9420]  ? netlink_deliver_tap+0x2e/0x1b0
[  390.429032][ T9420]  netlink_deliver_tap+0x19d/0x1b0
[  390.429053][ T9420]  netlink_unicast+0x7c4/0x990
[  390.429088][ T9420]  ? __pfx_netlink_unicast+0x10/0x10
[  390.429105][ T9420]  ? __virt_addr_valid+0x45f/0x530
[  390.429128][ T9420]  ? __phys_addr_symbol+0x2f/0x70
[  390.429148][ T9420]  ? __check_object_size+0x47a/0x730
[  390.429170][ T9420]  netlink_sendmsg+0x8e4/0xcb0
[  390.429206][ T9420]  ? __pfx_netlink_sendmsg+0x10/0x10
[  390.429239][ T9420]  ? __pfx_netlink_sendmsg+0x10/0x10
[  390.429257][ T9420]  __sock_sendmsg+0x221/0x270
[  390.429278][ T9420]  ____sys_sendmsg+0x52a/0x7e0
[  390.429307][ T9420]  ? __pfx_____sys_sendmsg+0x10/0x10
[  390.429324][ T9420]  ? __fget_files+0x2a/0x410
[  390.429347][ T9420]  ? __fget_files+0x2a/0x410
[  390.429374][ T9420]  __sys_sendmsg+0x269/0x350
[  390.429400][ T9420]  ? __pfx___sys_sendmsg+0x10/0x10
[  390.429434][ T9420]  ? do_sys_openat2+0x17a/0x1d0
[  390.429481][ T9420]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  390.429503][ T9420]  ? do_syscall_64+0x100/0x230
[  390.429526][ T9420]  ? do_syscall_64+0xb6/0x230
[  390.429548][ T9420]  do_syscall_64+0xf3/0x230
[  390.429567][ T9420]  ? clear_bhb_loop+0x35/0x90
[  390.429591][ T9420]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  390.429610][ T9420] RIP: 0033:0x7f2d3db8cd29
[  390.429626][ T9420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  390.429639][ T9420] RSP: 002b:00007f2d3e961038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  390.429658][ T9420] RAX: ffffffffffffffda RBX: 00007f2d3dda5fa0 RCX: 00007f2d3db8cd29
[  390.429669][ T9420] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[  390.429679][ T9420] RBP: 00007f2d3e961090 R08: 0000000000000000 R09: 0000000000000000
[  390.429689][ T9420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  390.429699][ T9420] R13: 0000000000000000 R14: 00007f2d3dda5fa0 R15: 00007ffe36094ce8
[  390.429725][ T9420]  </TASK>
[  390.429876][ T9420] IPv6: Can't replace route, no match found
[  390.832606][    T9] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  390.989932][ T9428] /dev/nullb0: Can't open blockdev
[  390.996035][    T9] usb 1-1: Using ep0 maxpacket: 32
[  391.012044][    T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  391.044928][    T9] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  391.061567][    T9] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  391.087870][    T9] usb 1-1: Product: syz
[  391.120775][    T9] usb 1-1: Manufacturer: syz
[  391.164419][    T9] usb 1-1: SerialNumber: syz
[  391.204877][    T9] usb 1-1: config 0 descriptor??
[  391.255908][ T9408] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  391.342872][ T5135] Bluetooth: hci2: command 0x0c1a tx timeout
[  391.477765][ T9408] netlink: 1 bytes leftover after parsing attributes in process `syz.0.933'.
[  391.490527][ T9408] openvswitch: netlink: Actions may not be safe on all matching packets
[  391.512830][ T9408] netlink: 4 bytes leftover after parsing attributes in process `syz.0.933'.
[  391.531108][ T9438] FAULT_INJECTION: forcing a failure.
[  391.531108][ T9438] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  391.591171][ T9438] CPU: 1 UID: 0 PID: 9438 Comm: syz.2.942 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  391.591198][ T9438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  391.591208][ T9438] Call Trace:
[  391.591214][ T9438]  <TASK>
[  391.591228][ T9438]  dump_stack_lvl+0x241/0x360
[  391.591252][ T9438]  ? __pfx_dump_stack_lvl+0x10/0x10
[  391.591268][ T9438]  ? __pfx__printk+0x10/0x10
[  391.591292][ T9438]  ? __pfx_lock_release+0x10/0x10
[  391.591319][ T9438]  should_fail_ex+0x40a/0x550
[  391.591342][ T9438]  _copy_from_user+0x2d/0xb0
[  391.591359][ T9438]  copy_msghdr_from_user+0xae/0x680
[  391.591383][ T9438]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  391.591400][ T9438]  ? __fget_files+0x2a/0x410
[  391.591423][ T9438]  ? __fget_files+0x2a/0x410
[  391.591453][ T9438]  __sys_sendmsg+0x209/0x350
[  391.591478][ T9438]  ? __pfx___sys_sendmsg+0x10/0x10
[  391.591510][ T9438]  ? do_sys_openat2+0x17a/0x1d0
[  391.591553][ T9438]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  391.591575][ T9438]  ? do_syscall_64+0x100/0x230
[  391.591597][ T9438]  ? do_syscall_64+0xb6/0x230
[  391.591618][ T9438]  do_syscall_64+0xf3/0x230
[  391.591637][ T9438]  ? clear_bhb_loop+0x35/0x90
[  391.591660][ T9438]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.591680][ T9438] RIP: 0033:0x7f0b5578cd29
[  391.591695][ T9438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  391.591708][ T9438] RSP: 002b:00007f0b56630038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  391.591726][ T9438] RAX: ffffffffffffffda RBX: 00007f0b559a6080 RCX: 00007f0b5578cd29
[  391.591738][ T9438] RDX: 0000000000008000 RSI: 00000000200004c0 RDI: 0000000000000005
[  391.591748][ T9438] RBP: 00007f0b56630090 R08: 0000000000000000 R09: 0000000000000000
[  391.591758][ T9438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  391.591768][ T9438] R13: 0000000000000001 R14: 00007f0b559a6080 R15: 00007fff3dcb3f98
[  391.591787][ T9438]  </TASK>
[  391.798192][    T9] usb 1-1: USB disconnect, device number 26
[  391.860852][ T9438] tmpfs: Unknown parameter 'q–oee'
[  391.912372][ T9439] tmpfs: Unknown parameter 'q–oee'
[  392.321879][ T5135] Bluetooth: hci4: command 0x0c1a tx timeout
[  392.330367][ T5135] Bluetooth: hci1: command 0x0c1a tx timeout
[  392.336964][ T5135] Bluetooth: hci3: command 0x0c1a tx timeout
[  392.405823][ T9449] netlink: 256 bytes leftover after parsing attributes in process `syz.2.944'.
[  394.398089][ T9470] RDS: rds_bind could not find a transport for ::ffff:10.1.1.0, load rds_tcp or rds_rdma?
[  394.537174][ T6282] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  394.909326][ T6282] usb 1-1: Using ep0 maxpacket: 16
[  394.933544][ T6282] usb 1-1: config 0 has an invalid interface number: 214 but max is 0
[  394.960474][ T6282] usb 1-1: config 0 has no interface number 0
[  395.000787][ T6282] usb 1-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64
[  395.024512][ T6282] usb 1-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  395.042716][ T6282] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  395.066810][ T6282] usb 1-1: Product: syz
[  395.071026][ T6282] usb 1-1: Manufacturer: syz
[  395.112110][ T9466] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  395.192175][ T6282] usb 1-1: SerialNumber: syz
[  395.210051][ T6282] usb 1-1: config 0 descriptor??
[  395.443292][   T46] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  395.629474][ T6282] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.214/input/input15
[  395.700547][   T46] usb 5-1: Using ep0 maxpacket: 32
[  395.718398][   T46] usb 5-1: no configurations
[  396.472616][   T46] usb 5-1: can't read configurations, error -22
[  396.622613][   T46] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  396.862747][ T5870] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  396.862747][   T46] usb 5-1: Using ep0 maxpacket: 32
[  396.896070][   T46] usb 5-1: no configurations
[  396.915408][   T46] usb 5-1: can't read configurations, error -22
[  396.939118][   T46] usb usb5-port1: attempt power cycle
[  397.212678][ T5870] usb 4-1: Using ep0 maxpacket: 32
[  397.221098][ T5870] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  397.239437][ T5870] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  397.256831][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  397.278867][ T5870] usb 4-1: Product: syz
[  397.283142][   T25] usb 1-1: USB disconnect, device number 27
[  397.347104][ T5870] usb 4-1: Manufacturer: syz
[  397.360131][ T5870] usb 4-1: SerialNumber: syz
[  397.386237][ T5870] usb 4-1: config 0 descriptor??
[  397.395187][ T9503] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  397.431511][   T46] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  397.456962][   T46] usb 5-1: Using ep0 maxpacket: 32
[  397.539756][   T46] usb 5-1: no configurations
[  397.587897][   T46] usb 5-1: can't read configurations, error -22
[  397.627890][ T9503] netlink: 1 bytes leftover after parsing attributes in process `syz.3.957'.
[  397.636879][ T9503] openvswitch: netlink: Actions may not be safe on all matching packets
[  397.658282][ T9503] netlink: 4 bytes leftover after parsing attributes in process `syz.3.957'.
[  397.866169][ T5900] usb 4-1: USB disconnect, device number 19
[  398.704294][   T46] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  399.016913][   T46] usb 5-1: device descriptor read/8, error -71
[  399.255714][   T46] usb usb5-port1: unable to enumerate USB device
[  401.610495][   T46] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  401.630840][   T29] audit: type=1804 audit(1738034157.019:80): pid=9557 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.968" name="/newroot/187/file1" dev="fuse" ino=1 res=1 errno=0
[  401.782814][ T9562] kvm: user requested TSC rate below hardware speed
[  401.795791][ T9446] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  401.837174][   T29] audit: type=1800 audit(1738034157.019:81): pid=9557 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.968" name="/" dev="fuse" ino=1 res=0 errno=0
[  401.883784][   T46] usb 1-1: Using ep0 maxpacket: 16
[  402.018790][   T46] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  402.149637][   T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  402.178014][   T29] audit: type=1804 audit(1738034157.019:82): pid=9557 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.968" name="/newroot/187/file1" dev="fuse" ino=1 res=1 errno=0
[  402.263601][   T46] usb 1-1: Product: syz
[  402.293276][   T46] usb 1-1: Manufacturer: syz
[  402.298031][   T46] usb 1-1: SerialNumber: syz
[  402.400917][   T29] audit: type=1804 audit(1738034157.019:83): pid=9557 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.968" name="/newroot/187/file1" dev="fuse" ino=1 res=1 errno=0
[  402.435969][   T46] r8152-cfgselector 1-1: Unknown version 0x0000
[  402.437057][ T9446] Bluetooth: hci2: unexpected event for opcode 0x041b
[  402.442360][   T46] r8152-cfgselector 1-1: config 0 descriptor??
[  402.444644][   T29] audit: type=1800 audit(1738034157.019:84): pid=9557 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.968" name="/" dev="fuse" ino=1 res=0 errno=0
[  402.619323][ T9567] netlink: 44 bytes leftover after parsing attributes in process `syz.1.970'.
[  403.070105][   T46] r8152-cfgselector 1-1: Unknown version 0x0000
[  403.081424][   T46] r8152-cfgselector 1-1: bad CDC descriptors
[  403.108635][   T46] r8152-cfgselector 1-1: USB disconnect, device number 28
[  404.253220][ T9584] kvm: user requested TSC rate below hardware speed
[  404.464310][ T5900] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  404.776415][ T9580] ubi0: attaching mtd0
[  404.973528][ T9580] ubi0: scanning is finished
[  404.978478][ T9580] ==================================================================
[  404.986533][ T9580] BUG: KASAN: slab-use-after-free in notifier_chain_register+0x141/0x3f0
[  404.994942][ T9580] Read of size 4 at addr ffff88807f34d8d8 by task syz.3.974/9580
[  405.002673][ T9580] 
[  405.004999][ T9580] CPU: 1 UID: 0 PID: 9580 Comm: syz.3.974 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  405.005014][ T9580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  405.005022][ T9580] Call Trace:
[  405.005029][ T9580]  <TASK>
[  405.005034][ T9580]  dump_stack_lvl+0x241/0x360
[  405.005050][ T9580]  ? __pfx_dump_stack_lvl+0x10/0x10
[  405.005062][ T9580]  ? __pfx__printk+0x10/0x10
[  405.005078][ T9580]  ? _printk+0xd5/0x120
[  405.005091][ T9580]  ? __virt_addr_valid+0x183/0x530
[  405.005107][ T9580]  ? __virt_addr_valid+0x183/0x530
[  405.005121][ T9580]  print_report+0x169/0x550
[  405.005134][ T9580]  ? __virt_addr_valid+0x183/0x530
[  405.005147][ T9580]  ? __virt_addr_valid+0x183/0x530
[  405.005162][ T9580]  ? __virt_addr_valid+0x45f/0x530
[  405.005177][ T9580]  ? __phys_addr+0xba/0x170
[  405.005190][ T9580]  ? notifier_chain_register+0x141/0x3f0
[  405.005203][ T9580]  kasan_report+0x143/0x180
[  405.005216][ T9580]  ? notifier_chain_register+0x141/0x3f0
[  405.005229][ T9580]  notifier_chain_register+0x141/0x3f0
[  405.005242][ T9580]  blocking_notifier_chain_register+0x61/0xc0
[  405.005255][ T9580]  ubi_wl_init+0x3396/0x3720
[  405.005273][ T9580]  ubi_attach+0x3e01/0x5b80
[  405.005296][ T9580]  ? __pfx_ubi_attach+0x10/0x10
[  405.005313][ T9580]  ubi_attach_mtd_dev+0x1a3a/0x3540
[  405.005332][ T9580]  ctrl_cdev_ioctl+0x346/0x570
[  405.005349][ T9580]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  405.005366][ T9580]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  405.005381][ T9580]  __se_sys_ioctl+0xf5/0x170
[  405.005392][ T9580]  do_syscall_64+0xf3/0x230
[  405.005406][ T9580]  ? clear_bhb_loop+0x35/0x90
[  405.005423][ T9580]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  405.005438][ T9580] RIP: 0033:0x7f2d3db8cd29
[  405.005450][ T9580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  405.005459][ T9580] RSP: 002b:00007f2d3e940038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  405.005471][ T9580] RAX: ffffffffffffffda RBX: 00007f2d3dda6080 RCX: 00007f2d3db8cd29
[  405.005480][ T9580] RDX: 0000000020000502 RSI: 0000000040186f40 RDI: 0000000000000006
[  405.005488][ T9580] RBP: 00007f2d3dc0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  405.005495][ T9580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  405.005502][ T9580] R13: 0000000000000000 R14: 00007f2d3dda6080 R15: 00007ffe36094ce8
[  405.005513][ T9580]  </TASK>
[  405.005517][ T9580] 
[  405.243286][ T9580] Allocated by task 9495:
[  405.247624][ T9580]  kasan_save_track+0x3f/0x80
[  405.252282][ T9580]  __kasan_kmalloc+0x98/0xb0
[  405.256853][ T9580]  __kmalloc_node_track_caller_noprof+0x28b/0x4c0
[  405.263252][ T9580]  krealloc_noprof+0x10f/0x2f0
[  405.267997][ T9580]  copy_verifier_state+0x8ef/0xef0
[  405.273099][ T9580]  do_check+0x452a/0xfa40
[  405.277420][ T9580]  do_check_common+0x1b4a/0x2030
[  405.282343][ T9580]  bpf_check+0x59f7/0x1c150
[  405.286834][ T9580]  bpf_prog_load+0x1664/0x20e0
[  405.291585][ T9580]  __sys_bpf+0x4ee/0x810
[  405.295821][ T9580]  __x64_sys_bpf+0x7c/0x90
[  405.300222][ T9580]  do_syscall_64+0xf3/0x230
[  405.304709][ T9580]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  405.310587][ T9580] 
[  405.312895][ T9580] Freed by task 9495:
[  405.316852][ T9580]  kasan_save_track+0x3f/0x80
[  405.321507][ T9580]  kasan_save_free_info+0x40/0x50
[  405.326514][ T9580]  __kasan_slab_free+0x59/0x70
[  405.331254][ T9580]  kfree+0x196/0x430
[  405.335133][ T9580]  do_check_common+0xbbb/0x2030
[  405.339965][ T9580]  bpf_check+0x59f7/0x1c150
[  405.344448][ T9580]  bpf_prog_load+0x1664/0x20e0
[  405.349190][ T9580]  __sys_bpf+0x4ee/0x810
[  405.353409][ T9580]  __x64_sys_bpf+0x7c/0x90
[  405.357814][ T9580]  do_syscall_64+0xf3/0x230
[  405.362313][ T9580]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  405.368188][ T9580] 
[  405.370490][ T9580] The buggy address belongs to the object at ffff88807f34c000
[  405.370490][ T9580]  which belongs to the cache kmalloc-8k of size 8192
[  405.384523][ T9580] The buggy address is located 6360 bytes inside of
[  405.384523][ T9580]  freed 8192-byte region [ffff88807f34c000, ffff88807f34e000)
[  405.398472][ T9580] 
[  405.400775][ T9580] The buggy address belongs to the physical page:
[  405.407172][ T9580] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7f348
[  405.415913][ T9580] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  405.424391][ T9580] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  405.431910][ T9580] page_type: f5(slab)
[  405.435873][ T9580] raw: 00fff00000000040 ffff88801ac42280 ffffea00015ee200 dead000000000004
[  405.444435][ T9580] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  405.453023][ T9580] head: 00fff00000000040 ffff88801ac42280 ffffea00015ee200 dead000000000004
[  405.461669][ T9580] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  405.470331][ T9580] head: 00fff00000000003 ffffea0001fcd201 ffffffffffffffff 0000000000000000
[  405.478980][ T9580] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  405.487626][ T9580] page dumped because: kasan: bad access detected
[  405.494026][ T9580] page_owner tracks the page as allocated
[  405.499721][ T9580] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5490, tgid 5490 (dhcpcd), ts 190616600407, free_ts 190608065020
[  405.520554][ T9580]  post_alloc_hook+0x1f4/0x240
[  405.525314][ T9580]  get_page_from_freelist+0x3651/0x37a0
[  405.530839][ T9580]  __alloc_frozen_pages_noprof+0x292/0x710
[  405.536622][ T9580]  alloc_pages_mpol+0x311/0x660
[  405.541456][ T9580]  allocate_slab+0x8f/0x3a0
[  405.545943][ T9580]  ___slab_alloc+0xc27/0x14a0
[  405.550601][ T9580]  __slab_alloc+0x58/0xa0
[  405.554911][ T9580]  __kmalloc_node_track_caller_noprof+0x2e9/0x4c0
[  405.561305][ T9580]  kmalloc_reserve+0x111/0x2a0
[  405.566049][ T9580]  __alloc_skb+0x1f3/0x440
[  405.570448][ T9580]  netlink_dump+0x1ee/0xe10
[  405.574936][ T9580]  netlink_recvmsg+0x6ec/0x11a0
[  405.579768][ T9580]  sock_recvmsg+0x22f/0x280
[  405.584262][ T9580]  ____sys_recvmsg+0x1c6/0x480
[  405.589006][ T9580]  __sys_recvmsg+0x291/0x390
[  405.593584][ T9580]  do_syscall_64+0xf3/0x230
[  405.598071][ T9580] page last free pid 5829 tgid 5829 stack trace:
[  405.604371][ T9580]  free_frozen_pages+0xe04/0x10e0
[  405.609379][ T9580]  __put_partials+0x160/0x1c0
[  405.614041][ T9580]  put_cpu_partial+0x17c/0x250
[  405.618779][ T9580]  __slab_free+0x290/0x380
[  405.623172][ T9580]  qlist_free_all+0x9a/0x140
[  405.627739][ T9580]  kasan_quarantine_reduce+0x14f/0x170
[  405.633173][ T9580]  __kasan_slab_alloc+0x23/0x80
[  405.638004][ T9580]  kmem_cache_alloc_noprof+0x1d9/0x380
[  405.643450][ T9580]  ptlock_alloc+0x20/0x70
[  405.647759][ T9580]  pte_alloc_one+0x73/0x160
[  405.652241][ T9580]  __pte_alloc+0x79/0x220
[  405.656549][ T9580]  copy_pmd_range+0x6fb4/0x77a0
[  405.661382][ T9580]  copy_page_range+0x99f/0xe90
[  405.666125][ T9580]  copy_mm+0x1279/0x2110
[  405.670345][ T9580]  copy_process+0x1845/0x3d50
[  405.675001][ T9580]  kernel_clone+0x223/0x870
[  405.679484][ T9580] 
[  405.681784][ T9580] Memory state around the buggy address:
[  405.687389][ T9580]  ffff88807f34d780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  405.695429][ T9580]  ffff88807f34d800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  405.703485][ T9580] >ffff88807f34d880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  405.711521][ T9580]                                                     ^
[  405.718449][ T9580]  ffff88807f34d900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  405.726488][ T9580]  ffff88807f34d980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  405.734527][ T9580] ==================================================================
[  405.757229][ T5900] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  406.246587][ T9580] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  406.253834][ T9580] CPU: 1 UID: 0 PID: 9580 Comm: syz.3.974 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  406.264083][ T9580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  406.274124][ T9580] Call Trace:
[  406.277388][ T9580]  <TASK>
[  406.280300][ T9580]  dump_stack_lvl+0x241/0x360
[  406.284961][ T9580]  ? __pfx_dump_stack_lvl+0x10/0x10
[  406.290139][ T9580]  ? __pfx__printk+0x10/0x10
[  406.294714][ T9580]  ? preempt_schedule+0xe1/0xf0
[  406.299545][ T9580]  ? vscnprintf+0x5d/0x90
[  406.303860][ T9580]  panic+0x349/0x880
[  406.307747][ T9580]  ? check_panic_on_warn+0x21/0xb0
[  406.312850][ T9580]  ? __pfx_panic+0x10/0x10
[  406.317249][ T9580]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  406.323222][ T9580]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  406.329544][ T9580]  ? print_report+0x502/0x550
[  406.334203][ T9580]  check_panic_on_warn+0x86/0xb0
[  406.339126][ T9580]  ? notifier_chain_register+0x141/0x3f0
[  406.344742][ T9580]  end_report+0x77/0x160
[  406.348962][ T9580]  kasan_report+0x154/0x180
[  406.353463][ T9580]  ? notifier_chain_register+0x141/0x3f0
[  406.359091][ T9580]  notifier_chain_register+0x141/0x3f0
[  406.364538][ T9580]  blocking_notifier_chain_register+0x61/0xc0
[  406.370588][ T9580]  ubi_wl_init+0x3396/0x3720
[  406.375181][ T9580]  ubi_attach+0x3e01/0x5b80
[  406.379682][ T9580]  ? __pfx_ubi_attach+0x10/0x10
[  406.384532][ T9580]  ubi_attach_mtd_dev+0x1a3a/0x3540
[  406.389734][ T9580]  ctrl_cdev_ioctl+0x346/0x570
[  406.394491][ T9580]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  406.399768][ T9580]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  406.405044][ T9580]  __se_sys_ioctl+0xf5/0x170
[  406.409639][ T9580]  do_syscall_64+0xf3/0x230
[  406.414132][ T9580]  ? clear_bhb_loop+0x35/0x90
[  406.418798][ T9580]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.424695][ T9580] RIP: 0033:0x7f2d3db8cd29
[  406.429099][ T9580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  406.448691][ T9580] RSP: 002b:00007f2d3e940038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  406.457098][ T9580] RAX: ffffffffffffffda RBX: 00007f2d3dda6080 RCX: 00007f2d3db8cd29
[  406.465082][ T9580] RDX: 0000000020000502 RSI: 0000000040186f40 RDI: 0000000000000006
[  406.473065][ T9580] RBP: 00007f2d3dc0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  406.481020][ T9580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  406.488970][ T9580] R13: 0000000000000000 R14: 00007f2d3dda6080 R15: 00007ffe36094ce8
[  406.496930][ T9580]  </TASK>
[  406.500189][ T9580] Kernel Offset: disabled
[  406.504497][ T9580] Rebooting in 86400 seconds..