last executing test programs:

4m35.911656171s ago: executing program 0 (id=801):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'netdevsim0\x00', <r3=>0x0})
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000040)={r3, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x10)
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f00000006c0)={r3, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x10)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/address_bits', 0xa0000, 0x122)
r5 = open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
fcntl$setlease(r5, 0x400, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000009c0)={0x0, r4}, 0x8)
name_to_handle_at(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)=@FILEID_NILFS_WITH_PARENT={0x20, 0x62, {0xd, 0x8, 0x5, 0xff, 0x3}}, &(0x7f0000000180), 0x1000)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000040)=0x90000)
socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000000)={@hyper, 0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r6, 0x7a8, &(0x7f0000000100)={{@hyper, 0x2}, @host, 0x0, 0x0, 0x20005e, 0x0, 0x9, 0x4})
r7 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r7, 0x7a0, &(0x7f0000000200)={@hyper, 0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r7, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x20005e})

4m35.802443145s ago: executing program 0 (id=802):
r0 = socket(0x11, 0xa, 0x5)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000020000103feffffff000000000a000000000000000400010008"], 0x50}}, 0x4000850)
write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000)=@unlock_all, 0x7)
sendmsg$can_bcm(r0, &(0x7f0000000140)={&(0x7f0000000000), 0x10, &(0x7f0000000080)={0x0}, 0x8}, 0x0)

4m35.802215407s ago: executing program 0 (id=803):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
gettid()
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWSETELEM={0x2c, 0xe, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0x54}}, 0x0)

4m35.801084426s ago: executing program 0 (id=804):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x41)
chroot(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00')

4m35.732833967s ago: executing program 0 (id=805):
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$VIDIOC_STREAMOFF(r0, 0x40045613, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="be", 0x1}], 0x1}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r6 = dup(r5)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, &(0x7f0000000040)=@x86={0x7, 0x4e, 0x8c, 0x0, 0x4, 0xeb, 0x1, 0x23, 0x7, 0xa0, 0xa, 0x1, 0x0, 0x7, 0x6, 0x5, 0x7, 0x2, 0xda, '\x00', 0x0, 0xaa})
ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f00000000c0)=0xffff)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

4m35.461922867s ago: executing program 0 (id=806):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@newlink={0x5c, 0x10, 0x401, 0x4002, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x1d188}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0xe, 0xc}}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x8100}]}}}, @IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}]}, 0x5c}}, 0x0)

4m35.419416345s ago: executing program 32 (id=806):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@newlink={0x5c, 0x10, 0x401, 0x4002, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x1d188}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0xe, 0xc}}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x8100}]}}}, @IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}]}, 0x5c}}, 0x0)

3m19.530114041s ago: executing program 3 (id=1699):
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id='])
read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, <r1=>0x0}, 0x2020)
open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x31008003, 0xfffe}}, 0x50)
read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10)
r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
dup3(r3, r0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r4, 0x0)

3m19.529621138s ago: executing program 3 (id=1700):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000"], 0x48)
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x73, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0585605, &(0x7f0000000080)={0x0, 0x0, @stop_pts=0x6})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_MEMORY_LIMIT={0x8, 0x8, 0x7}]}}]}, 0x3c}}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f00000006c0)={0x254, r7, 0x100, 0x70bd26, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_TX_RATES={0x23c, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x28, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xc, 0x1, [0x18, 0x2, 0x2, 0xe, 0x36, 0x4, 0x24, 0x36]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0x1, 0x2, 0x5, 0x48, 0x48, 0x4, 0x30, 0x24, 0x24]}]}, @NL80211_BAND_5GHZ={0x14, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_60GHZ={0xd0, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x24, 0x2, [{0x4, 0x2}, {0x3, 0x4}, {0x3, 0x2}, {0x4, 0x8}, {0x4, 0x2}, {0x4, 0x5}, {0x6, 0x3}, {0x4, 0x8}, {0x1, 0x2}, {0x5, 0x4}, {0x7, 0x8}, {0x6, 0x5}, {0x6, 0x7}, {0x0, 0x6}, {0x1, 0x8}, {0x6, 0x5}, {0x6, 0x3}, {0x3, 0x2}, {0x6, 0x8}, {0x6, 0x9}, {0x3, 0x6}, {0x4, 0x2}, {0x7, 0x6}, {0x3}, {0x3, 0x6}, {0x1, 0xa}, {0x7, 0x2}, {0x3, 0x6}, {0x0, 0x5}, {0x0, 0x8}, {0x1, 0x3}, {0x5, 0x8}]}, @NL80211_TXRATE_HT={0x2e, 0x2, [{0x5, 0x3}, {0x3, 0x4}, {0x5, 0x2}, {0x5, 0x3}, {0x1, 0x8}, {0x1, 0x6}, {0x4}, {0x4, 0x2}, {0x1, 0xa}, {0x7, 0x9}, {0x4, 0x1}, {0x0, 0x8}, {0x2, 0x5}, {0x0, 0x6}, {0x0, 0x3}, {0x2, 0x8}, {0x7, 0x2}, {0x6, 0x8}, {0x0, 0x1}, {0x7, 0x8}, {0x2, 0xa}, {0x6, 0x2}, {0x5, 0x1}, {0x3}, {0x2, 0x7}, {0x7, 0x4}, {0x3, 0x8}, {0x7, 0x8}, {0x2, 0x7}, {0x1, 0x3}, {0x3, 0x8}, {0x0, 0x6}, {0x2, 0x5}, {0x6, 0x4}, {0x7, 0x7}, {0x7, 0x6}, {0x1, 0x3}, {0x4, 0x4}, {0x1, 0x9}, {0x2, 0x9}, {0x7, 0x5}, {0x6, 0x4}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x6, 0xd, 0x2, 0x4cb4, 0x7, 0x1ff, 0x3, 0x8]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xf802, 0x3, 0x2, 0x1, 0xcc96, 0x800, 0x72a, 0x200]}}, @NL80211_TXRATE_HT={0x10, 0x2, [{0x5, 0x9}, {0x4, 0x1}, {}, {0x1, 0x5}, {0x0, 0x5}, {0x2, 0x7}, {0x5, 0x7}, {0x1, 0xa}, {0x0, 0x9}, {0x2, 0x4}, {0x6, 0x1}, {0x5, 0x1}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x4, 0x4, 0x4000, 0xf088, 0xff00, 0x2, 0xfe01]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x3a3d, 0x8ed2, 0x8000, 0xfff2, 0x6, 0x8, 0x6, 0xa]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_60GHZ={0x6c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x8, 0x1, 0x3, 0x400, 0x9, 0x7, 0x5]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x80a, 0x2, 0x7f, 0xbb2, 0x5, 0x80, 0x4]}}, @NL80211_TXRATE_HT={0x2f, 0x2, [{0x2, 0x7}, {0x5, 0x1}, {0x2, 0x8}, {0x1, 0x8}, {0x3, 0xa}, {0x7, 0x8}, {0x3, 0x9}, {0x1, 0x8}, {0x4, 0xa}, {0x5, 0x9}, {0x1, 0x9}, {0x1, 0x7}, {0x1, 0x6}, {0x3, 0x9}, {0x0, 0xa}, {0x7, 0x8}, {0x7, 0x4}, {0x2, 0x8}, {0x1, 0x1}, {0x0, 0x6}, {0x6, 0x7}, {0x1, 0x3}, {0x2, 0x5}, {0x1, 0x1}, {0x4, 0x4}, {0x6, 0x9}, {0x2, 0x2}, {0x2, 0x2}, {0x1, 0x1}, {0x6, 0xa}, {0x3, 0x7}, {0x7, 0x6}, {0x1, 0x9}, {0x3, 0xa}, {0x0, 0x6}, {0x3, 0x8}, {0x6, 0x7}, {0x4, 0x4}, {0x6, 0x9}, {0x4, 0x9}, {0x0, 0x3}, {0x3}, {0x1, 0x9}]}]}, @NL80211_BAND_2GHZ={0x58, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x30, 0x2, [{0x3, 0x4}, {0x5, 0x9}, {0x7}, {0x1, 0xa}, {0x6, 0x5}, {0x4, 0x6}, {0x4, 0x6}, {0x2, 0x2}, {0x1, 0x3}, {0x1, 0x1}, {0x7, 0xa}, {0x1}, {0x4, 0x2}, {0x6, 0x9}, {0x7, 0x3}, {0x4, 0x7}, {0x5, 0x3}, {0x3, 0x3}, {0x2, 0x9}, {0x0, 0x1}, {0x2, 0x2}, {0x2, 0x5}, {0x1, 0x4}, {0x4, 0x3}, {0x2, 0x2}, {0x3, 0x2}, {0x3}, {0x4}, {0x5, 0x7}, {0x7, 0x2}, {0x4, 0x1}, {0x7, 0x4}, {0x1, 0x7}, {0x1, 0x4}, {0x6, 0x3}, {0x3, 0x8}, {0x6, 0x7}, {0x3, 0x7}, {0x3, 0xa}, {0x0, 0x3}, {0x2, 0x6}, {0x3, 0x6}, {0x6, 0x1}, {0x3}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x2, 0x3, 0xffe8, 0x401, 0x101, 0x5d3d, 0x2]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_2GHZ={0x40, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x0, 0x6, 0x2, 0x204, 0x7, 0x7, 0x2aa]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_60GHZ={0x28, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7d3e, 0xe7be, 0x8, 0x1, 0x1000, 0x1, 0x4, 0x7]}}]}]}]}, 0x254}, 0x1, 0x0, 0x0, 0x4}, 0x20000000)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r7, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r8, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

3m19.441993044s ago: executing program 3 (id=1701):
socket$inet_tcp(0x2, 0x1, 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$igmp6(0xa, 0x3, 0x2)
socket(0x10, 0x80002, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES64=r1], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

3m19.341866761s ago: executing program 3 (id=1702):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdir(0x0, 0x83)
keyctl$clear(0x3, 0xfffffffffffffffc)
request_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000180)={'syz', 0x3}, &(0x7f00000001c0), 0x0) (fail_nth: 1)

3m19.261224802s ago: executing program 3 (id=1703):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000, 0x2})

3m19.08242441s ago: executing program 3 (id=1706):
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200), 0x40001, 0x0)
writev(r0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000000c0)='3', 0x1}], 0x2)

3m4.079687456s ago: executing program 33 (id=1706):
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200), 0x40001, 0x0)
writev(r0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000000c0)='3', 0x1}], 0x2)

1m49.93453607s ago: executing program 1 (id=2289):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x7, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x35}, 'macvlan1\x00'}}, 0x1e)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'veth0_vlan\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xe32b60fbedc7f0cc}, {0x7}, {0x0, 0xa}}}, 0x24}}, 0x0)
sendmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000980), 0x1000000000000244, 0x0, 0x4a}}], 0x1, 0x24048084)

1m49.565979562s ago: executing program 1 (id=2291):
r0 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r0, &(0x7f0000000500)={0x0, 0x20, &(0x7f00000000c0)=[{&(0x7f0000002640)=""/4096, 0x1000}, {&(0x7f0000000600)=""/235, 0xeb}, {&(0x7f0000000540)=""/167, 0xa7}], 0x3}, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="364000002600913e"], 0xfe33)

1m49.449983793s ago: executing program 1 (id=2292):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x3, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000140)={&(0x7f0000000040)=[0x0, <r1=>0x0, 0x0], &(0x7f0000000080)=[<r2=>0x0, 0x0, <r3=>0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0], 0x3, 0x4, 0x7, 0x4})
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f00000001c0)={&(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000240)={r2, r4, 0x9, 0x9, 0x1})
r5 = openat2(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x4000, 0x10, 0x9}, 0x18)
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000380)={0x0, <r6=>r2, <r7=>r1, 0x0, 0x0, 0x7, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f00000003c0)={&(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], 0x4, r6})
madvise(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2)
r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000440), 0x303800)
close_range(r0, r8, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f00000004c0)={&(0x7f0000000480)=[0x0, <r9=>0x0, 0x0, 0x0], 0x4})
ioctl$DRM_IOCTL_MODE_SETPLANE(r5, 0xc03064b7, &(0x7f0000000500)={r9, r3, r7, 0x0, 0x5298, 0x5, 0x5, 0x5, 0xffff21f4, 0x80000001, 0x0, 0xfffffffe})
clock_gettime(0x0, &(0x7f0000000600)={<r10=>0x0, <r11=>0x0})
pselect6(0x40, &(0x7f0000000540)={0xd00, 0xfffffffffffffffa, 0x5, 0x3, 0xfffffffffffffffb, 0xc, 0x4, 0x9}, &(0x7f0000000580)={0x8000000000000000, 0x3, 0x5, 0x800, 0x3, 0x23, 0x100, 0x80000001}, &(0x7f00000005c0)={0x10, 0x1ff, 0x7, 0x5, 0xb2, 0x4, 0x1cc0000000, 0x5}, &(0x7f0000000640)={r10, r11+10000000}, &(0x7f00000006c0)={&(0x7f0000000680)={[0x800]}, 0x8})
ioctl$NBD_SET_SIZE_BLOCKS(r5, 0xab07, 0x1)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r5, 0xc0189378, &(0x7f0000000700)={{0x1, 0x1, 0x18, <r12=>r5, {<r13=>r5}}, './file0\x00'})
ioctl$CDROMPLAYTRKIND(r12, 0x5304, &(0x7f0000000740)={0xf3, 0xf4, 0x1, 0x3})
ioctl$HIDIOCGCOLLECTIONINFO(r5, 0xc0104811, &(0x7f0000000780)={0x1, 0x4, 0xfffffff4, 0x7f})
pipe2(&(0x7f00000007c0)={0xffffffffffffffff, <r14=>0xffffffffffffffff}, 0x0)
sendto$phonet(r14, &(0x7f0000000800)="24e8e80e2acf233efde4895e2ce9f79f8e91108591097fac551cf475b9d4dec380578ed422913eb6d0d947d899752e2eb75485326e3af7b6e109328302cf879cf2de5e89f414a438ffbafc1b8923265ff0380c5f83b415988a9355a843f641dd27fdea23fc51cbd071fa47ef8c1cfb41bd9d2c9334fa189834043ea6cdff0b9d6a8f836cb0816a9f3e6ec3fd7c72526e6963a618925d50096700e801ebb6ab78a88e2c85cd849da82271e495e5431ec627fac502a1974cd477050137c845ca06d15c", 0xc2, 0x4008014, 0x0, 0x0)
read$FUSE(r14, &(0x7f0000000900)={0x2020}, 0x2020)
ioctl$DRM_IOCTL_MODE_GETGAMMA(r14, 0xc02064a4, &(0x7f0000002a00)={0x0, 0x1, &(0x7f0000002940)=[0x8], &(0x7f0000002980)=[0xdde, 0x5, 0x1, 0xfffe, 0x1000], &(0x7f00000029c0)=[0xfffd, 0xa323, 0x3]})
ioctl$DRM_IOCTL_MODE_SETGAMMA(r12, 0xc02064a5, &(0x7f0000002b00)={r6, 0x6, &(0x7f0000002a40)=[0x2a, 0x200, 0xff62, 0x0, 0x3, 0x9], &(0x7f0000002a80)=[0x0, 0x8000, 0x1000], &(0x7f0000002ac0)=[0x0, 0x9, 0x6, 0x9, 0x2, 0x8, 0xb9e7]})
accept4$inet(r5, 0x0, &(0x7f0000002b40), 0x80000)
ioctl$DRM_IOCTL_MODE_GETFB2(r14, 0xc06864ce, &(0x7f0000002b80)={r7, 0x5, 0xffff0993, 0x3, 0x0, [], [0x4, 0x4, 0x33971f76, 0x3], [0xe0f, 0xb8c, 0x3cbb, 0x10000], [0x0, 0x2, 0x8000000000000000, 0x9f]})
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r12, 0x84, 0x1e, &(0x7f0000002c00), &(0x7f0000002c40)=0x4)
clock_settime(0x5, &(0x7f0000002c80)={0x0, 0x3938700})
mount(&(0x7f0000002cc0)=@sg0, &(0x7f0000002d00)='./file0\x00', &(0x7f0000002d40)='reiserfs\x00', 0x3910020, &(0x7f0000002d80)='/dev/snd/timer\x00')
ioctl$DRM_IOCTL_ADD_CTX(r13, 0xc0086420, &(0x7f0000002dc0)={<r15=>0x0})
ioctl$DRM_IOCTL_DMA(r13, 0xc0406429, &(0x7f0000002f00)={r15, 0x2, &(0x7f0000002e00)=[0x1, 0xfff], &(0x7f0000002e40)=[0xf, 0x2, 0x9, 0xb5, 0x8a10, 0xff, 0x8001, 0x2, 0x3], 0x34, 0x5, 0x7, &(0x7f0000002e80)=[0x7ff, 0x3, 0xf, 0x3, 0xd], &(0x7f0000002ec0)=[0x2, 0x81, 0x5, 0x4, 0x745, 0x7fff]})

1m49.400884079s ago: executing program 1 (id=2293):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r4=>0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r3, 0x1, 0x70bd26, 0x23c, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}]}, 0x1c}}, 0x0)
write$nci(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="71050901a7254502020607037efc0930ea56c4f61cab1d0ff3ff1afaeb118b4f02b892f5cb88"], 0x1a)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4)
mount$bind(&(0x7f00000001c0)='./file0/../file0\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x212409b, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x1014, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x80700a, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000500)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000000000006a0a00ff00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c7d376238975d43a4505f80fc88943c4f0cf08e467b592f868ee30a0e8c1bf176db2a6b2f01806fd3d5707bfd2d84aaa3b1d4e984c46ea7e2a447a36f5662403e1b2be4cc7c2683908a0d411a9872971c7c77f0979b34e1ad837ff0d10b97163c1d6d0e196bf02f46c7953ab1abda45cbe8d0d26b5069f8a98f7dc8f76b74635fc9f9de9ca3c0ec0cb9bf4e418d076df4c7df0a70f2bdf4000000000000b0c2940dd8e263aa743f7555193161f45346b1004006000000e1ffff8816326d7d25c32aac1c7d5b5be399f6609876b5887437a172fbc02a74135b29194e533583412dff048f0000000000000000b2728a0481e9f0da43bb6cfb851cd364ff19ffcafe3e64be033c9d2f002cc93c1c13caec04a347383420336bec88c24a9fb6a6991ddb737d527d6acb15426415b6e8b14fdfa2c6e94bd0339454c13ad3e328a100000000b515a1000000000000000eb2e9c15b6c8f6198282df27badac8500bc7d202e0990"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r6, 0xffff0000, 0xf0, 0xe200, &(0x7f0000001a40)="2b206d074843b397737ea49da2aa", 0x0, 0xf000, 0x720e, 0x0, 0x0, 0x0, 0x0}, 0x48)
ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000080)={0x9, 0x0, 0x0, {0x0, 0x300, 0xe7, 0x80000300}})

1m49.211466619s ago: executing program 1 (id=2296):
ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x400caed0, &(0x7f0000000000)={0x2, 0xffffffffffffffff, 0xffffffff})
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00220f00000054b2000093"], 0x0}, 0x0)
setsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@int=0x4, 0x4)
r2 = syz_open_dev$hiddev(&(0x7f0000000140), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r2, 0x400c4808, &(0x7f0000000080)={0x2, 0x100, 0x20a6})
ioctl$HIDIOCGCOLLECTIONINDEX(r2, 0x40184810, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1m48.879229262s ago: executing program 1 (id=2298):
socket(0x10, 0x3, 0x0)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca0000c441f96ec80fc4c60066400fe2def3ad46c7045300101000f00fc01ec422e10399c5c1202066410f6f15040000000000e1f563df", 0xdc000006, 0x0}, 0x0, 0x8, &(0x7f0000000300))
pipe2(&(0x7f0000000040), 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0, 0x500}}], 0x1, 0x0)

1m48.816525076s ago: executing program 34 (id=2298):
socket(0x10, 0x3, 0x0)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca0000c441f96ec80fc4c60066400fe2def3ad46c7045300101000f00fc01ec422e10399c5c1202066410f6f15040000000000e1f563df", 0xdc000006, 0x0}, 0x0, 0x8, &(0x7f0000000300))
pipe2(&(0x7f0000000040), 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0, 0x500}}], 0x1, 0x0)

1m23.48871387s ago: executing program 4 (id=2134):
syz_emit_ethernet(0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2"], 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x0, {}, [{0x60, 0x1, [@m_ct={0x5c, 0x1, 0x0, 0x0, {{0x7}, {0x34, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x28}, @TCA_CT_NAT_PORT_MIN={0x6}, @TCA_CT_NAT_PORT_MAX={0x6}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x74}}, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r4 = dup(r3)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0xffe0, 0x3}, {}, {0x3, 0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x9, 0x4, 0x4, 0xb, 0x6e}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x4040011}, 0x0)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="82"])

1m16.760798481s ago: executing program 4 (id=2134):
syz_emit_ethernet(0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2"], 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x0, {}, [{0x60, 0x1, [@m_ct={0x5c, 0x1, 0x0, 0x0, {{0x7}, {0x34, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x28}, @TCA_CT_NAT_PORT_MIN={0x6}, @TCA_CT_NAT_PORT_MAX={0x6}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x74}}, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r4 = dup(r3)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0xffe0, 0x3}, {}, {0x3, 0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x9, 0x4, 0x4, 0xb, 0x6e}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x4040011}, 0x0)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="82"])

1m9.687965917s ago: executing program 4 (id=2134):
syz_emit_ethernet(0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2"], 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x0, {}, [{0x60, 0x1, [@m_ct={0x5c, 0x1, 0x0, 0x0, {{0x7}, {0x34, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x28}, @TCA_CT_NAT_PORT_MIN={0x6}, @TCA_CT_NAT_PORT_MAX={0x6}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x74}}, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r4 = dup(r3)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0xffe0, 0x3}, {}, {0x3, 0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x9, 0x4, 0x4, 0xb, 0x6e}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x4040011}, 0x0)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="82"])

1m2.489545587s ago: executing program 2 (id=2568):
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0xc0185500, &(0x7f0000000040)={0x80, 0x100000, "aa2fe1a243fcd9abf29cc3391c06b86f68e7f73d4f0bff9669a8e82040ccb44d75131fb06cade553a6bdc314438ce0af11c38cd724980b087a7a16f9295be0a69db51576e7a06ef6bcabc67b52ba82e73504fa842ec2f0c06bf006f3e5bcdd5057997bf171c60d96a538b02ee9f4b573457498ca09cb417b1fbe6dc3b0c27ab0693ac57aff136748f7740dfc33f3a902b670f8933aec28869e637c18379d6d0b4d844b732cb1932733dfcec2f69f8b6df76ba84e1f001ad29105230471f466b6f9d7d2b05a57fe16e7363e5ecebc2c74539ca55c7ce3a175061adedd20532a9de97379f4dd5baeeae835946311e6e4e2361355c54b3bd500"}) (async, rerun: 64)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (rerun: 64)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="12000000120001000200000000000000100000000c00001700000000000000000f"], 0x30}], 0x1, 0x0, 0x0, 0x20004000}, 0x0)
r2 = dup(r1) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) (async)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async, rerun: 32)
madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x17) (async, rerun: 32)
r4 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r4, &(0x7f00000002c0)=[{&(0x7f0000000280)='2', 0x1}], 0x1) (async)
setxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080)='system_u:object_r:pam_exec_t:s0\x00', 0x20, 0x3)

1m2.489378117s ago: executing program 4 (id=2134):
syz_emit_ethernet(0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2"], 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x0, {}, [{0x60, 0x1, [@m_ct={0x5c, 0x1, 0x0, 0x0, {{0x7}, {0x34, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x28}, @TCA_CT_NAT_PORT_MIN={0x6}, @TCA_CT_NAT_PORT_MAX={0x6}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x74}}, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r4 = dup(r3)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0xffe0, 0x3}, {}, {0x3, 0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x9, 0x4, 0x4, 0xb, 0x6e}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x4040011}, 0x0)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="82"])

1m1.050452665s ago: executing program 2 (id=2569):
bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000040)={[{0x400, 0x100, 0xc, 0x60, 0x4, 0x81, 0x0, 0xcd, 0x60, 0x1, 0xfa, 0x9}, {0x7, 0xc7, 0x7, 0x5, 0xd, 0x1, 0x0, 0x6, 0x3, 0x3b, 0xf, 0x4e, 0x2}, {0x1, 0xfbff, 0x4, 0x1, 0x8, 0x7f, 0x40, 0xdd, 0x95, 0xf9, 0x7, 0x9, 0x3}], 0xa1da})
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="00006003ffffffffffffaaaaaaaaaa3308004500001c00000000bc2f907800001fe1ac1e0101a00086dd000890780f8f3fd8b5919ef39f670650033e54de9a853d7a0418b2e4d05b262a755bc151a560e86903125cbbb4cbb65a2ded594d677e9531f9669d9470ded575156ec89e558bc67a9938fb900720f2b6e651750cfa02c16268069d45886683540d62932b93ca454631e254f093bd95cb9057edca316dcb"], 0x2e)

1m0.937633578s ago: executing program 2 (id=2570):
listen(0xffffffffffffffff, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x8000002, 0x2000}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x4002)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x800)

1m0.010177798s ago: executing program 2 (id=2578):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, &(0x7f0000000280), 0x10)
sendmsg$can_bcm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x7, 0x240, 0x9, {0x77359400}, {0x0, 0x2710}, {0x4, 0x0, 0x1}, 0x1, @can={{0x3, 0x1}, 0x3, 0x2, 0x0, 0x0, "a2b6c6e317f93def"}}, 0x48}}, 0x20000080)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
mkdirat(r2, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x201008, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000001180)='./bus\x00')
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
renameat2(r3, &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r3, &(0x7f00000002c0)='./file0\x00', 0x2)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00'})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r4, &(0x7f0000000000), 0x6)
r5 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, &(0x7f0000000000)={<r6=>r5})
ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, &(0x7f00000000c0)={r6})
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000740)=ANY=[@ANYRESOCT=r1, @ANYBLOB="53423a4b13900f66cc95289d38bea64151e346b057dfbfaebd539580918bd8517a82b2c493533efd09a3e9b5ebd07025470df81ea9462c7ac67fecdacc3b5fcf981fb2786c5e147af24a1bafd91511e4676386d4", @ANYBLOB="aa2f929420c4f119339ef9cc2501c07b4ca5b9283f39ed57bb768ac4d113abf11809fa55b25b0e14f964db178675d8c5260f1e0a390e6fe79c055a8a7c64826661ee65418adc2c3627", @ANYRES8=r0, @ANYBLOB="4e677d0f8225df25677355214d9705f4c51c7b8a0cb77160c1a956f7a67f0892fd5e77d7629b03af00e4d7f384bf066de46bca7f1b7db49052be8fc85f37b5be680e497c97a3992f2854673c1f2e60416822e81c944def70924fc38086131e355ddbb10158908f8858eaf49d79914bf04d7c3d7f3e507f8956117490f6", @ANYRESDEC=r4], 0x38}}, 0x4040)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r7)
ptrace$poke(0x4, r7, &(0x7f0000001040), 0x282d)

59.910899322s ago: executing program 2 (id=2579):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
r1 = getpid()
r2 = syz_pidfd_open(r1, 0x0)
setns(r2, 0x80)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x2010, r4, 0x7b363000)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_COALESCE(r5, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="00000000d360190be7a51d9c2d52aa0f3368ef04d597dcaf60161c06f909fa529beac6bf44db3aa04cd74725b63b3c1e937050814bba37a811a46982305ba7a71aa5cd928db2db686fc18a561df2af2887a84a3a", @ANYRES16=r6, @ANYBLOB="000827bd7000ffdbdf2564000000"], 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x4)
r7 = syz_open_dev$hiddev(&(0x7f0000000180), 0x4, 0x600801)
ioctl$HIDIOCGREPORT(r7, 0x400c4807, &(0x7f00000001c0)={0x1, 0x2, 0xfffffff0})
syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="0403000000192007000000000000008a49480bc2ed8b6356899e3bc423c9a1a532a6644e38f83d4d2a647e8534d374549fa51afa5597eb10f6af3a64f9ed4d9883df981b44431cace8c9de705cef66cfb479d1c0ec31760a0ec07a18a8461fe20008000076c00a068ddd87b8847ffbda37962812610ddb62e489eb4dab7931c5140e95249ba63a61d3036c3ca0075bb7ca164515d8532df4bff8e2"], 0x7)
symlinkat(0x0, 0xffffffffffffff9c, 0x0)
r8 = accept4$packet(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x80000)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
sendto$packet(r8, &(0x7f0000000100)="e24730", 0x3, 0x10001, &(0x7f0000000440)={0x11, 0xf8, 0x0, 0x1, 0x80, 0x6, @local}, 0x14)
r9 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000480), 0x10000, 0x0)
pipe2$9p(&(0x7f00000004c0)={0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x80040)
r11 = syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0)
r12 = syz_pidfd_open(r11, 0x0)
syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[], 0x0)
ioctl$F2FS_IOC_GET_FEATURES(r12, 0xff06, 0x0)
syz_emit_vhci(0x0, 0x0)
syz_genetlink_get_family_id$devlink(0x0, r9)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r9, 0x0, 0x4000000)
write$P9_RREADLINK(r10, 0x0, 0x0)
ioctl$IOMMU_IOAS_MAP(0xffffffffffffffff, 0x3b85, 0x0)
ioctl$sock_inet_SIOCADDRT(r4, 0x890b, &(0x7f0000000300)={0x4000000, {0x2, 0x4e22}, {0x2, 0x0, @local}, {0x2, 0x0, @broadcast}, 0x201, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x0, 0x10000000000003})

59.377420709s ago: executing program 2 (id=2584):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb09587", 0x4b}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f00000006c0)={0x254, r3, 0x100, 0x70bd26, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_TX_RATES={0x23c, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x28, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xc, 0x1, [0x18, 0x2, 0x2, 0xe, 0x36, 0x4, 0x24, 0x36]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0x1, 0x2, 0x5, 0x48, 0x48, 0x4, 0x30, 0x24, 0x24]}]}, @NL80211_BAND_5GHZ={0x14, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_60GHZ={0xd0, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x24, 0x2, [{0x4, 0x2}, {0x3, 0x4}, {0x3, 0x2}, {0x4, 0x8}, {0x4, 0x2}, {0x4, 0x5}, {0x6, 0x3}, {0x4, 0x8}, {0x1, 0x2}, {0x5, 0x4}, {0x7, 0x8}, {0x6, 0x5}, {0x6, 0x7}, {0x0, 0x6}, {0x1, 0x8}, {0x6, 0x5}, {0x6, 0x3}, {0x3, 0x2}, {0x6, 0x8}, {0x6, 0x9}, {0x3, 0x6}, {0x4, 0x2}, {0x7, 0x6}, {0x3}, {0x3, 0x6}, {0x1, 0xa}, {0x7, 0x2}, {0x3, 0x6}, {0x0, 0x5}, {0x0, 0x8}, {0x1, 0x3}, {0x5, 0x8}]}, @NL80211_TXRATE_HT={0x2e, 0x2, [{0x5, 0x3}, {0x3, 0x4}, {0x5, 0x2}, {0x5, 0x3}, {0x1, 0x8}, {0x1, 0x6}, {0x4}, {0x4, 0x2}, {0x1, 0xa}, {0x7, 0x9}, {0x4, 0x1}, {0x0, 0x8}, {0x2, 0x5}, {0x0, 0x6}, {0x0, 0x3}, {0x2, 0x8}, {0x7, 0x2}, {0x6, 0x8}, {0x0, 0x1}, {0x7, 0x8}, {0x2, 0xa}, {0x6, 0x2}, {0x5, 0x1}, {0x3}, {0x2, 0x7}, {0x7, 0x4}, {0x3, 0x8}, {0x7, 0x8}, {0x2, 0x7}, {0x1, 0x3}, {0x3, 0x8}, {0x0, 0x6}, {0x2, 0x5}, {0x6, 0x4}, {0x7, 0x7}, {0x7, 0x6}, {0x1, 0x3}, {0x4, 0x4}, {0x1, 0x9}, {0x2, 0x9}, {0x7, 0x5}, {0x6, 0x4}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x6, 0xd, 0x2, 0x4cb4, 0x7, 0x1ff, 0x3, 0x8]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xf802, 0x3, 0x2, 0x1, 0xcc96, 0x800, 0x72a, 0x200]}}, @NL80211_TXRATE_HT={0x10, 0x2, [{0x5, 0x9}, {0x4, 0x1}, {}, {0x1, 0x5}, {0x0, 0x5}, {0x2, 0x7}, {0x5, 0x7}, {0x1, 0xa}, {0x0, 0x9}, {0x2, 0x4}, {0x6, 0x1}, {0x5, 0x1}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x4, 0x4, 0x4000, 0xf088, 0xff00, 0x2, 0xfe01]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x3a3d, 0x8ed2, 0x8000, 0xfff2, 0x6, 0x8, 0x6, 0xa]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_60GHZ={0x6c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x8, 0x1, 0x3, 0x400, 0x9, 0x7, 0x5]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x80a, 0x2, 0x7f, 0xbb2, 0x5, 0x80, 0x4]}}, @NL80211_TXRATE_HT={0x2f, 0x2, [{0x2, 0x7}, {0x5, 0x1}, {0x2, 0x8}, {0x1, 0x8}, {0x3, 0xa}, {0x7, 0x8}, {0x3, 0x9}, {0x1, 0x8}, {0x4, 0xa}, {0x5, 0x9}, {0x1, 0x9}, {0x1, 0x7}, {0x1, 0x6}, {0x3, 0x9}, {0x0, 0xa}, {0x7, 0x8}, {0x7, 0x4}, {0x2, 0x8}, {0x1, 0x1}, {0x0, 0x6}, {0x6, 0x7}, {0x1, 0x3}, {0x2, 0x5}, {0x1, 0x1}, {0x4, 0x4}, {0x6, 0x9}, {0x2, 0x2}, {0x2, 0x2}, {0x1, 0x1}, {0x6, 0xa}, {0x3, 0x7}, {0x7, 0x6}, {0x1, 0x9}, {0x3, 0xa}, {0x0, 0x6}, {0x3, 0x8}, {0x6, 0x7}, {0x4, 0x4}, {0x6, 0x9}, {0x4, 0x9}, {0x0, 0x3}, {0x3}, {0x1, 0x9}]}]}, @NL80211_BAND_2GHZ={0x58, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x30, 0x2, [{0x3, 0x4}, {0x5, 0x9}, {0x7}, {0x1, 0xa}, {0x6, 0x5}, {0x4, 0x6}, {0x4, 0x6}, {0x2, 0x2}, {0x1, 0x3}, {0x1, 0x1}, {0x7, 0xa}, {0x1}, {0x4, 0x2}, {0x6, 0x9}, {0x7, 0x3}, {0x4, 0x7}, {0x5, 0x3}, {0x3, 0x3}, {0x2, 0x9}, {0x0, 0x1}, {0x2, 0x2}, {0x2, 0x5}, {0x1, 0x4}, {0x4, 0x3}, {0x2, 0x2}, {0x3, 0x2}, {0x3}, {0x4}, {0x5, 0x7}, {0x7, 0x2}, {0x4, 0x1}, {0x7, 0x4}, {0x1, 0x7}, {0x1, 0x4}, {0x6, 0x3}, {0x3, 0x8}, {0x6, 0x7}, {0x3, 0x7}, {0x3, 0xa}, {0x0, 0x3}, {0x2, 0x6}, {0x3, 0x6}, {0x6, 0x1}, {0x3}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x2, 0x3, 0xffe8, 0x401, 0x101, 0x5d3d, 0x2]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_2GHZ={0x40, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x0, 0x6, 0x2, 0x204, 0x7, 0x7, 0x2aa]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_60GHZ={0x28, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7d3e, 0xe7be, 0x8, 0x1, 0x1000, 0x1, 0x4, 0x7]}}]}]}]}, 0x254}, 0x1, 0x0, 0x0, 0x4}, 0x20000000)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

59.309130548s ago: executing program 35 (id=2584):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb09587", 0x4b}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f00000006c0)={0x254, r3, 0x100, 0x70bd26, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_TX_RATES={0x23c, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x28, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xc, 0x1, [0x18, 0x2, 0x2, 0xe, 0x36, 0x4, 0x24, 0x36]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0x1, 0x2, 0x5, 0x48, 0x48, 0x4, 0x30, 0x24, 0x24]}]}, @NL80211_BAND_5GHZ={0x14, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_60GHZ={0xd0, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x24, 0x2, [{0x4, 0x2}, {0x3, 0x4}, {0x3, 0x2}, {0x4, 0x8}, {0x4, 0x2}, {0x4, 0x5}, {0x6, 0x3}, {0x4, 0x8}, {0x1, 0x2}, {0x5, 0x4}, {0x7, 0x8}, {0x6, 0x5}, {0x6, 0x7}, {0x0, 0x6}, {0x1, 0x8}, {0x6, 0x5}, {0x6, 0x3}, {0x3, 0x2}, {0x6, 0x8}, {0x6, 0x9}, {0x3, 0x6}, {0x4, 0x2}, {0x7, 0x6}, {0x3}, {0x3, 0x6}, {0x1, 0xa}, {0x7, 0x2}, {0x3, 0x6}, {0x0, 0x5}, {0x0, 0x8}, {0x1, 0x3}, {0x5, 0x8}]}, @NL80211_TXRATE_HT={0x2e, 0x2, [{0x5, 0x3}, {0x3, 0x4}, {0x5, 0x2}, {0x5, 0x3}, {0x1, 0x8}, {0x1, 0x6}, {0x4}, {0x4, 0x2}, {0x1, 0xa}, {0x7, 0x9}, {0x4, 0x1}, {0x0, 0x8}, {0x2, 0x5}, {0x0, 0x6}, {0x0, 0x3}, {0x2, 0x8}, {0x7, 0x2}, {0x6, 0x8}, {0x0, 0x1}, {0x7, 0x8}, {0x2, 0xa}, {0x6, 0x2}, {0x5, 0x1}, {0x3}, {0x2, 0x7}, {0x7, 0x4}, {0x3, 0x8}, {0x7, 0x8}, {0x2, 0x7}, {0x1, 0x3}, {0x3, 0x8}, {0x0, 0x6}, {0x2, 0x5}, {0x6, 0x4}, {0x7, 0x7}, {0x7, 0x6}, {0x1, 0x3}, {0x4, 0x4}, {0x1, 0x9}, {0x2, 0x9}, {0x7, 0x5}, {0x6, 0x4}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x6, 0xd, 0x2, 0x4cb4, 0x7, 0x1ff, 0x3, 0x8]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xf802, 0x3, 0x2, 0x1, 0xcc96, 0x800, 0x72a, 0x200]}}, @NL80211_TXRATE_HT={0x10, 0x2, [{0x5, 0x9}, {0x4, 0x1}, {}, {0x1, 0x5}, {0x0, 0x5}, {0x2, 0x7}, {0x5, 0x7}, {0x1, 0xa}, {0x0, 0x9}, {0x2, 0x4}, {0x6, 0x1}, {0x5, 0x1}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x4, 0x4, 0x4000, 0xf088, 0xff00, 0x2, 0xfe01]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x3a3d, 0x8ed2, 0x8000, 0xfff2, 0x6, 0x8, 0x6, 0xa]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_60GHZ={0x6c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x8, 0x1, 0x3, 0x400, 0x9, 0x7, 0x5]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x80a, 0x2, 0x7f, 0xbb2, 0x5, 0x80, 0x4]}}, @NL80211_TXRATE_HT={0x2f, 0x2, [{0x2, 0x7}, {0x5, 0x1}, {0x2, 0x8}, {0x1, 0x8}, {0x3, 0xa}, {0x7, 0x8}, {0x3, 0x9}, {0x1, 0x8}, {0x4, 0xa}, {0x5, 0x9}, {0x1, 0x9}, {0x1, 0x7}, {0x1, 0x6}, {0x3, 0x9}, {0x0, 0xa}, {0x7, 0x8}, {0x7, 0x4}, {0x2, 0x8}, {0x1, 0x1}, {0x0, 0x6}, {0x6, 0x7}, {0x1, 0x3}, {0x2, 0x5}, {0x1, 0x1}, {0x4, 0x4}, {0x6, 0x9}, {0x2, 0x2}, {0x2, 0x2}, {0x1, 0x1}, {0x6, 0xa}, {0x3, 0x7}, {0x7, 0x6}, {0x1, 0x9}, {0x3, 0xa}, {0x0, 0x6}, {0x3, 0x8}, {0x6, 0x7}, {0x4, 0x4}, {0x6, 0x9}, {0x4, 0x9}, {0x0, 0x3}, {0x3}, {0x1, 0x9}]}]}, @NL80211_BAND_2GHZ={0x58, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x30, 0x2, [{0x3, 0x4}, {0x5, 0x9}, {0x7}, {0x1, 0xa}, {0x6, 0x5}, {0x4, 0x6}, {0x4, 0x6}, {0x2, 0x2}, {0x1, 0x3}, {0x1, 0x1}, {0x7, 0xa}, {0x1}, {0x4, 0x2}, {0x6, 0x9}, {0x7, 0x3}, {0x4, 0x7}, {0x5, 0x3}, {0x3, 0x3}, {0x2, 0x9}, {0x0, 0x1}, {0x2, 0x2}, {0x2, 0x5}, {0x1, 0x4}, {0x4, 0x3}, {0x2, 0x2}, {0x3, 0x2}, {0x3}, {0x4}, {0x5, 0x7}, {0x7, 0x2}, {0x4, 0x1}, {0x7, 0x4}, {0x1, 0x7}, {0x1, 0x4}, {0x6, 0x3}, {0x3, 0x8}, {0x6, 0x7}, {0x3, 0x7}, {0x3, 0xa}, {0x0, 0x3}, {0x2, 0x6}, {0x3, 0x6}, {0x6, 0x1}, {0x3}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x2, 0x3, 0xffe8, 0x401, 0x101, 0x5d3d, 0x2]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_2GHZ={0x40, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x0, 0x6, 0x2, 0x204, 0x7, 0x7, 0x2aa]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_60GHZ={0x28, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7d3e, 0xe7be, 0x8, 0x1, 0x1000, 0x1, 0x4, 0x7]}}]}]}]}, 0x254}, 0x1, 0x0, 0x0, 0x4}, 0x20000000)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

52.46904316s ago: executing program 4 (id=2134):
syz_emit_ethernet(0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2"], 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x0, {}, [{0x60, 0x1, [@m_ct={0x5c, 0x1, 0x0, 0x0, {{0x7}, {0x34, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x28}, @TCA_CT_NAT_PORT_MIN={0x6}, @TCA_CT_NAT_PORT_MAX={0x6}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x74}}, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r4 = dup(r3)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0xffe0, 0x3}, {}, {0x3, 0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x9, 0x4, 0x4, 0xb, 0x6e}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x4040011}, 0x0)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="82"])

45.108645435s ago: executing program 4 (id=2134):
syz_emit_ethernet(0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2"], 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x0, {}, [{0x60, 0x1, [@m_ct={0x5c, 0x1, 0x0, 0x0, {{0x7}, {0x34, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x28}, @TCA_CT_NAT_PORT_MIN={0x6}, @TCA_CT_NAT_PORT_MAX={0x6}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x74}}, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r4 = dup(r3)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0xffe0, 0x3}, {}, {0x3, 0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x9, 0x4, 0x4, 0xb, 0x6e}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x4040011}, 0x0)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="82"])

33.089685379s ago: executing program 5 (id=2843):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000005b80)={{{@in6=@remote, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x7}}, {{@in=@dev={0xac, 0x14, 0x14, 0x1d}, 0x0, 0x6c}, 0x0, @in6=@empty}}, 0xe8)
syz_emit_ethernet(0x3e, &(0x7f0000000500)={@local, @random="f368656e065b", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, @time_exceeded={0x4, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @dev}}}}}}, 0x0)

33.089338391s ago: executing program 5 (id=2844):
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r0=>0x0]}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000080)={<r1=>r0, @in={{0x2, 0x4e24, @multicast1}}, 0x6, 0x7, 0x4, 0x1, 0x0, 0x5, 0x2}, &(0x7f0000000140)=0x9c)
r2 = dup(0xffffffffffffffff)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000180)={0x9, 0x7ff, 0x4, 0x8, 0x7fff, 0x7, 0x6, 0x2, r1}, 0x20)
bind$alg(r2, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-aes-aesni\x00'}, 0x58)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000280)={@mcast2, <r3=>0x0}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route_sched(r2, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=@newtclass={0x38, 0x28, 0x8, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0xffff, 0x10}, {0xc, 0x4}, {0x8, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x28}}, @tclass_kind_options=@c_clsact={0xb}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4004840)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x6c, 0x0, 0x1, 0x801, 0x0, 0x0, {0x5, 0x0, 0x2}, [@CTA_NAT_SRC={0x58, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @loopback}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}]}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @multicast1}, @CTA_NAT_PROTO={0x2c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}]}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x8880}, 0x24000000)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r2, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x54, 0x0, 0x10, 0x70bd2a, 0x25dfdbfe, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x2211a334}, {0x6, 0x16, 0x100}, {0x5, 0x12, 0x1}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000000}, 0x873a6357f7f83faf)
getsockopt$IP6T_SO_GET_INFO(r2, 0x29, 0x40, &(0x7f0000000640)={'raw\x00', 0x0, [0x5, 0x2, 0x2, 0x5, 0x101]}, &(0x7f00000006c0)=0x54)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000700), 0x14f4c0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000740)={r4, r2})
close_range(r4, r4, 0x0)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r5, 0x84, 0x76, &(0x7f0000000780)={r0}, &(0x7f00000007c0)=0x8)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000840), 0xffffffffffffffff)
sendmsg$NFC_CMD_FW_DOWNLOAD(r6, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x34, r7, 0x200, 0x70bd25, 0x25dfdbfe, {}, [@NFC_ATTR_FIRMWARE_NAME={0x6, 0x14, '%-'}, @NFC_ATTR_FIRMWARE_NAME={0x7, 0x14, '@@*'}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x8010}, 0x20000800)
sendmsg$NFC_CMD_GET_TARGET(r6, &(0x7f0000000a00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x14, 0x0, 0x1, 0x70bd2a, 0x25dfdbfb, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x24048800}, 0x100)
r8 = pidfd_getfd(0xffffffffffffffff, r2, 0x0)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r8, 0x4068aea3, &(0x7f0000000a40)={0xbc, 0x0, 0x3})
sendto$packet(r2, &(0x7f0000000ac0)="5e77630a3ecd6ce0827d521c9a39e019c4182a0e57dfeba1ce8758dfd5841b2537e9961e5e69034353713a020e0dabcd1e43d5acdd482059e16a88371aa52747b19ea442a1c1084f0aec2c17628e6d4da043d232a20fc21df3f91633f78712a63949b1c9ccf55671738d08ed03d5ad2213c033eb5cdc6bf27d57a35b29bfc9b8d251960eb34a7db8df9a17a34d0772f95f6d1e9207", 0x95, 0x4000, &(0x7f0000000b80)={0x11, 0xf8, r3, 0x1, 0x5}, 0x14)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r8, 0x84, 0x13, &(0x7f0000000bc0)={r0}, &(0x7f0000000c00)=0x8)
r9 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000c40), 0x2, 0x0)
setsockopt$inet_sctp_SCTP_HMAC_IDENT(r9, 0x84, 0x16, &(0x7f0000000c80)={0x1, [0x0]}, 0x6)
r10 = getpgid(0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000cc0)={0x0, <r11=>0x0})
r12 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0)
kcmp(r10, r11, 0x2, r12, r8)

33.088698162s ago: executing program 5 (id=2845):
sched_setscheduler(0x0, 0x2, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='htcp\x00', 0x5)
r1 = socket$nl_route(0x10, 0x3, 0x0)
openat$vmci(0xffffff9c, &(0x7f0000000080), 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00'})
r3 = syz_usb_connect$hid(0x2, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x319c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f0000000400)={0x2c, &(0x7f0000000100)={0x0, 0x23, 0x2, {0x2}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
shutdown(r0, 0x2)

31.320255906s ago: executing program 5 (id=2868):
r0 = syz_open_dev$swradio(&(0x7f00000001c0), 0x0, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r1 = open(&(0x7f0000000580)='./file0\x00', 0x181242, 0x1df2a23c5997fa5f)
read$FUSE(r1, 0x0, 0x0)
r2 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs$namespace(r2, &(0x7f0000000300)='ns/ipc\x00')
statx(r1, &(0x7f00000003c0)='./file0\x00', 0x6000, 0x100, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000400)={0x0, 0x0, <r4=>0x0}, &(0x7f0000000440)=0xc)
lstat(&(0x7f0000000500)='./file0\x00', &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000009c0)={{{@in=@local, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in=@loopback}, 0x0, @in=@remote}}, &(0x7f0000000ac0)=0xe8)
ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000001040)=@multiplanar_mmap={0x7f, 0x9, 0x4, 0x8, 0xffff, {}, {0x5, 0xc, 0x9, 0x6, 0x9, 0x62, "6f9e0bf8"}, 0xd, 0x1, {&(0x7f0000000fc0)=[{0x8000, 0x5, {}, 0x7}, {0x4, 0xd56, {0x10000}, 0xb80}]}, 0x8, 0x0, r1})
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r7, &(0x7f0000006380)={0x2020, 0x0, <r8=>0x0, <r9=>0x0, <r10=>0x0}, 0x2020)
write$FUSE_INIT(r7, &(0x7f0000000040)={0x50, 0x0, r8, {0x7, 0x1f, 0x0, 0x1204020, 0x1, 0x3}}, 0x50)
r11 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x24c01, 0x0)
write$FUSE_ENTRY(r11, &(0x7f0000000340)={0x90, 0x0, r8, {0x2, 0x0, 0xa, 0x0, 0x800, 0x7, {0x5, 0x6, 0x7ff, 0x5, 0x51b5, 0x4, 0x1, 0x7fffffff, 0xf5, 0x6000, 0x9, r9, r10, 0x6, 0x3e}}}, 0x90)
r12 = geteuid()
fstat(r0, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, 0x0, <r13=>0x0})
read$FUSE(r1, &(0x7f0000004080)={0x2020, 0x0, 0x0, <r14=>0x0}, 0x2020)
fstat(r0, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, 0x0, <r15=>0x0})
syz_fuse_handle_req(r1, &(0x7f0000002080)="b1c7be372de0a5f340dbb71218b3ff2f138207c2eebc07051073ddb8122f7eb3cfa4c8072d089417ba2a440ee032f4fb81b7b0e626567105c3bd07db6182bf31cfd9c7176f83a66fdda371b0440e902b7a213db9d5b34e9d3d25ec1d95fbfceec3cd5ad8d6ae7491304487a2a89c3f1bd29d0e2918d3b155f67e8595f38d49abae8b290e5a9613f5861ecfc4f14e635c9036589de61837ab5ad3ceef5ddeab08767d304d09037b6c78f3cec2adcc9b37311aae000e136ec8d579d78864547b52112e93945116511b2ba0f5bf64a89be3906f921c123cb9c05fd40c8ea02c08041fc145a445262e1f5c6380a076b1de028a22e749b268e957999e0d582d2d223c5824459932df413e86a80952aed6e024bfb5b0fef7cba8a8d5fd69e4b839e9cc2282bf8c62ada450138c331b97c4e9c4b1fac0387f009d2054ffef5da10dfee7301943ed629452a013037fdeb0bc0e0a254eaceec55eb86ecaed5fb05e3060e2dbc1c99794bb20600233d49b8ad820b97b3abe367c45f1588e4bee7d95126ef38284709f6c72cb7bc203d6a20bbe32dfaa8f7f1ea57f09b77792a02f5a3d070d54c8e127474a0bc377cbe0e60317926376a49cc8a04baf176efb1a98dba4b42d6a78b9ff7512abd3da2a8557eba3ada5d82863a1f9e3cb45e5f1e881e2eabe5b0b1dfc297c8c84438201af224e23cd94a061d4c795576e2b16cef708aa3934218df374202a8b72d92529b2885cc29d6eb0e050ca4a5ef8ba05a5d33b671cca945e6076375bd9c08b1437803c7fe89d64d784db7b375e18b53b8a30746b92fbb1cd9643d1bf3c6a7563f601fd8e0c73a303beefcc1b60f165e54bc30864da38c0d2e486dacf6b51f84982ff77645d607464e384b8549bc131d4e0ece6ca088bf05e4441ec3f105cab82d35aceaf890defab336b96f6de778e39cade3724cbf002b872a7efa24cefe65be843e53dea68812f9281b6db96e849e964e976e2ff065630d17c737714dce05cf69dc2341abf86cb78a2d2d32668a1515fc078e5344f5b300237bd370cd85263b4b5dad046464e9163bbe341b438df1651f00c01fa2c4412d0aeddcb11c3e71fe491a4d44570663b3cf3823499534752fdb116ddd814ae9d4375a1e19b79245bfb6438e302005b04f17d88741599206021c5216988edbd261d2820a2667d7419bb2ba7254a9586d3b4e0f539a9940313704e2e2bb149cbc7495821ab5c9e780def9d72df45fef77682e27ea5771327f6b267b7b04e2a82f62470e665f9ecd5be07fb83aab3cd3dea1f7cc0eddd31b0aa7230fbdcad713e09ee20cd2b497e8a92b9a98ff433d6155064606c4d5bbab9d3ba99a1169dcc4442f82a1571fcf6ea7dbdff744f02b88290ef07f8b8686c6b2b4a7332d4a30e420b3b180f449fa22ba52702cc371813faebb020dd3d40c450e403e31017d7539b16728b022d4d78afaaf737f324945ea2e8af984e287a2832e2397c6c488972dbdff43b6895df6c2e72d7549dba8a7decd700e46e84ace15f15437d4722a25d0b79011af915f8581b210f441445371d8d1efae4be771092934210c4d5e05a6b227947d40a81ac82b92cc5f9abf0c820f9ac1714a280a416a41de02a048faad95d58edba3e576602285f77efe7a04eb30207d19fa7447daf2760ef7c6716a6649ad32ef03cfd585294a6ac70bf084f5174fcf8bb3b2d1dae64d656c10d692cf3a8f9d63f30d89f54043cd232fefe76113127c6b07fb1332ecbca69a3ca7cdbf316c6d1dc47091413ef3e861923bce292b97577d20fedbb2ddbf5845f2698271acc6c939fc32a2c27203928e920fa8059822d9829679816976114946d19f32bea8e7365220f63045a84287ffcb18708103d5481c60e8ffe80be8d33503ad10ae6aeee0fbd1b7b5dfe4413cb1d4d8d68f1ef6f34e45cae4dd76f6c121b450f717c2f5dccd7b0cf3bf8b178d4b5991a51c1a65f6cca08a4d5f3d4b6dedcd6840477bd3d21b9f53efac872a081180e078f05de4ed5762e53f086624a2499586f8d0bda1f2ff2410ec2f1c8e38b97a1b1ab2c374eb32429e5915b6505f5da9b70521b19be551a6698cc95bc5373c8a15268236a2bdb55e4a7ebc64bb7a38ae34c29f8075597ad16789d09ecd2c6ed4e7e4a18dd354292c9243ac4be616e82f5d12e209ca89644fd586c46c0949f1353596f3d6b31cd00ed1fe5e6fadad2c9ffbec7c59c7b58ad9b638f00141e1308bc1cabad7a7e7b5dda77cf6f86cf9cb2d154954a1b796c910aad312926e68fff8853e504d15e0fedfa5c40aee348f6db3525e1030862fb3612aa26fd8266a40640da6d1464def51b002bf86ddaebf441fd228d2ca09b9ad560e8110366ac0b7b966102f14fbd228f3ea11f59deb51dc93bb1649a7edf69cf8b27ac0ca8728e39de8f8c1a29d404ee6952a05634d8a76178fc1ccea57f23bea5d5674b882bffa1cb64904cc730d2f89b0baf71b29c7e78574b2cc57c57e51aac4aaa1426c2a68a2a31ff2b00d9f53ff19327c469dc4e2d04f5e3e4ec0b257e8f2177cf6b6ad22d8a4422a31d9564d2721a07d01c1656ad7c7f4d17374170fdd88c73e923cd0dd0c876d0f8ed632bd75ece915aca7dc2de85970fc2734c5ac367ee8bbfad0ce8c06fb3e74fc0924b7b7ec6db0c1faa45b698b06db27065fed317278360e70b3117d6b67e6431a08b62cf2841871117d4bef96cc4fc88ca00057e04867d965ae7a6c80632cb812261a9655e69cf9199fd464ca147b0df5e7b3e0b9b9f646daad36b56a3a2540ab3c4c67dd9ff1c79bb8dd4494f0cbb78f6acb4bea54a52ce098d407cc9bdc22d124a2c637bc93c026607d525cfdc4e89e8eac73696d3211134b58c7fe7510b1451cd146d9dd10d5e4b5bfffab83cd94a2fcb364eb485efa7f473f0deaf211a33a0304f64217ddcd561456d9edd603b6173b0ca6a3fafc32390def7ffe5a3b843139754a5c453bea1c658f01df16fd74e85104150fcd77e2d916b115ccfb0edf8b6de24e8a2b34a201c8fdd919dd483f757d748d4ea0d9ca1bebe981007edd8e33d65ebf2fd0e7e3bbad431d69d7b1adf894e26c55e2955a5252090daa5193e7b0328db7d4e740c4c320cb8fb5d514e44eeb36c5796878fb52199859932a5190fef4c769a4b4a82ac6386089038a7aab605ead770a3d682821dc2ceaeb763719a6e11ace0b612253ec34a8b6309f65e5dc8e8aa14747e30e80de19e3727c12b0bac78286856efb2d62ffdf03ee482cfeb7e21583b1aa97a7fed84398f86d366ae4e1e3589ef0abac84f56ebedfb7ec79a575ed525cb6c0608d40210d22f29276c336b4bd619b16260a10936422cab200f282d439f4fd87980475182221d1c6fb143c402d578c1415a7cbe6f063fb49cf91e356e455f721fb5f34a1922b340f1195b294a63dbbb2ab2f76b3b185e1f241a533b3d7865e7314b488b9ca7a696687d0b61adf557b8f4d36803a528ea688d8bd6c78fca090d211934f27b6ce2ac12e18f6a323233a3a73afad7323507e5157e0dc2639d1dac318dde7b5cbe0f9cd84b4167b900b22be89956dbbb3a73b3eb3b9b738fb16633a87f266a129296d57781bf724d087e430fc9e6542e3f7ed8a18987ea83c408ba5c5ca99a5494e0388c83b0459e323b3622360dc1ce899b424b5c5b03dcdad442d8c35690d2b4aabdabd9e483c250ef086f6c10aa28e0ae7db31056fba2e1aa3ac296162e891e9338bf72dc3d9be0715d37c4dc474b3b5ff6669f7c7a13b65b676835cd6c9d1f275ae83c296e998fc33c4781fa60e8f782efa165c926948a139edeba91ee6b20bc166237b1a8e002cc2488f7a339a88e177ee4ed8e4db2a9ccd5e6853f796075d8d8614369faaf327e532e3ea91284194066a469b9d83e1d3fcf4465f893e73923e0c853e4f9b561ab9ce7ec621052fa3a297b629a682d172907d10db9e7b66154b12fef6376f1dd257380db8cdf6570e3e51a65352bc9e3900df930636bed61e598e790d5fd84ce0e8b67c0e3b22a8c3b8bef916d87b64208bdb93ff8dc7085ec0cdcb96e08e493edf9809c0ee1f3dbab091b74c28f9836cf1ff17d4eaee150a1d9895f887f64f8d15c11f193076c6da063233e933579b589ebdd244916d6d20ec5a5b5bdb10402c11530b88cb859989deff53f9bff9364fcc9441c830a331720aa5bd5d014fdae3b75ff80c4c83198cbdc258b65f54830db46a5d049265bc6aa862f28b290222a6b0d306244ae7f9f2974d27f78d73f0ea49d082188c3343859327f0093043b19d96a813cd133ac455948fa1c8f22711a48dce73077ffb7f891a3a786c4475d84d01ddb39115f0fa1cae13d05b6f240fbea478db4ce084b481df5c6a9cf675efd873748f40895a1f546fa17f553399aa27b4019453c4071392813d730f82687686df157101bb316e339d847782dfdb94ac79579a60620738ab1228adae60f97167adfe9d7d17dee6028426310490b436cb32eb9bb8be89b4da62ce6d3833267b4ecac21ebe6179f71145a2200b99a8bd8449ad986485e6d045649c9d9c35d50836c6b3654c7acebe195d3bab2d172f6a7e8fe0b15ae4de6c4d08b4e02c800d5b98e120a81179562babc1125aba3c6477d91d443fdcfe2cea7fa11b0fbed1267024aec1f038271bab727fb974927278e4eb8b724132b3d53685bbb80acc56f243e3fd0d48b69208dcf76769135d376f1295ab7a31ab372d4e8792b25a6ff6624bf4e188636c652218caec25f80820e859ecccc9d4087efcfc5d50f4efbef089a463e622c7b558e3bac63a3767199253eb1703ffe10f7d2156b9568c7aaee1fdbdfbe477105856b91576fcb88bf06b0f22824730f4d43bfdfd3f810d3390dceda52f81bef9d6db674d6d895bd535b39747071a5eb19c7569c8b7df11490089d2e79d1c536e7673c3a180d72bd8b695b931fa25ee88403a8fc8cbb1e324232356bc704faef9f1c1bbb8628f4cae13741b55fa46b375497ed67708062c7e35da8c80893c28ccfb6297a6b96ef504cfb817663cc8f08a30eb589da6183d1685d24d5cac4b838e9db5cd51f458146e5a20da0ff84e4a01eb2c4e63755a69f43c6f6a05c378b19e7c93311fd5d4caa9e7e3f75c95c573a0ef9fb8a7bbf2ec3f284be285e084e086e743335280dd02cdd1d6023e3232692a47a0d87cc4f0b2a3ab8f6aa0fce4b7810700773df4cd26d7e9d2f1ac6274cfb3f0dd1b3af4c3675582764ad7a5f6d6818e2e4b425ce0f062673a871559311602cdddff09ceaafc6b57ae3a2e261c9b507cdde3ad563c56a428ec2e8f50e4a6b3d07dbc6eb3b984ca49a00720efe8c35b902f10925cf1f2f7c4e76a21ff6beb57b87b76861b20ec84d149ff5a20bc6561d6c365e7ccba263807de9800da26c48d42e232dd1b560c914a94b04e3ce02e3cf4ff9971eae1c36a2db53ccbec8d0cde736c120a6aa93830fe578c72e128f65b7b3147fa3497b5242090d7332307b89e8c997da0c0f0e4798b0e542c0b57b5abc80b3b3b2775777ea19120de1162d6133abc89c91e48d7cf24d429e62b3f8b2fbc508dcfe42e040fdb0aa2005c672662b8244f0ed0a72786de4c2ee69dfad82c2912e5d6271abb6f766ad027946fcadf007b2a989351c0af52f0eefb0b8c08db6ba188b544061215fdbb995122160daadd9e249cf3e2b70586269a2a73c8050f1a8993236b7c45853548d2997820ed97878e1c50135a2583d4a29c89a3ae55b2332fc8e41f670622487880f6747f7e01e7409c2dc6edf336c1eac6252d2d953b011683c3b4372eb326f3d6aa742b686e7784b86523de15f68d8461bd0b8b870ea02f248499b7475bb509bd76b9a49e3fda51b85ff06105eafebd21507f4bc4b3f11440271fb605a421a27480e4fbd1e6971098e153548bfd50fefdcd1994e163d8f81e7e1122b721f00ed412346541664c0ac3f32a4e12406f350065790df592f5f94424d39b511f7ac598b4bc119bc7cbe1caa1d91349e3ab58e0c0ac84e6b22243ddab75962fa285652f113d64a6507c442e4db5f6a9bda5585c8635e9a704ab54cc295a1aba90d887c30c9f338bf5dc25c487f6c2c1c7fb701078804ea26bc5d2d0693113bc9cce6bb7f5cab9b113803239979f1bd26dd072a6b7031fdffadfcaede25a2d822c12f07a1709d3e165b8bd75477d390178533e24b6933777089d8817155726c5daede7a66118f6e34f7a26b53fb5763c2895a463de332f1674f33049850a26991dc986be0b8733c9179633f16b8d2c474038e1f0b1610338d6e6208273d316ceb9a29dcaea5a167364dfeb0289275963a5897c71c54b2ac0cc978405089aef6242e14678336d319c823c63aa0515b814dc1dcee1940c71cd53c3071ce2174091fb74dc26f22372a8216eac0cebf44d654476af4b4a40b89462b10a14026bb9f684c84768a8fd6c4c6f38ea53acd081a188dd077e60f7776fb518c20bfba2b2224832dba7b4d85b2da2e6e06b63cb01c31f8dad66b371c3852cc508e77d9da121c01969c3c8cd00babd890457d1c501231842bd1aedef0ed2fbff4be0d0b3b2be36b135c7acd770cefe96a9e83a6f8caaaa7d7a714a0f7ea9266f431ac4a6bba884a1269ae85db120fdb58f5e10630d6d5b088fabeb291c7eca2e1a07a592abdf7e440f8c64dcd971a06bae95b641e91d4c3e145ad675d1151383f47fac306ea518bf36f33b79e95a9b1e5fe4057990da50f00296e77f31e58da68c9ab9cb2b5c467e924fd69fee6854645be87046a34de2fa72a9409714e671298d1a1e1eab7f55435ac18fbf921ed07d750d4e408dfa65c9d8acd1b6f2ff42587d0f273821911c5e75bc2a72833f2ba6d363d51eec95dd91139c4449bf0d4fe6c49bd109eab44874acce942828140160f3569d64476ec72875f009b274155602553db1fc8fa20ba015b9ba216b04bf11b3d3e7a3758ab9b6d1ae47fb79ec84c16713295e2c19790635703bf3c092295898daa9d0891988f747ddadf83dac00c8a371b83df539804b72a6b5cf0a722787a36184eea42432ac78c61fac53e20f3882b3ecdd17b3fb33d47573cd59109f4a493425127c974acd2315265a806e5dcb57d4ee2c02ae93d7be0e2e2b48497bc197e817d6127b95287f53b0d9c8c54e74f6cfbb87055ce070b55cf3570a79b66c3c0631778240f8c1b5201caa705eb664728d982db2c0dbac320c1a1343752bb5f28224ef4cfdbeeb3009c8ac3fd6f222c3b58b15a0e81ab9c815cfc6e1e07bebe3b0802e6f3f2af7cff71f4cbc9ac50b84f5c2576adc270e812eed660ed35e3055f20e33ae187f031e76a12181201d811dbf76a9d5cdbd855e8676a3192cc3753ccade2b113ba7266ce8e20f88ed67324016685af24932e2cb10aabea2eb3505108546c9511d7c4d666085c49206617378841547acdad56864159d906b4278a910cd237987b23175b52e84e2668f8fd2550ddae0caf13861580b72e77b8e23ed296837fb996db72383a9373a9a027795c94d7ac3b580bfa4a4d4209a5b6920fd0abd11a4a4519b04cb9bc2d47c2e0dbadbd846a01c9b003fc4e099f6050b6d0648780728f803c0ee43297b5bf8d12bb850bc5d404b937c413b16a9b704844b4e1b33fc2e5383e29d5308bcd4ad5309f90601cf2badc47285c94fb6a15b9d084a08c3364051c095ffbb62d5d065413bdb3f8d3a2fd4ca66f4bf48f93450bcc6e0f4e2ce634fb35ed121a2d035b0590398011dc4c8df69a053e4f1111a139a4e5a98ed7abfb9c971b8d2d4c32ed3f8ed8a32d271d66b5cbd91f71081f0c95118255760279ac25691b706bc01177cf013dfbc3a1b4f92f0c866e5f12245849fe828acfede53fa43f8804f0603a0837c56c76ee1a63d2519b929da396841bcc19a1b074e3c2ef7e82d387ac470847c5a91b3a0f78a39589f857f8a3f592bf50b6846eef0fab34767582354eb4b2a5462d6c4db36a409d79beb8efc6154b3a57492c39068926fbbd0bbeba4ebe0627c5309421dd6caf18b4404a7ea566fc75e63bf360f4789417ca69637a5d5ea36f011f18ad790f0e9113d7cd7fbd576294591072e6d646c872d83a5a6fe87e5390b52ef8aa670086f5b5a6d26f6e179b2162c44f748914c33f80a61604af44dcda4e895d3405b34d58bd0c802d7b04ad1f22239438c41162feeea6fdc08a8421310d6d235e4de0a0d587febf04d8d5f2a34406550aa9a652c8b3a27355fd7f0ab22ebd2283f1549d0ad3d36c3a0f9c4b68bc881674cb5ab074a91571f9a5ffdfa482e35129f1c85d909cd50915e0854ebc6e503b270c47111fb8a154a9e1f21cfab74edcd54c9d1b5b48fd8b03ec7d2b6a87840003d13223d778ecf6f2833abfec61d0a6c111b3c47f07b8560cfc5864bcbad4013ff3f7b6f531648c033bd2adbe56c1e9b0e45f795ec7ce65b284fcbef325d1839f2dec9e8fce21bcff177217efa714957eabab4a81aa9d4d0bd983ef9cd5690face929e5bf33de7b03fa3c6171510255b0907bce9f87a902ab00195a95aad32aea686ab96a611d07375bd90a0132dfd78c0b660eaea45df2f1501ec92cfd7c7c728b33149b0b7511da31dc30f8347d8767e6f6334963b8e0c3660e2143571466b15a9d5039a2ee60998741898bf6942c449be8c1663f8235e302c40b75b60539c72c6b7583f9b74674d5f2fd1ebeac4cfec8c140412c3f0fb3bb054a65f839d9abc331ddc09ad0017c632686632ff4fbee1d340475720b89998807568b0603801ba4d3a24302da3f025404a02a66d50f11b8968d40ed885d30f9cd91fe75db2fd8bf8f93f0d44a03b46636a20421921f360a6e89174e8611831563ac6e39d34d9c07d2a6088c69579ccae0aab4cd6a8bed1899419aff7d5d2169f6b248ac4562492825939808ea245f09a3895bb5c280a4f977fccc412e9cc58fbd6d6411a5c6add3d3d8e7e9fecdda6fa3af7e5af626e3721129ca41dee57ff1ccfe93bc83f1107baa35b4ef7abd900743e86fcdb5496c65a8f50d46231cdc9d3460acae8bcdf055fee6af0c3c43c06723f619e2d96386a8cc41fd81b9bb1e4ac895412514b6f6a41b89f3e39f940c32c6b879231bbdcb00603cb193060a1018af8e42ec4668c648cda9ae8be4052e9868acd86f572d72e401633f180bef2088a3c10e7ba1fc1b58c9b646e141313e2315c7494d51b07b76dbeadbed604def3192a12a892195f0692e460204447994bdd44f0e3fe0945f4fcc51aec1e27554f52e9d6589cea97ee5cf8e73ff8c8198f417b5090996f547a8a2845b666e9da85cc897af2d3962ae909707cbedfe2eb437a7ad1578a72371581e5483843709a75d5f4084e86aa2100d58d05ca9bde1dfbc533d4f961134828c4a49bd5ef225bdaa62d99342f89fb2d71e12572a4e5a78b5a836938c8518d85764ac8a0cfe2e94de3150f3965f4beebabc684d729293edfb7bc0cabeac7b9decd865ecabc463fb1b540a108e89cc1768519adf9ff4a09251a23a85d7188b04af0933e931c1c707f3a4dd62dda81f5ade59845df75e80c51285c180bbc7a0c5dd980ae285f1f5ed446e7bc08327fd74ad549b85acefdcb116b7f5d11e850fb2256ea4b90e8dde019c13605611c0fb3832f210548901e5ca599558033a98e06115730f7cfb5cbc7a6586162ae4386eb5d73c9258a66a2203defeccb8414d706c1d1aaf5552ff814417e315e6e8c6432b43ff27e1ecdcd4d38708140dee7458baaa4ff2d0da07de4bd66e9bea95f95b5ca81fe252a882512e6033bd8e56c39c9829d4ea5486c713ea35230c48395232ebac2f4c9689dad99e388db0abeabd42be00e387a92b571284b9f90f7d4eb0bcf647228d556768546a3f04c3d7c5d7f631bf5e5ee002bcd13dc6b24ee811a409e10295b93f2675822f2be9bec03c412fc72720560616b37dcb8ea8c6e79471be44e0668cee821afe28b3fce79edb40f2fed5e9052f8cb700f561a5fae118864c587fce1c2f9d13bc776a48ecd0ad3f33df3a9632296079216d6d1ba4d3a537b4382bccb9f1be2c9be08f2dcf647c95b3e590c21780b8f35a5395802856dad63dd99b631db399cb933f1867f255c67c2593f795aee9c36230c901246d9ddc98f33e8938c2f15c5b9fd3638c78a4808b4004ff2c7b49c0452aadf6f7e3ebc7b8722d2f319fd852b47c4a91e33884ef5cc38b0a00b3d1cd928136fd781299158ccd5016d14030660d37ced8f749a58f8232494091dfeb478c26ffcd189706d06489cd50d2b5892f5d3487e5fc46db6d297d6045af20c63e540961607cdd541f882fe9848f6dc998a9a078474e7285930f0faa1d455337b2e515197cbd0c7528a8575a4f6fc9a4232c4951979b2bd1faa38bfb62b3b84df1651ab01b47abca78cc991139bef32987e13f34f22f9b5f9b45fc91d136ae3ee2b319df4e0aee528b790960392b47c46f95a5700b8b5146dbea8963473f1c2b4178cc2f5379bd0415c2b5578508e937eaa82c8a5e5a28a836bcfa08b199b5be4d19d6055979b75cdcef401740928421b3e34809acc3b0243837258f48df86f1d7d4f8932ea7c9214a3288078a32e19fada166093f1286010d6d4777a008a11b3745590e3d73e2de9eeadfda6923e3876d99ba86338aa7eeca6dfcb3a13a263b5142476aabf2457f2da01529909245aaa017f242ef1027c812614730cc0b389921ab2e5a7156cbc035500656cdaa9bbaa00750541d3f95d24d1fda17b8ae50cb61f56a0f04e6833c7503848d911cf3dec37395469ada07e80ba794c03190c40add05accddcb91630d1598addf85d243158e0dbcddb36a9c9927d78de4a3e5bd47b6f8a0616056c6acd27420932636eba3efdef36773f496b4349a2efedb83149b10b159aa5032ecedfebf525d56a8a74eae8f9653229de33f290d4d0d958123d150d36de89d4198afb7611c0f2659320bc6b1311fa20fc909e70c5809c381ba501de6b682eadaf629900abd1b063f9fe77d718bc9ab5186369deeedf06e46da4cd9746b17e16766ea63c9a2ce4411379f0cd8dd84de47634dcf12b1f2a4363123c224ef0bb01aa3c55dfb25d010d3c9fa6587a0651bafb5b42689947e7ac95e247c6061d6cb5466536d6ec2ae96e387f29957c500c4ac1f166f263ca3cb2e23132ccd5f5c2782e26703b91184f9f595db37d7ef41c4e3faa40e004a7234c95d6166efa578ae8acd172ead8c74e14e37e00c4c121a241d7670d5822a5bceab1602059ad0a7e2309c237dc5bdbaee1e2b92af03f08ca4162ca14dc7cc75b84a96c2704c74870217b69adfbf10efc211c82d2bb7e4269db1bf47484da58ff0e91d498899a668bb824125253c74b888670054d2e68c9c35655e61f93095d6b662147174ddc71365212f552a9f62f718b06208716a0f3742e3aaea6cccbe20c6a32eb4de861bb801705c16764f8b6520be211b4a32b8d024102b7aa9c575366a32874e40067b77a34999a452243036bcb34027b014d3aa814a311d233898e6510a98ac27000274251caee917b1cf35d815c8348250fc406e9404088b86b5d2487387a08e2d8f04be80f75fb4637d151be0736de66c2189720baf9f04c0291769edf44736ad4", 0x2000, &(0x7f0000000f00)={&(0x7f0000000000)={0x50, 0x0, 0x6, {0x7, 0x2b, 0x8b84, 0x2882c05, 0x5, 0x5, 0x0, 0x101, 0x0, 0x0, 0x2, 0x8}}, &(0x7f0000000080)={0x18, 0x0, 0x1, {0x7f}}, &(0x7f00000000c0)={0x18, 0x0, 0xffffffffffffffff, {0xb}}, &(0x7f0000000140)={0x18, 0x0, 0x10, {0x5}}, &(0x7f0000000200)={0x18, 0x0, 0x2, {0xffff68a9}}, &(0x7f0000000240)={0x28, 0xfffffffffffffffe, 0x2, {{0x1, 0x9, 0x1, r2}}}, &(0x7f0000000280)={0x60, 0x0, 0x8000000000000001, {{0x8000000000000000, 0x5, 0xffffffff, 0xffffffffffff0563, 0x5, 0x7, 0x10, 0x3}}}, &(0x7f0000000300)={0x18, 0x0, 0x6, {0x2}}, &(0x7f0000000340)={0x14, 0xffffffffffffffda, 0x4, {':,-\x00'}}, &(0x7f0000000380)={0x20, 0xfffffffffffffff5, 0xcce9, {0x0, 0x15}}, &(0x7f0000000740)={0x78, 0x0, 0x7f, {0x0, 0xdd, 0x0, {0x3, 0xf373, 0x9, 0x8000000000000001, 0x8, 0xffffffff, 0x4, 0x100, 0x8, 0x2000, 0xbd, r3, r4, 0x7, 0xfff}}}, &(0x7f0000000840)={0x90, 0x0, 0x100000000, {0x0, 0x2, 0x4, 0x2, 0x9, 0x3, {0x3, 0xd49, 0xfffffffffffff624, 0x3, 0xde, 0xffffffffffffffb5, 0x5, 0x45c2, 0x1, 0xc1f108b3a2484d35, 0x9, 0xffffffffffffffff, r5, 0xb424, 0x558128d5}}}, &(0x7f0000000900)={0x90, 0xfffffffffffffffe, 0x0, [{0x3, 0x80, 0x4, 0x8000, '\\+[^'}, {0x5, 0x3b, 0x4, 0xb, 'syz\x00'}, {0x5, 0x6a, 0x2, 0x1, '+\\'}, {0x0, 0xe, 0x4, 0x7c2, '}.\')'}]}, &(0x7f0000000b00)={0xb0, 0x0, 0x7, [{{0x2, 0x2, 0x8, 0x1, 0xd, 0x9, {0x5, 0x6, 0x101, 0x1ff, 0x0, 0x2, 0x1, 0xae, 0xac3, 0xc000, 0x40, r6, r10, 0x1, 0x6}}, {0x3, 0x2, 0x1, 0x80000001, '!'}}]}, &(0x7f0000000c40)={0xa0, 0xfffffffffffffffe, 0x4a, {{0x5, 0x1, 0x40, 0x80, 0x40, 0x81, {0x2, 0x6, 0x100, 0x0, 0xffff, 0xffffffffffffffff, 0x2acadb1e, 0x8, 0x7271, 0x4000, 0x58f00000, r12, r13, 0x5, 0x5}}, {0x0, 0x7}}}, &(0x7f0000000d00)={0x20, 0x0, 0x80, {0xff, 0x4, 0x2, 0x7}}, &(0x7f0000000dc0)={0x130, 0x0, 0xf, {0x7fffffff, 0xfff, 0x0, '\x00', {0x4000, 0x4, 0xc, 0x0, r14, r15, 0x8000, '\x00', 0xb89, 0x9, 0xc51, 0x8, {0xd, 0x40}, {0x4, 0xd4}, {0x56, 0x8}, {0x4}, 0x47, 0x4, 0x2, 0x5}}}})
syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/cgroup\x00')
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000540)={0x4, 0x100003, 0x2, {0xb, @vbi={0x50c, 0x1, 0x370, 0x32525942, [0xb4ac, 0x5], [0x5abc, 0x4000003], 0x2}}, 0x9})

30.460655413s ago: executing program 5 (id=2876):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x84, r1, 0x5, 0x0, 0x1003, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4a, 0xe, {{{}, {}, @broadcast, @device_b}, 0x0, @default, 0xc01, @void, @void, @void, @val={0x4, 0x6, {0x3, 0x7, 0x7f, 0xfc}}, @void, @void, @void, @val={0x2a, 0x1, {0x1}}, @val={0x3c, 0x4, {0x0, 0xf9, 0xab, 0x40}}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x1, 0xdd, 0x8}}, @void}}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x11}, @NL80211_ATTR_HE_BSS_COLOR={0xc, 0x11b, 0x0, 0x1, [@NL80211_HE_BSS_COLOR_ATTR_COLOR={0x5, 0x1, 0x25}]}]}, 0x84}}, 0x0)

30.370618992s ago: executing program 5 (id=2877):
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r0, 0x84, 0x80, &(0x7f0000000000)=""/4103, &(0x7f0000001080)=0x1007) (fail_nth: 2)

30.291069494s ago: executing program 36 (id=2877):
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r0, 0x84, 0x80, &(0x7f0000000000)=""/4103, &(0x7f0000001080)=0x1007) (fail_nth: 2)

2.340285762s ago: executing program 7 (id=3159):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x1c1900, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x4, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x40000}, [@call={0x85, 0x0, 0x0, 0x7a}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380))
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000280)={0x2, 0x0, {0x1, 0x0, 0x2, 0x2, 0xd8}, 0x5})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000140)={0x16f, @tick=0x7})

2.290324904s ago: executing program 7 (id=3160):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_TABLE(r0, 0x0, 0xd1, &(0x7f0000000000)=0xfd, 0x4)
r1 = syz_open_dev$dri(&(0x7f0000002580), 0x200, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, 0x0)
memfd_create(&(0x7f0000000140)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x17?&^\xe1Ob\xe1Y\xd6\xeb\x91\x83;\xeb\xf1\xd0\xe3\xe5\x19T\xff\x01\x00\x00\xe2\x9f\xd9\xae\xcf>/\x05V%$6\x9fU\x86\xbe\xcbx\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\xaa\xe6\x05\xe4\xc3\x90\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4\x84$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8\x83\x87+nM\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?\x87\x84\\/y\xed\x01#?\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\xa3\xcc\x9b\f\xa7\x8f\x91O\xc9\xb9\x10M\x8b\xd0\xc0\xb8L\xbd\x1c4\xb59\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xdc\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5W\xfb\x82\xac\x19,\\D\x91T\xfd\x9c\xb8\x8b\x88\xa5\xcc\x8fI\x00\xf0\xc9%\n\xa7\xd6\x0f:\xb0\xf5?\xc3\x88\x1e\xbb-\xa6\xecA\x92\xaf\xa4Xl\v\xa5\xca\v|\xe2L\xac\x80\xc7\x15\x96fh\x83\x15\xc7\xea\xd5\xe8\x89W\x11\xd7oC\xe4\x06\xa8[O\xe6\x1d=\x87\x93\x0f\x87I\xdf\xb1\xeb\x89\x11.\x01\x00\r`\x1e8\x94\v)\x06B\xf0\xed\x91 )y\xb4\xba\x01\x00\x00\x00\xad\xf1\x92/(A=A\x8b\xa5\xb0\x89\x9e5\x12\xa4\x9a\va\xdf\xf4\xea\xc6\xc7\x10g\x1d\xd5\xb0\xbb\xd2\xfc]fC\x8d\x0f\xa6q\x0f\xef\x90\xfe\x94k\xf1\xb8\xfa\xbbb\xb1\x03\x99\xf7\xfd\'\xae\x906\xe0\xaa\xdbtWWH\xa4L\xb5pe,\xdfN\x0f8\t\xe7X_H\xd4\xe3\xb2,oj\xbaL\xd3#\x87|J\xb9\xd0\b\x00\x00\x00\x00/ \xe4]@\xf7mA\xe8\xd1\xf4:\x00\x00\x00\x00\x018\x1c\x95%o\x05x\x1a\x90\xf4\x03\xe7\xe9\xa9Z\xd9G\xb6K[\x94\xfd^\xdd\x04\xa1\x83U\x900}!\x8b\x0e,M\xc0D\x15\x02\xde\xda', 0x0) (async)
r2 = memfd_create(&(0x7f0000000140)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x17?&^\xe1Ob\xe1Y\xd6\xeb\x91\x83;\xeb\xf1\xd0\xe3\xe5\x19T\xff\x01\x00\x00\xe2\x9f\xd9\xae\xcf>/\x05V%$6\x9fU\x86\xbe\xcbx\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\xaa\xe6\x05\xe4\xc3\x90\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4\x84$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8\x83\x87+nM\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?\x87\x84\\/y\xed\x01#?\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\xa3\xcc\x9b\f\xa7\x8f\x91O\xc9\xb9\x10M\x8b\xd0\xc0\xb8L\xbd\x1c4\xb59\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xdc\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5W\xfb\x82\xac\x19,\\D\x91T\xfd\x9c\xb8\x8b\x88\xa5\xcc\x8fI\x00\xf0\xc9%\n\xa7\xd6\x0f:\xb0\xf5?\xc3\x88\x1e\xbb-\xa6\xecA\x92\xaf\xa4Xl\v\xa5\xca\v|\xe2L\xac\x80\xc7\x15\x96fh\x83\x15\xc7\xea\xd5\xe8\x89W\x11\xd7oC\xe4\x06\xa8[O\xe6\x1d=\x87\x93\x0f\x87I\xdf\xb1\xeb\x89\x11.\x01\x00\r`\x1e8\x94\v)\x06B\xf0\xed\x91 )y\xb4\xba\x01\x00\x00\x00\xad\xf1\x92/(A=A\x8b\xa5\xb0\x89\x9e5\x12\xa4\x9a\va\xdf\xf4\xea\xc6\xc7\x10g\x1d\xd5\xb0\xbb\xd2\xfc]fC\x8d\x0f\xa6q\x0f\xef\x90\xfe\x94k\xf1\xb8\xfa\xbbb\xb1\x03\x99\xf7\xfd\'\xae\x906\xe0\xaa\xdbtWWH\xa4L\xb5pe,\xdfN\x0f8\t\xe7X_H\xd4\xe3\xb2,oj\xbaL\xd3#\x87|J\xb9\xd0\b\x00\x00\x00\x00/ \xe4]@\xf7mA\xe8\xd1\xf4:\x00\x00\x00\x00\x018\x1c\x95%o\x05x\x1a\x90\xf4\x03\xe7\xe9\xa9Z\xd9G\xb6K[\x94\xfd^\xdd\x04\xa1\x83U\x900}!\x8b\x0e,M\xc0D\x15\x02\xde\xda', 0x0)
fallocate(r0, 0x0, 0x0, 0x3fffff) (async)
fallocate(r0, 0x0, 0x0, 0x3fffff)
ioctl$FS_IOC_RESVSP(r2, 0x4030582b, &(0x7f0000000080)={0x0, 0x0, 0x9, 0x100000001})

2.290187762s ago: executing program 7 (id=3161):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x1f, 0x0, 0x14}, @ipv4=@udp={{0x6, 0x4, 0x3, 0x1b, 0x65, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x1a}, {[@timestamp={0x44, 0x4, 0x1c, 0x0, 0x6}]}}, {0x4e20, 0x4e22, 0x4d, 0x0, @wg=@data={0x4, 0x2, 0x8, "e8771ac366586e56f446dcd22ec94c672f1cd650516a2fbeddd0cb5cffc4ef63a1c2be9551171e48bb8559ac9077c099289048d76d"}}}}, 0x73)

2.13970089s ago: executing program 7 (id=3162):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x0, 0x3, 0x14)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000001600010a0000ccc0240000000000000a"], 0x24}}, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x8, &(0x7f0000000000)=[{&(0x7f0000000140)="d800000019007b29e00212ba0d8105040a601100fe02040b067c55a1bc001400090006990600000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e9cb5000000000000", 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x0)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x40)
fcntl$notify(r4, 0x402, 0x8000003d)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x0)
mknod(&(0x7f0000000140)='./file1/file3\x00', 0xc000, 0x9)
rename(&(0x7f00000003c0)='./file1/file3\x00', &(0x7f0000000100)='./file0\x00')
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002d00010000000000fcdbdf250401f2800c001a"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
write$P9_RGETLOCK(r3, &(0x7f00000002c0)=ANY=[], 0x200002e6)
fcntl$setpipe(r3, 0x407, 0x7000000)
fcntl$setpipe(r3, 0x407, 0x100000)
sendmsg(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000002c0)="b74995b4bbde1ce8937da8cf5e10a4eef70ea5f337277887f8f5279da0547441dcdaff3db50b0ccddd32c320e8886e5e9d604467ac6006897bffb2a156ebd366cd0cca4ba0d1e14cb630a246d8a813272e16a1004dbb2bfadbcdf6d54a9be7943ec8e59f7d191941ea6a9ab156db2b5ce8c4a8b4817042de90bdd1f2a7febc19c726746f085254e524f23f1967244100fb995fbc1817cc5cd433af6087adf491d594a88dfc3edcb15b81304bf161b05fd0a1f4a13ecc775f0aa54fa196885c587ac51ce94d0c6cf9251257a93c0b74d06a3dfd337a727816461d2936fac722e8a4f2bf", 0xe3}, {&(0x7f0000000ac0)="9b7c46ade1b4c1eca8d730f9ffe07b147afeeb1dadeca96929e2896bda27216a50cf2c0a1dd1de303f858733cec0cc475d12b5610aad3cac28cc15aea9b22f487636bfc22ba9203e5993dca6d2628fc2d572d9e2d27187e2610c37338e081b", 0x5f}, {&(0x7f0000000480)="4a9bd3561e8f01f90f0cd566ceba8a951788fc275ba1be31ed64f422ffb794011a89d9549cf085ff5c301a3e4d278fc1af1e12bfd81a8a1792192deab758aba17233c7497e52307b3715d7e131523b2ce2bc57733e8b1838840e8a5a", 0x5c}, {&(0x7f0000000500)="5d5f7601b5b070c643a115672cf8872d43c0d92a27f8c788a611c7394b637ef1c51409ac0d1cbe5459ca70ae02f1020150f91fef6755aa0041e9b17981b5177e6c0e6719f4dfaddbb7dff29e69f821a8af418e338117815510491bd823c0cf2f67b67a77e5a0b336d5a27d7b663f7b229d347cf7c98d1070a0f8857b8083194b0d4daf21f4c80d4c493207d0af8a196d3a3c9259da7a4a847b5eb62d3191e818c10f5061bf2a8571b2d8", 0xaa}, {&(0x7f00000005c0)="ea1cd7b32b6d44dbdabd73b943a4c19144eba31e13c0585a37ff8fb53f93582c4a773e8cf642267aa8103161d95b6ecf4a59f56cf3723ffa4846782777d780d94abee226a025d41d3552b9fe87026177b3129ef15c85022f1b52b3474e260fd8168b21862a554c4c519704040c87b5e54611c817ae5b8a81032423716bb97bbbbba55c8182e6fb540bd9d71c803ee0b7", 0x90}, {&(0x7f0000000680)="26433838578c97aafcda496e9199817453a0bdc7a1a2d33fb14b87049ba8d4d2033172d925e2c7e026b23dbc17ef372e3a0c051b0e6dfc0bb09bbf67c873ac7447b08c2634d401e1daddf6b9f5f3fc2f912a77e51cbcebf6f03cf161f80f2595b4e71d471ac72322b5745d96a9460ce603dfbd3c0a285468fb1eb3f922fb3aeb03bd493e230b1a43fbec11658dd9a2fd597f1d6d94075fcba563e8458775c1aefe4f21eb47b902a30e08abbefe921fccce4fc6e4c7dcaa53b05b06df9ca60ffeffc2737bf3ad374cc90b5d6830323da8b67958ad5dd1d984a1ab43490e8faa8c3c0f04aae83dd6", 0xe7}], 0x6, &(0x7f0000000800)=[{0x30, 0x111, 0x7, "629c8d3bb68a98a333136646cfb5492f7aa63c540e325720110990"}, {0x78, 0x6, 0xb, "a4ceb743dfd3c9a27378116817e1c7b3b37822d51893dd5c9ad2ec6a6ef2edec881f95e1fc4343b91338ccc256d62049c158cb74fd6e669ff47bded542cb8c56776f0d72693df9446bc4ca98a2d6e3da5b5a19b7d5d7421a9e5e9c1c346bd04d81577875"}, {0x20, 0x10d, 0x2, "799a1a399d1dd82080b5"}, {0x50, 0x109, 0x6463382c, "08a11235a253a8fdad3498cfa0e2fbea91a8fc66913d7d02c535dd4fe6aae1db1eb08556b120f08f6dccefad1bd65cbb76d2b2e45d608fc334036f"}, {0x80, 0x0, 0x23b, "3871bca3f6105c0141c5ea76bb63a914b5b38e0b71eef1f68de7f5896764cc603adc1093ced323a881ce50e4cac7ca96ec1e541a3cbb5ad9c9092915eec410166d23697c99f989eaedc7ee67dd9df610dcdaab69a744c5f2637f2a3e0d1e11a3dfd6140000169fb29b40a69ff68013"}, {0x110, 0x0, 0xfff, "c1e50e980a49ee5e6375032febbb07491c3f80267c43e6a98c64708ea7b080a39a6510d9ca0fc5c9e0638de6126588aca6eae6cd145698323a5d86e6d6b5dac3edbece209943e4ef0f2ca8f53596e307d8c3c38ab4f3f2605bde235ccdaec0985bbbae62b54a7bdf7b7f9305a4808090d82a5b70f41bdca1d35ac850192fdcd9e366ba432806f2ac798ae45434cc86a5697d38559c7d401c7aa1883028d0918bce3d980efcc510b96ea717fd0d23505b717d149b1929453979c30011cb5efb27fd429ba14e3797619d28cc66e615d90ed3fd2b9aa777a2492f7fa5cf5b6223870aca792a32c766724f9cbaaa0cc218c85ab9b45a66b1112d34120a"}], 0x2a8}, 0x44005)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000100)={'\x00', 0x0, 0x0, {0xfffffffffffffff8, 0x10000}, {0x6, 0x8}, 0xab4, [0x5, 0x7a, 0x1, 0x4000000005, 0x40, 0x66, 0x1, 0x5f, 0x2, 0xfffffffffffffffe, 0x2010, 0x4, 0x6, 0xffdffffffffffff7, 0x621, 0x7]})
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='omfs\x00', 0x200000, 0x0)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet(r6, &(0x7f0000003bc0)=[{{&(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f00000008c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x28}, @initdev={0xac, 0x1e, 0x0, 0x0}}}}], 0x20}}], 0x1, 0x48040)
sendto$unix(r6, 0x0, 0x2, 0x0, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
r7 = openat$ndctl0(0xffffffffffffff9c, &(0x7f0000000000), 0x169101, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(r7, 0xc008640a, &(0x7f0000000180))
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYRESHEX=0x0, @ANYRESHEX], 0x34}}, 0x0)

2.139297528s ago: executing program 6 (id=3163):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x5c, r1, 0x400, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x10000, 0xf}}}}, [@NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_STA_TX_POWER={0x6, 0x114, 0x7}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0xca}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x4}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x1c00}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40}, 0x4000004)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB="b58d009071ce15713f05fb86ea97a251d5c3de68091a00b6c910e666325af87bfaa45164d77f60633dde7d00"/59, @ANYRES16=r3, @ANYRESHEX=0x0], 0x44}}, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x8000, 0x1f7)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000003e000701feffffff00000000017c0000000039a0040008000c00018006000600894f0000080002"], 0x30}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)
r6 = fanotify_init(0x200, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
fanotify_mark(r6, 0x2, 0x2002, r4, 0x0)
r7 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f0000000200)={'\x00', 0xfffb, 0xc78b, 0x4, 0x9, 0x3})
ioctl$BLKTRACESTART(r7, 0x1274, 0x0)
fanotify_mark(r6, 0x441, 0x103f, r4, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="060000000000000071113c00000000008510000002000000850000007600000095000000000000009500b50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
mq_open(&(0x7f0000000040)='devlink\x00', 0x841, 0x27, &(0x7f0000000140)={0x0, 0x2a, 0xfffffffffffffff7, 0x5})

2.047937697s ago: executing program 6 (id=3165):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)=<r1=>0x0)
r2 = getpid()
stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000002140)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='initcall_start\x00', r4}, 0x10)
r6 = gettid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={r6, r5, 0x0, 0x0, 0x0}, 0x30)
read$FUSE(0xffffffffffffffff, &(0x7f0000000680)={0x2020, 0x0, 0x0, 0x0, <r7=>0x0}, 0x2020)
r8 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
setsockopt$sock_int(r8, 0x1, 0x2a, &(0x7f0000000140)=0x2f, 0x4)
recvmmsg(r8, &(0x7f0000008880), 0x483, 0x44000102, 0x0)
sendmsg$netlink(r0, &(0x7f0000000580)={&(0x7f0000000040)=@kern={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000003c0)=[{&(0x7f0000000080)={0x54, 0x2e, 0x300, 0x4, 0x25dfdbfc, "", [@generic="499661ee59cabdd917ed9d5570204c08aa9e55f68a84d4c763d958eff31458e862675f95cb50398d5523c9c50faac80736c42f64b07138dab0d2782054f9d26a8bad18fc"]}, 0x54}, {&(0x7f0000000100)={0x18, 0x26, 0x100, 0x70bd26, 0x25dfdbfb, "", [@typed={0x8, 0x32, 0x0, 0x0, @fd=r0}]}, 0x18}, {&(0x7f0000000140)={0x34, 0x38, 0x100, 0x70bd2c, 0x25dfdbfb, "", [@generic="4a6eab33abd28457c0b044d5334066ed08f309582c441e6e61c2231c058b488d83"]}, 0x34}, {&(0x7f0000000200)={0x188, 0x14, 0x4, 0x70bd2c, 0x25dfdbff, "", [@typed={0x8, 0xac, 0x0, 0x0, @pid=r1}, @nested={0x108, 0xa7, 0x0, 0x1, [@generic="ceeaa5ebc4032527cfd4aedde4ccebec3058d3facee249a02f07de8c62b29958ad764a9e7db6e482d5f9004d3fe2cbd64c52f846f85d6536a1e6743d1ada5622f2e9c7bc1cd681072f33a28c440405d4237ec4e36f2cd0cc149c47c76857b62a876a4a67568db40aff37f2defd8762defad02f191b7466d7d05b6044e3ab10ae6d593dc37465fe9b72f0e156d74e76c0be39f24baf23b0a9c1bea306526968559430aeeb8253822705b320ccf7af8a8ae34c7e1095e58c821bfd32f98c104a98703da4e3f6827674c5d69b740318f4f421aad87645ebc90d2145762bd3783f4f101a34e6cbad46d294bd79ae4d089a5e576ba9ba", @nested={0x4, 0x117}, @typed={0x4, 0xf3}, @typed={0x8, 0xeb, 0x0, 0x0, @u32}]}, @generic="10b275ded75b0a0d1e47589c805620d60501d27e130c5e3b60d7fe1b7c61c40335668804c37b12559b566d9fbdbfad48e9962e3d4d8901dfee57ed01559e27ba07ea701a63768ba1922631cd1825bfba88a3965ea8552e7d63d14fc6b853bf222d735dc83e2ff0", @generic]}, 0x188}], 0x4, &(0x7f00000004c0)=[@cred={{0x1c, 0x1, 0x2, {r2, r3, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r6, 0xee00, r7}}}, @rights={{0x14, 0x1, 0x1, [r0]}}, @rights={{0x14, 0x1, 0x1, [r0]}}, @rights={{0x24, 0x1, 0x1, [r8, r0, r0, r0, r0]}}], 0x98, 0x40008}, 0x800)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000640)=ANY=[@ANYBLOB="140100002e00010000000000fcdbdf250101f2800900180008ac0f00000000001400010000800000"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)

1.940076194s ago: executing program 7 (id=3168):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000080)={0x48, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x2a, 0x33, @action={{{}, {0x7ffc}, @device_a, @device_a, @initial, {0x0, 0x400}}, @ext_ch_sw={0x4, 0x4, {{0x0, 0x0, 0xb9}, @val={0x76, 0x6, {0x4, 0x5, 0x1a, 0x3}}}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

1.939603208s ago: executing program 7 (id=3169):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
syz_usb_connect(0x1, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000800)=@newnexthop={0x3c, 0x68, 0x901, 0x0, 0x0, {}, [@NHA_GROUP_TYPE={0x6}, @NHA_GROUP={0x1c, 0x2, [{0x1, 0x4}, {0x2, 0xd4}, {0x1, 0x2}]}]}, 0x3c}}, 0x0)
write$char_usb(r1, &(0x7f0000004840)="643e72e43f8d0f221d", 0x9)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000180)='./file1/file0\x00', &(0x7f0000002280), 0x2, &(0x7f00000044c0)=ANY=[@ANYRES32=r3, @ANYBLOB="4a40de502a9ffc2504005d6ba24737d10d153fedb26376851b3e4854180d36741f49c5eead32de4bf1a7c628ad752694b8bf62fe6f88ac3ed35f9cf38a5a93ae0b2bf1fdb5b0597b209ba9", @ANYRESHEX=r3, @ANYRES16=r3, @ANYRES16=r0, @ANYRESOCT=r0, @ANYRES8=0x0, @ANYRES32=r0, @ANYRES64=r0])
read$FUSE(r3, &(0x7f0000000200)={0x2020, 0x0, <r4=>0x0}, 0x2020)
read$FUSE(r0, &(0x7f0000002480)={0x2020}, 0x2020)
open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/hardlockup_count', 0x800, 0x4)
read$char_usb(r5, &(0x7f0000000040)=""/236, 0xec)
write$FUSE_INIT(r3, &(0x7f0000002300)={0x50, 0x0, r4, {0x7, 0x9, 0x0, 0x31008003, 0xfffe}}, 0x50)
read$FUSE(r3, &(0x7f0000004580)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r3, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r6}, 0x10)
sync_file_range(r0, 0x8, 0x3, 0x3)
write$binfmt_misc(r5, &(0x7f0000002380)="5af51af9d1994ae48d4682b91cc0c8ed56011225a232764d49c8021bf42f94fca707c7e7e24592ee70746680906df7c0a6b142d1fb383bda96c854e19c9c9e15c220676cce7bca9b3ca344d3219a477269216c9fbc5a13c0928c034c9006375e99f44902e92c66a1a94676b9166db9a6b54dbc272df37f061f7de0b9b96af74286c9e13b4391bd722a6224ffc016ce", 0x8f)
r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
fanotify_init(0x0, 0x2)
dup3(r7, r3, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r8, 0x0)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)

1.229902745s ago: executing program 6 (id=3176):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0xf000, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0xffe0, 0x3}, {}, {0x3, 0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x9, 0x4, 0x4, 0xb, 0x6e}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x4040011}, 0x0)

1.119601359s ago: executing program 6 (id=3178):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r0, 0x3b87, &(0x7f0000000140)={0x18, 0x1, 0x0, 0x0, r1, 0x1}) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b7000000ff00001fbfa300000000000007030000f0ffffff6a0af0fff8ffffff61a4f0ff0000000066040200000000001d400200000000004704000001ed00006203000000ffffffcf440000000000007a0a00ff00ffffffc30300fff1000000b4000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebaa0f040000c72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204ab3949006c3172171652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d156ae8383117c039862198899b212c55318294270a1ad10c80fef7c247afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15f279b513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aa0000000000000000832371fe5bc621426d1ed0a4a99702cc1b692c3f0b15629eaf4c12a1e717d29135753208165b9cdbae2ed9dc7358f0e3adde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbad937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594807031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac42738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca9be8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998802008f0232b39578052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91ed92cac7c2ccd17d338bbda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922928e000000ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abb8a9982ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139566fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe6290421338ef8f6d27117cd1471bf3c0b64416fbbe955da0281e7ef7f7d5176150e86cda98d07f7de2088cb2ffd1d4c71097635c2bb3d9a0b01e757256ee427f0a244d48682bf89e2279b383b616b40f116172bc1b995eb2c1220597af8df52646f1f0cb65cfa7e038e8bb5d4d52b86a61d82dc14a4f5cc7e6061c65ccdbc2afc3f363ecf34ad0b227687c3ea8d63683ddd5914116edd9e075da9e3638647188bc8f95107c9250995eb6cadcd0f65b8504ff10304f2ceba275f9d485ed5554d64005db877f0fbb3beba59666ff66f132d5077835823592d6d392f5ff62f6f876eb10d8cbf0a73f8421b74c8916e4077b8866c95ad88bc7130244183ed216210f10f69b3e0ee13d06e4eb240cce5ec1c3b1defe4c0f8b83a34ef4f5f8f9ceefb678ad29d3683e3c44a01549e55ffca41c0b06e013f054257646c58b667ec0701004c239589b3e64ef5e1d5ed22b5fd5a90fe3453327c3652d5c9762428f0bd0178d1b80a60f64343ab77d8baa0a388711c8d2d6d3e9049814b15b6ea21387040989d69c3aa27256c55780f33d20823d8e2eb6e56850162969bf4c6c9632a55cf5be00"/2944], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x4a)

1.119298199s ago: executing program 6 (id=3179):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone3(&(0x7f0000001240)={0x2d000000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0x3, 0x2)
write$tun(r0, &(0x7f0000000040)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x14}, @ipv4=@udp={{0x6, 0x4, 0x3, 0x1b, 0x7c, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x1a}, {[@ra={0x94, 0x4}]}}, {0x4e20, 0x4e22, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x2, "322dea01be4e700e340201e051406c07b13d48fccb52b246c94dc495e3336fcf", "f3b22d74847de02639d142c954fa7ca4", {"756ef9830157ec539cd4529060075dfa", "59514de9b7f735f9e9e8250ff41c5207"}}}}}, 0x8a)
dup(r0)

1.029416541s ago: executing program 6 (id=3180):
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x90044802, &(0x7f0000000100)={0x155, "152b53dc13c07ee0f2d860ec11beef80636d7de358c8c8a1fe8d9a95b540e64d7f7c0ad0bd7cddacadccdfb24b8cf8b1ae979e03d3122427ff0e209caeb9ab71d8c26a28c7855fd2641e4b22667160237a1c412ad0ff7fe5b39fc6c8b3b6208f9219a4359a72b7ecff84bded85ae2dd14647c0e3aa5c3a2bfb0456fd3126f2cd528e366830eda150e526693380b2863c599acb5455be6fa3c30184fd21c14f291c7ccdbf343a9c562ca860a4e56b1be79da28b1abcba8640aa10681c3984555404fd6c64fbf0708942a981030cd760fff1d22079f95e5915ae5cb3d3982ae28a58e9a1738e93b336e64dbd88f0cf55267e5721606771c3196a77628da3084eccb52c89cd1d2e977b777293407b7e10e95a2aab7a4e54f1c10c3c8953d386e4c29983728c36c2cfef4c9fa188da0a62ef6d259d714b87ebecfe73aa6180d0d85135c3a0fbffefbd29ecdd30c64911f4062e24e809cc"})
write$char_usb(r0, 0x0, 0x0)

493.425626ms ago: executing program 8 (id=3184):
r0 = syz_open_dev$dri(&(0x7f00000002c0), 0x1, 0x2100)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000300)={&(0x7f00000001c0)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, <r2=>0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000200)={r1, r2, r3, 0x400000, 0x80000000, 0x80000003, 0x0, 0x0, 0x5, 0xe, 0xc, 0x31e})

390.384316ms ago: executing program 8 (id=3185):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000500)=ANY=[@ANYBLOB="01000000000000007601"])

305.903309ms ago: executing program 8 (id=3186):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f00000000c0)={0x2})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x70bd2a, 0x25dfdbff, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@FRA_GENERIC_POLICY=@FRA_L3MDEV={0x5, 0x13, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x8080)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x2, 0x2, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @loopback}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @empty}}]}, 0x50}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c00000004000000040000000180000000000000879d5ffb74d54b4db0e65e8e36a9cc69132500a78b548107a295837325b32e51b9c730ebb6065b2b705f04798115edeb3a76cbfe2b9facc9ad904aeb306a31f294314e453cae949264d588577c00f685e1c07115923de0585aaa0a8937a466cd26d635d95180824f542bc507edc8426cdaf86f2505732046ad41b25a07550c40814707479043f6f755db759aea2c58d63d2212c4e435172d0e6e1dfe33175b7e5c042915cf1f6601696b6aeb402680f60a762a6d51e27b825102962576ea1651ff17d6f3d2884a9de4532d80cf0a865601afb8680ae803d12d17a9b60db0d123643ca22a32e4910acbdaee9e8f0b", @ANYRES32=r0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000feffffff00"/28], 0x50)

220.168694ms ago: executing program 8 (id=3187):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000200), 0x280)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000}, 0x20)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'ipvlan1\x00', <r3=>0x0})
r4 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x0)
ioctl$I2C_SMBUS(r4, 0x720, &(0x7f0000000140)={0x1, 0xd, 0x3, &(0x7f00000000c0)={0x13, "0329aedbf37e5ad4a9b6347d1d85ea5c315c660ec032e386e8512900"}})
pipe(&(0x7f0000000080)={<r5=>0xffffffffffffffff})
socket$netlink(0x10, 0x3, 0x13)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r5, 0x54a3)
setsockopt$sock_int(r0, 0x1, 0x2b, &(0x7f0000000240), 0x4)
r6 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r7 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r7, 0x0)
write(r6, &(0x7f0000000380)="2cd889f03e14f3c3", 0x8)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r8, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10)
write(r5, &(0x7f00000001c0)="24bf000011000f2223fa5e15d0460400810000003c000000000000000856000f0001000000", 0x82)

49.450337ms ago: executing program 8 (id=3188):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) (async)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000300)=0x2e12, 0x4) (async)
write(r1, &(0x7f0000000600)="38b28b363c6a7ac422aa", 0xa) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000400)=[0x7], 0x0, 0x0, 0x1}}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWRULE={0x7c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5}, [@NFTA_RULE_EXPRESSIONS={0x50, 0x4, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_MASQ_REG_PROTO_MAX={0x8, 0x3, 0x1, 0x0, 0x11}, @NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_MASQ_REG_PROTO_MAX={0x8, 0x3, 0x1, 0x0, 0x10}, @NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0x4a}, @NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0x43}, @NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0x52}, @NFTA_MASQ_REG_PROTO_MIN={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3cd2e7b3d6526bf5}}}, 0xa4}}, 0x0) (async, rerun: 32)
keyctl$KEYCTL_MOVE(0x1c, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32)
r4 = socket$kcm(0x2, 0x3, 0x84) (async, rerun: 32)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 32)
ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000280)={<r6=>r5})
setsockopt$IP_VS_SO_SET_FLUSH(r6, 0x0, 0x485, 0x0, 0x0) (async)
sendmsg$NFT_BATCH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFNL_MSG_ACCT_GET(r5, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x20, 0x1, 0x7, 0x101, 0x0, 0x0, {0xa}, [@NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x3}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001e40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a09040000000000000000020000000900020073797a32000000000900010073797a30000000002400048020000180080001006c6f6700140002800800064000008801080005400000000814000000110001"], 0x78}}, 0x0) (async)
sendmsg$inet(r4, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001040)="5346f7f875528ef24043c68e04180a332e94ee4784fffee263c06f2d924e8699b6af71aa257b5a316af31628e5148c7012f4d55ce4c29fea9e5b0b61fdf0b2dc866fa81b4e775e235eaebe330e16114548f147b8a966bf1f1fc6c24b9d47d349c87c3f789d2ba608cd25b17b6c80a7f0ceb4a06ff270ff8c9f0d3a19133f1fdfd51b767b8cef1f36e5490c5df5fcb378a6fb6eb5d8aaf7791ce81f61a05e1ebdd1789eb70ac1f3dfed378f6f3e237120052113a75ab977796117f7e7b2d6ee499f51dc070c820d10a0eaef4fc94ddc648bafae070caf70c465267497b3de963df649e113e2060c82b057abfae0798d424c81aeb42796189eb0936a2c547a5c4d6351ed786c75beb926118fb7af49ecc00b545fe2563bd4294a982980afed3f9cf390f304611db4c6d7b64d64f38db5fde5cf7cadb29c697013b710e0218660671d0051ddd7fb7f5eb72a34f469b2e20600000091817eb5b952af43d1a40f4770e7220fcdfe25d3e9747e2af76ece5922724840afdba6f6f9e1d11db8561e8e836413ee04d6e084700ec1ac0e00569f0e4d4844f4710299aabbef615c33e276544669ce074528938ec0cc6d2af1ce7a47a64ad676f08507aa08d4210f979ef4aacfa4d524c9952d4743d65c3c527302942a8880116ce7ebc6c84778346f02c806bb466db7d313d7ebc7ea87823d4a8de0b697929fb3277012327827801f75ca3c5776d1a81acb160007f73148dfaf05ab7eed5a0e603ac468eb2bcd9de5f140758e74c20a9931187e0cbc857aa62a4cec8a62f7e31af3a78cdb8608551cdd68e83aebb3c9e05519184ff996c336553fa6bf16865cd6c4eacf1e360b029cdae41070f5fd183ea0eaae427505d56994ccfd0737aae3abbc45f56710d2e3f2662bf4514044f7fa03cde28fa1783970d3c676cb23cb1923a9feb233267ef663936ccf25f7597a2270724527bf468d22786d0548b25582180b72c51742c4e5c373a1008dd4cfba508e8f3f8ec35e6f1375a11b1fbe2dc09e9fe609e80112c8f5c895c922cd547def707b7252d7afa0030d008b1dd10fd4a56e30237a6e0229fb4562cb8df3d4e64b28e15c075e59554e9d61a6065d49c1e765a49195cf5d6b1e2b6192447817fedfe41fcdf9a4fc5af567906e4b6453da7b97eac255cc253d7bceba09f67da4815438583c6843366b76d9e9277558e48681e9cfa920b47aea0e5c46ef86ea7f1ef534cf7565b24b833ba2cbfe60e6271614850dd68f2a8a6be4f315b83abb8e2699ed8e2a4b3506f9dacbb180c4deeef7489f49faf34cdf4e91a402956564f854d71c892e4aada1c91647ce45d4834d000e8d5be1773ecae388e511228977a69d4cc67fbab60ee1555a219e41eebc31807a87d9cbe88a8b05959e1a988f6ea6ed73a6ac1ec2f3d74d73eaa91a39308e008b7fa1ecc2a020f495750f9936d9c07130d950a777c0d8d131416ef55a4ec041113df65ba4aea92fcb3e2268510f316bd17f04993b6473338fe7c08fd9874e743a31582162232c7d6c614e7b3513abcc0feb99b2c9111300004fe291f5bd682c039183e61c1fdac90b2a015939a8d10b07a05e99e5772b4b9329275cef8de2b066d4e4d421e4a0a69cdd8f674b12f5b3fa764e4b1e9f4d767e252e37477813a03f18da16d598fddcf4be590d9f65f64c647cb2f330a614fe688d3d80182ed8aa59905a1cb0d3f034d927e070d71f56ee8e5c5bdf23c4f85c7a17834467bd6cf58218868fe53e3675c130bbe44bea271fa67999a0dc3dbf7c40dbba6e7d6cc0936bd8d466a1f041883c093a3a60743d0549b1a989a2fa41ff978388014434909053e279a21e7866bd4efb4a9f46b7a8b0d1d84d83020e9e68936ca3de030269784aa29a3e25146cd5b03d21ca82f961be925c9ad487fb24b1e35c2d043ee4b6a4aaf811c4308a6ced6b4c45e7513a3f0e1421cb3b0fd8571a7085c9a4b454e4ee8b44767428666cd108b78369b871ab32f36943e24976f4bb6bd4068cc19585a2de791e3f950d220b28f4ba268d8c9dbccc1a705b1b1c30881babdbc8cc4cf97b801e4d410fd7c61b34b1f126e6df1b0e9c676d1ab5", 0x5c9}, {&(0x7f0000000600)="3001fb90647586f4601659c5ad2644b99bfd65452e947b394c96c29278d097c5f170d77283a744139d2ce2a2f4bb5bb37e7396e7bac14056f25d17145e73bc2461b20ea3fce771f1b32d1585e8a456763cfafcf7189145a6e261af6232014cbf8a0f898bf6d14136874b6a1fd7caf8ec9966b0419be0420dc6e247d1a44f038ae29eb4bc67d6a04e80dfb7715ebafaa20fcbc57ade23cba05da1fbe4bba675b742472eebaabf356adc99866930e146125a272cef5baf5dfad4a28a01208d9908183ab2085a781e531f1bed4ac9c245ec19be383047656a7d857d364e6f69eccea5ac", 0xe2}, {&(0x7f0000000b00)="79dfe4263f037de282e588f3c773eca5f0c383e7425d1573aa90a44223bfeced3ff85afe9d0c0b3b5a7ed7fcdb96a3934fe7af73ee25d5d36ba42e2a858c3d134299abc0393e031db435b2156e55eb2b2b2e2300e0706dfc5c4ec73ba929ffe8a7bb7ce55d95fb6e58560c45d96a58a13aa944b98c481a82927ec071b272b4592616116116527fd2dbc0dfd540810275770aa531098c572f714f6852063afc8358fb33cc7ef5c52565d58643e6805bb8a95460b32b4e26bea604e534d8983790b5e2a180fed88108b0f5a499d5f80b4e4047d9ecc03d21856a4ec0d0d41496d99dddfa9098d327d9559e82fceb2b1b1c7be309200691488d6616780cd4e9020865ef41a22175dc52d35dac1232ae1164d7fee64a50651978436207fca4a9026a8a903e7857324458b7e8a143e6fdac0823c8d1a3ac864ad2d0402344aee2511247e716436fe118e65455da74ef25627785638dfa4bf365840fe12fbf73f0d42bcc66efc8693855156f6151e49471e1b7cccbfb01344f76cca177551c73147c32615b53f74a0b7c7ac25b86a01ce34e72172a77fd", 0x194}, {&(0x7f0000000cc0)="f2a0f0f863621b483b19e7ecfce0d34e53fbf295927214684f4d69e90f0ec506442d2126c3f5ab0cdfd79dc1815274c3ee57068b3793c25fab48eb353478689f452328afb023f75f93229060bc2c82dd05d1e8c3a549a06e280ca4eaf77b4aed57a0c5f6120d25a3d5121895638ec5e2e600000000f5be12a64e075c60dd63e0b00e8f42bfb7671a56925477029cec7e7f16b358404edfb5e7a055fdeb2ba044d0d54e341d1d1ef1eb2c317f587f591626ceed08555ca0b2f31a3e7bf5ba7541db275e6a6b6501b87cc74c4804f6da7d3de93327287204cc97f9cb747576d2ab23a6e35c6da6b3240c92ae18b31cb6e7bc60066994e2cb401c76b1840d3e231621355f10ff35ea91ffd463228d000000000000000e454d3c36efee949f6311c6ad78b5a8f091d2ebb008925107e4a4584dab83f7f0cb5ad94266e71e2b7aaa01cf4f9f5e1d52e1e5086e9633cbee8126a200000000000000", 0x158}, {&(0x7f0000000700)="15c84609b06c6d85a5ca6f3a9a242f214aee4e7093161b717090c0c852a05393abd8992d91576f57bbd3488e85d8456d6c6c09de5c5228ee18819665861f01a2823a7cfa8e9260a5fe3921638db2dc5156149f86916810f913a944e1c8cd7fccb63f37900c5b287016e512b050ca214125b2217260c9ce3019e88b80985402ff7ca34be17e0dbda4f028cec9973a2b9eed83eee86f35f2c0adf50a04296e99c0f709fb3990aa5d0e74a1", 0xaa}], 0x5, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @loopback}}}], 0x20}, 0x0)

0s ago: executing program 8 (id=3189):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
setsockopt$RDS_CANCEL_SENT_TO(r2, 0x114, 0x1, 0x0, 0x2d)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0xffffc000)
mbind(&(0x7f00001e7000/0x2000)=nil, 0x2000, 0x8003, &(0x7f0000000000)=0x9, 0x3, 0x2)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00')
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
read$FUSE(r3, &(0x7f00000007c0)={0x2020}, 0x2020)

kernel console output (not intermixed with test programs):

0000000246 R12: 0000000000000001
[  362.747924][T14408] R13: 0000000000000000 R14: 00007fbb401b5fa0 R15: 00007ffcd1bcd568
[  362.747938][T14408]  </TASK>
[  362.747942][T14408] ERROR: Out of memory at tomoyo_realpath_from_path.
[  362.802992][   T40] audit: type=1400 audit(1749169215.547:587): avc:  denied  { setopt } for  pid=14391 comm="syz.6.2695" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  362.864362][T14262] veth0_vlan: entered promiscuous mode
[  362.873148][T14262] veth1_vlan: entered promiscuous mode
[  362.889826][T14262] veth0_macvtap: entered promiscuous mode
[  362.894042][T14262] veth1_macvtap: entered promiscuous mode
[  362.912463][T14262] batman_adv: batadv0: Interface activated: batadv_slave_0
[  362.920430][T14262] batman_adv: batadv0: Interface activated: batadv_slave_1
[  362.925075][T14262] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  362.927724][T14262] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  362.930620][T14262] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  362.933529][T14262] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  362.970252][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  362.973140][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  362.987739][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  362.997648][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  363.100596][   T40] audit: type=1400 audit(1749169215.857:588): avc:  denied  { map } for  pid=14424 comm="syz.6.2699" path="socket:[67692]" dev="sockfs" ino=67692 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  363.137991][T14430] lo: entered allmulticast mode
[  363.143116][T14429] lo: left allmulticast mode
[  363.219486][   T24] usb 10-1: new full-speed USB device number 58 using dummy_hcd
[  363.320675][   T40] audit: type=1400 audit(1749169216.077:589): avc:  denied  { write } for  pid=14436 comm="syz.6.2702" path="socket:[67720]" dev="sockfs" ino=67720 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  363.381638][   T24] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  363.385347][   T24] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  363.388693][   T24] usb 10-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  363.392696][   T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  363.397457][   T24] usb 10-1: config 0 descriptor??
[  363.804762][   T24] usbhid 10-1:0.0: can't add hid device: -71
[  363.806717][   T24] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  363.810271][   T24] usb 10-1: USB disconnect, device number 58
[  364.180093][ T6111] usb 12-1: USB disconnect, device number 2
[  364.347413][T14456] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  364.568890][T14474] SELinux:  Context system_u:object_r:semanage_exec_t:s0 is not valid (left unmapped).
[  364.575074][   T40] audit: type=1400 audit(1749169217.327:590): avc:  denied  { relabelto } for  pid=14473 comm="syz.7.2713" name="cgroup.procs" dev="cgroup" ino=468 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:semanage_exec_t:s0"
[  364.579532][ T6029] usb 10-1: new high-speed USB device number 59 using dummy_hcd
[  364.585266][T14474] binder: 14473:14474 ioctl c00c620f 200000000540 returned -22
[  364.588817][   T40] audit: type=1400 audit(1749169217.327:591): avc:  denied  { associate } for  pid=14473 comm="syz.7.2713" name="cgroup.procs" dev="cgroup" ino=468 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 srawcon="system_u:object_r:semanage_exec_t:s0"
[  364.624654][T14478] FAULT_INJECTION: forcing a failure.
[  364.624654][T14478] name failslab, interval 1, probability 0, space 0, times 0
[  364.624727][T14478] CPU: 2 UID: 0 PID: 14478 Comm: syz.7.2715 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  364.624746][T14478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  364.624752][T14478] Call Trace:
[  364.624759][T14478]  <TASK>
[  364.624765][T14478]  dump_stack_lvl+0x16c/0x1f0
[  364.624790][T14478]  should_fail_ex+0x512/0x640
[  364.624816][T14478]  should_failslab+0xc2/0x120
[  364.624832][T14478]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  364.624849][T14478]  ? security_netlbl_sid_to_secattr+0x1d8/0x4d0
[  364.624863][T14478]  kstrdup+0x53/0x100
[  364.624877][T14478]  security_netlbl_sid_to_secattr+0x1d8/0x4d0
[  364.624890][T14478]  selinux_netlbl_sock_genattr+0x129/0x4f0
[  364.624905][T14478]  selinux_netlbl_socket_post_create+0xb0/0x1b0
[  364.624920][T14478]  selinux_socket_post_create+0x2f9/0x7d0
[  364.624940][T14478]  ? __pfx_selinux_socket_post_create+0x10/0x10
[  364.624962][T14478]  ? tcp_v4_init_sock+0x15/0x80
[  364.624976][T14478]  ? __pfx_tcp_v4_init_sock+0x10/0x10
[  364.624990][T14478]  ? inet_create+0x973/0x1090
[  364.625006][T14478]  security_socket_post_create+0x247/0x260
[  364.625021][T14478]  __sock_create+0x738/0x8d0
[  364.625034][T14478]  mptcp_subflow_create_socket+0xf5/0xed0
[  364.625055][T14478]  ? avc_has_perm_noaudit+0x117/0x3b0
[  364.625074][T14478]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[  364.625106][T14478]  __mptcp_nmpc_sk+0x182/0x7d0
[  364.625123][T14478]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[  364.625139][T14478]  ? __lock_acquire+0xb8a/0x1c90
[  364.625168][T14478]  mptcp_connect+0x7f/0xfe0
[  364.625188][T14478]  __inet_stream_connect+0x3c8/0x1020
[  364.625211][T14478]  ? __pfx___inet_stream_connect+0x10/0x10
[  364.625229][T14478]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  364.625249][T14478]  ? __pfx_inet_stream_connect+0x10/0x10
[  364.625268][T14478]  ? __local_bh_enable_ip+0xa4/0x120
[  364.625290][T14478]  ? __pfx_inet_stream_connect+0x10/0x10
[  364.625307][T14478]  inet_stream_connect+0x57/0xa0
[  364.625325][T14478]  __sys_connect_file+0x141/0x1a0
[  364.625338][T14478]  __sys_connect+0x13b/0x160
[  364.625349][T14478]  ? __pfx___sys_connect+0x10/0x10
[  364.625365][T14478]  ? __pfx_ksys_write+0x10/0x10
[  364.625382][T14478]  __x64_sys_connect+0x72/0xb0
[  364.625393][T14478]  ? lockdep_hardirqs_on+0x7c/0x110
[  364.625406][T14478]  do_syscall_64+0xcd/0x4c0
[  364.625421][T14478]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  364.625432][T14478] RIP: 0033:0x7f6294b8e929
[  364.625441][T14478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  364.625450][T14478] RSP: 002b:00007f6295ac0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  364.625461][T14478] RAX: ffffffffffffffda RBX: 00007f6294db5fa0 RCX: 00007f6294b8e929
[  364.625468][T14478] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000005
[  364.625474][T14478] RBP: 00007f6295ac0090 R08: 0000000000000000 R09: 0000000000000000
[  364.625490][T14478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  364.625499][T14478] R13: 0000000000000000 R14: 00007f6294db5fa0 R15: 00007ffdcb9b9ac8
[  364.625513][T14478]  </TASK>
[  364.751907][ T6029] usb 10-1: Using ep0 maxpacket: 32
[  364.759411][ T6029] usb 10-1: config index 0 descriptor too short (expected 29220, got 36)
[  364.759425][ T6029] usb 10-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  364.759436][ T6029] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 81
[  364.759711][ T6029] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  364.759723][ T6029] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  364.759735][ T6029] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  364.759754][ T6029] usb 10-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  364.759766][ T6029] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  364.762827][ T6029] usb 10-1: config 0 descriptor??
[  364.783698][   T40] audit: type=1400 audit(1749169217.527:592): avc:  denied  { name_connect } for  pid=14489 comm="syz.7.2719" dest=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[  364.926162][T14502] binder: 14501:14502 ioctl 4018620d 0 returned -22
[  364.968751][ T6029] usblp 10-1:0.0: usblp0: USB Bidirectional printer dev 59 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  364.977159][ T6029] usb 10-1: USB disconnect, device number 59
[  364.980901][ T6029] usblp0: removed
[  365.052627][ T1145] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  365.419647][ T6029] usb 10-1: new high-speed USB device number 60 using dummy_hcd
[  365.580380][ T6029] usb 10-1: Using ep0 maxpacket: 32
[  365.583934][ T6029] usb 10-1: config index 0 descriptor too short (expected 29220, got 36)
[  365.587599][ T6029] usb 10-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  365.591837][ T6029] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 81
[  365.595009][ T6029] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  365.598088][ T6029] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  365.601565][ T6029] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  365.605582][ T6029] usb 10-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  365.608444][ T6029] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  365.613750][ T6029] usb 10-1: config 0 descriptor??
[  366.169693][ T6029] usblp 10-1:0.0: usblp0: USB Bidirectional printer dev 60 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  366.571228][ T6111] usb 10-1: USB disconnect, device number 60
[  366.575019][ T6111] usblp0: removed
[  366.582527][ T1145] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  366.657700][ T1145] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  366.746807][ T1145] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  366.747304][ T5948] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  366.755498][ T5948] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  366.758230][ T5948] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  366.763392][ T5948] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  366.766391][ T5948] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  366.811990][T14523] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2730'.
[  366.875609][T14529] netlink: 216 bytes leftover after parsing attributes in process `syz.7.2732'.
[  366.945064][T14516] chnl_net:caif_netlink_parms(): no params data found
[  367.012930][ T1145] bridge_slave_1: left allmulticast mode
[  367.014651][ T1145] bridge_slave_1: left promiscuous mode
[  367.016423][ T1145] bridge0: port 2(bridge_slave_1) entered disabled state
[  367.017728][T14539] xt_CT: You must specify a L4 protocol and not use inversions on it
[  367.023551][ T1145] bridge_slave_0: left allmulticast mode
[  367.025580][ T1145] bridge_slave_0: left promiscuous mode
[  367.028893][ T1145] bridge0: port 1(bridge_slave_0) entered disabled state
[  367.128326][T14547] FAULT_INJECTION: forcing a failure.
[  367.128326][T14547] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  367.134651][T14547] CPU: 2 UID: 0 PID: 14547 Comm: syz.5.2739 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  367.134670][T14547] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  367.134676][T14547] Call Trace:
[  367.134681][T14547]  <TASK>
[  367.134685][T14547]  dump_stack_lvl+0x16c/0x1f0
[  367.134703][T14547]  should_fail_ex+0x512/0x640
[  367.134720][T14547]  _copy_from_user+0x2e/0xd0
[  367.134736][T14547]  do_sock_getsockopt+0x5f4/0x800
[  367.134754][T14547]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  367.134769][T14547]  ? __fget_files+0x204/0x3c0
[  367.134790][T14547]  __sys_getsockopt+0x12f/0x260
[  367.134805][T14547]  __x64_sys_getsockopt+0xbd/0x160
[  367.134817][T14547]  ? do_syscall_64+0x91/0x4c0
[  367.134830][T14547]  ? lockdep_hardirqs_on+0x7c/0x110
[  367.134844][T14547]  do_syscall_64+0xcd/0x4c0
[  367.134858][T14547]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  367.134869][T14547] RIP: 0033:0x7fbb3ff8e929
[  367.134878][T14547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  367.134888][T14547] RSP: 002b:00007fbb40d30038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  367.134898][T14547] RAX: ffffffffffffffda RBX: 00007fbb401b5fa0 RCX: 00007fbb3ff8e929
[  367.134905][T14547] RDX: 0000000000000080 RSI: 0000000000000084 RDI: 0000000000000004
[  367.134911][T14547] RBP: 00007fbb40d30090 R08: 0000200000001080 R09: 0000000000000000
[  367.134917][T14547] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  367.134923][T14547] R13: 0000000000000000 R14: 00007fbb401b5fa0 R15: 00007ffcd1bcd568
[  367.134936][T14547]  </TASK>
[  367.483587][ T1145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  367.488256][ T1145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  367.492831][ T1145] bond0 (unregistering): Released all slaves
[  367.573167][T14516] bridge0: port 1(bridge_slave_0) entered blocking state
[  367.575481][T14516] bridge0: port 1(bridge_slave_0) entered disabled state
[  367.577957][T14516] bridge_slave_0: entered allmulticast mode
[  367.582268][T14516] bridge_slave_0: entered promiscuous mode
[  367.586525][T14516] bridge0: port 2(bridge_slave_1) entered blocking state
[  367.589816][T14516] bridge0: port 2(bridge_slave_1) entered disabled state
[  367.592906][T14516] bridge_slave_1: entered allmulticast mode
[  367.596805][T14516] bridge_slave_1: entered promiscuous mode
[  367.667144][T14516] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  367.674839][T14516] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  367.737315][T14516] team0: Port device team_slave_0 added
[  367.747540][T14516] team0: Port device team_slave_1 added
[  367.806033][T14576] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.2748'.
[  367.846033][T14572] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.2748'.
[  367.858039][T14516] batman_adv: batadv0: Adding interface: batadv_slave_0
[  367.863410][T14516] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  367.874277][T14516] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  367.892208][ T1145] hsr_slave_0: left promiscuous mode
[  367.895197][ T1145] hsr_slave_1: left promiscuous mode
[  367.897405][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  367.899785][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_0
[  367.903016][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  367.905524][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_1
[  367.934819][ T1145] veth1_macvtap: left promiscuous mode
[  367.936598][ T1145] veth0_macvtap: left promiscuous mode
[  367.938271][ T1145] veth1_vlan: left promiscuous mode
[  367.940208][ T1145] veth0_vlan: left promiscuous mode
[  368.616996][ T1145] team0 (unregistering): Port device team_slave_1 removed
[  368.687237][ T1145] team0 (unregistering): Port device team_slave_0 removed
[  368.819942][ T5952] Bluetooth: hci1: command tx timeout
[  369.258702][T14516] batman_adv: batadv0: Adding interface: batadv_slave_1
[  369.262912][T14516] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  369.271096][T14516] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  369.337050][T14516] hsr_slave_0: entered promiscuous mode
[  369.341016][T14516] hsr_slave_1: entered promiscuous mode
[  369.343272][T14516] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  369.345697][T14516] Cannot create hsr debugfs directory
[  369.513518][T14610] FAULT_INJECTION: forcing a failure.
[  369.513518][T14610] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  369.518015][T14610] CPU: 3 UID: 0 PID: 14610 Comm: syz.5.2755 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  369.518032][T14610] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  369.518038][T14610] Call Trace:
[  369.518043][T14610]  <TASK>
[  369.518047][T14610]  dump_stack_lvl+0x16c/0x1f0
[  369.518065][T14610]  should_fail_ex+0x512/0x640
[  369.518081][T14610]  should_fail_alloc_page+0xe7/0x130
[  369.518098][T14610]  prepare_alloc_pages+0x3c2/0x610
[  369.518113][T14610]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  369.518127][T14610]  ? kasan_save_stack+0x33/0x60
[  369.518140][T14610]  ? kasan_save_track+0x14/0x30
[  369.518152][T14610]  ? __kasan_slab_alloc+0x89/0x90
[  369.518165][T14610]  ? kmem_cache_alloc_noprof+0x1cb/0x3b0
[  369.518179][T14610]  ? __pmd_alloc+0xbf/0x930
[  369.518188][T14610]  ? __handle_mm_fault+0xaac/0x5490
[  369.518199][T14610]  ? handle_mm_fault+0x589/0xd10
[  369.518209][T14610]  ? __get_user_pages+0x589/0x3b80
[  369.518222][T14610]  ? populate_vma_page_range+0x278/0x3a0
[  369.518232][T14610]  ? __mm_populate+0x1d8/0x380
[  369.518241][T14610]  ? __do_sys_mlockall+0x516/0x5d0
[  369.518253][T14610]  ? do_syscall_64+0xcd/0x4c0
[  369.518266][T14610]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  369.518279][T14610]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  369.518300][T14610]  ? __lock_acquire+0xb8a/0x1c90
[  369.518317][T14610]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  369.518331][T14610]  ? policy_nodemask+0xea/0x4e0
[  369.518348][T14610]  alloc_pages_mpol+0x1fb/0x550
[  369.518363][T14610]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  369.518379][T14610]  ? __thp_vma_allowable_orders+0x1c5/0xb10
[  369.518392][T14610]  alloc_pages_noprof+0x131/0x390
[  369.518407][T14610]  pte_alloc_one+0x1c/0x3a0
[  369.518418][T14610]  __handle_mm_fault+0x3a68/0x5490
[  369.518434][T14610]  ? __pfx___handle_mm_fault+0x10/0x10
[  369.518457][T14610]  handle_mm_fault+0x589/0xd10
[  369.518472][T14610]  __get_user_pages+0x589/0x3b80
[  369.518486][T14610]  ? __pfx_mt_find+0x10/0x10
[  369.518505][T14610]  ? __pfx___get_user_pages+0x10/0x10
[  369.518520][T14610]  populate_vma_page_range+0x278/0x3a0
[  369.518532][T14610]  ? __pfx_populate_vma_page_range+0x10/0x10
[  369.518543][T14610]  ? __pfx_find_vma_intersection+0x10/0x10
[  369.518554][T14610]  ? __pfx_apply_mlockall_flags+0x10/0x10
[  369.518569][T14610]  __mm_populate+0x1d8/0x380
[  369.518595][T14610]  ? __pfx___mm_populate+0x10/0x10
[  369.518607][T14610]  ? up_write+0x1b2/0x520
[  369.518619][T14610]  __do_sys_mlockall+0x516/0x5d0
[  369.518634][T14610]  do_syscall_64+0xcd/0x4c0
[  369.518648][T14610]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  369.518658][T14610] RIP: 0033:0x7fbb3ff8e929
[  369.518668][T14610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  369.518678][T14610] RSP: 002b:00007fbb40d30038 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  369.518688][T14610] RAX: ffffffffffffffda RBX: 00007fbb401b5fa0 RCX: 00007fbb3ff8e929
[  369.518695][T14610] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  369.518700][T14610] RBP: 00007fbb40d30090 R08: 0000000000000000 R09: 0000000000000000
[  369.518706][T14610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  369.518712][T14610] R13: 0000000000000000 R14: 00007fbb401b5fa0 R15: 00007ffcd1bcd568
[  369.518725][T14610]  </TASK>
[  369.944077][   T40] audit: type=1400 audit(1749169222.697:593): avc:  denied  { setopt } for  pid=14638 comm="syz.5.2761" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  370.011526][T14649] netlink: 244 bytes leftover after parsing attributes in process `syz.7.2764'.
[  370.054183][T14655] JFS: charset not found
[  370.083596][T14516] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  370.092752][T14516] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  370.099084][T14516] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  370.105850][T14516] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  370.122668][   T40] audit: type=1400 audit(1749169222.877:594): avc:  denied  { ioctl } for  pid=14654 comm="syz.7.2766" path="/dev/input/mice" dev="devtmpfs" ino=940 ioctlcmd=0x89f2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  370.182537][T14516] 8021q: adding VLAN 0 to HW filter on device bond0
[  370.197653][T14516] 8021q: adding VLAN 0 to HW filter on device team0
[  370.216738][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  370.219111][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  370.224918][T14670] syzkaller1: entered promiscuous mode
[  370.226926][T14670] syzkaller1: entered allmulticast mode
[  370.252370][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  370.255425][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  370.280354][ T6028] usb 10-1: new high-speed USB device number 61 using dummy_hcd
[  370.408171][T14516] 8021q: adding VLAN 0 to HW filter on device batadv0
[  370.449530][ T6028] usb 10-1: Using ep0 maxpacket: 8
[  370.459672][   T40] audit: type=1400 audit(1749169223.217:595): avc:  denied  { open } for  pid=14693 comm="syz.7.2772" path="/dev/ptyr2" dev="devtmpfs" ino=145 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  370.464867][ T6028] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  370.479035][ T6028] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  370.484187][ T6028] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  370.491359][ T6028] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  370.494836][ T6028] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  370.500693][T14695] netlink: 'syz.6.2771': attribute type 1 has an invalid length.
[  370.502243][ T6028] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  370.503947][T14695] netlink: 224 bytes leftover after parsing attributes in process `syz.6.2771'.
[  370.507096][ T6028] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  370.507124][ T6028] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  370.521343][ T6028] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  370.525870][ T6028] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  370.532558][ T6028] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  370.535744][ T6028] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  370.539632][ T6028] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  370.544094][ T6028] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  370.547478][ T6028] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  370.557715][ T6028] usb 10-1: string descriptor 0 read error: -22
[  370.560139][ T6028] usb 10-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  370.563632][ T6028] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  370.583521][ T6028] adutux 10-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  370.606813][T14516] veth0_vlan: entered promiscuous mode
[  370.618568][T14516] veth1_vlan: entered promiscuous mode
[  370.647271][T14516] veth0_macvtap: entered promiscuous mode
[  370.653669][T14516] veth1_macvtap: entered promiscuous mode
[  370.668405][T14516] batman_adv: batadv0: Interface activated: batadv_slave_0
[  370.685204][T14516] batman_adv: batadv0: Interface activated: batadv_slave_1
[  370.694338][T14516] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  370.698009][T14516] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  370.701897][T14516] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  370.704604][T14516] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  370.757412][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  370.760614][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  370.769272][   T40] audit: type=1804 audit(1749169223.517:596): pid=14716 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.6.2776" name="/newroot/205/file1" dev="fuse" ino=1 res=1 errno=0
[  370.782295][ T1157] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  370.782378][   T40] audit: type=1800 audit(1749169223.517:597): pid=14716 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.2776" name="/" dev="fuse" ino=1 res=0 errno=0
[  370.784807][ T1157] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  370.795833][   T40] audit: type=1800 audit(1749169223.517:598): pid=14716 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.2776" name="/" dev="fuse" ino=1 res=0 errno=0
[  370.805004][ T6028] usb 10-1: USB disconnect, device number 61
[  370.899510][ T5948] Bluetooth: hci1: command tx timeout
[  370.979425][T14726] binder: 14725:14726 ioctl c0306201 200000000640 returned -22
[  371.151053][   T40] audit: type=1326 audit(1749169223.907:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14731 comm="syz.7.2782" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6294b8e929 code=0x7ffc0000
[  371.160470][   T40] audit: type=1326 audit(1749169223.907:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14731 comm="syz.7.2782" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6294b8e929 code=0x7ffc0000
[  371.167976][   T40] audit: type=1326 audit(1749169223.907:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14731 comm="syz.7.2782" exe="/syz-executor" sig=0 arch=c000003e syscall=138 compat=0 ip=0x7f6294b8e929 code=0x7ffc0000
[  371.176267][   T40] audit: type=1326 audit(1749169223.907:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14731 comm="syz.7.2782" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6294b8e929 code=0x7ffc0000
[  371.807504][T14767] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  371.875008][T14776] netlink: 'syz.6.2793': attribute type 39 has an invalid length.
[  372.015871][ T5303] Bluetooth: hci4: unexpected event for opcode 0x0407
[  372.059161][ T5303] Bluetooth: hci2: Malformed HCI Event
[  372.686367][T14792] xt_hashlimit: size too large, truncated to 1048576
[  372.874756][T14800] syzkaller1: entered promiscuous mode
[  372.876710][T14800] syzkaller1: entered allmulticast mode
[  372.901312][T14804] vlan2: entered allmulticast mode
[  372.902979][T14804] bond0: entered allmulticast mode
[  372.904639][T14804] bond_slave_0: entered allmulticast mode
[  372.906406][T14804] bond_slave_1: entered allmulticast mode
[  372.908187][T14804] mac80211_hwsim hwsim13 wlan1: entered allmulticast mode
[  372.989490][ T5303] Bluetooth: hci0: command 0x0405 tx timeout
[  373.480248][  T840] usb 12-1: new high-speed USB device number 3 using dummy_hcd
[  373.639554][  T840] usb 12-1: Using ep0 maxpacket: 32
[  373.642565][  T840] usb 12-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  373.647541][  T840] usb 12-1: New USB device found, idVendor=08ca, idProduct=2060, bcdDevice=c6.58
[  373.650659][  T840] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  373.653143][  T840] usb 12-1: Product: syz
[  373.654585][  T840] usb 12-1: Manufacturer: syz
[  373.656069][  T840] usb 12-1: SerialNumber: syz
[  373.658957][  T840] usb 12-1: config 0 descriptor??
[  373.662870][  T840] gspca_main: sunplus-2.14.0 probing 08ca:2060
[  373.971649][T14817] FAULT_INJECTION: forcing a failure.
[  373.971649][T14817] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  373.977202][T14817] CPU: 0 UID: 0 PID: 14817 Comm: syz.6.2808 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  373.977226][T14817] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  373.977236][T14817] Call Trace:
[  373.977243][T14817]  <TASK>
[  373.977251][T14817]  dump_stack_lvl+0x16c/0x1f0
[  373.977298][T14817]  should_fail_ex+0x512/0x640
[  373.977331][T14817]  should_fail_alloc_page+0xe7/0x130
[  373.977359][T14817]  prepare_alloc_pages+0x3c2/0x610
[  373.977381][T14817]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  373.977407][T14817]  ? ip_skb_dst_mtu+0x423/0xe90
[  373.977427][T14817]  ? __pfx_ip_finish_output2+0x10/0x10
[  373.977443][T14817]  ? ip_skb_dst_mtu+0x496/0xe90
[  373.977458][T14817]  ? __pfx_ip_skb_dst_mtu+0x10/0x10
[  373.977474][T14817]  ? __pfx_nf_hook+0x10/0x10
[  373.977491][T14817]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  373.977516][T14817]  ? __ip_finish_output+0x116/0x950
[  373.977540][T14817]  ? ip_output+0x142/0x2a0
[  373.977554][T14817]  ? __pfx_ip_output+0x10/0x10
[  373.977571][T14817]  ? ip_send_skb+0x177/0x560
[  373.977586][T14817]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  373.977609][T14817]  ? policy_nodemask+0xea/0x4e0
[  373.977642][T14817]  alloc_pages_mpol+0x1fb/0x550
[  373.977666][T14817]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  373.977691][T14817]  ? udp_sendmsg+0x3c8/0x29f0
[  373.977713][T14817]  folio_alloc_mpol_noprof+0x36/0x2f0
[  373.977735][T14817]  vma_alloc_folio_noprof+0xed/0x1e0
[  373.977753][T14817]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  373.977771][T14817]  ? rcu_read_unlock+0x2d/0xb0
[  373.977799][T14817]  do_wp_page+0x1136/0x4f20
[  373.977827][T14817]  ? __pfx_do_wp_page+0x10/0x10
[  373.977845][T14817]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  373.977872][T14817]  __handle_mm_fault+0x2223/0x5490
[  373.977900][T14817]  ? __pfx___handle_mm_fault+0x10/0x10
[  373.977919][T14817]  ? __pfx_mt_find+0x10/0x10
[  373.977960][T14817]  ? find_vma+0xbf/0x140
[  373.977974][T14817]  ? __pfx_find_vma+0x10/0x10
[  373.977991][T14817]  handle_mm_fault+0x589/0xd10
[  373.978011][T14817]  ? __pkru_allows_pkey+0x21/0xb0
[  373.978037][T14817]  do_user_addr_fault+0x7a6/0x1370
[  373.978066][T14817]  ? rcu_is_watching+0x12/0xc0
[  373.978090][T14817]  exc_page_fault+0x5c/0xb0
[  373.978114][T14817]  asm_exc_page_fault+0x26/0x30
[  373.978130][T14817] RIP: 0010:__put_user_4+0xd/0x20
[  373.978153][T14817] Code: 66 89 01 31 c9 0f 01 ca e9 d0 5a 03 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90
[  373.978170][T14817] RSP: 0018:ffffc90003637cf0 EFLAGS: 00050202
[  373.978184][T14817] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000200000008038
[  373.978194][T14817] RDX: ffff88805cbcc880 RSI: ffffffff894e0f99 RDI: ffffffff8c157020
[  373.978204][T14817] RBP: 0000000000000001 R08: 255fd69911439148 R09: 0000000000000000
[  373.978214][T14817] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000040000
[  373.978223][T14817] R13: 0000200000008000 R14: 00000000000003ff R15: 0000000000000400
[  373.978241][T14817]  ? __sys_sendmmsg+0x229/0x420
[  373.978266][T14817]  __sys_sendmmsg+0x234/0x420
[  373.978291][T14817]  ? __pfx___sys_sendmmsg+0x10/0x10
[  373.978321][T14817]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  373.978356][T14817]  ? fput+0x70/0xf0
[  373.978373][T14817]  ? ksys_write+0x1ac/0x250
[  373.978394][T14817]  ? __pfx_ksys_write+0x10/0x10
[  373.978422][T14817]  __x64_sys_sendmmsg+0x9c/0x100
[  373.978444][T14817]  ? lockdep_hardirqs_on+0x7c/0x110
[  373.978466][T14817]  do_syscall_64+0xcd/0x4c0
[  373.978490][T14817]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.978507][T14817] RIP: 0033:0x7fea8998e929
[  373.978522][T14817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  373.978538][T14817] RSP: 002b:00007fea8a7f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  373.978552][T14817] RAX: ffffffffffffffda RBX: 00007fea89bb5fa0 RCX: 00007fea8998e929
[  373.978562][T14817] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000005
[  373.978572][T14817] RBP: 00007fea8a7f5090 R08: 0000000000000000 R09: 0000000000000000
[  373.978581][T14817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  373.978590][T14817] R13: 0000000000000000 R14: 00007fea89bb5fa0 R15: 00007ffe439af3c8
[  373.978613][T14817]  </TASK>
[  374.136779][T14821] FAULT_INJECTION: forcing a failure.
[  374.136779][T14821] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  374.141637][T14821] CPU: 2 UID: 0 PID: 14821 Comm: syz.5.2809 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  374.141653][T14821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  374.141660][T14821] Call Trace:
[  374.141664][T14821]  <TASK>
[  374.141668][T14821]  dump_stack_lvl+0x16c/0x1f0
[  374.141685][T14821]  should_fail_ex+0x512/0x640
[  374.141702][T14821]  should_fail_alloc_page+0xe7/0x130
[  374.141719][T14821]  prepare_alloc_pages+0x3c2/0x610
[  374.141748][T14821]  ? rcu_is_watching+0x12/0xc0
[  374.141764][T14821]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  374.141780][T14821]  ? __lock_acquire+0x622/0x1c90
[  374.141799][T14821]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  374.141813][T14821]  ? __lock_acquire+0x622/0x1c90
[  374.141833][T14821]  ? __lock_acquire+0x622/0x1c90
[  374.141849][T14821]  ? __lock_acquire+0x622/0x1c90
[  374.141864][T14821]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  374.141877][T14821]  ? policy_nodemask+0xea/0x4e0
[  374.141893][T14821]  alloc_pages_mpol+0x1fb/0x550
[  374.141909][T14821]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  374.141928][T14821]  folio_alloc_mpol_noprof+0x36/0x2f0
[  374.141939][T14821]  vma_alloc_folio_noprof+0xed/0x1e0
[  374.141949][T14821]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  374.141958][T14821]  ? find_held_lock+0x2b/0x80
[  374.141971][T14821]  ? __handle_mm_fault+0x1092/0x5490
[  374.141986][T14821]  __handle_mm_fault+0x2f21/0x5490
[  374.142001][T14821]  ? __pfx___handle_mm_fault+0x10/0x10
[  374.142013][T14821]  ? __pte_offset_map_lock+0x174/0x310
[  374.142030][T14821]  ? find_held_lock+0x2b/0x80
[  374.142041][T14821]  ? find_held_lock+0x2b/0x80
[  374.142056][T14821]  ? follow_page_pte+0x3af/0x14c0
[  374.142070][T14821]  handle_mm_fault+0x589/0xd10
[  374.142085][T14821]  __get_user_pages+0x589/0x3b80
[  374.142100][T14821]  ? __pfx___get_user_pages+0x10/0x10
[  374.142110][T14821]  ? __pfx_down_read_killable+0x10/0x10
[  374.142131][T14821]  __gup_longterm_locked+0x20d/0x1850
[  374.142145][T14821]  ? try_get_folio+0x1d2/0x730
[  374.142160][T14821]  ? __pfx___gup_longterm_locked+0x10/0x10
[  374.142171][T14821]  ? try_get_folio+0x255/0x730
[  374.142186][T14821]  ? find_held_lock+0x2b/0x80
[  374.142198][T14821]  ? sanity_check_pinned_pages+0x3bf/0x1200
[  374.142211][T14821]  gup_fast_fallback+0x1ab3/0x29e0
[  374.142231][T14821]  ? __pfx_gup_fast_fallback+0x10/0x10
[  374.142249][T14821]  pin_user_pages_fast+0xa7/0xf0
[  374.142260][T14821]  ? __pfx_pin_user_pages_fast+0x10/0x10
[  374.142269][T14821]  ? __kmalloc_noprof+0x242/0x510
[  374.142287][T14821]  rds_info_getsockopt+0x39f/0x4f0
[  374.142304][T14821]  ? __pfx_rds_info_getsockopt+0x10/0x10
[  374.142319][T14821]  ? find_held_lock+0x2b/0x80
[  374.142331][T14821]  ? __might_fault+0x13b/0x190
[  374.142348][T14821]  rds_getsockopt+0x173/0x2d0
[  374.142359][T14821]  ? __pfx_rds_getsockopt+0x10/0x10
[  374.142371][T14821]  do_sock_getsockopt+0x3ff/0x800
[  374.142389][T14821]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  374.142404][T14821]  ? __fget_files+0x204/0x3c0
[  374.142424][T14821]  __sys_getsockopt+0x12f/0x260
[  374.142440][T14821]  __x64_sys_getsockopt+0xbd/0x160
[  374.142452][T14821]  ? do_syscall_64+0x91/0x4c0
[  374.142465][T14821]  ? lockdep_hardirqs_on+0x7c/0x110
[  374.142477][T14821]  do_syscall_64+0xcd/0x4c0
[  374.142491][T14821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  374.142502][T14821] RIP: 0033:0x7fbb3ff8e929
[  374.142511][T14821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  374.142520][T14821] RSP: 002b:00007fbb3ddf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  374.142530][T14821] RAX: ffffffffffffffda RBX: 00007fbb401b6160 RCX: 00007fbb3ff8e929
[  374.142537][T14821] RDX: 0000000000002713 RSI: 0000200000000114 RDI: 0000000000000008
[  374.142543][T14821] RBP: 00007fbb3ddf6090 R08: 00002000000000c0 R09: 0000000000000000
[  374.142549][T14821] R10: 0000200000000580 R11: 0000000000000246 R12: 0000000000000001
[  374.142555][T14821] R13: 0000000000000000 R14: 00007fbb401b6160 R15: 00007ffcd1bcd568
[  374.142568][T14821]  </TASK>
[  374.640675][  T840] gspca_sunplus: reg_r err -110
[  374.725534][T14827] netlink: 16402 bytes leftover after parsing attributes in process `syz.7.2806'.
[  374.729949][T14810] netlink: 16402 bytes leftover after parsing attributes in process `syz.7.2806'.
[  375.123142][T14834] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2813'.
[  375.151772][   T40] kauditd_printk_skb: 46 callbacks suppressed
[  375.151783][   T40] audit: type=1400 audit(1749169227.907:649): avc:  denied  { recv } for  pid=23 comm="ksoftirqd/2" saddr=127.0.0.1 src=30000 daddr=127.0.0.1 dest=50472 netif=lo scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  375.158284][T14836] Bluetooth: MGMT ver 1.23
[  375.163161][   T40] audit: type=1400 audit(1749169227.907:650): avc:  denied  { recv } for  pid=23 comm="ksoftirqd/2" saddr=127.0.0.1 src=50472 daddr=127.0.0.1 dest=30000 netif=lo scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  375.199475][ T1465] usb 10-1: new full-speed USB device number 62 using dummy_hcd
[  375.268987][   T40] audit: type=1400 audit(1749169228.017:651): avc:  denied  { listen } for  pid=14844 comm="syz.7.2817" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  375.276410][T14846] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2817'.
[  375.279230][T14846] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2817'.
[  375.282501][T14846] netlink: 'syz.7.2817': attribute type 1 has an invalid length.
[  375.371903][ T1465] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  375.375300][ T1465] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  375.378352][ T1465] usb 10-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  375.380779][T14855] tmpfs: Bad value for 'mpol'
[  375.381704][ T1465] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  375.382800][T14855] tmpfs: Bad value for 'mpol'
[  375.386291][ T1465] usb 10-1: config 0 descriptor??
[  375.386819][T14855] tmpfs: Bad value for 'mpol'
[  375.391143][T14855] tmpfs: Bad value for 'mpol'
[  375.392962][T14855] tmpfs: Bad value for 'mpol'
[  375.446501][T14861] loop6: detected capacity change from 0 to 524287999
[  375.472424][   T40] audit: type=1400 audit(1749169228.227:652): avc:  denied  { egress } for  pid=23 comm="ksoftirqd/2" saddr=fe80::1c daddr=ff02::2 netif=wpan1 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1
[  375.485158][   T40] audit: type=1400 audit(1749169228.227:653): avc:  denied  { sendto } for  pid=23 comm="ksoftirqd/2" saddr=fe80::1c daddr=ff02::2 netif=wpan1 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1
[  375.629827][  T840] sunplus 12-1:0.0: probe with driver sunplus failed with error -110
[  375.635700][  T840] usb 12-1: USB disconnect, device number 3
[  375.976228][T14882] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2831'.
[  375.979228][T14882] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2831'.
[  375.982250][T14882] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2831'.
[  375.992985][ T1465] usbhid 10-1:0.0: can't add hid device: -71
[  375.995453][ T1465] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  376.003135][ T1465] usb 10-1: USB disconnect, device number 62
[  376.160303][   T52] usb 12-1: new high-speed USB device number 4 using dummy_hcd
[  376.331113][   T52] usb 12-1: config index 0 descriptor too short (expected 46, got 36)
[  376.333588][   T52] usb 12-1: config 0 interface 0 altsetting 130 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  376.337080][   T52] usb 12-1: config 0 interface 0 altsetting 130 endpoint 0x81 has invalid wMaxPacketSize 0
[  376.340459][   T52] usb 12-1: config 0 interface 0 has no altsetting 0
[  376.342546][   T52] usb 12-1: New USB device found, idVendor=0403, idProduct=97c1, bcdDevice= 0.00
[  376.345498][   T52] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  376.349078][   T52] usb 12-1: config 0 descriptor??
[  376.353573][   T52] usbhid 12-1:0.0: can't add hid device: -22
[  376.355518][   T52] usbhid 12-1:0.0: probe with driver usbhid failed with error -22
[  376.532317][T14901] binder: 14900:14901 ioctl 4018620d 0 returned -22
[  376.625271][ T6011] usb 12-1: USB disconnect, device number 4
[  376.691832][T14909] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2840'.
[  377.158723][   T40] audit: type=1400 audit(1749169229.907:654): avc:  denied  { relabelfrom } for  pid=14925 comm="syz.7.2846" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  377.165753][   T40] audit: type=1400 audit(1749169229.907:655): avc:  denied  { relabelto } for  pid=14925 comm="syz.7.2846" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  377.280309][   T40] audit: type=1400 audit(1749169230.037:656): avc:  denied  { read write } for  pid=14927 comm="syz.6.2847" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  377.283555][T14928] 
[  377.289164][   T40] audit: type=1400 audit(1749169230.037:657): avc:  denied  { open } for  pid=14927 comm="syz.6.2847" path="/237/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  377.324493][T14931] FAULT_INJECTION: forcing a failure.
[  377.324493][T14931] name failslab, interval 1, probability 0, space 0, times 0
[  377.329070][T14931] CPU: 1 UID: 0 PID: 14931 Comm: syz.7.2848 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  377.329094][T14931] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  377.329103][T14931] Call Trace:
[  377.329110][T14931]  <TASK>
[  377.329117][T14931]  dump_stack_lvl+0x16c/0x1f0
[  377.329164][T14931]  should_fail_ex+0x512/0x640
[  377.329188][T14931]  should_failslab+0xc2/0x120
[  377.329204][T14931]  __kmalloc_cache_noprof+0x6a/0x3e0
[  377.329217][T14931]  ? selinux_netlbl_sk_security_free+0x12c/0x3e0
[  377.329232][T14931]  ? selinux_netlbl_sock_genattr+0xe8/0x4f0
[  377.329247][T14931]  selinux_netlbl_sock_genattr+0xe8/0x4f0
[  377.329261][T14931]  selinux_netlbl_socket_post_create+0xb0/0x1b0
[  377.329277][T14931]  security_mptcp_add_subflow+0x1e3/0x210
[  377.329291][T14931]  mptcp_subflow_create_socket+0x1b1/0xed0
[  377.329307][T14931]  ? avc_has_perm_noaudit+0x117/0x3b0
[  377.329333][T14931]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[  377.329355][T14931]  __mptcp_nmpc_sk+0x182/0x7d0
[  377.329366][T14931]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[  377.329377][T14931]  ? __lock_acquire+0xb8a/0x1c90
[  377.329396][T14931]  mptcp_connect+0x7f/0xfe0
[  377.329411][T14931]  __inet_stream_connect+0x3c8/0x1020
[  377.329427][T14931]  ? __pfx___inet_stream_connect+0x10/0x10
[  377.329440][T14931]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  377.329453][T14931]  ? __pfx_inet_stream_connect+0x10/0x10
[  377.329465][T14931]  ? __local_bh_enable_ip+0xa4/0x120
[  377.329480][T14931]  ? __pfx_inet_stream_connect+0x10/0x10
[  377.329491][T14931]  inet_stream_connect+0x57/0xa0
[  377.329504][T14931]  __sys_connect_file+0x141/0x1a0
[  377.329517][T14931]  __sys_connect+0x13b/0x160
[  377.329528][T14931]  ? __pfx___sys_connect+0x10/0x10
[  377.329545][T14931]  ? __pfx_ksys_write+0x10/0x10
[  377.329559][T14931]  ? fput+0x70/0xf0
[  377.329569][T14931]  __x64_sys_connect+0x72/0xb0
[  377.329579][T14931]  ? lockdep_hardirqs_on+0x7c/0x110
[  377.329592][T14931]  do_syscall_64+0xcd/0x4c0
[  377.329607][T14931]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.329618][T14931] RIP: 0033:0x7f6294b8e929
[  377.329627][T14931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  377.329637][T14931] RSP: 002b:00007f6295ac0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  377.329647][T14931] RAX: ffffffffffffffda RBX: 00007f6294db5fa0 RCX: 00007f6294b8e929
[  377.329658][T14931] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000005
[  377.329664][T14931] RBP: 00007f6295ac0090 R08: 0000000000000000 R09: 0000000000000000
[  377.329670][T14931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  377.329676][T14931] R13: 0000000000000000 R14: 00007f6294db5fa0 R15: 00007ffdcb9b9ac8
[  377.329690][T14931]  </TASK>
[  377.329903][  T840] usb 10-1: new full-speed USB device number 63 using dummy_hcd
[  377.600934][  T840] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  377.604473][  T840] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  377.607586][  T840] usb 10-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  377.610687][  T840] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.615063][  T840] usb 10-1: config 0 descriptor??
[  377.802719][T14953] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=13 sclass=netlink_route_socket pid=14953 comm=syz.7.2859
[  378.094933][T14965] FAULT_INJECTION: forcing a failure.
[  378.094933][T14965] name failslab, interval 1, probability 0, space 0, times 0
[  378.099103][T14965] CPU: 2 UID: 0 PID: 14965 Comm: syz.7.2864 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  378.099119][T14965] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  378.099126][T14965] Call Trace:
[  378.099131][T14965]  <TASK>
[  378.099135][T14965]  dump_stack_lvl+0x16c/0x1f0
[  378.099153][T14965]  should_fail_ex+0x512/0x640
[  378.099191][T14965]  ? __kmalloc_noprof+0xbf/0x510
[  378.099213][T14965]  ? iovec_from_user+0x108/0x140
[  378.099231][T14965]  should_failslab+0xc2/0x120
[  378.099246][T14965]  __kmalloc_noprof+0xd2/0x510
[  378.099259][T14965]  ? __lock_acquire+0x622/0x1c90
[  378.099277][T14965]  iovec_from_user+0x108/0x140
[  378.099294][T14965]  __import_iovec+0x88/0x650
[  378.099310][T14965]  ? find_held_lock+0x2b/0x80
[  378.099336][T14965]  import_iovec+0x109/0x140
[  378.099354][T14965]  vfs_writev+0x19b/0xde0
[  378.099374][T14965]  ? __pfx_vfs_writev+0x10/0x10
[  378.099397][T14965]  ? __fget_files+0x20e/0x3c0
[  378.099410][T14965]  ? __fget_files+0x130/0x3c0
[  378.099427][T14965]  ? do_writev+0x132/0x340
[  378.099438][T14965]  do_writev+0x132/0x340
[  378.099450][T14965]  ? __pfx_do_writev+0x10/0x10
[  378.099466][T14965]  do_syscall_64+0xcd/0x4c0
[  378.099481][T14965]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.099492][T14965] RIP: 0033:0x7f6294b8e929
[  378.099501][T14965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  378.099510][T14965] RSP: 002b:00007f6295ac0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  378.099521][T14965] RAX: ffffffffffffffda RBX: 00007f6294db5fa0 RCX: 00007f6294b8e929
[  378.099527][T14965] RDX: 000000000000000e RSI: 0000200000000c40 RDI: 0000000000000003
[  378.099533][T14965] RBP: 00007f6295ac0090 R08: 0000000000000000 R09: 0000000000000000
[  378.099539][T14965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  378.099545][T14965] R13: 0000000000000000 R14: 00007f6294db5fa0 R15: 00007ffdcb9b9ac8
[  378.099558][T14965]  </TASK>
[  378.223755][  T840] usbhid 10-1:0.0: can't add hid device: -71
[  378.225751][  T840] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  378.229776][  T840] usb 10-1: USB disconnect, device number 63
[  378.254653][ T5948] Bluetooth: hci0: unexpected event for opcode 0x0407
[  378.768574][   T40] audit: type=1400 audit(1749169231.517:658): avc:  denied  { mount } for  pid=14975 comm="syz.5.2868" name="/" dev="9p" ino=35913812 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  379.618068][T14998] netlink: 'syz.7.2875': attribute type 39 has an invalid length.
[  379.722753][ T1153] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  379.868028][ T1153] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  379.923204][ T1153] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  379.947670][ T5303] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  379.951786][ T5303] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  379.954662][ T5303] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  379.958324][ T5303] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  379.961983][ T5303] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  380.001600][ T1153] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.117706][T15001] chnl_net:caif_netlink_parms(): no params data found
[  380.345728][ T1153] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  380.348882][ T1153] bond_slave_0: left allmulticast mode
[  380.352097][ T1153] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  380.355070][ T1153] bond_slave_1: left allmulticast mode
[  380.358079][ T1153] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  380.361362][ T1153] mac80211_hwsim hwsim13 wlan1: left allmulticast mode
[  380.368003][ T1153] bond0 (unregistering): Released all slaves
[  380.417676][T15010] netlink: 'syz.7.2879': attribute type 3 has an invalid length.
[  380.420904][T15010] netlink: 'syz.7.2879': attribute type 1 has an invalid length.
[  380.423560][T15010] netlink: 193500 bytes leftover after parsing attributes in process `syz.7.2879'.
[  380.428028][T15001] bridge0: port 1(bridge_slave_0) entered blocking state
[  380.430526][T15001] bridge0: port 1(bridge_slave_0) entered disabled state
[  380.432860][T15001] bridge_slave_0: entered allmulticast mode
[  380.435510][T15001] bridge_slave_0: entered promiscuous mode
[  380.438843][T15001] bridge0: port 2(bridge_slave_1) entered blocking state
[  380.441295][T15001] bridge0: port 2(bridge_slave_1) entered disabled state
[  380.443869][T15001] bridge_slave_1: entered allmulticast mode
[  380.446474][T15001] bridge_slave_1: entered promiscuous mode
[  380.495715][T15001] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  380.501224][T15001] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  380.515272][   T40] kauditd_printk_skb: 3 callbacks suppressed
[  380.515283][   T40] audit: type=1400 audit(1749169233.267:662): avc:  denied  { ioctl } for  pid=15011 comm="syz.7.2880" path="socket:[71926]" dev="sockfs" ino=71926 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  380.552222][T15001] team0: Port device team_slave_0 added
[  380.568172][T15001] team0: Port device team_slave_1 added
[  380.619574][T15001] batman_adv: batadv0: Adding interface: batadv_slave_0
[  380.622273][T15001] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  380.631958][T15001] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  380.639661][T15001] batman_adv: batadv0: Adding interface: batadv_slave_1
[  380.642525][T15001] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  380.653521][T15001] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  380.673359][ T1153] hsr_slave_0: left promiscuous mode
[  380.675488][ T1153] hsr_slave_1: left promiscuous mode
[  380.677415][ T1153] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  380.681361][ T1153] batman_adv: batadv0: Removing interface: batadv_slave_0
[  380.685031][ T1153] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  380.687880][ T1153] batman_adv: batadv0: Removing interface: batadv_slave_1
[  380.710851][ T1153] veth1_macvtap: left promiscuous mode
[  380.713049][ T1153] veth0_macvtap: left promiscuous mode
[  380.715266][ T1153] veth1_vlan: left promiscuous mode
[  380.717372][ T1153] veth0_vlan: left promiscuous mode
[  381.389073][ T1153] team0 (unregistering): Port device team_slave_1 removed
[  381.473787][ T1153] team0 (unregistering): Port device team_slave_0 removed
[  381.680322][ T5633] usb 11-1: new high-speed USB device number 14 using dummy_hcd
[  381.834029][ T5633] usb 11-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  381.837043][ T5633] usb 11-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  381.840439][ T5633] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 66
[  381.843732][ T5633] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  381.847385][ T5633] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  381.852290][ T5633] usb 11-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  381.855251][ T5633] usb 11-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  381.857853][ T5633] usb 11-1: Product: syz
[  381.859482][ T5633] usb 11-1: Manufacturer: syz
[  381.864905][ T5633] cdc_wdm 11-1:1.0: skipping garbage
[  381.866629][ T5633] cdc_wdm 11-1:1.0: skipping garbage
[  381.873227][ T5633] cdc_wdm 11-1:1.0: cdc-wdm0: USB WDM device
[  381.875381][ T5633] cdc_wdm 11-1:1.0: Unknown control protocol
[  382.031324][ T5948] Bluetooth: hci3: command tx timeout
[  382.168775][T15001] hsr_slave_0: entered promiscuous mode
[  382.171792][T15001] hsr_slave_1: entered promiscuous mode
[  382.174008][T15001] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  382.176575][T15001] Cannot create hsr debugfs directory
[  382.226806][T15029] fuse: Unknown parameter 'rootmÿÿ000000000040000'
[  382.359068][T15035] xt_TCPMSS: Only works on TCP SYN packets
[  382.369753][T15035] netlink: 'syz.7.2884': attribute type 3 has an invalid length.
[  382.372361][T15035] netlink: 'syz.7.2884': attribute type 1 has an invalid length.
[  382.374770][T15035] netlink: 193500 bytes leftover after parsing attributes in process `syz.7.2884'.
[  382.388614][T15001] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  382.395643][T15001] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  382.402581][T15001] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  382.408639][T15001] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  382.496679][T15001] 8021q: adding VLAN 0 to HW filter on device bond0
[  382.515501][T15001] 8021q: adding VLAN 0 to HW filter on device team0
[  382.523719][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  382.526566][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  382.536734][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  382.539037][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  382.622136][   T40] audit: type=1400 audit(1749169235.377:663): avc:  denied  { connect } for  pid=15055 comm="syz.7.2886" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  382.685814][T15001] 8021q: adding VLAN 0 to HW filter on device batadv0
[  382.863278][T15001] veth0_vlan: entered promiscuous mode
[  382.874071][T15001] veth1_vlan: entered promiscuous mode
[  382.895737][T15001] veth0_macvtap: entered promiscuous mode
[  382.899740][T15001] veth1_macvtap: entered promiscuous mode
[  382.909308][T15001] batman_adv: batadv0: Interface activated: batadv_slave_0
[  382.916460][T15001] batman_adv: batadv0: Interface activated: batadv_slave_1
[  382.921526][T15001] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  382.924415][T15001] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  382.927205][T15001] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  382.930313][T15001] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  382.976304][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  382.982631][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  382.997376][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  383.003996][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  383.012314][   T40] audit: type=1400 audit(1749169235.767:664): avc:  denied  { mounton } for  pid=15001 comm="syz-executor" path="/syzkaller.vx5nET/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=73787 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  383.062586][T15089] netlink: 'syz.7.2890': attribute type 12 has an invalid length.
[  383.133094][T15098] syzkaller1: entered promiscuous mode
[  383.135024][T15098] syzkaller1: entered allmulticast mode
[  383.364424][   T40] audit: type=1400 audit(1749169236.117:665): avc:  denied  { listen } for  pid=15113 comm="syz.7.2893" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  383.623614][ T1426] ieee802154 phy1 wpan1: encryption failed: -22
[  383.982320][ T5948] Bluetooth: hci0: unexpected event for opcode 0x0407
[  384.099622][ T5948] Bluetooth: hci3: command tx timeout
[  384.432778][ T6028] usb 11-1: USB disconnect, device number 14
[  384.514199][T15146] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2898'.
[  384.521814][T15146] : entered promiscuous mode
[  384.839226][T15152] netlink: 'syz.7.2900': attribute type 2 has an invalid length.
[  384.880115][ T6028] usb 11-1: new high-speed USB device number 15 using dummy_hcd
[  385.022421][ T6028] usb 11-1: device descriptor read/64, error -71
[  385.269436][ T6028] usb 11-1: new high-speed USB device number 16 using dummy_hcd
[  385.399408][ T6028] usb 11-1: device descriptor read/64, error -71
[  385.409555][  T840] usb 12-1: new high-speed USB device number 5 using dummy_hcd
[  385.510804][ T6028] usb usb11-port1: attempt power cycle
[  385.569877][  T840] usb 12-1: Using ep0 maxpacket: 32
[  385.572372][  T840] usb 12-1: no configurations
[  385.573902][  T840] usb 12-1: can't read configurations, error -22
[  385.709556][  T840] usb 12-1: new high-speed USB device number 6 using dummy_hcd
[  385.849666][ T6028] usb 11-1: new high-speed USB device number 17 using dummy_hcd
[  385.870975][ T6028] usb 11-1: device descriptor read/8, error -71
[  385.889456][  T840] usb 12-1: Using ep0 maxpacket: 32
[  385.893181][  T840] usb 12-1: no configurations
[  385.895126][  T840] usb 12-1: can't read configurations, error -22
[  385.897987][  T840] usb usb12-port1: attempt power cycle
[  386.130029][ T6028] usb 11-1: new high-speed USB device number 18 using dummy_hcd
[  386.160264][ T6028] usb 11-1: device descriptor read/8, error -71
[  386.180248][ T5948] Bluetooth: hci3: command tx timeout
[  386.259420][  T840] usb 12-1: new high-speed USB device number 7 using dummy_hcd
[  386.271049][ T6028] usb usb11-port1: unable to enumerate USB device
[  386.291587][  T840] usb 12-1: Using ep0 maxpacket: 32
[  386.294322][  T840] usb 12-1: no configurations
[  386.296277][  T840] usb 12-1: can't read configurations, error -22
[  386.439592][  T840] usb 12-1: new high-speed USB device number 8 using dummy_hcd
[  386.470081][  T840] usb 12-1: Using ep0 maxpacket: 32
[  386.472993][  T840] usb 12-1: no configurations
[  386.475008][  T840] usb 12-1: can't read configurations, error -22
[  386.478024][  T840] usb usb12-port1: unable to enumerate USB device
[  387.650968][   T40] audit: type=1804 audit(1749169240.407:666): pid=15187 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.6.2910" name="/newroot/245/file1" dev="fuse" ino=1 res=1 errno=0
[  387.657997][   T40] audit: type=1800 audit(1749169240.407:667): pid=15187 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.2910" name="/" dev="fuse" ino=1 res=0 errno=0
[  387.664555][   T40] audit: type=1800 audit(1749169240.407:668): pid=15186 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.2910" name="/" dev="fuse" ino=1 res=0 errno=0
[  387.741220][   T40] audit: type=1804 audit(1749169240.497:669): pid=15193 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.6.2911" name="/newroot/246/file1" dev="fuse" ino=1 res=1 errno=0
[  387.747993][   T40] audit: type=1800 audit(1749169240.497:670): pid=15193 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.2911" name="/" dev="fuse" ino=1 res=0 errno=0
[  387.772070][   T40] audit: type=1400 audit(1749169240.527:671): avc:  denied  { bind } for  pid=15194 comm="syz.6.2913" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  387.852907][T15202] FAULT_INJECTION: forcing a failure.
[  387.852907][T15202] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  387.857067][T15202] CPU: 2 UID: 0 PID: 15202 Comm: syz.6.2914 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  387.857082][T15202] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  387.857089][T15202] Call Trace:
[  387.857093][T15202]  <TASK>
[  387.857098][T15202]  dump_stack_lvl+0x16c/0x1f0
[  387.857115][T15202]  should_fail_ex+0x512/0x640
[  387.857132][T15202]  should_fail_alloc_page+0xe7/0x130
[  387.857149][T15202]  prepare_alloc_pages+0x3c2/0x610
[  387.857160][T15202]  ? rcu_is_watching+0x12/0xc0
[  387.857175][T15202]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  387.857191][T15202]  ? __lock_acquire+0x622/0x1c90
[  387.857210][T15202]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  387.857223][T15202]  ? __lock_acquire+0x622/0x1c90
[  387.857243][T15202]  ? __lock_acquire+0x622/0x1c90
[  387.857259][T15202]  ? __lock_acquire+0x622/0x1c90
[  387.857274][T15202]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  387.857287][T15202]  ? policy_nodemask+0xea/0x4e0
[  387.857303][T15202]  alloc_pages_mpol+0x1fb/0x550
[  387.857318][T15202]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  387.857337][T15202]  folio_alloc_mpol_noprof+0x36/0x2f0
[  387.857349][T15202]  vma_alloc_folio_noprof+0xed/0x1e0
[  387.857359][T15202]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  387.857368][T15202]  ? find_held_lock+0x2b/0x80
[  387.857381][T15202]  ? __handle_mm_fault+0x1092/0x5490
[  387.857395][T15202]  __handle_mm_fault+0x2f21/0x5490
[  387.857411][T15202]  ? __pfx___handle_mm_fault+0x10/0x10
[  387.857423][T15202]  ? __pte_offset_map_lock+0x174/0x310
[  387.857439][T15202]  ? find_held_lock+0x2b/0x80
[  387.857450][T15202]  ? find_held_lock+0x2b/0x80
[  387.857465][T15202]  ? follow_page_pte+0x3af/0x14c0
[  387.857479][T15202]  handle_mm_fault+0x589/0xd10
[  387.857493][T15202]  __get_user_pages+0x589/0x3b80
[  387.857509][T15202]  ? __pfx___get_user_pages+0x10/0x10
[  387.857519][T15202]  ? __pfx_down_read_killable+0x10/0x10
[  387.857539][T15202]  __gup_longterm_locked+0x20d/0x1850
[  387.857557][T15202]  ? try_get_folio+0x1d2/0x730
[  387.857572][T15202]  ? __pfx___gup_longterm_locked+0x10/0x10
[  387.857584][T15202]  ? try_get_folio+0x255/0x730
[  387.857598][T15202]  ? find_held_lock+0x2b/0x80
[  387.857610][T15202]  ? sanity_check_pinned_pages+0x3bf/0x1200
[  387.857623][T15202]  gup_fast_fallback+0x1ab3/0x29e0
[  387.857643][T15202]  ? __pfx_gup_fast_fallback+0x10/0x10
[  387.857661][T15202]  pin_user_pages_fast+0xa7/0xf0
[  387.857671][T15202]  ? __pfx_pin_user_pages_fast+0x10/0x10
[  387.857681][T15202]  ? __kmalloc_noprof+0x242/0x510
[  387.857697][T15202]  rds_info_getsockopt+0x39f/0x4f0
[  387.857715][T15202]  ? __pfx_rds_info_getsockopt+0x10/0x10
[  387.857730][T15202]  ? find_held_lock+0x2b/0x80
[  387.857742][T15202]  ? __might_fault+0x13b/0x190
[  387.857771][T15202]  rds_getsockopt+0x173/0x2d0
[  387.857783][T15202]  ? __pfx_rds_getsockopt+0x10/0x10
[  387.857795][T15202]  do_sock_getsockopt+0x3ff/0x800
[  387.857813][T15202]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  387.857827][T15202]  ? __fget_files+0x204/0x3c0
[  387.857848][T15202]  __sys_getsockopt+0x12f/0x260
[  387.857864][T15202]  __x64_sys_getsockopt+0xbd/0x160
[  387.857876][T15202]  ? do_syscall_64+0x91/0x4c0
[  387.857889][T15202]  ? lockdep_hardirqs_on+0x7c/0x110
[  387.857902][T15202]  do_syscall_64+0xcd/0x4c0
[  387.857916][T15202]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.857927][T15202] RIP: 0033:0x7fea8998e929
[  387.857937][T15202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  387.857946][T15202] RSP: 002b:00007fea8a7d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  387.857957][T15202] RAX: ffffffffffffffda RBX: 00007fea89bb6080 RCX: 00007fea8998e929
[  387.857963][T15202] RDX: 0000000000002713 RSI: 0000200000000114 RDI: 0000000000000008
[  387.857970][T15202] RBP: 00007fea8a7d4090 R08: 00002000000000c0 R09: 0000000000000000
[  387.857976][T15202] R10: 0000200000000580 R11: 0000000000000246 R12: 0000000000000001
[  387.857982][T15202] R13: 0000000000000000 R14: 00007fea89bb6080 R15: 00007ffe439af3c8
[  387.857995][T15202]  </TASK>
[  387.881690][T15207] FAULT_INJECTION: forcing a failure.
[  387.881690][T15207] name failslab, interval 1, probability 0, space 0, times 0
[  387.989537][T15207] CPU: 1 UID: 0 PID: 15207 Comm: syz.8.2918 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  387.989566][T15207] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  387.989573][T15207] Call Trace:
[  387.989577][T15207]  <TASK>
[  387.989582][T15207]  dump_stack_lvl+0x16c/0x1f0
[  387.989601][T15207]  should_fail_ex+0x512/0x640
[  387.989618][T15207]  should_failslab+0xc2/0x120
[  387.989634][T15207]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  387.989650][T15207]  ? sidtab_do_lookup+0x1bd/0x9d0
[  387.989664][T15207]  ? security_netlbl_sid_to_secattr+0x1d8/0x4d0
[  387.989678][T15207]  kstrdup+0x53/0x100
[  387.989693][T15207]  security_netlbl_sid_to_secattr+0x1d8/0x4d0
[  387.989706][T15207]  selinux_netlbl_sock_genattr+0x129/0x4f0
[  387.989720][T15207]  selinux_netlbl_socket_post_create+0xb0/0x1b0
[  387.989736][T15207]  security_mptcp_add_subflow+0x1e3/0x210
[  387.989750][T15207]  mptcp_subflow_create_socket+0x1b1/0xed0
[  387.989767][T15207]  ? avc_has_perm_noaudit+0x117/0x3b0
[  387.989779][T15207]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[  387.989800][T15207]  __mptcp_nmpc_sk+0x182/0x7d0
[  387.989811][T15207]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[  387.989822][T15207]  ? __lock_acquire+0xb8a/0x1c90
[  387.989854][T15207]  mptcp_connect+0x7f/0xfe0
[  387.989867][T15207]  __inet_stream_connect+0x3c8/0x1020
[  387.989884][T15207]  ? __pfx___inet_stream_connect+0x10/0x10
[  387.989896][T15207]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  387.989909][T15207]  ? __pfx_inet_stream_connect+0x10/0x10
[  387.989921][T15207]  ? __local_bh_enable_ip+0xa4/0x120
[  387.989936][T15207]  ? __pfx_inet_stream_connect+0x10/0x10
[  387.989947][T15207]  inet_stream_connect+0x57/0xa0
[  387.989960][T15207]  __sys_connect_file+0x141/0x1a0
[  387.989974][T15207]  __sys_connect+0x13b/0x160
[  387.989985][T15207]  ? __pfx___sys_connect+0x10/0x10
[  387.990002][T15207]  ? __pfx_ksys_write+0x10/0x10
[  387.990015][T15207]  ? fput+0x70/0xf0
[  387.990026][T15207]  __x64_sys_connect+0x72/0xb0
[  387.990037][T15207]  ? lockdep_hardirqs_on+0x7c/0x110
[  387.990050][T15207]  do_syscall_64+0xcd/0x4c0
[  387.990065][T15207]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.990076][T15207] RIP: 0033:0x7f7e5518e929
[  387.990085][T15207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  387.990095][T15207] RSP: 002b:00007f7e55f9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  387.990106][T15207] RAX: ffffffffffffffda RBX: 00007f7e553b5fa0 RCX: 00007f7e5518e929
[  387.990112][T15207] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000005
[  387.990118][T15207] RBP: 00007f7e55f9e090 R08: 0000000000000000 R09: 0000000000000000
[  387.990124][T15207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  387.990130][T15207] R13: 0000000000000000 R14: 00007f7e553b5fa0 R15: 00007ffd57814c88
[  387.990144][T15207]  </TASK>
[  388.111840][T15214] ptm ptm1: ldisc open failed (-12), clearing slot 1
[  388.489523][T11931] usb 13-1: new high-speed USB device number 2 using dummy_hcd
[  388.535800][T15247] (syz.7.2929,15247,1):dlmfs_mkdir:421 ERROR: invalid domain name for directory.
[  388.539599][T15246] delete_channel: no stack
[  388.659456][T11931] usb 13-1: Using ep0 maxpacket: 32
[  388.662479][T11931] usb 13-1: config index 0 descriptor too short (expected 29220, got 36)
[  388.665268][T11931] usb 13-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  388.668286][T11931] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 81
[  388.671330][T11931] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  388.674216][T11931] usb 13-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  388.677457][T11931] usb 13-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  388.682214][T11931] usb 13-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  388.685972][T11931] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  388.690609][T11931] usb 13-1: config 0 descriptor??
[  388.801584][T15264] syz.7.2937: attempt to access beyond end of device
[  388.801584][T15264] nbd7: rw=0, sector=0, nr_sectors = 1 limit=0
[  388.805625][T15264] (syz.7.2937,15264,0):ocfs2_get_sector:1714 ERROR: status = -5
[  388.808050][T15264] (syz.7.2937,15264,0):ocfs2_sb_probe:753 ERROR: status = -5
[  388.810630][T15264] (syz.7.2937,15264,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  388.813352][T15264] (syz.7.2937,15264,0):ocfs2_fill_super:1177 ERROR: status = -5
[  388.862596][T15271] FAULT_INJECTION: forcing a failure.
[  388.862596][T15271] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  388.867087][T15271] CPU: 3 UID: 0 PID: 15271 Comm: syz.6.2940 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  388.867106][T15271] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  388.867113][T15271] Call Trace:
[  388.867117][T15271]  <TASK>
[  388.867122][T15271]  dump_stack_lvl+0x16c/0x1f0
[  388.867140][T15271]  should_fail_ex+0x512/0x640
[  388.867157][T15271]  should_fail_alloc_page+0xe7/0x130
[  388.867174][T15271]  prepare_alloc_pages+0x3c2/0x610
[  388.867188][T15271]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  388.867203][T15271]  ? __pfx_stack_trace_save+0x10/0x10
[  388.867217][T15271]  ? stack_depot_save_flags+0x28/0xa40
[  388.867235][T15271]  ? iovec_from_user+0x108/0x140
[  388.867250][T15271]  ? kasan_save_stack+0x42/0x60
[  388.867262][T15271]  ? kasan_save_stack+0x33/0x60
[  388.867275][T15271]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  388.867289][T15271]  ? iovec_from_user+0x108/0x140
[  388.867304][T15271]  ? import_iovec+0x109/0x140
[  388.867318][T15271]  ? do_writev+0x132/0x340
[  388.867331][T15271]  ? do_syscall_64+0xcd/0x4c0
[  388.867344][T15271]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.867373][T15271]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  388.867388][T15271]  ? policy_nodemask+0xea/0x4e0
[  388.867404][T15271]  alloc_pages_mpol+0x1fb/0x550
[  388.867419][T15271]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  388.867438][T15271]  ? __pfx_vcs_write+0x10/0x10
[  388.867450][T15271]  alloc_pages_noprof+0x131/0x390
[  388.867465][T15271]  get_free_pages_noprof+0x10/0xb0
[  388.867481][T15271]  vcs_write+0x11a/0xdb0
[  388.867493][T15271]  ? copy_iovec_from_user+0x131/0x170
[  388.867509][T15271]  ? iovec_from_user+0xbb/0x140
[  388.867526][T15271]  ? __import_iovec+0x1dd/0x650
[  388.867540][T15271]  ? __pfx_vcs_write+0x10/0x10
[  388.867554][T15271]  ? bpf_lsm_file_permission+0x9/0x10
[  388.867563][T15271]  ? security_file_permission+0x71/0x210
[  388.867583][T15271]  ? rw_verify_area+0xcf/0x680
[  388.867596][T15271]  ? __pfx_vcs_write+0x10/0x10
[  388.867607][T15271]  vfs_writev+0x5dc/0xde0
[  388.867623][T15271]  ? __pfx_vfs_writev+0x10/0x10
[  388.867645][T15271]  ? __fget_files+0x20e/0x3c0
[  388.867658][T15271]  ? __fget_files+0x130/0x3c0
[  388.867675][T15271]  ? do_writev+0x132/0x340
[  388.867686][T15271]  do_writev+0x132/0x340
[  388.867698][T15271]  ? __pfx_do_writev+0x10/0x10
[  388.867714][T15271]  do_syscall_64+0xcd/0x4c0
[  388.867728][T15271]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.867738][T15271] RIP: 0033:0x7fea8998e929
[  388.867747][T15271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  388.867757][T15271] RSP: 002b:00007fea8a7f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  388.867767][T15271] RAX: ffffffffffffffda RBX: 00007fea89bb5fa0 RCX: 00007fea8998e929
[  388.867774][T15271] RDX: 000000000000000e RSI: 0000200000000c40 RDI: 0000000000000003
[  388.867780][T15271] RBP: 00007fea8a7f5090 R08: 0000000000000000 R09: 0000000000000000
[  388.867786][T15271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  388.867792][T15271] R13: 0000000000000000 R14: 00007fea89bb5fa0 R15: 00007ffe439af3c8
[  388.867805][T15271]  </TASK>
[  388.903717][T11931] usblp 13-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  388.974191][T11931] usb 13-1: USB disconnect, device number 2
[  388.978515][T11931] usblp0: removed
[  389.110601][T15287] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2947'.
[  389.419933][T11931] usb 13-1: new high-speed USB device number 3 using dummy_hcd
[  389.569838][T11931] usb 13-1: Using ep0 maxpacket: 32
[  389.576723][T11931] usb 13-1: config index 0 descriptor too short (expected 29220, got 36)
[  389.583030][T11931] usb 13-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  389.586545][T11931] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 81
[  389.590050][T11931] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  389.594037][T11931] usb 13-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  389.597527][T11931] usb 13-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  389.603574][T11931] usb 13-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  389.607104][T11931] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  389.611036][T11931] usb 13-1: config 0 descriptor??
[  390.168870][T11931] usblp 13-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  390.570849][   T29] usb 13-1: USB disconnect, device number 3
[  390.577875][   T29] usblp0: removed
[  390.800155][ T6028] usb 11-1: new high-speed USB device number 19 using dummy_hcd
[  390.960190][ T6028] usb 11-1: Using ep0 maxpacket: 16
[  390.964687][ T6028] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  390.971197][ T6028] usb 11-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  390.974744][ T6028] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.977274][ T6028] usb 11-1: Product: syz
[  390.978616][ T6028] usb 11-1: Manufacturer: syz
[  390.980218][ T6028] usb 11-1: SerialNumber: syz
[  390.983867][ T6028] usb 11-1: config 0 descriptor??
[  390.987912][ T6028] hub 11-1:0.0: bad descriptor, ignoring hub
[  390.991032][ T6028] hub 11-1:0.0: probe with driver hub failed with error -5
[  390.996960][ T6028] input: syz syz as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/input/input32
[  391.245950][T15322] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  391.249656][T15322] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  391.349677][  T838] usb 11-1: USB disconnect, device number 19
[  391.459503][ T1465] usb 13-1: new high-speed USB device number 4 using dummy_hcd
[  391.589584][ T1465] usb 13-1: device descriptor read/64, error -71
[  391.829508][ T1465] usb 13-1: new high-speed USB device number 5 using dummy_hcd
[  391.947128][T15326] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2957'.
[  391.969521][ T1465] usb 13-1: device descriptor read/64, error -71
[  392.033131][T15331] FAULT_INJECTION: forcing a failure.
[  392.033131][T15331] name failslab, interval 1, probability 0, space 0, times 0
[  392.037807][T15331] CPU: 1 UID: 0 PID: 15331 Comm: syz.6.2959 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  392.037830][T15331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  392.037840][T15331] Call Trace:
[  392.037847][T15331]  <TASK>
[  392.037854][T15331]  dump_stack_lvl+0x16c/0x1f0
[  392.037880][T15331]  should_fail_ex+0x512/0x640
[  392.037904][T15331]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  392.037931][T15331]  should_failslab+0xc2/0x120
[  392.037956][T15331]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  392.037979][T15331]  ? __alloc_skb+0x2b2/0x380
[  392.038004][T15331]  __alloc_skb+0x2b2/0x380
[  392.038023][T15331]  ? __pfx___alloc_skb+0x10/0x10
[  392.038045][T15331]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  392.038075][T15331]  netlink_alloc_large_skb+0x69/0x130
[  392.038103][T15331]  netlink_sendmsg+0x6a1/0xdd0
[  392.038130][T15331]  ? __pfx_netlink_sendmsg+0x10/0x10
[  392.038163][T15331]  ____sys_sendmsg+0xa95/0xc70
[  392.038179][T15331]  ? copy_msghdr_from_user+0x10a/0x160
[  392.038201][T15331]  ? __pfx_____sys_sendmsg+0x10/0x10
[  392.038227][T15331]  ___sys_sendmsg+0x134/0x1d0
[  392.038250][T15331]  ? __pfx____sys_sendmsg+0x10/0x10
[  392.038269][T15331]  ? __lock_acquire+0x622/0x1c90
[  392.038331][T15331]  __sys_sendmsg+0x16d/0x220
[  392.038354][T15331]  ? __pfx___sys_sendmsg+0x10/0x10
[  392.038389][T15331]  do_syscall_64+0xcd/0x4c0
[  392.038413][T15331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.038430][T15331] RIP: 0033:0x7fea8998e929
[  392.038443][T15331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  392.038458][T15331] RSP: 002b:00007fea8a7f5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  392.038475][T15331] RAX: ffffffffffffffda RBX: 00007fea89bb5fa0 RCX: 00007fea8998e929
[  392.038486][T15331] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  392.038497][T15331] RBP: 00007fea8a7f5090 R08: 0000000000000000 R09: 0000000000000000
[  392.038506][T15331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  392.038515][T15331] R13: 0000000000000000 R14: 00007fea89bb5fa0 R15: 00007ffe439af3c8
[  392.038537][T15331]  </TASK>
[  392.080228][ T1465] usb usb13-port1: attempt power cycle
[  392.116723][T15333] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2960'.
[  392.123504][T15333] netlink: 'syz.6.2960': attribute type 1 has an invalid length.
[  392.142676][T15333] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  392.449431][ T1465] usb 13-1: new high-speed USB device number 6 using dummy_hcd
[  392.469898][ T1465] usb 13-1: device descriptor read/8, error -71
[  392.719435][ T1465] usb 13-1: new high-speed USB device number 7 using dummy_hcd
[  392.751542][ T1465] usb 13-1: device descriptor read/8, error -71
[  392.859720][ T1465] usb usb13-port1: unable to enumerate USB device
[  393.082619][T15346] No such timeout policy "syz1"
[  393.249175][T15356] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2969'.
[  393.268955][T15356] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2969'.
[  393.272085][T15356] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2969'.
[  393.419514][   T29] usb 11-1: new high-speed USB device number 20 using dummy_hcd
[  393.465413][T15364] FAULT_INJECTION: forcing a failure.
[  393.465413][T15364] name failslab, interval 1, probability 0, space 0, times 0
[  393.470772][T15364] CPU: 1 UID: 0 PID: 15364 Comm: syz.7.2973 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  393.470788][T15364] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  393.470795][T15364] Call Trace:
[  393.470799][T15364]  <TASK>
[  393.470803][T15364]  dump_stack_lvl+0x16c/0x1f0
[  393.470820][T15364]  should_fail_ex+0x512/0x640
[  393.470836][T15364]  ? fs_reclaim_acquire+0xae/0x150
[  393.470848][T15364]  ? tomoyo_encode2+0x100/0x3e0
[  393.470862][T15364]  should_failslab+0xc2/0x120
[  393.470878][T15364]  __kmalloc_noprof+0xd2/0x510
[  393.470894][T15364]  tomoyo_encode2+0x100/0x3e0
[  393.470911][T15364]  tomoyo_encode+0x29/0x50
[  393.470924][T15364]  tomoyo_realpath_from_path+0x18f/0x6e0
[  393.470941][T15364]  ? tomoyo_profile+0x47/0x60
[  393.470952][T15364]  tomoyo_path_number_perm+0x245/0x580
[  393.470964][T15364]  ? tomoyo_path_number_perm+0x237/0x580
[  393.470978][T15364]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  393.470991][T15364]  ? find_held_lock+0x2b/0x80
[  393.471016][T15364]  ? find_held_lock+0x2b/0x80
[  393.471056][T15364]  ? hook_file_ioctl_common+0x145/0x410
[  393.471079][T15364]  ? __fget_files+0x20e/0x3c0
[  393.471106][T15364]  security_file_ioctl+0x9b/0x240
[  393.471128][T15364]  __x64_sys_ioctl+0xb7/0x210
[  393.471142][T15364]  do_syscall_64+0xcd/0x4c0
[  393.471158][T15364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  393.471168][T15364] RIP: 0033:0x7f6294b8e929
[  393.471178][T15364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  393.471188][T15364] RSP: 002b:00007f6295ac0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  393.471198][T15364] RAX: ffffffffffffffda RBX: 00007f6294db5fa0 RCX: 00007f6294b8e929
[  393.471205][T15364] RDX: 0000200000000500 RSI: 000000004008ae89 RDI: 0000000000000005
[  393.471211][T15364] RBP: 00007f6295ac0090 R08: 0000000000000000 R09: 0000000000000000
[  393.471217][T15364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  393.471223][T15364] R13: 0000000000000000 R14: 00007f6294db5fa0 R15: 00007ffdcb9b9ac8
[  393.471236][T15364]  </TASK>
[  393.471251][T15364] ERROR: Out of memory at tomoyo_realpath_from_path.
[  393.629595][   T29] usb 11-1: Using ep0 maxpacket: 32
[  393.634093][   T29] usb 11-1: config index 0 descriptor too short (expected 29220, got 36)
[  393.637557][   T29] usb 11-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  393.641879][   T29] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 81
[  393.645653][   T29] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  393.646321][   T40] audit: type=1400 audit(1749169246.397:672): avc:  denied  { watch } for  pid=15366 comm="syz.7.2974" path="/137/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  393.650142][   T29] usb 11-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  393.663660][   T40] audit: type=1400 audit(1749169246.397:673): avc:  denied  { watch_sb watch_reads } for  pid=15366 comm="syz.7.2974" path="/137/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  393.667904][   T29] usb 11-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  393.686947][   T29] usb 11-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  393.691581][   T29] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  393.700512][   T29] usb 11-1: config 0 descriptor??
[  393.911354][   T29] usblp 11-1:0.0: usblp0: USB Bidirectional printer dev 20 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  393.920612][   T29] usb 11-1: USB disconnect, device number 20
[  393.934693][   T29] usblp0: removed
[  393.961456][T15377] overlayfs: missing 'lowerdir'
[  393.966525][T15377] fuse: Bad value for 'fd'
[  394.336725][T15394] SELinux:  policydb version 1402900228 does not match my version range 15-34
[  394.341276][T15394] SELinux: failed to load policy
[  394.349491][   T57] usb 11-1: new high-speed USB device number 21 using dummy_hcd
[  394.369875][   T29] usb 12-1: new high-speed USB device number 9 using dummy_hcd
[  394.509446][   T57] usb 11-1: Using ep0 maxpacket: 32
[  394.512963][   T57] usb 11-1: config index 0 descriptor too short (expected 29220, got 36)
[  394.515868][   T57] usb 11-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  394.518979][   T57] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 81
[  394.520017][   T29] usb 12-1: Using ep0 maxpacket: 16
[  394.522574][   T57] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  394.526812][   T29] usb 12-1: too many configurations: 129, using maximum allowed: 8
[  394.528417][   T57] usb 11-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  394.534928][   T29] usb 12-1: invalid descriptor for config index 0: type = 0x2, length = 0
[  394.535502][   T57] usb 11-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  394.535549][   T57] usb 11-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  394.538892][   T29] usb 12-1: can't read configurations, error -22
[  394.544142][   T57] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  394.546339][   T57] usb 11-1: config 0 descriptor??
[  394.679542][   T29] usb 12-1: new high-speed USB device number 10 using dummy_hcd
[  394.832812][   T29] usb 12-1: Using ep0 maxpacket: 16
[  394.836153][   T29] usb 12-1: too many configurations: 129, using maximum allowed: 8
[  394.839853][   T29] usb 12-1: invalid descriptor for config index 0: type = 0x2, length = 0
[  394.842623][   T29] usb 12-1: can't read configurations, error -22
[  394.845875][   T29] usb usb12-port1: attempt power cycle
[  394.857746][T15413] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2984'.
[  394.860577][T15413] netlink: 'syz.8.2984': attribute type 30 has an invalid length.
[  394.866107][T15413] netdevsim netdevsim8 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  394.869408][T15413] netdevsim netdevsim8 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  394.872033][T15413] netdevsim netdevsim8 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  394.874649][T15413] netdevsim netdevsim8 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  394.880619][T15413] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2984'.
[  394.883999][T15413] netlink: 'syz.8.2984': attribute type 30 has an invalid length.
[  395.112600][   T57] usblp 11-1:0.0: usblp0: USB Bidirectional printer dev 21 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  395.139709][T11017] usb 13-1: new high-speed USB device number 8 using dummy_hcd
[  395.179440][   T29] usb 12-1: new high-speed USB device number 11 using dummy_hcd
[  395.200776][   T29] usb 12-1: Using ep0 maxpacket: 16
[  395.203976][   T29] usb 12-1: too many configurations: 129, using maximum allowed: 8
[  395.208455][   T29] usb 12-1: invalid descriptor for config index 0: type = 0x2, length = 0
[  395.212728][   T29] usb 12-1: can't read configurations, error -22
[  395.279447][T11017] usb 13-1: device descriptor read/64, error -71
[  395.339837][   T29] usb 12-1: new high-speed USB device number 12 using dummy_hcd
[  395.370220][   T29] usb 12-1: Using ep0 maxpacket: 16
[  395.373472][   T29] usb 12-1: too many configurations: 129, using maximum allowed: 8
[  395.376946][   T29] usb 12-1: invalid descriptor for config index 0: type = 0x2, length = 0
[  395.379980][   T29] usb 12-1: can't read configurations, error -22
[  395.382126][   T29] usb usb12-port1: unable to enumerate USB device
[  395.513670][ T1465] usb 11-1: USB disconnect, device number 21
[  395.519896][ T1465] usblp0: removed
[  395.529497][T11017] usb 13-1: new high-speed USB device number 9 using dummy_hcd
[  395.659538][T11017] usb 13-1: device descriptor read/64, error -71
[  395.771887][T11017] usb usb13-port1: attempt power cycle
[  396.120123][T11017] usb 13-1: new high-speed USB device number 10 using dummy_hcd
[  396.141167][T11017] usb 13-1: device descriptor read/8, error -71
[  396.300664][T15454] FAULT_INJECTION: forcing a failure.
[  396.300664][T15454] name failslab, interval 1, probability 0, space 0, times 0
[  396.305663][T15454] CPU: 1 UID: 0 PID: 15454 Comm: syz.6.2989 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  396.305679][T15454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  396.305685][T15454] Call Trace:
[  396.305690][T15454]  <TASK>
[  396.305695][T15454]  dump_stack_lvl+0x16c/0x1f0
[  396.305713][T15454]  should_fail_ex+0x512/0x640
[  396.305730][T15454]  should_failslab+0xc2/0x120
[  396.305745][T15454]  __kmalloc_cache_noprof+0x6a/0x3e0
[  396.305759][T15454]  ? __add_metainfo+0x99/0x460
[  396.305775][T15454]  ? kasan_save_track+0x14/0x30
[  396.305789][T15454]  __add_metainfo+0x99/0x460
[  396.305805][T15454]  tcf_ife_init+0xd5c/0x14e0
[  396.305824][T15454]  ? __pfx_tcf_ife_init+0x10/0x10
[  396.305845][T15454]  ? tcf_action_init_1+0x2d2/0x6c0
[  396.305857][T15454]  ? __asan_memcpy+0x3c/0x60
[  396.305871][T15454]  tcf_action_init_1+0x45d/0x6c0
[  396.305884][T15454]  ? __pfx_tcf_action_init_1+0x10/0x10
[  396.305902][T15454]  ? __nla_parse+0x40/0x60
[  396.305913][T15454]  tcf_action_init+0x432/0xa50
[  396.305929][T15454]  ? __pfx_tcf_action_init+0x10/0x10
[  396.305941][T15454]  ? is_bpf_text_address+0x8a/0x1a0
[  396.305964][T15454]  ? __lock_acquire+0xb8a/0x1c90
[  396.305990][T15454]  ? find_held_lock+0x2b/0x80
[  396.306002][T15454]  ? pcpu_alloc_noprof+0x949/0x1470
[  396.306018][T15454]  tcf_exts_validate_ex+0x42d/0x550
[  396.306034][T15454]  ? __pfx_tcf_exts_validate_ex+0x10/0x10
[  396.306047][T15454]  ? mark_held_locks+0x49/0x80
[  396.306069][T15454]  mall_change+0x3cd/0x1090
[  396.306086][T15454]  ? __pfx_mall_change+0x10/0x10
[  396.306100][T15454]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  396.306118][T15454]  ? __pfx_mall_change+0x10/0x10
[  396.306132][T15454]  tc_new_tfilter+0xa35/0x2340
[  396.306149][T15454]  ? __pfx_tc_new_tfilter+0x10/0x10
[  396.306170][T15454]  ? find_held_lock+0x2b/0x80
[  396.306182][T15454]  ? __pfx_tc_new_tfilter+0x10/0x10
[  396.306191][T15454]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  396.306206][T15454]  ? __pfx_tc_new_tfilter+0x10/0x10
[  396.306216][T15454]  rtnetlink_rcv_msg+0x95e/0xe90
[  396.306231][T15454]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  396.306248][T15454]  ? ref_tracker_free+0x37c/0x830
[  396.306265][T15454]  netlink_rcv_skb+0x158/0x420
[  396.306274][T15454]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  396.306289][T15454]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  396.306309][T15454]  ? netlink_deliver_tap+0x1ae/0xd30
[  396.306326][T15454]  netlink_unicast+0x53a/0x7f0
[  396.306343][T15454]  ? __pfx_netlink_unicast+0x10/0x10
[  396.306362][T15454]  netlink_sendmsg+0x8d1/0xdd0
[  396.306380][T15454]  ? __pfx_netlink_sendmsg+0x10/0x10
[  396.306400][T15454]  ____sys_sendmsg+0xa95/0xc70
[  396.306411][T15454]  ? copy_msghdr_from_user+0x10a/0x160
[  396.306424][T15454]  ? __pfx_____sys_sendmsg+0x10/0x10
[  396.306439][T15454]  ___sys_sendmsg+0x134/0x1d0
[  396.306452][T15454]  ? __pfx____sys_sendmsg+0x10/0x10
[  396.306464][T15454]  ? __lock_acquire+0x622/0x1c90
[  396.306494][T15454]  __sys_sendmsg+0x16d/0x220
[  396.306507][T15454]  ? __pfx___sys_sendmsg+0x10/0x10
[  396.306525][T15454]  ? fput+0x70/0xf0
[  396.306536][T15454]  do_syscall_64+0xcd/0x4c0
[  396.306554][T15454]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.306565][T15454] RIP: 0033:0x7fea8998e929
[  396.306574][T15454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  396.306584][T15454] RSP: 002b:00007fea8a7f5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  396.306594][T15454] RAX: ffffffffffffffda RBX: 00007fea89bb5fa0 RCX: 00007fea8998e929
[  396.306601][T15454] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004
[  396.306607][T15454] RBP: 00007fea8a7f5090 R08: 0000000000000000 R09: 0000000000000000
[  396.306613][T15454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  396.306619][T15454] R13: 0000000000000000 R14: 00007fea89bb5fa0 R15: 00007ffe439af3c8
[  396.306631][T15454]  </TASK>
[  396.500120][T11017] usb 13-1: new high-speed USB device number 11 using dummy_hcd
[  396.529292][T15457] netlink: 56 bytes leftover after parsing attributes in process `syz.6.2990'.
[  396.530100][T11017] usb 13-1: device descriptor read/8, error -71
[  396.650231][T11017] usb usb13-port1: unable to enumerate USB device
[  396.792090][   T40] audit: type=1804 audit(1749169249.547:674): pid=15468 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.6.2995" name="/newroot/285/file1" dev="fuse" ino=1 res=1 errno=0
[  396.801125][   T40] audit: type=1800 audit(1749169249.547:675): pid=15468 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.2995" name="/" dev="fuse" ino=1 res=0 errno=0
[  396.809820][   T40] audit: type=1800 audit(1749169249.547:676): pid=15468 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.2995" name="/" dev="fuse" ino=1 res=0 errno=0
[  396.877648][   T40] audit: type=1400 audit(1749169249.627:677): avc:  denied  { write } for  pid=15473 comm="syz.6.2997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  396.932127][T15476] dlm: non-version read from control device 0
[  396.966547][T15478] ata1.00: invalid cdb length 6
[  397.151039][   T40] audit: type=1804 audit(1749169249.907:678): pid=15481 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.7.3000" name="/newroot/140/file1" dev="fuse" ino=1 res=1 errno=0
[  397.151455][T15481] FAULT_INJECTION: forcing a failure.
[  397.151455][T15481] name failslab, interval 1, probability 0, space 0, times 0
[  397.159904][   T40] audit: type=1800 audit(1749169249.907:679): pid=15481 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.7.3000" name="/" dev="fuse" ino=1 res=0 errno=0
[  397.163746][T15481] CPU: 0 UID: 0 PID: 15481 Comm: syz.7.3000 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  397.163762][T15481] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  397.163769][T15481] Call Trace:
[  397.163774][T15481]  <TASK>
[  397.163779][T15481]  dump_stack_lvl+0x16c/0x1f0
[  397.163798][T15481]  should_fail_ex+0x512/0x640
[  397.163812][T15481]  ? __kmalloc_noprof+0xbf/0x510
[  397.163828][T15481]  ? ima_write_template_field_data+0x5d/0x1f0
[  397.163840][T15481]  should_failslab+0xc2/0x120
[  397.163856][T15481]  __kmalloc_noprof+0xd2/0x510
[  397.163872][T15481]  ima_write_template_field_data+0x5d/0x1f0
[  397.163886][T15481]  ima_eventname_init_common+0x1b8/0x260
[  397.163900][T15481]  ? __pfx_ima_eventname_init_common+0x10/0x10
[  397.163914][T15481]  ? trace_kmalloc+0x2b/0xd0
[  397.163922][T15481]  ? __kmalloc_noprof+0x242/0x510
[  397.163939][T15481]  ima_alloc_init_template+0x39d/0x720
[  397.163956][T15481]  ? rcu_is_watching+0x12/0xc0
[  397.163970][T15481]  ima_store_measurement+0x1eb/0x5c0
[  397.163987][T15481]  ? __pfx_ima_store_measurement+0x10/0x10
[  397.164004][T15481]  ? vfs_getxattr_alloc+0xec/0x340
[  397.164023][T15481]  ? __pfx_ima_get_hash_algo+0x10/0x10
[  397.164039][T15481]  process_measurement+0x1f26/0x23e0
[  397.164057][T15481]  ? avc_has_perm_noaudit+0x149/0x3b0
[  397.164068][T15481]  ? __pfx_process_measurement+0x10/0x10
[  397.164085][T15481]  ? __pfx_avc_has_perm+0x10/0x10
[  397.164096][T15481]  ? find_held_lock+0x2b/0x80
[  397.164121][T15481]  ? file_map_prot_check+0x1eb/0x360
[  397.164136][T15481]  ima_file_mmap+0x1a8/0x1d0
[  397.164150][T15481]  ? __pfx_ima_file_mmap+0x10/0x10
[  397.164163][T15481]  ? __lock_acquire+0x622/0x1c90
[  397.164181][T15481]  security_mmap_file+0x88c/0x990
[  397.164197][T15481]  vm_mmap_pgoff+0xec/0x450
[  397.164213][T15481]  ? find_held_lock+0x2b/0x80
[  397.164225][T15481]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  397.164242][T15481]  ? __fget_files+0x20e/0x3c0
[  397.164259][T15481]  ksys_mmap_pgoff+0x32c/0x5c0
[  397.164269][T15481]  ? __pfx_ksys_write+0x10/0x10
[  397.164284][T15481]  __x64_sys_mmap+0x125/0x190
[  397.164301][T15481]  do_syscall_64+0xcd/0x4c0
[  397.164316][T15481]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.164326][T15481] RIP: 0033:0x7f6294b8e929
[  397.164336][T15481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  397.164346][T15481] RSP: 002b:00007f6295ac0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  397.164356][T15481] RAX: ffffffffffffffda RBX: 00007f6294db5fa0 RCX: 00007f6294b8e929
[  397.164363][T15481] RDX: 0000000000000006 RSI: 0000000000002000 RDI: 0000200000000000
[  397.164369][T15481] RBP: 00007f6295ac0090 R08: 0000000000000007 R09: 0000000000000000
[  397.164375][T15481] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001
[  397.164381][T15481] R13: 0000000000000000 R14: 00007f6294db5fa0 R15: 00007ffdcb9b9ac8
[  397.164394][T15481]  </TASK>
[  397.271482][   T40] audit: type=1800 audit(1749169249.907:680): pid=15481 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.7.3000" name="/" dev="fuse" ino=1 res=0 errno=0
[  397.278583][   T40] audit: type=1804 audit(1749169249.917:681): pid=15481 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=add_template_measure cause=ENOMEM comm="syz.7.3000" name="/newroot/140/file1" dev="fuse" ino=1 res=0 errno=0
[  397.345120][T15489] netlink: 'syz.7.3001': attribute type 3 has an invalid length.
[  397.466952][T15489] netlink: 'syz.7.3001': attribute type 28 has an invalid length.
[  397.470564][T15489] netlink: 'syz.7.3001': attribute type 3 has an invalid length.
[  397.473786][T15489] netlink: 132 bytes leftover after parsing attributes in process `syz.7.3001'.
[  397.591812][T15489] netlink: 16402 bytes leftover after parsing attributes in process `syz.7.3001'.
[  397.594933][T15484] netlink: 16402 bytes leftover after parsing attributes in process `syz.7.3001'.
[  397.783949][T15499] openvswitch: netlink: IP tunnel TTL not specified.
[  398.069500][T15512] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3006'.
[  398.096046][T15520] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(5)
[  398.098125][T15520] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  398.102781][T15520] vhci_hcd vhci_hcd.0: Device attached
[  398.109439][T15522] vhci_hcd: connection closed
[  398.112262][ T1157] vhci_hcd: stop threads
[  398.115192][ T1157] vhci_hcd: release socket
[  398.116652][ T1157] vhci_hcd: disconnect device
[  398.382898][T15527] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3013'.
[  398.386663][T15527] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3013'.
[  398.389705][T15527] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3013'.
[  399.049509][   T10] usb 12-1: new high-speed USB device number 13 using dummy_hcd
[  399.077644][   T40] kauditd_printk_skb: 1 callbacks suppressed
[  399.077656][   T40] audit: type=1400 audit(1749169251.827:683): avc:  denied  { listen } for  pid=15540 comm="syz.6.3020" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  399.133615][   T40] audit: type=1400 audit(1749169251.887:684): avc:  denied  { map } for  pid=15540 comm="syz.6.3020" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  399.201871][   T10] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  399.205404][   T10] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  399.208368][   T10] usb 12-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  399.213915][   T10] usb 12-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  399.217675][   T10] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  399.222700][   T10] usb 12-1: config 0 descriptor??
[  399.573545][   T40] audit: type=1400 audit(1749169252.327:685): avc:  denied  { write } for  pid=15555 comm="syz.6.3026" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  399.628591][   T10] plantronics 0003:047F:FFFF.000B: reserved main item tag 0xd
[  399.632674][   T10] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving
[  399.639082][   T10] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[  399.790818][T11931] usb 13-1: new high-speed USB device number 12 using dummy_hcd
[  399.887947][   T29] usb 12-1: USB disconnect, device number 13
[  399.939950][T11931] usb 13-1: device descriptor read/64, error -71
[  400.189722][T11931] usb 13-1: new high-speed USB device number 13 using dummy_hcd
[  400.319548][T11931] usb 13-1: device descriptor read/64, error -71
[  400.440257][T11931] usb usb13-port1: attempt power cycle
[  400.527191][T15571] xfrm1: entered allmulticast mode
[  400.537194][   T40] audit: type=1400 audit(1749169253.287:686): avc:  denied  { audit_control } for  pid=15570 comm="syz.7.3030" capability=30  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  400.575965][T15577] random: crng reseeded on system resumption
[  400.580980][T15576] xt_TPROXY: Can be used only with -p tcp or -p udp
[  400.587036][T15576] gfs2: not a GFS2 filesystem
[  400.635940][T15580] __nla_validate_parse: 1 callbacks suppressed
[  400.635951][T15580] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3033'.
[  400.657850][   T40] audit: type=1400 audit(1749169253.407:687): avc:  denied  { ioctl } for  pid=15575 comm="syz.6.3033" path="/dev/snapshot" dev="devtmpfs" ino=98 ioctlcmd=0x3311 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  400.789636][T11931] usb 13-1: new high-speed USB device number 14 using dummy_hcd
[  400.810182][T11931] usb 13-1: device descriptor read/8, error -71
[  401.061112][T11931] usb 13-1: new high-speed USB device number 15 using dummy_hcd
[  401.080784][T11931] usb 13-1: device descriptor read/8, error -71
[  401.200486][T11931] usb usb13-port1: unable to enumerate USB device
[  401.205962][T15605] o2cb: This node has not been configured.
[  401.208189][T15605] o2cb: Cluster check failed. Fix errors before retrying.
[  401.210776][T15605] (syz.7.3042,15605,2):user_dlm_register:674 ERROR: status = -22
[  401.213349][T15605] (syz.7.3042,15605,2):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file0"
[  401.248063][T15607] syzkaller0: entered promiscuous mode
[  401.250205][T15607] syzkaller0: entered allmulticast mode
[  401.598688][T15621] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3049'.
[  401.662905][T15614] veth1_macvtap: left promiscuous mode
[  401.665371][T15614] macsec0: entered promiscuous mode
[  401.667570][T15614] macsec0: entered allmulticast mode
[  401.677530][T15614] veth1_macvtap: entered promiscuous mode
[  401.679477][T15614] veth1_macvtap: entered allmulticast mode
[  401.681504][T15614] macsec0: left promiscuous mode
[  401.683187][T15614] macsec0: left allmulticast mode
[  401.685049][T15614] veth1_macvtap: left allmulticast mode
[  401.876147][T15634] binder: 15633:15634 unknown command 0
[  401.878524][T15634] binder: 15633:15634 ioctl c0306201 2000000002c0 returned -22
[  402.712419][T15668] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3065'.
[  403.094484][   T40] audit: type=1400 audit(1749169255.847:688): avc:  denied  { create } for  pid=15690 comm="syz.7.3074" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[  403.126554][T15691] loop6: detected capacity change from 0 to 524287998
[  403.234021][T15694] syzkaller0: entered promiscuous mode
[  403.236542][T15694] syzkaller0: entered allmulticast mode
[  403.253032][T15696] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3076'.
[  403.328292][T15698] bridge1: entered promiscuous mode
[  403.420753][T15704] loop6: detected capacity change from 0 to 524287999
[  403.564804][ T5948] Bluetooth: hci0: unexpected event for opcode 0x0407
[  403.706629][T15714] netlink: 'syz.6.3084': attribute type 6 has an invalid length.
[  403.710565][T15714] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3084'.
[  403.748740][T15717] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3085'.
[  403.807820][T15721] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  403.948333][T15733] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 3, id = 0
[  403.949110][T15732] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3091'.
[  403.987420][T15735] binder: 15734:15735 ioctl 4018620d 0 returned -22
[  404.109586][ T5633] usb 11-1: new high-speed USB device number 22 using dummy_hcd
[  404.144287][T15746] netlink: 168 bytes leftover after parsing attributes in process `syz.8.3097'.
[  404.240882][T15755] QAT: Invalid ioctl -2144835806
[  404.270839][ T5633] usb 11-1: too many configurations: 9, using maximum allowed: 8
[  404.272540][   T40] audit: type=1400 audit(1749169257.027:689): avc:  denied  { getopt } for  pid=15756 comm="syz.8.3101" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  404.275328][ T5633] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  404.285248][ T5633] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  404.290120][ T5633] usb 11-1: config 0 interface 0 has no altsetting 0
[  404.293206][ T5633] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  404.296201][ T5633] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  404.300155][ T5633] usb 11-1: config 0 interface 0 has no altsetting 0
[  404.303549][ T5633] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  404.306479][ T5633] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  404.310016][ T5633] usb 11-1: config 0 interface 0 has no altsetting 0
[  404.312819][ T5633] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  404.315586][ T5633] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  404.319007][ T5633] usb 11-1: config 0 interface 0 has no altsetting 0
[  404.322181][ T5633] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  404.324936][ T5633] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  404.328247][ T5633] usb 11-1: config 0 interface 0 has no altsetting 0
[  404.331330][ T5633] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  404.334324][ T5633] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  404.337635][ T5633] usb 11-1: config 0 interface 0 has no altsetting 0
[  404.340744][ T5633] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  404.343541][ T5633] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  404.346792][ T5633] usb 11-1: config 0 interface 0 has no altsetting 0
[  404.349711][ T5633] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  404.352540][ T5633] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  404.355795][ T5633] usb 11-1: config 0 interface 0 has no altsetting 0
[  404.362521][ T5633] usb 11-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  404.365278][ T5633] usb 11-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  404.367694][ T5633] usb 11-1: Product: syz
[  404.368934][ T5633] usb 11-1: Manufacturer: syz
[  404.370512][ T5633] usb 11-1: SerialNumber: syz
[  404.374226][ T5633] usb 11-1: config 0 descriptor??
[  404.381412][ T5633] yurex 11-1:0.0: USB YUREX device now attached to Yurex #0
[  404.428011][   T40] audit: type=1400 audit(1749169257.177:690): avc:  denied  { create } for  pid=15766 comm="syz.8.3106" name="#18" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  404.436702][   T40] audit: type=1400 audit(1749169257.177:691): avc:  denied  { link } for  pid=15766 comm="syz.8.3106" name="#18" dev="tmpfs" ino=327 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  404.443946][   T40] audit: type=1400 audit(1749169257.177:692): avc:  denied  { rename } for  pid=15766 comm="syz.8.3106" name="#19" dev="tmpfs" ino=327 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  404.476841][T15771] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3108'.
[  404.513992][   T40] audit: type=1400 audit(1749169257.267:693): avc:  denied  { ioctl } for  pid=15774 comm="syz.7.3110" path="/dev/ptyr2" dev="devtmpfs" ino=145 ioctlcmd=0x5423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  404.514968][T15775] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3110'.
[  404.535925][T15778] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  404.535947][T15778] batman_adv: batadv0: Removing interface: batadv_slave_0
[  404.540194][T15778] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  404.543524][T15778] batman_adv: batadv0: Removing interface: batadv_slave_1
[  404.582519][ T5633] usb 11-1: USB disconnect, device number 22
[  404.585580][ T5633] yurex 11-1:0.0: USB YUREX #0 now disconnected
[  404.682084][T15784] netlink: 'syz.7.3112': attribute type 3 has an invalid length.
[  404.684585][T15784] netlink: 'syz.7.3112': attribute type 1 has an invalid length.
[  404.757171][T15790] input: syz0 as /devices/virtual/input/input34
[  405.296450][T15816] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2133 sclass=netlink_route_socket pid=15816 comm=syz.7.3125
[  405.444599][T15824] xt_CT: You must specify a L4 protocol and not use inversions on it
[  405.676945][   T40] audit: type=1400 audit(1749169258.427:694): avc:  denied  { connect } for  pid=15831 comm="syz.8.3130" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  405.740185][   T40] audit: type=1400 audit(1749169258.487:695): avc:  denied  { bind } for  pid=15827 comm="syz.6.3129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  405.748139][T15830] sctp: [Deprecated]: syz.6.3129 (pid 15830) Use of struct sctp_assoc_value in delayed_ack socket option.
[  405.748139][T15830] Use struct sctp_sack_info instead
[  405.754614][   T40] audit: type=1400 audit(1749169258.497:696): avc:  denied  { getopt } for  pid=15827 comm="syz.6.3129" laddr=::ffff:172.20.20.10 lport=38622 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  406.159444][   T40] audit: type=1400 audit(1749169258.907:697): avc:  denied  { map } for  pid=15836 comm="syz.7.3132" path="socket:[76668]" dev="sockfs" ino=76668 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  406.168182][   T40] audit: type=1400 audit(1749169258.917:698): avc:  denied  { accept } for  pid=15836 comm="syz.7.3132" path="socket:[76668]" dev="sockfs" ino=76668 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  406.480359][T15844] __nla_validate_parse: 3 callbacks suppressed
[  406.480372][T15844] netlink: 248 bytes leftover after parsing attributes in process `syz.6.3135'.
[  406.560933][ T5948] Bluetooth: Frame is too long (len 10, expected len 4)
[  406.571397][T15850] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15850 comm=syz.6.3137
[  406.598296][T15850] netlink: 'syz.6.3137': attribute type 5 has an invalid length.
[  406.691010][T15863] netlink: 16 bytes leftover after parsing attributes in process `syz.8.3140'.
[  406.693777][T15863] netlink: 16 bytes leftover after parsing attributes in process `syz.8.3140'.
[  407.427707][T15907] FAULT_INJECTION: forcing a failure.
[  407.427707][T15907] name failslab, interval 1, probability 0, space 0, times 0
[  407.433840][T15907] CPU: 0 UID: 0 PID: 15907 Comm: syz.8.3155 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  407.433856][T15907] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  407.433863][T15907] Call Trace:
[  407.433867][T15907]  <TASK>
[  407.433871][T15907]  dump_stack_lvl+0x16c/0x1f0
[  407.433907][T15907]  should_fail_ex+0x512/0x640
[  407.433927][T15907]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  407.433943][T15907]  should_failslab+0xc2/0x120
[  407.433958][T15907]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  407.433971][T15907]  ? __thp_vma_allowable_orders+0x1c5/0xb10
[  407.433981][T15907]  ? ptlock_alloc+0x1f/0x70
[  407.433995][T15907]  ptlock_alloc+0x1f/0x70
[  407.434006][T15907]  pte_alloc_one+0x82/0x3a0
[  407.434017][T15907]  __handle_mm_fault+0x3a68/0x5490
[  407.434033][T15907]  ? __pfx___handle_mm_fault+0x10/0x10
[  407.434045][T15907]  ? folio_mark_accessed+0xc1/0xc00
[  407.434060][T15907]  ? __pfx_folio_mark_accessed+0x10/0x10
[  407.434074][T15907]  ? vm_normal_page+0x152/0x2e0
[  407.434089][T15907]  ? find_held_lock+0x2b/0x80
[  407.434101][T15907]  ? find_held_lock+0x2b/0x80
[  407.434121][T15907]  handle_mm_fault+0x589/0xd10
[  407.434136][T15907]  __get_user_pages+0x589/0x3b80
[  407.434150][T15907]  ? __pfx_mt_find+0x10/0x10
[  407.434165][T15907]  ? __pfx___get_user_pages+0x10/0x10
[  407.434180][T15907]  populate_vma_page_range+0x278/0x3a0
[  407.434192][T15907]  ? __pfx_populate_vma_page_range+0x10/0x10
[  407.434202][T15907]  ? __pfx_find_vma_intersection+0x10/0x10
[  407.434213][T15907]  ? __pfx_apply_mlockall_flags+0x10/0x10
[  407.434228][T15907]  __mm_populate+0x1d8/0x380
[  407.434240][T15907]  ? __pfx___mm_populate+0x10/0x10
[  407.434251][T15907]  ? up_write+0x1b2/0x520
[  407.434263][T15907]  __do_sys_mlockall+0x516/0x5d0
[  407.434277][T15907]  do_syscall_64+0xcd/0x4c0
[  407.434292][T15907]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.434303][T15907] RIP: 0033:0x7f7e5518e929
[  407.434312][T15907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  407.434323][T15907] RSP: 002b:00007f7e55f9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  407.434333][T15907] RAX: ffffffffffffffda RBX: 00007f7e553b5fa0 RCX: 00007f7e5518e929
[  407.434339][T15907] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  407.434345][T15907] RBP: 00007f7e55f9e090 R08: 0000000000000000 R09: 0000000000000000
[  407.434355][T15907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  407.434361][T15907] R13: 0000000000000000 R14: 00007f7e553b5fa0 R15: 00007ffd57814c88
[  407.434375][T15907]  </TASK>
[  407.833830][T15921] syzkaller1: entered promiscuous mode
[  407.836100][T15921] syzkaller1: entered allmulticast mode
[  407.954439][T15923] netlink: 'syz.7.3162': attribute type 20 has an invalid length.
[  407.963865][T15923] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3162'.
[  407.967639][T15923] netlink: 244 bytes leftover after parsing attributes in process `syz.7.3162'.
[  407.971802][   T57] IPVS: starting estimator thread 0...
[  408.059983][T15929] IPVS: using max 46 ests per chain, 110400 per kthread
[  408.074217][T15938] netlink: 'syz.6.3165': attribute type 1 has an invalid length.
[  408.077501][T15938] netlink: 224 bytes leftover after parsing attributes in process `syz.6.3165'.
[  408.083918][T15939] omfs: Invalid superblock (0)
[  408.150344][T15942] 9pnet_virtio: no channels available for device syz
[  408.430800][  T838] usb 12-1: new low-speed USB device number 14 using dummy_hcd
[  408.584264][  T838] usb 12-1: config 168 descriptor has 1 excess byte, ignoring
[  408.589397][  T838] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  408.592829][  T838] usb 12-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  408.596491][  T838] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  408.601500][  T838] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  408.606767][  T838] usb 12-1: config 168 descriptor has 1 excess byte, ignoring
[  408.609227][  T838] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  408.612860][  T838] usb 12-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  408.616840][  T838] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  408.622069][  T838] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  408.626716][  T838] usb 12-1: config 168 descriptor has 1 excess byte, ignoring
[  408.629472][  T838] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  408.633283][  T838] usb 12-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  408.637288][  T838] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  408.641256][  T838] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  408.647170][  T838] usb 12-1: string descriptor 0 read error: -22
[  408.649762][  T838] usb 12-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  408.653174][  T838] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.660814][T15968] FAULT_INJECTION: forcing a failure.
[  408.660814][T15968] name failslab, interval 1, probability 0, space 0, times 0
[  408.661759][  T838] adutux 12-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  408.665991][T15968] CPU: 2 UID: 0 PID: 15968 Comm: syz.8.3173 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  408.666016][T15968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  408.666026][T15968] Call Trace:
[  408.666033][T15968]  <TASK>
[  408.666041][T15968]  dump_stack_lvl+0x16c/0x1f0
[  408.666069][T15968]  should_fail_ex+0x512/0x640
[  408.666093][T15968]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  408.666125][T15968]  should_failslab+0xc2/0x120
[  408.666151][T15968]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  408.666173][T15968]  ? bpf_ksym_find+0x127/0x1c0
[  408.666197][T15968]  ? vm_area_dup+0x27/0x8d0
[  408.666221][T15968]  vm_area_dup+0x27/0x8d0
[  408.666243][T15968]  __split_vma+0x17f/0x1030
[  408.666268][T15968]  ? mas_next_slot+0x12d3/0x21b0
[  408.666293][T15968]  ? __pfx___split_vma+0x10/0x10
[  408.666327][T15968]  vms_gather_munmap_vmas+0x392/0x1310
[  408.666354][T15968]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  408.666378][T15968]  ? mas_walk+0x6a6/0x910
[  408.666410][T15968]  __mmap_region+0x3c7/0x25e0
[  408.666436][T15968]  ? __pfx___mmap_region+0x10/0x10
[  408.666468][T15968]  ? rcu_is_watching+0x12/0xc0
[  408.666489][T15968]  ? kasan_quarantine_put+0x10a/0x240
[  408.666510][T15968]  ? lockdep_hardirqs_on+0x7c/0x110
[  408.666537][T15968]  ? kmem_cache_free+0x2d1/0x4d0
[  408.666558][T15968]  ? process_measurement+0xfec/0x23e0
[  408.666587][T15968]  ? process_measurement+0x1e6/0x23e0
[  408.666645][T15968]  ? mm_get_unmapped_area_vmflags+0x97/0xe0
[  408.666671][T15968]  mmap_region+0x32b/0x3f0
[  408.666698][T15968]  do_mmap+0xa3e/0x1210
[  408.666720][T15968]  ? __pfx_do_mmap+0x10/0x10
[  408.666738][T15968]  ? __pfx_down_write_killable+0x10/0x10
[  408.666767][T15968]  vm_mmap_pgoff+0x281/0x450
[  408.666798][T15968]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  408.666828][T15968]  ? __fget_files+0x20e/0x3c0
[  408.666856][T15968]  ksys_mmap_pgoff+0x32c/0x5c0
[  408.666871][T15968]  ? __pfx_ksys_write+0x10/0x10
[  408.666923][T15968]  __x64_sys_mmap+0x125/0x190
[  408.666952][T15968]  do_syscall_64+0xcd/0x4c0
[  408.666976][T15968]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.666994][T15968] RIP: 0033:0x7f7e5518e929
[  408.667008][T15968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  408.667023][T15968] RSP: 002b:00007f7e55f9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  408.667040][T15968] RAX: ffffffffffffffda RBX: 00007f7e553b5fa0 RCX: 00007f7e5518e929
[  408.667051][T15968] RDX: 0000000000000006 RSI: 0000000000002000 RDI: 0000200000000000
[  408.667061][T15968] RBP: 00007f7e55f9e090 R08: 0000000000000007 R09: 0000000000000000
[  408.667071][T15968] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000002
[  408.667081][T15968] R13: 0000000000000000 R14: 00007f7e553b5fa0 R15: 00007ffd57814c88
[  408.667112][T15968]  </TASK>
[  409.163829][T15992] loop6: detected capacity change from 0 to 524287999
[  409.290060][T11017] usb 11-1: new high-speed USB device number 23 using dummy_hcd
[  409.441228][T11017] usb 11-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  409.444759][T11017] usb 11-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  409.462784][T11017] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 66
[  409.465948][T11017] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  409.469454][T11017] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  409.474668][T11017] usb 11-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  409.477571][T11017] usb 11-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  409.480630][T11017] usb 11-1: Product: syz
[  409.481957][T11017] usb 11-1: Manufacturer: syz
[  409.491969][T11017] cdc_wdm 11-1:1.0: skipping garbage
[  409.494224][T11017] cdc_wdm 11-1:1.0: skipping garbage
[  409.498153][T11017] cdc_wdm 11-1:1.0: cdc-wdm1: USB WDM device
[  409.501644][T11017] cdc_wdm 11-1:1.0: Unknown control protocol
[  409.543994][   T40] kauditd_printk_skb: 9 callbacks suppressed
[  409.544006][   T40] audit: type=1400 audit(1749169262.297:708): avc:  denied  { write } for  pid=15994 comm="syz.8.3182" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  410.513506][   T10] ------------[ cut here ]------------
[  410.515523][   T10] workqueue: cannot queue hci_conn_timeout on wq hci1
[  410.517846][   T10] WARNING: CPU: 0 PID: 10 at kernel/workqueue.c:2257 __queue_work+0xc9c/0x10f0
[  410.520778][   T10] Modules linked in:
[  410.522480][   T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  410.528985][   T10] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  410.533219][   T10] Workqueue: events l2cap_chan_timeout
[  410.535400][   T10] RIP: 0010:__queue_work+0xc9c/0x10f0
[  410.537620][   T10] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 28 04 00 00 48 8b 75 18 4c 89 f2 48 c7 c7 00 fe ab 8b e8 f5 16 f7 ff 90 <0f> 0b 90 90 e9 96 f7 ff ff e8 66 4b 38 00 90 0f 0b 90 e9 1b f6 ff
[  410.545653][   T10] RSP: 0018:ffffc900000d7a48 EFLAGS: 00010082
[  410.548319][   T10] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817ae368
[  410.551637][   T10] RDX: ffff88801dab8000 RSI: ffffffff817ae375 RDI: 0000000000000001
[  410.554784][   T10] RBP: ffff8880561c0948 R08: 0000000000000001 R09: 0000000000000000
[  410.558013][   T10] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
[  410.561071][   T10] R13: ffff8880531f7000 R14: ffff8880531f7178 R15: ffff8880561c0950
[  410.564211][   T10] FS:  0000000000000000(0000) GS:ffff8880d675a000(0000) knlGS:0000000000000000
[  410.567379][   T10] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  410.569448][   T10] CR2: 00002000000007c0 CR3: 00000000480b1000 CR4: 0000000000352ef0
[  410.571861][   T10] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 00000000000000c8
[  410.574361][   T10] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  410.576713][   T10] Call Trace:
[  410.577753][   T10]  <TASK>
[  410.578678][   T10]  ? __cancel_work+0x2c8/0x370
[  410.580210][   T10]  ? clear_pending_if_disabled+0xa8/0x210
[  410.581946][   T10]  ? __pfx_clear_pending_if_disabled+0x10/0x10
[  410.583920][   T10]  __queue_delayed_work+0x35b/0x460
[  410.585512][   T10]  queue_delayed_work_on+0x1b5/0x200
[  410.587101][   T10]  l2cap_chan_del+0x5a0/0x8f0
[  410.588572][   T10]  l2cap_chan_close+0xfe/0xa30
[  410.590045][   T10]  ? __pfx_l2cap_chan_close+0x10/0x10
[  410.591692][   T10]  l2cap_chan_timeout+0x196/0x310
[  410.593493][   T10]  process_one_work+0x9cf/0x1b70
[  410.595156][   T10]  ? __pfx_process_one_work+0x10/0x10
[  410.596861][   T10]  ? assign_work+0x1a0/0x250
[  410.598318][   T10]  worker_thread+0x6c8/0xf10
[  410.599852][   T10]  ? __kthread_parkme+0x19e/0x250
[  410.601444][   T10]  ? __pfx_worker_thread+0x10/0x10
[  410.603186][   T10]  kthread+0x3c5/0x780
[  410.604456][   T10]  ? __pfx_kthread+0x10/0x10
[  410.605950][   T10]  ? rcu_is_watching+0x12/0xc0
[  410.607490][   T10]  ? __pfx_kthread+0x10/0x10
[  410.609009][   T10]  ret_from_fork+0x5d4/0x6f0
[  410.610620][   T10]  ? __pfx_kthread+0x10/0x10
[  410.612221][   T10]  ret_from_fork_asm+0x1a/0x30
[  410.614061][   T10]  </TASK>
[  410.615150][   T10] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  410.617443][   T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) 
[  410.621016][   T10] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  410.624351][   T10] Workqueue: events l2cap_chan_timeout
[  410.626124][   T10] Call Trace:
[  410.627222][   T10]  <TASK>
[  410.628190][   T10]  dump_stack_lvl+0x3d/0x1f0
[  410.629680][   T10]  panic+0x71c/0x800
[  410.630960][   T10]  ? __pfx_panic+0x10/0x10
[  410.632394][   T10]  ? show_trace_log_lvl+0x29b/0x3e0
[  410.634045][   T10]  ? check_panic_on_warn+0x1f/0xb0
[  410.635722][   T10]  ? __queue_work+0xc9c/0x10f0
[  410.637279][   T10]  check_panic_on_warn+0xab/0xb0
[  410.638832][   T10]  __warn+0xf6/0x3c0
[  410.640127][   T10]  ? __queue_work+0xc9c/0x10f0
[  410.641704][   T10]  report_bug+0x3c3/0x580
[  410.643378][   T10]  ? __queue_work+0xc9c/0x10f0
[  410.644993][   T10]  handle_bug+0x184/0x210
[  410.646443][   T10]  exc_invalid_op+0x17/0x50
[  410.647968][   T10]  asm_exc_invalid_op+0x1a/0x20
[  410.649599][   T10] RIP: 0010:__queue_work+0xc9c/0x10f0
[  410.651323][   T10] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 28 04 00 00 48 8b 75 18 4c 89 f2 48 c7 c7 00 fe ab 8b e8 f5 16 f7 ff 90 <0f> 0b 90 90 e9 96 f7 ff ff e8 66 4b 38 00 90 0f 0b 90 e9 1b f6 ff
[  410.657351][   T10] RSP: 0018:ffffc900000d7a48 EFLAGS: 00010082
[  410.659169][   T10] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817ae368
[  410.661550][   T10] RDX: ffff88801dab8000 RSI: ffffffff817ae375 RDI: 0000000000000001
[  410.664096][   T10] RBP: ffff8880561c0948 R08: 0000000000000001 R09: 0000000000000000
[  410.666607][   T10] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
[  410.669044][   T10] R13: ffff8880531f7000 R14: ffff8880531f7178 R15: ffff8880561c0950
[  410.671497][   T10]  ? __warn_printk+0x198/0x350
[  410.673037][   T10]  ? __warn_printk+0x1a5/0x350
[  410.674528][   T10]  ? __queue_work+0xc9b/0x10f0
[  410.676001][   T10]  ? __cancel_work+0x2c8/0x370
[  410.677473][   T10]  ? clear_pending_if_disabled+0xa8/0x210
[  410.679232][   T10]  ? __pfx_clear_pending_if_disabled+0x10/0x10
[  410.681042][   T10]  __queue_delayed_work+0x35b/0x460
[  410.682808][   T10]  queue_delayed_work_on+0x1b5/0x200
[  410.684707][   T10]  l2cap_chan_del+0x5a0/0x8f0
[  410.686148][   T10]  l2cap_chan_close+0xfe/0xa30
[  410.687607][   T10]  ? __pfx_l2cap_chan_close+0x10/0x10
[  410.689235][   T10]  l2cap_chan_timeout+0x196/0x310
[  410.690795][   T10]  process_one_work+0x9cf/0x1b70
[  410.692450][   T10]  ? __pfx_process_one_work+0x10/0x10
[  410.694151][   T10]  ? assign_work+0x1a0/0x250
[  410.695583][   T10]  worker_thread+0x6c8/0xf10
[  410.697067][   T10]  ? __kthread_parkme+0x19e/0x250
[  410.698595][   T10]  ? __pfx_worker_thread+0x10/0x10
[  410.700163][   T10]  kthread+0x3c5/0x780
[  410.701401][   T10]  ? __pfx_kthread+0x10/0x10
[  410.703034][   T10]  ? rcu_is_watching+0x12/0xc0
[  410.704671][   T10]  ? __pfx_kthread+0x10/0x10
[  410.706016][   T10]  ret_from_fork+0x5d4/0x6f0
[  410.707462][   T10]  ? __pfx_kthread+0x10/0x10
[  410.708920][   T10]  ret_from_fork_asm+0x1a/0x30
[  410.710374][   T10]  </TASK>
[  410.712014][   T10] Kernel Offset: disabled
[  410.713386][   T10] Rebooting in 86400 seconds..

VM DIAGNOSIS:
00:12:31  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff855b2985 RDI=ffffffff9b082320 RBP=ffffffff9b0822e0 RSP=ffffc900000d73b0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001
R12=0000000000000000 R13=0000000000000030 R14=ffffffff9b0822e0 R15=ffffffff855b2920
RIP=ffffffff855b29af RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d675a000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00002000000007c0 CR3=00000000480b1000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=00000000000000c8 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000400001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11b12
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11b1f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11b19
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11b2d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11bb3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11c91
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89b84488 00007fea89b84480 00007fea89b84478 00007fea89b84450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea8a6ed100 00007fea89b84440 00007fea89b80004 0008000f0010000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89b84498 00007fea89b84490 00007fea89b84488 00007fea89b84480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 c8c69fb3e57fffd0 2a411c7a23607166 224b1e64d25f85c7 286ac2d871abb9ae
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 71abb9ae9c200eff 272412d3039e97ae b1f88c4bb2dfccad acdd7cbdd00a7c7f
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8f20b6b3c8c69fb3 e57fffd02a411c7a 23607166224b1e64 d25f85c7286ac2d8
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 cdf22631fd5604fb 2b3a5caae3c04746 d12dae85edbd84ff ecb7729a35a41992
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 cc09e8242e06f411 49c630ddec29bdef fffba0c33551d8d0 8061aa73feeceb87
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=ffff88806a53cec0 RCX=ffffffff81b011a3 RDX=ffff88801e28c880
RSI=0000000000000000 RDI=0000000000000005 RBP=ffffc90000157d08 RSP=ffffc90000157bb8
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=fffffbfff1cb9f6e
R12=1ffff9200002af80 R13=0000000000000002 R14=0000000000000001 R15=ffffed100d4a79d9
RIP=ffffffff8b8202e0 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d685a000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000200000404000 CR3=000000003e66b000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=00000000000000c8 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11b12
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11b1f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11b19
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11b2d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11bb3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11c91
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294d84488 00007f6294d84480 00007f6294d84478 00007f6294d84450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f62958ed100 00007f6294d84440 00007f6294d84458 00007f6294d844a0
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294d84498 00007f6294d84490 00007f6294d84488 00007f6294d84480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=1ffff92000030fa0 RBX=ffffed1003c52910 RCX=ffffffff81c3e5ef RDX=1ffff11003c52913
RSI=ffffffff8191fc71 RDI=00000000ffffffff RBP=ffffc90000187de8 RSP=ffffc90000187dc8
R8 =0000000000000001 R9 =0000000000000001 R10=ffffffff90a80057 R11=0000000000000001
R12=0000000000000002 R13=ffff88801e294880 R14=ffffffff90a80050 R15=0000000000000000
RIP=ffffffff8b7fe117 RFL=00000a06 [-O---P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d695a000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000555571d4c808 CR3=00000000480b1000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=00000000000000c8 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000400001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11b12
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11b1f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11b19
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11b2d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11bb3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11c91
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89b84488 00007fea89b84480 00007fea89b84478 00007fea89b84450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea8a6ed100 00007fea89b84440 00007fea89b80004 0008000f0010000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89b84498 00007fea89b84490 00007fea89b84488 00007fea89b84480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 c8c69fb3e57fffd0 2a411c7a23607166 224b1e64d25f85c7 286ac2d871abb9ae
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 71abb9ae9c200eff 272412d3039e97ae b1f88c4bb2dfccad acdd7cbdd00a7c7f
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8f20b6b3c8c69fb3 e57fffd02a411c7a 23607166224b1e64 d25f85c7286ac2d8
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 cdf22631fd5604fb 2b3a5caae3c04746 d12dae85edbd84ff ecb7729a35a41992
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 cc09e8242e06f411 49c630ddec29bdef fffba0c33551d8d0 8061aa73feeceb87
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=00000000000b8013 RBX=ffff88802e341bc0 RCX=ffffffff81c3e5ef RDX=0000000000000000
RSI=ffffffff8de14dcb RDI=0000000000000001 RBP=ffff88802e341dc0 RSP=ffffc90004c3fcd8
R8 =0000000000000001 R9 =0000000000000001 R10=ffffffff90a80057 R11=0000000000000001
R12=0000000000000000 R13=0000000000000011 R14=0000000000000200 R15=ffff88802e341bc0
RIP=ffffffff8b81b5a9 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f6295a9f6c0 ffffffff 00c00000
GS =0000 ffff8880d6a5a000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000200000139000 CR3=000000003e66b000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=00000000000000c8 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11b12
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11b1f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11b19
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11b2d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11bb3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11c91
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294d84488 00007f6294d84480 00007f6294d84478 00007f6294d84450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f62958ed100 00007f6294d84440 00007f6294d84458 00007f6294d844a0
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294d84498 00007f6294d84490 00007f6294d84488 00007f6294d84480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000