last executing test programs:

28m5.465160736s ago: executing program 1 (id=278):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd7000fcdbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x0)
write$nci(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="610609d002f70106034902fc"], 0xc)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, &(0x7f0000000080)={0x1})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f7410262e66f36d0f330f09660f3a0cb90000a6752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x31}], 0x1, 0x4498bda7e2139f37, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
creat(&(0x7f0000000400)='./file0\x00', 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r7, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r7, &(0x7f0000002100)={0x2020, 0x0, <r8=>0x0}, 0x2020)
write$FUSE_INIT(r7, &(0x7f0000000100)={0x50, 0x0, r8, {0x7, 0x1f, 0x3000}}, 0x50)
syz_fuse_handle_req(r7, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf08003d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x0, {0x0, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r9 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x1a3)
ioctl$sock_inet_SIOCSARP(r9, 0x40806685, &(0x7f00000002c0)={{0x2, 0x4e21, @multicast2}, {0x1, @random="89a08d8ed953"}, 0x8, {0x2, 0x4e20, @private=0xa010101}, 'rose0\x00'})
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x7, 0x108000, 0x40, 0x0, 0xe0, 0x2004cc, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x3, 0x8, 0x200004, 0x0, 0x3, 0xfffffffffffffffd, 0x1], 0x80a0000})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

28m1.368891737s ago: executing program 1 (id=288):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x40002, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5202)

28m0.13889288s ago: executing program 1 (id=292):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

27m59.913824495s ago: executing program 1 (id=296):
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x54d})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001440)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="cf0400000000fcffffff12000000080003008d4f7419a1b48ad542052fa42ad052f21e0dc8ade021729139a12629866fd448883789a05b33e7cf996cf2b4dbdf5184908cc479ac2f6eb4c429c0e0f27413989831670271029b080cf36b39d38dfa010ec5c3e06c19f5c0ed1f514fe2d780a7a3b567224b767bede71bcaf7a26ec5af7642d32c0a428f87db6212b97527cfe4b7c6ed6c841e89cb927d7148afca95ac7a9659436ad174a77ff3e2", @ANYRES32=r3, @ANYBLOB="0a00060008021100000100000c0081000500020007000000"], 0x34}}, 0x0)
io_setup(0x2, &(0x7f0000000000)=<r4=>0x0)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
r5 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r5, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
mount$9p_unix(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=unix'])
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000380)="15c05ea450c1000f0d2a31d2b8f83f7992ca40e3c466563ab4acb0b0b74caf8bdee3b0b761a234cea2574cb842d0bcd1ff47dabfcb258c1dac39cdb686d7d47c4a29ee35f8b891e0f1eff4b26a0c4830fbf684d37b5d5369b13dbb2e2298e753914f0e480c5857d8b987fbe25830a9ba8ff23add902e9db8689f83e72a0524c4c08d0c4a30f4c6364b22dde906287be3da2123c8865a09bde56fcb82a8e367a8a4e8453cd547ce183580a5ea7822486e606835dfcda753438845ca78d53c1e9a924a099e04bfcda3c1f5790d911f0b633922c224fe92e2939d4d2217e851d39048088cb65d4b12abc7d0d6ff235388fcee74394867f3fb63e4026be711090cbd195ea32ad7ba5dcc2a06c67d58580f4859577f524ffe78b63399dd0357ac3ad879cfbc3d79e2e29bb473cf42eec4e70151b1220ceacccd2e99f2a05eaaab1f011b4f3c186014adf68d5de8c3b613dba3cb335c5ddde100b2acd326bad3a5bca7028a5ef0cf3cd32c5336b43f26c5efb6fc5f998017c457d1a1d5ceedcc00cd02e984de01dd9d22f435aaff7440191c63e12333830ed568c90acd2b4a8cc8f69b5cd5209a529207e449f868be516835a62ec2a485705f768bcf9b7fcac477cbc6afe5cb9cf2c65a9f5daf92d118c339f62f5c67f691f8f8be12d6b191e567dd78bd0be66fab57442b92d02475c2f59294a76319454c66559905523f45971d282ec92ef274994c144e7658942206b6f2163a655c07c47a2100e0e39931f7c29abcccf4b74c78ab0ce94cf987c2ced4a18f97b79f0425f0c8e89f33b8c44172479f7add9374e7a8de3dca07ea417991e58417f8052c4783b80bb227855e038c2bf16429d7ac1fddf00edddda5deb2121e4f71426e2356267688d804e66b8cd551ce9aac17fa224c92fa28ee8e10be89d2cd4ac343aa276abbce2e0260854c1495678cd0582c3ba0b559b9ff809657d5f8f291e0a99cf7a6fbb82105278a5638bcc6f63d0bb1dec7373013ca7ed8fa6d325ab9e9c35cca8f7fc33ee197bdd63d87fa833ca698eb582f43e0f0c0b7b9604ab799e1d46ccab4142a9a5e52cc59299e377ded9fee8c1b7e8a1aab3cb868df8b8996ff0dbf1bed909d9440d0695f25518460440361c7921ee3f65af12b510325d4df8e18b5df5b3ea9366f117013a264ea98236dfc4f379b90b87632dc18c96e3613b425fb68e30bc33f35eefc4a854efee3bb23dce6a450e21179a5deb713d48448e37c26aa989423a8bae1fc8bedeb981f2d80e70639c22bfca847d42f74d6a37fbdb902c7ef7b2bedc94c38bbdd8aed1c86dca4bed561492c17c6169827b8609ae82e360d3c53612ce0b9533b147cfa7df0d179d9cbd24fefd5444d4f46efb8268fbd22763699d905e1b84bd9c8701bdf98eba1f9ec84b46d3d55d7d6f3a0691db6bfb56d532139110c3b4c80b0fba68dba7b27fed1995d23031da4358ed0ccfa21720f4d03a64e269975013033a63a6f629bff86768ced4d2711e92c991c80e0c73a955abf5030b9a7ebd6922f7be3dfc5fec40c2486d1795be4d465a6370c4db169ba63a5d0a0e2f8bbc9f940f738640528bf487d32811bd458f5b33c9b896340c2e85708a531c6abab9ca151cfa079ff30f4d2b681e01d307cafd12d7c8250be32a5d7cf21615eb56c8847771351801332a1aaa62d4533d80ac5caa062a2e521b3232776e01370b176caa3c4181c8a71954e14fd4b303fd2be6c665963ee3deb1327a04f54ab53d541d122a1148a643d8ae06e0930c2c794f176d4ac95bbdf2342120bb5bbb2b7cec3a1eb6c5a2d3a75e2fb5523addb3991a2922179a28d87375673cdfa8abb634a8d74ddf155c60905d350d78533b919a472706f628e5f2432be668e0539cbcfe4e4e826b4939fbd875f25ed89033120795fa437dde714c5b432c878214e2130cc273dfe03ddb4f9eda0f6d5e230ea4c1fb123a984ca8e3771c543add81bc7c2eb3db81b04c0fbcd67a18a7a76eb9b8bb7d7fc9fc625af2f92b51050115fb8502fa09052351715a6bdbb81dd725fdad791918452b5ad2605a60e9b85b6696d7b21d4544b199f455d09fe99c77859f28c15902ddd7749610007983fe6a820f3ea20ce4a5951f2821cbed21a61627a50539baa7145f94594471e4052cfea351d8b13ccac545f99b241bbc701e76cfee7ca7ee55cc9a4cdf41569abef38a885dabbf3e5dda79e74207e59b02f3f9f4a7991a798ddbacdaa7b56c7284986705e399ad2f04c39e07d6df70fd3b85213baa60825bbbadbc71eb1557c3ccc790fc3143d5cc6e054338474ce40db319a117f72244d705dcbcfd0d7d66cfdedf97c315684c121e1574fbf39f0d2704bba3ac668efd4d56a513785a1c307fcfb49cba7a543778e6a2c1baa05742e56c234d6e2d91334030637894265c60f781f27ad1342d2935b8ac549ee112c2e665718b7388441d3168790e7a2028520f155a26da9209d38b2317ead18c26130fb6bf668893e2367d0a077d6d442414e64aae982c4d905c023f1e9594bc6a77abfeaf8fd2f68f595d9974cb6027fd3f4deef78c7806e9940488820e1c05766abb7c0ec83d8c4ac7a5f4b370a8cb10c9181517f934b9e4fd279bb7ecf570fb9e0a79652b73225cd8b49c4f8ce9b5c903a21df6d0ec57175ccc6a72735f45926387892f026ebfca6dfeee859f7c00cac25b4a92b25cce2bcb1c14d4f2095dadda9bcd4732d354bfbf7329044e5afe36baf38ff50f305954cd3bcfc1fe5d64228222dea844dfcc81fa31bc547132f6fb9a7f6cfe383f813a53a72010a143d3c5266064d0157985f6284b7040f8fd82583f172132f347ffa707f8b318c51e26f6927aa6ccb8e0834d8753452f8a35c475516414c7c5620d96dc4f722d58feb7a00fcd0411c485d9c6a964575a7967f506cb61544a0626baa89caea25b0ebfc6088d28ea667d1b90d842a6d26006943c15fffeb9e680d76c2e47bc4b89d298da970dfabe2b3fae49f39f944bfb4c3639f2df933778187d5bd399a389d249281dd17573b094c6bf590ef5a288f4bf42a0ac2d227b03a7500a6ef8bbc9586cd183e655d54f349759e5d8a548f7c1af99ceca105f24344d166d01deb436b71c253a7f33f688b120a9a0dba088e98c33e962cbf65efa6f947623a24e68370f8cb87feb095d891e062f51d6015983ed0dbec14a84f54ffc933ad1c2183660f54cec8c9f8f33c2c4ef59c6ece45eadd6812f2a6776523f43772334bab66df606da3a8d176acd875225f2f330e70ca2fab18f4b28a781bf7ee308b302fc6210abf95a8ac7ed30d2dfcd8e6ac7e9f527a0c52ee81817a27301310f25745365bebd4182ca4f25a6ae107f14b9929b41b3c8e716ccff7d489956577d3ea5f5ceb2d18ff890b19ede32b75b0efcb5312318453261155d2f646b4d1ccda8fd038e248710c4c90b57a9314331339ac204ed7f4a0137f24d0e6aed4879414ee30030f0d4c720955cd499b44fb77f7335c66b03c3a0c1fe4e1141ed59ad87c0fda81afb5cdb797bd6438f8dfcce444081912cedc68b9d73424643e04b6ad45b2cf2263e75e66b5c9bd6524c72cff7ea9135314aaf503b2347831f28d1f538be9428b4109c23f551bc8a450a741343a53eec72c26749d1262786c7bbcf81b72d56e8072d543e954461890c61d4e868fedb4e7ca309a97bb2b9df0e73c627bd3562c0ad1dfccefc258a92ce6f3be1c45cacc7a89548f316082ba33a6e73827cbb85d21d6f1cb7aec6cccc715a6dec2133e81a4d293c49850f6c22e32848de05b78953d37e1704f869a27609dae858ada5fb93d5fe2b2b4cdab8fa019fb22aad61e27e507741d2ebcef037cc961ce6c344de774c2c4d1b011374f00c01cccd03430cd9403d4cebbe9373b1d1e6b418f686c690211fba9f7c259908ce83354cd8b3394d6a855a981f73d917858887a540bcf065e9f7ee1fb5257ceb0a8689993cf9b9457be856c48aaa574e0bd0597b96145f2d0230547586b1581b74b49efa46e5f39723824f2fc9cc2f851fe5c1fee38d3ea07be43b130fdfc966d909051fca3b1701af61ffe6261b41fd91c3532feeaa29c16e83af1bf953abecc201e66f267f131acdbf6f73702d62e93a8c946685bd92928508209bf2c77e5e7bf03d669f24304a2af92286c44cfc9cf5c2e5d748cda18e7b844345fd107154f91b0bf78e22096152934fbdf59bf05fa8220ed6d4300d2422295e689feb4c38c112ed9a25793aad3a2dac45abb2a24332b36cdbb9b8843ff1957fae010bc2d82d1ef381c1f38a44c4b8307f58877d423a11c468e79ac826cca496929a5c8233f4ce01c8e433cd3166bebf1eb501fa06af5a4df90c62c014493f8918b2c8cba93b657dd13c93bc7a286f1bdde15d04d7997182e33ac8871084ea1ddca30c0273655b40a64a008f54eee1daa66f9bb61ba34bc8fcfa5b70485c4eb22b197d9e611663c88bde82c2dde20aa7a46db5ddf0e746252a14656b95dd24f940a9a7b43a94fa1e5b93dca599cfe946c5d064407ab050d8a6657a62acfd3492ae498e1c0b10cbeaa30cbb9e4eac78433f6b77b34fb4250cc0442af9a1f69b8655c6213f2ace1ba48b826a121a933ed10d3f6ca7cd833eff1ede0d8387c66667215517e5956b7b916293431c67be08aa7817b371cca31577a127bd876042ffe38d4a01818ed1ec3c61daca19189e1e8782518a944eda11b4c50db2bb095db3d9b02229f206187c17414c094c0051962b37bc268aad8fef8e74580333dd89d30e87f38a55d35adebe5ba67415f1a5df823d507c13980bed0091534a76695cdd018fdbdc86b0a23cd4f5f6b3a0ec20a3134cc560cbaa316fef6e903dbfd51e46802e65b5c152a576306c1007fc8f281c54b30cd92cc41066f8f1d8d28d118dfafc56a599db2983b560a2d17c8c121eed2ac8b99b7bbdde63fbd94d267cfcd24b844c83175475419a94334f6745b761661f0673390a79a762822a39250ca722c3cad3c4adbb23bdc0a59e330e57be70e8fd2b7e41b4db585142da3034c197ebf14e979899087ae7bf0cf5c3311eda0382bdd9193a6129a0d0c310a1d7ee4b41ec77276dadb36561b7bbda4e486fe5270a098572d47d24b97557c109d0394d95d1442c437f0eb7bc73614067e247f885ba42671f70cc9fe51f3795f66e9ae2a64c621c89d2b008560db5e4c5107bed280bebb691c5e3260ae035d168b6d7fa2bb9cbc6059109f71fbf412bf25ca7d8342a14718b6a8d6ac438697b34a728717945f8f7bf1f4c922f610d330268276c0358916be25bb58e654ca26afe41c4d860d108343647fc821196efca6c10046f0779eff1f251083bbb76c4a898aafd12ec5aa6b8ae3763af73c5be25f6eececc907989ab4815286b7496670b08a5bb54e3138746a98a4cc5a742f45f85ce837e003f20ba0f4bd8bc9ff48f4120cce3157589d873fa58553f45556c458ab3f2818a12f9b684156b469460c689d7c1d0265b8e3b5e9d5879d8a05ae7eb141637e74640595bdfc54bb1cd341498fdff429af869379c78910fae7c117102500f8728f12ddec3a72e218a2a0ad2c3a77029c990f1bc1dd093dc0ba2123181eab4c7298046e187fc903e99e69e33a92f362a21ab32b217fbe14de84982841fff5a98de510b734973c2a7588f3002508d78c1844904d86d48790c67cb4a42a91eaf3df57b741ddd94f1f22df201058ff81be512a587a855b7c3b3bdb1fbe2e4b0853a253f411db381db0b84066cb796f873f04cb78cc02f45233eac10e539488794c7da321ddc40d2153", 0x1000}, {&(0x7f0000000240)="31c417602cb55b9847ba3c163c12a573427ceb86684447b84905bad04c20ca1d78fa57a876b254554f6be543f3919073a0f09983f80511f58b9a9904233d239f325181fe5ae23e894d7e1f4e8303360ca39e7ca1cc9562da64240d6e9caa08f3f3222ea4e5ac91578554c715a838341d5e5111c076550d3aa772ee24dc88570f9e33b5223f26d0ac4732506fb47fb0d57de9b8b772ebfdbfd9", 0x99}, {&(0x7f0000001380)="871230781188a7e8a3d4f2ac3180d2c23db0d663514c770f955e98024bb7a332baf1757f12bbb6fe69969af474a236eaef901ed432d07dcafe4194cb9f933b0453e77e62b67278bd906a36b2838dcc2de6d2af503afc9ff2feff39558e8b28afab1a3f8c340379a5c6d28ab4a421298cea759b2196d78518a61c2cfa9866e04d99f7ca12becb079b58970af2", 0x8c}], 0x3)
r6 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000100), 0x80100, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f00000000c0)={0x7ff, 0x7, 0x6, 0xa5e2}, 0x10)
r7 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
r8 = socket$kcm(0x2, 0x2, 0x73)
bind$inet(r8, &(0x7f00000000c0)={0x2, 0x4e22, @empty}, 0x10)
r9 = socket$kcm(0x2, 0x2, 0x73)
bind$inet(r9, &(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10)
ioctl$DRM_IOCTL_SET_VERSION(r6, 0xc0106407, &(0x7f0000000140)={0x5, 0x61, 0xfffffff7, 0x1000})
syz_clone3(&(0x7f0000000300)={0x23800000, &(0x7f0000000040)=<r10=>0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_submit(r4, 0x1, &(0x7f0000000180)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x1, r10, 0x0}])

27m59.720676464s ago: executing program 1 (id=297):
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000200)={0x0, &(0x7f0000000100)=[@code={0x1, 0x71, {"440f083636420f218866baf80cb8fb3a4d82ef66bafc0cb09fee66baf80cb8beb3d781ef66bafc0c66b8010066ef410fc7be77c85711c401b572e20066b8df000f00d8b9af030000b8cf090000ba000000000f30670f6489c95a0000440f01c4"}}], 0x71})
ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000000)={[{0x3cd2ef60, 0xfffd, 0x1, 0xff, 0x8, 0x80, 0x8, 0xb, 0x90, 0x0, 0x7, 0x7, 0x3c5baf4e}, {0xa9, 0xd9, 0x0, 0x2, 0x7, 0x8, 0x5, 0x6, 0xe, 0x1, 0x3, 0x9, 0xf2}, {0x7fffffff, 0x4, 0xc, 0x2, 0x0, 0x2, 0x7, 0x0, 0x9, 0x4, 0x8, 0x4, 0x2}], 0x7})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f0000000080)={0xe0003, 0x0, {[0x8, 0x2, 0x81, 0xffffffffefffff15, 0x3, 0x4, 0x8000003, 0x4]}})
ioctl$KVM_RUN(r2, 0xae80, 0xe00000000000000)

27m59.353824859s ago: executing program 1 (id=300):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
userfaultfd(0x80001) (async)
r0 = userfaultfd(0x80001)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x5a8})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) (async)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f0000001080)=[{{&(0x7f0000000580)=@can, 0x80, &(0x7f0000000240)=[{&(0x7f0000000640)=""/133, 0x85}, {&(0x7f0000000100)=""/61, 0x3d}, {&(0x7f0000000700)=""/105, 0x69}, {&(0x7f0000000780)=""/84, 0x54}], 0x4}, 0xfffffff5}, {{0x0, 0x0, 0xffffffffffffffff}, 0x6}, {{&(0x7f00000008c0)=@isdn, 0x80, &(0x7f0000000c00)=[{&(0x7f0000000940)=""/229, 0xe5}, {&(0x7f0000000a40)=""/117, 0x75}, {&(0x7f0000000ac0)=""/81, 0x51}, {&(0x7f0000000b40)=""/153, 0x99}, {&(0x7f0000000800)=""/5, 0x5}], 0x5, &(0x7f0000000c80)=""/117, 0x75}, 0x7}, {{&(0x7f0000000d00)=@caif=@dbg, 0x80, &(0x7f0000000fc0)=[{&(0x7f0000000d80)=""/225, 0xe1}, {&(0x7f0000000e80)=""/50, 0x32}, {&(0x7f0000000ec0)=""/212, 0xd4}], 0x3, &(0x7f0000001000)=""/80, 0x50}, 0x8}], 0x4, 0x2, 0x0) (async)
recvmmsg(r2, &(0x7f0000001080)=[{{&(0x7f0000000580)=@can, 0x80, &(0x7f0000000240)=[{&(0x7f0000000640)=""/133, 0x85}, {&(0x7f0000000100)=""/61, 0x3d}, {&(0x7f0000000700)=""/105, 0x69}, {&(0x7f0000000780)=""/84, 0x54}], 0x4}, 0xfffffff5}, {{0x0, 0x0, 0xffffffffffffffff}, 0x6}, {{&(0x7f00000008c0)=@isdn, 0x80, &(0x7f0000000c00)=[{&(0x7f0000000940)=""/229, 0xe5}, {&(0x7f0000000a40)=""/117, 0x75}, {&(0x7f0000000ac0)=""/81, 0x51}, {&(0x7f0000000b40)=""/153, 0x99}, {&(0x7f0000000800)=""/5, 0x5}], 0x5, &(0x7f0000000c80)=""/117, 0x75}, 0x7}, {{&(0x7f0000000d00)=@caif=@dbg, 0x80, &(0x7f0000000fc0)=[{&(0x7f0000000d80)=""/225, 0xe1}, {&(0x7f0000000e80)=""/50, 0x32}, {&(0x7f0000000ec0)=""/212, 0xd4}], 0x3, &(0x7f0000001000)=""/80, 0x50}, 0x8}], 0x4, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x7, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x7, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001180)=@bpf_lsm={0xd, 0x5, &(0x7f0000001240)=ANY=[@ANYBLOB="660a00001800000061917c000000fcff182a0000", @ANYRES32, @ANYBLOB="000000000e0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x7ff, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
bind$inet6(r6, 0x0, 0x0) (async)
bind$inet6(r6, 0x0, 0x0)
quotactl$Q_SETQUOTA(0xffffffff80000802, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0xffffffffffffffff, &(0x7f0000000280)={0x3, 0x2, 0x80000000, 0x5, 0x7f, 0xb2c, 0x4, 0xffff, 0x710}) (async)
quotactl$Q_SETQUOTA(0xffffffff80000802, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0xffffffffffffffff, &(0x7f0000000280)={0x3, 0x2, 0x80000000, 0x5, 0x7f, 0xb2c, 0x4, 0xffff, 0x710})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000004c0)={&(0x7f00007a3000/0x4000)=nil, &(0x7f0000514000/0x1000)=nil, &(0x7f00009af000/0x3000)=nil, &(0x7f0000651000/0x1000)=nil, &(0x7f00002e5000/0x3000)=nil, &(0x7f0000854000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000061e000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f000001b000/0x3000)=nil, &(0x7f0000060000/0x1000)=nil, &(0x7f00000003c0)="0d4a66a18cb59d9da605b0162864a34035b8cc079d3a03ea7abce0d5b3d3611485146a1a21044a9b21a386f213c3657b0809d669e1d52cee547e78aee1ac5e7090d9d3de015971edfa53409430dba481b626934ffc805faae2f9c2deeb8fdf859f2eee8693dd8d197255559173cd6216dddc08557c4dfc30d2365a8520226e575cf8e920fde8a7bc858182cee470c842747543aaf11455d0baf142790cdd2bfda595e4113ecd03aef983019bb95f34721699e350c05f29f59777a9107809ecdecc7f73c589b713e504ad89ccb2ef2ed4befe508c862f113910b804d4a109e2e733bc5a976c241c1ba1b6eb80d6070f8653c4566e73c522be252f71bec7", 0xfd, r5}, 0x68)
mkdirat(0xffffffffffffff9c, 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdir(0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r7, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x480, @loopback}})
ioctl$sock_inet_SIOCSIFADDR(r7, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @broadcast}})
ioctl$sock_inet_SIOCSIFADDR(r7, 0x8916, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x4e21, @empty}})
syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000600)=ANY=[@ANYRES8=r7], 0x0) (async)
syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000600)=ANY=[@ANYRES8=r7], 0x0)

27m58.089742348s ago: executing program 32 (id=300):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
userfaultfd(0x80001) (async)
r0 = userfaultfd(0x80001)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x5a8})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) (async)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f0000001080)=[{{&(0x7f0000000580)=@can, 0x80, &(0x7f0000000240)=[{&(0x7f0000000640)=""/133, 0x85}, {&(0x7f0000000100)=""/61, 0x3d}, {&(0x7f0000000700)=""/105, 0x69}, {&(0x7f0000000780)=""/84, 0x54}], 0x4}, 0xfffffff5}, {{0x0, 0x0, 0xffffffffffffffff}, 0x6}, {{&(0x7f00000008c0)=@isdn, 0x80, &(0x7f0000000c00)=[{&(0x7f0000000940)=""/229, 0xe5}, {&(0x7f0000000a40)=""/117, 0x75}, {&(0x7f0000000ac0)=""/81, 0x51}, {&(0x7f0000000b40)=""/153, 0x99}, {&(0x7f0000000800)=""/5, 0x5}], 0x5, &(0x7f0000000c80)=""/117, 0x75}, 0x7}, {{&(0x7f0000000d00)=@caif=@dbg, 0x80, &(0x7f0000000fc0)=[{&(0x7f0000000d80)=""/225, 0xe1}, {&(0x7f0000000e80)=""/50, 0x32}, {&(0x7f0000000ec0)=""/212, 0xd4}], 0x3, &(0x7f0000001000)=""/80, 0x50}, 0x8}], 0x4, 0x2, 0x0) (async)
recvmmsg(r2, &(0x7f0000001080)=[{{&(0x7f0000000580)=@can, 0x80, &(0x7f0000000240)=[{&(0x7f0000000640)=""/133, 0x85}, {&(0x7f0000000100)=""/61, 0x3d}, {&(0x7f0000000700)=""/105, 0x69}, {&(0x7f0000000780)=""/84, 0x54}], 0x4}, 0xfffffff5}, {{0x0, 0x0, 0xffffffffffffffff}, 0x6}, {{&(0x7f00000008c0)=@isdn, 0x80, &(0x7f0000000c00)=[{&(0x7f0000000940)=""/229, 0xe5}, {&(0x7f0000000a40)=""/117, 0x75}, {&(0x7f0000000ac0)=""/81, 0x51}, {&(0x7f0000000b40)=""/153, 0x99}, {&(0x7f0000000800)=""/5, 0x5}], 0x5, &(0x7f0000000c80)=""/117, 0x75}, 0x7}, {{&(0x7f0000000d00)=@caif=@dbg, 0x80, &(0x7f0000000fc0)=[{&(0x7f0000000d80)=""/225, 0xe1}, {&(0x7f0000000e80)=""/50, 0x32}, {&(0x7f0000000ec0)=""/212, 0xd4}], 0x3, &(0x7f0000001000)=""/80, 0x50}, 0x8}], 0x4, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x7, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x7, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001180)=@bpf_lsm={0xd, 0x5, &(0x7f0000001240)=ANY=[@ANYBLOB="660a00001800000061917c000000fcff182a0000", @ANYRES32, @ANYBLOB="000000000e0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x7ff, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
bind$inet6(r6, 0x0, 0x0) (async)
bind$inet6(r6, 0x0, 0x0)
quotactl$Q_SETQUOTA(0xffffffff80000802, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0xffffffffffffffff, &(0x7f0000000280)={0x3, 0x2, 0x80000000, 0x5, 0x7f, 0xb2c, 0x4, 0xffff, 0x710}) (async)
quotactl$Q_SETQUOTA(0xffffffff80000802, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0xffffffffffffffff, &(0x7f0000000280)={0x3, 0x2, 0x80000000, 0x5, 0x7f, 0xb2c, 0x4, 0xffff, 0x710})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000004c0)={&(0x7f00007a3000/0x4000)=nil, &(0x7f0000514000/0x1000)=nil, &(0x7f00009af000/0x3000)=nil, &(0x7f0000651000/0x1000)=nil, &(0x7f00002e5000/0x3000)=nil, &(0x7f0000854000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000061e000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f000001b000/0x3000)=nil, &(0x7f0000060000/0x1000)=nil, &(0x7f00000003c0)="0d4a66a18cb59d9da605b0162864a34035b8cc079d3a03ea7abce0d5b3d3611485146a1a21044a9b21a386f213c3657b0809d669e1d52cee547e78aee1ac5e7090d9d3de015971edfa53409430dba481b626934ffc805faae2f9c2deeb8fdf859f2eee8693dd8d197255559173cd6216dddc08557c4dfc30d2365a8520226e575cf8e920fde8a7bc858182cee470c842747543aaf11455d0baf142790cdd2bfda595e4113ecd03aef983019bb95f34721699e350c05f29f59777a9107809ecdecc7f73c589b713e504ad89ccb2ef2ed4befe508c862f113910b804d4a109e2e733bc5a976c241c1ba1b6eb80d6070f8653c4566e73c522be252f71bec7", 0xfd, r5}, 0x68)
mkdirat(0xffffffffffffff9c, 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdir(0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r7, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x480, @loopback}})
ioctl$sock_inet_SIOCSIFADDR(r7, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @broadcast}})
ioctl$sock_inet_SIOCSIFADDR(r7, 0x8916, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x4e21, @empty}})
syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000600)=ANY=[@ANYRES8=r7], 0x0) (async)
syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000600)=ANY=[@ANYRES8=r7], 0x0)

2m27.382724908s ago: executing program 3 (id=6039):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)={0x30, r1, 0x105, 0xffffffff, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x8, 0x49, [0xfac06]}]]}, 0x30}, 0x1, 0x0, 0x0, 0x810}, 0x0)

2m27.35466442s ago: executing program 3 (id=6040):
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000007200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x237, &(0x7f0000000380)={0x0, 0x262e, 0x10100, 0x0, 0x170}, &(0x7f00000002c0)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r4, 0x708, 0x41e3, 0x0, 0x0, 0x0)
io_setup(0x8, &(0x7f0000000680)=<r7=>0x0)
io_pgetevents(r7, 0x2, 0x51, &(0x7f0000000100), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r1}, 0x10)
r8 = socket$inet(0x2b, 0x801, 0x0)
setsockopt$inet_tcp_int(r8, 0x6, 0x9, &(0x7f0000000040)=0xb, 0x4)

2m25.702753627s ago: executing program 3 (id=6045):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x82084, 0x0)
ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000100)={0xfffffffc, 0x3, 0x2, 0x9, 0x9, "ea7174ddcf0fc7010002f7ffd2a2d97500", 0x2, 0x1})
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x30, r2, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0xc, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x7}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x30}}, 0x0)
pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r3, 0x5760, 0x14)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r3, 0x100000000000f7)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r4}, 0x10)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000025000a20000000000a01030000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000003740000001e0a01020000000000000000010000000900020073797a32000000003400038030000080090006400000000024000b80200001800700010063740000140002"], 0xe4}}, 0x0)
r7 = openat$cgroup_ro(r5, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r7, &(0x7f0000000200)=0x1, 0x12)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0/file0\x00', 0x0)
bpf$MAP_LOOKUP_ELEM(0x2, 0x0, 0x0)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = openat$cgroup_ro(r8, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r9, &(0x7f0000000100)=0x1, 0x12)
ioctl$KDDELIO(r3, 0x4b35, 0x7fffffff)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')

2m25.388229955s ago: executing program 3 (id=6047):
r0 = syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1000, 0x5cc}, &(0x7f0000000300)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/201, 0xc9}], 0x1)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0xc, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1})
io_uring_enter(r0, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)

2m24.229785443s ago: executing program 3 (id=6050):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x10008)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f00000004c0)={0x18}, 0x18)
write$FUSE_INIT(r2, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x29, 0x20200}}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x4014, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})
r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
read$FUSE(r3, &(0x7f0000004200)={0x2020}, 0x2020) (fail_nth: 2)

2m23.816350782s ago: executing program 3 (id=6052):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x600, 0x0)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
eventfd(0x3c)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bfe000/0x400000)=nil)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
close(0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xd, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
migrate_pages(0x0, 0x3, 0x0, &(0x7f0000000300)=0xa)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
io_setup(0x6, &(0x7f0000000140)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000600)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0xfffd, r4, 0x0}])
setsockopt$inet6_tcp_int(r4, 0x6, 0x19, &(0x7f0000000200)=0x4, 0x4)
pipe2(&(0x7f0000000140)={<r6=>0xffffffffffffffff}, 0xb1dc326431916e94)
ioctl$KVM_SET_DEVICE_ATTR_vm(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x4, 0x5, &(0x7f0000000180)=0xfffffffffffff053})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x3, &(0x7f0000000940)=ANY=[], &(0x7f0000000240)='syzkaller\x00'}, 0x94)
semctl$IPC_INFO(0x0, 0x1, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r3}, 0x47b056bdbfed964d)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xb, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000006020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2m8.772768882s ago: executing program 33 (id=6052):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x600, 0x0)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
eventfd(0x3c)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bfe000/0x400000)=nil)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
close(0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xd, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
migrate_pages(0x0, 0x3, 0x0, &(0x7f0000000300)=0xa)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
io_setup(0x6, &(0x7f0000000140)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000600)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0xfffd, r4, 0x0}])
setsockopt$inet6_tcp_int(r4, 0x6, 0x19, &(0x7f0000000200)=0x4, 0x4)
pipe2(&(0x7f0000000140)={<r6=>0xffffffffffffffff}, 0xb1dc326431916e94)
ioctl$KVM_SET_DEVICE_ATTR_vm(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x4, 0x5, &(0x7f0000000180)=0xfffffffffffff053})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x3, &(0x7f0000000940)=ANY=[], &(0x7f0000000240)='syzkaller\x00'}, 0x94)
semctl$IPC_INFO(0x0, 0x1, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r3}, 0x47b056bdbfed964d)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xb, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000006020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

38.618229749s ago: executing program 4 (id=6374):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x18, &(0x7f0000000040), 0x4)
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4, r0})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x83, 0x2, 0x3, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff01, 0x6, 0x5, 0x7, 0x5, 0x6, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0x10, 0x5, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x20003, 0x8, 0x4c74, 0x10000, 0x242, 0x3, 0xe, 0x4, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x18e, 0x200006, 0x6, 0x454f, 0x6, 0x80004, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x0, 0x8, 0x8000, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432f6, 0xc8, 0xf1, 0xe, 0x2bf, 0x6c7, 0x2, 0xfffffffc, 0x5, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x1, 0x66abcbd2, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0xfffff575, 0x5f31, 0xd, 0x4e0, 0x381, 0x4, 0xb, 0x4, 0x9, 0x8, 0x5, 0x6, 0x47, 0x6, 0x1, 0xfe000000, 0x8, 0x2, 0x4, 0x9, 0x3, 0x3, 0x4000009, 0x6, 0x0, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffd, 0x100, 0x4, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0xfffffffa, 0xb, 0x5, 0x2, 0x2, 0x400003, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x4, 0x1000, 0x5, 0xb1, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x1c, 0x120000, 0x200807ff, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x4, 0x6, 0x6, 0x0, 0xb9, 0xce4, 0x1ff, 0x2, 0x4184, 0x5, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0x1, 0x2000002, 0x14c, 0x60a7, 0x6, 0xa, 0xffffffff, 0x80000000, 0x5, 0x5, 0xc8, 0x1, 0xfffff000, 0xffff, 0x0, 0x7e, 0x100, 0x9622, 0x7, 0xaf, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x530e, 0x6c1b, 0x0, 0x4, 0x5, 0x803, 0xd7, 0x200, 0xb, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)="01", 0xffffffffffffff89}])
r3 = semget$private(0x0, 0x5, 0x0)
semop(r3, &(0x7f0000000180)=[{0x3, 0x44cf, 0x800}], 0x1f4)
r4 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x700})
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r4, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000000)={0x2, 0x3, 0xffffe000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
rt_sigprocmask(0x0, &(0x7f00000000c0)={[0xffffffffffffffff]}, 0x0, 0x8)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x4)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100)
r8 = inotify_init1(0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='\x00\r1\rs'])
chdir(&(0x7f00000000c0)='./file0\x00')
inotify_add_watch(r8, &(0x7f00000004c0)='./file0\x00', 0x80000000)
inotify_add_watch(r8, &(0x7f0000000080)='./file0\x00', 0x20000004)
mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil)
semctl$IPC_INFO(r3, 0x4, 0x3, &(0x7f0000000000)=""/160)

37.938079645s ago: executing program 4 (id=6376):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0x100000, @private1={0xfc, 0x1, '\x00', 0x1}, 0x3}], 0x1c)
getpeername(r3, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000100)={0xf0f027, 0x1})
unshare(0x2c020400)
ioctl$VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045613, &(0x7f0000000200)=0x1)
r5 = syz_io_uring_setup(0x10a, &(0x7f0000000380)={0x0, 0x5885, 0x100, 0x0, 0x25}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000240))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r5, 0x351e, 0x483, 0x0, 0x0, 0x0)

36.484108132s ago: executing program 4 (id=6378):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$rds(r1, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0xf00}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x39}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
ioprio_set$uid(0x3, 0x0, 0x0)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x100000530)
sendmsg$rds(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xffffffffffffff29, 0x0, 0x0, 0x5855}, 0x40)
bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0xffffffff, 0x3}, 0x20)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x12)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r5, 0x0, 0x0)

35.290042749s ago: executing program 4 (id=6380):
r0 = socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x6, &(0x7f0000000180)=0x2000004)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
keyctl$setperm(0x5, 0x0, 0x30925)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x137)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x123481, 0x1a7)
socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x4e21, @multicast2}, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_procfs(r3, &(0x7f0000000180)='syscall\x00')
sendmsg$netlink(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000120021030000000000bc61682a00968008001d001d"], 0x1c}], 0x1, 0x0, 0x0, 0x7000000}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

34.430455814s ago: executing program 4 (id=6385):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
syz_emit_ethernet(0x66, &(0x7f0000000280)=ANY=[@ANYBLOB="bbd28ddcfbbbaaaaaaaaaa0086dd60003a0400047300f58000000000000000000000000000bbff020000000000000000000000000001"], 0x0)
dup3(r1, r0, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsopen(&(0x7f00000002c0)='hostfs\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000280)='./bus\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x16, 0x18, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000730000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0xc3100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)=@generic={&(0x7f0000000180)='./file1/file0/file0\x00', 0x0, 0x18}, 0x18)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})

33.091741029s ago: executing program 4 (id=6388):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0x100000, @private1={0xfc, 0x1, '\x00', 0x1}, 0x3}], 0x1c)
getpeername(r3, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000100)={0xf0f027, 0x1})
unshare(0x2c020400)
ioctl$VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045613, &(0x7f0000000200)=0x1)
r5 = syz_io_uring_setup(0x10a, &(0x7f0000000380)={0x0, 0x5885, 0x100, 0x0, 0x25}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000240))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r5, 0x351e, 0x483, 0x0, 0x0, 0x0)

19.017353535s ago: executing program 0 (id=6422):
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000580)={0x67b6, <r0=>0x0}, 0x8)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xa, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r0}, 0x94)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r3=>0x0})
connect$can_bcm(r2, &(0x7f0000000140)={0x1d, r3}, 0x10)
sendmsg$can_bcm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)={0x5, 0x182, 0x9, {0x77359400}, {}, {0x2, 0x0, 0x1}, 0x1, @can={{0x4, 0x1, 0x1, 0x1}, 0x5, 0x1, 0x0, 0x0, "c251541693f8cfd1"}}, 0x48}, 0x1, 0x0, 0x0, 0x40801}, 0x400c844)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10)
r5 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r7, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

18.972335006s ago: executing program 0 (id=6423):
syz_open_procfs(0x0, &(0x7f0000000040)='comm\x00')
r0 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r0, 0x84, 0xd, &(0x7f0000000000), 0x8)

18.906302598s ago: executing program 0 (id=6424):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f000068f000/0x2000)=nil, 0x2000, 0x16)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0d03000000000000000013"], 0x30}}, 0x0)
rt_tgsigqueueinfo(0x0, 0x0, 0x11, 0x0)

18.652990623s ago: executing program 0 (id=6425):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0xe89b1ba254ccdb64, 0xb5, 0xa9c1, 0xeffffdff, 0x0, [{0x0, 0x80}, {0x9, 0x5, 0x0, '\x00', 0x10}, {0xfc, 0x4}, {0xfe, 0x90, 0x3, '\x00', 0xff}, {0x8, 0x2, 0x5, '\x00', 0x9}, {0x0, 0x60}, {0x0, 0x85, 0xbe}, {0x0, 0x6, 0x2, '\x00', 0xb9}, {0x0, 0x6, 0x0, '\x00', 0xff}, {0xc, 0x4, 0xfe, '\x00', 0x42}, {0x0, 0x2}, {0x4, 0x50, 0xb}, {0x2, 0x0, 0x31, '\x00', 0x3}, {0x1, 0x4d}, {0x2, 0x2, 0x4, '\x00', 0xfe}, {0x0, 0x3}, {0x1, 0x0, 0x4, '\x00', 0x4}, {0x0, 0x0, 0x0, '\x00', 0xdd}, {0x1, 0x3, 0x7, '\x00', 0x6}, {0x80, 0x0, 0xe, '\x00', 0x7}, {0x5, 0xe5}, {0x0, 0x40, 0x0, '\x00', 0x70}, {0x1, 0x0, 0xfe, '\x00', 0xe}, {0x10, 0x83, 0xe, '\x00', 0xf4}]}})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0a00000004000000080000000104000000000000", @ANYRES32, @ANYBLOB="fdffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000fdffffff0000000000000000000000000000000000000000c1edee8435e3bbfa8dddeba5df97824e29691831f1631ab9e73e670ddbd8898d61ded76e582de9bbabc8326d250c2453d8c7fcf9b75240c020bc712fbabc308e2f4f68dad0f33d32cf219fe44e80769cd5bc454cd84f3b"], 0x50)
rmdir(&(0x7f0000000440)='./file0\x00')
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r7, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x24, 0x0, 0x300, 0x70bd28, 0x25dfdbfe, {{}, {}, {0x8, 0x11, 0x4}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4004041}, 0x800)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x8, 0x7, 0x4000000000000e51, 0xfffffffffffffffe, 0x5479, 0x1035, 0x200000000006, 0x0, 0x32a, 0xfffffffffffffffe, 0x1ff, 0x7f, 0xfff, 0x9, 0x800100068], 0x2000, 0x80cd4})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x6, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffff6f70, 0x0, 0x0, 0x0, 0x1}, [@map_idx_val={0x18, 0x0, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x5}, @ldst={0x1, 0x0, 0x4, 0xa9ba87f36e113d1e, 0x3, 0x30, 0xfffffffffffffff0}]}, &(0x7f0000000080)='syzkaller\x00', 0x4, 0xa0, &(0x7f00000000c0)=""/160, 0x41100, 0x60, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x4, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x1, 0x1, 0x5, 0xa}, 0x10, 0x0, 0x0, 0x2, &(0x7f00000002c0)=[r3, r3, r3, r3, r3, r3], &(0x7f0000000300)=[{0x2, 0x4, 0x8, 0x7}, {0x2, 0x3, 0xf}], 0x10, 0x8}, 0x94)
ioctl$FAT_IOCTL_GET_ATTRIBUTES(r3, 0x80047210, &(0x7f0000000480))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000000)='f2fs_unlink_enter\x00', r8, 0x0, 0x4}, 0x18)

18.302882438s ago: executing program 0 (id=6427):
r0 = syz_open_dev$video(&(0x7f0000000040), 0x8, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0xf0, 0x32, 0x205, 0x70bd2d, 0x25dfdbfc, {}, [{0xc9}]}, 0xf0}, 0x1, 0x0, 0x0, 0x85}, 0x8000)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40086602, &(0x7f0000000000))
symlinkat(&(0x7f0000000400)='./file1/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00')
ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f00000003c0)={0xa, 0x0, 0x0, {0x80000004, 0x1, 0x2, 0x8800001}})
close(r0)

18.222141161s ago: executing program 0 (id=6428):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r1 = dup2(r0, 0xffffffffffffffff)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
ioctl$SIOCGETNODEID(r1, 0x89e1, &(0x7f0000000000)={0x3}) (async)
ioctl$SIOCGETNODEID(r1, 0x89e1, &(0x7f0000000000)={0x3})
syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201100352ebb933ae33d0cbdd930102030109021200016abff27a20f5f05d6319037f91bcf6c86916e641f7fb036b93"], &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0})

18.029950525s ago: executing program 34 (id=6388):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0x100000, @private1={0xfc, 0x1, '\x00', 0x1}, 0x3}], 0x1c)
getpeername(r3, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000100)={0xf0f027, 0x1})
unshare(0x2c020400)
ioctl$VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045613, &(0x7f0000000200)=0x1)
r5 = syz_io_uring_setup(0x10a, &(0x7f0000000380)={0x0, 0x5885, 0x100, 0x0, 0x25}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000240))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r5, 0x351e, 0x483, 0x0, 0x0, 0x0)

6.312025037s ago: executing program 6 (id=6457):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a58000000060a09040000000000000000020000000900020073797a32000000000900010073797a30000000002c000480280001800b0001006f626a7265660000180002800900040073797a3000000000080003400000001114000000110001009554475f800000000000000ae390356a2ea802fbbbcb6764af7f198738a4b5fe7a8295e3119f28f353e0dd21a7ddd523491e11a4c0126f9012c24d8c7b62524061b8ffe082fb2845e984dc393c31b7c181c2e65fefb079d136a81c5f62bdda7b7d61a839e26c8ea994ba2ae1f1b7f77e7d4ef97036cf24c47a8a821048311aa3403e5c2e3f4216a0a8a40a6ee5db25a951ea6cb30a85a8584cb2c8c2e2b7796c5d9ce87c0fd5a6bd4a76397eb0fd49fa20dc7f2e656bf0753225a79d7536ee6ab3309f10db08fd0000000000000000"], 0x80}}, 0x600c4) (async)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a58000000060a09040000000000000000020000000900020073797a32000000000900010073797a30000000002c000480280001800b0001006f626a7265660000180002800900040073797a3000000000080003400000001114000000110001009554475f800000000000000ae390356a2ea802fbbbcb6764af7f198738a4b5fe7a8295e3119f28f353e0dd21a7ddd523491e11a4c0126f9012c24d8c7b62524061b8ffe082fb2845e984dc393c31b7c181c2e65fefb079d136a81c5f62bdda7b7d61a839e26c8ea994ba2ae1f1b7f77e7d4ef97036cf24c47a8a821048311aa3403e5c2e3f4216a0a8a40a6ee5db25a951ea6cb30a85a8584cb2c8c2e2b7796c5d9ce87c0fd5a6bd4a76397eb0fd49fa20dc7f2e656bf0753225a79d7536ee6ab3309f10db08fd0000000000000000"], 0x80}}, 0x600c4)

6.207196573s ago: executing program 2 (id=6458):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x13)

6.206577266s ago: executing program 6 (id=6459):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCGSID(r2, 0x5429, 0x0)
r3 = socket$kcm(0x2, 0x1000000000000002, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000040)={0x54, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0)
sendmsg$IPSET_CMD_FLUSH(r4, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x48, 0x4, 0x6, 0x301, 0x0, 0x0, {0x2, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x24008044}, 0x0)
setsockopt$sock_attach_bpf(r3, 0x88, 0x67, &(0x7f00000002c0), 0x4)
mmap(&(0x7f0000100000/0x3000)=nil, 0x3000, 0x1000006, 0x28011, r1, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
syz_open_dev$usbfs(&(0x7f0000000200), 0x4, 0x0)
fadvise64(r0, 0x18, 0x0, 0x4)

6.010157348s ago: executing program 6 (id=6461):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getpid()
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x189802)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
kexec_load(0x0, 0x10, &(0x7f0000000340)=[{0x0, 0x0, 0x0, 0x3e0000000000}], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_io_uring_setup(0x498, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x0, 0x272}, &(0x7f0000000340)=<r6=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
bpf$ENABLE_STATS(0x20, &(0x7f0000000500), 0x4)
io_uring_enter(r5, 0x627, 0x4c1, 0x43, 0x0, 0x0)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, 0x0, 0x10)
r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, 0x0}], 0x1, 0x4e, 0x0, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f0000000240)="b9800000c00f3235004000000f300f01cf67f30fc734acc4a17c2e4d02c4e1fe2ccbb9e8000000b800000000ba000000000f300f786cc02165f3460f1ee2260f01cfc461957c3a", 0x47}], 0x1, 0x20, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x20, 0x2, 0x0, 0xfffff00c}]}, 0x10)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100))
ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000080)={0x2, &(0x7f00000000c0)=[{0x48, 0x8, 0xfe, 0x93}, {0x6, 0xa, 0xfe, 0x8001}]})
writev(r0, &(0x7f0000000200)=[{&(0x7f0000000140)="1a06", 0x2}], 0x1)

5.974639003s ago: executing program 2 (id=6462):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd, 0x0, 0x20000000, 0x801e, 0x0, 0x1, {0x1}})
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/partitions\x00', 0x0, 0x0)
r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
sendfile(r2, r1, 0x0, 0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000001080), 0x0, 0x0)
io_setup(0x200, &(0x7f00000010c0)=<r6=>0x0)
io_submit(r6, 0x0, &(0x7f0000000800))
write$UHID_INPUT(r5, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b5b09094bf70e0dd038e7ff7fc6e5539b324c078b089b3438076d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b32310d076d0936cd3b78130daa61d8e809ea889b5807ff7f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e01000000138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12d3099dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f6dc7bcbf2a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509301815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827466cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d951061ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033095563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db87195358bfee2916580dacae008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2df086dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36ffffffff00000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817b97c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d00000f4ff000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1061}}, 0x1006)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000fffff6ffffff0000002000850000002cf700009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)

4.875688424s ago: executing program 2 (id=6465):
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
poll(&(0x7f00000000c0)=[{r2, 0x2}], 0x1, 0x24d86c8c)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f00000004c0)={0x2, 0x0, @pic={0x6, 0x61, 0x7f, 0xf8, 0x7, 0x2, 0x2, 0x0, 0xf9, 0x9, 0x8, 0x5, 0x36, 0x2, 0x3, 0x6}})
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, 0x0)
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r3, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r3, 0x5008, 0x0)
ioctl$SNDCTL_DSP_SYNC(r3, 0x5001, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c40)={&(0x7f0000000700)=ANY=[@ANYBLOB="07eb01001800000000000000200000002000000002000000000000000100000f04000000000000000000000f00000000000000040d00000000002db623970cb50db95c16ce348ddc16faec155d"], 0x0, 0x3a}, 0x28)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080)=@mangle={'mangle\x00', 0x1f, 0x6, 0x3a0, 0x118, 0x0, 0x330, 0x298, 0x330, 0x3f0, 0x3f0, 0x3f0, 0x3f0, 0x3f0, 0x6, 0x0, {[{{@ip={@multicast1, @remote, 0x0, 0x0, 'ip6erspan0\x00', 'pimreg0\x00'}, 0x0, 0x70, 0xa8}, @common=@inet=@SET3={0x38}}, {{@ip={@multicast2, @dev, 0x0, 0x0, 'veth0_to_bond\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, 0x0, 0x0, 'vlan0\x00', 'veth1_to_bridge\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x400)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)

4.115020461s ago: executing program 6 (id=6466):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r1, 0x40045731, &(0x7f0000000100)=0x4)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CAP_X86_GUEST_MODE(r6, 0x4068aea3, &(0x7f0000000200))
ioctl$KVM_GET_DIRTY_LOG(r6, 0x4010ae42, &(0x7f0000000740)={0x3, 0x0, &(0x7f0000ffd000/0x1000)=nil})
io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, 0x0)
r8 = epoll_create1(0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
migrate_pages(0x0, 0x9, &(0x7f0000000040)=0x9, 0x0)
r9 = fcntl$dupfd(r8, 0x2, r8)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
mremap(&(0x7f00004d6000/0x4000)=nil, 0x4000, 0x4000, 0x2, &(0x7f00001e2000/0x4000)=nil)
connect$unix(r10, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r11, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r10, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r9, 0x0, 0xa}, 0x16)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f0000724000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000290000/0x4000)=nil)
syz_emit_ethernet(0x95, 0x0, &(0x7f0000000100)={0x80000001, 0x8000001, [0x997, 0x8bf, 0xe4b, 0xc70]})
munlockall()
r12 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r12, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)

3.839555367s ago: executing program 5 (id=6467):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x4, &(0x7f0000001880)=ANY=[@ANYRES32, @ANYRESDEC=0x0, @ANYBLOB="2a2f2c8cf5606d5ee8f72264f7b2624bfea5d5fbac73fbc1ba778e6b497118622603d4968bf77e54b6ca67cc148a7f495042c5e2a113c1f2556a058457e1915045caeb3d7531432ffeb87f28182261891855735619a41843a8ca24e362709d0fd974ca6457ea345be30670b3ff33110878c4451a84570c79eba18c21c77eda28895816ebef6fc60d11479d56ba327a623ff957be4aa21fff2a7a6f3b32046cb08a01f8c8343563f808a17ef8773274deed451885d1285bf6d14f50a57488bccf426d14c291a24d07945250223be9f9deec31302a821671077a4ddf328e63b442becb6282bef1978f77d80d156161238997f7ef3a11", @ANYBLOB="9c299aa3b350a74ee953d37e8100a68d386eb8e7fd6fb219f620c5edeff5408cb83451410b4989624de5d794d7c6027b4ab1b835c8898c7a3bf426a599b0c110017a3892c39644a51b614cf7490232a29f02956943332ce5fb320e7257202aa875ee2e9f1680f43ce76ca5d40445662701ce794bfac7ebee4cc7a3a5bb71282b1613e7f64b09edfc03010a8e191be40f59ff982707b8b9d2822f3b22bdecbf76d70f26fb94d2303a8763f2cff8d8d681e5c2c4d43584c6b9d024e11ce3bf55f14dfe6ee67406a10d954d86c5034a844f56dfd10ff5984fa38cc227e36495b1105b0678e02dec5b43386d4e9d6d034069f3566180473825209d6cb64fd58340357745be9a61e5b15e958ee040edf447c2aac014b11d67c324840c0177891742dfe2b4a9e52984c1b96c845280308fda1041a508b6d1eb6272addbcafa5f1cb14972e8ba5e406ec8e51d2028ea993fc5a01ae1e9d4b2e3b81a25790423d0a29dacf70640635a1b28571528bf04d2c47e12a09753265278ccf3e1bd685247ff06219f903ac3bd132912f2205e2e9d39c5dff57ee0fc81ca533e3fc8e3aba2da0e3a7a5f83f0099808ff9d6d6cb154011bbe2e57383f1ef65b498ffbba0c73111c7e4c09a52645d294a02d9a893807181b38f7beb16d1a860f19d2db670b1c10c470f0e201998ecfc0d8fba2ae17532ba2c257f85d3213a84e9a3c902c98408d026be363919484b4e9b0229535ea84397b48d7f63e35cdd6c39ea4ad14b16948eb1912fa66893ada36069298ce921ad61fd73133d7e5ce2263adea9caed597a197555d21d89619852e213e0f5e88ebf7ac28217ffe1bbf64f760dd0c5a3932984d61cab5859d255a32a26df9f78624762fd51ab0ee3ed20c351f77da15aefa13513647f2d95f6fdbdb19d8b9523f184a7b50d257c5024d498e640718c6f8df5e49c6592e10a392c66f6e9f8cc02dadd57dad3c0fc9c723357e0431ace0c4d17eaa91ac5df64fc0123343b534cfbe51da391e4dc555a0ee30c1e068d03f45a92f44314cdfb4fc770883121bdc69812700201e6f8909085247a1420836c56b0313a17ad27ef4f10544e2d6fd2f5f2471160ee82da737c7184b6db9d403b219a9da2ac94645ddb33b6ee359ec2a7218fced9841f8e4095b21897dc2c9ba7c3328cbe77bdda91305d129669c1a393a1cd8d80a8aabbea220cf3fa6cb8ef45f330b2c2d246ee01a600170c38defbd4d472e795af721de66a304e97fb6ae6f70809d6655118ac39517c294c6a1a3ca5b453ed42393dc4fa8aa4bd24e88f5a2b3b15bc994ee398cb50671152fab852f025f37a5ff64a84303c3864ae095e7a4af90cf4b8174b37d7224e24c8c942cf0b0b28850914a29008349c88c0615001d8617be58fbd8ae878912b41743b301c7ffdd7f6f0e3ab02ddb36c7ca46c2daff870c5c353b9a7ef37912a15a463fb075e7196c1fd1d0d10bbe13e8608d72d1b73cd3368d955af2d3ce7c9aadec9b535e3cb931c4132287f8b3f83a4b88b53453368f28c15d8824fa7d972ae262786577d1d05ecb8d3e743bdc27ad20c4a22c46d17ba9db43eeee3d5227d4b8f0c860c3dee36d8774041aac15e736c40f673b036fb6901a936df18868a17d3bef124f7d028a57bd3e874462a9633a2642b13e52a0f2e7d52981b4b4e5c23079f38c98532b9fa908f2b66d38a8756b69750db7df6935f78506c91a2ee0291eb9ed4e8ede2ad307fe219b24a1bb4531186b046e419faac5d986d83d035ff324a3a6dece525c9f623aa8ce2f748ad65c427c4accc7bfdf3bc9366868c1d06dfc3739e64e9a2c35e1d9e377aa48ba9d48205e78eb9039b89816b07e2dc85a7e261ba443a7a1768ead6fabe3204874bcad5b8d546c93a3e6e976f65f013cf42b00bd5da3919ed55d9049e0cd122d02cfdfcc256aaf2ae2d4e3ff455fbd682ce16b8ff6c1d28b6b4291b8c4719625046b734172c5cc12dd88be9850bb4af8605156191dfb92ad1b6ca4285b8b51fbe38a2bfbfeb8cccbb02b563e381b3158677a8da0c25dea796f79caf160d54057d4b502d6448180f78737cbd62c60968898a9e62ef664cb042798ae527c28a781d1e4129d6f9bbeff5fc83a5d10ac5fb9b97ed9f7b90fcfc987dd7fe96c6327e5aeaac5722c9b818204b869f628e25be57bfbeb8ced017ace26f7843a2ddfab6c8457b8ddcc208afe2bfc81634e97f41d6c9de9d5b48b699c43c2092a61d97eb111230b2c30a4602eb934e6a9475a6baa5a28d4f10f8e1b6b702256f8b0a68ddc72bcf5467f37a319aa3193cbe35fc08c40a42a260bd5e097444ff3b4d0176a7c7c1542f802c7790e5fa1cf2713b74465a29e185fddc52308cc0f4cd1bad8b3fdf09a9cdfcf524fc93d442d02b18085ce930e6c8d7463309d9b0ef6e37dac570e7f149a5143eea3bbf419550de04e12927ea96ef29ea5455fdbf4be40da470dab70cf6ef69631683abbb7b241bf6eb010224f2002afbe18c089b68578e4550e081df3a41ca8f86270bb6eb2a86a21180da8de23b8ffc5efad22adc15cac961a035be6646199a5e1e3031e7c8b03480d8b95a311a52b5affb5d132faa2fe7339b0629eb555da23cc0847099c90039edcdea436c7b20afff7bdcd1b6f8f7777cff580b66b513bdb55db4baceb8c6018675e4a6ef32f2cced2cf4f8b0b76428ea77a2989c4899ef766194fdd66a432fddfc5faa230e63ba968ef9c0c117b0b34ffb8224ffaa6b44959c6eeb5854230bc14a828f057fa8360f02526cd8d0ecfc4ae889e72da91f8238e12727e0e3b433a1584f0eaa49013157a0ffe86d1197e767316fef2ebe0b76ab822e79a8c0ffb253f6dfdc7e88cf228df83a75fe00ecd1069949a4d4a1ebb7b8ac9ebe0f4bd9416ad7583ab9366799271d1e98660127eaa79ecc3aab5683a80bd76e4ed83edbc421eb2ad41145bc565aa087bb271f9b4abc9df70a7418041e95a5e7d0b8f0b4f5e2df22e3c956f65aaec53e5c6f309f32b848a8969a9f34e8c82fc7637129771d35c4af06b435953b5aa7cd2d0e6196c0b85ecb6034bc04fb7cdfdcbd0ee5a0d37ab1418135f79140893aadc5807c87eb1aff1e806ce618b9cd7212483b658d676de59e1f7400935cfb5cae945ad35e8be9986641e37d732267a9a56b998716d8f50ee2cc998e567d8bad2626633de52adb7919932e3a6588c23d9b1ceaee5d0c3db16b51751c8a6da738432336b47e8ae232f079aa6b8de41f11dc8d461918e53dffda206dbbf81eb1926d7e1c3716aeb242d8a1efdd7551d4e66ea3e944060903df896319d530d80df996ba32e5e34caee8f821b37ab8d2ea065c02df4306764bbeb2e90aaf03f5aaae415028374605d674be5d3593e67c71aa8c2986f5e2b0b382d69ad22a8b93d39a4a93893bf2d8cd6b83055cddcfe3499ae9b4f5bea617a971a8fc7a8771b4f6c9e30c673edcd46e70eb2cd69399ce110dbb378e80a675b8f5327b0b8d961825aa43d93122ed0a56b5e104c487ce58bab0076d4d10d4e501ce4f5584d64a604f5ca26622fdbff150a7a78f15337ddcdf20ab0c80a65dc3273b133ca191f4fc07bc0e5c249b919cf7cfe65afbd051100a16239b7769c03fc564c205e942918cf6618ea55e230553cdc7e6f7c98d3e20ffe8ba5e61d06ac7f6f14172eaf10eccf2c4cecbc5812b7d4a73cea811155bec5a3c733f8b329847337ec566aa72ad46db247c5a03cc241d1f9553979ae656cc92396c409c0178a0ed3ebf67939d2d1d998032f22aaed09a4f8fbd81e155d2876b41d922d2550024c3f83f945b09242a93d14610c480f962a5907c2d047e96075ade9aabfd2c24cfb39164b483dcee38935f6a1a681dc35ebe519bdd0a40665e37fd1dc4f2a84012def5bca53a59c3290077dd05ded3e19d33cd2e741189d1c7302c19a15bd3d13aa29228ed76a68407078ce63b79088178b235cb7012ba4bc26e2a0439c1b1f2ff8295df5a6b9f2d5c6ca8aa7e6ec5f5a9d83bb6b5736c74f9369bdd183c650c0a62b08470862ffac9de260f1d8c470b463110847fbd5079c10a8de1a9aa128d693ea5c543b49b82f324ad5fb9e3f9bd7a7a33e86fc23856bc68a7a1b2632ca1520ce9b5c1438305185effb77877b2b02ae3b5d09f3518fef1f3f8342c3630b7e469c8e2d757223dd080f20c1c08c5a1af0dbc19f31f13dc1e20ffe42563caf74521687986cc186430b59c2ec2e333220b4461ee9a487a595fd32f78e1104ace86e194fc6df795d439e882809700e5810d8e520b19730a4d1cb3fa2cd2c484fb8b0edcc998fb933ec881132880e038b84fab9dcf0f7110749504b2b474cc2f7e3a7de4a0c70da8c2716cb1f3356caebc49a5739aa3d239f7d80c7415f79f43baf76817913b8bcdccc445d9020015ec565cb20a4fa9a403fcd9ea89229fc3ea0a2281544d2601a25c818d18ea06454bbf85291500c11415bb8d194838c713a43972ef3c39d1b253b54d2de74cffe578707f19f3e18f5e81b404f1194e1958e28aa72c3538cb9033d5e1c6b2c3f9ad61bdf258386103fca31e980cf421874e910ce51dd322c465bc5aa7329d49f7f187e816da84f0046d22e5067a11dccad46be41f3a03c982376587e2e01611a39fe0d51e06af16ddc3ca1d3f8bc1a562fc010a44f5cdf66612a724d0ee0a0ae153bde7911b7b09de1791aa99a72bcf25ad05086bd1104252dc5f5907e47edd2c929f8e3c9c09b1bb0764070a6e8a86f5edacb18b4f6228d50d9563085fe989e4cb70d0eeb4968bb2b56d84fce06f8a6de3f71708fedae7b650280b0456d0c4ab985552cc584cd46fe04d64baab9142abc8383b421b086f7c6041622835c3c6a79d094e01be95e1bd3e275cfbe90b0f7964f182d32fae6477bf494b922af026da605438bbc7a0a4e62c0a04e07fa86c7e1c3acaeca82d7c259f7fa633356cbe15710c1b77190642e4fccc78b35ed44fbd14a2e9f4f090463387623b43f6219a548d8496c7c51a930e9b26677beb143247d447d54ed6f9767e0ff1aaae3187edbe289db018010fb10579feb545c0d23f6ebc5b03090994f1c5e67bd25025d5fea268df005cddcfaa9acd35af2c276d5fed7751167fc19867b940ebadef8cff1187db6eba3fdd5a7b9bef4aa226f28cbc4e79c6fbdfcb8e2f7745f426161018f06aa69c36c296cdea58d6c4cd1fc71b4590db169fc0b10913d218a2ced17caec6bf5a7481e0b5b5ac41b668297e9c4bbb55fb47f0b6194fd17d7afaeb92c4fb0b2565cb5e34ed6f58187bbc23362b5d9ffab47a86ba1004d6a698789b91f969bea1b9dbbff401a8fe903b5b0ccf8b7e23c1b9ba7f0ab352e7f548b219a69a9bd43535851203e8e21f94c54b772c5d443ae347083bb30cfdd6334271182e3eaf1defb9924a2d8737fd73111e99a7a2531f2c5f3582ddeb23c426c1c4a5f7d30aca30f69461dd8df9a96ef8cb724c620290c31e4cee4a509751e20045189f424900efde5c6f2d1ee8763b836e2b29b132621d98e5b3affdc3b09e43042b90310d7e000c5168175ac55c3708e09ddd31df4ead7fbf0817e2e920c6a82fccb18ea437d83059532bda72c41b361fbd2d5bf394a45c1c0fd152de9ab9e719608958263086c6cc36b54ca4f296db0fe7dc025f68ef2c8cc45d1fc525a84086b08a06e00928401736def6e474b6f3fd2347233c1576e9f51ddafc61255ee1ad7332834225b0db07bc3da09510162c95ae02a1aa154936b86831b25d59ceee00dd922c841e9b477fc3f363a1e3f24d475187d69b2d3a1a747ee25"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0x3}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
madvise(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0)
r3 = gettid()
process_vm_writev(r3, &(0x7f0000000000)=[{&(0x7f0000000400)=""/250, 0xfffffffffffffeaa}], 0x1, &(0x7f0000121000)=[{&(0x7f0000000300)=""/242, 0xffffff4e}], 0x23a, 0x0)
r4 = fsopen(&(0x7f0000000280)='openpromfs\x00', 0x0)
getdents(0xffffffffffffffff, &(0x7f0000000500)=""/221, 0xdd)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x6, 0x0, 0x0, 0x0)
fsmount(r4, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0x3, &(0x7f0000000040)=ANY=[@ANYRESHEX=r2], &(0x7f0000000200)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @tracing=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='xprt_ping\x00', r5}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r7 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x10, r6, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x400000000000041, 0x0)
setpgid(r7, r3)
sched_setaffinity(r7, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)

3.374166734s ago: executing program 2 (id=6468):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xf)
r1 = getpid()
arch_prctl$ARCH_SHSTK_LOCK(0x5003, 0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
ioctl$IOCTL_STOP_ACCEL_DEV(0xffffffffffffffff, 0x541b, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000280), 0x42000, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000240), 0x24501, 0x0)
setreuid(0x0, 0x0)
pselect6(0x0, 0x0, 0x0, &(0x7f0000000080)={0x7fffffff, 0x9, 0x7, 0xa1, 0x3, 0xff, 0x1, 0xffff}, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$TCFLSH(r0, 0x400455c8, 0x4)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x33) (fail_nth: 3)

2.931650464s ago: executing program 35 (id=6428):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r1 = dup2(r0, 0xffffffffffffffff)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
ioctl$SIOCGETNODEID(r1, 0x89e1, &(0x7f0000000000)={0x3}) (async)
ioctl$SIOCGETNODEID(r1, 0x89e1, &(0x7f0000000000)={0x3})
syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201100352ebb933ae33d0cbdd930102030109021200016abff27a20f5f05d6319037f91bcf6c86916e641f7fb036b93"], &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0})

2.912953991s ago: executing program 5 (id=6470):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
mount$cgroup(0x0, 0x0, 0x0, 0x2008000, &(0x7f0000000680)={[{@favordynmods}]})
syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
shutdown(0xffffffffffffffff, 0x0)
setsockopt$inet_int(r1, 0x0, 0x8, 0x0, 0x0)
r2 = dup(r0)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
pselect6(0x40, &(0x7f0000000600)={0x11, 0xff7ffffffffffffc, 0x2, 0xffffffffffffffff, 0xfffffffffffffffe, 0x9, 0x2, 0x8}, 0x0, &(0x7f0000000400)={0x7fc, 0x2, 0x800000, 0x0, 0x0, 0xc3ad}, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000600)={0x6, 0x0, 0x0, 0x40, 0x2, 0x5e51, 0x0, 0x7}, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x9, 0x7, 0x4, 0x0, 0x5, 0x5}, 0x0, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r3, {0x2, 0x0, @broadcast}, 0x2}}, 0x2e)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x34, 0x0, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x30)
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r6, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4008090}, 0x30)

1.830978724s ago: executing program 5 (id=6471):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000880)=@setlink={0x28, 0x13, 0xbaa23f3d13f2d1f5, 0x3, 0x0, {0x0, 0x0, 0x0, r2, 0x0, 0x6000000}, [@IFLA_TXQLEN={0x8, 0xd, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x0)

1.599652848s ago: executing program 6 (id=6472):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
syz_emit_ethernet(0x66, &(0x7f0000000280)=ANY=[@ANYBLOB="bbd28ddcfbbbaaaaaaaaaa0086dd60003a0400047300f58000000000000000000000000000bbff020000000000000000000000000001"], 0x0)
dup3(r1, r0, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsopen(&(0x7f00000002c0)='hostfs\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000280)='./bus\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x16, 0x18, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000730000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0xc3100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)=@generic={&(0x7f0000000180)='./file1/file0/file0\x00', 0x0, 0x18}, 0x18)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})

1.286170924s ago: executing program 5 (id=6473):
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x6}, 0x4)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000001380)={&(0x7f0000000100)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16, @ANYBLOB="ebc529bd7000ffdbdf251200000008000300", @ANYRES32=r1, @ANYBLOB="0a000600080211000001000005007400040000004500be"], 0x78}, 0x1, 0x0, 0x0, 0x20000000}, 0x10008000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}], {0x14}}, 0x68}}, 0x0)
close(r0)

911.318346ms ago: executing program 5 (id=6474):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x82084, 0x0)
ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000100)={0xfffffffc, 0x3, 0x2, 0x9, 0x9, "ea7174ddcf0fc7010002f7ffd2a2d97500", 0x2, 0x1})
r1 = add_key$user(&(0x7f0000000040), &(0x7f0000000180)={'syz', 0x1}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffb)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r2)
sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x14, r3, 0x1, 0x70bd27, 0x25dfdbfb}, 0x14}}, 0x0)
pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r4, 0x5760, 0x14)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, r4, 0x100000000000f7)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r5}, 0x10)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000025000a20000000000a01030000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000003740000001e0a01020000000000000000010000000900020073797a32000000003400038030000080090006400000000024000b80200001800700010063740000140002"], 0xe4}}, 0x0)
r8 = openat$cgroup_ro(r6, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r8, &(0x7f0000000200)=0x1, 0x12)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0/file0\x00', 0x0)
bpf$MAP_LOOKUP_ELEM(0x2, 0x0, 0x0)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r10 = openat$cgroup_ro(r9, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r10, &(0x7f0000000100)=0x1, 0x12)
ioctl$KDDELIO(r4, 0x4b35, 0x7fffffff)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')

910.892794ms ago: executing program 2 (id=6475):
socket$netlink(0x10, 0x3, 0x4)
bind$nfc_llcp(0xffffffffffffffff, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x0, 0x49, "c46e9fd1a84b7fa0bf2cca6beb9363a680b652a86bcf56a1b9ca5386103a5ccbe47b7b9aa6d8d701a3ba00000000b97800001022f987617c318500", 0x3a}, 0x60)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r1, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8)
listen(r1, 0x3)
accept4(r1, 0x0, 0x0, 0x0)

775.343569ms ago: executing program 5 (id=6476):
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000300)='illinois', 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
getgid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x1, 0x0, 0x0)
ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000000080)=0x3)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}, {0x0}], 0x2}, 0x0)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000080))
sendmmsg$inet(r0, &(0x7f0000002c00)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000006c0)='\r', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f00000007c0)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc9e48fa101b89215bd330c4e706c1f09d781a5a50aef5e424a7a88b3241a338ca7411cda28aa167b5628b79e8a7d588efb69636181b9c54f6d296386c95f8a08e27d5792dcb20fa3b5b4f60c71f310b31bb1ab4a825c2dc10fac150a17d92bb51849d9eea53c78d427d8d1036dc906084046fcae09499c220ef50c2c7c475f392bc288eb5efb8032d1ade92e88e50a05a95dd5c6cbbdfb086fa53bca14d40c8c3f7149b39b16b7c7370978389366174db5fbc99dbe958f8c1690cd695dfbe6c384162a412c8d3cfd7cf223f9df4c67b92514111891f53d4e19826797302e1a87e7a627c52740bb3bd311771a68d349c0a68ef6f2a765f8220323add67b2b6695ca41adcda387a4264bcd94c8578a9ccca3b55ebcda45369b56068cfeec34abc2cbd94b9b12d057fa9d4328d57073f40e5ae64443e4a10ed400575bbd1168a170a0134b9ad28735dbd9603a9e417cce864f2141a92f57e1fdfcff4776f94a794d6db8d3e9e0ecc783956c7ab15a8d5639d3df1ac9da6057af913a563bd55b657f37cbf4cae2919aea6ff8a7490b4c036361b8866cc062bbad019f43d02b0c38bd6309f2baa53924466203ab8d00daaac4c9da846e645d64c10e47c32e9824e79ade4eeee7cbf71b1bb48f760800b04334745ab553dea12a85f0671eb07a4cc67ceaffa8269e0b052f25136cfb8a6b9327a2d165c42933642d3171ad00ebf0be485f5ed319021600a94072f251c8905a2451eba3ba7db2ec5fb8613463a796610629719", 0x2e4}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000380)="bc28", 0x2}], 0x1}}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000e80)="f41c3ebd6e173029c60b494f56898b99ba2f8042ae6606dc07e12554863c58d6c95abb459e856e37d878398a3b3c9de1326c0975c71c07440dcff9bfb93956830841aa430db7e8bc0a25464d8803f5fc101143f806a9d0ecdc03d0f64474f1a39a69943415438953aa2566d5a5a2", 0x6e}], 0x1}}], 0x4, 0x0)

622.546772ms ago: executing program 6 (id=6477):
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
syz_usb_connect(0x3, 0x51, &(0x7f0000000040)=ANY=[@ANYBLOB="12010102dd8a7a20670812980f240102030109023f0001f40820100904"], &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0})
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x202242, 0x70)
pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, 0x0, 0x15)
mount$9p_fd(0x0, 0x0, 0x0, 0xc0080, &(0x7f0000000b40)=ANY=[])
add_key$keyring(&(0x7f0000000a40), &(0x7f0000000a80)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$nl_generic(r0, &(0x7f0000000680)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000480)={0x0, 0x138}, 0x1, 0x0, 0x0, 0x4000}, 0x4000010)
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000003c0)={0x2, 0x4e21, @remote}, 0x10)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="46a43d", @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYRES32=0x0])
read$FUSE(r0, &(0x7f0000002100)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000000340)={0x50, 0x0, r4, {0x7, 0x1f, 0x0, 0x34808521, 0x401, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xa4001f7e}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65be667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x7, {0x0, 0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0)
io_setup(0x202, &(0x7f0000000200)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r5, &(0x7f00000000c0)='!', 0x1, 0x3000000000000000, 0x0, 0x2}])
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0x4240a2a0)
ioctl$SIOCX25SCUDMATCHLEN(0xffffffffffffffff, 0x89e7, &(0x7f00000001c0)={0x6c})
dup3(r5, r3, 0x0)
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000280), 0x109101, 0x0)
ioctl$TUNSETOFFLOAD(r7, 0xc004743e, 0x110c230000)

0s ago: executing program 2 (id=6478):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
move_pages(r1, 0x0, 0x0, 0x0, 0x0, 0x4)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
shmctl$IPC_STAT(0x0, 0x2, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000080), 0x1, 0x88200)
r4 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r4, 0x0, 0x0)
r5 = fsopen(&(0x7f0000000100)='zonefs\x00', 0x1)
r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r6, 0xc02064b9, &(0x7f0000000500)={0x0, &(0x7f0000000280)})
ioctl$DRM_IOCTL_MODE_ATOMIC(r6, 0xc03864bc, &(0x7f0000000040)={0x200, 0x0, 0x0, &(0x7f00000003c0)=[0x7], &(0x7f00000000c0)=[0x0], &(0x7f0000000180)=[0x31], 0x0, 0xff})
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, 0x0, &(0x7f0000000180)='%(,c\xbe\xfbL:', 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getpgid(0x0)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$TIPC_CMD_DISABLE_BEARER(r0, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000fc0)={0x2c, r7, 0x1, 0x70bd2b, 0x25dfdbff, {{}, {}, {0x9, 0x13, @udp='udp:syz2\x00'}}}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000004)

kernel console output (not intermixed with test programs):

_from_buffer+0xcb/0x170
[ 1694.523671][T26555]  proc_fail_nth_read+0x197/0x240
[ 1694.523685][T26555]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1694.523699][T26555]  ? rw_verify_area+0xcf/0x6c0
[ 1694.523717][T26555]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1694.523730][T26555]  vfs_read+0x1e1/0xcf0
[ 1694.523743][T26555]  ? __pfx___mutex_lock+0x10/0x10
[ 1694.523759][T26555]  ? __pfx_vfs_read+0x10/0x10
[ 1694.523774][T26555]  ? __fget_files+0x20e/0x3c0
[ 1694.523791][T26555]  ksys_read+0x12a/0x250
[ 1694.523802][T26555]  ? __pfx_ksys_read+0x10/0x10
[ 1694.523817][T26555]  do_syscall_64+0xcd/0x4e0
[ 1694.523834][T26555]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1694.523846][T26555] RIP: 0033:0x7f0e2e78d8dc
[ 1694.523856][T26555] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1694.523867][T26555] RSP: 002b:00007f0e2f683030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1694.523878][T26555] RAX: ffffffffffffffda RBX: 00007f0e2e9e5fa0 RCX: 00007f0e2e78d8dc
[ 1694.523886][T26555] RDX: 000000000000000f RSI: 00007f0e2f6830a0 RDI: 0000000000000006
[ 1694.523892][T26555] RBP: 00007f0e2f683090 R08: 0000000000000000 R09: 0000000000000000
[ 1694.523899][T26555] R10: 0000200000000380 R11: 0000000000000246 R12: 0000000000000001
[ 1694.523906][T26555] R13: 00007f0e2e9e6038 R14: 00007f0e2e9e5fa0 R15: 00007ffc8f0c8778
[ 1694.523920][T26555]  </TASK>
[ 1694.890207][T26558] IPVS: using max 74 ests per chain, 177600 per kthread
[ 1694.968613][T20660] usb 6-1: USB disconnect, device number 104
[ 1696.043507][T26578] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6045'.
[ 1697.414869][T26589] FAULT_INJECTION: forcing a failure.
[ 1697.414869][T26589] name failslab, interval 1, probability 0, space 0, times 0
[ 1697.430319][T26589] CPU: 1 UID: 0 PID: 26589 Comm: syz.3.6050 Not tainted syzkaller #0 PREEMPT(full) 
[ 1697.430337][T26589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1697.430343][T26589] Call Trace:
[ 1697.430348][T26589]  <TASK>
[ 1697.430353][T26589]  dump_stack_lvl+0x16c/0x1f0
[ 1697.430372][T26589]  should_fail_ex+0x512/0x640
[ 1697.430387][T26589]  ? __kvmalloc_node_noprof+0x124/0x620
[ 1697.430400][T26589]  should_failslab+0xc2/0x120
[ 1697.430413][T26589]  __kvmalloc_node_noprof+0x137/0x620
[ 1697.430423][T26589]  ? __lock_acquire+0x107f/0x1ce0
[ 1697.430442][T26589]  ? netfs_extract_user_iter+0x164/0x620
[ 1697.430462][T26589]  ? netfs_extract_user_iter+0x164/0x620
[ 1697.430476][T26589]  netfs_extract_user_iter+0x164/0x620
[ 1697.430491][T26589]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1697.430503][T26589]  ? find_held_lock+0x2b/0x80
[ 1697.430518][T26589]  ? netfs_alloc_request+0x8f0/0xce0
[ 1697.430533][T26589]  ? __pfx_netfs_extract_user_iter+0x10/0x10
[ 1697.430549][T26589]  ? netfs_alloc_request+0x8f5/0xce0
[ 1697.430567][T26589]  netfs_unbuffered_read_iter_locked+0xe16/0x15c0
[ 1697.430585][T26589]  ? netfs_start_io_direct+0x8b/0x260
[ 1697.430601][T26589]  netfs_unbuffered_read_iter+0xc5/0x100
[ 1697.430616][T26589]  v9fs_file_read_iter+0xbf/0x100
[ 1697.430632][T26589]  vfs_read+0x8bc/0xcf0
[ 1697.430645][T26589]  ? __pfx___mutex_lock+0x10/0x10
[ 1697.430661][T26589]  ? __pfx_vfs_read+0x10/0x10
[ 1697.430681][T26589]  ksys_read+0x12a/0x250
[ 1697.430692][T26589]  ? __pfx_ksys_read+0x10/0x10
[ 1697.430707][T26589]  do_syscall_64+0xcd/0x4e0
[ 1697.430723][T26589]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1697.430734][T26589] RIP: 0033:0x7f2cb0d8eec9
[ 1697.430744][T26589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1697.430755][T26589] RSP: 002b:00007f2cb1cbc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1697.430766][T26589] RAX: ffffffffffffffda RBX: 00007f2cb0fe5fa0 RCX: 00007f2cb0d8eec9
[ 1697.430773][T26589] RDX: 0000000000002020 RSI: 0000200000004200 RDI: 0000000000000006
[ 1697.430780][T26589] RBP: 00007f2cb1cbc090 R08: 0000000000000000 R09: 0000000000000000
[ 1697.430786][T26589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1697.430793][T26589] R13: 00007f2cb0fe6038 R14: 00007f2cb0fe5fa0 R15: 00007ffd5a3e7898
[ 1697.430807][T26589]  </TASK>
[ 1697.842422][T26596] FAULT_INJECTION: forcing a failure.
[ 1697.842422][T26596] name failslab, interval 1, probability 0, space 0, times 0
[ 1697.855338][T26596] CPU: 0 UID: 0 PID: 26596 Comm: syz.0.6053 Not tainted syzkaller #0 PREEMPT(full) 
[ 1697.855363][T26596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1697.855374][T26596] Call Trace:
[ 1697.855380][T26596]  <TASK>
[ 1697.855387][T26596]  dump_stack_lvl+0x16c/0x1f0
[ 1697.855415][T26596]  should_fail_ex+0x512/0x640
[ 1697.855436][T26596]  ? fs_reclaim_acquire+0xae/0x150
[ 1697.855467][T26596]  ? tomoyo_encode2+0x100/0x3e0
[ 1697.855491][T26596]  should_failslab+0xc2/0x120
[ 1697.855511][T26596]  __kmalloc_noprof+0xd2/0x510
[ 1697.855528][T26596]  ? d_absolute_path+0x136/0x1a0
[ 1697.855558][T26596]  tomoyo_encode2+0x100/0x3e0
[ 1697.855587][T26596]  tomoyo_encode+0x29/0x50
[ 1697.855612][T26596]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1697.855646][T26596]  tomoyo_path_number_perm+0x245/0x580
[ 1697.855667][T26596]  ? tomoyo_path_number_perm+0x237/0x580
[ 1697.855692][T26596]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1697.855716][T26596]  ? find_held_lock+0x2b/0x80
[ 1697.855761][T26596]  ? find_held_lock+0x2b/0x80
[ 1697.855781][T26596]  ? hook_file_ioctl_common+0x145/0x410
[ 1697.855806][T26596]  ? __fget_files+0x20e/0x3c0
[ 1697.855830][T26596]  security_file_ioctl+0x9b/0x240
[ 1697.855859][T26596]  __x64_sys_ioctl+0xb7/0x210
[ 1697.855887][T26596]  do_syscall_64+0xcd/0x4e0
[ 1697.855912][T26596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1697.855929][T26596] RIP: 0033:0x7f832d78eec9
[ 1697.855945][T26596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1697.855961][T26596] RSP: 002b:00007f832e6cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1697.855978][T26596] RAX: ffffffffffffffda RBX: 00007f832d9e5fa0 RCX: 00007f832d78eec9
[ 1697.855988][T26596] RDX: 9999999999999999 RSI: 0000000040046104 RDI: 0000000000000004
[ 1697.855998][T26596] RBP: 00007f832e6cd090 R08: 0000000000000000 R09: 0000000000000000
[ 1697.856009][T26596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1697.856019][T26596] R13: 00007f832d9e6038 R14: 00007f832d9e5fa0 R15: 00007ffc60612af8
[ 1697.856044][T26596]  </TASK>
[ 1697.856059][T26596] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1698.472063][T26607] FAULT_INJECTION: forcing a failure.
[ 1698.472063][T26607] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1698.521482][T26607] CPU: 0 UID: 0 PID: 26607 Comm: syz.0.6055 Not tainted syzkaller #0 PREEMPT(full) 
[ 1698.521504][T26607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1698.521512][T26607] Call Trace:
[ 1698.521516][T26607]  <TASK>
[ 1698.521521][T26607]  dump_stack_lvl+0x16c/0x1f0
[ 1698.521539][T26607]  should_fail_ex+0x512/0x640
[ 1698.521556][T26607]  _copy_from_user+0x2e/0xd0
[ 1698.521573][T26607]  move_addr_to_kernel+0x65/0x170
[ 1698.521593][T26607]  __copy_msghdr+0x386/0x470
[ 1698.521607][T26607]  copy_msghdr_from_user+0xc1/0x160
[ 1698.521621][T26607]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1698.521641][T26607]  ___sys_sendmsg+0xfe/0x1d0
[ 1698.521656][T26607]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1698.521686][T26607]  __sys_sendmsg+0x16d/0x220
[ 1698.521700][T26607]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1698.521727][T26607]  do_syscall_64+0xcd/0x4e0
[ 1698.521752][T26607]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1698.521769][T26607] RIP: 0033:0x7f832d78eec9
[ 1698.521784][T26607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1698.521802][T26607] RSP: 002b:00007f832e6cd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1698.521820][T26607] RAX: ffffffffffffffda RBX: 00007f832d9e5fa0 RCX: 00007f832d78eec9
[ 1698.521832][T26607] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003
[ 1698.521844][T26607] RBP: 00007f832e6cd090 R08: 0000000000000000 R09: 0000000000000000
[ 1698.521855][T26607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1698.521866][T26607] R13: 00007f832d9e6038 R14: 00007f832d9e5fa0 R15: 00007ffc60612af8
[ 1698.521890][T26607]  </TASK>
[ 1700.962375][T26644] FAULT_INJECTION: forcing a failure.
[ 1700.962375][T26644] name failslab, interval 1, probability 0, space 0, times 0
[ 1701.030171][T26644] CPU: 1 UID: 0 PID: 26644 Comm: syz.4.6065 Not tainted syzkaller #0 PREEMPT(full) 
[ 1701.030203][T26644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1701.030210][T26644] Call Trace:
[ 1701.030214][T26644]  <TASK>
[ 1701.030219][T26644]  dump_stack_lvl+0x16c/0x1f0
[ 1701.030239][T26644]  should_fail_ex+0x512/0x640
[ 1701.030254][T26644]  ? fs_reclaim_acquire+0xae/0x150
[ 1701.030270][T26644]  ? tomoyo_encode2+0x100/0x3e0
[ 1701.030287][T26644]  should_failslab+0xc2/0x120
[ 1701.030301][T26644]  __kmalloc_noprof+0xd2/0x510
[ 1701.030316][T26644]  tomoyo_encode2+0x100/0x3e0
[ 1701.030334][T26644]  tomoyo_encode+0x29/0x50
[ 1701.030353][T26644]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1701.030372][T26644]  ? tomoyo_profile+0x47/0x60
[ 1701.030384][T26644]  tomoyo_path_number_perm+0x245/0x580
[ 1701.030398][T26644]  ? tomoyo_path_number_perm+0x237/0x580
[ 1701.030414][T26644]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1701.030429][T26644]  ? find_held_lock+0x2b/0x80
[ 1701.030458][T26644]  ? find_held_lock+0x2b/0x80
[ 1701.030471][T26644]  ? hook_file_ioctl_common+0x145/0x410
[ 1701.030486][T26644]  ? __fget_files+0x20e/0x3c0
[ 1701.030502][T26644]  security_file_ioctl+0x9b/0x240
[ 1701.030519][T26644]  __x64_sys_ioctl+0xb7/0x210
[ 1701.030538][T26644]  do_syscall_64+0xcd/0x4e0
[ 1701.030554][T26644]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1701.030565][T26644] RIP: 0033:0x7f0e2e78eec9
[ 1701.030574][T26644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1701.030586][T26644] RSP: 002b:00007f0e2f683038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1701.030597][T26644] RAX: ffffffffffffffda RBX: 00007f0e2e9e5fa0 RCX: 00007f0e2e78eec9
[ 1701.030604][T26644] RDX: 00002000000000c0 RSI: 000000000000890c RDI: 0000000000000003
[ 1701.030611][T26644] RBP: 00007f0e2f683090 R08: 0000000000000000 R09: 0000000000000000
[ 1701.030618][T26644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1701.030625][T26644] R13: 00007f0e2e9e6038 R14: 00007f0e2e9e5fa0 R15: 00007ffc8f0c8778
[ 1701.030639][T26644]  </TASK>
[ 1701.030953][T26644] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1701.260585][T26641] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6063'.
[ 1701.277463][T26641] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6063'.
[ 1701.913094][T26650] [U] ��
[ 1701.954910][T26654] 9pnet_fd: Insufficient options for proto=fd
[ 1701.972654][T26654] netlink: 'syz.5.6069': attribute type 4 has an invalid length.
[ 1701.991362][T26655] tipc: Started in network mode
[ 1701.996239][T26655] tipc: Node identity 7, cluster identity 4711
[ 1702.006721][T26655] tipc: Node number set to 7
[ 1703.650150][T25192] usb 3-1: new high-speed USB device number 117 using dummy_hcd
[ 1703.881117][T25192] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1703.921938][T26676] netlink: 'syz.5.6075': attribute type 1 has an invalid length.
[ 1704.172931][T25192] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1704.198579][T25192] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1704.208760][T25192] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1704.382192][T25192] usb 3-1: New USB device found, idVendor=0bfd, idProduct=010c, bcdDevice=2d.16
[ 1704.423165][T25192] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1704.447150][T25192] usb 3-1: Product: syz
[ 1704.454877][T25192] usb 3-1: Manufacturer: syz
[ 1704.459491][T25192] usb 3-1: SerialNumber: syz
[ 1704.505423][T25192] usb 3-1: config 0 descriptor??
[ 1704.524373][T25192] kvaser_usb 3-1:0.0: CMD_MAP_CHANNEL_REQ failed for CAN0
[ 1704.566909][T25192] kvaser_usb 3-1:0.0: error -EMSGSIZE: Failed to initialize card
[ 1704.603663][T25192] kvaser_usb 3-1:0.0: probe with driver kvaser_usb failed with error -90
[ 1704.795682][T25192] usb 3-1: USB disconnect, device number 117
[ 1704.874363][T26692] FAULT_INJECTION: forcing a failure.
[ 1704.874363][T26692] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1704.887500][T26692] CPU: 1 UID: 0 PID: 26692 Comm: syz.5.6080 Not tainted syzkaller #0 PREEMPT(full) 
[ 1704.887524][T26692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1704.887535][T26692] Call Trace:
[ 1704.887542][T26692]  <TASK>
[ 1704.887550][T26692]  dump_stack_lvl+0x16c/0x1f0
[ 1704.887578][T26692]  should_fail_ex+0x512/0x640
[ 1704.887605][T26692]  _copy_to_user+0x32/0xd0
[ 1704.887632][T26692]  simple_read_from_buffer+0xcb/0x170
[ 1704.887655][T26692]  proc_fail_nth_read+0x197/0x240
[ 1704.887677][T26692]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1704.887702][T26692]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1704.887723][T26692]  vfs_read+0x1e1/0xcf0
[ 1704.887743][T26692]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1704.887767][T26692]  ? __pfx___mutex_lock+0x10/0x10
[ 1704.887790][T26692]  ? __pfx_vfs_read+0x10/0x10
[ 1704.887812][T26692]  ? __rcu_read_unlock+0x2bc/0x550
[ 1704.887833][T26692]  ? __fget_files+0x20e/0x3c0
[ 1704.887861][T26692]  ksys_read+0x12a/0x250
[ 1704.887880][T26692]  ? __pfx_ksys_read+0x10/0x10
[ 1704.887906][T26692]  do_syscall_64+0xcd/0x4e0
[ 1704.887932][T26692]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1704.887950][T26692] RIP: 0033:0x7f82bcd8d8dc
[ 1704.887965][T26692] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1704.887982][T26692] RSP: 002b:00007f82bdbb2030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1704.888001][T26692] RAX: ffffffffffffffda RBX: 00007f82bcfe6180 RCX: 00007f82bcd8d8dc
[ 1704.888012][T26692] RDX: 000000000000000f RSI: 00007f82bdbb20a0 RDI: 0000000000000007
[ 1704.888023][T26692] RBP: 00007f82bdbb2090 R08: 0000000000000000 R09: 0000000000000000
[ 1704.888034][T26692] R10: 0000000000003ab3 R11: 0000000000000246 R12: 0000000000000001
[ 1704.888045][T26692] R13: 00007f82bcfe6218 R14: 00007f82bcfe6180 R15: 00007fff82da15a8
[ 1704.888070][T26692]  </TASK>
[ 1706.032297][T26704] FAULT_INJECTION: forcing a failure.
[ 1706.032297][T26704] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1706.045502][T26704] CPU: 1 UID: 0 PID: 26704 Comm: syz.4.6085 Not tainted syzkaller #0 PREEMPT(full) 
[ 1706.045523][T26704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1706.045530][T26704] Call Trace:
[ 1706.045535][T26704]  <TASK>
[ 1706.045540][T26704]  dump_stack_lvl+0x16c/0x1f0
[ 1706.045559][T26704]  should_fail_ex+0x512/0x640
[ 1706.045576][T26704]  _copy_from_user+0x2e/0xd0
[ 1706.045593][T26704]  copy_msghdr_from_user+0x98/0x160
[ 1706.045608][T26704]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1706.045629][T26704]  ___sys_sendmsg+0xfe/0x1d0
[ 1706.045644][T26704]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1706.045674][T26704]  __sys_sendmsg+0x16d/0x220
[ 1706.045688][T26704]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1706.045711][T26704]  do_syscall_64+0xcd/0x4e0
[ 1706.045728][T26704]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1706.045740][T26704] RIP: 0033:0x7f0e2e78eec9
[ 1706.045749][T26704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1706.045760][T26704] RSP: 002b:00007f0e2f683038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1706.045771][T26704] RAX: ffffffffffffffda RBX: 00007f0e2e9e5fa0 RCX: 00007f0e2e78eec9
[ 1706.045778][T26704] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1706.045785][T26704] RBP: 00007f0e2f683090 R08: 0000000000000000 R09: 0000000000000000
[ 1706.045792][T26704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1706.045798][T26704] R13: 00007f0e2e9e6038 R14: 00007f0e2e9e5fa0 R15: 00007ffc8f0c8778
[ 1706.045812][T26704]  </TASK>
[ 1706.232245][T26697] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1706.366996][T26706] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1707.252585][T26716] hub 9-0:1.0: USB hub found
[ 1707.257646][T26716] hub 9-0:1.0: 1 port detected
[ 1707.440210][T17277] usb 6-1: new high-speed USB device number 105 using dummy_hcd
[ 1707.590153][T17277] usb 6-1: Using ep0 maxpacket: 8
[ 1707.603050][T17277] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[ 1707.612711][T17277] usb 6-1: config 179 has no interface number 0
[ 1707.629928][T17277] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1707.649870][T17277] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1707.653075][T26718] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6088'.
[ 1707.680094][T26718] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6088'.
[ 1707.735633][T17277] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1707.772611][T17277] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 1707.835735][T17277] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1707.884819][T17277] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1707.911405][T17277] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1708.055234][T26710] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 1708.499093][T17277] usb 6-1: USB disconnect, device number 105
[ 1708.505299][    C1] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1708.505326][    C1] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1708.932329][T26738] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6093'.
[ 1709.198344][T26746] netlink: 5 bytes leftover after parsing attributes in process `syz.2.6095'.
[ 1709.207478][T26746] 0�X��D: renamed from macvtap0 (while UP)
[ 1709.225330][T26746] 0�X��D: entered allmulticast mode
[ 1709.230709][T26746] veth0_macvtap: entered allmulticast mode
[ 1709.239026][T26746] A link change request failed with some changes committed already. Interface 
30�X��D may have been left with an inconsistent configuration, please check.
[ 1709.393854][T26746] hub 1-0:1.0: USB hub found
[ 1709.492399][T26746] hub 1-0:1.0: 1 port detected
[ 1710.377408][T26761] netlink: 116 bytes leftover after parsing attributes in process `syz.5.6100'.
[ 1710.438033][T26763] FAULT_INJECTION: forcing a failure.
[ 1710.438033][T26763] name failslab, interval 1, probability 0, space 0, times 0
[ 1710.452033][T26763] CPU: 1 UID: 0 PID: 26763 Comm: syz.2.6101 Not tainted syzkaller #0 PREEMPT(full) 
[ 1710.452057][T26763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1710.452067][T26763] Call Trace:
[ 1710.452074][T26763]  <TASK>
[ 1710.452081][T26763]  dump_stack_lvl+0x16c/0x1f0
[ 1710.452107][T26763]  should_fail_ex+0x512/0x640
[ 1710.452134][T26763]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1710.452157][T26763]  should_failslab+0xc2/0x120
[ 1710.452178][T26763]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1710.452197][T26763]  ? __alloc_skb+0x2b2/0x380
[ 1710.452222][T26763]  __alloc_skb+0x2b2/0x380
[ 1710.452242][T26763]  ? __pfx___alloc_skb+0x10/0x10
[ 1710.452265][T26763]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1710.452293][T26763]  netlink_alloc_large_skb+0x69/0x130
[ 1710.452318][T26763]  netlink_sendmsg+0x6a1/0xdd0
[ 1710.452345][T26763]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1710.452377][T26763]  ____sys_sendmsg+0xa98/0xc70
[ 1710.452404][T26763]  ? copy_msghdr_from_user+0x10a/0x160
[ 1710.452426][T26763]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1710.452464][T26763]  ___sys_sendmsg+0x134/0x1d0
[ 1710.452487][T26763]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1710.452540][T26763]  __sys_sendmsg+0x16d/0x220
[ 1710.452562][T26763]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1710.452598][T26763]  do_syscall_64+0xcd/0x4e0
[ 1710.452626][T26763]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1710.452644][T26763] RIP: 0033:0x7fa536f8eec9
[ 1710.452659][T26763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1710.452675][T26763] RSP: 002b:00007fa537d5a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1710.452693][T26763] RAX: ffffffffffffffda RBX: 00007fa5371e5fa0 RCX: 00007fa536f8eec9
[ 1710.452705][T26763] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000004
[ 1710.452715][T26763] RBP: 00007fa537d5a090 R08: 0000000000000000 R09: 0000000000000000
[ 1710.452726][T26763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1710.452737][T26763] R13: 00007fa5371e6038 R14: 00007fa5371e5fa0 R15: 00007ffc9ba282b8
[ 1710.452762][T26763]  </TASK>
[ 1710.790110][T20660] usb 5-1: new high-speed USB device number 83 using dummy_hcd
[ 1710.942201][T20660] usb 5-1: Using ep0 maxpacket: 8
[ 1710.953364][T20660] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[ 1710.961693][T20660] usb 5-1: config 179 has no interface number 0
[ 1711.387408][T20660] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[ 1711.454873][T20660] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[ 1711.476654][T20660] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9
[ 1711.488595][T20660] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024
[ 1711.506751][T20660] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1711.602430][T26781] binder: Bad value for 'max'
[ 1711.791050][   T30] audit: type=1400 audit(1758605447.263:1046): avc:  denied  { remount } for  pid=26779 comm="syz.0.6105" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 1711.937316][T20660] usb 5-1: config 179 interface 65 has no altsetting 0
[ 1711.957805][T20660] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[ 1711.961175][T26777] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6103'.
[ 1711.967506][T20660] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1712.005264][T20660] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input86
[ 1712.038225][T26783] netlink: 'syz.0.6106': attribute type 3 has an invalid length.
[ 1712.067196][T26783] netlink: 'syz.0.6106': attribute type 1 has an invalid length.
[ 1712.091419][T26783] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.6106'.
[ 1712.101499][ T5207] input input86: unable to receive magic message: -110
[ 1712.113588][ T5207] input input86: unable to receive magic message: -32
[ 1712.175199][ T5207] input input86: unable to receive magic message: -32
[ 1712.194163][ T5207] input input86: unable to receive magic message: -32
[ 1712.258546][T26665] input input86: unable to receive magic message: -32
[ 1712.297608][ T5207] input input86: unable to receive magic message: -32
[ 1712.335070][ T5207] input input86: unable to receive magic message: -32
[ 1712.370430][ T5207] input input86: unable to receive magic message: -32
[ 1712.409764][ T5207] input input86: unable to receive magic message: -32
[ 1712.451307][ T5207] input input86: unable to receive magic message: -32
[ 1713.566562][T20664] usb 5-1: USB disconnect, device number 83
[ 1713.566595][    C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1713.919441][T26817] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1715.094686][   T50] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1715.140257][   T50] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1715.149929][   T50] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1715.158234][   T50] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1715.166190][   T50] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1715.465112][T26819] chnl_net:caif_netlink_parms(): no params data found
[ 1716.151274][T26819] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1716.169908][T26819] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1716.462024][T26819] bridge_slave_0: entered allmulticast mode
[ 1716.486633][T26819] bridge_slave_0: entered promiscuous mode
[ 1716.543553][T26819] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1716.562389][T26819] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1716.573111][T26819] bridge_slave_1: entered allmulticast mode
[ 1716.581696][T26819] bridge_slave_1: entered promiscuous mode
[ 1716.636001][T26819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1716.674716][T26819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1716.730282][T20660] usb 3-1: new high-speed USB device number 118 using dummy_hcd
[ 1717.110653][T26865] comedi comedi0: bad chanlist[0]=0x00000007 chan=7 range length=1
[ 1717.504284][T25042] Bluetooth: hci5: command tx timeout
[ 1717.890686][T20660] usb 3-1: Using ep0 maxpacket: 8
[ 1717.921799][T20660] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[ 1717.937044][T20660] usb 3-1: config 179 has no interface number 0
[ 1717.944835][T20660] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[ 1717.996420][T26819] team0: Port device team_slave_0 added
[ 1718.017008][T26819] team0: Port device team_slave_1 added
[ 1718.025518][T20660] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[ 1718.111216][T25192] usb 5-1: new high-speed USB device number 84 using dummy_hcd
[ 1718.133822][T20660] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9
[ 1718.152880][T20660] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024
[ 1718.188912][T26819] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1718.202989][T20660] usb 3-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1718.221193][T26819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1718.252878][T20660] usb 3-1: config 179 interface 65 has no altsetting 0
[ 1718.275622][T20660] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[ 1718.300249][T25192] usb 5-1: Using ep0 maxpacket: 16
[ 1718.308463][T25192] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1718.322011][T26819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1718.364400][T26819] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1718.376201][T26819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1718.412537][T20660] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1718.427896][T25192] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[ 1718.445509][T26819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1718.471494][T20660] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input87
[ 1718.490506][T25192] usb 5-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[ 1718.537035][T26819] hsr_slave_0: entered promiscuous mode
[ 1718.544027][T25192] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1718.549980][T26819] hsr_slave_1: entered promiscuous mode
[ 1718.591649][ T5207] input input87: unable to receive magic message: -110
[ 1718.604826][T26819] debugfs: 'hsr0' already exists in 'hsr'
[ 1718.619715][T26819] Cannot create hsr debugfs directory
[ 1718.644263][ T5207] input input87: unable to receive magic message: -32
[ 1718.656020][ T5207] input input87: unable to receive magic message: -32
[ 1718.681976][ T5207] input input87: unable to receive magic message: -32
[ 1718.696777][ T5207] input input87: unable to receive magic message: -32
[ 1718.707046][T25192] usb 5-1: Product: syz
[ 1718.722238][T25192] usb 5-1: Manufacturer: syz
[ 1718.754707][ T5207] input input87: unable to receive magic message: -32
[ 1718.768132][T25192] usb 5-1: SerialNumber: syz
[ 1718.785130][ T5207] input input87: unable to receive magic message: -32
[ 1718.882772][T25192] usb 5-1: config 0 descriptor??
[ 1718.891677][T25192] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[ 1718.901170][T25192] gspca_stv06xx: st6422 sensor detected
[ 1719.146075][T26819] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1719.243497][T26819] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1719.276168][T26819] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1719.357604][T26819] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1719.535996][T26819] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1719.699320][T26819] 8021q: adding VLAN 0 to HW filter on device team0
[ 1719.710901][T25069] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1719.718000][T25069] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1719.757895][T25069] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1719.765057][T25069] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1719.873357][T25042] Bluetooth: hci5: command tx timeout
[ 1720.004643][T24688] usb 3-1: USB disconnect, device number 118
[ 1720.004680][    C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1720.027128][T26819] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1720.045318][T26881] netlink: 44 bytes leftover after parsing attributes in process `syz.2.6131'.
[ 1720.162834][   T30] audit: type=1400 audit(1758605455.813:1047): avc:  denied  { setopt } for  pid=26880 comm="syz.2.6131" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 1720.590510][T24688] usb 3-1: new high-speed USB device number 119 using dummy_hcd
[ 1720.755937][T25192] STV06xx 5-1:0.0: probe with driver STV06xx failed with error -71
[ 1720.775206][T25192] usb 5-1: USB disconnect, device number 84
[ 1720.901126][T24688] usb 3-1: Using ep0 maxpacket: 8
[ 1720.911829][T24688] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1720.930202][T24688] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1720.971590][T24688] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1720.978605][T24688] pvrusb2: **********
[ 1721.103550][T26819] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1721.112961][T26899] FAULT_INJECTION: forcing a failure.
[ 1721.112961][T26899] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1721.161161][T24688] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1721.174437][T26899] CPU: 0 UID: 0 PID: 26899 Comm: syz.4.6135 Not tainted syzkaller #0 PREEMPT(full) 
[ 1721.174464][T26899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1721.174474][T26899] Call Trace:
[ 1721.174481][T26899]  <TASK>
[ 1721.174488][T26899]  dump_stack_lvl+0x16c/0x1f0
[ 1721.174516][T26899]  should_fail_ex+0x512/0x640
[ 1721.174542][T26899]  _copy_to_user+0x32/0xd0
[ 1721.174570][T26899]  simple_read_from_buffer+0xcb/0x170
[ 1721.174592][T26899]  proc_fail_nth_read+0x197/0x240
[ 1721.174613][T26899]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1721.174636][T26899]  ? rw_verify_area+0xcf/0x6c0
[ 1721.174662][T26899]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1721.174683][T26899]  vfs_read+0x1e1/0xcf0
[ 1721.174705][T26899]  ? __pfx___mutex_lock+0x10/0x10
[ 1721.174729][T26899]  ? __pfx_vfs_read+0x10/0x10
[ 1721.174753][T26899]  ? __fget_files+0x20e/0x3c0
[ 1721.174781][T26899]  ksys_read+0x12a/0x250
[ 1721.174798][T26899]  ? __pfx_ksys_read+0x10/0x10
[ 1721.174823][T26899]  do_syscall_64+0xcd/0x4e0
[ 1721.174849][T26899]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1721.174867][T26899] RIP: 0033:0x7f0e2e78d8dc
[ 1721.174881][T26899] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1721.174898][T26899] RSP: 002b:00007f0e2f683030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1721.174915][T26899] RAX: ffffffffffffffda RBX: 00007f0e2e9e5fa0 RCX: 00007f0e2e78d8dc
[ 1721.174928][T26899] RDX: 000000000000000f RSI: 00007f0e2f6830a0 RDI: 0000000000000004
[ 1721.174939][T26899] RBP: 00007f0e2f683090 R08: 0000000000000000 R09: 0000000000000000
[ 1721.174950][T26899] R10: 0000000000012203 R11: 0000000000000246 R12: 0000000000000001
[ 1721.174960][T26899] R13: 00007f0e2e9e6038 R14: 00007f0e2e9e5fa0 R15: 00007ffc8f0c8778
[ 1721.174984][T26899]  </TASK>
[ 1721.358070][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1721.365099][T24688] pvrusb2: Important functionality might not be entirely working.
[ 1721.374377][T24688] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1721.388461][T24688] pvrusb2: **********
[ 1721.403288][ T2337] pvrusb2: Invalid write control endpoint
[ 1721.482202][ T2337] pvrusb2: Invalid write control endpoint
[ 1721.488010][ T2337] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1721.509407][T26909] FAULT_INJECTION: forcing a failure.
[ 1721.509407][T26909] name failslab, interval 1, probability 0, space 0, times 0
[ 1721.529007][ T2337] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1721.559196][T26909] CPU: 1 UID: 0 PID: 26909 Comm: syz.2.6132 Not tainted syzkaller #0 PREEMPT(full) 
[ 1721.559220][T26909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1721.559231][T26909] Call Trace:
[ 1721.559238][T26909]  <TASK>
[ 1721.559245][T26909]  dump_stack_lvl+0x16c/0x1f0
[ 1721.559273][T26909]  should_fail_ex+0x512/0x640
[ 1721.559296][T26909]  ? fs_reclaim_acquire+0xae/0x150
[ 1721.559322][T26909]  ? tomoyo_encode2+0x100/0x3e0
[ 1721.559353][T26909]  should_failslab+0xc2/0x120
[ 1721.559374][T26909]  __kmalloc_noprof+0xd2/0x510
[ 1721.559394][T26909]  ? d_absolute_path+0x136/0x1a0
[ 1721.559424][T26909]  tomoyo_encode2+0x100/0x3e0
[ 1721.559453][T26909]  tomoyo_encode+0x29/0x50
[ 1721.559479][T26909]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1721.559513][T26909]  tomoyo_path_number_perm+0x245/0x580
[ 1721.559535][T26909]  ? tomoyo_path_number_perm+0x237/0x580
[ 1721.559560][T26909]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1721.559585][T26909]  ? find_held_lock+0x2b/0x80
[ 1721.559630][T26909]  ? find_held_lock+0x2b/0x80
[ 1721.559652][T26909]  ? hook_file_ioctl_common+0x145/0x410
[ 1721.559677][T26909]  ? __fget_files+0x20e/0x3c0
[ 1721.559702][T26909]  security_file_ioctl+0x9b/0x240
[ 1721.559730][T26909]  __x64_sys_ioctl+0xb7/0x210
[ 1721.559759][T26909]  do_syscall_64+0xcd/0x4e0
[ 1721.559785][T26909]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1721.559803][T26909] RIP: 0033:0x7fa536f8eec9
[ 1721.559818][T26909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1721.559836][T26909] RSP: 002b:00007fa5351f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1721.559854][T26909] RAX: ffffffffffffffda RBX: 00007fa5371e6090 RCX: 00007fa536f8eec9
[ 1721.559866][T26909] RDX: 00002000000000c0 RSI: 0000000000000707 RDI: 0000000000000005
[ 1721.559878][T26909] RBP: 00007fa5351f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1721.559889][T26909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1721.559899][T26909] R13: 00007fa5371e6128 R14: 00007fa5371e6090 R15: 00007ffc9ba282b8
[ 1721.559924][T26909]  </TASK>
[ 1721.559941][T26909] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1721.680586][ T2337] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1721.952415][T25042] Bluetooth: hci5: command tx timeout
[ 1721.980777][ T2337] pvrusb2: Device being rendered inoperable
[ 1722.180200][T26909] pvrusb2: Attempted to execute control transfer when device not ok
[ 1722.226310][   T57] usb 3-1: USB disconnect, device number 119
[ 1722.230985][T26916] FAULT_INJECTION: forcing a failure.
[ 1722.230985][T26916] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1722.239850][ T2337] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[ 1722.252683][T26916] CPU: 0 UID: 0 PID: 26916 Comm: syz.5.6137 Not tainted syzkaller #0 PREEMPT(full) 
[ 1722.252703][T26916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1722.252712][T26916] Call Trace:
[ 1722.252718][T26916]  <TASK>
[ 1722.252725][T26916]  dump_stack_lvl+0x16c/0x1f0
[ 1722.252749][T26916]  should_fail_ex+0x512/0x640
[ 1722.252773][T26916]  _copy_to_iter+0x463/0x1710
[ 1722.252802][T26916]  ? __pfx__copy_to_iter+0x10/0x10
[ 1722.252827][T26916]  ? traverse.part.0.constprop.0+0x2c5/0x640
[ 1722.252851][T26916]  seq_read_iter+0x719/0x12c0
[ 1722.252869][T26916]  ? _kstrtoull+0x145/0x200
[ 1722.252891][T26916]  seq_read+0x3a3/0x570
[ 1722.252907][T26916]  ? __pfx_seq_read+0x10/0x10
[ 1722.252926][T26916]  ? import_ubuf+0x1b6/0x220
[ 1722.252950][T26916]  ? avc_policy_seqno+0x9/0x20
[ 1722.252970][T26916]  ? __pfx_seq_read+0x10/0x10
[ 1722.252986][T26916]  proc_reg_read+0x23d/0x330
[ 1722.253013][T26916]  ? __pfx_proc_reg_read+0x10/0x10
[ 1722.253035][T26916]  vfs_readv+0x5c1/0x8b0
[ 1722.253056][T26916]  ? __pfx_vfs_readv+0x10/0x10
[ 1722.253073][T26916]  ? find_held_lock+0x2b/0x80
[ 1722.253110][T26916]  ? __fget_files+0x20e/0x3c0
[ 1722.253136][T26916]  ? do_preadv+0x1a6/0x270
[ 1722.253151][T26916]  do_preadv+0x1a6/0x270
[ 1722.253167][T26916]  ? __pfx_do_preadv+0x10/0x10
[ 1722.253189][T26916]  do_syscall_64+0xcd/0x4e0
[ 1722.253214][T26916]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1722.253233][T26916] RIP: 0033:0x7f82bcd8eec9
[ 1722.253247][T26916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1722.253264][T26916] RSP: 002b:00007f82bdbd3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[ 1722.253282][T26916] RAX: ffffffffffffffda RBX: 00007f82bcfe6090 RCX: 00007f82bcd8eec9
[ 1722.253294][T26916] RDX: 0000000000000001 RSI: 00002000000002c0 RDI: 0000000000000007
[ 1722.253305][T26916] RBP: 00007f82bdbd3090 R08: 0000000000000001 R09: 0000000000000000
[ 1722.253315][T26916] R10: 0000000000000035 R11: 0000000000000246 R12: 0000000000000001
[ 1722.253326][T26916] R13: 00007f82bcfe6128 R14: 00007f82bcfe6090 R15: 00007fff82da15a8
[ 1722.253356][T26916]  </TASK>
[ 1722.766065][ T2337] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[ 1722.843174][ T2337] pvrusb2: Attached sub-driver cx25840
[ 1722.849013][ T2337] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1722.859557][ T2337] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1722.878508][T26819] veth0_vlan: entered promiscuous mode
[ 1722.897406][T26819] veth1_vlan: entered promiscuous mode
[ 1722.918718][T26819] veth0_macvtap: entered promiscuous mode
[ 1722.935638][T26819] veth1_macvtap: entered promiscuous mode
[ 1722.954079][T26819] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1722.961586][T24688] usb 5-1: new high-speed USB device number 85 using dummy_hcd
[ 1722.978678][T26819] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1722.990446][T26932] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6143'.
[ 1723.107773][T26932] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6143'.
[ 1723.116708][T26932] netlink: 'syz.0.6143': attribute type 5 has an invalid length.
[ 1723.124482][T26932] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6143'.
[ 1723.143811][T26932] geneve2: entered promiscuous mode
[ 1723.149051][T26932] geneve2: entered allmulticast mode
[ 1723.195898][T25069] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[ 1723.258301][T25069] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[ 1723.267502][T25069] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[ 1723.270370][T24688] usb 5-1: Using ep0 maxpacket: 32
[ 1723.328082][T25069] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[ 1723.339502][T24688] usb 5-1: config 0 has an invalid interface number: 146 but max is 0
[ 1723.348131][T24688] usb 5-1: config 0 has no interface number 0
[ 1723.353200][T25069] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1723.365638][T24688] usb 5-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1723.378998][T24688] usb 5-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[ 1723.394465][T24688] usb 5-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[ 1723.453483][T24688] usb 5-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[ 1723.474128][T25069] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1723.485357][T25069] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1723.499108][T24688] usb 5-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82
[ 1723.518400][T25069] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1723.656546][T24688] usb 5-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1723.679831][T24688] usb 5-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1724.143370][T25042] Bluetooth: hci5: command tx timeout
[ 1724.180223][T24688] usb 5-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid maxpacket 19968, setting to 1024
[ 1724.193058][T24688] usb 5-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1724.204546][T24688] usb 5-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[ 1724.220007][T24688] usb 5-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[ 1724.229365][T24688] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1724.242839][T24688] usb 5-1: Product: syz
[ 1724.247054][T24688] usb 5-1: Manufacturer: syz
[ 1724.251999][T24688] usb 5-1: SerialNumber: syz
[ 1724.269459][T24688] usb 5-1: config 0 descriptor??
[ 1724.278510][T26918] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1724.290810][T26918] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1724.301966][T24688] microtek usb (rev 0.4.3): will this work? Response EP is not usually 3
[ 1724.310534][T24688] microtek usb (rev 0.4.3): will this work? Image data EP is not usually 2
[ 1724.324959][T24688] scsi host1: microtekX6
[ 1724.370455][T13716] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1724.379329][ T1037] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1724.396292][ T1037] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1724.409083][T13716] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1724.558521][T26947] hub 9-0:1.0: USB hub found
[ 1724.563923][T26947] hub 9-0:1.0: 1 port detected
[ 1724.875351][T13716] bridge_slave_1: left allmulticast mode
[ 1724.890863][T13716] bridge_slave_1: left promiscuous mode
[ 1724.897713][T13716] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1724.949945][T13716] bridge_slave_0: left allmulticast mode
[ 1724.962504][T13716] bridge_slave_0: left promiscuous mode
[ 1724.975430][T13716] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1726.053636][T26961] FAULT_INJECTION: forcing a failure.
[ 1726.053636][T26961] name failslab, interval 1, probability 0, space 0, times 0
[ 1726.144743][T26961] CPU: 1 UID: 0 PID: 26961 Comm: syz.0.6151 Not tainted syzkaller #0 PREEMPT(full) 
[ 1726.144760][T26961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1726.144767][T26961] Call Trace:
[ 1726.144771][T26961]  <TASK>
[ 1726.144776][T26961]  dump_stack_lvl+0x16c/0x1f0
[ 1726.144795][T26961]  should_fail_ex+0x512/0x640
[ 1726.144810][T26961]  ? fs_reclaim_acquire+0xae/0x150
[ 1726.144826][T26961]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1726.144843][T26961]  should_failslab+0xc2/0x120
[ 1726.144857][T26961]  __kmalloc_noprof+0xd2/0x510
[ 1726.144871][T26961]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1726.144890][T26961]  ? tomoyo_profile+0x47/0x60
[ 1726.144902][T26961]  tomoyo_path_number_perm+0x245/0x580
[ 1726.144916][T26961]  ? tomoyo_path_number_perm+0x237/0x580
[ 1726.144932][T26961]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1726.144947][T26961]  ? find_held_lock+0x2b/0x80
[ 1726.144974][T26961]  ? find_held_lock+0x2b/0x80
[ 1726.144987][T26961]  ? hook_file_ioctl_common+0x145/0x410
[ 1726.145003][T26961]  ? __fget_files+0x20e/0x3c0
[ 1726.145018][T26961]  security_file_ioctl+0x9b/0x240
[ 1726.145036][T26961]  __x64_sys_ioctl+0xb7/0x210
[ 1726.145054][T26961]  do_syscall_64+0xcd/0x4e0
[ 1726.145072][T26961]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1726.145084][T26961] RIP: 0033:0x7f832d78eec9
[ 1726.145093][T26961] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1726.145104][T26961] RSP: 002b:00007f832e6cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1726.145116][T26961] RAX: ffffffffffffffda RBX: 00007f832d9e5fa0 RCX: 00007f832d78eec9
[ 1726.145123][T26961] RDX: 0000200000000080 RSI: 00000000000089e2 RDI: 0000000000000004
[ 1726.145129][T26961] RBP: 00007f832e6cd090 R08: 0000000000000000 R09: 0000000000000000
[ 1726.145136][T26961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1726.145143][T26961] R13: 00007f832d9e6038 R14: 00007f832d9e5fa0 R15: 00007ffc60612af8
[ 1726.145157][T26961]  </TASK>
[ 1726.145161][T26961] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1726.583488][T26964] fuse: Unknown parameter '184467440737095516150xffffffffffffffff'
[ 1726.593803][T26964] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1727.769831][T20660] usb 5-1: USB disconnect, device number 85
[ 1727.995792][T26980] FAULT_INJECTION: forcing a failure.
[ 1727.995792][T26980] name failslab, interval 1, probability 0, space 0, times 0
[ 1728.015461][T26980] CPU: 0 UID: 0 PID: 26980 Comm: syz.4.6156 Not tainted syzkaller #0 PREEMPT(full) 
[ 1728.015486][T26980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1728.015496][T26980] Call Trace:
[ 1728.015503][T26980]  <TASK>
[ 1728.015510][T26980]  dump_stack_lvl+0x16c/0x1f0
[ 1728.015537][T26980]  should_fail_ex+0x512/0x640
[ 1728.015559][T26980]  ? fs_reclaim_acquire+0xae/0x150
[ 1728.015583][T26980]  ? tomoyo_encode2+0x100/0x3e0
[ 1728.015607][T26980]  should_failslab+0xc2/0x120
[ 1728.015626][T26980]  __kmalloc_noprof+0xd2/0x510
[ 1728.015644][T26980]  ? d_absolute_path+0x136/0x1a0
[ 1728.015672][T26980]  tomoyo_encode2+0x100/0x3e0
[ 1728.015700][T26980]  tomoyo_encode+0x29/0x50
[ 1728.015723][T26980]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1728.015754][T26980]  tomoyo_path_number_perm+0x245/0x580
[ 1728.015775][T26980]  ? tomoyo_path_number_perm+0x237/0x580
[ 1728.015798][T26980]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1728.015821][T26980]  ? find_held_lock+0x2b/0x80
[ 1728.015869][T26980]  ? find_held_lock+0x2b/0x80
[ 1728.015889][T26980]  ? hook_file_ioctl_common+0x145/0x410
[ 1728.015912][T26980]  ? __fget_files+0x20e/0x3c0
[ 1728.015935][T26980]  security_file_ioctl+0x9b/0x240
[ 1728.015961][T26980]  __x64_sys_ioctl+0xb7/0x210
[ 1728.015988][T26980]  do_syscall_64+0xcd/0x4e0
[ 1728.016013][T26980]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1728.016030][T26980] RIP: 0033:0x7f0e2e78eec9
[ 1728.016052][T26980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1728.016068][T26980] RSP: 002b:00007f0e2f683038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1728.016085][T26980] RAX: ffffffffffffffda RBX: 00007f0e2e9e5fa0 RCX: 00007f0e2e78eec9
[ 1728.016096][T26980] RDX: 0000200000000180 RSI: 0000000040045304 RDI: 0000000000000003
[ 1728.016107][T26980] RBP: 00007f0e2f683090 R08: 0000000000000000 R09: 0000000000000000
[ 1728.016117][T26980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1728.016126][T26980] R13: 00007f0e2e9e6038 R14: 00007f0e2e9e5fa0 R15: 00007ffc8f0c8778
[ 1728.016151][T26980]  </TASK>
[ 1728.016194][T26980] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1728.725989][T26990] hub 9-0:1.0: USB hub found
[ 1728.732769][T26990] hub 9-0:1.0: 1 port detected
[ 1728.969894][T13716] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1728.981358][T13716] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1728.991393][T13716] bond0 (unregistering): Released all slaves
[ 1729.000841][T17277] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[ 1729.004383][T13716] bond1 (unregistering): Released all slaves
[ 1729.101729][T13716] bond2 (unregistering): Released all slaves
[ 1729.116562][T13716] bond3 (unregistering): Released all slaves
[ 1729.226214][T17277] usb 5-1: Using ep0 maxpacket: 32
[ 1729.262244][T17277] usb 5-1: config 0 has an invalid interface number: 146 but max is 0
[ 1729.327544][T13716] tipc: Left network mode
[ 1729.345196][T17277] usb 5-1: config 0 has no interface number 0
[ 1729.630806][T27001] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6162'.
[ 1729.643468][T17277] usb 5-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1729.655730][T17277] usb 5-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[ 1729.672250][T17277] usb 5-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[ 1729.685802][T17277] usb 5-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[ 1729.760358][T17277] usb 5-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82
[ 1729.794731][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1729.802266][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1729.819662][T17277] usb 5-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1729.862426][T17277] usb 5-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1729.913204][T17277] usb 5-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid maxpacket 19968, setting to 1024
[ 1729.991482][T17277] usb 5-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1730.011996][T17277] usb 5-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[ 1730.029110][T17277] usb 5-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[ 1730.042544][T17277] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1730.050945][T17277] usb 5-1: Product: syz
[ 1730.055284][T17277] usb 5-1: Manufacturer: syz
[ 1730.062423][T17277] usb 5-1: SerialNumber: syz
[ 1730.097466][T27014] FAULT_INJECTION: forcing a failure.
[ 1730.097466][T27014] name failslab, interval 1, probability 0, space 0, times 0
[ 1730.130323][T27014] CPU: 0 UID: 0 PID: 27014 Comm: syz.2.6165 Not tainted syzkaller #0 PREEMPT(full) 
[ 1730.130350][T27014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1730.130360][T27014] Call Trace:
[ 1730.130366][T27014]  <TASK>
[ 1730.130373][T27014]  dump_stack_lvl+0x16c/0x1f0
[ 1730.130401][T27014]  should_fail_ex+0x512/0x640
[ 1730.130422][T27014]  ? fs_reclaim_acquire+0xae/0x150
[ 1730.130445][T27014]  ? tomoyo_encode2+0x100/0x3e0
[ 1730.130468][T27014]  should_failslab+0xc2/0x120
[ 1730.130489][T27014]  __kmalloc_noprof+0xd2/0x510
[ 1730.130514][T27014]  tomoyo_encode2+0x100/0x3e0
[ 1730.130543][T27014]  tomoyo_encode+0x29/0x50
[ 1730.130568][T27014]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1730.130601][T27014]  ? tomoyo_profile+0x47/0x60
[ 1730.130621][T27014]  tomoyo_path_number_perm+0x245/0x580
[ 1730.130643][T27014]  ? tomoyo_path_number_perm+0x237/0x580
[ 1730.130668][T27014]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1730.130693][T27014]  ? find_held_lock+0x2b/0x80
[ 1730.130738][T27014]  ? find_held_lock+0x2b/0x80
[ 1730.130758][T27014]  ? hook_file_ioctl_common+0x145/0x410
[ 1730.130782][T27014]  ? __fget_files+0x20e/0x3c0
[ 1730.130807][T27014]  security_file_ioctl+0x9b/0x240
[ 1730.130833][T27014]  __x64_sys_ioctl+0xb7/0x210
[ 1730.130862][T27014]  do_syscall_64+0xcd/0x4e0
[ 1730.130887][T27014]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1730.130903][T27014] RIP: 0033:0x7fa536f8eec9
[ 1730.130917][T27014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1730.130933][T27014] RSP: 002b:00007fa537d5a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1730.130950][T27014] RAX: ffffffffffffffda RBX: 00007fa5371e5fa0 RCX: 00007fa536f8eec9
[ 1730.130962][T27014] RDX: 00002000000000c0 RSI: 000000000000890c RDI: 0000000000000003
[ 1730.130971][T27014] RBP: 00007fa537d5a090 R08: 0000000000000000 R09: 0000000000000000
[ 1730.130982][T27014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1730.130992][T27014] R13: 00007fa5371e6038 R14: 00007fa5371e5fa0 R15: 00007ffc9ba282b8
[ 1730.131017][T27014]  </TASK>
[ 1730.131103][T27014] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1730.138112][T17277] usb 5-1: config 0 descriptor??
[ 1730.488621][T27001] geneve3: entered promiscuous mode
[ 1730.532144][T17275] usb 6-1: new high-speed USB device number 106 using dummy_hcd
[ 1730.571678][T26988] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1730.578947][T26988] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1730.587568][T17277] microtek usb (rev 0.4.3): will this work? Response EP is not usually 3
[ 1730.598163][T17277] microtek usb (rev 0.4.3): will this work? Image data EP is not usually 2
[ 1730.636152][T17277] scsi host1: microtekX6
[ 1730.710093][T17275] usb 6-1: Using ep0 maxpacket: 32
[ 1730.716662][T17275] usb 6-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1730.730809][T17275] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1730.738670][T17275] usb 6-1: New USB device found, idVendor=05ac, idProduct=026c, bcdDevice= 0.00
[ 1730.766189][T17275] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1730.796481][T13716] hsr_slave_0: left promiscuous mode
[ 1730.836522][T13716] hsr_slave_1: left promiscuous mode
[ 1730.874833][T17275] usb 6-1: config 0 descriptor??
[ 1730.894107][T13716] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1730.938588][T13716] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1730.951706][T13716] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1731.036244][T13716] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1731.228662][T13716] veth1_macvtap: left promiscuous mode
[ 1731.234458][T13716] veth0_macvtap: left promiscuous mode
[ 1731.241071][T13716] veth1_vlan: left allmulticast mode
[ 1731.263156][T13716] veth1_vlan: left promiscuous mode
[ 1731.276744][T13716] veth0_vlan: left promiscuous mode
[ 1731.379409][T27010] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 1731.391326][T27010] overlayfs: failed to set xattr on upper
[ 1731.397957][   T30] audit: type=1400 audit(1758605467.033:1048): avc:  denied  { mounton } for  pid=27006 comm="syz.5.6164" path="/bus" dev="ramfs" ino=92967 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[ 1731.441993][T27010] overlayfs: ...falling back to redirect_dir=nofollow.
[ 1731.448882][T27010] overlayfs: ...falling back to metacopy=off.
[ 1731.457598][T27010] overlayfs: ...falling back to uuid=null.
[ 1731.511258][T17275] apple 0003:05AC:026C.0029: hidraw0: USB HID v0.02 Device [HID 05ac:026c] on usb-dummy_hcd.5-1/input0
[ 1731.601822][T27030] FAULT_INJECTION: forcing a failure.
[ 1731.601822][T27030] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1731.636984][T27030] CPU: 1 UID: 0 PID: 27030 Comm: syz.0.6168 Not tainted syzkaller #0 PREEMPT(full) 
[ 1731.637014][T27030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1731.637024][T27030] Call Trace:
[ 1731.637030][T27030]  <TASK>
[ 1731.637036][T27030]  dump_stack_lvl+0x16c/0x1f0
[ 1731.637054][T27030]  should_fail_ex+0x512/0x640
[ 1731.637071][T27030]  _copy_from_user+0x2e/0xd0
[ 1731.637088][T27030]  core_sys_select+0x35b/0xc10
[ 1731.637117][T27030]  ? __pfx_core_sys_select+0x10/0x10
[ 1731.637142][T27030]  ? set_user_sigmask+0x21b/0x2b0
[ 1731.637155][T27030]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1731.637171][T27030]  do_pselect.constprop.0+0x19f/0x1e0
[ 1731.637184][T27030]  ? __pfx_do_pselect.constprop.0+0x10/0x10
[ 1731.637201][T27030]  __x64_sys_pselect6+0x182/0x240
[ 1731.637214][T27030]  ? __pfx___x64_sys_pselect6+0x10/0x10
[ 1731.637231][T27030]  do_syscall_64+0xcd/0x4e0
[ 1731.637246][T27030]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1731.637258][T27030] RIP: 0033:0x7f832d78eec9
[ 1731.637267][T27030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1731.637282][T27030] RSP: 002b:00007f832e6ac038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 1731.637293][T27030] RAX: ffffffffffffffda RBX: 00007f832d9e6090 RCX: 00007f832d78eec9
[ 1731.637300][T27030] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000040
[ 1731.637307][T27030] RBP: 00007f832e6ac090 R08: 0000000000000000 R09: 0000000000000000
[ 1731.637314][T27030] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001
[ 1731.637324][T27030] R13: 00007f832d9e6128 R14: 00007f832d9e6090 R15: 00007ffc60612af8
[ 1731.637337][T27030]  </TASK>
[ 1731.839056][T25192] usb 6-1: USB disconnect, device number 106
[ 1732.532980][T20664] usb 5-1: USB disconnect, device number 86
[ 1732.712872][T17275] usb 6-1: new high-speed USB device number 107 using dummy_hcd
[ 1733.651341][T17275] usb 6-1: Using ep0 maxpacket: 16
[ 1733.668457][T17275] usb 6-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1733.855132][T17275] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1733.862187][T17275] usb 6-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1733.890452][T17275] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1733.986319][T17275] usb 6-1: config 0 descriptor??
[ 1734.420569][T27058] netlink: 'syz.0.6175': attribute type 10 has an invalid length.
[ 1734.642686][T17275] nzxt-smart2 0003:1E71:2009.002A: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.5-1/input0
[ 1734.758504][T13716] team0 (unregistering): Port device team_slave_1 removed
[ 1734.797181][T27061] netlink: 'syz.2.6176': attribute type 10 has an invalid length.
[ 1734.946282][T27038] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1734.971666][T27038] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1735.001184][T24688] usb 6-1: USB disconnect, device number 107
[ 1735.024801][T13716] team0 (unregistering): Port device team_slave_0 removed
[ 1735.614563][T27058] team0: Port device dummy0 added
[ 1735.645117][T27061] team0: Port device dummy0 added
[ 1736.049318][T17275] usb 6-1: new high-speed USB device number 108 using dummy_hcd
[ 1736.262168][T13716] IPVS: stop unused estimator thread 0...
[ 1736.280528][T17275] usb 6-1: Using ep0 maxpacket: 32
[ 1736.290298][T17275] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1736.550657][T17275] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1736.623996][T17275] usb 6-1: New USB device found, idVendor=0853, idProduct=0313, bcdDevice= 0.00
[ 1736.902451][T27085] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1737.744872][T17275] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1737.783091][T17275] usb 6-1: config 0 descriptor??
[ 1738.090154][T20664] usb 3-1: new high-speed USB device number 120 using dummy_hcd
[ 1738.216339][T27067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1738.230792][T27067] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1738.245577][   T30] audit: type=1804 audit(1758605473.903:1049): pid=27067 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.5.6178" name="/newroot/493/file0" dev="tmpfs" ino=2570 res=1 errno=0
[ 1738.268052][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1738.275423][T27067] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1
[ 1738.280210][T20664] usb 3-1: Using ep0 maxpacket: 32
[ 1738.292052][T27067] ref_ctr increment failed for inode: 0xa0a offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888030c960c0
[ 1738.293671][T20664] usb 3-1: config 0 has an invalid interface number: 146 but max is 0
[ 1738.315952][T20664] usb 3-1: config 0 has no interface number 0
[ 1738.322463][T20664] usb 3-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1738.335425][T20664] usb 3-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[ 1738.348027][T20664] usb 3-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[ 1738.364149][T20664] usb 3-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[ 1738.376761][T20664] usb 3-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82
[ 1738.388797][T20664] usb 3-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1738.392684][T17275] usbhid 6-1:0.0: can't add hid device: -71
[ 1738.410418][T17275] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1738.420245][T17277] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[ 1738.438369][T17275] usb 6-1: USB disconnect, device number 108
[ 1738.452499][T20664] usb 3-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1738.464922][T20664] usb 3-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid maxpacket 19968, setting to 1024
[ 1738.477351][T20664] usb 3-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1738.490256][T20664] usb 3-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[ 1738.511596][T20664] usb 3-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[ 1738.520928][T20664] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1738.528922][T20664] usb 3-1: Product: syz
[ 1738.535458][T20664] usb 3-1: Manufacturer: syz
[ 1738.540282][T20664] usb 3-1: SerialNumber: syz
[ 1738.547739][T20664] usb 3-1: config 0 descriptor??
[ 1738.553515][T27088] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1738.568054][T27088] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1738.576545][T20664] microtek usb (rev 0.4.3): will this work? Response EP is not usually 3
[ 1738.586765][T20664] microtek usb (rev 0.4.3): will this work? Image data EP is not usually 2
[ 1738.602142][T17277] usb 1-1: Using ep0 maxpacket: 32
[ 1738.609450][T17277] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1738.609540][T20664] scsi host1: microtekX6
[ 1738.627187][T17277] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1738.638026][T17277] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1738.651963][T17277] usb 1-1: config 0 descriptor??
[ 1738.659278][T17277] hub 1-1:0.0: USB hub found
[ 1738.860461][T17277] hub 1-1:0.0: 1 port detected
[ 1739.516264][T17277] usb 1-1: USB disconnect, device number 20
[ 1739.524848][   T57] hub 1-1:0.0: hub_ext_port_status failed (err = -71)
[ 1739.770423][T27121] hub 9-0:1.0: USB hub found
[ 1739.777909][T27121] hub 9-0:1.0: 1 port detected
[ 1740.318560][T27127] FAULT_INJECTION: forcing a failure.
[ 1740.318560][T27127] name failslab, interval 1, probability 0, space 0, times 0
[ 1740.334965][T27127] CPU: 0 UID: 0 PID: 27127 Comm: syz.5.6195 Not tainted syzkaller #0 PREEMPT(full) 
[ 1740.334991][T27127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1740.335002][T27127] Call Trace:
[ 1740.335009][T27127]  <TASK>
[ 1740.335017][T27127]  dump_stack_lvl+0x16c/0x1f0
[ 1740.335044][T27127]  should_fail_ex+0x512/0x640
[ 1740.335067][T27127]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1740.335089][T27127]  should_failslab+0xc2/0x120
[ 1740.335111][T27127]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1740.335130][T27127]  ? __alloc_skb+0x2b2/0x380
[ 1740.335154][T27127]  __alloc_skb+0x2b2/0x380
[ 1740.335174][T27127]  ? __pfx___alloc_skb+0x10/0x10
[ 1740.335197][T27127]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1740.335227][T27127]  netlink_alloc_large_skb+0x69/0x130
[ 1740.335251][T27127]  netlink_sendmsg+0x6a1/0xdd0
[ 1740.335279][T27127]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1740.335320][T27127]  ____sys_sendmsg+0xa98/0xc70
[ 1740.335347][T27127]  ? copy_msghdr_from_user+0x10a/0x160
[ 1740.335369][T27127]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1740.335400][T27127]  ? finish_task_switch.isra.0+0x221/0xc10
[ 1740.335425][T27127]  ? rcu_is_watching+0x12/0xc0
[ 1740.335450][T27127]  ___sys_sendmsg+0x134/0x1d0
[ 1740.335474][T27127]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1740.335528][T27127]  __sys_sendmsg+0x16d/0x220
[ 1740.335550][T27127]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1740.335571][T27127]  ? ksys_write+0x1a2/0x250
[ 1740.335606][T27127]  do_syscall_64+0xcd/0x4e0
[ 1740.335631][T27127]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1740.335649][T27127] RIP: 0033:0x7f82bcd8eec9
[ 1740.335665][T27127] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1740.335682][T27127] RSP: 002b:00007f82bdbf4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1740.335700][T27127] RAX: ffffffffffffffda RBX: 00007f82bcfe5fa0 RCX: 00007f82bcd8eec9
[ 1740.335713][T27127] RDX: 0000000000000084 RSI: 0000200000000400 RDI: 0000000000000003
[ 1740.335725][T27127] RBP: 00007f82bdbf4090 R08: 0000000000000000 R09: 0000000000000000
[ 1740.335736][T27127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1740.335747][T27127] R13: 00007f82bcfe6038 R14: 00007f82bcfe5fa0 R15: 00007fff82da15a8
[ 1740.335772][T27127]  </TASK>
[ 1740.913182][   T57] usb 3-1: USB disconnect, device number 120
[ 1741.340191][   T50] Bluetooth: hci5: command 0x0405 tx timeout
[ 1741.689453][T27142] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6200'.
[ 1742.797916][T27147] comedi comedi0: comedi_config --init_data is deprecated
[ 1743.736097][T27165] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input88
[ 1744.200081][ T5913] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 1744.620514][ T5913] usb 7-1: Using ep0 maxpacket: 8
[ 1744.632531][ T5913] usb 7-1: config 6 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[ 1744.642616][ T5913] usb 7-1: config 6 interface 0 altsetting 0 has an endpoint descriptor with address 0xEC, changing to 0x8C
[ 1744.654700][ T5913] usb 7-1: config 6 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[ 1744.667735][ T5913] usb 7-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[ 1744.677610][ T5913] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1744.685627][ T5913] usb 7-1: Product: syz
[ 1744.689841][ T5913] usb 7-1: Manufacturer: syz
[ 1744.694510][ T5913] usb 7-1: SerialNumber: syz
[ 1744.705395][ T5913] hso 7-1:6.0: Can't find BULK IN endpoint
[ 1744.909800][T27169] netlink: 96 bytes leftover after parsing attributes in process `syz.6.6208'.
[ 1744.919118][T27169] netlink: 96 bytes leftover after parsing attributes in process `syz.6.6208'.
[ 1744.928081][T27169] netlink: 96 bytes leftover after parsing attributes in process `syz.6.6208'.
[ 1745.019004][T24688] usb 7-1: USB disconnect, device number 2
[ 1745.496049][T27182] openvswitch: netlink: Message has 8 unknown bytes.
[ 1745.534242][T27182] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1746.067196][   T30] audit: type=1400 audit(1758605481.363:1050): avc:  denied  { shutdown } for  pid=27176 comm="syz.0.6209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 1746.306223][T27189] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6214'.
[ 1747.060107][   T30] audit: type=1326 audit(1758605482.483:1051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27190 comm="syz.2.6213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa536f8eec9 code=0x7ffc0000
[ 1747.150613][   T30] audit: type=1326 audit(1758605482.483:1052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27190 comm="syz.2.6213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa536f8eec9 code=0x7ffc0000
[ 1747.174076][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1747.180537][   T30] audit: type=1326 audit(1758605482.493:1053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27190 comm="syz.2.6213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa536f8eec9 code=0x7ffc0000
[ 1747.206054][   T30] audit: type=1326 audit(1758605482.493:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27190 comm="syz.2.6213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa536f8eec9 code=0x7ffc0000
[ 1747.558226][   T30] audit: type=1326 audit(1758605482.493:1055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27190 comm="syz.2.6213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa536f8eec9 code=0x7ffc0000
[ 1747.585100][   T30] audit: type=1326 audit(1758605482.493:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27190 comm="syz.2.6213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa536f8eec9 code=0x7ffc0000
[ 1747.608596][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1747.672519][   T30] audit: type=1326 audit(1758605482.793:1057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27190 comm="syz.2.6213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fa536f8eec9 code=0x7ffc0000
[ 1747.695907][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1748.795537][   T30] audit: type=1326 audit(1758605483.003:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27190 comm="syz.2.6213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa536f8eec9 code=0x7ffc0000
[ 1748.822565][   T30] audit: type=1326 audit(1758605483.003:1059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27190 comm="syz.2.6213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa536f8eec9 code=0x7ffc0000
[ 1750.100242][ T5913] usb 5-1: new high-speed USB device number 87 using dummy_hcd
[ 1750.290320][ T5913] usb 5-1: Using ep0 maxpacket: 32
[ 1750.304699][ T5913] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[ 1750.333303][ T5913] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[ 1750.394011][ T5913] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[ 1750.438306][ T5913] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[ 1750.480936][ T5913] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[ 1750.842509][ T5913] usb 5-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[ 1750.860225][ T5913] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1750.880426][ T5913] usb 5-1: Product: syz
[ 1750.909219][ T5913] usb 5-1: Manufacturer: syz
[ 1750.914971][ T5913] usb 5-1: SerialNumber: syz
[ 1750.961069][ T5913] usb 5-1: config 0 descriptor??
[ 1751.099585][   T30] audit: type=1400 audit(1758605486.743:1060): avc:  denied  { getopt } for  pid=27245 comm="syz.6.6228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[ 1751.679434][T27243] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1751.843032][ T5913] iforce 5-1:0.0: usb_submit_urb failed: -32
[ 1751.852069][ T5913] input input89: Device does not respond to id packet M
[ 1751.986506][ T5913] iforce 5-1:0.0: usb_submit_urb failed: -32
[ 1751.986872][T27244] syzkaller0: entered promiscuous mode
[ 1751.995477][ T5913] input input89: Device does not respond to id packet P
[ 1752.008358][T27244] syzkaller0: entered allmulticast mode
[ 1752.035991][ T5913] iforce 5-1:0.0: usb_submit_urb failed: -32
[ 1752.042748][ T5913] input input89: Device does not respond to id packet B
[ 1752.060170][ T5913] input input89: Limiting number of effects to 32 (device reports 48)
[ 1752.079343][T27244] tipc: Resetting bearer <eth:syzkaller0>
[ 1752.109426][T27242] tipc: Resetting bearer <eth:syzkaller0>
[ 1752.161601][T27242] tipc: Disabling bearer <eth:syzkaller0>
[ 1752.220364][T24688] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[ 1752.430151][T24688] usb 1-1: Using ep0 maxpacket: 32
[ 1752.988260][T24688] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1753.062364][T24688] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1753.078392][ T5913] iforce 5-1:0.0: usb_submit_urb failed: -110
[ 1753.200231][T24688] usb 1-1: New USB device found, idVendor=0853, idProduct=0313, bcdDevice= 0.00
[ 1753.209280][T24688] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1753.222329][ T5913] iforce 5-1:0.0: usb_submit_urb failed: -32
[ 1753.272965][T24688] usb 1-1: config 0 descriptor??
[ 1753.315939][ T5913] iforce 5-1:0.0: usb_submit_urb failed: -32
[ 1753.493350][ T5913] iforce 5-1:0.0: usb_submit_urb failed: -32
[ 1753.951501][ T5913] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input89
[ 1754.240167][   T57] usb 3-1: new full-speed USB device number 121 using dummy_hcd
[ 1754.293995][T27280] netlink: 52 bytes leftover after parsing attributes in process `syz.5.6234'.
[ 1754.431711][   T57] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1754.454047][   T57] usb 3-1: New USB device found, idVendor=20df, idProduct=0001, bcdDevice=97.6d
[ 1754.463303][   T57] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1754.494355][   T57] usb 3-1: Product: syz
[ 1754.498711][   T57] usb 3-1: Manufacturer: syz
[ 1754.503967][   T57] usb 3-1: SerialNumber: syz
[ 1754.884402][T27288] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1755.923938][   T57] usb 3-1: config 0 descriptor??
[ 1756.125025][T24688] usbhid 1-1:0.0: can't add hid device: -71
[ 1756.131144][T24688] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1756.170575][T24688] usb 1-1: USB disconnect, device number 21
[ 1756.199759][T27293] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1756.200227][T27278] mkiss: ax0: crc mode is auto.
[ 1756.496221][T27301] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6239'.
[ 1756.660151][T25192] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 1756.691581][   T30] audit: type=1326 audit(1758605492.353:1061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27277 comm="syz.2.6233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa536f8eec9 code=0x7ffc0000
[ 1756.847563][   T30] audit: type=1326 audit(1758605492.383:1062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27277 comm="syz.2.6233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa536f8eec9 code=0x7ffc0000
[ 1756.873104][   T30] audit: type=1326 audit(1758605492.393:1063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27277 comm="syz.2.6233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=265 compat=0 ip=0x7fa536f8eec9 code=0x7ffc0000
[ 1756.902320][T24688] usb 3-1: USB disconnect, device number 121
[ 1756.919755][   T30] audit: type=1326 audit(1758605492.393:1064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27277 comm="syz.2.6233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa536f8eec9 code=0x7ffc0000
[ 1756.946716][   T30] audit: type=1326 audit(1758605492.403:1065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27277 comm="syz.2.6233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa536f8eec9 code=0x7ffc0000
[ 1756.972945][T25192] usb 7-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1756.982276][T25192] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1757.017165][T25192] usb 7-1: config 0 descriptor??
[ 1757.333679][   T57] usb 5-1: USB disconnect, device number 87
[ 1757.950246][   T50] Bluetooth: hci3: command 0x0406 tx timeout
[ 1758.273754][T25192] pegasus 7-1:0.0: probe with driver pegasus failed with error -32
[ 1758.966401][T27329] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6245'.
[ 1758.976659][T27329] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6245'.
[ 1759.051065][T25192] usb 7-1: USB disconnect, device number 3
[ 1759.280120][   T57] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[ 1759.900528][   T57] usb 1-1: Using ep0 maxpacket: 32
[ 1759.935803][   T57] usb 1-1: config 0 has an invalid interface number: 146 but max is 0
[ 1759.947017][   T57] usb 1-1: config 0 has no interface number 0
[ 1760.355345][   T57] usb 1-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1760.377688][   T57] usb 1-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[ 1760.396645][   T57] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[ 1760.419685][   T57] usb 1-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[ 1760.557755][T27349] hub 9-0:1.0: USB hub found
[ 1760.563903][T27349] hub 9-0:1.0: 1 port detected
[ 1760.749980][   T57] usb 1-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82
[ 1761.362810][   T57] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1761.676149][   T57] usb 1-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1761.747803][   T57] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid maxpacket 19968, setting to 1024
[ 1761.770293][   T57] usb 1-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1761.800255][   T57] usb 1-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[ 1761.817061][   T57] usb 1-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[ 1761.828004][   T57] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1761.841859][   T57] usb 1-1: Product: syz
[ 1761.855977][   T57] usb 1-1: Manufacturer: syz
[ 1761.902523][   T57] usb 1-1: SerialNumber: syz
[ 1761.914292][   T57] usb 1-1: config 0 descriptor??
[ 1761.919911][T27333] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1761.933486][T27333] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1761.949822][   T57] microtek usb (rev 0.4.3): will this work? Response EP is not usually 3
[ 1761.958633][   T57] microtek usb (rev 0.4.3): will this work? Image data EP is not usually 2
[ 1761.989588][   T57] scsi host1: microtekX6
[ 1762.067771][T17275] usb 1-1: USB disconnect, device number 22
[ 1762.131313][T22962] microtek usb (rev 0.4.3): error -19 submitting URB
[ 1762.180375][T22962] microtek usb (rev 0.4.3): error -19 submitting URB
[ 1762.220549][   T57] usb 7-1: new full-speed USB device number 4 using dummy_hcd
[ 1763.009309][   T57] usb 7-1: config 0 has an invalid interface number: 251 but max is 0
[ 1763.017779][   T57] usb 7-1: config 0 has no interface number 0
[ 1763.030325][T25192] usb 6-1: new high-speed USB device number 109 using dummy_hcd
[ 1763.030820][   T57] usb 7-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1763.134975][   T57] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1763.195680][T25192] usb 6-1: Using ep0 maxpacket: 32
[ 1763.204478][T25192] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1763.228391][   T57] usb 7-1: Product: syz
[ 1763.232984][   T57] usb 7-1: Manufacturer: syz
[ 1763.236870][T25192] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1763.258576][T25192] usb 6-1: New USB device found, idVendor=0853, idProduct=0313, bcdDevice= 0.00
[ 1763.269482][T25192] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1763.284102][T25192] usb 6-1: config 0 descriptor??
[ 1763.289078][   T57] usb 7-1: SerialNumber: syz
[ 1763.290881][   T57] usb 7-1: config 0 descriptor??
[ 1763.867601][T27387] netlink: zone id is out of range
[ 1763.874199][T27387] netlink: zone id is out of range
[ 1763.884565][T27387] netlink: zone id is out of range
[ 1763.889825][T27387] netlink: zone id is out of range
[ 1763.896798][T27387] netlink: zone id is out of range
[ 1763.903491][T27387] netlink: zone id is out of range
[ 1763.908964][T27387] netlink: zone id is out of range
[ 1763.915296][T27387] netlink: zone id is out of range
[ 1763.920967][T27387] netlink: zone id is out of range
[ 1763.944265][   T57] asix 7-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[ 1763.955583][   T57] asix 7-1:0.251 (unnamed net_device) (uninitialized): Failed to read software interface selection register: -32
[ 1763.977702][T27387] netlink: zone id is out of range
[ 1763.989658][   T57] asix 7-1:0.251: probe with driver asix failed with error -32
[ 1764.402736][   T30] audit: type=1400 audit(1758605500.063:1066): avc:  denied  { name_bind } for  pid=27356 comm="syz.6.6255" src=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=udp_socket permissive=1
[ 1764.596157][T27395] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6265'.
[ 1764.626713][T27395] bond0: entered promiscuous mode
[ 1764.631888][T27395] bond_slave_0: entered promiscuous mode
[ 1764.637623][T27395] bond_slave_1: entered promiscuous mode
[ 1764.646426][T27395] bond0: left promiscuous mode
[ 1764.651275][T27395] bond_slave_0: left promiscuous mode
[ 1764.656752][T27395] bond_slave_1: left promiscuous mode
[ 1765.216164][T25192] usbhid 6-1:0.0: can't add hid device: -71
[ 1765.223794][T25192] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1765.345259][T25192] usb 6-1: USB disconnect, device number 109
[ 1765.821765][T27405] IPVS: length: 73 != 24
[ 1765.831449][T24688] usb 7-1: USB disconnect, device number 4
[ 1765.854394][T27405] autofs: Unknown parameter '0x0000000000000000'
[ 1772.432024][   T30] audit: type=1400 audit(1758605508.003:1067): avc:  denied  { ioctl } for  pid=27438 comm="syz.6.6275" path="socket:[94975]" dev="sockfs" ino=94975 ioctlcmd=0xf510 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[ 1775.456293][T27455] netlink: 'syz.5.6279': attribute type 10 has an invalid length.
[ 1775.535050][T27455] team0: Port device dummy0 added
[ 1775.666497][T27461] trusted_key: encrypted_key: insufficient parameters specified
[ 1775.681040][T27461] FAULT_INJECTION: forcing a failure.
[ 1775.681040][T27461] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1775.694242][T27461] CPU: 0 UID: 0 PID: 27461 Comm: syz.6.6281 Not tainted syzkaller #0 PREEMPT(full) 
[ 1775.694264][T27461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1775.694273][T27461] Call Trace:
[ 1775.694277][T27461]  <TASK>
[ 1775.694281][T27461]  dump_stack_lvl+0x16c/0x1f0
[ 1775.694301][T27461]  should_fail_ex+0x512/0x640
[ 1775.694318][T27461]  _copy_to_user+0x32/0xd0
[ 1775.694335][T27461]  simple_read_from_buffer+0xcb/0x170
[ 1775.694348][T27461]  proc_fail_nth_read+0x197/0x240
[ 1775.694363][T27461]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1775.694377][T27461]  ? rw_verify_area+0xcf/0x6c0
[ 1775.694394][T27461]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1775.694407][T27461]  vfs_read+0x1e1/0xcf0
[ 1775.694420][T27461]  ? __pfx___mutex_lock+0x10/0x10
[ 1775.694436][T27461]  ? __pfx_vfs_read+0x10/0x10
[ 1775.694451][T27461]  ? fdget_pos+0x1d7/0x370
[ 1775.694469][T27461]  ksys_read+0x12a/0x250
[ 1775.694479][T27461]  ? __pfx_ksys_read+0x10/0x10
[ 1775.694495][T27461]  do_syscall_64+0xcd/0x4e0
[ 1775.694511][T27461]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1775.694523][T27461] RIP: 0033:0x7fd20f78d8dc
[ 1775.694532][T27461] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1775.694544][T27461] RSP: 002b:00007fd21063a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1775.694555][T27461] RAX: ffffffffffffffda RBX: 00007fd20f9e6090 RCX: 00007fd20f78d8dc
[ 1775.694562][T27461] RDX: 000000000000000f RSI: 00007fd21063a0a0 RDI: 0000000000000007
[ 1775.694569][T27461] RBP: 00007fd21063a090 R08: 0000000000000000 R09: 0000000000000000
[ 1775.694576][T27461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1775.694582][T27461] R13: 00007fd20f9e6128 R14: 00007fd20f9e6090 R15: 00007ffd728c9678
[ 1775.694596][T27461]  </TASK>
[ 1776.392437][T27471] net_ratelimit: 164 callbacks suppressed
[ 1776.392460][T27471] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1777.630208][T27475] hub 9-0:1.0: USB hub found
[ 1777.635537][T27475] hub 9-0:1.0: 1 port detected
[ 1777.916334][T27477] netlink: 'syz.2.6284': attribute type 10 has an invalid length.
[ 1778.431261][T27485] netlink: 'syz.0.6288': attribute type 10 has an invalid length.
[ 1778.460320][T17277] usb 6-1: new high-speed USB device number 110 using dummy_hcd
[ 1778.642473][T27486] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6289'.
[ 1778.919171][T17277] usb 6-1: Using ep0 maxpacket: 8
[ 1779.288029][T27500] input: syz1 as /devices/virtual/input/input90
[ 1779.574606][T17277] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1779.586204][T17277] usb 6-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5
[ 1779.596365][T17277] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1779.770347][T17277] usb 6-1: config 0 descriptor??
[ 1779.847512][T17277] usb 6-1: Found UVC 0.00 device <unnamed> (2833:0201)
[ 1779.912666][T17277] usb 6-1: No valid video chain found.
[ 1779.918942][T27503] hub 9-0:1.0: USB hub found
[ 1779.926345][T27503] hub 9-0:1.0: 1 port detected
[ 1779.950373][T24688] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[ 1780.267449][T24688] usb 7-1: Using ep0 maxpacket: 16
[ 1780.306353][T24688] usb 7-1: config 4 has an invalid interface number: 51 but max is 0
[ 1780.360807][T24688] usb 7-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[ 1780.402739][T24688] usb 7-1: config 4 has no interface number 0
[ 1780.424408][T24688] usb 7-1: config 4 interface 51 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1780.447647][T24688] usb 7-1: config 4 interface 51 has no altsetting 0
[ 1780.460372][T24688] usb 7-1: New USB device found, idVendor=954f, idProduct=4199, bcdDevice= f.76
[ 1780.469634][T24688] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1780.479633][T24688] usb 7-1: Product: syz
[ 1780.484034][T24688] usb 7-1: Manufacturer: syz
[ 1780.488687][T24688] usb 7-1: SerialNumber: syz
[ 1780.500071][T20664] usb 3-1: new high-speed USB device number 122 using dummy_hcd
[ 1780.509883][T24688] cdc_eem 7-1:4.51: probe with driver cdc_eem failed with error -22
[ 1780.900128][T20664] usb 3-1: Using ep0 maxpacket: 32
[ 1780.969334][T20664] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1780.982948][T20664] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1781.137613][T27525] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1782.063493][T20664] usb 3-1: New USB device found, idVendor=0853, idProduct=0313, bcdDevice= 0.00
[ 1782.072689][T20664] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1782.082047][T20664] usb 3-1: config 0 descriptor??
[ 1782.185796][T17277] usb 6-1: USB disconnect, device number 110
[ 1782.593110][T20664] topre 0003:0853:0313.002B: unknown main item tag 0x0
[ 1782.639178][T20664] topre 0003:0853:0313.002B: unknown main item tag 0x0
[ 1782.702928][T20664] topre 0003:0853:0313.002B: unknown main item tag 0x0
[ 1782.731354][T27533] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.6301'.
[ 1782.750190][T20664] topre 0003:0853:0313.002B: unknown main item tag 0x0
[ 1782.777369][T20664] topre 0003:0853:0313.002B: unknown main item tag 0x0
[ 1782.805114][T20664] topre 0003:0853:0313.002B: unknown main item tag 0x0
[ 1782.856893][T20664] topre 0003:0853:0313.002B: unknown main item tag 0x0
[ 1782.915149][T20664] topre 0003:0853:0313.002B: unknown main item tag 0x0
[ 1782.922927][T20664] topre 0003:0853:0313.002B: unknown main item tag 0x0
[ 1782.932789][T20664] topre 0003:0853:0313.002B: unknown main item tag 0x0
[ 1782.950648][T20664] topre 0003:0853:0313.002B: hidraw0: USB HID v0.05 Device [HID 0853:0313] on usb-dummy_hcd.2-1/input0
[ 1782.980202][T17275] usb 7-1: USB disconnect, device number 5
[ 1783.030136][T17277] usb 6-1: new high-speed USB device number 111 using dummy_hcd
[ 1783.160711][T17277] usb 6-1: device descriptor read/64, error -71
[ 1783.436293][T17277] usb 6-1: new high-speed USB device number 112 using dummy_hcd
[ 1783.580236][T17277] usb 6-1: device descriptor read/64, error -71
[ 1784.427442][T17277] usb usb6-port1: attempt power cycle
[ 1784.462959][T25192] usb 3-1: USB disconnect, device number 122
[ 1784.790187][T17277] usb 6-1: new high-speed USB device number 113 using dummy_hcd
[ 1784.826048][T17277] usb 6-1: device descriptor read/8, error -71
[ 1785.243851][T17277] usb 6-1: new high-speed USB device number 114 using dummy_hcd
[ 1785.287446][T17277] usb 6-1: device descriptor read/8, error -71
[ 1785.536065][T17277] usb usb6-port1: unable to enumerate USB device
[ 1786.342460][T27578] hub 9-0:1.0: USB hub found
[ 1786.348927][T27578] hub 9-0:1.0: 1 port detected
[ 1787.367373][T27597] netlink: 'syz.0.6319': attribute type 8 has an invalid length.
[ 1788.075167][T27616] No control pipe specified
[ 1788.324648][T27620] netlink: 168 bytes leftover after parsing attributes in process `syz.6.6325'.
[ 1788.465492][T27625] netlink: 'syz.5.6327': attribute type 4 has an invalid length.
[ 1788.492958][T27625] netlink: 'syz.5.6327': attribute type 4 has an invalid length.
[ 1788.624132][T27629] hub 9-0:1.0: USB hub found
[ 1788.629342][T27629] hub 9-0:1.0: 1 port detected
[ 1789.042314][T27631] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1790.228389][T27635] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1791.233340][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1791.239653][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1792.623611][T27658] tmpfs: Unknown parameter 'uslqu'
[ 1793.174324][   T30] audit: type=1400 audit(1758605528.833:1068): avc:  denied  { ioctl } for  pid=27664 comm="syz.2.6337" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x9425 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[ 1793.203916][T27665] netlink: 'syz.2.6337': attribute type 1 has an invalid length.
[ 1793.217491][T27667] use of bytesused == 0 is deprecated and will be removed in the future,
[ 1793.225940][T27667] use the actual size instead.
[ 1793.255049][T27665] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1793.746571][   T30] audit: type=1326 audit(1758605528.943:1069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27666 comm="syz.0.6338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f832d78eec9 code=0x7ffc0000
[ 1793.770190][   T30] audit: type=1326 audit(1758605528.943:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27666 comm="syz.0.6338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f832d78eec9 code=0x7ffc0000
[ 1793.772184][   T57] IPVS: starting estimator thread 0...
[ 1793.816575][   T30] audit: type=1326 audit(1758605528.943:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27666 comm="syz.0.6338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f832d78eec9 code=0x7ffc0000
[ 1793.844179][   T30] audit: type=1326 audit(1758605529.403:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27666 comm="syz.0.6338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f832d78eec9 code=0x7ffc0000
[ 1793.870736][   T30] audit: type=1326 audit(1758605529.403:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27666 comm="syz.0.6338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f832d78eec9 code=0x7ffc0000
[ 1793.894184][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1793.900417][T27672] IPVS: using max 73 ests per chain, 175200 per kthread
[ 1794.555687][T27682] hub 8-0:1.0: USB hub found
[ 1794.570243][T27682] hub 8-0:1.0: 1 port detected
[ 1796.131207][T27693] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1797.770038][T24688] usb 3-1: new high-speed USB device number 123 using dummy_hcd
[ 1797.864879][T27717] netlink: 80 bytes leftover after parsing attributes in process `syz.5.6353'.
[ 1797.950678][T24688] usb 3-1: Using ep0 maxpacket: 8
[ 1797.960502][T24688] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1797.969097][T24688] usb 3-1: New USB device found, idVendor=0b05, idProduct=1807, bcdDevice= 0.40
[ 1797.980036][T24688] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1798.500876][T25042] Bluetooth: hci4: command 0x0406 tx timeout
[ 1798.612656][T24688] usb 3-1: Product: 뎆ጊ轁魮뒧慐◲柂畤巊⾳鑎朼抆䝶ᘶ栫䑏⦣繵铃棬┕枃챔囨쫾㉣侍飠붅벷맥惾놣፦串畩猫莌ẫ탢ꮩꍧᙬ孧䕍遞⃳긛䨾뇣꫞힎쀡⩎疴ᘽ蔠ㄽ㥓ꆓ茤鬌Ӧ陗諹䃜攁딣ꔽ勲豤쯄켾檨㑮犢ᰥ悔枭욥䟾ඩꕥ₅
[ 1798.612656][T24688] 舆ᖒ쐉䩺楯᷿⹫㺤鵤㡥췀▬땑꜊
[ 1798.649378][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1798.778223][T24688] usb 3-1: SerialNumber: 娸ₗԋᱴ없煜Ꮾ穤끩̌ࡡ娎杮᫴ꪈ䇎덎鿄쎽킙鱬壓ﺉ且ᣘ宴橉쌅ᒪ鰰㟱ဝ黥퐹쁈裖这鴊鏅沷深뙂쟿ꂣ殾䊪閡骩﫶㜨殨벘ꨂ릒뒸閈匝ꍑ⣨昧꿴ᚠ赧俆둺鰟쾋Ʊ톒䒒롉
[ 1799.025410][T27737] netlink: 'syz.4.6358': attribute type 10 has an invalid length.
[ 1799.036235][T27737] team0: Port device dummy0 added
[ 1799.814946][   T30] audit: type=1400 audit(1758605535.473:1074): avc:  denied  { accept } for  pid=27709 comm="syz.2.6350" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[ 1799.870984][T24688] usbhid 3-1:1.0: can't add hid device: -71
[ 1799.958095][T24688] usbhid 3-1:1.0: probe with driver usbhid failed with error -71
[ 1799.970128][T17277] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[ 1800.033845][T24688] usb 3-1: USB disconnect, device number 123
[ 1800.260818][T17277] usb 7-1: Using ep0 maxpacket: 32
[ 1800.747670][T17277] usb 7-1: config 0 has an invalid interface number: 146 but max is 0
[ 1800.755958][T17277] usb 7-1: config 0 has no interface number 0
[ 1800.776538][T17277] usb 7-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1800.787990][T17277] usb 7-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[ 1800.800836][T17277] usb 7-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[ 1800.902048][T17277] usb 7-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[ 1800.913196][T17277] usb 7-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82
[ 1801.011851][T17277] usb 7-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1801.450116][T17277] usb 7-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1801.760555][T17277] usb 7-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid maxpacket 19968, setting to 1024
[ 1801.772157][T17277] usb 7-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1801.826521][T17277] usb 7-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[ 1801.858822][T17277] usb 7-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[ 1801.880307][T17277] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1801.898669][T17277] usb 7-1: Product: syz
[ 1801.902935][T17277] usb 7-1: Manufacturer: syz
[ 1801.910038][T17277] usb 7-1: SerialNumber: syz
[ 1801.930835][T27771] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6370'.
[ 1801.930901][T17277] usb 7-1: config 0 descriptor??
[ 1801.955705][T27743] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1801.965463][T27743] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1802.017360][T17277] microtek usb (rev 0.4.3): will this work? Response EP is not usually 3
[ 1802.036427][T17277] microtek usb (rev 0.4.3): will this work? Image data EP is not usually 2
[ 1802.180503][T24688] usb 3-1: new high-speed USB device number 124 using dummy_hcd
[ 1802.619174][T17277] scsi host1: microtekX6
[ 1802.885847][T24688] usb 3-1: Using ep0 maxpacket: 8
[ 1803.010904][T24688] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1803.020275][T24688] usb 3-1: config 8 has an invalid descriptor of length 86, skipping remainder of the config
[ 1803.030605][T24688] usb 3-1: config 8 has 0 interfaces, different from the descriptor's value: 1
[ 1803.057117][T24688] usb 3-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af
[ 1803.066274][T24688] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1803.109620][T24688] usb 3-1: Product: syz
[ 1803.117332][T24688] usb 3-1: Manufacturer: syz
[ 1803.189645][T24688] usb 3-1: SerialNumber: syz
[ 1803.190492][T27792] kAFS: No cell specified
[ 1803.848518][T27800] binder: 27796:27800 ioctl c0306201 200000000640 returned -22
[ 1805.289187][T24688] usb 3-1: USB disconnect, device number 124
[ 1807.049948][T20661] usb 7-1: USB disconnect, device number 6
[ 1807.075262][T27828] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6383'.
[ 1807.201420][T27833] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6382'.
[ 1807.350759][T27833] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1807.358274][T27833] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1807.451630][T27838] o2cb: This node has not been configured.
[ 1807.457676][T27838] o2cb: Cluster check failed. Fix errors before retrying.
[ 1807.464927][T27838] (syz.6.6384,27838,1):user_dlm_register:674 ERROR: status = -22
[ 1807.472727][T27838] (syz.6.6384,27838,1):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file1"
[ 1807.546783][   T30] audit: type=1400 audit(1758605543.103:1075): avc:  denied  { add_name } for  pid=27829 comm="syz.6.6384" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 1807.694007][T27839] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6383'.
[ 1807.870999][T27833] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1807.880728][   T30] audit: type=1400 audit(1758605543.103:1076): avc:  denied  { create } for  pid=27829 comm="syz.6.6384" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[ 1807.905301][T27833] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1807.912517][   T30] audit: type=1400 audit(1758605543.103:1077): avc:  denied  { associate } for  pid=27829 comm="syz.6.6384" name="file1" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 1808.171720][   T30] audit: type=1400 audit(1758605543.783:1078): avc:  denied  { mounton } for  pid=27835 comm="syz.4.6385" path="/148/file1/file0" dev="autofs" ino=97215 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1
[ 1809.544267][T17277] usb 3-1: new high-speed USB device number 125 using dummy_hcd
[ 1809.740091][T17277] usb 3-1: Using ep0 maxpacket: 16
[ 1809.833784][T17277] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1809.855051][T17277] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1809.864300][T17277] usb 3-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1809.874580][T17277] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1810.316526][   T30] audit: type=1400 audit(1758605545.583:1079): avc:  denied  { create } for  pid=27862 comm="syz.5.6392" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1810.369741][   T30] audit: type=1400 audit(1758605545.593:1080): avc:  denied  { read } for  pid=27862 comm="syz.5.6392" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1810.405309][T17277] usb 3-1: config 0 descriptor??
[ 1810.758185][T27871] FAULT_INJECTION: forcing a failure.
[ 1810.758185][T27871] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1810.771412][T27871] CPU: 1 UID: 0 PID: 27871 Comm: syz.6.6393 Not tainted syzkaller #0 PREEMPT(full) 
[ 1810.771438][T27871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1810.771448][T27871] Call Trace:
[ 1810.771456][T27871]  <TASK>
[ 1810.771463][T27871]  dump_stack_lvl+0x16c/0x1f0
[ 1810.771495][T27871]  should_fail_ex+0x512/0x640
[ 1810.771523][T27871]  _copy_to_user+0x32/0xd0
[ 1810.771550][T27871]  simple_read_from_buffer+0xcb/0x170
[ 1810.771573][T27871]  proc_fail_nth_read+0x197/0x240
[ 1810.771596][T27871]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1810.771619][T27871]  ? rw_verify_area+0xcf/0x6c0
[ 1810.771647][T27871]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1810.771668][T27871]  vfs_read+0x1e1/0xcf0
[ 1810.771695][T27871]  ? __pfx___mutex_lock+0x10/0x10
[ 1810.771719][T27871]  ? __pfx_vfs_read+0x10/0x10
[ 1810.771745][T27871]  ? __fget_files+0x20e/0x3c0
[ 1810.771764][T27871]  ? lockdep_hardirqs_on+0x50/0x110
[ 1810.771793][T27871]  ksys_read+0x12a/0x250
[ 1810.771811][T27871]  ? __pfx_ksys_read+0x10/0x10
[ 1810.771831][T27871]  ? fput+0x9b/0xd0
[ 1810.771858][T27871]  do_syscall_64+0xcd/0x4e0
[ 1810.771884][T27871]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1810.771902][T27871] RIP: 0033:0x7fd20f78d8dc
[ 1810.771917][T27871] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1810.771935][T27871] RSP: 002b:00007fd210619030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1810.771952][T27871] RAX: ffffffffffffffda RBX: 00007fd20f9e6180 RCX: 00007fd20f78d8dc
[ 1810.771964][T27871] RDX: 000000000000000f RSI: 00007fd2106190a0 RDI: 000000000000000a
[ 1810.771975][T27871] RBP: 00007fd210619090 R08: 0000000000000000 R09: 0000000000000000
[ 1810.771985][T27871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1810.771996][T27871] R13: 00007fd20f9e6218 R14: 00007fd20f9e6180 R15: 00007ffd728c9678
[ 1810.772020][T27871]  </TASK>
[ 1810.990493][T17277] nzxt-smart2 0003:1E71:2009.002C: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.2-1/input0
[ 1811.370067][T20661] usb 6-1: new high-speed USB device number 115 using dummy_hcd
[ 1812.280042][T20661] usb 6-1: Using ep0 maxpacket: 32
[ 1812.287095][T20661] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1812.297758][T20661] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1812.312547][T20661] usb 6-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=4d.a7
[ 1812.322811][T20661] usb 6-1: New USB device strings: Mfr=152, Product=158, SerialNumber=3
[ 1812.332920][T20661] usb 6-1: Product: syz
[ 1812.337880][T20661] usb 6-1: Manufacturer: syz
[ 1812.344140][T20661] usb 6-1: SerialNumber: syz
[ 1812.352594][T20661] usb 6-1: config 0 descriptor??
[ 1812.364902][T20661] usb 6-1: no audio or video endpoints found
[ 1812.452325][T20661] usb 3-1: USB disconnect, device number 125
[ 1812.501178][   T57] usb 7-1: new full-speed USB device number 7 using dummy_hcd
[ 1812.529717][T27887] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6398'.
[ 1812.540711][T27887] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6398'.
[ 1812.588005][T24688] usb 6-1: USB disconnect, device number 115
[ 1812.658084][   T57] usb 7-1: config 0 has an invalid interface number: 8 but max is 0
[ 1812.918492][   T57] usb 7-1: config 0 has no interface number 0
[ 1812.941589][   T57] usb 7-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1812.966727][   T57] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[ 1812.981464][   T57] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1812.993369][   T57] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1813.001654][   T57] usb 7-1: Product: syz
[ 1813.007462][   T57] usb 7-1: SerialNumber: syz
[ 1813.126834][   T57] usb 7-1: config 0 descriptor??
[ 1813.993986][T27883] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22
[ 1814.166047][   T57] cm109 7-1:0.8: invalid payload size 64, expected 4
[ 1814.184871][   T57] input: CM109 USB driver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.8/input/input91
[ 1815.681375][    C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1815.684367][T24688] usb 7-1: USB disconnect, device number 7
[ 1815.688336][    C1] cm109 7-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[ 1815.714293][T24688] cm109 7-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1817.078236][T27917] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1819.430503][T27931] hub 9-0:1.0: USB hub found
[ 1819.436787][T27931] hub 9-0:1.0: 1 port detected
[ 1821.407125][   T30] audit: type=1400 audit(1758605557.063:1081): avc:  denied  { append } for  pid=27940 comm="syz.0.6417" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[ 1822.590138][T24688] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[ 1822.730078][   T57] usb 6-1: new high-speed USB device number 116 using dummy_hcd
[ 1822.750155][T24688] usb 7-1: Using ep0 maxpacket: 8
[ 1822.758733][T24688] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[ 1822.768498][T24688] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1822.781758][T24688] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1822.792825][T24688] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1822.804643][T24688] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1822.819531][T24688] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1822.828724][T20661] usb 3-1: new high-speed USB device number 126 using dummy_hcd
[ 1822.829800][T27959] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6424'.
[ 1822.839920][T24688] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1822.880191][   T57] usb 6-1: Using ep0 maxpacket: 8
[ 1822.894678][T27949] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1822.905147][T27949] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1822.917599][T27949] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1822.933919][T27949] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1822.954925][T27949] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1822.968762][T27949] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1822.991839][T27949] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input92
[ 1823.007811][T20661] usb 3-1: Using ep0 maxpacket: 8
[ 1823.028380][   T57] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1823.041472][   T57] usb 6-1: unable to read config index 0 descriptor/start: -71
[ 1823.041535][T20661] usb 3-1: too many endpoints for config 0 interface 0 altsetting 250: 255, using maximum allowed: 30
[ 1823.049044][   T57] usb 6-1: can't read configurations, error -71
[ 1823.081765][T20661] usb 3-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[ 1823.096376][T20661] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1823.104866][T20661] usb 3-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00
[ 1823.117031][T20661] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1823.139001][T20678] usb 7-1: USB disconnect, device number 8
[ 1823.148571][T20661] usb 3-1: config 0 descriptor??
[ 1823.352842][   T30] audit: type=1400 audit(1758605559.013:1082): avc:  denied  { setattr } for  pid=25804 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 1823.656090][T27978] CIFS mount error: No usable UNC path provided in device string!
[ 1823.656090][T27978] 
[ 1823.666298][T27978] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1823.950478][T20661] gt683r_led 0003:1770:FF00.002D: unbalanced collection at end of report description
[ 1823.961250][T20661] gt683r_led 0003:1770:FF00.002D: hid parsing failed
[ 1823.967996][T20661] gt683r_led 0003:1770:FF00.002D: probe with driver gt683r_led failed with error -22
[ 1825.068746][T25042] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1825.107767][T25042] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1825.116017][T25042] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1825.133765][T25042] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1825.144727][T25042] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1825.144830][T20661] usb 3-1: USB disconnect, device number 126
[ 1825.261958][T27999] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=544 sclass=netlink_route_socket pid=27999 comm=syz.5.6433
[ 1825.394953][T13734] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1825.877989][T13734] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1826.143101][T28009] nvme_fabrics: unknown parameter or missing value 'V' in ctrl creation request
[ 1826.361143][T13734] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1827.230108][   T50] Bluetooth: hci1: command tx timeout
[ 1828.134116][T13734] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1828.401267][T24688] usb 3-1: new high-speed USB device number 127 using dummy_hcd
[ 1828.595048][T13734] bridge_slave_1: left allmulticast mode
[ 1828.622862][T24688] usb 3-1: Using ep0 maxpacket: 32
[ 1828.634400][T13734] bridge_slave_1: left promiscuous mode
[ 1828.644819][T13734] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1828.665414][T13734] bridge_slave_0: left allmulticast mode
[ 1828.683077][T24688] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1828.694005][T24688] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1828.720078][T13734] bridge_slave_0: left promiscuous mode
[ 1828.727628][T13734] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1828.750184][T24688] usb 3-1: New USB device found, idVendor=0853, idProduct=0313, bcdDevice= 0.00
[ 1828.781215][T24688] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1828.865770][T24688] usb 3-1: config 0 descriptor??
[ 1829.311172][   T50] Bluetooth: hci1: command tx timeout
[ 1829.568729][T28046] hub 9-0:1.0: USB hub found
[ 1829.575014][T28046] hub 9-0:1.0: 1 port detected
[ 1829.953126][T28049] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1830.644475][T13734] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1830.655724][T13734] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1830.668734][T13734] bond0 (unregistering): Released all slaves
[ 1830.685627][T28049] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[ 1830.726326][T27988] chnl_net:caif_netlink_parms(): no params data found
[ 1831.121906][T27988] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1831.132061][T27988] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1831.139315][T27988] bridge_slave_0: entered allmulticast mode
[ 1831.147456][T27988] bridge_slave_0: entered promiscuous mode
[ 1831.169297][T13734] hsr_slave_0: left promiscuous mode
[ 1831.175793][T13734] hsr_slave_1: left promiscuous mode
[ 1831.182145][T13734] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1831.189618][T13734] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1831.198840][T13734] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1831.207407][T13734] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1831.257269][T13734] vlan1: left promiscuous mode
[ 1831.274508][T13734] veth1_macvtap: left promiscuous mode
[ 1831.286134][T13734] veth0_macvtap: left promiscuous mode
[ 1831.297432][T13734] veth1_vlan: left promiscuous mode
[ 1831.316340][T13734] veth0_vlan: left promiscuous mode
[ 1831.392140][   T50] Bluetooth: hci1: command tx timeout
[ 1831.409567][T28069] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6450'.
[ 1831.449892][T28069] netlink: 100 bytes leftover after parsing attributes in process `syz.6.6450'.
[ 1831.666781][T24688] usbhid 3-1:0.0: can't add hid device: -71
[ 1831.672949][T24688] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1831.713723][T24688] usb 3-1: USB disconnect, device number 127
[ 1833.414224][T13734] team0 (unregistering): Port device team_slave_1 removed
[ 1833.478346][T13734] team0 (unregistering): Port device team_slave_0 removed
[ 1833.488373][T21381] Bluetooth: hci1: command tx timeout
[ 1833.862346][T13734] team0 (unregistering): Port device dummy0 removed
[ 1834.044006][T27988] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1834.053710][T27988] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1834.062335][T27988] bridge_slave_1: entered allmulticast mode
[ 1834.069612][T27988] bridge_slave_1: entered promiscuous mode
[ 1834.393159][T27988] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1834.436723][T27988] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1834.646694][T28088] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=28088 comm=syz.2.6455
[ 1835.324880][T27988] team0: Port device team_slave_0 added
[ 1835.346580][T27988] team0: Port device team_slave_1 added
[ 1835.547134][T27988] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1835.550410][T21381] Bluetooth: hci1: command 0x0405 tx timeout
[ 1835.569938][T27988] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1835.665432][T27988] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1835.683056][T27988] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1835.690394][T27988] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1835.716278][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1835.724045][T27988] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1835.726104][T13734] IPVS: stop unused estimator thread 0...
[ 1835.978881][T27988] hsr_slave_0: entered promiscuous mode
[ 1836.005896][T27988] hsr_slave_1: entered promiscuous mode
[ 1836.012351][T27988] debugfs: 'hsr0' already exists in 'hsr'
[ 1836.018806][T27988] Cannot create hsr debugfs directory
[ 1837.436501][T28124] netlink: 165 bytes leftover after parsing attributes in process `syz.2.6465'.
[ 1837.908839][T27988] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1837.965496][T27988] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1837.991544][T27988] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1838.011186][T27988] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1838.154220][T27988] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1838.187848][T27988] 8021q: adding VLAN 0 to HW filter on device team0
[ 1838.232696][T13734] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1838.239832][T13734] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1838.286524][T25067] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1838.293671][T25067] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1838.331959][T26992] Bluetooth: hci6: Frame reassembly failed (-84)
[ 1838.346289][T28141] FAULT_INJECTION: forcing a failure.
[ 1838.346289][T28141] name failslab, interval 1, probability 0, space 0, times 0
[ 1838.377231][T28141] CPU: 1 UID: 0 PID: 28141 Comm: syz.2.6468 Not tainted syzkaller #0 PREEMPT(full) 
[ 1838.377256][T28141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1838.377267][T28141] Call Trace:
[ 1838.377273][T28141]  <TASK>
[ 1838.377280][T28141]  dump_stack_lvl+0x16c/0x1f0
[ 1838.377307][T28141]  should_fail_ex+0x512/0x640
[ 1838.377333][T28141]  should_failslab+0xc2/0x120
[ 1838.377354][T28141]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1838.377373][T28141]  ? __alloc_skb+0x2b2/0x380
[ 1838.377398][T28141]  __alloc_skb+0x2b2/0x380
[ 1838.377419][T28141]  ? __pfx___alloc_skb+0x10/0x10
[ 1838.377440][T28141]  ? __lock_acquire+0xb97/0x1ce0
[ 1838.377473][T28141]  h4_recv_buf+0x5dc/0xd00
[ 1838.377515][T28141]  ll_recv+0xf0/0x260
[ 1838.377544][T28141]  hci_uart_tty_receive+0x254/0x7e0
[ 1838.377571][T28141]  ? __pfx_hci_uart_tty_receive+0x10/0x10
[ 1838.377594][T28141]  tty_ioctl+0x580/0x1680
[ 1838.377617][T28141]  ? __pfx_tty_ioctl+0x10/0x10
[ 1838.377639][T28141]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1838.377674][T28141]  ? hook_file_ioctl_common+0x145/0x410
[ 1838.377700][T28141]  ? selinux_file_ioctl+0x180/0x270
[ 1838.377725][T28141]  ? selinux_file_ioctl+0xb4/0x270
[ 1838.377751][T28141]  ? __pfx_tty_ioctl+0x10/0x10
[ 1838.377773][T28141]  __x64_sys_ioctl+0x18e/0x210
[ 1838.377802][T28141]  do_syscall_64+0xcd/0x4e0
[ 1838.377826][T28141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1838.377844][T28141] RIP: 0033:0x7fa536f8eec9
[ 1838.377859][T28141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1838.377876][T28141] RSP: 002b:00007fa5351f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1838.377894][T28141] RAX: ffffffffffffffda RBX: 00007fa5371e6090 RCX: 00007fa536f8eec9
[ 1838.377906][T28141] RDX: 0000200000000040 RSI: 0000000000005412 RDI: 0000000000000003
[ 1838.377917][T28141] RBP: 00007fa5351f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1838.377928][T28141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1838.377938][T28141] R13: 00007fa5371e6128 R14: 00007fa5371e6090 R15: 00007ffc9ba282b8
[ 1838.377964][T28141]  </TASK>
[ 1838.377972][T28141] Bluetooth: hci6: Frame reassembly failed (-12)
[ 1839.386559][T27988] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1839.819585][T25042] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 1839.831675][T25042] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 1839.839818][T25042] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 1839.848484][T25042] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 1839.893679][T25042] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 1840.045218][T27988] veth0_vlan: entered promiscuous mode
[ 1840.067228][T27988] veth1_vlan: entered promiscuous mode
[ 1840.298255][T13716] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1840.309551][T13716] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1840.351454][T21381] Bluetooth: hci6: command 0x1003 tx timeout
[ 1840.357796][   T50] Bluetooth: hci6: Opcode 0x1003 failed: -110
[ 1840.505961][T28176] overlay: filesystem on ./file0 not supported
[ 1840.729403][T27988] veth0_macvtap: entered promiscuous mode
[ 1840.775849][T27988] veth1_macvtap: entered promiscuous mode
[ 1840.787375][T28180] netlink: 32 bytes leftover after parsing attributes in process `syz.5.6474'.
[ 1840.808066][T13716] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1840.818848][T13716] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1840.895414][T13716] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1840.905919][T13716] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1841.003715][T27988] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1841.023481][T27988] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1841.055924][T13716] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1841.077552][T13716] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1841.104165][T28155] chnl_net:caif_netlink_parms(): no params data found
[ 1841.119485][T26992] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1841.128510][T26992] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1841.146885][T26992] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1841.168957][T26992] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1841.268014][T28155] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1841.275337][T28155] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1841.282692][T28155] bridge_slave_0: entered allmulticast mode
[ 1841.289581][T28155] bridge_slave_0: entered promiscuous mode
[ 1841.295793][T17277] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[ 1841.336305][T28155] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1841.348422][T28155] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1841.365254][T28155] bridge_slave_1: entered allmulticast mode
[ 1841.374045][T28155] bridge_slave_1: entered promiscuous mode
[ 1841.443392][T28155] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1841.455243][T13732] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1841.460530][T13716] bridge_slave_1: left allmulticast mode
[ 1841.470983][T13716] bridge_slave_1: left promiscuous mode
[ 1841.471176][T17277] usb 7-1: Using ep0 maxpacket: 32
[ 1841.476775][T13716] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1841.483482][T13732] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1841.499320][T17277] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1841.508462][T17277] usb 7-1: config 244 has an invalid descriptor of length 0, skipping remainder of the config
[ 1841.508690][T13716] bridge_slave_0: left allmulticast mode
[ 1841.520810][T17277] usb 7-1: New USB device found, idVendor=0867, idProduct=9812, bcdDevice=24.0f
[ 1841.533645][T13716] bridge_slave_0: left promiscuous mode
[ 1841.533803][T17277] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1841.539569][T13716] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1841.549889][T17277] usb 7-1: Product: syz
[ 1841.558520][T17277] usb 7-1: Manufacturer: syz
[ 1841.563696][T17277] usb 7-1: SerialNumber: syz
[ 1841.953754][   T50] Bluetooth: hci7: command tx timeout
[ 1842.328281][T28197] fuse: Unknown parameter 'F�'
[ 1842.430721][   T31] INFO: task syz-executor:16316 blocked for more than 143 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1843.350054][   T31]       Not tainted syzkaller #0
[ 1843.445669][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1843.546091][   T31] task:syz-executor    state:D stack:22848 pid:16316 tgid:16316 ppid:1      task_flags:0x400140 flags:0x00004004
[ 1843.688717][   T31] Call Trace:
[ 1843.737094][   T31]  <TASK>
[ 1843.774298][   T31]  __schedule+0x1190/0x5de0
[ 1843.812419][   T31]  ? __lock_acquire+0x62e/0x1ce0
[ 1843.849667][   T31]  ? __pfx___schedule+0x10/0x10
[ 1843.879360][   T31]  ? find_held_lock+0x2b/0x80
[ 1843.884334][   T31]  ? schedule+0x2d7/0x3a0
[ 1843.888680][   T31]  schedule+0xe7/0x3a0
[ 1843.896547][   T31]  v9fs_evict_inode+0x26f/0x300
[ 1843.901680][   T31]  ? __pfx_v9fs_evict_inode+0x10/0x10
[ 1843.907118][   T31]  ? __pfx_var_wake_function+0x10/0x10
[ 1843.912674][   T31]  ? evict+0x3a2/0x920
[ 1843.916797][   T31]  ? __pfx_v9fs_evict_inode+0x10/0x10
[ 1843.922269][   T31]  evict+0x3e3/0x920
[ 1843.926218][   T31]  ? __pfx_evict+0x10/0x10
[ 1843.930719][   T31]  ? iput+0x519/0x880
[ 1843.934754][   T31]  iput+0x521/0x880
[ 1843.938606][   T31]  ? __pfx_v9fs_drop_inode+0x10/0x10
[ 1843.943975][   T31]  dentry_unlink_inode+0x29c/0x480
[ 1843.949148][   T31]  __dentry_kill+0x1d0/0x600
[ 1843.954600][   T31]  dput.part.0+0x4b1/0x9b0
[ 1843.959082][   T31]  shrink_dcache_for_umount+0x159/0x3e0
[ 1843.964721][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1843.969993][   T31]  generic_shutdown_super+0x6c/0x390
[ 1843.975342][   T31]  kill_anon_super+0x3a/0x60
[ 1843.979987][   T31]  v9fs_kill_super+0x3d/0xa0
[ 1843.984626][   T31]  deactivate_locked_super+0xc1/0x1a0
[ 1843.990082][   T31]  deactivate_super+0xde/0x100
[ 1843.994887][   T31]  cleanup_mnt+0x225/0x450
[ 1843.999354][   T31]  task_work_run+0x150/0x240
[ 1844.004256][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1844.009443][   T31]  ? __pfx___x64_sys_umount+0x10/0x10
[ 1844.014961][   T31]  exit_to_user_mode_loop+0xeb/0x110
[ 1844.020334][   T31]  do_syscall_64+0x41c/0x4e0
[ 1844.024974][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1844.031180][   T50] Bluetooth: hci7: command tx timeout
[ 1844.036748][   T31] RIP: 0033:0x7f2cb0d901f7
[ 1844.041233][   T31] RSP: 002b:00007ffd5a3e6b28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1844.049708][   T31] RAX: 0000000000000000 RBX: 00007f2cb0e11d7d RCX: 00007f2cb0d901f7
[ 1844.057984][   T31] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd5a3e6be0
[ 1844.066184][   T31] RBP: 00007ffd5a3e6be0 R08: 0000000000000000 R09: 0000000000000000
[ 1844.074348][   T31] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd5a3e7c70
[ 1844.082606][   T31] R13: 00007f2cb0e11d7d R14: 000000000019e67a R15: 00007ffd5a3e7cb0
[ 1844.090839][   T31]  </TASK>
[ 1844.093970][   T31] 
[ 1844.093970][   T31] Showing all locks held in the system:
[ 1844.102322][   T31] 3 locks held by rcu_exp_gp_kthr/18:
[ 1844.128746][   T31]  #0: ffff8880b843a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[ 1844.139645][   T31]  #1: ffffffff8e5c15a0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x1d5/0x5b0
[ 1844.152840][   T31]  #2: ffff888025d28a28 (&p->pi_lock){-.-.}-{2:2}, at: try_to_wake_up+0xb7/0x1870
[ 1844.162438][   T31] 1 lock held by khungtaskd/31:
[ 1844.167345][   T31]  #0: ffffffff8e5c15a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[ 1844.177442][   T31] 1 lock held by klogd/5211:
[ 1844.182132][   T31]  #0: ffff8880b843a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[ 1844.192855][   T31] 2 locks held by getty/5613:
[ 1844.197551][   T31]  #0: ffff88814d6f40a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[ 1844.207554][   T31]  #1: ffffc9000332e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[ 1844.217798][   T31] 3 locks held by kworker/u8:24/6843:
[ 1844.223206][   T31]  #0: ffff88801b881148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1844.234530][   T31]  #1: ffffc9001bedfd10 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1844.245021][   T31]  #2: ffffffff90385608 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0
[ 1844.254237][   T31] 5 locks held by kworker/u8:15/13716:
[ 1844.259690][   T31]  #0: ffff88801c6f4148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1844.270198][   T31]  #1: ffffc9001de6fd10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1844.280696][   T31]  #2: ffffffff9036f310 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890
[ 1844.290113][   T31]  #3: ffffffff90385608 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x7e9/0xab0
[ 1844.299192][   T31]  #4: ffffffff8e5ccb38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0
[ 1844.309347][   T31] 1 lock held by syz-executor/16316:
[ 1844.314843][   T31]  #0: ffff8880288f20e0 (&type->s_umount_key#78){+.+.}-{4:4}, at: deactivate_super+0xd6/0x100
[ 1844.325167][   T31] 4 locks held by kworker/1:13/17277:
[ 1844.330591][   T31]  #0: ffff88801f281148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1844.341430][   T31]  #1: ffffc90003347d10 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1844.352802][   T31]  #2: ffff888029aad198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c0/0x4fe0
[ 1844.361816][   T31]  #3: ffff8880558ac198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4b0
[ 1844.371098][   T31] 1 lock held by syz.5.3702/18304:
[ 1844.376201][   T31]  #0: ffffffff90385608 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230
[ 1844.385236][   T31] 3 locks held by kworker/1:14/20678:
[ 1844.390634][   T31]  #0: ffff88801b878d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1844.401136][   T31]  #1: ffffc90004d37d10 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1844.410841][   T31]  #2: ffffffff8e5ccb38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0
[ 1844.421144][   T31] 3 locks held by kworker/0:1/25192:
[ 1844.426526][   T31]  #0: ffff88801b878d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1844.437893][   T31]  #1: ffffc9000210fd10 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1844.448355][   T31]  #2: ffffffff90385608 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20
[ 1844.458783][   T31] 3 locks held by kworker/u8:3/26992:
[ 1844.464243][   T31]  #0: ffff88814c844948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1844.475348][   T31]  #1: ffffc9000c057d10 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1844.487579][   T31]  #2: ffffffff90385608 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x120/0x14e0
[ 1844.497120][   T31] 3 locks held by syz-executor/27988:
[ 1844.502559][   T31]  #0: ffffffff90428ad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1844.510819][   T31]  #1: ffffffff90428b88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1844.519797][   T31]  #2: ffffffff90385608 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_register_hw+0x2193/0x4120
[ 1844.529783][   T31] 4 locks held by udevd/28107:
[ 1844.534719][   T31]  #0: ffff88805e9e42f0 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xe1/0x12c0
[ 1844.543648][   T31]  #1: ffff88805648c088 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x4f/0x2a0
[ 1844.553099][   T31]  #2: ffff888024fe5e18 (kn->active#28){++++}-{0:0}, at: kernfs_seq_start+0xbc/0x2a0
[ 1844.562851][   T31]  #3: ffff8880558ac198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0
[ 1844.572438][   T31] 1 lock held by syz-executor/28155:
[ 1844.577738][   T31]  #0: ffffffff90385608 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x600/0x2000
[ 1844.586887][   T31] 2 locks held by syz.6.6477/28197:
[ 1844.592371][   T31]  #0: ffffffff8f7a5408 (ppp_mutex){+.+.}-{4:4}, at: ppp_ioctl+0xc2/0x2670
[ 1844.601041][   T31]  #1: ffffffff90385608 (rtnl_mutex){+.+.}-{4:4}, at: ppp_ioctl+0x17cd/0x2670
[ 1844.609929][   T31] 2 locks held by syz.2.6478/28195:
[ 1844.615203][   T31]  #0: ffffffff90428ad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1844.623477][   T31]  #1: ffffffff90428b88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1844.632588][   T31] 
[ 1844.634927][   T31] =============================================
[ 1844.634927][   T31] 
[ 1844.672660][   T31] NMI backtrace for cpu 0
[ 1844.672679][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[ 1844.672700][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1844.672710][   T31] Call Trace:
[ 1844.672717][   T31]  <TASK>
[ 1844.672724][   T31]  dump_stack_lvl+0x116/0x1f0
[ 1844.672750][   T31]  nmi_cpu_backtrace+0x27b/0x390
[ 1844.672765][   T31]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[ 1844.672786][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1844.672812][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[ 1844.672832][   T31]  watchdog+0xf0e/0x1260
[ 1844.672856][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1844.672875][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1844.672898][   T31]  ? __kthread_parkme+0x19e/0x250
[ 1844.672923][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1844.672942][   T31]  kthread+0x3c2/0x780
[ 1844.672959][   T31]  ? __pfx_kthread+0x10/0x10
[ 1844.672977][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1844.672997][   T31]  ? __pfx_kthread+0x10/0x10
[ 1844.673010][   T31]  ret_from_fork+0x56a/0x730
[ 1844.673021][   T31]  ? __pfx_kthread+0x10/0x10
[ 1844.673032][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1844.673058][   T31]  </TASK>
[ 1844.673168][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1844.796605][    C1] NMI backtrace for cpu 1
[ 1844.796619][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[ 1844.796638][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1844.796647][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[ 1844.796667][    C1] Code: 5d 61 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d d3 36 15 00 fb f4 <e9> cc 09 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[ 1844.796679][    C1] RSP: 0018:ffffc90000197df8 EFLAGS: 000002c2
[ 1844.796690][    C1] RAX: 00000000070f7c5b RBX: 0000000000000001 RCX: ffffffff8b94db49
[ 1844.796699][    C1] RDX: 0000000000000000 RSI: ffffffff8de52d59 RDI: ffffffff8c163400
[ 1844.796708][    C1] RBP: ffffed1003c5d488 R08: 0000000000000001 R09: ffffed10170a6655
[ 1844.796716][    C1] R10: ffff8880b85332ab R11: 0000000000000000 R12: 0000000000000001
[ 1844.796724][    C1] R13: ffff88801e2ea440 R14: ffffffff90ab7690 R15: 0000000000000000
[ 1844.796733][    C1] FS:  0000000000000000(0000) GS:ffff8881247b2000(0000) knlGS:0000000000000000
[ 1844.796746][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1844.796764][    C1] CR2: 000020000000b000 CR3: 000000000e380000 CR4: 00000000003526f0
[ 1844.796772][    C1] Call Trace:
[ 1844.796777][    C1]  <TASK>
[ 1844.796782][    C1]  default_idle+0x13/0x20
[ 1844.796800][    C1]  default_idle_call+0x6d/0xb0
[ 1844.796816][    C1]  do_idle+0x391/0x510
[ 1844.796834][    C1]  ? __pfx_do_idle+0x10/0x10
[ 1844.796849][    C1]  ? trace_sched_exit_tp+0x2f/0x120
[ 1844.796865][    C1]  cpu_startup_entry+0x4f/0x60
[ 1844.796880][    C1]  start_secondary+0x21d/0x2b0
[ 1844.796899][    C1]  ? __pfx_start_secondary+0x10/0x10
[ 1844.796918][    C1]  common_startup_64+0x13e/0x148
[ 1844.796937][    C1]  </TASK>
[ 1844.797797][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1844.973634][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[ 1844.982723][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1844.992758][   T31] Call Trace:
[ 1844.996016][   T31]  <TASK>
[ 1844.998930][   T31]  dump_stack_lvl+0x3d/0x1f0
[ 1845.003513][   T31]  vpanic+0x6e8/0x7a0
[ 1845.007484][   T31]  ? __pfx_vpanic+0x10/0x10
[ 1845.011982][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1845.017953][   T31]  panic+0xca/0xd0
[ 1845.021654][   T31]  ? __pfx_panic+0x10/0x10
[ 1845.026060][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1845.031419][   T31]  ? nmi_trigger_cpumask_backtrace+0x1b1/0x300
[ 1845.037556][   T31]  ? watchdog+0xd78/0x1260
[ 1845.041955][   T31]  ? watchdog+0xd6b/0x1260
[ 1845.046365][   T31]  watchdog+0xd89/0x1260
[ 1845.050595][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1845.055253][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1845.060434][   T31]  ? __kthread_parkme+0x19e/0x250
[ 1845.065447][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1845.070104][   T31]  kthread+0x3c2/0x780
[ 1845.074155][   T31]  ? __pfx_kthread+0x10/0x10
[ 1845.078726][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1845.083477][   T31]  ? __pfx_kthread+0x10/0x10
[ 1845.088054][   T31]  ret_from_fork+0x56a/0x730
[ 1845.092626][   T31]  ? __pfx_kthread+0x10/0x10
[ 1845.097196][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1845.101953][   T31]  </TASK>
[ 1845.105146][   T31] Kernel Offset: disabled
[ 1845.109462][   T31] Rebooting in 86400 seconds..