last executing test programs:

21m11.010004516s ago: executing program 0 (id=13):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYBLOB="38000000090601020000000000000000000000000900020073797a31000000004500010007000000100007800c00018008000140e0000001a1f25f7df7540aa4ebafa14159bbab313d4dbbc833634c030ac185d5223a843e9d7357dbe2d8011131df204b39a8d2082f67fe8ba79b45958a643bacc0c82c3ab3faf81bfc3a21b61f07a64fc1218f1c7b8b2dfc83ca6ab623d0e1c5dcc6d5923cf3b73a617065b569354e64a1f3db5dcf8f378a6272faa547568532f67725274519106018591c83b7de8ed1a04bc915dbd7504240f1844d418d37fa9ccb6f028ccc91267dda9f5977c5c9d139b017308ba2890261662b28695cdfb4d718eb70315acf1c9d5521cfa97216695bd70b"], 0x38}, 0x1, 0x0, 0x0, 0x10000047}, 0x40000c4)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) (async)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0) (async)
rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48) (async)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = socket$kcm(0x29, 0x2, 0x0)
memfd_create(&(0x7f0000000000)='e\xf4E\x88-\x00', 0x0) (async)
r2 = memfd_create(&(0x7f0000000000)='e\xf4E\x88-\x00', 0x0)
pwritev(r2, &(0x7f0000000040)=[{&(0x7f0000000480)="db", 0x1}], 0x1, 0x4000001, 0x0)
sendfile(r1, r2, 0x0, 0x10008000fb00)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet_smc(0x2b, 0x1, 0x0) (async)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r4, 0x0, 0x60, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0xe2981) (async)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0xe2981)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(0xffffffffffffffff, &(0x7f00000004c0)=[{0x84, 0x0, 0x0, 0x0, @time={0x8f, 0x401}, {0x2, 0xff}, {}, @control={0x6, 0x1ff, 0x2}}, {0xb6, 0x7e, 0xea, 0x1, @time={0x4, 0xcd2}, {0x4, 0x6}, {0x3b, 0x3}, @note={0x4, 0x4, 0x8, 0x6, 0x2}}], 0x35) (async)
write$sndseq(0xffffffffffffffff, &(0x7f00000004c0)=[{0x84, 0x0, 0x0, 0x0, @time={0x8f, 0x401}, {0x2, 0xff}, {}, @control={0x6, 0x1ff, 0x2}}, {0xb6, 0x7e, 0xea, 0x1, @time={0x4, 0xcd2}, {0x4, 0x6}, {0x3b, 0x3}, @note={0x4, 0x4, 0x8, 0x6, 0x2}}], 0x35)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000400)={0x2, &(0x7f0000000080)=[{0x38a, 0x1, 0x0, 0x7fffff7f}, {0x8005, 0x4, 0xd8, 0x2}]}) (async)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000400)={0x2, &(0x7f0000000080)=[{0x38a, 0x1, 0x0, 0x7fffff7f}, {0x8005, 0x4, 0xd8, 0x2}]})
close_range(r7, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='sys_exit\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB="1400000023008305a7a17000fedbdf2500000000bc576aa635ef7e501ecbaabec445"], 0x14}}, 0x4040000) (async)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB="1400000023008305a7a17000fedbdf2500000000bc576aa635ef7e501ecbaabec445"], 0x14}}, 0x4040000)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000a00)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes)\x00'}, 0x58) (async)
bind$alg(r8, &(0x7f0000000a00)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes)\x00'}, 0x58)

21m10.370096359s ago: executing program 0 (id=17):
vmsplice(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f0000000340)="205efa835de0d120b7a7762c65ea044ce3639d326ad03f25ff186cc0bfc13f5640266939d2760134c9aba714a6181b818ead67305144e7d4a5ba753c3b5077aeb38c8abc1d09a244158978ecbffcd1fd8178ad330f8ae70053025185ea279986afdf7131dee935c9b25600406cd2d5a030112e0ea198570f98e6e533851dced999b254a9dd4502c35560370e9d2c63427026ae3cba001d159768fbba3e195b4f01b5fc08c48f4ee318075f8e76d02e8a8aef0da9413d0d87df90980d6733c250a2e432da824abbf6bd1fb1a93cb55a32e76dd88d48da801e346e0c03a2be7a7fefc3a025636ad5588ad1bc46d88629885f7c", 0xf2}, {&(0x7f0000000440)="3fa8219f4b5bd6966f8b68785e1f2faf18", 0x11}, {&(0x7f0000000580)="a262e775d053d62e807e22ee1af4c5b1fcbc36ea46698702a93521c3d493dcb4406f59ee84a9a70febedac5953d861a978a16e1cb89b890c2e6f52382be2d6f078e7980d962d36e9549ede661ad0496e604276302ff4407d22ee9f6dbbf2904af9112c8751639e6379399301811e27a3ad2d931c38d3a988decb7d505ab12670c314d805f3d5eb5063608961a11075260a2c45260f0882ec2d73bae57909c5a19d57308b2be441c1d6b084d719892af99c367675c7be1439da69bdd73fc6f23369460c639e81b63dec6648874dca8abd460abe47052ec5da0b22", 0xda}, {&(0x7f0000000680)="cc2a8774cdc6e0b8ae61bc9530d9f6f0e540fa47e66d25c47b660a3e9aa7757a6bb84cc6d8742adda49519c05cf78e6b0eaa92f5d635555ccc6eb542b89f7787d03e7a4d6bb35a6f7caaa8cb5913f4909b8b95d6f629aa9e", 0x58}, {&(0x7f0000000700)="4df25749be83ab098fbc8338d93539eac0d0730e9462a2c981d8afc98a894d94e3d7fbbf383a88f0e58ca860357bd8a31b555870ade1f2a8b6b9d1eec7a8a3c4ccb30b0a03b6e7d24ac1d3ab37ba6256f00e1dc1382f56e0e6ff50297ca18977da207e9203e525fe9ff6ec42f80c8afb99608344cd7a5cc7f323415724b2942133088e6e0de23c81f9dda3494b68ee2568e80b55", 0x94}, {&(0x7f00000007c0)="d8199ccb2a31771b689296438e8a111febf454a8ebaa479fec8848dc66b46d6492832f0cdf3b07b017b89df56844d3fe475ad55d3e544f055617e7dbe482024a48e5d440a8ec2e47794b9adf414962cbca439e12eaaf8fb4db8dcf017af7a5", 0x5f}], 0x6, 0x1) (async, rerun: 64)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6) (async, rerun: 64)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil)
r4 = syz_kvm_add_vcpu$x86(r3, &(0x7f0000000000)={0x0, &(0x7f0000000180)=[@code={0x1, 0x68, {"b9b7000040b808000000ba000000000f30c4829191acf0820000009cc421fd50e0470f060f1c12c74424001b010000c7442402f5d60000ff1c24430f019c580c000000c422c5df1666baf80cb8b47e1d8cef66bafc0ced"}}], 0x68})
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0) (async, rerun: 64)
r5 = socket$l2tp6(0xa, 0x2, 0x73) (rerun: 64)
syz_io_uring_setup(0x609d, &(0x7f0000000200)={0x0, 0x80, 0x800, 0x2, 0x236}, &(0x7f0000000280), &(0x7f00000002c0)) (async)
sendto$l2tp6(r5, 0x0, 0x41, 0x4890, &(0x7f0000000040)={0xa, 0x0, 0xfffffffd, @mcast1, 0x6, 0x4}, 0x20)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x70, 0x30, 0x0, 0x870bd2d, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x0, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x5}, @TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x8, 0x78a2, 0x0, 0x1ff, 0x80000}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x6}}}}]}]}, 0x70}}, 0x20048000) (async, rerun: 32)
r6 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 32)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r7=>0x0}) (async)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r7, @ANYBLOB="08000100", @ANYRES32=r8], 0x90}}, 0x0)

21m10.02913237s ago: executing program 0 (id=21):
r0 = syz_open_dev$hiddev(&(0x7f0000000000), 0x93, 0x129a02)
ioctl$HIDIOCGREPORTINFO(r0, 0xc00c4809, &(0x7f0000000040)={0x2, 0x2, 0x1}) (async, rerun: 32)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r1=>r0}, './file0\x00'}) (rerun: 32)
utimensat(r1, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={{}, {0x0, 0x2710}}, 0x100)
clock_gettime(0x0, &(0x7f0000000200)={<r2=>0x0, <r3=>0x0})
pselect6(0x40, &(0x7f0000000140)={0xb, 0xd5, 0x6, 0x2, 0x7, 0xd, 0x6, 0x9}, &(0x7f0000000180)={0xfffffffffffffffe, 0x7, 0xffffffff80000000, 0x5280000, 0x8, 0x8000, 0x0, 0x4}, &(0x7f00000001c0)={0xff, 0x7fffffff, 0x2, 0x4, 0x6, 0x1000, 0x9, 0x40}, &(0x7f0000000240)={r2, r3+60000000}, &(0x7f00000002c0)={&(0x7f0000000280)={[0xb]}, 0x8}) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r1, <r4=>0xffffffffffffffff}, &(0x7f0000000300), &(0x7f0000000340)=r1}, 0x20)
mount(&(0x7f00000003c0)=@sg0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='tracefs\x00', 0xa979f65dad964590, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000004c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x4)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000500)=@o_path={&(0x7f0000000480)='./file0\x00', r5, 0x4000, r0}, 0x18) (async)
timer_create(0x2, &(0x7f0000000700)={0x0, 0x36, 0x4, @thr={&(0x7f0000000540)="df86b204eb594b8cbfd2abf66ac6d425bf27114a095d71106a16e13ec9cc42d4714be44e1723cb8d4062210f04363a51e481de4e4d678bfc8791b29e8686cf51835538ba4b5b011f91b41e9372748f43ee758b7ff729d235ef9dfd969f92ce0c92edf21a88965e7c6ff07859f620cccfec00ace789af8a86a88f57b5daac1557e945b655cc12d877945bd3014904c9e209d4c42dc294a2b3b3b6fbc544f1af22dc12d980a859461957171313b5ff42a7b92ebdfa409dc8737958dad57d10e06488a8cc3a5c793569eb2c58cfb39b6d7f6b1679c474b5c9a72c3642497990346ed5571bd892132540237dee4996fab5ad43f5abe28e952db8f3aa88a4", &(0x7f0000000640)="2d9cc7c4276c512a92083827cd477b381496fed6a1d88cf15f0398e7dddd47c06fcff561bd4c37ff1469616e80bb30502bbd788d841fed31615a5c78ddf6d7307fae38925b4e4613a01537e8de8fe64a6fa905d8bbbb86d7e313f9f20f79ce99a59ee5da5918f393b22dff0c50161d90ab43bdb0e5b700186626fd305e1833e373fadaf0ae"}}, &(0x7f0000000740)=<r6=>0x0)
timer_settime(r6, 0x1, &(0x7f0000000780)={{0x77359400}, {0x77359400}}, &(0x7f00000007c0)) (async)
read$FUSE(0xffffffffffffffff, &(0x7f0000000800)={0x2020}, 0x2020) (async)
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000008)
rename(&(0x7f0000002840)='./file0\x00', &(0x7f0000002880)='./file0\x00')
setxattr$trusted_overlay_redirect(&(0x7f00000028c0)='./file0\x00', &(0x7f0000002900), &(0x7f0000002940)='./file0\x00', 0x8, 0x3) (async)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x40010, r5, 0x4b98c000)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000002980)={<r7=>0x0, 0x5}, &(0x7f00000029c0)=0x8)
setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000002a00)={r7, 0x800}, 0x8) (async)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000002a40)={r7, 0x21}, 0x8)
read$msr(r1, &(0x7f0000002a80)=""/79, 0x4f)
clock_gettime(0x0, &(0x7f0000003400)={<r8=>0x0, <r9=>0x0})
recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x0, &(0x7f0000002d80)=[{&(0x7f0000002b00)=""/59, 0x3b}, {&(0x7f0000002b40)=""/106, 0x6a}, {&(0x7f0000002bc0)=""/240, 0xf0}, {&(0x7f0000002cc0)=""/178, 0xb2}], 0x4, &(0x7f0000002dc0)=""/20, 0x14}, 0xd0bc}, {{&(0x7f0000002e00)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000002f40)=[{&(0x7f0000002e80)=""/134, 0x86}], 0x1}, 0x6}, {{&(0x7f0000002f80)=@rc={0x1f, @fixed}, 0x80, &(0x7f0000003280)=[{&(0x7f0000003000)=""/85, 0x55}, {&(0x7f0000003080)=""/222, 0xde}, {&(0x7f0000003180)=""/142, 0x8e}, {&(0x7f0000003240)=""/44, 0x2c}], 0x4, &(0x7f00000032c0)=""/96, 0x60}, 0x80}], 0x3, 0x12002, &(0x7f0000003440)={r8, r9+10000000}) (async)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000003480)={@fallback=r5, r4, 0x4, 0x200a, r1, @value=r1}, 0x20)
r10 = socket$inet6_icmp(0xa, 0x2, 0x3a)
getsockopt$sock_timeval(r10, 0x1, 0x43, &(0x7f00000034c0), &(0x7f0000003500)=0x10) (async)
sync_file_range(r10, 0x5, 0x3, 0x3)
openat$dir(0xffffffffffffff9c, &(0x7f0000003540)='./file0\x00', 0x82000, 0x82) (async)
socket$kcm(0x29, 0x7, 0x0) (async, rerun: 32)
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0) (rerun: 32)

21m9.982967104s ago: executing program 0 (id=22):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x86)
mount$fuse(0x0, 0x0, 0x0, 0x1930bd, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0)
mount$bind(0x0, &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$overlay(0xf000, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')

21m9.551971136s ago: executing program 0 (id=23):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cgroup.controllers\x00', 0x275a, 0x0)
linkat(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1400)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$MSR(&(0x7f0000000040), 0xa, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
syz_open_dev$ttys(0xc, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x22, 0x2, 0x24)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
socket$kcm(0x2, 0xa, 0x2)
write$tun(r4, 0x0, 0xfdef)
syz_io_uring_setup(0x9e1, &(0x7f0000000080)={0x0, 0x4e244, 0x80, 0x3, 0x152}, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
lseek(r5, 0x2000, 0x0)
r6 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000300)={0x1, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r7, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r6, 0x3ba0, &(0x7f0000004fc0)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1})
sync()

21m8.671720444s ago: executing program 0 (id=26):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x141080, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x8000000003c)
r2 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000140)=0x200000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = getpid()
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000002240)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0020000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26ffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87867c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f86bb47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad91935a6ddfa8f90e79321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c1f860d050d694cc7806d294d3665016a7b29da0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d40887c58559b7dcb98a6273b8c651e57f727041c62cea5b7bd24d9f679e4fbe948dfb4cc4a389469608241630459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b83720eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb89872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebed161980f2fde4f9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e9338c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc3600040543a34b195c6a8fc054282cd41b264906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e4bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af41000000000000007f5ab0d534b8d63e4ca3be71f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af0be61e58c79d497247d278888901d442ad7f8536607a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733097f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99e85b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5359dbdfbf31a562395020becaf3fd1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4b28288e78980c1184d8223edbc4bf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b5524642c248aa813edaa626f0000000000000000000000000000000003ba5bac34b611569a451564d3a5400f9097ffe7a37e765bc652be71ee24250d6d9cf19878dd62c53062d6000c409de6a6135eae8a00000000008d797190a26c933f933aff5c521eeb7a84a62d148a846e74e76b515b6b8be29e8b69310fa130cf6d6b74f33205d3cc218ca554ed8085ae044f5bf2e89ad07963acbd4dd4dc5b4552591edde7a22ad06f7567e6fec2f65011b579bf609d61a3ff4d6f490824bb035995449fc34106ae6889f036d67b6aaee784f855ebc746ac871b5d2031ac0a252ac1f86e93e245f3793cea80b6de773899d49d11d3b1ed79163b111c976cf840a2ef6214a43338fba8c9edb6be26e68fcc5d47ed74a66ce8aba726ab955b9b32ab1890e84a5e2d7476252af25e5c95c5a8b2b1b5c8a2645b017d23c0f169d6ab529cc889bb07889d9e155114cf3e26a50c527ec6d4021cd2cacfea6d7e41e39e26b3967cad65c648b170f12ea9cc69dcee64be0c27b1f4f7f5ce3e62c35602c9d2921326891901661c85b9ee4a0a0b9636bef4c23788494f094abb91ed813b42828aa93105896e0aee851a8087e169a1d69e841257d9053d0cdc3a6ac4f12084cc6470abebe8b344b1f56690a2687b428686c854c21831da277e8b8a21b7b91a46d22ba083eca7b1f8268048cde7d6f237dca42035881b29ca9c8c2937971821b613894297ff6f7796053a4de1fd77e180cc22b205d43bb4a1b59962c1f605ea1b74587100e8d579f157cb45561c357f9976cec6a43388b3049a0d9c171ff6145266ba119d00000000001ef3794a930eb12f3a6215c510bf0bca70c127e9c70cc7bef921249a7f18a0034ce3264a9e96656b47233e2ed7c76520e649c3fd550bdafd77c5cd72b4446d3e157ddd97e7622a6891fb739acd3b2cdaf65ac78490f0641be6e8c6f55bf3d228786895ff5fd5970faacd8a5025aca0aa1931f477ba06aa60051298c8bf7f3b399194f98dc3f4e8513ad06da09dc393c1284515986b8c70ac69512f6c0c04f42edb3a097a11f2ab480e3e391abffae097752300576337c6dd24c4a98280684aa1fe8c7b43ee8bce05fe979b34da18cdb44dbb030b8009cd3b3b44fd8e7b534acd3f1839cb54817668ab446d3d47848429ea831a57f26c8b05dedddceb24483f8f998b05c3ddf85c3799c9000000000000000000000000001e57cf839eb3150d6a076fb7b86fae98dbb46014f483aecb4ec4f0877371bcae8912c78aff857c669760f0e55041563c5c3e8ee4a0eef885fd43fe34a1febc82370d1d07fdfe705ada4764320889000000000000000000000000000000a790af4fc17872b55b10db99e212d18193235659df45627da300959eafc8bfb44f70d250f8f2e86532700254c9a8b14999f59c8b9034c4bb2448eaeff5db21d4a7f3d974790d4c3cba7c402f50585b9289d86400679e5c2bcacb2841ca074d51fdb4a29e84d72b6c996cfbee06aa52cd632e82ba068e8e1572ef2eb414ba5fccfc3c03e64df6a9cc3936c604aa2c0e2ec7b777475023f29b146af003472ce146a5ff997ba53c51026c0096154f9280a34bbf21d66f57a250b5397766122fc86950ce5252e96868cd04df54764cf2082153d6cedd8aaf9700c734aa4a1cb33a2e0a13c5687be4de327511bff9816d13c3219dac1c1535f10243db6f96960ea6a621f5e1b7babbedf0a6bf0cf74123d2e78d01be2b048883a2459eec630fb0293d28d9799fd3a792caff693fd9f002f14c43fb5a1051cc686b7f114d7927eed559bdf2e8ddea3e61d5d942b63fe90230b2e1948fc563ef94d437281671d2fe5032d2a091fa842b0af2e116ba"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r6, 0xe0, &(0x7f0000000580)={0x0, <r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r8=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
r9 = getpgid(r5)
r10 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000013c0)=ANY=[@ANYBLOB="0300000004000000040000000a0000", @ANYRES32=0x1, @ANYBLOB="5bd000"/20, @ANYRES32=r8, @ANYRES32, @ANYBLOB="020000000400000100000000000000000000ebffffffffffffff0000"], 0x50)
r11 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_GETFLAGS(r11, 0x80086601, &(0x7f0000001040))
kcmp$KCMP_EPOLL_TFD(r5, r9, 0x7, r10, &(0x7f0000000280)={r11, r6, 0xf319})
r12 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000840)={r7}, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r12, 0x2f00020b, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0xae5b, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r13 = syz_open_dev$vcsn(&(0x7f0000000000), 0x80000001, 0x402000)
ioctl$VHOST_NET_SET_BACKEND(r13, 0x4008af30, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="180000002400010300000000000000000100"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r4, &(0x7f0000004ec0)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x2000, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e21, 0xab, @empty, 0xc7ec}, 0x1c)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r0, 0x8008f513, &(0x7f0000000080))
r14 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r14, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x2d0, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x100, 0x130, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x330)

21m8.370844481s ago: executing program 32 (id=26):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x141080, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x8000000003c)
r2 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000140)=0x200000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = getpid()
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000002240)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0020000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26ffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87867c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f86bb47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad91935a6ddfa8f90e79321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c1f860d050d694cc7806d294d3665016a7b29da0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d40887c58559b7dcb98a6273b8c651e57f727041c62cea5b7bd24d9f679e4fbe948dfb4cc4a389469608241630459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b83720eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb89872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebed161980f2fde4f9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e9338c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc3600040543a34b195c6a8fc054282cd41b264906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e4bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af41000000000000007f5ab0d534b8d63e4ca3be71f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af0be61e58c79d497247d278888901d442ad7f8536607a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733097f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99e85b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5359dbdfbf31a562395020becaf3fd1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4b28288e78980c1184d8223edbc4bf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b5524642c248aa813edaa626f0000000000000000000000000000000003ba5bac34b611569a451564d3a5400f9097ffe7a37e765bc652be71ee24250d6d9cf19878dd62c53062d6000c409de6a6135eae8a00000000008d797190a26c933f933aff5c521eeb7a84a62d148a846e74e76b515b6b8be29e8b69310fa130cf6d6b74f33205d3cc218ca554ed8085ae044f5bf2e89ad07963acbd4dd4dc5b4552591edde7a22ad06f7567e6fec2f65011b579bf609d61a3ff4d6f490824bb035995449fc34106ae6889f036d67b6aaee784f855ebc746ac871b5d2031ac0a252ac1f86e93e245f3793cea80b6de773899d49d11d3b1ed79163b111c976cf840a2ef6214a43338fba8c9edb6be26e68fcc5d47ed74a66ce8aba726ab955b9b32ab1890e84a5e2d7476252af25e5c95c5a8b2b1b5c8a2645b017d23c0f169d6ab529cc889bb07889d9e155114cf3e26a50c527ec6d4021cd2cacfea6d7e41e39e26b3967cad65c648b170f12ea9cc69dcee64be0c27b1f4f7f5ce3e62c35602c9d2921326891901661c85b9ee4a0a0b9636bef4c23788494f094abb91ed813b42828aa93105896e0aee851a8087e169a1d69e841257d9053d0cdc3a6ac4f12084cc6470abebe8b344b1f56690a2687b428686c854c21831da277e8b8a21b7b91a46d22ba083eca7b1f8268048cde7d6f237dca42035881b29ca9c8c2937971821b613894297ff6f7796053a4de1fd77e180cc22b205d43bb4a1b59962c1f605ea1b74587100e8d579f157cb45561c357f9976cec6a43388b3049a0d9c171ff6145266ba119d00000000001ef3794a930eb12f3a6215c510bf0bca70c127e9c70cc7bef921249a7f18a0034ce3264a9e96656b47233e2ed7c76520e649c3fd550bdafd77c5cd72b4446d3e157ddd97e7622a6891fb739acd3b2cdaf65ac78490f0641be6e8c6f55bf3d228786895ff5fd5970faacd8a5025aca0aa1931f477ba06aa60051298c8bf7f3b399194f98dc3f4e8513ad06da09dc393c1284515986b8c70ac69512f6c0c04f42edb3a097a11f2ab480e3e391abffae097752300576337c6dd24c4a98280684aa1fe8c7b43ee8bce05fe979b34da18cdb44dbb030b8009cd3b3b44fd8e7b534acd3f1839cb54817668ab446d3d47848429ea831a57f26c8b05dedddceb24483f8f998b05c3ddf85c3799c9000000000000000000000000001e57cf839eb3150d6a076fb7b86fae98dbb46014f483aecb4ec4f0877371bcae8912c78aff857c669760f0e55041563c5c3e8ee4a0eef885fd43fe34a1febc82370d1d07fdfe705ada4764320889000000000000000000000000000000a790af4fc17872b55b10db99e212d18193235659df45627da300959eafc8bfb44f70d250f8f2e86532700254c9a8b14999f59c8b9034c4bb2448eaeff5db21d4a7f3d974790d4c3cba7c402f50585b9289d86400679e5c2bcacb2841ca074d51fdb4a29e84d72b6c996cfbee06aa52cd632e82ba068e8e1572ef2eb414ba5fccfc3c03e64df6a9cc3936c604aa2c0e2ec7b777475023f29b146af003472ce146a5ff997ba53c51026c0096154f9280a34bbf21d66f57a250b5397766122fc86950ce5252e96868cd04df54764cf2082153d6cedd8aaf9700c734aa4a1cb33a2e0a13c5687be4de327511bff9816d13c3219dac1c1535f10243db6f96960ea6a621f5e1b7babbedf0a6bf0cf74123d2e78d01be2b048883a2459eec630fb0293d28d9799fd3a792caff693fd9f002f14c43fb5a1051cc686b7f114d7927eed559bdf2e8ddea3e61d5d942b63fe90230b2e1948fc563ef94d437281671d2fe5032d2a091fa842b0af2e116ba"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r6, 0xe0, &(0x7f0000000580)={0x0, <r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r8=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
r9 = getpgid(r5)
r10 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000013c0)=ANY=[@ANYBLOB="0300000004000000040000000a0000", @ANYRES32=0x1, @ANYBLOB="5bd000"/20, @ANYRES32=r8, @ANYRES32, @ANYBLOB="020000000400000100000000000000000000ebffffffffffffff0000"], 0x50)
r11 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_GETFLAGS(r11, 0x80086601, &(0x7f0000001040))
kcmp$KCMP_EPOLL_TFD(r5, r9, 0x7, r10, &(0x7f0000000280)={r11, r6, 0xf319})
r12 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000840)={r7}, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r12, 0x2f00020b, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0xae5b, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r13 = syz_open_dev$vcsn(&(0x7f0000000000), 0x80000001, 0x402000)
ioctl$VHOST_NET_SET_BACKEND(r13, 0x4008af30, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="180000002400010300000000000000000100"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r4, &(0x7f0000004ec0)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x2000, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e21, 0xab, @empty, 0xc7ec}, 0x1c)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r0, 0x8008f513, &(0x7f0000000080))
r14 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r14, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x2d0, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x100, 0x130, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x330)

7m6.878514576s ago: executing program 4 (id=3004):
r0 = socket(0xb, 0x3, 0x0)
write(r0, &(0x7f0000000000)="0f03000019002551075c0166090ffc02800000030011000500e1000cee2003001a000000020000000000000090b9281c994b53d15436c2d341c90d73273e9b51", 0x40)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0700000004000000200000000100000000000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000f0000000000000000000000fb384b9a86f131cd8548308dce401492dd1e383acf2a49957c2ced9ebc320919d19fdb3296abdaad1428d54fbdaed25f1822c331ccd7058e866092565141799bad28e5dee5752a1edd2e6be92ffbfdad072f045c9e4152421f02e3c040b302e92edfe1e14da95b3364999e01e492ad20b25f6c4be89a2f3684576f2403154e4302e26feb95a7e20211"], 0x50)
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f00000006c0)={r2, 0x58, &(0x7f0000000100)}, 0x87)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f00000000c0)='./file0\x00')
renameat2(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file5\x00', 0x2)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0e00000004000000040000000300000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="00000000000100000000000000000000000000c1", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r3, &(0x7f0000002080)={0xfc, {"a2336848149e516d4b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383563030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b3e31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9903f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928d28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f2730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b81305c038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849cd9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484539ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1f93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb8843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b2804563407308c58c89d9e99c81769177e6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463373b4b87c9050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e080000007ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e3933ed07c2b8081c128ad2706f48261ff07000000000000613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59500000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_QUERYMENU(r4, 0xc008561c, &(0x7f0000000000)={0x980900, 0x7, @value=0x2})
io_submit(0x0, 0x1, &(0x7f0000000340)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x6, r1, &(0x7f00000005c0)="0d6cf014c1eae8d5163e42f8a2e32f572c816e6256bd299b41701444c9c42b299d17fe21dce4b0a269130d358b5a0e2fd56ae20288778b2f7af105c80b4f096f4514e7c6ce5e764faf31e3f77b42eb2b26e3eccf89548e6286c7af59fbaf4d736a81b627b70f7280ca087e67ab1401ce4aaa61ff44c9a3550fbd8eaaefa2203653e910a42a787a85e2", 0x89, 0xce49, 0x0, 0x2}])
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
preadv(r5, &(0x7f00000013c0)=[{&(0x7f0000001480)=""/201, 0xc9}], 0x1, 0x5, 0x6)

7m3.755996428s ago: executing program 4 (id=3009):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x5, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x88040, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x88040, 0x0)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x40201, 0x0)
pwritev(r2, &(0x7f00000023c0)=[{&(0x7f0000000300)='o', 0x1}], 0x1, 0x6156, 0x5)
ioctl$TIOCGPTPEER(r2, 0x5441, 0x9ab)
fcntl$getflags(r1, 0x401)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000040)={@map=r3, 0x5, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x11)
dup(r0)

7m3.567855176s ago: executing program 4 (id=3011):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="44a837b4012b18a47d01872e42ba27df6fcd8ed404f2a8f480f04048ea693cd7ce5da6ec8d384c7d1aad3083b1a43ee2bec297b5047b0819438a106eab643e82c6503b6c27d0b82482568a35253741de9cf3223f17508862d111b3e3fa9c27c90671fffed0199ba8aa1d7608", @ANYRES16, @ANYRESDEC, @ANYRESOCT], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
fsopen(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x6)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000380), r4)
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, 0x0, 0x20000041)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r5, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)
r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
listen(r6, 0x80000001)
writev(r5, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)

7m2.64525146s ago: executing program 4 (id=3012):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x60, 0x3fd}, 0x25)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x555)
semtimedop(0x0, &(0x7f0000000040)=[{0x3, 0x8, 0x1800}, {0x3, 0xfffb, 0xc00}], 0x2, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000180)={0x8, 0x10000000, 0x0, 'queue0\x00'})
write$sndseq(r1, &(0x7f0000000000)=[{0x22, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x0, 0x95ffffff]}}], 0xffc8)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
unshare(0x10080080)
ioctl$KDSKBENT(r2, 0x4b47, &(0x7f0000000080)={0x0, 0x7d, 0x20f})
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r3 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r3, 0xc2604110, &(0x7f0000000300)={0x0, [[0x9ef8], [0x18000], [0x4]], '\x00', [{}, {0x0, 0x10}, {}, {0x0, 0x5, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x1, 0x1}, {0x0, 0x5f, 0x1}, {}, {}, {0x2, 0x3}, {0x0, 0xfffffffe}], '\x00', 0x1000})
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
accept(0xffffffffffffffff, &(0x7f0000000240)=@nfc, &(0x7f0000000000)=0x80)
setpgid(r4, 0x0)
setpgid(0x0, r4)
socket$nl_route(0x10, 0x3, 0x0)

7m2.118778035s ago: executing program 4 (id=3013):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000000)="0a000000010001", 0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x2, 0x0, 0x4}}, 0x2e)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x34, r4, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}]}, 0x34}, 0x1, 0x0, 0x0, 0x40811}, 0x20)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r6, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}, 0x2}}, 0x26)
close(r2)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000800)={[&(0x7f0000000940)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']})

7m1.61202207s ago: executing program 4 (id=3016):
r0 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, r0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, &(0x7f0000000040)})
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000001c0), 0x13f, 0x1}}, 0x20)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000400)={0x2020}, 0x2020)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002900)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000002680)}], 0x1, 0x0, 0x0, 0x10}}], 0x1, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r3, 0x3ba0, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r4, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r4})

7m0.838138381s ago: executing program 33 (id=3016):
r0 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, r0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, &(0x7f0000000040)})
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000001c0), 0x13f, 0x1}}, 0x20)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000400)={0x2020}, 0x2020)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002900)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000002680)}], 0x1, 0x0, 0x0, 0x10}}], 0x1, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r3, 0x3ba0, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r4, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r4})

13.127458493s ago: executing program 2 (id=4258):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14, 0x1a, 0xa01, 0x3, 0x0, {0xa}}, 0x14}}, 0x40004)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000080)=@ethtool_regs={0x12, 0x0, 0x5, "fbdbf97859"}})

12.764712015s ago: executing program 2 (id=4262):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000070000000300000048"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r5}, 0x18)
r6 = mq_open(&(0x7f00000007c0)='\r\x00elinu\xef\xe3elinux\x00\x86\xf6\x92\n#*\xac\x02\xce\xf8D\\\x9a\xe6[]L+\xf6\v\xe8\xf2\xd3\b\x15\n\xb8F!Q9o\x1f#\xbdt\r\xfb\"\x18%\xfdM\xaf_t\xd2\xdcJ\x10\a|\x9en\xbd\xeb\x14\x7f\xb9\x83\xfe\nf\xc26\xbab\x1a\xdf\xb1\xbdU\xd7Lo\xe7\xac\x81\x10k\xce-\xf5@\xbb\x9d;\xe8\xf6\xffQ\x04\xaai\x92k\x1b;\xddM\xa2\xe1-\x0e\xd8\xde\x00\xff\x18\xdd\bL\xfb\xa2.\xb6{\xb5\x85#\x88\xdc\xf0\x0f\x05\xf1\xc4 \xdeV\x80q\xf7\x04\xf5\x85T\x1f\xc2S]G\xc9lw\xd3J\xc5\xe8\x02\xcb\xbbAHxr\xac\xb77F\xdf\x1c\xcb\xd4\xce\x88L\xf1\xf9[\x98\xd4+pTx\x95\xb5\x1b]x\x1a\x95\xe1c6\xe7`83\xb7n#\xe0\xc1_\xec\xba\xde\a\x8b\xc5\x86woo\xbc\x1c\xa3r\x82\xf3enq-\x90/\xed\xff\xad+\x03\x10\t\xda\xfd\xa2\xd0\xef4\n%\xf1\xd8S\\\xec\xa31_\v\x8a\xf2\x18\xa6\xb1\xbb\x8b9\x1e\xff\xf8\xcdX\xf7h\b\xaf\x01\x84\xd4\x06Ml(Bw=\x13\xa1&\xd3\xec\xa9\x8ba\x86\x9d\xf4\x11\n\x89z\xa5\xac\xcbh\xc2\x1b\xeay\xbf\x06\x80\xff\xdf\x93\xef\x7f\xb1\xaf\xa0\xae', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x7, 0x1, 0x5, 0x9})
mq_getsetattr(r6, &(0x7f0000000300)={0x800, 0x0, 0x1}, 0x0)

8.745908157s ago: executing program 2 (id=4275):
r0 = socket$inet_udp(0x2, 0x2, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702000002ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async, rerun: 64)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (rerun: 64)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) (async)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000180)) (async, rerun: 64)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc) (async, rerun: 64)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x4000) (async)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x85, 0x9a, 0x93, 0x40, 0x57c, 0x2200, 0x390, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xd6, 0x47, 0xae}}]}}]}}, 0x0) (async)
syz_emit_ethernet(0x5e, &(0x7f00000001c0)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x28, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@sack={0x1d, 0x2, [0x0, 0x0, 0x0, 0x0]}]}}}}}}}}, 0x0) (async, rerun: 64)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fd7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
mount$overlay(0x0, 0x0, 0x0, 0x1000000, 0x0) (async, rerun: 32)
chdir(&(0x7f00000003c0)='./bus\x00') (async, rerun: 32)
r3 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
ioctl$FICLONERANGE(r3, 0x4020940d, &(0x7f0000000040)={{r3}, 0x401, 0x2, 0x7}) (async)
sendto$inet(r0, 0x0, 0xffef, 0x20000000, &(0x7f0000000240)={0x2, 0x4e22, @remote}, 0x10)

8.000058347s ago: executing program 2 (id=4277):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./bus\x00', 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x86)
mount$fuse(0x0, 0x0, 0x0, 0x1930bd, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0)
mount$bind(0x0, &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x18004d0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}], [{@seclabel}]})
r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0)
r2 = eventfd2(0xbb4, 0x80000)
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f0000000000)=r2, 0x1)
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)

7.972763308s ago: executing program 5 (id=4278):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10) (async)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r1 = dup2(r0, r0)
write$P9_RLERRORu(r1, &(0x7f0000000000)={0x1b, 0x7, 0x2, {{0xe, 'cgroup.freeze\x00'}, 0x40}}, 0x1b) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) (async)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@redirect_dir_follow}, {@index_off}, {@xino_on}, {@verity_off}, {@userxattr}]})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000900)={0x0, 0x2, 0x1, [0xffff, 0x10, 0x1, 0x88, 0x5], [0xffffffffffffff63, 0x8, 0xffffffffffffff4a, 0x80000001, 0x10000, 0x9, 0x2d9, 0x4, 0x40000003, 0xc5, 0x8001, 0xc, 0x4, 0x7e, 0x7d, 0x3ae7, 0x8, 0x101, 0x80, 0xffffffffffff8000, 0x3, 0x9, 0x7f, 0x862, 0x1, 0xc, 0x5, 0xff800000000000, 0x401, 0x7fffffff, 0xc333, 0x9, 0x400006, 0x8001, 0x1, 0xd5d, 0x8, 0x1, 0x7, 0x5, 0x6cf2, 0x2, 0x9, 0xa, 0x0, 0xffffffff00000001, 0x7fffffffffffffff, 0x2, 0x1000, 0x4cc2, 0xfffffffffffffff7, 0x6, 0x5, 0x3a66, 0x7f, 0x1aac, 0xfff, 0xffffffffffffffff, 0x401, 0x3, 0x706, 0x4002, 0x5b4, 0x8, 0xfffffffffffffffb, 0xb, 0xb88a, 0x6, 0x3, 0x6, 0x2, 0x77, 0x8, 0x349, 0x7, 0xfffffffffffffff9, 0x8, 0xffff800000000000, 0x7, 0xc67d, 0x7, 0xffffffffffffff92, 0x100000001, 0x5, 0xe39, 0x3, 0x9, 0x5, 0x8, 0x6, 0x40000000000000, 0x6, 0x9a, 0x2, 0x401, 0x5, 0x6fc, 0xc90, 0xfff, 0xfffffffffffffefc, 0x72, 0x3, 0x200000006, 0x28, 0x3, 0x1, 0x8d45, 0x100000000, 0x3ff, 0xf2, 0x800, 0x8, 0x8, 0x8001, 0x5, 0x9, 0xa, 0x1ff, 0x2, 0x6b, 0x334]}) (async)
chdir(&(0x7f0000000140)='./bus\x00') (async)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000280), 0x208e24b) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0)
r3 = socket(0x1, 0x2, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r4=>0x0}, &(0x7f0000cab000)=0xc) (async)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$ARPT_SO_GET_ENTRIES(r5, 0x0, 0x61, &(0x7f0000000b80)={'filter\x00', 0x4, "25cf96f2"}, &(0x7f0000000bc0)=0x2c)
setresuid(0x0, r4, 0x0) (async)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x40408c1) (async)
ioctl$FS_IOC_SETFLAGS(r2, 0xc0189436, &(0x7f0000000140))

7.8316768s ago: executing program 2 (id=4279):
socket$inet6_udp(0xa, 0x2, 0x0) (async)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sysvipc/msg\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000140)={&(0x7f0000ffb000/0x3000)=nil, 0x3000}) (async)
fsopen(&(0x7f0000000340)='fusectl\x00', 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000001240)={<r3=>0xffffffffffffffff}, 0x111}}, 0x20) (async)
r4 = syz_io_uring_complete(0x0)
r5 = socket(0x1e, 0x4, 0x0)
r6 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0xfffffffc}, 0x10) (async)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) (async)
recvmmsg(r6, &(0x7f0000001c00)=[{{0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000000480)=""/4085, 0xff5}], 0x1}, 0xbe58}, {{&(0x7f0000001500)=@nl=@proc, 0x80, &(0x7f0000001580)=[{&(0x7f0000001640)=""/131, 0x83}], 0x1, &(0x7f0000001700)=""/172, 0xac}, 0x3}, {{&(0x7f0000001900)=@generic, 0x80, &(0x7f0000001b80)=[{&(0x7f0000002880)=""/4096, 0x1000}, {&(0x7f0000001980)=""/138, 0x8a}, {&(0x7f0000001cc0)=""/62, 0x3e}, {&(0x7f0000001a40)=""/117, 0x75}, {&(0x7f0000001ac0)=""/91, 0x5b}, {&(0x7f00000017c0)=""/54, 0x36}, {&(0x7f0000001b40)=""/32, 0x20}], 0x7}, 0x80000000}], 0x3, 0x7ffeedc0, 0x0)
ioctl$sock_qrtr_TIOCINQ(r1, 0x541b, &(0x7f00000002c0)) (async)
socket$packet(0x11, 0x2, 0x300) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc4c85513, &(0x7f00000006c0)={{0x7, 0x0, 0x9, 0xc, '\x00', 0x8}, 0x0, [0x0, 0x8, 0x2, 0x0, 0x100, 0x3ff, 0x1, 0x1, 0xfffffffffffffffb, 0x9, 0x7, 0x800, 0xa65b, 0x3, 0x6, 0x0, 0x1, 0x5, 0x8, 0xfffffffffffffeff, 0x0, 0x8000000000000000, 0x9, 0x6, 0x40000000007, 0x7, 0x6, 0x5, 0x80000000, 0x100000000, 0x2fca, 0xaa, 0x0, 0x101, 0x5, 0x4, 0xdda, 0x7fff, 0x4, 0x8, 0x5, 0xfffffffffffffe00, 0xfff, 0x5, 0x1, 0x7, 0x3, 0xffffffffffffffff, 0x6, 0x44a, 0x5, 0x7, 0xffffffffffffff9e, 0x8, 0x200, 0x3, 0x8, 0x5, 0x7, 0x7, 0x0, 0x6, 0xfffffffffffffffb, 0x2e7e, 0x67b, 0x1, 0xfffffffffffff88f, 0x80, 0x6, 0x4, 0x9, 0xfffffffffffffffd, 0x4, 0x81, 0x2, 0xffffffff, 0x3, 0x7, 0x18c, 0x10, 0x4, 0x10000, 0x6, 0x8000000000000001, 0x0, 0x7, 0xffff, 0xfff, 0x7, 0xf62f, 0xfd2, 0xc37, 0x21, 0xa, 0x8c, 0xfffffffffffffffa, 0x7fffffffffffffff, 0x40, 0x7f, 0x4, 0x4e, 0x5, 0x0, 0x7fff, 0x2000000000000007, 0x3, 0x400, 0x9, 0x41c, 0x7ff, 0xb78d, 0x4, 0x1, 0x0, 0x60004, 0x7, 0x4, 0x66c0, 0x9, 0x7, 0x8, 0x5, 0xe, 0x1b2, 0xd7, 0x6, 0x800, 0xe5f]})
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7, @local}, {0xa, 0x4e20, 0x101, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x7}, r3, 0x6}}, 0x48) (async)
r8 = syz_io_uring_setup(0x690c, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f00000014c0)=<r9=>0x0, &(0x7f00000001c0)=<r10=>0x0)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) (async)
syz_io_uring_submit(r9, r10, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) (async)
sendmsg$NL80211_CMD_GET_SURVEY(r5, &(0x7f0000001480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x20, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x7e8, 0x5}}}}, ["", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4d911}, 0x4040800)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c0000006800010003001000fdffff7f00000000000000000c00020001000000150000000800050099282b006f4dbb844c86ed4b70d8ea093f5cf24802100d634c971ee3f480286dc023e823a837cbff917624d4e3c76eed41f678490cfd467cc4e9ee993e26eca6f89367d02b1d", @ANYRES32=0x0, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
io_uring_enter(r8, 0x20587e, 0x282c, 0x9, 0x0, 0x0)

7.519984369s ago: executing program 5 (id=4281):
syz_open_procfs(0xffffffffffffffff, 0x0) (async)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async, rerun: 32)
r1 = getpid() (rerun: 32)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r4, 0xc0045516, 0x0) (async)
connect$unix(r2, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e) (async)
r5 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x1, 0x800)
mmap$snddsp(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x11, r5, 0xf000) (async, rerun: 32)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) (async, rerun: 32)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async)
r6 = socket$phonet_pipe(0x23, 0x5, 0x2)
preadv(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000180)=""/109, 0x6d}], 0x1, 0x1, 0x138000) (async)
connect$phonet_pipe(r6, &(0x7f0000000040)={0x23, 0x1, 0x9, 0xfe}, 0x10)
r7 = shmget$private(0x0, 0x400000, 0x40, &(0x7f000000e000/0x400000)=nil)
clock_adjtime(0x0, &(0x7f0000000240)={0xfffffffffffffffc}) (async)
shmctl$SHM_STAT_ANY(r7, 0xf, &(0x7f0000000040)=""/140) (async, rerun: 64)
shmctl$IPC_RMID(r7, 0x0) (async, rerun: 64)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0) (async)
r8 = add_key(0x0, 0x0, &(0x7f00000000c0)="39c2331d554514b08b1a8a5f80cf28d15c5358ac69", 0x15, 0xfffffffffffffffc) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
keyctl$chown(0x4, r8, 0xee00, 0xffffffffffffffff)

6.590150842s ago: executing program 2 (id=4284):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r2)
syz_usb_connect(0x0, 0x34, &(0x7f0000000940)=ANY=[@ANYBLOB="12010000a6ff0540cdabeecdb9050000000109022200010000000009049c0001010351000905fd1200000000000725"], 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000240)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x28, r4, 0x1, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SCAN_SUPP_RATES={0xc, 0x7d, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x5, 0x3, "96"}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x20000816)
sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x40, r1, 0x100, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x2, 0x7}}}}, [@NL80211_ATTR_STA_PLINK_ACTION={0x5, 0x19, 0x1}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x1112}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x2}]}, 0x40}, 0x1, 0x0, 0x0, 0x40040c0}, 0x4)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x34, r6, 0x1, 0x70bd2c, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5}]}, 0x34}}, 0x0)

6.588802294s ago: executing program 6 (id=4285):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={<r5=>0xffffffffffffffff}, 0x2, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000580)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000280)=0x1, r5, 0x0, 0x1, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, r5, 0x7}}, 0x48)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={<r7=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r6, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000280)=0x1, r7, 0x0, 0x1, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @loopback, 0x2}, {0xa, 0x0, 0x7, @remote, 0x3}, r7, 0x7}}, 0x48)
clock_gettime(0x0, &(0x7f0000000380)={<r8=>0x0, <r9=>0x0})
ppoll(&(0x7f0000000340)=[{r4, 0x80}, {r0, 0x8001}, {r4, 0x2000}, {r0, 0x1000}, {r0, 0x4400}, {r0}], 0x6, &(0x7f0000000500)={r8, r9+10000000}, &(0x7f0000000540)={[0x7]}, 0x8)
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000200)={0x0, 0x0, r3, <r10=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000440)={r10, 0x0, 0x0, 0x0, 0x164f74d3841caf7c, [<r11=>0x0], [], [0x0, 0xfffffffc, 0x800], [0x7, 0x9]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r11})
r12 = socket$inet(0x2, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r12, 0x8946, &(0x7f0000000140)={'virt_wifi0\x00', &(0x7f0000000480)=@ethtool_drvinfo={0x3, "5c103a2554649d8bdc9b838c7a44b5c9a25496a524ae49dc76bd91800a39292c", "f046fa390c95230097bd34fb8ce5a57971d06912ac487695eced225dac5c61d5", "9efda9bcd4844f5e4f481f08c871f2405b665dd2b7f886f4ee7030f4769b3d54", "af9311feb3924a3cbee32b4418c82a79586ce2b83329c2b77b8b636036bdc671", "7ab0660eb3d4c2e7f67cb34c9c656368eecca5bcc523c8b443aa3c086331d0fb", "9696dbab05f7c605d8cd231f", 0x67, 0x2, 0x4, 0x5, 0x2}})
pipe(&(0x7f0000000440)={<r13=>0xffffffffffffffff})
read$alg(r13, &(0x7f00000003c0)=""/85, 0x55)
read$msr(r13, &(0x7f0000000040)=""/54, 0x36)
ustat(0x1, &(0x7f0000000100))
close_range(r0, 0xffffffffffffffff, 0x0)

5.890987993s ago: executing program 34 (id=4284):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r2)
syz_usb_connect(0x0, 0x34, &(0x7f0000000940)=ANY=[@ANYBLOB="12010000a6ff0540cdabeecdb9050000000109022200010000000009049c0001010351000905fd1200000000000725"], 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000240)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x28, r4, 0x1, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SCAN_SUPP_RATES={0xc, 0x7d, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x5, 0x3, "96"}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x20000816)
sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x40, r1, 0x100, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x2, 0x7}}}}, [@NL80211_ATTR_STA_PLINK_ACTION={0x5, 0x19, 0x1}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x1112}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x2}]}, 0x40}, 0x1, 0x0, 0x0, 0x40040c0}, 0x4)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x34, r6, 0x1, 0x70bd2c, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5}]}, 0x34}}, 0x0)

5.833849146s ago: executing program 5 (id=4287):
unshare(0x22020600)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x118d, &(0x7f00000000c0)={0x0, 0x8d2dc, 0x0, 0xffffffff, 0xc2}, &(0x7f00000003c0)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r1, 0x0, 0x0, 0x0, 0x80000})
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000080)={<r4=>0x0, @in={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x33}}}, 0x1000, 0x8, 0x0, 0x5f, 0x82, 0x4, 0x7f}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000140)={r4, @in={{0x2, 0x4e21, @multicast1}}, 0x3, 0x7486, 0x0, 0x2, 0x40, 0xfffffffc, 0x1}, 0x9c)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
close(r5)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r7 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0)
r8 = syz_open_dev$vim2m(&(0x7f0000000100), 0x1358, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x8, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000ff010000000000000000000061"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
ioctl$vim2m_VIDIOC_REQBUFS(r8, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r7, 0xc1105517, &(0x7f0000000080)={{0x1009, 0x0, 0x0, 0x80, 'syz0\x00'}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x8, 'syz1\x00', 0x0})
ioctl$TCSBRKP(r5, 0x5425, 0x0)
r9 = getpid()
syz_pidfd_open(r9, 0x0)

5.833127868s ago: executing program 3 (id=4288):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)=@o_path={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
dup(r0)
syz_io_uring_setup(0xa39, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x3a)
sendmmsg$inet6(r1, &(0x7f0000000340)=[{{&(0x7f0000000380)={0xa, 0x0, 0x0, @mcast2={0xff, 0x5, '\x00', 0x0}}, 0x1c, &(0x7f0000000000)=[{&(0x7f0000000100)="a0002883781ecc", 0x7}], 0x1}}], 0x1, 0x0)
getresuid(0x0, &(0x7f0000000140), &(0x7f0000000180))
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x840000, &(0x7f0000000240)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[], [{@smackfsroot={'smackfsroot', 0x3d, 'syz2\x00'}}, {@dont_measure}, {@obj_user={'obj_user', 0x3d, '\x17}2)'}}]}})
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8002, 0x0)
read$msr(r2, &(0x7f0000019540)=""/102400, 0x19000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000d84000)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
ioctl$int_in(r3, 0x5452, &(0x7f0000000080)=0x1)
sendto$inet6(r3, 0x0, 0x0, 0x200008c5, &(0x7f0000000000)={0xa, 0x2, 0x2, @loopback, 0x4}, 0x1c)
shutdown(r3, 0x1)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

5.79590042s ago: executing program 6 (id=4289):
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000ac0)=@raw={'raw\x00', 0x8, 0x3, 0xa08, 0x100, 0xffffffff, 0xffffffff, 0x100, 0xffffffff, 0x970, 0xffffffff, 0xffffffff, 0x970, 0xffffffff, 0x3, 0x0, {[{{@ip={@broadcast, @private, 0x0, 0x0, 'batadv0\x00', 'batadv_slave_0\x00', {}, {}, 0x21}, 0x6, 0xa0, 0x100, 0x0, {}, [@common=@inet=@dccp={{0x30}, {[], [], 0x0, 0x300}}]}, @common=@SET={0x60}}, {{@ip={@loopback, @dev, 0x0, 0x0, 'veth0_virt_wifi\x00', 'bond_slave_0\x00'}, 0x0, 0x850, 0x870, 0x0, {}, [@common=@unspec=@u32={{0x7e0}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0xa68)
r5 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, 0x0, 0x0)
r6 = fanotify_init(0xf00, 0x1000)
fanotify_mark(r6, 0x105, 0x5000003a, r3, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0)
ioctl$SNDRV_PCM_IOCTL_HWSYNC(r7, 0x4122, 0x0)
readv(r6, &(0x7f0000000c40)=[{&(0x7f0000000500)=""/169, 0xffffffa0}], 0x1)
socket$nl_rdma(0x10, 0x3, 0x14)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_REGISTER_BEACONS(r9, &(0x7f0000003900)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)={0x24, r8, 0x1, 0x0, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x51}, @val={0x8, 0x3, r10}, @void}}}, 0x24}}, 0x240040c0)

4.252695988s ago: executing program 3 (id=4290):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0)
close(0xffffffffffffffff)
unshare(0x20000400)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = syz_usbip_server_init(0x1)
syz_usbip_server_init(0x4)
write$usbip_server(r5, &(0x7f000000a100)=@ret_unlink={{0x4, 0x7, 0x0, 0x0, 0x80e}, {0x905}}, 0x30)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000080000000000000000000000850000002a00000018010000202073250000000000207fbe0de90a27e6fad3da0520207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000010000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r6, 0x609, 0xe, 0x0, &(0x7f0000000140)="dd8000ff600000005d8ec6f10000", 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1f)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRES32=r4, @ANYBLOB="0700000000000000000000009728b5c8e764fe7eacd5bc11067cdb7eeda4544cc2a8b08b2eefd35033c091206b091080671179ffb8d931ce90728c5293385ff101e15640afa1b34c5f693229963270270b361acf375d5dd7cab3daa56dfb0a0a10c86dfebaabc5e2908baea281cd8364568cd0647ef709a8025a23409e215a8d33c963191527064a6c9c0d1710a904e9abc42e4a1680b615dd8c4aa1da65358de6a47e58d27e1ab1e55621e07228cd4b5ade38770e751e5083cbf81394a9824b0e18623c5b2327e90fcf29ee8ef385438e02b818c7ac6c9ed5b728b7e5981e33a836e041d421cd88", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x10)
mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

4.251103879s ago: executing program 6 (id=4291):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), 0xffffffffffffffff)
r2 = socket(0x10, 0x2, 0x0)
sendmmsg$unix(r2, &(0x7f0000000680)=[{{&(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000000480)=[{&(0x7f00000003c0)="f263cc96762468a77ba43cebb58aff77", 0x10}, {&(0x7f0000000400)="ef22fcaf2096f877aa91d1d6f3256af613dfb2c2b33d48b1b3b2939d713b20e609158fb637d2ce2a392e8b7aa26482e6ccaeed909248bc49884bf0a33840d7e795df", 0x42}], 0x2, &(0x7f0000000640)=[@cred={{0x1c}}], 0x20, 0x10044850}}], 0x1, 0x4004081)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f00000000c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, @loopback, @private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x0, 0xfffffffc, 0xfffffffc}})
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x4c, r1, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5, 0x83, 0x1}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8801}, 0x4000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_open_dev$video(&(0x7f0000000380), 0x80000000, 0x20000)
ftruncate(r5, 0x8)
r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340), 0x103201, 0x0)
write$P9_RSTATu(r6, &(0x7f0000000080)={0x265, 0x2, 0xafd, {{0x54f, 0x124, 0x28, 0x1f00, {}, 0x0, 0x0, 0xc, 0x401, 0xffffffffffffff7d, '\nnodev{evo\x03\xd3\x8b\x92\x00'/27, 0x28, 'pg>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18x\x99\xa9\x16c\x88\x14\xe5p\x81\x03\xb4\x94\xe1\x00\x00\x00\x00\x00\x00\x00\x00', 0x2, '\b\x00', 0xac, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4@\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x009\x86Ac\x1dD\xf4\xa3\x9b\x11\x91\x93z(\x0e\x8d\x88\x9f\xc2 \xd1\x15\xac\x8e/\x18K\x9aau\x8d&w*\xb0\xf2\x04M\x8e\xf0&=\xdd\x97\xd3\xc4\'\xb3\xa52\xef\xab\x1d\x1c\xe3,\xa7\xc1\xfc#\x1a\xf4\x84\b\xe0+%P(\xb7\xc9\xbb\x859oM\x8a\xf0\xeb\x95\xfc\x0e\xcc\x99\xf7\x80\xe2'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0xfd85)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r7=>0xffffffffffffffff, {0xbfb, 0x40}}, './file0\x00'})
ioctl$DRM_IOCTL_RES_CTX(r4, 0xc0106426, &(0x7f0000000300)={0x3, &(0x7f0000000180)=[{<r8=>0x0}, {}, {}]})
ioctl$DRM_IOCTL_SWITCH_CTX(r7, 0x40086424, &(0x7f0000000340)={r8, 0x3})
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r9 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000200)={0x1, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r10 = dup(r9)
ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4400ae8f, &(0x7f0000000040)=@x86={0x15, 0x7, 0xb, 0x0, 0xc6, 0x3b, 0x59, 0x8, 0x7, 0x7, 0x15, 0x6, 0x0, 0x4, 0x7, 0x1, 0x0, 0x88, 0x10, '\x00', 0x1, 0x7})
ioctl$KVM_SET_VAPIC_ADDR(r10, 0x4008ae93, &(0x7f00000000c0)=0xffff)
read$msr(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)

4.247960902s ago: executing program 5 (id=4292):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_vhci(0x0, 0x7)
syz_open_dev$cec(0x0, 0x0, 0x0)
r3 = openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="34a7bf6a5102ae18", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000180), 0x1003, r6}, 0x38)
r7 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r7, 0xc0285700, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
sendmsg$IPSET_CMD_TEST(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="640000000906010800000000000000000600000505000100070000003c0007801800148014000240fc0000000000000000000000000000011800018014000240ff01000000000000000000000000000105000300070000000900020073797a31"], 0x64}}, 0x4800)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x20000090)
ioctl$SW_SYNC_IOC_INC(r3, 0x40045701, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_setup(0x497, 0x0, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r9=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0xfffffffe, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r9}]}, 0x20}}, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x38, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x3fd7}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x20, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r9, 0x192}}, 0x20}}, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x800008, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x8, 0x2)

4.197987195s ago: executing program 1 (id=4293):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bond0\x00', <r2=>0x0})
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=@updpolicy={0xc4, 0x19, 0x501, 0x0, 0x25dfdbfb, {{@in6=@private0, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, r2}, {0x0, 0xfffffffffffffffc}, {}, 0x0, 0x0, 0x2}, [@offload={0xc, 0x1c, {r2, 0x4}}]}, 0xc4}}, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000d00)=0x2b56, 0x4)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
syz_clone3(&(0x7f0000000080)={0x2d008400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000001200)=[0x0], 0x1}, 0x58)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'syz_tun\x00'})
socket$nl_netfilter(0x10, 0x3, 0xc)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x100, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0)

3.035900795s ago: executing program 6 (id=4294):
mkdir(&(0x7f0000000400)='./file0\x00', 0x1f9)
r0 = syz_io_uring_setup(0xe42, &(0x7f00000005c0)={0x0, 0x2119, 0x100, 0x0, 0x1d0}, &(0x7f0000000140)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000040)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)={0x80000, 0x0, 0x32}, &(0x7f0000000500)='./file0\x00', 0x1d})
io_uring_enter(r0, 0x6f58, 0x3e00, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
r4 = syz_open_dev$media(0x0, 0x80000000, 0x40)
ioctl$MEDIA_IOC_ENUM_LINKS(r4, 0xc0287c02, &(0x7f0000000440)={0x80000000, 0x0, &(0x7f00000000c0)})
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000080)={'vxcan1\x00'})
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, 0x0, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r7, 0xc0105512, 0x0)
ioctl$SNDCTL_DSP_POST(0xffffffffffffffff, 0x5008, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
read$usbfs(r7, &(0x7f0000000040)=""/8, 0x8)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

2.950607914s ago: executing program 1 (id=4295):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f04000000000000000000850000000f000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
socket(0x1d, 0x2, 0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = syz_io_uring_setup(0x24f6, &(0x7f0000000b80)={0x0, 0x0, 0x10100, 0x0, 0x33a}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_CLOSE={0x13, 0x8})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000280)={'erspan0\x00', &(0x7f0000000240)={'gretap0\x00', 0x0, 0x10, 0x7800, 0x401, 0x3, {{0x8, 0x4, 0x2, 0x34, 0x20, 0x64, 0x0, 0xca, 0x4, 0x0, @local, @dev={0xac, 0x14, 0x14, 0x3c}, {[@rr={0x7, 0x7, 0x5a, [@private=0xa010100]}, @ra={0x94, 0x4}]}}}}})
unshare(0x8040480)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
pread64(r5, 0x0, 0x0, 0x7fffffffffffffff)
io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

2.795839105s ago: executing program 3 (id=4296):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r0)
sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x9c, r2, 0xe096262f31cc8e8, 0x70bd2a, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xe}, @IPVS_CMD_ATTR_DAEMON={0x70, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'gre0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x6}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x6b7}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'wg2\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}]}, 0x9c}, 0x1, 0x0, 0x0, 0x40010}, 0x40)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000002c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002bbd7000010000253500000008000300", @ANYRES32=r4], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20040814)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000240)={{0x1, 0x1, 0x18, r3}, './file0\x00'})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{}, &(0x7f0000000280), &(0x7f0000000300)}, 0x20)
syz_open_procfs(0x0, &(0x7f0000000000)='net/anycast6\x00')
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
socket(0x10, 0x3, 0x4)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x400040, 0x0)
r6 = fsopen(0x0, 0x0)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r7, 0x89f0, 0x0)
fsmount(r6, 0x1, 0x2)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0)
r8 = socket$kcm(0x21, 0x2, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r9, &(0x7f0000001a40)=""/102392, 0x18ff8)
sendmsg$kcm(r8, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e22, @empty}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffe5e}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0x8000)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
setsockopt$inet6_mreq(r5, 0x29, 0x1b, 0x0, 0x0)
setsockopt$inet6_mreq(r5, 0x29, 0x1b, &(0x7f0000000140)={@remote}, 0x14)

2.648117421s ago: executing program 1 (id=4297):
syz_open_dev$cec(&(0x7f0000000200), 0xffffffffffffffff, 0x4ae60)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000001380)=[{0x5, 0x0, 0x0, 0x200}]}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r4}, 0x18)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000540)=ANY=[@ANYBLOB="01000000070000000801004000000000000000c03e771490167544b9c76e030c6b5cda472608fd4b26d373754a947d19d5c6f9c366fc77a2694569487a2cb96500eb6ec2314a930955f15bc508c66f70ec1df871b61c8595a3672f6a7af83e074b3068579f23e0d4a38cf29bcf78deeece0945a519728554af5d76943c3422cde91d60ecaf50a6c73be84f52d9d6e72e00000000000000000f57b9656fc88e437563a51a02c667"])

1.612995857s ago: executing program 5 (id=4298):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3})
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x5, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
dup(r4)
close_range(r2, 0xffffffffffffffff, 0x0)
timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
socket$unix(0x1, 0x1, 0x0)
r7 = socket$rxrpc(0x21, 0x2, 0xa)
madvise(&(0x7f0000e95000/0x4000)=nil, 0x4000, 0x66)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
read$FUSE(r8, &(0x7f0000004180)={0x2020, 0x0, 0x0, <r9=>0x0, 0x0, <r10=>0x0}, 0x2020)
fsetxattr$security_evm(r7, &(0x7f0000000000), &(0x7f0000000080)=ANY=[@ANYBLOB="05020d0000000500905f45671b2fc20eed6744fb9826f471376053f8f360f538c85d11713c762a288935dff9580533724873195e7db3f0cf665832ccdb5d76877900173eaa3f7d4521109175e1faa65a25ef7d5858a19365273ecb89592ffe33d220a9b67d6a357c7d66619d626da15fc3e72ae78ea98a4e9436c20febb93916626f29c298533dba391e5a096c60db89d6c8a1aef0521be7dd"], 0x99, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000100)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0xc, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local, {[@generic={0x7, 0x7, "0441b613a3"}, @timestamp_addr={0x44, 0x14, 0x6, 0x1, 0x0, [{@multicast1}, {@multicast1}]}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0)
poll(&(0x7f0000000180)=[{r7}], 0x1, 0x7f)
setsockopt$sock_int(r7, 0x1, 0x7, &(0x7f0000000240), 0x4)
r11 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r11, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
ioctl$DRM_IOCTL_GET_CLIENT(r8, 0xc0286405, &(0x7f00000001c0)={0x2, 0x6, {<r12=>r10}, {r9}, 0xff, 0x3})
sched_setaffinity(r12, 0x8, &(0x7f0000000200)=0x5)
listen(r11, 0x0)

1.609727918s ago: executing program 1 (id=4299):
gettid()
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r2, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000340)={r3, 0x0, 0x0, 0x0, 0x1, [<r4=>0x0], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000140)={0x1, 0x2, 0x4})
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
r5 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='attr/current\x00')
r6 = socket(0x10, 0x2, 0x0)
sendmsg$ETHTOOL_MSG_WOL_SET(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x14}}, 0x0)
getpriority(0x2, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={r4})

1.447969639s ago: executing program 6 (id=4300):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x9, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
dup(r0)
syz_io_uring_setup(0xa39, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x3a)
sendmmsg$inet6(r1, &(0x7f0000000340)=[{{&(0x7f0000000380)={0xa, 0x0, 0x0, @mcast2={0xff, 0x5, '\x00', 0x0}}, 0x1c, &(0x7f0000000000)=[{&(0x7f0000000100)="a0002883781ecc", 0x7}], 0x1}}], 0x1, 0x0)
getresuid(0x0, &(0x7f0000000140), &(0x7f0000000180))
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x840000, &(0x7f0000000240)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[], [{@smackfsroot={'smackfsroot', 0x3d, 'syz2\x00'}}, {@dont_measure}, {@obj_user={'obj_user', 0x3d, '\x17}2)'}}]}})
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8002, 0x0)
read$msr(r2, &(0x7f0000019540)=""/102400, 0x19000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000d84000)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
ioctl$int_in(r3, 0x5452, &(0x7f0000000080)=0x1)
sendto$inet6(r3, 0x0, 0x0, 0x200008c5, &(0x7f0000000000)={0xa, 0x2, 0x2, @loopback, 0x4}, 0x1c)
shutdown(r3, 0x1)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

1.414088811s ago: executing program 3 (id=4301):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_REGISTER_BEACONS(r1, &(0x7f0000003900)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)={0x24, r0, 0x1, 0x0, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x51}, @val={0x8, 0x3, r2}, @void}}}, 0x24}}, 0x240040c0)

1.008753783s ago: executing program 1 (id=4302):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x1c, r1, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}]}, 0x1c}}, 0x40) (fail_nth: 6)

1.007173247s ago: executing program 3 (id=4303):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x208, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = gettid()
futex(&(0x7f00000002c0)=0x2, 0xb, 0x2, &(0x7f0000000300)={0x77359400}, &(0x7f00000004c0)=0x1, 0x2)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000040)={0x201, 0xa, 0x2, 0x0, 0x5})

519.195751ms ago: executing program 5 (id=4304):
rseq(&(0x7f0000000680), 0x20, 0x0, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000940)=ANY=[@ANYBLOB="3c0000001a0001"], 0x3c}, 0x1, 0x0, 0x0, 0x4000080}, 0x20048004)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x20040040)
ptrace(0x4206, r0)
waitid(0x0, r0, 0x0, 0x40000000, 0x0)
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1184, 0x4}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ES={0x5, 0xa, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
ioctl$VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000040)={0x49, 0xa, 0x0, "3269c546da0d00000000000000000004000000037b3e9b7fee418700", 0x38414762})

174.575431ms ago: executing program 6 (id=4305):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0)
close(0xffffffffffffffff)
unshare(0x20000400)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = syz_usbip_server_init(0x1)
syz_usbip_server_init(0x4)
write$usbip_server(r5, &(0x7f000000a100)=@ret_unlink={{0x4, 0x7, 0x0, 0x0, 0x80e}, {0x905}}, 0x30)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000080000000000000000000000850000002a00000018010000202073250000000000207fbe0de90a27e6fad3da0520207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000010000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r6, 0x609, 0xe, 0x0, &(0x7f0000000140)="dd8000ff600000005d8ec6f10000", 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1f)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRES32=r4, @ANYBLOB="0700000000000000000000009728b5c8e764fe7eacd5bc11067cdb7eeda4544cc2a8b08b2eefd35033c091206b091080671179ffb8d931ce90728c5293385ff101e15640afa1b34c5f693229963270270b361acf375d5dd7cab3daa56dfb0a0a10c86dfebaabc5e2908baea281cd8364568cd0647ef709a8025a23409e215a8d33c963191527064a6c9c0d1710a904e9abc42e4a1680b615dd8c4aa1da65358de6a47e58d27e1ab1e55621e07228cd4b5ade38770e751e5083cbf81394a9824b0e18623c5b2327e90fcf29ee8ef385438e02b818c7ac6c9ed5b728b7e5981e33a836e041d421cd88", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0x66, &(0x7f00000068c0)={@link_local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\a\x00', 0x30, 0x3a, 0x0, @local, @mcast2, {[], @dest_unreach={0x1, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "0100", 0x0, 0x0, 0x0, @mcast2, @loopback}}}}}}}, 0x0)

61.362767ms ago: executing program 3 (id=4306):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000001"], 0x50)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000000008b}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x3, &(0x7f00000001c0)=0x2002bd)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbee6, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, &(0x7f0000000040)=@add_del={0x2, &(0x7f0000000000)='ip6erspan0\x00'})
connect$unix(r3, &(0x7f0000000340)=@file={0x1, './file0\x00'}, 0x6e)
socket$netlink(0x10, 0x3, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
ioctl$UFFDIO_WRITEPROTECT(r1, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
socket(0x80000000000000a, 0x2, 0x0)
syz_usb_connect(0x0, 0x62, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000fb367d086d04c308166b0102030109025000000000000009041f0000ff0100000a24010400072201020724270500000508240805044f04960d2405f10103031c050306058109240306010104050503240497014804825480b1bf84cb5d459d3fb4bdf2208484b697632855ba7e6516006b79c7cd327a85386071cca3d757425e9561e14879724c02f3a1eeeb47bd44b060b1599e72d8d109d41a88"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000180)=0x7)
socket$inet_mptcp(0x2, 0x1, 0x106)

0s ago: executing program 1 (id=4307):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x128}, 0x8000)
epoll_wait(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0xc, 0x0, &(0x7f0000000240)="63cd5c1672914cd2d5c5ab9c"})
syz_usb_connect(0x1, 0x0, 0x0, 0x0)
r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$6lowpan_control(r4, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
mkdir(&(0x7f0000000140)='./control\x00', 0x5)
r5 = inotify_init1(0x0)
inotify_add_watch(r5, &(0x7f0000000180)='./control\x00', 0x64000ba6)
inotify_add_watch(r5, &(0x7f0000000180)='./control\x00', 0xa4000960)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
sched_setattr(r3, &(0x7f00000001c0)={0x38, 0x3, 0xc, 0x101, 0x6, 0x7, 0x6b4, 0x510000000, 0x6, 0x40}, 0x0)
setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0xffe, 0x0, 0x0)
write$6lowpan_control(r4, &(0x7f0000000300)='connect aa:aa:aa:aa:aa:11 1', 0x1b)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000480)=ANY=[@ANYBLOB="020100030e0000002cbd70000000000005000600332000000a00000000000000fe800000000000000000000000000018000000000000000005000500000000000a00"/76], 0x70}, 0x1, 0x7}, 0x4000000)

kernel console output (not intermixed with test programs):

bcdDevice= 0.00
[ 1234.834249][   T30] audit: type=1400 audit(2000000018.120:5003): avc:  denied  { associate } for  pid=19881 comm="syz.6.3984" name="file1" dev="tmpfs" ino=1000 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:fsadm_exec_t:s0"
[ 1234.943871][T16716] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1234.960984][T19888] tipc: Started in network mode
[ 1234.966969][T19888] tipc: Node identity 8a2248b0c33b, cluster identity 4711
[ 1234.981067][T19888] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1234.981129][T16716] usb 3-1: config 0 descriptor??
[ 1235.151153][T19888] syzkaller0: entered promiscuous mode
[ 1235.156690][T19888] syzkaller0: entered allmulticast mode
[ 1235.296384][T19896] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1235.685141][T19894] netlink: 'syz.1.3985': attribute type 1 has an invalid length.
[ 1235.788073][T16716] usbhid 3-1:0.0: can't add hid device: -71
[ 1235.796985][T16716] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1235.835021][T16716] usb 3-1: USB disconnect, device number 36
[ 1236.100680][T11461] tipc: Node number set to 1226393776
[ 1236.172329][T19894] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1236.209273][T19898] vlan2: entered allmulticast mode
[ 1236.216556][T19898] veth1: entered allmulticast mode
[ 1236.228593][T19898] bond1: (slave vlan2): making interface the new active one
[ 1236.238947][T19898] bond1: (slave vlan2): Enslaving as an active interface with an up link
[ 1236.249171][T19897] tipc: Resetting bearer <eth:syzkaller0>
[ 1236.260182][   T30] audit: type=1400 audit(2000000019.790:5004): avc:  denied  { rmdir } for  pid=16290 comm="syz-executor" name="file1" dev="tmpfs" ino=1000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0"
[ 1236.700803][T16716] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[ 1236.952064][T19887] tipc: Resetting bearer <eth:syzkaller0>
[ 1236.985993][T19887] tipc: Disabling bearer <eth:syzkaller0>
[ 1237.000759][T16716] usb 3-1: device descriptor read/64, error -71
[ 1237.291079][T16716] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[ 1237.728441][T19930] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3996'.
[ 1237.800666][T16716] usb 3-1: device descriptor read/64, error -71
[ 1237.816258][T19930] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3996'.
[ 1237.917559][T19930] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3996'.
[ 1237.966721][T19930] netlink: 'syz.5.3996': attribute type 4 has an invalid length.
[ 1238.453833][T16716] usb usb3-port1: attempt power cycle
[ 1238.489687][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.496050][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 1239.534312][T16716] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[ 1243.437675][T16716] usb 3-1: device descriptor read/8, error -71
[ 1244.051377][T19966] FAULT_INJECTION: forcing a failure.
[ 1244.051377][T19966] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1244.065819][T19966] CPU: 0 UID: 0 PID: 19966 Comm: syz.2.4005 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1244.065844][T19966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1244.065862][T19966] Call Trace:
[ 1244.065869][T19966]  <TASK>
[ 1244.065876][T19966]  dump_stack_lvl+0x16c/0x1f0
[ 1244.065909][T19966]  should_fail_ex+0x512/0x640
[ 1244.065941][T19966]  _copy_from_iter+0x29f/0x16f0
[ 1244.065962][T19966]  ? __alloc_skb+0x200/0x380
[ 1244.065989][T19966]  ? __pfx__copy_from_iter+0x10/0x10
[ 1244.066013][T19966]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1244.066042][T19966]  netlink_sendmsg+0x829/0xdd0
[ 1244.066067][T19966]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1244.066098][T19966]  ____sys_sendmsg+0xa95/0xc70
[ 1244.066121][T19966]  ? copy_msghdr_from_user+0x10a/0x160
[ 1244.066148][T19966]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1244.066181][T19966]  ___sys_sendmsg+0x134/0x1d0
[ 1244.066211][T19966]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1244.066236][T19966]  ? __lock_acquire+0x622/0x1c90
[ 1244.066283][T19966]  __sys_sendmsg+0x16d/0x220
[ 1244.066301][T19966]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1244.066334][T19966]  do_syscall_64+0xcd/0x4c0
[ 1244.066354][T19966]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1244.066372][T19966] RIP: 0033:0x7f855f98e9a9
[ 1244.066387][T19966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1244.066404][T19966] RSP: 002b:00007f855d7d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1244.066421][T19966] RAX: ffffffffffffffda RBX: 00007f855fbb6160 RCX: 00007f855f98e9a9
[ 1244.066433][T19966] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000008
[ 1244.066443][T19966] RBP: 00007f855d7d5090 R08: 0000000000000000 R09: 0000000000000000
[ 1244.066454][T19966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1244.066464][T19966] R13: 0000000000000000 R14: 00007f855fbb6160 R15: 00007fff2d21f258
[ 1244.066488][T19966]  </TASK>
[ 1244.673609][T19974] siw: device registration error -23
[ 1245.039369][T19976] FAULT_INJECTION: forcing a failure.
[ 1245.039369][T19976] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1245.180869][T19976] CPU: 1 UID: 0 PID: 19976 Comm: syz.5.4010 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1245.180898][T19976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1245.180909][T19976] Call Trace:
[ 1245.180915][T19976]  <TASK>
[ 1245.180923][T19976]  dump_stack_lvl+0x16c/0x1f0
[ 1245.180956][T19976]  should_fail_ex+0x512/0x640
[ 1245.180982][T19976]  ? page_copy_sane+0xcd/0x2d0
[ 1245.181010][T19976]  copy_folio_from_iter_atomic+0x375/0x1aa0
[ 1245.181043][T19976]  ? __pfx_copy_folio_from_iter_atomic+0x10/0x10
[ 1245.181062][T19976]  ? shmem_write_begin+0x176/0x300
[ 1245.181090][T19976]  ? __pfx_shmem_write_begin+0x10/0x10
[ 1245.181117][T19976]  ? balance_dirty_pages_ratelimited_flags+0x92/0x1260
[ 1245.181144][T19976]  generic_perform_write+0x22c/0x930
[ 1245.181172][T19976]  ? __mark_inode_dirty+0x5d0/0xe50
[ 1245.181199][T19976]  ? __pfx_generic_perform_write+0x10/0x10
[ 1245.181228][T19976]  ? generic_update_time+0xcf/0xf0
[ 1245.181248][T19976]  ? mnt_put_write_access_file+0x45/0xf0
[ 1245.181278][T19976]  shmem_file_write_iter+0x10e/0x140
[ 1245.181299][T19976]  vfs_write+0x6c4/0x1150
[ 1245.181325][T19976]  ? __pfx_shmem_file_write_iter+0x10/0x10
[ 1245.181345][T19976]  ? __pfx___mutex_lock+0x10/0x10
[ 1245.181363][T19976]  ? __pfx_vfs_write+0x10/0x10
[ 1245.181406][T19976]  ksys_write+0x12a/0x250
[ 1245.181431][T19976]  ? __pfx_ksys_write+0x10/0x10
[ 1245.181464][T19976]  do_syscall_64+0xcd/0x4c0
[ 1245.181484][T19976]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1245.181502][T19976] RIP: 0033:0x7fd8ec38e9a9
[ 1245.181516][T19976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1245.181533][T19976] RSP: 002b:00007fd8ed1e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1245.181550][T19976] RAX: ffffffffffffffda RBX: 00007fd8ec5b5fa0 RCX: 00007fd8ec38e9a9
[ 1245.181562][T19976] RDX: 000000000208e24b RSI: 0000200000000240 RDI: 0000000000000003
[ 1245.181573][T19976] RBP: 00007fd8ed1e6090 R08: 0000000000000000 R09: 0000000000000000
[ 1245.181583][T19976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1245.181593][T19976] R13: 0000000000000000 R14: 00007fd8ec5b5fa0 R15: 00007fff1741c8e8
[ 1245.181617][T19976]  </TASK>
[ 1246.563645][T19994] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1246.579183][T19994] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1247.785411][T20006] Device name cannot be null; rc = [-22]
[ 1247.797236][T20006] kernel profiling enabled (shift: 9)
[ 1248.186226][T20014] bridge2: entered promiscuous mode
[ 1249.008439][T20015] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[ 1249.677769][T20029] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[ 1249.693296][T20029] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1249.702769][T20029] vhci_hcd vhci_hcd.0: Device attached
[ 1249.711170][T20030] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(7)
[ 1249.717676][T20030] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1249.725089][T20030] vhci_hcd vhci_hcd.0: Device attached
[ 1249.894471][T20033] vhci_hcd: connection closed
[ 1249.898173][T12307] vhci_hcd: stop threads
[ 1249.960693][ T5882] usb 35-1: new low-speed USB device number 2 using vhci_hcd
[ 1250.043407][T12307] vhci_hcd: release socket
[ 1250.055169][T12307] vhci_hcd: disconnect device
[ 1250.487037][T20032] vhci_hcd: connection reset by peer
[ 1250.675996][   T49] vhci_hcd: stop threads
[ 1250.718559][   T49] vhci_hcd: release socket
[ 1250.746143][   T49] vhci_hcd: disconnect device
[ 1250.847787][T20048] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4025'.
[ 1250.942206][T20050] FAULT_INJECTION: forcing a failure.
[ 1250.942206][T20050] name failslab, interval 1, probability 0, space 0, times 0
[ 1250.966300][T20050] CPU: 1 UID: 0 PID: 20050 Comm: syz.2.4026 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1250.966327][T20050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1250.966337][T20050] Call Trace:
[ 1250.966343][T20050]  <TASK>
[ 1250.966349][T20050]  dump_stack_lvl+0x16c/0x1f0
[ 1250.966371][T20050]  should_fail_ex+0x512/0x640
[ 1250.966388][T20050]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1250.966407][T20050]  should_failslab+0xc2/0x120
[ 1250.966418][T20050]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1250.966435][T20050]  ? security_file_alloc+0x34/0x2b0
[ 1250.966449][T20050]  security_file_alloc+0x34/0x2b0
[ 1250.966460][T20050]  init_file+0x93/0x4c0
[ 1250.966473][T20050]  alloc_empty_file+0x73/0x1e0
[ 1250.966486][T20050]  path_openat+0xda/0x2cb0
[ 1250.966502][T20050]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1250.966519][T20050]  ? __pfx_path_openat+0x10/0x10
[ 1250.966536][T20050]  ? __lock_acquire+0xb8a/0x1c90
[ 1250.966553][T20050]  do_filp_open+0x20b/0x470
[ 1250.966571][T20050]  ? __pfx_do_filp_open+0x10/0x10
[ 1250.966597][T20050]  ? alloc_fd+0x471/0x7d0
[ 1250.966617][T20050]  do_sys_openat2+0x11b/0x1d0
[ 1250.966630][T20050]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1250.966644][T20050]  ? __fget_files+0x20e/0x3c0
[ 1250.966656][T20050]  __x64_sys_openat+0x174/0x210
[ 1250.966669][T20050]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1250.966681][T20050]  ? ksys_write+0x1ac/0x250
[ 1250.966701][T20050]  do_syscall_64+0xcd/0x4c0
[ 1250.966713][T20050]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1250.966724][T20050] RIP: 0033:0x7f855f98d310
[ 1250.966733][T20050] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[ 1250.966744][T20050] RSP: 002b:00007f855d7f5f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1250.966755][T20050] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f855f98d310
[ 1250.966762][T20050] RDX: 0000000000000002 RSI: 00007f855d7f5fa0 RDI: 00000000ffffff9c
[ 1250.966769][T20050] RBP: 00007f855d7f5fa0 R08: 0000000000000000 R09: 0000000000000000
[ 1250.966775][T20050] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1250.966781][T20050] R13: 0000000000000000 R14: 00007f855fbb6080 R15: 00007fff2d21f258
[ 1250.966797][T20050]  </TASK>
[ 1251.284075][T20050] program syz.2.4026 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1253.870746][T20073] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3)
[ 1253.877294][T20073] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1253.897730][T20072] vhci_hcd vhci_hcd.0: pdev(5) rhport(1) sockfd(6)
[ 1253.904231][T20072] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1253.926312][T20073] vhci_hcd vhci_hcd.0: Device attached
[ 1254.052663][T20072] vhci_hcd vhci_hcd.0: Device attached
[ 1254.063164][T20072] vhci_hcd vhci_hcd.0: pdev(5) rhport(2) sockfd(8)
[ 1254.069688][T20072] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1254.078548][T20072] vhci_hcd vhci_hcd.0: Device attached
[ 1254.110639][T16319] vhci_hcd: vhci_device speed not set
[ 1254.133084][T20084] vhci_hcd: connection closed
[ 1254.134484][ T6054] vhci_hcd: stop threads
[ 1254.162079][T20078] vhci_hcd: connection closed
[ 1254.162889][T20074] vhci_hcd: connection closed
[ 1254.168973][ T6054] vhci_hcd: release socket
[ 1254.180917][T16319] usb 43-1: new full-speed USB device number 2 using vhci_hcd
[ 1254.188412][ T6054] vhci_hcd: disconnect device
[ 1254.188491][T20077] vhci_hcd: sendmsg failed!, ret=-32 for 48
[ 1254.198619][ T6054] vhci_hcd: stop threads
[ 1254.208226][ T6054] vhci_hcd: release socket
[ 1254.216033][T20092] FAULT_INJECTION: forcing a failure.
[ 1254.216033][T20092] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1254.229484][ T6054] vhci_hcd: disconnect device
[ 1254.254314][ T6054] vhci_hcd: stop threads
[ 1254.258792][ T6054] vhci_hcd: release socket
[ 1254.263927][T20092] CPU: 0 UID: 0 PID: 20092 Comm: syz.5.4034 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1254.263951][T20092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1254.263962][T20092] Call Trace:
[ 1254.263968][T20092]  <TASK>
[ 1254.263976][T20092]  dump_stack_lvl+0x16c/0x1f0
[ 1254.264009][T20092]  should_fail_ex+0x512/0x640
[ 1254.264041][T20092]  _copy_from_user+0x2e/0xd0
[ 1254.264061][T20092]  memdup_user+0x6b/0xe0
[ 1254.264088][T20092]  strndup_user+0x78/0xe0
[ 1254.264115][T20092]  __do_sys_fsconfig+0x2e1/0xbe0
[ 1254.264140][T20092]  ? __pfx___do_sys_fsconfig+0x10/0x10
[ 1254.264159][T20092]  ? fput+0x70/0xf0
[ 1254.264189][T20092]  do_syscall_64+0xcd/0x4c0
[ 1254.264209][T20092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1254.264227][T20092] RIP: 0033:0x7fd8ec38e9a9
[ 1254.264241][T20092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1254.264259][T20092] RSP: 002b:00007fd8ed1e6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
[ 1254.264276][T20092] RAX: ffffffffffffffda RBX: 00007fd8ec5b5fa0 RCX: 00007fd8ec38e9a9
[ 1254.264288][T20092] RDX: 0000200000000b40 RSI: 0000000000000001 RDI: 0000000000000003
[ 1254.264299][T20092] RBP: 00007fd8ed1e6090 R08: 0000000000000000 R09: 0000000000000000
[ 1254.264310][T20092] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[ 1254.264321][T20092] R13: 0000000000000000 R14: 00007fd8ec5b5fa0 R15: 00007fff1741c8e8
[ 1254.264349][T20092]  </TASK>
[ 1254.419669][ T6054] vhci_hcd: disconnect device
[ 1254.816105][T20104] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[ 1254.822651][T20104] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1254.830396][T20104] vhci_hcd vhci_hcd.0: Device attached
[ 1254.969955][T20104] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(9)
[ 1254.976501][T20104] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1254.985550][T20104] vhci_hcd vhci_hcd.0: Device attached
[ 1255.101093][T11461] usb 39-1: new low-speed USB device number 2 using vhci_hcd
[ 1255.240748][ T5882] vhci_hcd: vhci_device speed not set
[ 1255.251674][   T30] audit: type=1326 audit(2000000009.680:5005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20096 comm="syz.5.4037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8ec38e9a9 code=0x7fc00000
[ 1255.615349][   T30] audit: type=1326 audit(2000000010.010:5006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20096 comm="syz.5.4037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8ec38e9a9 code=0x7ffc0000
[ 1255.768762][   T30] audit: type=1326 audit(2000000010.010:5007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20096 comm="syz.5.4037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8ec38e9a9 code=0x7ffc0000
[ 1255.829047][   T30] audit: type=1326 audit(2000000010.020:5008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20096 comm="syz.5.4037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd8ec32ab89 code=0x7ffc0000
[ 1255.852995][T16234] usb 7-1: new full-speed USB device number 30 using dummy_hcd
[ 1255.970957][T20107] vhci_hcd: connection closed
[ 1255.971150][T20105] vhci_hcd: connection reset by peer
[ 1255.996362][T16137] vhci_hcd: stop threads
[ 1256.007477][T16137] vhci_hcd: release socket
[ 1256.538734][   T30] audit: type=1326 audit(2000000010.020:5009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20096 comm="syz.5.4037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8ec38e9a9 code=0x7ffc0000
[ 1256.563715][T16137] vhci_hcd: disconnect device
[ 1256.569241][T16137] vhci_hcd: stop threads
[ 1256.573701][T16137] vhci_hcd: release socket
[ 1256.581713][T16137] vhci_hcd: disconnect device
[ 1256.598059][   T30] audit: type=1326 audit(2000000010.020:5010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20096 comm="syz.5.4037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd8ec32ab89 code=0x7ffc0000
[ 1256.656190][   T30] audit: type=1326 audit(2000000010.020:5011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20096 comm="syz.5.4037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8ec38e9a9 code=0x7ffc0000
[ 1256.738074][   T30] audit: type=1326 audit(2000000010.020:5012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20096 comm="syz.5.4037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd8ec32ab89 code=0x7ffc0000
[ 1256.761885][   T30] audit: type=1326 audit(2000000010.020:5013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20096 comm="syz.5.4037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd8ec32ab89 code=0x7ffc0000
[ 1256.786064][T16234] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 12336, setting to 64
[ 1256.798994][T16234] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1256.810747][   T30] audit: type=1326 audit(2000000010.020:5014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20096 comm="syz.5.4037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd8ec32ab89 code=0x7ffc0000
[ 1256.838340][T16234] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1256.848805][T16234] usb 7-1: config 0 descriptor??
[ 1257.896434][T16234] ath6kl: Failed to submit usb control message: -71
[ 1257.921418][T16234] ath6kl: unable to send the bmi data to the device: -71
[ 1257.928477][T16234] ath6kl: Unable to send get target info: -71
[ 1258.194425][T16234] ath6kl: Failed to init ath6kl core: -71
[ 1258.218481][T16234] ath6kl_usb 7-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1258.267814][T16234] usb 7-1: USB disconnect, device number 30
[ 1258.559904][T20145] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1258.571067][T20145] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1259.055580][T20143] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4047'.
[ 1259.084640][ T5896] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[ 1259.250652][ T5896] usb 3-1: Using ep0 maxpacket: 32
[ 1259.305222][T20152] snd_virmidi snd_virmidi.0: control 0:0:128:syz0:0 is already present
[ 1259.384069][T16319] vhci_hcd: vhci_device speed not set
[ 1260.154457][ T5896] usb 3-1: config 0 has an invalid interface number: 162 but max is 0
[ 1260.163599][ T5896] usb 3-1: config 0 has no interface number 0
[ 1260.169702][ T5896] usb 3-1: config 0 interface 162 altsetting 191 has 0 endpoint descriptors, different from the interface descriptor's value: 22
[ 1260.183298][ T5896] usb 3-1: config 0 interface 162 has no altsetting 0
[ 1260.203007][ T5896] usb 3-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[ 1260.212211][ T5896] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1260.220174][ T5896] usb 3-1: Product: syz
[ 1260.230758][ T5896] usb 3-1: Manufacturer: syz
[ 1260.235440][ T5896] usb 3-1: SerialNumber: syz
[ 1260.246267][ T5896] usb 3-1: config 0 descriptor??
[ 1260.684364][ T5896] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[ 1260.691432][ T5896] gspca_topro: reg_w err -71
[ 1260.726724][ T5896] gspca_topro: Sensor soi763a
[ 1260.748652][ T5896] usb 3-1: USB disconnect, device number 41
[ 1260.822149][T11461] vhci_hcd: vhci_device speed not set
[ 1261.843920][T20173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1262.070464][T20173] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1262.095609][T20173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1262.109905][T20180] program syz.2.4056 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1262.281158][T20173] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1262.305044][T20175] IPVS: persistence engine module ip_vs_pe_ not found
[ 1262.399908][T20173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1262.424656][T20173] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1262.514068][T20183] FAULT_INJECTION: forcing a failure.
[ 1262.514068][T20183] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1262.554790][T20183] CPU: 1 UID: 0 PID: 20183 Comm: syz.6.4059 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1262.554817][T20183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1262.554828][T20183] Call Trace:
[ 1262.554834][T20183]  <TASK>
[ 1262.554841][T20183]  dump_stack_lvl+0x16c/0x1f0
[ 1262.554871][T20183]  should_fail_ex+0x512/0x640
[ 1262.554901][T20183]  strncpy_from_user+0x3b/0x2e0
[ 1262.554927][T20183]  setxattr_copy+0x8a/0x210
[ 1262.554944][T20183]  path_setxattrat+0x104/0x2a0
[ 1262.554961][T20183]  ? __pfx_path_setxattrat+0x10/0x10
[ 1262.554981][T20183]  ? ksys_write+0x190/0x250
[ 1262.555024][T20183]  ? fput+0x70/0xf0
[ 1262.555043][T20183]  ? ksys_write+0x1ac/0x250
[ 1262.555067][T20183]  ? __pfx_ksys_write+0x10/0x10
[ 1262.555094][T20183]  __x64_sys_setxattr+0xc6/0x140
[ 1262.555110][T20183]  ? do_syscall_64+0x91/0x4c0
[ 1262.555125][T20183]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1262.555151][T20183]  do_syscall_64+0xcd/0x4c0
[ 1262.555169][T20183]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1262.555188][T20183] RIP: 0033:0x7f20b5f8e9a9
[ 1262.555202][T20183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1262.555220][T20183] RSP: 002b:00007f20b3df6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[ 1262.555237][T20183] RAX: ffffffffffffffda RBX: 00007f20b61b5fa0 RCX: 00007f20b5f8e9a9
[ 1262.555249][T20183] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000200000000080
[ 1262.555260][T20183] RBP: 00007f20b3df6090 R08: 0000000000000000 R09: 0000000000000000
[ 1262.555270][T20183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1262.555280][T20183] R13: 0000000000000001 R14: 00007f20b61b5fa0 R15: 00007ffd9d2e72e8
[ 1262.555303][T20183]  </TASK>
[ 1263.898859][T20194] IPVS: set_ctl: invalid protocol: 8 255.255.255.255:20019
[ 1264.195755][   T30] kauditd_printk_skb: 59 callbacks suppressed
[ 1264.195772][   T30] audit: type=1400 audit(2000000003.280:5074): avc:  denied  { write } for  pid=20210 comm="syz.1.4068" path="socket:[67560]" dev="sockfs" ino=67560 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1264.319432][T20215] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1264.333309][T20215] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1264.376295][T20215] devpts: Bad value for 'max'
[ 1264.381176][ T5896] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[ 1264.412914][ T5882] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[ 1264.560768][ T5896] usb 6-1: Using ep0 maxpacket: 8
[ 1264.634171][ T5896] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 17
[ 1264.660889][ T5882] usb 4-1: Using ep0 maxpacket: 32
[ 1264.808021][ T5896] usb 6-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=c8.07
[ 1264.829766][ T5882] usb 4-1: config 0 has an invalid interface number: 162 but max is 0
[ 1264.848469][ T5896] usb 6-1: New USB device strings: Mfr=209, Product=185, SerialNumber=60
[ 1264.857454][ T5882] usb 4-1: config 0 has no interface number 0
[ 1264.882833][ T5882] usb 4-1: config 0 interface 162 altsetting 191 has 0 endpoint descriptors, different from the interface descriptor's value: 22
[ 1264.947805][ T5896] usb 6-1: Product: syz
[ 1264.952109][ T5896] usb 6-1: Manufacturer: syz
[ 1264.957909][ T5896] usb 6-1: SerialNumber: syz
[ 1264.963215][ T5882] usb 4-1: config 0 interface 162 has no altsetting 0
[ 1264.972556][ T5896] usb 6-1: config 0 descriptor??
[ 1264.979677][ T5882] usb 4-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[ 1264.990113][ T5882] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1265.000428][ T5882] usb 4-1: Product: syz
[ 1265.008039][ T5882] usb 4-1: Manufacturer: syz
[ 1265.012885][ T5882] usb 4-1: SerialNumber: syz
[ 1265.019298][ T5882] usb 4-1: config 0 descriptor??
[ 1265.186356][ T5896] gspca_main: sunplus-2.14.0 probing 04a5:3003
[ 1265.198591][ T5896] gspca_sunplus: reg_w_riv err -71
[ 1265.215537][ T5896] sunplus 6-1:0.0: probe with driver sunplus failed with error -71
[ 1265.231109][ T5882] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[ 1265.258741][ T5896] usb 6-1: USB disconnect, device number 48
[ 1265.268772][ T5882] gspca_topro: reg_w err -71
[ 1265.300647][ T5882] gspca_topro: Sensor soi763a
[ 1265.335455][ T5882] usb 4-1: USB disconnect, device number 53
[ 1265.860308][   T30] audit: type=1400 audit(2000000001.340:5075): avc:  denied  { write } for  pid=20235 comm="syz.5.4077" name="urandom" dev="devtmpfs" ino=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1
[ 1265.938765][T20236] FAULT_INJECTION: forcing a failure.
[ 1265.938765][T20236] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1266.011594][T20236] CPU: 0 UID: 0 PID: 20236 Comm: syz.5.4077 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1266.011622][T20236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1266.011632][T20236] Call Trace:
[ 1266.011639][T20236]  <TASK>
[ 1266.011646][T20236]  dump_stack_lvl+0x16c/0x1f0
[ 1266.011679][T20236]  should_fail_ex+0x512/0x640
[ 1266.011711][T20236]  _copy_to_user+0x32/0xd0
[ 1266.011732][T20236]  simple_read_from_buffer+0xcb/0x170
[ 1266.011762][T20236]  proc_fail_nth_read+0x197/0x270
[ 1266.011788][T20236]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1266.011816][T20236]  ? rw_verify_area+0xcf/0x680
[ 1266.011838][T20236]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1266.011863][T20236]  vfs_read+0x1e1/0xc60
[ 1266.011892][T20236]  ? __pfx___mutex_lock+0x10/0x10
[ 1266.011910][T20236]  ? __pfx_vfs_read+0x10/0x10
[ 1266.011941][T20236]  ? __fget_files+0x20e/0x3c0
[ 1266.011966][T20236]  ksys_read+0x12a/0x250
[ 1266.011991][T20236]  ? __pfx_ksys_read+0x10/0x10
[ 1266.012024][T20236]  do_syscall_64+0xcd/0x4c0
[ 1266.012044][T20236]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1266.012062][T20236] RIP: 0033:0x7fd8ec38d3bc
[ 1266.012077][T20236] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1266.012094][T20236] RSP: 002b:00007fd8ed1e6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1266.012113][T20236] RAX: ffffffffffffffda RBX: 00007fd8ec5b5fa0 RCX: 00007fd8ec38d3bc
[ 1266.012125][T20236] RDX: 000000000000000f RSI: 00007fd8ed1e60a0 RDI: 0000000000000006
[ 1266.012136][T20236] RBP: 00007fd8ed1e6090 R08: 0000000000000000 R09: 0000000000000000
[ 1266.012147][T20236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1266.012158][T20236] R13: 0000000000000000 R14: 00007fd8ec5b5fa0 R15: 00007fff1741c8e8
[ 1266.012182][T20236]  </TASK>
[ 1266.939549][T20259] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4081'.
[ 1267.075493][T20261] Device name cannot be null; rc = [-22]
[ 1268.367719][T20273] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1268.421862][T20273] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1268.466840][T20281] FAULT_INJECTION: forcing a failure.
[ 1268.466840][T20281] name failslab, interval 1, probability 0, space 0, times 0
[ 1268.486292][T20279] FAULT_INJECTION: forcing a failure.
[ 1268.486292][T20279] name failslab, interval 1, probability 0, space 0, times 0
[ 1268.488932][T20281] CPU: 0 UID: 0 PID: 20281 Comm: syz.2.4089 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1268.488954][T20281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1268.488964][T20281] Call Trace:
[ 1268.488969][T20281]  <TASK>
[ 1268.488975][T20281]  dump_stack_lvl+0x16c/0x1f0
[ 1268.489004][T20281]  should_fail_ex+0x512/0x640
[ 1268.489028][T20281]  ? fs_reclaim_acquire+0xae/0x150
[ 1268.489049][T20281]  ? tomoyo_encode2+0x100/0x3e0
[ 1268.489064][T20281]  should_failslab+0xc2/0x120
[ 1268.489080][T20281]  __kmalloc_noprof+0xd2/0x510
[ 1268.489102][T20281]  ? d_absolute_path+0x136/0x1a0
[ 1268.489125][T20281]  tomoyo_encode2+0x100/0x3e0
[ 1268.489143][T20281]  tomoyo_encode+0x29/0x50
[ 1268.489157][T20281]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1268.489179][T20281]  tomoyo_path_number_perm+0x245/0x580
[ 1268.489200][T20281]  ? tomoyo_path_number_perm+0x237/0x580
[ 1268.489229][T20281]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1268.489252][T20281]  ? find_held_lock+0x2b/0x80
[ 1268.489292][T20281]  ? find_held_lock+0x2b/0x80
[ 1268.489310][T20281]  ? hook_file_ioctl_common+0x145/0x410
[ 1268.489333][T20281]  ? __fget_files+0x20e/0x3c0
[ 1268.489351][T20281]  security_file_ioctl+0x9b/0x240
[ 1268.489368][T20281]  __x64_sys_ioctl+0xb7/0x210
[ 1268.489390][T20281]  do_syscall_64+0xcd/0x4c0
[ 1268.489407][T20281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1268.489423][T20281] RIP: 0033:0x7f855f98e9a9
[ 1268.489436][T20281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1268.489451][T20281] RSP: 002b:00007f856070f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1268.489467][T20281] RAX: ffffffffffffffda RBX: 00007f855fbb5fa0 RCX: 00007f855f98e9a9
[ 1268.489477][T20281] RDX: 0000200000000400 RSI: 00000000c008561c RDI: 0000000000000003
[ 1268.489487][T20281] RBP: 00007f856070f090 R08: 0000000000000000 R09: 0000000000000000
[ 1268.489497][T20281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1268.489506][T20281] R13: 0000000000000000 R14: 00007f855fbb5fa0 R15: 00007fff2d21f258
[ 1268.489528][T20281]  </TASK>
[ 1268.489543][T20281] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1268.505546][T20279] CPU: 1 UID: 0 PID: 20279 Comm: syz.3.4090 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1268.505568][T20279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1268.505578][T20279] Call Trace:
[ 1268.505583][T20279]  <TASK>
[ 1268.505589][T20279]  dump_stack_lvl+0x16c/0x1f0
[ 1268.505622][T20279]  should_fail_ex+0x512/0x640
[ 1268.505645][T20279]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1268.505672][T20279]  should_failslab+0xc2/0x120
[ 1268.505688][T20279]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1268.505711][T20279]  ? __alloc_skb+0x2b2/0x380
[ 1268.505739][T20279]  __alloc_skb+0x2b2/0x380
[ 1268.505760][T20279]  ? __pfx___alloc_skb+0x10/0x10
[ 1268.505787][T20279]  ? find_held_lock+0x2b/0x80
[ 1268.505809][T20279]  __ip6_append_data+0x2bc9/0x4780
[ 1268.505835][T20279]  ? __pfx_raw6_getfrag+0x10/0x10
[ 1268.505862][T20279]  ? __pfx___ip6_append_data+0x10/0x10
[ 1268.505882][T20279]  ? __pfx_ip6_mtu+0x10/0x10
[ 1268.505897][T20279]  ? ip6_setup_cork+0xc51/0x1530
[ 1268.505918][T20279]  ip6_append_data+0x1bd/0x4c0
[ 1268.505938][T20279]  ? __pfx_raw6_getfrag+0x10/0x10
[ 1268.505958][T20279]  rawv6_sendmsg+0x1642/0x47a0
[ 1268.505986][T20279]  ? __pfx_rawv6_sendmsg+0x10/0x10
[ 1268.506003][T20279]  ? avc_has_perm_noaudit+0x149/0x3b0
[ 1268.506026][T20279]  ? avc_has_perm+0x11a/0x1c0
[ 1268.506044][T20279]  ? __pfx_avc_has_perm+0x10/0x10
[ 1268.506063][T20279]  ? is_bpf_text_address+0x94/0x1a0
[ 1268.506102][T20279]  ? __import_iovec+0x1dd/0x650
[ 1268.506118][T20279]  ? __might_fault+0xe3/0x190
[ 1268.506139][T20279]  ? __might_fault+0x13b/0x190
[ 1268.506159][T20279]  ? __pfx_rawv6_sendmsg+0x10/0x10
[ 1268.506178][T20279]  ? inet_sendmsg+0x119/0x140
[ 1268.506199][T20279]  inet_sendmsg+0x119/0x140
[ 1268.506221][T20279]  ____sys_sendmsg+0x973/0xc70
[ 1268.506241][T20279]  ? copy_msghdr_from_user+0x10a/0x160
[ 1268.506265][T20279]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1268.506294][T20279]  ___sys_sendmsg+0x134/0x1d0
[ 1268.506320][T20279]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1268.506341][T20279]  ? __lock_acquire+0x622/0x1c90
[ 1268.506384][T20279]  __sys_sendmsg+0x16d/0x220
[ 1268.506399][T20279]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1268.506429][T20279]  do_syscall_64+0xcd/0x4c0
[ 1268.506446][T20279]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1268.506461][T20279] RIP: 0033:0x7fc0d458e9a9
[ 1268.506479][T20279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1268.506494][T20279] RSP: 002b:00007fc0d53c9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1268.506510][T20279] RAX: ffffffffffffffda RBX: 00007fc0d47b5fa0 RCX: 00007fc0d458e9a9
[ 1268.506520][T20279] RDX: 0000000000044004 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1268.506530][T20279] RBP: 00007fc0d53c9090 R08: 0000000000000000 R09: 0000000000000000
[ 1268.506539][T20279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1268.506548][T20279] R13: 0000000000000000 R14: 00007fc0d47b5fa0 R15: 00007ffde0ad89b8
[ 1268.506570][T20279]  </TASK>
[ 1269.041147][T20287] FAULT_INJECTION: forcing a failure.
[ 1269.041147][T20287] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1269.054827][T20287] CPU: 1 UID: 0 PID: 20287 Comm: syz.3.4092 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1269.054851][T20287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1269.054858][T20287] Call Trace:
[ 1269.054862][T20287]  <TASK>
[ 1269.054867][T20287]  dump_stack_lvl+0x16c/0x1f0
[ 1269.054889][T20287]  should_fail_ex+0x512/0x640
[ 1269.054908][T20287]  _copy_to_user+0x32/0xd0
[ 1269.054920][T20287]  simple_read_from_buffer+0xcb/0x170
[ 1269.054938][T20287]  proc_fail_nth_read+0x197/0x270
[ 1269.054955][T20287]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1269.054972][T20287]  ? rw_verify_area+0xcf/0x680
[ 1269.054987][T20287]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1269.055002][T20287]  vfs_read+0x1e1/0xc60
[ 1269.055020][T20287]  ? __pfx___mutex_lock+0x10/0x10
[ 1269.055031][T20287]  ? __pfx_vfs_read+0x10/0x10
[ 1269.055050][T20287]  ? __fget_files+0x20e/0x3c0
[ 1269.055064][T20287]  ksys_read+0x12a/0x250
[ 1269.055079][T20287]  ? __pfx_ksys_read+0x10/0x10
[ 1269.055099][T20287]  do_syscall_64+0xcd/0x4c0
[ 1269.055110][T20287]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1269.055122][T20287] RIP: 0033:0x7fc0d458d3bc
[ 1269.055131][T20287] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1269.055142][T20287] RSP: 002b:00007fc0d53a8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1269.055153][T20287] RAX: ffffffffffffffda RBX: 00007fc0d47b6080 RCX: 00007fc0d458d3bc
[ 1269.055160][T20287] RDX: 000000000000000f RSI: 00007fc0d53a80a0 RDI: 0000000000000005
[ 1269.055167][T20287] RBP: 00007fc0d53a8090 R08: 0000000000000000 R09: 0000000000000000
[ 1269.055173][T20287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1269.055180][T20287] R13: 0000000000000000 R14: 00007fc0d47b6080 R15: 00007ffde0ad89b8
[ 1269.055193][T20287]  </TASK>
[ 1269.558295][ T5882] libceph: connect (1)[c::]:6789 error -101
[ 1269.573836][ T5882] libceph: mon0 (1)[c::]:6789 connect error
[ 1269.591004][T20286] ceph: No mds server is up or the cluster is laggy
[ 1269.591920][T20291] macsec2: entered promiscuous mode
[ 1269.606946][T20291] macsec2: entered allmulticast mode
[ 1271.013027][T20311] snd_virmidi snd_virmidi.0: control 0:0:128:syz0:0 is already present
[ 1272.738400][   T30] audit: type=1800 audit(2000000000.550:5076): pid=20321 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.4101" name="bus" dev="overlay" ino=1057 res=0 errno=0
[ 1273.295294][ T5896] libceph: connect (1)[c::]:6789 error -101
[ 1273.302643][ T5896] libceph: mon0 (1)[c::]:6789 connect error
[ 1273.354639][T20330] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1273.363619][T20330] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1273.378262][T20330] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1273.387467][T20330] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1273.397073][T20330] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1273.406787][T20330] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1273.633594][ T5882] libceph: connect (1)[c::]:6789 error -101
[ 1273.641358][ T5882] libceph: mon0 (1)[c::]:6789 connect error
[ 1273.654350][ T5882] libceph: connect (1)[c::]:6789 error -101
[ 1273.667930][ T5882] libceph: mon0 (1)[c::]:6789 connect error
[ 1273.733611][T20334] ceph: No mds server is up or the cluster is laggy
[ 1274.092639][T20326] ceph: No mds server is up or the cluster is laggy
[ 1274.133603][T20341] FAULT_INJECTION: forcing a failure.
[ 1274.133603][T20341] name failslab, interval 1, probability 0, space 0, times 0
[ 1274.146254][T20341] CPU: 0 UID: 0 PID: 20341 Comm: syz.2.4106 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1274.146269][T20341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1274.146276][T20341] Call Trace:
[ 1274.146280][T20341]  <TASK>
[ 1274.146284][T20341]  dump_stack_lvl+0x16c/0x1f0
[ 1274.146305][T20341]  should_fail_ex+0x512/0x640
[ 1274.146323][T20341]  ? __kmalloc_noprof+0xbf/0x510
[ 1274.146342][T20341]  ? alloc_pipe_info+0x1ec/0x590
[ 1274.146352][T20341]  should_failslab+0xc2/0x120
[ 1274.146362][T20341]  __kmalloc_noprof+0xd2/0x510
[ 1274.146381][T20341]  alloc_pipe_info+0x1ec/0x590
[ 1274.146393][T20341]  splice_direct_to_actor+0x77d/0xa30
[ 1274.146415][T20341]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1274.146432][T20341]  ? find_held_lock+0x2b/0x80
[ 1274.146447][T20341]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1274.146462][T20341]  ? get_pid_task+0xfc/0x250
[ 1274.146475][T20341]  do_splice_direct+0x174/0x240
[ 1274.146491][T20341]  ? __pfx_do_splice_direct+0x10/0x10
[ 1274.146507][T20341]  ? __pfx_direct_file_splice_eof+0x10/0x10
[ 1274.146524][T20341]  ? bpf_lsm_file_permission+0x9/0x10
[ 1274.146536][T20341]  ? security_file_permission+0x71/0x210
[ 1274.146548][T20341]  ? rw_verify_area+0xcf/0x680
[ 1274.146564][T20341]  do_sendfile+0xb06/0xe50
[ 1274.146580][T20341]  ? __pfx_do_sendfile+0x10/0x10
[ 1274.146595][T20341]  ? __fget_files+0x20e/0x3c0
[ 1274.146609][T20341]  __x64_sys_sendfile64+0x1d8/0x220
[ 1274.146620][T20341]  ? ksys_write+0x1ac/0x250
[ 1274.146636][T20341]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 1274.146651][T20341]  do_syscall_64+0xcd/0x4c0
[ 1274.146663][T20341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1274.146674][T20341] RIP: 0033:0x7f855f98e9a9
[ 1274.146684][T20341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1274.146695][T20341] RSP: 002b:00007f855d7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1274.146705][T20341] RAX: ffffffffffffffda RBX: 00007f855fbb6080 RCX: 00007f855f98e9a9
[ 1274.146712][T20341] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005
[ 1274.146719][T20341] RBP: 00007f855d7f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1274.146725][T20341] R10: 000000000000023b R11: 0000000000000246 R12: 0000000000000001
[ 1274.146731][T20341] R13: 0000000000000000 R14: 00007f855fbb6080 R15: 00007fff2d21f258
[ 1274.146744][T20341]  </TASK>
[ 1274.549205][T20348] FAULT_INJECTION: forcing a failure.
[ 1274.549205][T20348] name failslab, interval 1, probability 0, space 0, times 0
[ 1274.592023][T20348] CPU: 1 UID: 0 PID: 20348 Comm: syz.1.4107 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1274.592049][T20348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1274.592056][T20348] Call Trace:
[ 1274.592060][T20348]  <TASK>
[ 1274.592065][T20348]  dump_stack_lvl+0x16c/0x1f0
[ 1274.592086][T20348]  should_fail_ex+0x512/0x640
[ 1274.592104][T20348]  ? __kmalloc_cache_node_noprof+0x5a/0x420
[ 1274.592122][T20348]  should_failslab+0xc2/0x120
[ 1274.592133][T20348]  __kmalloc_cache_node_noprof+0x6d/0x420
[ 1274.592156][T20348]  ? __get_vm_area_node+0x101/0x330
[ 1274.592173][T20348]  __get_vm_area_node+0x101/0x330
[ 1274.592187][T20348]  __vmalloc_node_range_noprof+0x271/0x14b0
[ 1274.592206][T20348]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[ 1274.592221][T20348]  ? find_held_lock+0x2b/0x80
[ 1274.592235][T20348]  ? avc_has_perm_noaudit+0x117/0x3b0
[ 1274.592249][T20348]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[ 1274.592265][T20348]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1274.592280][T20348]  ? __pfx_cred_has_capability.isra.0+0x10/0x10
[ 1274.592302][T20348]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[ 1274.592314][T20348]  __vmalloc_node_noprof+0xad/0xf0
[ 1274.592328][T20348]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[ 1274.592341][T20348]  bpf_prog_alloc_no_stats+0x54/0x5d0
[ 1274.592353][T20348]  ? security_capable+0x7e/0x260
[ 1274.592369][T20348]  bpf_prog_alloc+0x3b/0x230
[ 1274.592380][T20348]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1274.592394][T20348]  bpf_prog_load+0x160e/0x2490
[ 1274.592412][T20348]  ? __pfx_bpf_prog_load+0x10/0x10
[ 1274.592426][T20348]  ? avc_has_perm_noaudit+0x149/0x3b0
[ 1274.592448][T20348]  ? selinux_bpf+0xde/0x130
[ 1274.592460][T20348]  ? bpf_lsm_bpf+0x9/0x10
[ 1274.592474][T20348]  __sys_bpf+0x4d1a/0x4ea0
[ 1274.592491][T20348]  ? __pfx___sys_bpf+0x10/0x10
[ 1274.592506][T20348]  ? ksys_write+0x190/0x250
[ 1274.592524][T20348]  ? __mutex_unlock_slowpath+0x161/0x6a0
[ 1274.592543][T20348]  ? fput+0x70/0xf0
[ 1274.592555][T20348]  ? ksys_write+0x1ac/0x250
[ 1274.592570][T20348]  ? __pfx_ksys_write+0x10/0x10
[ 1274.592588][T20348]  __x64_sys_bpf+0x78/0xc0
[ 1274.592602][T20348]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1274.592619][T20348]  do_syscall_64+0xcd/0x4c0
[ 1274.592631][T20348]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1274.592642][T20348] RIP: 0033:0x7ff29818e9a9
[ 1274.592652][T20348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1274.592663][T20348] RSP: 002b:00007ff295ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1274.592674][T20348] RAX: ffffffffffffffda RBX: 00007ff2983b6080 RCX: 00007ff29818e9a9
[ 1274.592681][T20348] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000005
[ 1274.592687][T20348] RBP: 00007ff295ff6090 R08: 0000000000000000 R09: 0000000000000000
[ 1274.592694][T20348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1274.592700][T20348] R13: 0000000000000001 R14: 00007ff2983b6080 R15: 00007ffcead75bf8
[ 1274.592713][T20348]  </TASK>
[ 1274.599053][T20348] warn_alloc: 1 callbacks suppressed
[ 1274.599079][T20348] syz.1.4107: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1275.010598][T20348] CPU: 0 UID: 0 PID: 20348 Comm: syz.1.4107 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1275.010622][T20348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1275.010633][T20348] Call Trace:
[ 1275.010640][T20348]  <TASK>
[ 1275.010647][T20348]  dump_stack_lvl+0x16c/0x1f0
[ 1275.010679][T20348]  warn_alloc+0x248/0x3a0
[ 1275.010707][T20348]  ? __pfx_warn_alloc+0x10/0x10
[ 1275.010734][T20348]  ? __kmalloc_cache_node_noprof+0x272/0x420
[ 1275.010762][T20348]  ? __kasan_kmalloc+0x8a/0xb0
[ 1275.010786][T20348]  ? __get_vm_area_node+0x208/0x330
[ 1275.010812][T20348]  __vmalloc_node_range_noprof+0xb2d/0x14b0
[ 1275.010835][T20348]  ? find_held_lock+0x2b/0x80
[ 1275.010856][T20348]  ? avc_has_perm_noaudit+0x117/0x3b0
[ 1275.010877][T20348]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[ 1275.010903][T20348]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1275.010925][T20348]  ? __pfx_cred_has_capability.isra.0+0x10/0x10
[ 1275.010958][T20348]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[ 1275.010975][T20348]  __vmalloc_node_noprof+0xad/0xf0
[ 1275.010996][T20348]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[ 1275.011016][T20348]  bpf_prog_alloc_no_stats+0x54/0x5d0
[ 1275.011034][T20348]  ? security_capable+0x7e/0x260
[ 1275.011057][T20348]  bpf_prog_alloc+0x3b/0x230
[ 1275.011073][T20348]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1275.011094][T20348]  bpf_prog_load+0x160e/0x2490
[ 1275.011121][T20348]  ? __pfx_bpf_prog_load+0x10/0x10
[ 1275.011141][T20348]  ? avc_has_perm_noaudit+0x149/0x3b0
[ 1275.011176][T20348]  ? selinux_bpf+0xde/0x130
[ 1275.011194][T20348]  ? bpf_lsm_bpf+0x9/0x10
[ 1275.011220][T20348]  __sys_bpf+0x4d1a/0x4ea0
[ 1275.011245][T20348]  ? __pfx___sys_bpf+0x10/0x10
[ 1275.011268][T20348]  ? ksys_write+0x190/0x250
[ 1275.011295][T20348]  ? __mutex_unlock_slowpath+0x161/0x6a0
[ 1275.011325][T20348]  ? fput+0x70/0xf0
[ 1275.011342][T20348]  ? ksys_write+0x1ac/0x250
[ 1275.011364][T20348]  ? __pfx_ksys_write+0x10/0x10
[ 1275.011391][T20348]  __x64_sys_bpf+0x78/0xc0
[ 1275.011413][T20348]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1275.011437][T20348]  do_syscall_64+0xcd/0x4c0
[ 1275.011454][T20348]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1275.011471][T20348] RIP: 0033:0x7ff29818e9a9
[ 1275.011486][T20348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1275.011502][T20348] RSP: 002b:00007ff295ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1275.011518][T20348] RAX: ffffffffffffffda RBX: 00007ff2983b6080 RCX: 00007ff29818e9a9
[ 1275.011529][T20348] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000005
[ 1275.011540][T20348] RBP: 00007ff295ff6090 R08: 0000000000000000 R09: 0000000000000000
[ 1275.011549][T20348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1275.011559][T20348] R13: 0000000000000001 R14: 00007ff2983b6080 R15: 00007ffcead75bf8
[ 1275.011581][T20348]  </TASK>
[ 1275.014962][T20348] Mem-Info:
[ 1275.652058][T20348] active_anon:13694 inactive_anon:0 isolated_anon:0
[ 1275.652058][T20348]  active_file:3298 inactive_file:58600 isolated_file:0
[ 1275.652058][T20348]  unevictable:768 dirty:120 writeback:0
[ 1275.652058][T20348]  slab_reclaimable:12714 slab_unreclaimable:122559
[ 1275.652058][T20348]  mapped:34547 shmem:10986 pagetables:1310
[ 1275.652058][T20348]  sec_pagetables:0 bounce:0
[ 1275.652058][T20348]  kernel_misc_reclaimable:0
[ 1275.652058][T20348]  free:1257443 free_pcp:19631 free_cma:0
[ 1275.731741][T20348] Node 0 active_anon:58176kB inactive_anon:0kB active_file:13192kB inactive_file:234228kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:141352kB dirty:480kB writeback:0kB shmem:46008kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13416kB pagetables:5100kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1276.058881][T20348] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:172kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:36kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1276.090637][T20348] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1276.120053][T20348] lowmem_reserve[]: 0 2480 2482 2482 2482
[ 1276.129432][T20348] Node 0 DMA32 free:1098600kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:62524kB inactive_anon:0kB active_file:13192kB inactive_file:232920kB unevictable:1536kB writepending:480kB present:3129332kB managed:2540184kB mlocked:0kB bounce:0kB free_pcp:66108kB local_pcp:30384kB free_cma:0kB
[ 1276.170577][T20348] lowmem_reserve[]: 0 0 1 1 1
[ 1276.183269][T20348] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1308kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:8kB free_cma:0kB
[ 1276.216847][T20348] lowmem_reserve[]: 0 0 0 0 0
[ 1276.237316][T20348] Node 1 Normal free:3909512kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:172kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:9408kB local_pcp:9408kB free_cma:0kB
[ 1276.420611][T20348] lowmem_reserve[]: 0 0 0 0 0
[ 1276.425329][T20348] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1276.458442][T20348] Node 0 DMA32: 408*4kB (UME) 243*8kB (UM) 1*16kB (M) 2*32kB (UM) 194*64kB (UME) 44*128kB (UME) 51*256kB (UME) 61*512kB (UME) 29*1024kB (UM) 7*2048kB (UM) 237*4096kB (UM) = 1080776kB
[ 1276.478135][T20348] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[ 1276.490941][T20348] Node 1 Normal: 212*4kB (UME) 59*8kB (UME) 48*16kB (UME) 255*32kB (UME) 118*64kB (UME) 28*128kB (UME) 8*256kB (UME) 4*512kB (UM) 3*1024kB (ME) 3*2048kB (UME) 946*4096kB (M) = 3909512kB
[ 1276.524123][T20348] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1276.533952][T20348] Node 0 hugepages_total=3 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 1276.543398][T20348] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1276.553072][T20348] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 1276.563683][T20348] 80482 total pagecache pages
[ 1276.568450][T20348] 0 pages in swap cache
[ 1276.572737][T20348] Free swap  = 124996kB
[ 1276.576958][T20348] Total swap = 124996kB
[ 1276.581253][T20348] 2097051 pages RAM
[ 1276.585095][T20348] 0 pages HighMem/MovableOnly
[ 1276.589817][T20348] 430027 pages reserved
[ 1276.594152][T20348] 0 pages cma reserved
[ 1278.742994][T20386] lo speed is unknown, defaulting to 1000
[ 1278.880957][   T30] audit: type=1400 audit(2000000006.900:5077): avc:  denied  { create } for  pid=20383 comm="syz.6.4118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[ 1279.850666][T16319] usb 7-1: new full-speed USB device number 31 using dummy_hcd
[ 1279.977700][T20407] netlink: 'syz.1.4123': attribute type 2 has an invalid length.
[ 1280.022853][T20407] netlink: 'syz.1.4123': attribute type 11 has an invalid length.
[ 1280.033759][T20407] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4123'.
[ 1280.070209][T20411] FAULT_INJECTION: forcing a failure.
[ 1280.070209][T20411] name failslab, interval 1, probability 0, space 0, times 0
[ 1280.084879][T16319] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 12336, setting to 64
[ 1280.140256][T16319] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1280.164071][T16319] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1280.173743][T20411] CPU: 1 UID: 0 PID: 20411 Comm: syz.2.4124 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1280.173768][T20411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1280.173778][T20411] Call Trace:
[ 1280.173784][T20411]  <TASK>
[ 1280.173791][T20411]  dump_stack_lvl+0x16c/0x1f0
[ 1280.173826][T20411]  should_fail_ex+0x512/0x640
[ 1280.173853][T20411]  ? fs_reclaim_acquire+0xae/0x150
[ 1280.173877][T20411]  ? tomoyo_encode2+0x100/0x3e0
[ 1280.173892][T20411]  should_failslab+0xc2/0x120
[ 1280.173910][T20411]  __kmalloc_noprof+0xd2/0x510
[ 1280.173933][T20411]  ? d_absolute_path+0x136/0x1a0
[ 1280.173956][T20411]  tomoyo_encode2+0x100/0x3e0
[ 1280.173976][T20411]  tomoyo_encode+0x29/0x50
[ 1280.173991][T20411]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1280.174014][T20411]  tomoyo_path_number_perm+0x245/0x580
[ 1280.174037][T20411]  ? tomoyo_path_number_perm+0x237/0x580
[ 1280.174063][T20411]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1280.174096][T20411]  ? find_held_lock+0x2b/0x80
[ 1280.174142][T20411]  ? find_held_lock+0x2b/0x80
[ 1280.174164][T20411]  ? hook_file_ioctl_common+0x145/0x410
[ 1280.174190][T20411]  ? __fget_files+0x20e/0x3c0
[ 1280.174209][T20411]  security_file_ioctl+0x9b/0x240
[ 1280.174229][T20411]  __x64_sys_ioctl+0xb7/0x210
[ 1280.174254][T20411]  do_syscall_64+0xcd/0x4c0
[ 1280.174271][T20411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1280.174288][T20411] RIP: 0033:0x7f855f98e9a9
[ 1280.174302][T20411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1280.174317][T20411] RSP: 002b:00007f855d7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1280.174335][T20411] RAX: ffffffffffffffda RBX: 00007f855fbb6080 RCX: 00007f855f98e9a9
[ 1280.174347][T20411] RDX: 0000000000000000 RSI: 00000000801054db RDI: 0000000000000003
[ 1280.174358][T20411] RBP: 00007f855d7f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1280.174369][T20411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1280.174380][T20411] R13: 0000000000000001 R14: 00007f855fbb6080 R15: 00007fff2d21f258
[ 1280.174405][T20411]  </TASK>
[ 1280.174442][T20411] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1280.454712][T16319] usb 7-1: config 0 descriptor??
[ 1280.732255][T16319] ath6kl: Failed to submit usb control message: -71
[ 1280.738971][T16319] ath6kl: unable to send the bmi data to the device: -71
[ 1281.627509][T16319] ath6kl: Unable to send get target info: -71
[ 1281.662734][T16319] ath6kl: Failed to init ath6kl core: -71
[ 1281.669409][T16319] ath6kl_usb 7-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1281.703963][T16319] usb 7-1: USB disconnect, device number 31
[ 1282.249502][T20429] FAULT_INJECTION: forcing a failure.
[ 1282.249502][T20429] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1282.297624][T20429] CPU: 0 UID: 0 PID: 20429 Comm: syz.1.4129 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1282.297651][T20429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1282.297662][T20429] Call Trace:
[ 1282.297668][T20429]  <TASK>
[ 1282.297675][T20429]  dump_stack_lvl+0x16c/0x1f0
[ 1282.297708][T20429]  should_fail_ex+0x512/0x640
[ 1282.297739][T20429]  _copy_to_user+0x32/0xd0
[ 1282.297758][T20429]  simple_read_from_buffer+0xcb/0x170
[ 1282.297787][T20429]  proc_fail_nth_read+0x197/0x270
[ 1282.297815][T20429]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1282.297842][T20429]  ? rw_verify_area+0xcf/0x680
[ 1282.297865][T20429]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1282.297891][T20429]  vfs_read+0x1e1/0xc60
[ 1282.297919][T20429]  ? __pfx___mutex_lock+0x10/0x10
[ 1282.297937][T20429]  ? __pfx_vfs_read+0x10/0x10
[ 1282.297968][T20429]  ? __fget_files+0x20e/0x3c0
[ 1282.297990][T20429]  ksys_read+0x12a/0x250
[ 1282.298015][T20429]  ? __pfx_ksys_read+0x10/0x10
[ 1282.298047][T20429]  do_syscall_64+0xcd/0x4c0
[ 1282.298066][T20429]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1282.298084][T20429] RIP: 0033:0x7ff29818d3bc
[ 1282.298099][T20429] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1282.298117][T20429] RSP: 002b:00007ff298f1b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1282.298133][T20429] RAX: ffffffffffffffda RBX: 00007ff2983b5fa0 RCX: 00007ff29818d3bc
[ 1282.298144][T20429] RDX: 000000000000000f RSI: 00007ff298f1b0a0 RDI: 0000000000000005
[ 1282.298155][T20429] RBP: 00007ff298f1b090 R08: 0000000000000000 R09: 0000000000000000
[ 1282.298165][T20429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1282.298175][T20429] R13: 0000000000000000 R14: 00007ff2983b5fa0 R15: 00007ffcead75bf8
[ 1282.298199][T20429]  </TASK>
[ 1282.700578][   T30] audit: type=1326 audit(2000000002.930:5078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20432 comm="syz.3.4128" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc0d458e9a9 code=0x0
[ 1285.330057][T20446] vhci_hcd vhci_hcd.0: pdev(6) rhport(1) sockfd(7)
[ 1285.336601][T20446] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1285.344195][T20446] vhci_hcd vhci_hcd.0: Device attached
[ 1285.351246][T20450] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(7)
[ 1285.353357][T20457] vhci_hcd: connection closed
[ 1285.357749][T20450] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1285.370169][T20450] vhci_hcd vhci_hcd.0: Device attached
[ 1285.406562][ T1094] vhci_hcd: stop threads
[ 1285.424807][ T1094] vhci_hcd: release socket
[ 1285.457184][ T1094] vhci_hcd: disconnect device
[ 1285.829119][T20453] vhci_hcd: connection closed
[ 1286.043969][   T30] audit: type=1400 audit(2000000000.070:5079): avc:  denied  { remove_name } for  pid=14411 comm="syz-executor" name="index" dev="tmpfs" ino=1783 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0"
[ 1286.083592][   T49] vhci_hcd: stop threads
[ 1286.087941][   T49] vhci_hcd: release socket
[ 1286.108413][ T5882] usb 45-1: new low-speed USB device number 2 using vhci_hcd
[ 1286.113194][   T49] vhci_hcd: disconnect device
[ 1286.150697][ T5882] usb 45-1: enqueue for inactive port 0
[ 1286.162994][T20469] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=20469 comm=syz.5.4139
[ 1286.306430][ T5882] vhci_hcd: vhci_device speed not set
[ 1286.563474][   T30] audit: type=1400 audit(2000000000.670:5080): avc:  denied  { write } for  pid=20476 comm="syz.5.4141" name="file0" dev="tmpfs" ino=1364 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1286.586018][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1286.858341][   T30] audit: type=1400 audit(2000000000.670:5081): avc:  denied  { open } for  pid=20476 comm="syz.5.4141" path="/242/file0" dev="tmpfs" ino=1364 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1286.992761][   T30] audit: type=1400 audit(2000000000.730:5082): avc:  denied  { ioctl } for  pid=20476 comm="syz.5.4141" path="/242/file0" dev="tmpfs" ino=1364 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1287.090724][T16319] usb 6-1: new full-speed USB device number 49 using dummy_hcd
[ 1287.265083][T16319] usb 6-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31
[ 1287.277527][T16319] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1287.335254][T16319] usb 6-1: config 0 descriptor??
[ 1287.422174][T16319] usb 6-1: selecting invalid altsetting 3
[ 1287.428138][T16319] comedi comedi5: could not set alternate setting 3 in high speed
[ 1288.346328][T16319] usbduxsigma 6-1:0.0: driver 'usbduxsigma' failed to auto-configure device.
[ 1288.410354][T16319] usbduxsigma 6-1:0.0: probe with driver usbduxsigma failed with error -22
[ 1288.422110][T20492] netlink: 84 bytes leftover after parsing attributes in process `syz.6.4144'.
[ 1288.466609][T20495] x_tables: ip6_tables: TPROXY.1 target: invalid size 32 (kernel) != (user) 22
[ 1288.630565][T20502] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4147'.
[ 1288.701580][T16319] usb 6-1: USB disconnect, device number 49
[ 1288.997074][T20508] xt_hashlimit: size too large, truncated to 1048576
[ 1289.008263][T20508] xt_hashlimit: max too large, truncated to 1048576
[ 1289.010609][ T5837] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[ 1289.155567][T20499] sctp: [Deprecated]: syz.6.4148 (pid 20499) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1289.155567][T20499] Use struct sctp_sack_info instead
[ 1289.179567][ T5837] usb 4-1: Using ep0 maxpacket: 16
[ 1289.201820][ T5837] usb 4-1: config 127 has an invalid interface number: 1 but max is 0
[ 1289.215048][ T5837] usb 4-1: config 127 has no interface number 0
[ 1289.227509][ T5837] usb 4-1: config 127 interface 1 has no altsetting 0
[ 1289.242448][ T5837] usb 4-1: New USB device found, idVendor=1199, idProduct=9015, bcdDevice=99.2d
[ 1289.253938][ T5837] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1289.263337][ T5837] usb 4-1: Product: syz
[ 1289.310564][ T5837] usb 4-1: Manufacturer: syz
[ 1289.316188][ T5837] usb 4-1: SerialNumber: syz
[ 1290.878829][T20500] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1290.925902][T20500] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1292.296843][T20530] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[ 1292.722670][ T5837] usb 4-1: USB disconnect, device number 54
[ 1292.741540][T20540] lo speed is unknown, defaulting to 1000
[ 1292.880882][T16234] usb 7-1: new full-speed USB device number 32 using dummy_hcd
[ 1292.943495][T20543] netlink: 'syz.2.4160': attribute type 1 has an invalid length.
[ 1292.960039][T20543] netlink: 'syz.2.4160': attribute type 1 has an invalid length.
[ 1292.983995][T20543] netlink: 216 bytes leftover after parsing attributes in process `syz.2.4160'.
[ 1293.044069][T16234] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 12336, setting to 64
[ 1293.070350][T16234] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1293.088631][T16234] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1293.099362][T16234] usb 7-1: config 0 descriptor??
[ 1293.964754][T20554] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1294.068183][T20554] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1294.096808][T16234] ath6kl: Failed to submit usb control message: -71
[ 1294.107958][T20554] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1294.120317][T16234] ath6kl: unable to send the bmi data to the device: -71
[ 1294.132724][T20554] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1294.140679][T16234] ath6kl: Unable to send get target info: -71
[ 1294.161689][T16234] ath6kl: Failed to init ath6kl core: -71
[ 1294.227407][T16234] ath6kl_usb 7-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1294.984472][T20558] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[ 1295.022809][T20563] FAULT_INJECTION: forcing a failure.
[ 1295.022809][T20563] name failslab, interval 1, probability 0, space 0, times 0
[ 1295.044788][T20563] CPU: 0 UID: 0 PID: 20563 Comm: syz.5.4165 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1295.044803][T20563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1295.044809][T20563] Call Trace:
[ 1295.044814][T20563]  <TASK>
[ 1295.044819][T20563]  dump_stack_lvl+0x16c/0x1f0
[ 1295.044841][T20563]  should_fail_ex+0x512/0x640
[ 1295.044861][T20563]  should_failslab+0xc2/0x120
[ 1295.044873][T20563]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1295.044890][T20563]  ? trace_kmem_cache_alloc+0x28/0xc0
[ 1295.044901][T20563]  ? kmem_cache_alloc_noprof+0x21e/0x3b0
[ 1295.044917][T20563]  ? inet_bind2_bucket_create+0x36/0x580
[ 1295.044936][T20563]  inet_bind2_bucket_create+0x36/0x580
[ 1295.044955][T20563]  inet_csk_get_port+0x11c8/0x27c0
[ 1295.044973][T20563]  ? trace_inet_sock_set_state+0x194/0x220
[ 1295.044989][T20563]  ? __pfx_inet_csk_get_port+0x10/0x10
[ 1295.045002][T20563]  inet_csk_listen_start+0x15e/0x390
[ 1295.045016][T20563]  __inet_listen_sk+0x20f/0x520
[ 1295.045032][T20563]  ? __pfx___inet_listen_sk+0x10/0x10
[ 1295.045048][T20563]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1295.045064][T20563]  ? __local_bh_enable_ip+0xa4/0x120
[ 1295.045080][T20563]  inet_listen+0x93/0xd0
[ 1295.045095][T20563]  smc_listen+0x5ff/0xbb0
[ 1295.045112][T20563]  __sys_listen_socket+0x114/0x160
[ 1295.045128][T20563]  __sys_listen+0xa7/0x130
[ 1295.045143][T20563]  __x64_sys_listen+0x53/0x80
[ 1295.045157][T20563]  do_syscall_64+0xcd/0x4c0
[ 1295.045174][T20563]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1295.045186][T20563] RIP: 0033:0x7fd8ec38e9a9
[ 1295.045195][T20563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1295.045206][T20563] RSP: 002b:00007fd8ed1e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000032
[ 1295.045217][T20563] RAX: ffffffffffffffda RBX: 00007fd8ec5b5fa0 RCX: 00007fd8ec38e9a9
[ 1295.045224][T20563] RDX: 0000000000000000 RSI: 0000000000000040 RDI: 0000000000000009
[ 1295.045230][T20563] RBP: 00007fd8ed1e6090 R08: 0000000000000000 R09: 0000000000000000
[ 1295.045236][T20563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1295.045243][T20563] R13: 0000000000000000 R14: 00007fd8ec5b5fa0 R15: 00007fff1741c8e8
[ 1295.045256][T20563]  </TASK>
[ 1295.357852][T16234] usb 7-1: USB disconnect, device number 32
[ 1296.164833][ T5882] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[ 1296.173131][T20580] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[ 1296.179660][T20580] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1296.187440][T20580] vhci_hcd vhci_hcd.0: Device attached
[ 1296.204154][   T30] audit: type=1326 audit(2000000010.320:5083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20565 comm="syz.5.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8ec38e9a9 code=0x7ffc0000
[ 1296.229309][   T30] audit: type=1326 audit(2000000010.340:5084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20565 comm="syz.5.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8ec38e9a9 code=0x7ffc0000
[ 1296.430585][ T5837] usb 35-1: new low-speed USB device number 3 using vhci_hcd
[ 1296.504963][   T30] audit: type=1326 audit(2000000010.530:5085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20565 comm="syz.5.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7fd8ec38e9a9 code=0x7ffc0000
[ 1296.550655][ T5882] usb 4-1: Using ep0 maxpacket: 32
[ 1296.658746][T20579] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[ 1296.722721][T20585] snd_virmidi snd_virmidi.0: control 0:0:128:syz0:0 is already present
[ 1296.887665][T20581] vhci_hcd: connection reset by peer
[ 1296.968547][ T6054] vhci_hcd: stop threads
[ 1297.010442][ T6054] vhci_hcd: release socket
[ 1297.054653][ T6054] vhci_hcd: disconnect device
[ 1297.316328][ T5882] usb 4-1: unable to read config index 0 descriptor/start: -61
[ 1297.351625][   T30] audit: type=1326 audit(2000000010.530:5086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20565 comm="syz.5.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8ec38e9a9 code=0x7ffc0000
[ 1297.375680][ T5882] usb 4-1: can't read configurations, error -61
[ 1297.382318][   T30] audit: type=1326 audit(2000000010.530:5087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20565 comm="syz.5.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8ec38e9a9 code=0x7ffc0000
[ 1297.470134][   T30] audit: type=1326 audit(2000000010.550:5088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20565 comm="syz.5.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fd8ec38e9a9 code=0x7ffc0000
[ 1297.575456][T20599] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4171'.
[ 1298.063351][ T5882] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[ 1298.078169][   T30] audit: type=1326 audit(2000000010.550:5089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20565 comm="syz.5.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8ec38e9a9 code=0x7ffc0000
[ 1298.104991][   T30] audit: type=1326 audit(2000000010.550:5090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20565 comm="syz.5.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8ec38e9a9 code=0x7ffc0000
[ 1298.139868][   T30] audit: type=1326 audit(2000000010.550:5091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20565 comm="syz.5.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fd8ec38e9a9 code=0x7ffc0000
[ 1298.171032][   T30] audit: type=1326 audit(2000000010.550:5092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20565 comm="syz.5.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8ec38e9a9 code=0x7ffc0000
[ 1298.253967][ T5882] usb 4-1: Using ep0 maxpacket: 32
[ 1298.513273][ T5882] usb 4-1: unable to read config index 0 descriptor/start: -61
[ 1298.539224][ T5882] usb 4-1: can't read configurations, error -61
[ 1298.691340][T16234] usb 7-1: new full-speed USB device number 33 using dummy_hcd
[ 1298.829285][ T5882] usb usb4-port1: attempt power cycle
[ 1299.091125][T20612] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1299.102511][T20612] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1299.373442][ T5896] usb 3-1: new full-speed USB device number 42 using dummy_hcd
[ 1299.527301][T16234] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 12336, setting to 64
[ 1299.538536][T16234] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1299.610454][T16234] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1299.638235][T16234] usb 7-1: config 0 descriptor??
[ 1299.937808][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 1299.947567][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 1300.002531][ T5896] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 12336, setting to 64
[ 1300.045809][ T5896] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1300.125041][ T5896] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1300.264682][ T5896] usb 3-1: config 0 descriptor??
[ 1301.365338][T16234] ath6kl: Failed to submit usb control message: -110
[ 1301.423850][T16234] ath6kl: unable to send the bmi data to the device: -110
[ 1301.436795][ T5896] ath6kl: Failed to submit usb control message: -71
[ 1301.456934][ T5896] ath6kl: unable to send the bmi data to the device: -71
[ 1301.470484][T16234] ath6kl: Unable to send get target info: -110
[ 1301.487701][ T5896] ath6kl: Unable to send get target info: -71
[ 1301.497984][T20626] FAULT_INJECTION: forcing a failure.
[ 1301.497984][T20626] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1301.512989][T16234] ath6kl: Failed to init ath6kl core: -110
[ 1301.519028][ T5896] ath6kl: Failed to init ath6kl core: -71
[ 1301.526312][T16234] ath6kl_usb 7-1:0.0: probe with driver ath6kl_usb failed with error -110
[ 1301.536464][ T5896] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1301.559928][T20626] CPU: 1 UID: 0 PID: 20626 Comm: syz.5.4178 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1301.559953][T20626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1301.559965][T20626] Call Trace:
[ 1301.559971][T20626]  <TASK>
[ 1301.559978][T20626]  dump_stack_lvl+0x16c/0x1f0
[ 1301.560010][T20626]  should_fail_ex+0x512/0x640
[ 1301.560039][T20626]  _copy_from_user+0x2e/0xd0
[ 1301.560058][T20626]  core_sys_select+0x35b/0xc10
[ 1301.560090][T20626]  ? __pfx_core_sys_select+0x10/0x10
[ 1301.560138][T20626]  ? set_user_sigmask+0x21b/0x2b0
[ 1301.560159][T20626]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1301.560185][T20626]  do_pselect.constprop.0+0x19f/0x1e0
[ 1301.560212][T20626]  ? __pfx_do_pselect.constprop.0+0x10/0x10
[ 1301.560248][T20626]  __x64_sys_pselect6+0x182/0x240
[ 1301.560276][T20626]  ? __pfx___x64_sys_pselect6+0x10/0x10
[ 1301.560309][T16234] usb 7-1: USB disconnect, device number 33
[ 1301.560309][T20626]  do_syscall_64+0xcd/0x4c0
[ 1301.560330][T20626]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1301.560347][T20626] RIP: 0033:0x7fd8ec38e9a9
[ 1301.560359][T20626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1301.560375][T20626] RSP: 002b:00007fd8ed1a4038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 1301.560391][T20626] RAX: ffffffffffffffda RBX: 00007fd8ec5b6160 RCX: 00007fd8ec38e9a9
[ 1301.560402][T20626] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[ 1301.560411][T20626] RBP: 00007fd8ed1a4090 R08: 0000000000000000 R09: 0000000000000000
[ 1301.560421][T20626] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[ 1301.560431][T20626] R13: 0000000000000000 R14: 00007fd8ec5b6160 R15: 00007fff1741c8e8
[ 1301.560452][T20626]  </TASK>
[ 1301.762524][ T5837] vhci_hcd: vhci_device speed not set
[ 1301.793425][T20630] FAULT_INJECTION: forcing a failure.
[ 1301.793425][T20630] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1301.811433][T20630] CPU: 1 UID: 0 PID: 20630 Comm: syz.3.4180 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1301.811450][T20630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1301.811457][T20630] Call Trace:
[ 1301.811461][T20630]  <TASK>
[ 1301.811466][T20630]  dump_stack_lvl+0x16c/0x1f0
[ 1301.811487][T20630]  should_fail_ex+0x512/0x640
[ 1301.811507][T20630]  should_fail_alloc_page+0xe7/0x130
[ 1301.811520][T20630]  prepare_alloc_pages+0x3c2/0x610
[ 1301.811533][T20630]  ? unwind_get_return_address+0x59/0xa0
[ 1301.811547][T20630]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[ 1301.811566][T20630]  ? __lock_acquire+0x622/0x1c90
[ 1301.811579][T20630]  ? __pfx_stack_trace_save+0x10/0x10
[ 1301.811595][T20630]  ? stack_depot_save_flags+0x28/0xa40
[ 1301.811612][T20630]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1301.811631][T20630]  ? __kasan_check_byte+0x13/0x50
[ 1301.811644][T20630]  ? __kasan_check_byte+0x13/0x50
[ 1301.811655][T20630]  ? is_bpf_text_address+0x8a/0x1a0
[ 1301.811668][T20630]  ? rcu_is_watching+0x12/0xc0
[ 1301.811682][T20630]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1301.811696][T20630]  ? policy_nodemask+0xea/0x4e0
[ 1301.811708][T20630]  alloc_pages_mpol+0x1fb/0x550
[ 1301.811719][T20630]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1301.811733][T20630]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 1301.811747][T20630]  vma_alloc_folio_noprof+0xed/0x1e0
[ 1301.811760][T20630]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 1301.811772][T20630]  ? find_held_lock+0x2b/0x80
[ 1301.811785][T20630]  ? __handle_mm_fault+0x1092/0x5490
[ 1301.811807][T20630]  __handle_mm_fault+0x2f21/0x5490
[ 1301.811826][T20630]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1301.811839][T20630]  ? __pfx_mt_find+0x10/0x10
[ 1301.811858][T20630]  ? find_vma+0xbf/0x140
[ 1301.811869][T20630]  ? __pfx_find_vma+0x10/0x10
[ 1301.811882][T20630]  handle_mm_fault+0x589/0xd10
[ 1301.811897][T20630]  ? __pkru_allows_pkey+0x51/0xb0
[ 1301.811913][T20630]  do_user_addr_fault+0x7a6/0x1370
[ 1301.811931][T20630]  ? rcu_is_watching+0x12/0xc0
[ 1301.811946][T20630]  exc_page_fault+0x5c/0xb0
[ 1301.811963][T20630]  asm_exc_page_fault+0x26/0x30
[ 1301.811974][T20630] RIP: 0010:rep_movs_alternative+0x33/0x90
[ 1301.811989][T20630] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 4d 11 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb
[ 1301.812000][T20630] RSP: 0018:ffffc9000e32fb00 EFLAGS: 00050216
[ 1301.812009][T20630] RAX: 0000002000000001 RBX: 0000000000000020 RCX: 0000000000000020
[ 1301.812016][T20630] RDX: ffffed100ea9932f RSI: ffff8880754c9958 RDI: 0000200000002540
[ 1301.812023][T20630] RBP: 0000200000002540 R08: 0000000000000000 R09: ffffed100ea9932e
[ 1301.812030][T20630] R10: ffff8880754c9977 R11: 0000000000000001 R12: ffff8880754c9958
[ 1301.812036][T20630] R13: 0000200000002560 R14: 00007ffffffff000 R15: 0000000000000000
[ 1301.812050][T20630]  _copy_to_user+0xbb/0xd0
[ 1301.812062][T20630]  drm_read+0x3cb/0x960
[ 1301.812079][T20630]  ? __pfx_drm_read+0x10/0x10
[ 1301.812089][T20630]  ? __import_iovec+0x1dd/0x650
[ 1301.812099][T20630]  ? avc_policy_seqno+0x9/0x20
[ 1301.812112][T20630]  ? selinux_file_permission+0x126/0x660
[ 1301.812131][T20630]  ? bpf_lsm_file_permission+0x9/0x10
[ 1301.812144][T20630]  ? security_file_permission+0x71/0x210
[ 1301.812155][T20630]  ? rw_verify_area+0xcf/0x680
[ 1301.812171][T20630]  ? __pfx_drm_read+0x10/0x10
[ 1301.812181][T20630]  vfs_readv+0x5be/0x8b0
[ 1301.812199][T20630]  ? __pfx_vfs_readv+0x10/0x10
[ 1301.812223][T20630]  ? __fget_files+0x20e/0x3c0
[ 1301.812232][T20630]  ? __fget_files+0x190/0x3c0
[ 1301.812245][T20630]  ? do_readv+0x132/0x340
[ 1301.812258][T20630]  do_readv+0x132/0x340
[ 1301.812272][T20630]  ? __pfx_do_readv+0x10/0x10
[ 1301.812290][T20630]  do_syscall_64+0xcd/0x4c0
[ 1301.812302][T20630]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1301.812318][T20630] RIP: 0033:0x7fc0d458e9a9
[ 1301.812327][T20630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1301.812341][T20630] RSP: 002b:00007fc0d53c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1301.812351][T20630] RAX: ffffffffffffffda RBX: 00007fc0d47b5fa0 RCX: 00007fc0d458e9a9
[ 1301.812358][T20630] RDX: 0000000000000001 RSI: 00002000000001c0 RDI: 0000000000000003
[ 1301.812365][T20630] RBP: 00007fc0d53c9090 R08: 0000000000000000 R09: 0000000000000000
[ 1301.812371][T20630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1301.812377][T20630] R13: 0000000000000000 R14: 00007fc0d47b5fa0 R15: 00007ffde0ad89b8
[ 1301.812391][T20630]  </TASK>
[ 1302.256274][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1302.265673][ T5896] usb 3-1: USB disconnect, device number 42
[ 1302.683691][T16234] usb 7-1: new high-speed USB device number 34 using dummy_hcd
[ 1302.840818][T16234] usb 7-1: device descriptor read/64, error -71
[ 1302.951981][ T5896] usb 6-1: new full-speed USB device number 50 using dummy_hcd
[ 1303.080657][T16234] usb 7-1: new high-speed USB device number 35 using dummy_hcd
[ 1303.112345][ T5896] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 12336, setting to 64
[ 1303.123718][ T5896] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1303.132941][ T5896] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1303.146162][ T5896] usb 6-1: config 0 descriptor??
[ 1303.300043][T16234] usb 7-1: device descriptor read/64, error -71
[ 1303.435522][ T5896] ath6kl: Failed to submit usb control message: -71
[ 1303.442775][T16234] usb usb7-port1: attempt power cycle
[ 1303.466552][ T5896] ath6kl: unable to send the bmi data to the device: -71
[ 1303.484689][ T5896] ath6kl: Unable to send get target info: -71
[ 1303.501375][ T5896] ath6kl: Failed to init ath6kl core: -71
[ 1303.523051][ T5896] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1303.572354][ T5896] usb 6-1: USB disconnect, device number 50
[ 1303.790678][T16234] usb 7-1: new high-speed USB device number 36 using dummy_hcd
[ 1303.830684][T16234] usb 7-1: device descriptor read/8, error -71
[ 1304.081911][T16234] usb 7-1: new high-speed USB device number 37 using dummy_hcd
[ 1304.144110][T16234] usb 7-1: device descriptor read/8, error -71
[ 1304.161845][T20666] FAULT_INJECTION: forcing a failure.
[ 1304.161845][T20666] name failslab, interval 1, probability 0, space 0, times 0
[ 1304.174735][T20666] CPU: 0 UID: 0 PID: 20666 Comm: syz.1.4189 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1304.174759][T20666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1304.174769][T20666] Call Trace:
[ 1304.174791][T20666]  <TASK>
[ 1304.174798][T20666]  dump_stack_lvl+0x16c/0x1f0
[ 1304.174831][T20666]  should_fail_ex+0x512/0x640
[ 1304.174858][T20666]  ? fs_reclaim_acquire+0xae/0x150
[ 1304.174881][T20666]  ? tomoyo_encode2+0x100/0x3e0
[ 1304.174899][T20666]  should_failslab+0xc2/0x120
[ 1304.174919][T20666]  __kmalloc_noprof+0xd2/0x510
[ 1304.174945][T20666]  ? d_absolute_path+0x136/0x1a0
[ 1304.174972][T20666]  tomoyo_encode2+0x100/0x3e0
[ 1304.174993][T20666]  tomoyo_encode+0x29/0x50
[ 1304.175009][T20666]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1304.175035][T20666]  tomoyo_path_number_perm+0x245/0x580
[ 1304.175059][T20666]  ? tomoyo_path_number_perm+0x237/0x580
[ 1304.175086][T20666]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1304.175139][T20666]  ? find_held_lock+0x2b/0x80
[ 1304.175161][T20666]  ? hook_file_ioctl_common+0x145/0x410
[ 1304.175188][T20666]  ? __fget_files+0x20e/0x3c0
[ 1304.175210][T20666]  security_file_ioctl+0x9b/0x240
[ 1304.175228][T20666]  __x64_sys_ioctl+0xb7/0x210
[ 1304.175255][T20666]  do_syscall_64+0xcd/0x4c0
[ 1304.175274][T20666]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1304.175292][T20666] RIP: 0033:0x7ff29818e9a9
[ 1304.175307][T20666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1304.175325][T20666] RSP: 002b:00007ff295fd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1304.175341][T20666] RAX: ffffffffffffffda RBX: 00007ff2983b6160 RCX: 00007ff29818e9a9
[ 1304.175353][T20666] RDX: 0000200000000200 RSI: 00000000c0405602 RDI: 0000000000000007
[ 1304.175364][T20666] RBP: 00007ff295fd5090 R08: 0000000000000000 R09: 0000000000000000
[ 1304.175375][T20666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1304.175385][T20666] R13: 0000000000000000 R14: 00007ff2983b6160 R15: 00007ffcead75bf8
[ 1304.175411][T20666]  </TASK>
[ 1304.376983][T20666] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1304.510647][T16234] usb usb7-port1: unable to enumerate USB device
[ 1305.386320][T20673] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[ 1305.732897][T20679] input: syz1 as /devices/virtual/input/input38
[ 1306.589812][T20689] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4196'.
[ 1306.598774][T20689] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4196'.
[ 1306.724308][T20688] netlink: 'syz.3.4195': attribute type 1 has an invalid length.
[ 1306.759184][T20692] netlink: 'syz.3.4195': attribute type 1 has an invalid length.
[ 1307.847314][T20699] snd_virmidi snd_virmidi.0: control 0:0:128:syz0:0 is already present
[ 1309.114667][T20701] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=20701 comm=syz.1.4199
[ 1310.182392][T16235] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1310.191674][T20709] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[ 1310.198216][T20709] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1310.205670][T20710] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(7)
[ 1310.212182][T20710] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1310.219555][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1310.219657][T20709] vhci_hcd vhci_hcd.0: Device attached
[ 1310.225708][T20710] vhci_hcd vhci_hcd.0: Device attached
[ 1310.236597][T20714] vhci_hcd: connection closed
[ 1310.254018][ T6054] vhci_hcd: stop threads
[ 1310.301400][ T6054] vhci_hcd: release socket
[ 1310.322638][ T6054] vhci_hcd: disconnect device
[ 1310.420733][ T5889] usb 7-1: new high-speed USB device number 38 using dummy_hcd
[ 1310.429586][   T30] kauditd_printk_skb: 19 callbacks suppressed
[ 1310.429601][   T30] audit: type=1400 audit(2000000007.560:5112): avc:  denied  { create } for  pid=20722 comm="syz.1.4203" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[ 1310.486593][   T43] usb 39-1: new low-speed USB device number 3 using vhci_hcd
[ 1310.550672][T20713] vhci_hcd: connection closed
[ 1310.570841][T16235] vhci_hcd: stop threads
[ 1310.594668][ T5837] IPVS: starting estimator thread 0...
[ 1310.602675][T16235] vhci_hcd: release socket
[ 1310.608943][T16235] vhci_hcd: disconnect device
[ 1310.643816][ T5889] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1310.674474][ T5889] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1310.686112][T20725] IPVS: using max 73 ests per chain, 175200 per kthread
[ 1310.840584][ T5889] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1310.860622][ T5889] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1310.934995][T20729] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1310.946386][T20729] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1311.340908][ T5889] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1311.355391][ T5889] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1311.365745][ T5889] usb 7-1: Manufacturer: syz
[ 1311.373058][ T5889] usb 7-1: config 0 descriptor??
[ 1311.451983][ T5832] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1311.735630][T20736] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1311.746890][T20736] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1312.210775][T16234] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[ 1312.464020][T20740] FAULT_INJECTION: forcing a failure.
[ 1312.464020][T20740] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1312.477363][T20740] CPU: 0 UID: 0 PID: 20740 Comm: syz.1.4208 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1312.477389][T20740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1312.477400][T20740] Call Trace:
[ 1312.477406][T20740]  <TASK>
[ 1312.477413][T20740]  dump_stack_lvl+0x16c/0x1f0
[ 1312.477450][T20740]  should_fail_ex+0x512/0x640
[ 1312.477481][T20740]  _copy_to_user+0x32/0xd0
[ 1312.477500][T20740]  simple_read_from_buffer+0xcb/0x170
[ 1312.477528][T20740]  proc_fail_nth_read+0x197/0x270
[ 1312.477555][T20740]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1312.477583][T20740]  ? rw_verify_area+0xcf/0x680
[ 1312.477605][T20740]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1312.477628][T20740]  vfs_read+0x1e1/0xc60
[ 1312.477653][T20740]  ? __pfx___mutex_lock+0x10/0x10
[ 1312.477669][T20740]  ? __pfx_vfs_read+0x10/0x10
[ 1312.477696][T20740]  ? __fget_files+0x20e/0x3c0
[ 1312.477710][T20740]  ? file_seek_cur_needs_f_lock+0xb0/0xc0
[ 1312.477732][T20740]  ksys_read+0x12a/0x250
[ 1312.477754][T20740]  ? __pfx_ksys_read+0x10/0x10
[ 1312.477782][T20740]  do_syscall_64+0xcd/0x4c0
[ 1312.477799][T20740]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1312.477816][T20740] RIP: 0033:0x7ff29818d3bc
[ 1312.477832][T20740] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1312.477848][T20740] RSP: 002b:00007ff295ff6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1312.477866][T20740] RAX: ffffffffffffffda RBX: 00007ff2983b6080 RCX: 00007ff29818d3bc
[ 1312.477877][T20740] RDX: 000000000000000f RSI: 00007ff295ff60a0 RDI: 0000000000000006
[ 1312.477888][T20740] RBP: 00007ff295ff6090 R08: 0000000000000000 R09: 0000000000000000
[ 1312.477898][T20740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1312.477909][T20740] R13: 0000000000000000 R14: 00007ff2983b6080 R15: 00007ffcead75bf8
[ 1312.477932][T20740]  </TASK>
[ 1312.665908][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1312.687051][ T5889] appleir 0003:05AC:8243.000D: unknown main item tag 0x0
[ 1312.700700][T16234] usb 6-1: Using ep0 maxpacket: 32
[ 1312.921934][T16234] usb 6-1: config 0 has an invalid interface number: 230 but max is 0
[ 1312.930113][T16234] usb 6-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[ 1312.938822][T16234] usb 6-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[ 1312.947525][T16234] usb 6-1: config 0 has no interface number 0
[ 1312.953631][T16234] usb 6-1: config 0 interface 230 altsetting 0 endpoint 0xB has invalid maxpacket 1024, setting to 64
[ 1312.967352][ T5889] appleir 0003:05AC:8243.000D: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.6-1/input0
[ 1312.978921][T16234] usb 6-1: config 0 interface 230 altsetting 0 endpoint 0x2 has an invalid bInterval 70, changing to 7
[ 1312.993372][ T5889] usb 7-1: USB disconnect, device number 38
[ 1313.006710][T16234] usb 6-1: config 0 interface 230 altsetting 0 has a duplicate endpoint with address 0xB, skipping
[ 1313.059572][T16234] usb 6-1: config 0 interface 230 altsetting 0 endpoint 0x6 has an invalid bInterval 173, changing to 11
[ 1313.071832][T16234] usb 6-1: config 0 interface 230 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1313.116505][T16234] usb 6-1: config 0 interface 230 altsetting 0 has an endpoint descriptor with address 0xED, changing to 0x8D
[ 1313.128638][T16234] usb 6-1: config 0 interface 230 altsetting 0 endpoint 0x8D has invalid maxpacket 33358, setting to 1024
[ 1313.141636][T16234] usb 6-1: config 0 interface 230 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 32
[ 1313.153125][T16234] usb 6-1: config 0 interface 230 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1313.165886][T16234] usb 6-1: config 0 interface 230 altsetting 0 has a duplicate endpoint with address 0x7, skipping
[ 1313.176989][T16234] usb 6-1: config 0 interface 230 altsetting 0 has 12 endpoint descriptors, different from the interface descriptor's value: 11
[ 1313.200632][ T5837] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[ 1313.279617][T16234] usb 6-1: New USB device found, idVendor=05ac, idProduct=0224, bcdDevice=8c.21
[ 1313.299215][T16234] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1313.343957][T16234] usb 6-1: Product: syz
[ 1313.369962][T16234] usb 6-1: Manufacturer: syz
[ 1313.396491][T16234] usb 6-1: SerialNumber: syz
[ 1313.442820][ T5837] usb 3-1: Using ep0 maxpacket: 16
[ 1313.459600][T16234] usb 6-1: config 0 descriptor??
[ 1313.588802][T20737] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[ 1313.674809][T16234] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.230/input/input39
[ 1313.963216][ T5837] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1313.975231][ T5837] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1313.998099][ T5837] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1314.021555][ T5837] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 1314.032318][ T5837] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1314.055971][ T5837] usb 3-1: config 0 descriptor??
[ 1314.837345][ T5837] shield 0003:0955:7214.000E: unknown main item tag 0x0
[ 1314.844436][ T5837] shield 0003:0955:7214.000E: unknown main item tag 0x0
[ 1314.851665][ T5837] shield 0003:0955:7214.000E: unknown main item tag 0x0
[ 1314.858670][ T5837] shield 0003:0955:7214.000E: unknown main item tag 0x0
[ 1315.120174][ T5837] shield 0003:0955:7214.000E: unknown main item tag 0x0
[ 1315.141467][ T5837] input: HID 0955:7214 Haptics as /devices/virtual/input/input40
[ 1315.238340][ T5186] bcm5974 6-1:0.230: could not read from device
[ 1315.303579][ T5186] bcm5974 6-1:0.230: could not read from device
[ 1315.350428][T16234] usb 6-1: USB disconnect, device number 51
[ 1315.359677][ T5837] shield 0003:0955:7214.000E: Registered Thunderstrike controller
[ 1315.534941][ T5837] shield 0003:0955:7214.000E: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0
[ 1315.678868][   T43] vhci_hcd: vhci_device speed not set
[ 1315.865610][   T30] audit: type=1400 audit(2000000013.000:5113): avc:  denied  { ioctl } for  pid=20783 comm="syz.5.4221" path="socket:[70885]" dev="sockfs" ino=70885 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1316.081902][T20792] FAULT_INJECTION: forcing a failure.
[ 1316.081902][T20792] name failslab, interval 1, probability 0, space 0, times 0
[ 1316.111469][T20792] CPU: 1 UID: 0 PID: 20792 Comm: syz.6.4223 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1316.111499][T20792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1316.111514][T20792] Call Trace:
[ 1316.111520][T20792]  <TASK>
[ 1316.111528][T20792]  dump_stack_lvl+0x16c/0x1f0
[ 1316.111561][T20792]  should_fail_ex+0x512/0x640
[ 1316.111589][T20792]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1316.111619][T20792]  should_failslab+0xc2/0x120
[ 1316.111637][T20792]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1316.111664][T20792]  ? __alloc_skb+0x2b2/0x380
[ 1316.111697][T20792]  __alloc_skb+0x2b2/0x380
[ 1316.111724][T20792]  ? __pfx___alloc_skb+0x10/0x10
[ 1316.111750][T20792]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[ 1316.111778][T20792]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[ 1316.111813][T20792]  netlink_alloc_large_skb+0x69/0x130
[ 1316.111837][T20792]  netlink_sendmsg+0x6a1/0xdd0
[ 1316.111862][T20792]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1316.111900][T20792]  ____sys_sendmsg+0xa95/0xc70
[ 1316.111924][T20792]  ? copy_msghdr_from_user+0x10a/0x160
[ 1316.111951][T20792]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1316.111985][T20792]  ___sys_sendmsg+0x134/0x1d0
[ 1316.112015][T20792]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1316.112041][T20792]  ? __lock_acquire+0x622/0x1c90
[ 1316.112090][T20792]  __sys_sendmsg+0x16d/0x220
[ 1316.112107][T20792]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1316.112140][T20792]  do_syscall_64+0xcd/0x4c0
[ 1316.112160][T20792]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1316.112179][T20792] RIP: 0033:0x7f20b5f8e9a9
[ 1316.112194][T20792] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1316.112211][T20792] RSP: 002b:00007f20b3df6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1316.112230][T20792] RAX: ffffffffffffffda RBX: 00007f20b61b5fa0 RCX: 00007f20b5f8e9a9
[ 1316.112242][T20792] RDX: 0000000000040010 RSI: 0000200000000980 RDI: 0000000000000004
[ 1316.112254][T20792] RBP: 00007f20b3df6090 R08: 0000000000000000 R09: 0000000000000000
[ 1316.112265][T20792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1316.112276][T20792] R13: 0000000000000000 R14: 00007f20b61b5fa0 R15: 00007ffd9d2e72e8
[ 1316.112301][T20792]  </TASK>
[ 1316.591236][ T5943] shield 0003:0955:7214.000E: Failed to output Thunderstrike HOSTCMD request HID report due to -ESHUTDOWN
[ 1316.605424][ T5943] shield 0003:0955:7214.000E: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[ 1316.620172][ T5943] shield 0003:0955:7214.000E: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[ 1316.728165][ T5943] shield 0003:0955:7214.000E: Failed to output Thunderstrike HOSTCMD request HID report due to -EPIPE
[ 1316.740378][T16319] usb 3-1: reset high-speed USB device number 43 using dummy_hcd
[ 1316.770938][ T5837] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[ 1316.930303][ T5837] usb 4-1: Using ep0 maxpacket: 8
[ 1316.960154][ T5837] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[ 1317.027347][T20808] siw: device registration error -23
[ 1317.410732][ T5837] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1317.421181][ T5837] usb 4-1: config 0 has no interface number 0
[ 1317.427299][ T5837] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0xE has an invalid bInterval 0, changing to 7
[ 1317.438463][ T5837] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0xE has invalid wMaxPacketSize 0
[ 1317.550751][ T5837] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 14
[ 1317.629359][ T5837] usb 4-1: config 0 interface 52 has no altsetting 0
[ 1317.636130][ T5837] usb 4-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00
[ 1317.645180][ T5837] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1317.663379][ T5837] usb 4-1: config 0 descriptor??
[ 1317.673597][T20809] netlink: 44 bytes leftover after parsing attributes in process `syz.6.4229'.
[ 1317.879951][T11461] usb 3-1: USB disconnect, device number 43
[ 1318.163883][T20821] FAULT_INJECTION: forcing a failure.
[ 1318.163883][T20821] name failslab, interval 1, probability 0, space 0, times 0
[ 1318.181729][T20821] CPU: 0 UID: 0 PID: 20821 Comm: syz.6.4231 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1318.181752][T20821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1318.181761][T20821] Call Trace:
[ 1318.181767][T20821]  <TASK>
[ 1318.181774][T20821]  dump_stack_lvl+0x16c/0x1f0
[ 1318.181805][T20821]  should_fail_ex+0x512/0x640
[ 1318.181832][T20821]  ? __kmalloc_noprof+0xbf/0x510
[ 1318.181866][T20821]  ? ip_options_get+0xad/0x4d0
[ 1318.181885][T20821]  should_failslab+0xc2/0x120
[ 1318.181902][T20821]  __kmalloc_noprof+0xd2/0x510
[ 1318.181928][T20821]  ? __pfx_tomoyo_supervisor+0x10/0x10
[ 1318.181953][T20821]  ip_options_get+0xad/0x4d0
[ 1318.181975][T20821]  ? find_held_lock+0x2b/0x80
[ 1318.181999][T20821]  ? __pfx_ip_options_get+0x10/0x10
[ 1318.182019][T20821]  ? snprintf+0xc7/0x100
[ 1318.182052][T20821]  ip_cmsg_send+0x94c/0xb90
[ 1318.182085][T20821]  raw_sendmsg+0x8bd/0x3820
[ 1318.182117][T20821]  ? avc_has_perm_noaudit+0x117/0x3b0
[ 1318.182140][T20821]  ? __pfx_raw_sendmsg+0x10/0x10
[ 1318.182172][T20821]  ? avc_has_perm+0x11a/0x1c0
[ 1318.182205][T20821]  ? sock_has_perm+0x259/0x2f0
[ 1318.182244][T20821]  ? __pfx_raw_sendmsg+0x10/0x10
[ 1318.182271][T20821]  inet_sendmsg+0x119/0x140
[ 1318.182298][T20821]  ____sys_sendmsg+0x973/0xc70
[ 1318.182323][T20821]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1318.182357][T20821]  ___sys_sendmsg+0x134/0x1d0
[ 1318.182386][T20821]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1318.182411][T20821]  ? __lock_acquire+0x622/0x1c90
[ 1318.182459][T20821]  __sys_sendmsg+0x16d/0x220
[ 1318.182477][T20821]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1318.182510][T20821]  do_syscall_64+0xcd/0x4c0
[ 1318.182529][T20821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1318.182547][T20821] RIP: 0033:0x7f20b5f8e9a9
[ 1318.182562][T20821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1318.182580][T20821] RSP: 002b:00007f20b3df6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1318.182598][T20821] RAX: ffffffffffffffda RBX: 00007f20b61b5fa0 RCX: 00007f20b5f8e9a9
[ 1318.182609][T20821] RDX: 0000000000000000 RSI: 0000200000000780 RDI: 0000000000000004
[ 1318.182620][T20821] RBP: 00007f20b3df6090 R08: 0000000000000000 R09: 0000000000000000
[ 1318.182631][T20821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1318.182642][T20821] R13: 0000000000000000 R14: 00007f20b61b5fa0 R15: 00007ffd9d2e72e8
[ 1318.182665][T20821]  </TASK>
[ 1318.191432][T20794] netlink: 'syz.3.4224': attribute type 21 has an invalid length.
[ 1318.530724][T20794] netlink: 'syz.3.4224': attribute type 1 has an invalid length.
[ 1318.542497][T20794] netlink: 144 bytes leftover after parsing attributes in process `syz.3.4224'.
[ 1318.586552][ T5889] usb 4-1: USB disconnect, device number 58
[ 1319.150647][   T30] audit: type=1400 audit(2000000016.190:5114): avc:  denied  { map } for  pid=20828 comm="syz.2.4234" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[ 1319.308463][T20833] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1319.385587][T20833] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1319.397287][T20839] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1319.616222][   T30] audit: type=1326 audit(2000000016.750:5115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20835 comm="syz.3.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0d458e9a9 code=0x7ffc0000
[ 1319.644488][   T30] audit: type=1326 audit(2000000016.750:5116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20835 comm="syz.3.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7fc0d458e9a9 code=0x7ffc0000
[ 1320.124537][   T30] audit: type=1326 audit(2000000016.750:5117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20835 comm="syz.3.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0d458e9a9 code=0x7ffc0000
[ 1320.158978][T20846] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[ 1320.165516][T20846] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1320.172967][T20847] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(7)
[ 1320.179468][T20847] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1320.186939][T20847] vhci_hcd vhci_hcd.0: Device attached
[ 1320.187107][T20846] vhci_hcd vhci_hcd.0: Device attached
[ 1320.202990][   T30] audit: type=1326 audit(2000000016.750:5118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20835 comm="syz.3.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc0d458e9a9 code=0x7ffc0000
[ 1320.266621][   T30] audit: type=1326 audit(2000000016.750:5119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20835 comm="syz.3.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0d458e9a9 code=0x7ffc0000
[ 1320.352314][T20850] vhci_hcd: connection closed
[ 1320.364505][ T6054] vhci_hcd: stop threads
[ 1320.373711][ T6054] vhci_hcd: release socket
[ 1320.381349][   T30] audit: type=1326 audit(2000000016.750:5120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20835 comm="syz.3.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fc0d458e9a9 code=0x7ffc0000
[ 1320.397071][ T6054] vhci_hcd: disconnect device
[ 1320.444733][T11461] usb 37-1: new low-speed USB device number 2 using vhci_hcd
[ 1320.478811][T20858] lo speed is unknown, defaulting to 1000
[ 1320.501378][   T30] audit: type=1326 audit(2000000016.750:5121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20835 comm="syz.3.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0d458e9a9 code=0x7ffc0000
[ 1320.527011][T20862] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1321.029002][T20869] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[ 1321.035549][T20869] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1321.043233][T20869] vhci_hcd vhci_hcd.0: Device attached
[ 1321.055814][   T30] audit: type=1326 audit(2000000016.750:5122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20835 comm="syz.3.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fc0d458e9a9 code=0x7ffc0000
[ 1321.082182][T20865] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(7)
[ 1321.088717][T20865] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1321.096317][T20865] vhci_hcd vhci_hcd.0: Device attached
[ 1321.098085][T20849] vhci_hcd: connection reset by peer
[ 1321.104501][   T30] audit: type=1326 audit(2000000016.750:5123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20835 comm="syz.3.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0d458e9a9 code=0x7ffc0000
[ 1321.140155][T20872] vhci_hcd: cannot find the pending unlink 7
[ 1321.189162][   T30] audit: type=1326 audit(2000000016.750:5124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20835 comm="syz.3.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc0d458d310 code=0x7ffc0000
[ 1321.190565][ T1094] vhci_hcd: stop threads
[ 1321.235511][   T30] audit: type=1326 audit(2000000016.750:5125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20835 comm="syz.3.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0d458e9a9 code=0x7ffc0000
[ 1321.269168][ T1094] vhci_hcd: release socket
[ 1321.281638][ T5889] usb 39-1: new low-speed USB device number 4 using vhci_hcd
[ 1321.297594][T20872] vhci_hcd: connection closed
[ 1321.300646][ T1094] vhci_hcd: disconnect device
[ 1321.313373][   T30] audit: type=1326 audit(2000000016.750:5126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20835 comm="syz.3.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc0d458e9a9 code=0x7ffc0000
[ 1321.321166][ T1094] vhci_hcd: stop threads
[ 1321.422704][ T1094] vhci_hcd: release socket
[ 1321.427234][ T1094] vhci_hcd: disconnect device
[ 1321.526602][   T30] audit: type=1326 audit(2000000016.750:5127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20835 comm="syz.3.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0d458e9a9 code=0x7ffc0000
[ 1321.553770][   T30] audit: type=1326 audit(2000000016.750:5128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20835 comm="syz.3.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0d458e9a9 code=0x7ffc0000
[ 1321.581407][   T30] audit: type=1326 audit(2000000016.750:5129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20835 comm="syz.3.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc0d458e9a9 code=0x7ffc0000
[ 1322.523484][T20880] FAULT_INJECTION: forcing a failure.
[ 1322.523484][T20880] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1322.536586][T20880] CPU: 1 UID: 0 PID: 20880 Comm: syz.1.4244 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1322.536611][T20880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1322.536621][T20880] Call Trace:
[ 1322.536626][T20880]  <TASK>
[ 1322.536633][T20880]  dump_stack_lvl+0x16c/0x1f0
[ 1322.536664][T20880]  should_fail_ex+0x512/0x640
[ 1322.536694][T20880]  _copy_to_user+0x32/0xd0
[ 1322.536713][T20880]  simple_read_from_buffer+0xcb/0x170
[ 1322.536742][T20880]  proc_fail_nth_read+0x197/0x270
[ 1322.536758][T20870] vhci_hcd: connection reset by peer
[ 1322.536768][T20880]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1322.536794][T20880]  ? rw_verify_area+0xcf/0x680
[ 1322.536820][T20880]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1322.536842][T20880]  vfs_read+0x1e1/0xc60
[ 1322.536868][T20880]  ? __pfx___mutex_lock+0x10/0x10
[ 1322.536884][T20880]  ? __pfx_vfs_read+0x10/0x10
[ 1322.536912][T20880]  ? __fget_files+0x20e/0x3c0
[ 1322.536933][T20880]  ksys_read+0x12a/0x250
[ 1322.536954][T20880]  ? __pfx_ksys_read+0x10/0x10
[ 1322.536982][T20880]  do_syscall_64+0xcd/0x4c0
[ 1322.536999][T20880]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1322.537015][T20880] RIP: 0033:0x7ff29818d3bc
[ 1322.537029][T20880] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1322.537044][T20880] RSP: 002b:00007ff295ff6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1322.537060][T20880] RAX: ffffffffffffffda RBX: 00007ff2983b6080 RCX: 00007ff29818d3bc
[ 1322.537070][T20880] RDX: 000000000000000f RSI: 00007ff295ff60a0 RDI: 0000000000000008
[ 1322.537080][T20880] RBP: 00007ff295ff6090 R08: 0000000000000000 R09: 0000000000000000
[ 1322.537089][T20880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1322.537099][T20880] R13: 0000000000000000 R14: 00007ff2983b6080 R15: 00007ffcead75bf8
[ 1322.537121][T20880]  </TASK>
[ 1322.550842][   T30] audit: type=1326 audit(2000000016.750:5130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20835 comm="syz.3.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0d458e9a9 code=0x7ffc0000
[ 1322.711064][ T1094] vhci_hcd: stop threads
[ 1322.772401][ T1094] vhci_hcd: release socket
[ 1322.776895][ T1094] vhci_hcd: disconnect device
[ 1322.909134][   T30] audit: type=1326 audit(2000000016.750:5131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20835 comm="syz.3.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0d458e9a9 code=0x7ffc0000
[ 1323.220725][T20899] FAULT_INJECTION: forcing a failure.
[ 1323.220725][T20899] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1323.233857][T20899] CPU: 1 UID: 0 PID: 20899 Comm: syz.2.4249 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1323.233890][T20899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1323.233901][T20899] Call Trace:
[ 1323.233907][T20899]  <TASK>
[ 1323.233915][T20899]  dump_stack_lvl+0x16c/0x1f0
[ 1323.233947][T20899]  should_fail_ex+0x512/0x640
[ 1323.233978][T20899]  _copy_from_user+0x2e/0xd0
[ 1323.233997][T20899]  ____sys_sendmsg+0x607/0xc70
[ 1323.234023][T20899]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1323.234057][T20899]  ___sys_sendmsg+0x134/0x1d0
[ 1323.234087][T20899]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1323.234112][T20899]  ? __lock_acquire+0x622/0x1c90
[ 1323.234161][T20899]  __sys_sendmsg+0x16d/0x220
[ 1323.234179][T20899]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1323.234212][T20899]  do_syscall_64+0xcd/0x4c0
[ 1323.234232][T20899]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1323.234251][T20899] RIP: 0033:0x7f855f98e9a9
[ 1323.234266][T20899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1323.234283][T20899] RSP: 002b:00007f855d7d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1323.234300][T20899] RAX: ffffffffffffffda RBX: 00007f855fbb6160 RCX: 00007f855f98e9a9
[ 1323.234312][T20899] RDX: 0000000000000000 RSI: 0000200000000780 RDI: 0000000000000008
[ 1323.234324][T20899] RBP: 00007f855d7d5090 R08: 0000000000000000 R09: 0000000000000000
[ 1323.234335][T20899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1323.234346][T20899] R13: 0000000000000000 R14: 00007f855fbb6160 R15: 00007fff2d21f258
[ 1323.234371][T20899]  </TASK>
[ 1325.264236][T20917] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(7)
[ 1325.270781][T20917] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1325.278776][T20917] vhci_hcd vhci_hcd.0: Device attached
[ 1325.279857][T20918] vhci_hcd vhci_hcd.0: pdev(6) rhport(1) sockfd(7)
[ 1325.290715][T20918] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1325.300867][T20918] vhci_hcd vhci_hcd.0: Device attached
[ 1325.307512][T20922] vhci_hcd: connection closed
[ 1325.310660][ T6054] vhci_hcd: stop threads
[ 1325.319572][ T6054] vhci_hcd: release socket
[ 1325.334149][ T6054] vhci_hcd: disconnect device
[ 1325.396949][T20927] lo speed is unknown, defaulting to 1000
[ 1325.570594][ T5882] usb 45-1: new low-speed USB device number 3 using vhci_hcd
[ 1325.632134][T20921] vhci_hcd: connection reset by peer
[ 1325.637874][   T49] vhci_hcd: stop threads
[ 1325.668860][T11461] vhci_hcd: vhci_device speed not set
[ 1325.705116][   T49] vhci_hcd: release socket
[ 1325.712694][   T49] vhci_hcd: disconnect device
[ 1325.777289][T20935] 9pnet_fd: Insufficient options for proto=fd
[ 1325.808401][T20935] 9pnet_fd: Insufficient options for proto=fd
[ 1325.881302][T20935] 9pnet_fd: Insufficient options for proto=fd
[ 1325.887834][T20935] 9pnet_fd: Insufficient options for proto=fd
[ 1325.915691][T20935] 9pnet_fd: Insufficient options for proto=fd
[ 1325.936798][T20937] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1325.950886][T20935] 9pnet_fd: Insufficient options for proto=fd
[ 1325.957391][T20935] 9pnet_fd: Insufficient options for proto=fd
[ 1325.967299][T20937] syzkaller0: entered promiscuous mode
[ 1325.976411][T20935] 9pnet_fd: Insufficient options for proto=fd
[ 1325.991655][T20937] syzkaller0: entered allmulticast mode
[ 1326.161028][T20935] 9pnet_fd: Insufficient options for proto=fd
[ 1326.178497][T20935] 9pnet_fd: Insufficient options for proto=fd
[ 1326.195131][T20935] 9pnet_fd: Insufficient options for proto=fd
[ 1326.355257][T20935] 9pnet_fd: Insufficient options for proto=fd
[ 1326.571337][T20935] 9pnet_fd: Insufficient options for proto=fd
[ 1326.591120][T20935] 9pnet_fd: Insufficient options for proto=fd
[ 1326.597606][T20935] 9pnet_fd: Insufficient options for proto=fd
[ 1326.604146][T20935] 9pnet_fd: Insufficient options for proto=fd
[ 1326.610645][ T5889] vhci_hcd: vhci_device speed not set
[ 1326.610696][T20936] tipc: Resetting bearer <eth:syzkaller0>
[ 1326.655829][T20936] tipc: Disabling bearer <eth:syzkaller0>
[ 1327.468419][T20965] FAULT_INJECTION: forcing a failure.
[ 1327.468419][T20965] name failslab, interval 1, probability 0, space 0, times 0
[ 1327.650653][T20965] CPU: 0 UID: 0 PID: 20965 Comm: syz.6.4267 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1327.650683][T20965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1327.650695][T20965] Call Trace:
[ 1327.650702][T20965]  <TASK>
[ 1327.650710][T20965]  dump_stack_lvl+0x16c/0x1f0
[ 1327.650744][T20965]  should_fail_ex+0x512/0x640
[ 1327.650770][T20965]  ? __kmalloc_noprof+0xbf/0x510
[ 1327.650799][T20965]  ? fib6_info_alloc+0x40/0x160
[ 1327.650817][T20965]  should_failslab+0xc2/0x120
[ 1327.650835][T20965]  __kmalloc_noprof+0xd2/0x510
[ 1327.650867][T20965]  fib6_info_alloc+0x40/0x160
[ 1327.650887][T20965]  ip6_route_info_create+0x14c/0x870
[ 1327.650913][T20965]  ? nla_find+0x7b/0x130
[ 1327.650933][T20965]  ip6_route_multipath_add+0xcb6/0x1bd0
[ 1327.650967][T20965]  ? __pfx_rtm_to_fib6_config+0x10/0x10
[ 1327.650985][T20965]  ? __pfx_ip6_route_multipath_add+0x10/0x10
[ 1327.651031][T20965]  ? avc_has_perm_noaudit+0x117/0x3b0
[ 1327.651058][T20965]  ? avc_has_perm_noaudit+0x149/0x3b0
[ 1327.651082][T20965]  ? inet6_rtm_newroute+0xe4/0x1a0
[ 1327.651108][T20965]  inet6_rtm_newroute+0xe4/0x1a0
[ 1327.651134][T20965]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[ 1327.651162][T20965]  ? __lock_acquire+0x622/0x1c90
[ 1327.651191][T20965]  ? find_held_lock+0x2b/0x80
[ 1327.651213][T20965]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[ 1327.651243][T20965]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[ 1327.651268][T20965]  ? rtnetlink_rcv_msg+0x93a/0xe90
[ 1327.651289][T20965]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[ 1327.651316][T20965]  rtnetlink_rcv_msg+0x95e/0xe90
[ 1327.651337][T20965]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1327.651363][T20965]  ? ref_tracker_free+0x37c/0x830
[ 1327.651384][T20965]  netlink_rcv_skb+0x155/0x420
[ 1327.651406][T20965]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1327.651426][T20965]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1327.651456][T20965]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1327.651485][T20965]  netlink_unicast+0x58d/0x850
[ 1327.651510][T20965]  ? __pfx_netlink_unicast+0x10/0x10
[ 1327.651538][T20965]  netlink_sendmsg+0x8d1/0xdd0
[ 1327.651563][T20965]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1327.651594][T20965]  ____sys_sendmsg+0xa95/0xc70
[ 1327.651617][T20965]  ? copy_msghdr_from_user+0x10a/0x160
[ 1327.651645][T20965]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1327.651679][T20965]  ___sys_sendmsg+0x134/0x1d0
[ 1327.651708][T20965]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1327.651734][T20965]  ? __lock_acquire+0x622/0x1c90
[ 1327.651780][T20965]  __sys_sendmsg+0x16d/0x220
[ 1327.651798][T20965]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1327.651831][T20965]  do_syscall_64+0xcd/0x4c0
[ 1327.651853][T20965]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1327.651871][T20965] RIP: 0033:0x7f20b5f8e9a9
[ 1327.651886][T20965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1327.651905][T20965] RSP: 002b:00007f20b3df6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1327.651924][T20965] RAX: ffffffffffffffda RBX: 00007f20b61b5fa0 RCX: 00007f20b5f8e9a9
[ 1327.651936][T20965] RDX: 0000000000048002 RSI: 0000200000000080 RDI: 0000000000000003
[ 1327.651947][T20965] RBP: 00007f20b3df6090 R08: 0000000000000000 R09: 0000000000000000
[ 1327.651958][T20965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1327.651968][T20965] R13: 0000000000000000 R14: 00007f20b61b5fa0 R15: 00007ffd9d2e72e8
[ 1327.651992][T20965]  </TASK>
[ 1327.976622][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1329.000731][T20975] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1329.508133][T20985] lo speed is unknown, defaulting to 1000
[ 1329.672982][T20990] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4270'.
[ 1330.813097][ T5882] vhci_hcd: vhci_device speed not set
[ 1331.054842][T21014] overlayfs: conflicting options: userxattr,redirect_dir=on
[ 1332.325966][T21029] netlink: 248 bytes leftover after parsing attributes in process `syz.1.4283'.
[ 1333.603962][   T30] kauditd_printk_skb: 19 callbacks suppressed
[ 1333.603994][   T30] audit: type=1400 audit(2000000030.730:5151): avc:  denied  { watch_sb } for  pid=21041 comm="syz.6.4289" path="/238/file0" dev="tmpfs" ino=1338 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 1334.177525][T21050] snd_virmidi snd_virmidi.0: control 0:0:128:syz0:0 is already present
[ 1335.394734][T21065] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(7)
[ 1335.401276][T21065] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1335.408729][T21065] vhci_hcd vhci_hcd.0: Device attached
[ 1335.414960][T21062] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[ 1335.421487][T21062] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1335.428967][T21062] vhci_hcd vhci_hcd.0: Device attached
[ 1335.534308][T21066] vhci_hcd: connection closed
[ 1335.534714][ T1094] vhci_hcd: stop threads
[ 1335.577779][ T1094] vhci_hcd: release socket
[ 1335.602625][ T1094] vhci_hcd: disconnect device
[ 1335.722542][T14412] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1335.732022][T14412] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1335.740652][T14412] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1335.749161][T14412] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1335.756193][T16319] usb 39-1: new low-speed USB device number 5 using vhci_hcd
[ 1335.766350][T14412] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1335.778277][ T5832] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1335.788770][ T5832] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1335.800062][ T5832] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1335.814271][ T5832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1335.825822][ T5832] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1335.899558][T21076] lo speed is unknown, defaulting to 1000
[ 1336.021361][   T30] audit: type=1400 audit(2000000033.150:5152): avc:  denied  { ioctl } for  pid=21079 comm="syz.6.4294" path="socket:[72283]" dev="sockfs" ino=72283 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[ 1336.110945][T21063] vhci_hcd: connection reset by peer
[ 1336.130556][ T1094] vhci_hcd: stop threads
[ 1336.147712][ T1094] vhci_hcd: release socket
[ 1336.164875][ T1094] vhci_hcd: disconnect device
[ 1336.213278][T21090] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4296'.
[ 1337.798591][   T30] audit: type=1400 audit(2000000034.930:5153): avc:  denied  { setattr } for  pid=21102 comm="syz.5.4298" name="RXRPC" dev="sockfs" ino=72332 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1337.821464][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1337.918263][   T30] audit: type=1400 audit(2000000035.050:5154): avc:  denied  { setopt } for  pid=21102 comm="syz.5.4298" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1337.937994][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1337.944400][ T5832] Bluetooth: hci1: command tx timeout
[ 1337.978862][T21076] chnl_net:caif_netlink_parms(): no params data found
[ 1338.323909][T21119] FAULT_INJECTION: forcing a failure.
[ 1338.323909][T21119] name failslab, interval 1, probability 0, space 0, times 0
[ 1338.369991][T21119] CPU: 0 UID: 0 PID: 21119 Comm: syz.1.4302 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1338.370009][T21119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1338.370016][T21119] Call Trace:
[ 1338.370020][T21119]  <TASK>
[ 1338.370025][T21119]  dump_stack_lvl+0x16c/0x1f0
[ 1338.370047][T21119]  should_fail_ex+0x512/0x640
[ 1338.370064][T21119]  ? __kmalloc_noprof+0xbf/0x510
[ 1338.370082][T21119]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[ 1338.370099][T21119]  should_failslab+0xc2/0x120
[ 1338.370110][T21119]  __kmalloc_noprof+0xd2/0x510
[ 1338.370128][T21119]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[ 1338.370147][T21119]  genl_family_rcv_msg_doit+0xbf/0x2f0
[ 1338.370163][T21119]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1338.370182][T21119]  ? bpf_lsm_capable+0x9/0x10
[ 1338.370196][T21119]  ? security_capable+0x7e/0x260
[ 1338.370211][T21119]  ? ns_capable+0xd7/0x110
[ 1338.370226][T21119]  genl_rcv_msg+0x55c/0x800
[ 1338.370242][T21119]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1338.370257][T21119]  ? __pfx_l2tp_nl_cmd_tunnel_delete+0x10/0x10
[ 1338.370274][T21119]  netlink_rcv_skb+0x155/0x420
[ 1338.370286][T21119]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1338.370301][T21119]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1338.370320][T21119]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1338.370333][T21119]  genl_rcv+0x28/0x40
[ 1338.370346][T21119]  netlink_unicast+0x58d/0x850
[ 1338.370360][T21119]  ? __pfx_netlink_unicast+0x10/0x10
[ 1338.370381][T21119]  netlink_sendmsg+0x8d1/0xdd0
[ 1338.370396][T21119]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1338.370419][T21119]  ____sys_sendmsg+0xa95/0xc70
[ 1338.370441][T21119]  ? copy_msghdr_from_user+0x10a/0x160
[ 1338.370460][T21119]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1338.370480][T21119]  ___sys_sendmsg+0x134/0x1d0
[ 1338.370502][T21119]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1338.370525][T21119]  ? __lock_acquire+0x622/0x1c90
[ 1338.370571][T21119]  __sys_sendmsg+0x16d/0x220
[ 1338.370588][T21119]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1338.370620][T21119]  do_syscall_64+0xcd/0x4c0
[ 1338.370639][T21119]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1338.370656][T21119] RIP: 0033:0x7ff29818e9a9
[ 1338.370672][T21119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1338.370688][T21119] RSP: 002b:00007ff298f1b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1338.370704][T21119] RAX: ffffffffffffffda RBX: 00007ff2983b5fa0 RCX: 00007ff29818e9a9
[ 1338.370716][T21119] RDX: 0000000000000040 RSI: 0000200000000440 RDI: 0000000000000003
[ 1338.370726][T21119] RBP: 00007ff298f1b090 R08: 0000000000000000 R09: 0000000000000000
[ 1338.370737][T21119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1338.370747][T21119] R13: 0000000000000000 R14: 00007ff2983b5fa0 R15: 00007ffcead75bf8
[ 1338.370771][T21119]  </TASK>
[ 1338.762883][T21076] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1338.769985][T21076] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1338.778079][T21076] bridge_slave_0: entered allmulticast mode
[ 1338.784800][T21076] bridge_slave_0: entered promiscuous mode
[ 1338.791837][T21076] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1338.798914][T21076] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1338.806350][T21076] bridge_slave_1: entered allmulticast mode
[ 1338.813051][T21076] bridge_slave_1: entered promiscuous mode
[ 1339.053507][T21076] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1339.163630][T21076] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1339.584900][T21135] vhci_hcd vhci_hcd.0: pdev(6) rhport(1) sockfd(7)
[ 1339.591536][T21135] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1339.598918][T21132] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(7)
[ 1339.605427][T21132] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1339.613088][T21135] vhci_hcd vhci_hcd.0: Device attached
[ 1339.613265][T21132] vhci_hcd vhci_hcd.0: Device attached
[ 1339.676302][T21136] vhci_hcd: connection closed
[ 1339.676631][   T49] vhci_hcd: stop threads
[ 1339.697597][   T49] vhci_hcd: release socket
[ 1339.724827][   T49] vhci_hcd: disconnect device
[ 1339.732631][T21076] team0: Port device team_slave_0 added
[ 1339.759564][T21076] team0: Port device team_slave_1 added
[ 1339.796550][T21139] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1339.814133][T21139] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1339.850896][ T5882] usb 45-1: new low-speed USB device number 4 using vhci_hcd
[ 1339.863175][T21076] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1339.870274][T21076] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1339.902675][T21076] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1340.222901][T21133] vhci_hcd: connection reset by peer
[ 1340.231190][T21139] 
[ 1340.233514][T21139] ======================================================
[ 1340.240589][T21139] WARNING: possible circular locking dependency detected
[ 1340.247578][T21139] 6.16.0-rc7-syzkaller #0 Not tainted
[ 1340.252917][T21139] ------------------------------------------------------
[ 1340.259901][T21139] syz.1.4307/21139 is trying to acquire lock:
[ 1340.265932][T21139] ffff88802af19840 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: __flush_work+0x4d0/0xcc0
[ 1340.277465][T21139] 
[ 1340.277465][T21139] but task is already holding lock:
[ 1340.284799][T21139] ffff88802af19b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x730
[ 1340.293657][T21139] 
[ 1340.293657][T21139] which lock already depends on the new lock.
[ 1340.293657][T21139] 
[ 1340.304056][T21139] 
[ 1340.304056][T21139] the existing dependency chain (in reverse order) is:
[ 1340.313060][T21139] 
[ 1340.313060][T21139] -> #1 (&conn->lock#2){+.+.}-{4:4}:
[ 1340.320530][T21139]        __mutex_lock+0x199/0xb90
[ 1340.325540][T21139]        l2cap_info_timeout+0x79/0xa0
[ 1340.330900][T21139]        process_one_work+0x9cf/0x1b70
[ 1340.336345][T21139]        worker_thread+0x6c8/0xf10
[ 1340.341445][T21139]        kthread+0x3c5/0x780
[ 1340.346018][T21139]        ret_from_fork+0x5d4/0x6f0
[ 1340.351120][T21139]        ret_from_fork_asm+0x1a/0x30
[ 1340.356391][T21139] 
[ 1340.356391][T21139] -> #0 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}:
[ 1340.366622][T21139]        __lock_acquire+0x126f/0x1c90
[ 1340.371973][T21139]        lock_acquire+0x179/0x350
[ 1340.376975][T21139]        __flush_work+0x4e4/0xcc0
[ 1340.382002][T21139]        __cancel_work_sync+0x10c/0x130
[ 1340.387534][T21139]        l2cap_conn_del+0x5af/0x730
[ 1340.392737][T21139]        l2cap_connect_cfm+0x9e1/0xf80
[ 1340.398206][T21139]        hci_conn_failed+0x1ba/0x330
[ 1340.403475][T21139]        hci_abort_conn_sync+0x762/0xb10
[ 1340.409092][T21139]        hci_disconnect_all_sync.constprop.0+0x104/0x3c0
[ 1340.416102][T21139]        hci_suspend_sync+0x770/0xab0
[ 1340.421465][T21139]        hci_suspend_dev+0x308/0x500
[ 1340.426731][T21139]        hci_suspend_notifier+0x28d/0x2f0
[ 1340.432433][T21139]        notifier_call_chain+0xbc/0x410
[ 1340.437968][T21139]        blocking_notifier_call_chain_robust+0xc8/0x160
[ 1340.444891][T21139]        pm_notifier_call_chain_robust+0x27/0x60
[ 1340.451210][T21139]        snapshot_open+0x189/0x2b0
[ 1340.456323][T21139]        misc_open+0x35a/0x420
[ 1340.461074][T21139]        chrdev_open+0x234/0x6a0
[ 1340.465991][T21139]        do_dentry_open+0x744/0x1c10
[ 1340.471266][T21139]        vfs_open+0x82/0x3f0
[ 1340.475840][T21139]        path_openat+0x1de4/0x2cb0
[ 1340.480942][T21139]        do_filp_open+0x20b/0x470
[ 1340.485956][T21139]        do_sys_openat2+0x11b/0x1d0
[ 1340.491138][T21139]        __x64_sys_openat+0x174/0x210
[ 1340.496494][T21139]        do_syscall_64+0xcd/0x4c0
[ 1340.501500][T21139]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1340.507897][T21139] 
[ 1340.507897][T21139] other info that might help us debug this:
[ 1340.507897][T21139] 
[ 1340.518102][T21139]  Possible unsafe locking scenario:
[ 1340.518102][T21139] 
[ 1340.525531][T21139]        CPU0                    CPU1
[ 1340.530878][T21139]        ----                    ----
[ 1340.536221][T21139]   lock(&conn->lock#2);
[ 1340.540453][T21139]                                lock((work_completion)(&(&conn->info_timer)->work));
[ 1340.549978][T21139]                                lock(&conn->lock#2);
[ 1340.556730][T21139]   lock((work_completion)(&(&conn->info_timer)->work));
[ 1340.563737][T21139] 
[ 1340.563737][T21139]  *** DEADLOCK ***
[ 1340.563737][T21139] 
[ 1340.571860][T21139] 8 locks held by syz.1.4307/21139:
[ 1340.577034][T21139]  #0: ffffffff8f2fec28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x420
[ 1340.585467][T21139]  #1: ffffffff8e4883a8 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0
[ 1340.595808][T21139]  #2: ffffffff8e4c8a90 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0xa8/0x160
[ 1340.607630][T21139]  #3: ffff88803385cdc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_suspend_dev+0x300/0x500
[ 1340.617270][T21139]  #4: ffff88803385c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x13f/0xb10
[ 1340.626923][T21139]  #5: ffffffff905cfe68 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x14f/0x330
[ 1340.636680][T21139]  #6: ffff88802af19b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x730
[ 1340.645998][T21139]  #7: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xfb/0xcc0
[ 1340.655126][T21139] 
[ 1340.655126][T21139] stack backtrace:
[ 1340.660997][T21139] CPU: 1 UID: 0 PID: 21139 Comm: syz.1.4307 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1340.661017][T21139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1340.661026][T21139] Call Trace:
[ 1340.661032][T21139]  <TASK>
[ 1340.661038][T21139]  dump_stack_lvl+0x116/0x1f0
[ 1340.661064][T21139]  print_circular_bug+0x275/0x350
[ 1340.661087][T21139]  check_noncircular+0x14c/0x170
[ 1340.661111][T21139]  __lock_acquire+0x126f/0x1c90
[ 1340.661128][T21139]  lock_acquire+0x179/0x350
[ 1340.661140][T21139]  ? __flush_work+0x4d0/0xcc0
[ 1340.661158][T21139]  ? mark_held_locks+0x49/0x80
[ 1340.661180][T21139]  ? __flush_work+0x4d0/0xcc0
[ 1340.661196][T21139]  __flush_work+0x4e4/0xcc0
[ 1340.661213][T21139]  ? __flush_work+0x4d0/0xcc0
[ 1340.661230][T21139]  ? detach_if_pending+0x1e1/0x280
[ 1340.661251][T21139]  ? __pfx___flush_work+0x10/0x10
[ 1340.661269][T21139]  ? __pfx_wq_barrier_func+0x10/0x10
[ 1340.661293][T21139]  ? __pfx___might_resched+0x10/0x10
[ 1340.661314][T21139]  __cancel_work_sync+0x10c/0x130
[ 1340.661332][T21139]  l2cap_conn_del+0x5af/0x730
[ 1340.661352][T21139]  ? hci_conn_failed+0x14f/0x330
[ 1340.661370][T21139]  l2cap_connect_cfm+0x9e1/0xf80
[ 1340.661394][T21139]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1340.661417][T21139]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1340.661439][T21139]  hci_conn_failed+0x1ba/0x330
[ 1340.661456][T21139]  hci_abort_conn_sync+0x762/0xb10
[ 1340.661474][T21139]  ? __pfx_hci_abort_conn_sync+0x10/0x10
[ 1340.661492][T21139]  ? find_held_lock+0x2b/0x80
[ 1340.661510][T21139]  ? hci_disconnect_all_sync.constprop.0+0x77/0x3c0
[ 1340.661528][T21139]  ? hci_disconnect_all_sync.constprop.0+0x77/0x3c0
[ 1340.661546][T21139]  hci_disconnect_all_sync.constprop.0+0x104/0x3c0
[ 1340.661565][T21139]  hci_suspend_sync+0x770/0xab0
[ 1340.661584][T21139]  ? __pfx_hci_suspend_sync+0x10/0x10
[ 1340.661608][T21139]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[ 1340.661632][T21139]  hci_suspend_dev+0x308/0x500
[ 1340.661646][T21139]  ? __pfx_hci_suspend_dev+0x10/0x10
[ 1340.661659][T21139]  ? rcu_barrier+0x341/0x6e0
[ 1340.661673][T21139]  ? kobject_get+0xbb/0x150
[ 1340.661687][T21139]  hci_suspend_notifier+0x28d/0x2f0
[ 1340.661702][T21139]  notifier_call_chain+0xbc/0x410
[ 1340.661723][T21139]  ? __pfx_hci_suspend_notifier+0x10/0x10
[ 1340.661739][T21139]  blocking_notifier_call_chain_robust+0xc8/0x160
[ 1340.661762][T21139]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[ 1340.661786][T21139]  ? do_raw_spin_unlock+0x172/0x230
[ 1340.661803][T21139]  pm_notifier_call_chain_robust+0x27/0x60
[ 1340.661827][T21139]  snapshot_open+0x189/0x2b0
[ 1340.661849][T21139]  ? __pfx_snapshot_open+0x10/0x10
[ 1340.661870][T21139]  misc_open+0x35a/0x420
[ 1340.661890][T21139]  ? __pfx_misc_open+0x10/0x10
[ 1340.661909][T21139]  chrdev_open+0x234/0x6a0
[ 1340.661923][T21139]  ? __pfx_chrdev_open+0x10/0x10
[ 1340.661938][T21139]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1340.661963][T21139]  do_dentry_open+0x744/0x1c10
[ 1340.661985][T21139]  ? __pfx_chrdev_open+0x10/0x10
[ 1340.662001][T21139]  vfs_open+0x82/0x3f0
[ 1340.662017][T21139]  path_openat+0x1de4/0x2cb0
[ 1340.662044][T21139]  ? __pfx_path_openat+0x10/0x10
[ 1340.662067][T21139]  ? __lock_acquire+0xb8a/0x1c90
[ 1340.662080][T21139]  do_filp_open+0x20b/0x470
[ 1340.662102][T21139]  ? __pfx_do_filp_open+0x10/0x10
[ 1340.662131][T21139]  ? alloc_fd+0x471/0x7d0
[ 1340.662156][T21139]  do_sys_openat2+0x11b/0x1d0
[ 1340.662172][T21139]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1340.662192][T21139]  __x64_sys_openat+0x174/0x210
[ 1340.662209][T21139]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1340.662229][T21139]  do_syscall_64+0xcd/0x4c0
[ 1340.662244][T21139]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1340.662260][T21139] RIP: 0033:0x7ff29818e9a9
[ 1340.662272][T21139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1340.662288][T21139] RSP: 002b:00007ff295ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1340.662302][T21139] RAX: ffffffffffffffda RBX: 00007ff2983b6080 RCX: 00007ff29818e9a9
[ 1340.662312][T21139] RDX: 0000000000040000 RSI: 0000200000000680 RDI: ffffffffffffff9c
[ 1340.662321][T21139] RBP: 00007ff298210d69 R08: 0000000000000000 R09: 0000000000000000
[ 1340.662330][T21139] R10: 0000000000000019 R11: 0000000000000246 R12: 0000000000000000
[ 1340.662339][T21139] R13: 0000000000000000 R14: 00007ff2983b6080 R15: 00007ffcead75bf8
[ 1340.662353][T21139]  </TASK>
[ 1340.662402][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1341.088998][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1341.228492][T16137] vhci_hcd: stop threads
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1341.250941][T16137] vhci_hcd: release socket
[ 1341.290575][T16319] vhci_hcd: vhci_device speed not set
[ 1341.296258][T16137] vhci_hcd: disconnect device
[ 1341.334400][T21076] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1341.341423][T21076] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1341.375240][ T5896] usb 2-1: USB disconnect, device number 65
[ 1341.393364][T21076] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1341.417508][T21145] FAULT_INJECTION: forcing a failure.
[ 1341.417508][T21145] name failslab, interval 1, probability 0, space 0, times 0
[ 1341.432040][T21145] CPU: 1 UID: 0 PID: 21145 Comm: syz.6.4308 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1341.432066][T21145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1341.432077][T21145] Call Trace:
[ 1341.432083][T21145]  <TASK>
[ 1341.432090][T21145]  dump_stack_lvl+0x16c/0x1f0
[ 1341.432120][T21145]  should_fail_ex+0x512/0x640
[ 1341.432147][T21145]  should_failslab+0xc2/0x120
[ 1341.432165][T21145]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1341.432191][T21145]  ? __alloc_skb+0x2b2/0x380
[ 1341.432220][T21145]  __alloc_skb+0x2b2/0x380
[ 1341.432244][T21145]  ? __pfx___alloc_skb+0x10/0x10
[ 1341.432268][T21145]  ? __pfx_tc_modify_qdisc+0x10/0x10
[ 1341.432295][T21145]  netlink_ack+0x15d/0xb80
[ 1341.432317][T21145]  netlink_rcv_skb+0x332/0x420
[ 1341.432337][T21145]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1341.432356][T21145]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1341.432379][T21145]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1341.432397][T21145]  ? netlink_unicast+0xd9/0x850
[ 1341.432416][T21145]  netlink_unicast+0x58d/0x850
[ 1341.432437][T21145]  ? __pfx_netlink_unicast+0x10/0x10
[ 1341.432458][T21145]  netlink_sendmsg+0x8d1/0xdd0
[ 1341.432478][T21145]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1341.432501][T21145]  ____sys_sendmsg+0xa95/0xc70
[ 1341.432523][T21145]  ? copy_msghdr_from_user+0x10a/0x160
[ 1341.432556][T21145]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1341.432579][T21145]  ? __pfx__kstrtoull+0x10/0x10
[ 1341.432603][T21145]  ___sys_sendmsg+0x134/0x1d0
[ 1341.432630][T21145]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1341.432660][T21145]  ? rcu_is_watching+0x12/0xc0
[ 1341.432689][T21145]  __sys_sendmmsg+0x200/0x420
[ 1341.432706][T21145]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1341.432720][T21145]  ? lock_release+0x201/0x2f0
[ 1341.432739][T21145]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1341.432761][T21145]  ? fput+0x70/0xf0
[ 1341.432780][T21145]  ? ksys_write+0x1ac/0x250
[ 1341.432804][T21145]  ? __pfx_ksys_write+0x10/0x10
[ 1341.432830][T21145]  __x64_sys_sendmmsg+0x9c/0x100
[ 1341.432845][T21145]  ? trace_irq_enable.constprop.0+0xd4/0x120
[ 1341.432867][T21145]  do_syscall_64+0xcd/0x4c0
[ 1341.432884][T21145]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1341.432902][T21145] RIP: 0033:0x7f20b5f8e9a9
[ 1341.432917][T21145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1341.432934][T21145] RSP: 002b:00007f20b3df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1341.432951][T21145] RAX: ffffffffffffffda RBX: 00007f20b61b5fa0 RCX: 00007f20b5f8e9a9
[ 1341.432962][T21145] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[ 1341.432974][T21145] RBP: 00007f20b3df6090 R08: 0000000000000000 R09: 0000000000000000
[ 1341.432984][T21145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1341.432995][T21145] R13: 0000000000000000 R14: 00007f20b61b5fa0 R15: 00007ffd9d2e72e8
[ 1341.433011][T21145]  </TASK>
[ 1341.720278][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1341.760933][ T5832] Bluetooth: hci1: command 0x040f tx timeout
[ 1344.951037][ T5882] vhci_hcd: vhci_device speed not set