last executing test programs:

15m41.266247044s ago: executing program 32 (id=3117):
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_mmap}], [], 0x6b}})
chmod(&(0x7f0000000180)='./file0\x00', 0x1d0)
r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
pwritev2(r3, &(0x7f0000000100)=[{&(0x7f0000000540)="a6aada2162a9eca7b6f983d446a7cba9ec5d3b9b701543e8e4e756fbf3adfd0aec3e1eb887a8a626a113c52522a8eaa0ffa9e52b89f52dd0963c3eb8179d196a71758d5c839d0da94c206e3372fcde92e5da04a7cb2632b4acf90cc9517c58b1b892714903333a99a4d5d34e12534233a1e93991f91394e2f7a620b36812011a0ba33dee67feb0f2dba7b2f41997b01217af726681910ead31441be2e582213db37e193f92a4d0b8471c5cb4507afa7716268a867ce97e28aa1023e81e9e565f0e6b10846ea5759213138959afb6daee352cc7a79ced9ae6be4ca7d1420c5e18c8089b05699b7da7cc87ac0785fc588adb2a3d7c3ba9befed645cf44d16cef38f5a79e7ea236af20502793a08d6ecd37ebf76ecf18c51da2bcafc58a2a5e8c6dcdfbdd8afe846efe396441fb8a4bc95862ee6a7517fbcf7128fa2e48056b286e34dc7a55adf63001d6e0afca1103216cbdd8a736ae06b69cbdbdc8116eca9b762ba728dfbf5c0eedb85f86b7686731e50471bad411bf81e4cfb8607482963ed71e090055f3fdbb467c770b066c1a124b2dcbfd2a88942bd8285387ba128854fb011d59b2200350aa5f687db368e8e8ebb948e6ff5964b5295a782c76f16188963eb4677b2d4c2fff5d969b8b6694e891ef21e50be439c26d913aa0ef4ea8351f615d81d036038ca7253d078bd2f1468aa3eb0ae10c805ef4726ba3d35a8d5b93c45901c3f1036212133960733c358ae0d17af8647d6f8bd1d86738a6801871ddf3f9fb467f51026f1ff0cab6a14486f8065a61d4131b6384aba05388b3376f6144acc453e31d24f40998c88423fbf8496880babb527c007a8a9af0297cd91ec81697fa0adf9bae6c9541920fb83a7387d3674298f40245f3d40e5b796566721e23232a427db8e522f794de831d6c363e8003358a4a21ce5283bb2f22a4858583c1bb2880c8953d77f89687fab6f01a39d506c525d853b7fda46b31cf30c199a07d2a91ea3393fd59fe2dc63eca3394297f7846608ec12f26a67d49039d68aef4342c104d0a942c9e14442eba86ffba4dced3c3036244b1bdec411fed0ef32ef908bd2b9d86dd39a610cf20f34e550472ba4fdf7dad702b0c2236227f119294994ce1ff670af3019fe462c0e75c5b07a70abba198341938c0bbc6c20dc2005c4e01a260cb7090c32f0b58a7d9840bc24a8c8128fffda21cfb39d8dc99f11333eef006fe5cf1019c51a21d3a7e9849110ac0856713cffd3e6a1c5bcbbc6d44a74183b1f2401d62007e57160ae5c52ebfd40d8e98413d4d290e1c26dde3ee45db6a1afa59e3807b22a43232864126c6f1425c68f1d7877e32fb35c1a7f5c4516746e0fee58481e741705d2a239a3662a69e1238ffa2a9b478cd125fa248d4080bb23380cd3a5e4a08ab9db184b51eafb4dcbf315799e1356d55f29cfe4143dbfabc6b2886e407b3ee102569f588d5f6dfe741efbc84013b06931e3c451254d6eb432722ca0ccadc6f89a3bec18813f92383bb32ede4a1cc6092d985520f90917b68048c8bd79bc0c15efdc35294fe098a003a0b836d4bcf85359bae2b0167e09f87a38e451a035fb52f35994c19ce7bf30568e96b7ccb7dd275b9dbc3bb960a260404bbcbe664d26c5d5be6126d00f43cae9be586055c81e7ac1eab9fbe1d34900381d1e27c5f624133a6e4ab01dfe68e43ebd4b5ab5f81f5ad3f235c021a458e08da5673d17235ebc73cc7d05f3038d93aae2297d987c6da167fb8a48800a981c9c13c7a7c5b8fd67062f0e2bfb50b468cb5690b185b2c9c8b67cdd3293ba3337597e7b21f2f1ead66ec7997b5325e15d0c2304d5f37bfb0927b573825496f975c12d3daef18ff9405c0e47b0f45e8006bbb6d8359cef9031506ecc25ff0c1ed58b0cb7ff779cd6b75d60840d90e4adf4a3cc88fee1b4c7dae9f1db061872d0293bd66a80a4a84759504bba279566c525ad7830cf28a2f6cd76557185dab63143fe76850756fcd1cb7d779c31f179eb131bfa65400009d9227241ef3d46d5d423e50fcb0f6961fb1f305c58423cae07e1c85aad1df1f7b5e7a0c837e9c1412d57f4ae931a7acfcd398ca7aa1f44b2b504e8e416a43ceb1a0072308843ea4d7795ceba063b43c8845322c8a9e69b7bf7d8e585a7eb8c9849df2963fd3d104907661870f4c8b937ed1cebeed0efaef2de58fde88bf3a9d611ae327936f5b0699a5f5cea7b5ce46782f0ebc9ff16f87f00daa95117684a390cca664622c5018519b34eb88a8e1a3d6a5a1c78ba2e00fa49ead8a0764602de6235d12d54a83b409074a72c2ac96a10a5ca31894a58658671544837aeaaa45501893d24acdf65042af797ca190d6cef9b80f9627df2c57cfe7cf72d44cf142d060f63c2a8953b19306b6bd4b7eefc0c2fb90ea77b2f2ddf75d7d4ad469fcc61b554ca230c7ec046a6722abcac4d53fd4aa9314589c4d1707183e68b566fd247f718c738d3538ff7230550a5a28ce153b0efcee35758532e186154171a5c036233563ddcb48bc9e48c3ff603ad6dd1a0bb844d64140b3b893d461353dbaac0d892b10f21af0283f7e36bfe6515a316f882956aaf8f39f94dfd3531865813c95218eafc76027f21808bacfe70f8ed11379002e974722e25b5fdd509df6a0030e3f620d6e9bb4de83421a35953d26947fdb4d0fd7a98a7ce2c9d9c97abf21e456529cd8fa51b9eff5efc327175d6903a9da55d8784e5a13df51ad6be7fffb5ed0d20fbffc5887d0ee4528979bf1ccc5bfae4537fe7c03989e90dd437f4c399a3c3d709aad9bd93a20e08b1be3f3deb3813bb15a0844aa1e5856c53ea6b7bc4e04abac10ea2db547b02c47ffa6b82bd5cb4036490636ad4dd6b0a3f0fb5e5a286ba862331ae20ae2e2751fd612f2683ce0e7173a2861ef139c1d6548a9321af5587885c4c754dd55c68d121f4b67e467a8e021f58a930f3b5490ccc400509528e310904c5e2e3698770e3cbff47c1abec5da53bb3965cadfb19697122965c85855b16c976e6b192673d2c06560ea823481df0e20fb7c95a40b69d2f9be5477c4f599be74a34605911587bfa871308e685c86605977ecc141df039a59398de10d947581ba3ba59e72657a8599f390e19e357673d64b9e3996758cf3b29f0052faace20b580d4900b8a1a5da4f062be3dba499e0892f532231a135250e95ce9d240499cf84a4d63afb6008d041e0368e8b48bdba4238ca590d1797fcbad3f3aa6da62b3672738f895ee0dd67603c7a4e1aeb67384dabcdd5e8da3ff269ab7bee2f583533b96bf04ef37d033f10126d0759ca030c9a1c63a1f55ddecb7ad5b16409e6196c9483c0cb0eae85e5d71e281faa63f10d7f82d4b46979fd237e319a3c50e2fa3e3087812168277496f74cff42e2630ef542d9af1ed1ba4733f6a21a9790bdadf0003beba5d5224128b84b1886e74d1ef0696d96e69970e9dbd80df36c248aea3528ba9fdeda4a99d28169c75ff58795a418025e87fad142cb23909493efde9783e171007dbcd990c188efc594d1d5f9f2e20197c5e2817b6f550f280f392d4171dbdae9421721655c3d6bfed146fe5a7248d2feea1a4c0e73b841db955e5e587db69bbf9b47533f2f97aba0b96a1bec6335ef762728eebd20e6ad76148a585b01e6e98408f5c9665ad65c892f6f6a09903cfd150ea64a4241e6c7cfbc0c047613f7c7d2ab5221a4dd723300872f4a1d6373cb300ea2bf5175e13678518b52c62527618cb796df98d4357099d61c37f93567927694bd858cbd3f2a66f59b5be8d2bc97b704e45fcc677f5d87813f70dea27a944b27fa65ef062909e04169f7de6b4f97a42e5da7ada8cf5428b132ffdda56e8d857f8f71e1abfbe6311fb5a6f32c13831b85facc92a72b0d13c815ceedb77e5e07a48825ab8a80dd678a896b936e95290628da6a4123e0859d906cbf8e9be9c79b2a211bbbbf96cb4d0c65bc8014aded70714f94d2a76749227acad5d12ec955d45611d346f1ce97fe9a654d2744707ef02ec9cdc90d26129051b92439e5303a0bb5aa2aee74f0a4f9ae33083a8e341238116eae1b84221c555b04cabeb84cc221dfc2ea1e5fb165de6e2d5b808fd602558eee7f26b2b15b84923cf28b14d0f5367492d6d2027fb15ec92e526bb2a057e06a12c1c59cd0ad32bfc09e6783ee2039ac61c22b473c30c2906859dd73263b5f59d57f4ac62452298ba55b045ded234b0da85bcb2bd9699178932d3d0e2defafeea60407d9f8fb291382c39b3605c2a1ed3f4200884a45a5a386c2beedf36904dcc6ca4e64d599644ed7a85cfcdb2c0fa099c4451931d3f2c11a56f5b65688a57675bbee3c285d2a4293fa6198160c756b43925ff537fbdc12596158b3a0c9d2902fa295cfe1942cd06f5f3f0a450844d3b0443c1e1c4e21ca7ffb9614c0197c23d610872ce0ee7540ad8d7a826033fd525d7c21d4c6feb2b4b95d4875540b5d68330119b50a511e488a19beb67f4c2a7d7dac9f0c5f27700feb98f472fe54fd2b3df831a85f09e0cd3338e2a7b0b66587b55503ab64a06a3ec436b15e4bc0cb8bce069f9d7a3cb8f1da85bc503e5649011927f42bfd9da4b5dd6b802cbe79dae2ec4130019b7340aeb08c62a4a1a3846d7333c147035ff1c46f6b9558cdbdc7854d0ca97fe6d1c7e413646539823e91ff41b5d0776eb6dacd46b513ab947f5b6d48466c156e598524c0f8fc6344db0735e75666e923597ddfe88627741c32916f37d5398a034ac4f2e04619d712a76d5ab6db2c16ad481fb53b03ced4344b311f3df2681da4b9df8e8a0d967fdb5c449e3e92cf1df72dfadbfc2da22870d1a54ce63024881de9787d898b8b11ca28626f3c7af3e84d09ec8495b15d2f356f7bf44a46b9c61ef0792934247d25ac090aa8562c6c214c59b814d56ec617bae8c7d436d0d925c8bafb6f0983effd206ca08d76ec65510259aae54d5b15925393e538813fd9a6878230e0a869805122f5ee6cb8bf43afb3f93c6e011b3f03fc820e972e39d091f4351eb162d7ef8378076928487853e5b0a862303ef1d88c75e198667e8c7cf5ca97417f294a1300cee08d03c91372467f00d11851fe072953f3c9ae3aee305fe54c6d00a284bd2d37bd20d0b2375e84d0a8ed4ab59f340c4116843425044001af1197f75e9700aa0044ebcae3830c99f1967bfae57fc4ec0881d2b9592dcff77b226f8ed65dc5b934e53ce8de46255b84fafbd2dfe23e2cda9cb99211d249d57d79d95be4d4bca23779422c388765d61440bbf824ca383e3f292de1b8dd584c10c29965a24ff1274bb83b255058a5a0237b6eb5cc51f843097ed5d38f90a270a221a135fe0b1195df7e1062e5204c39cef7921b799cdc7ea61f212c64ea67a3b993c770a7e4c3efb9610ac3ec32e535315e74e3e814363a444393382ee815ce22689a3db5fa4216e2bfe3b18d73b87a926e4d1febaa77d17aa9c37a44f9150dbabfae82a5b4a2a9cdd7613de2fb3533bed711dc6c38dc8beafe436ddc5cb74555988d01af1ad9b64ad216c6eaf67caeb88adfddac7143952a5bb1331150987af276bb3cf2e1e208c810b6b910c017f350f8015815fed2e2ecc55574be18d129a649ecdc19f8b950d448f76f6d3de8f71e9c2f155fb2a9f0ee6898801ea0a5098ff3ce4606ba49149a84c76c7387fa50790b9e9692457861f9f004215575e0c2899cf8f8415863c26b6ced114d8378ef798ea637e65c3b46055b725ba89ee66a294720c63ff7c28888b0c87758d10bb4fc71a89cdf6dfc", 0xff6}, {&(0x7f0000000380)="bcec", 0xf000}], 0x2, 0x8, 0x8000, 0x4)

13m41.628395417s ago: executing program 1 (id=3856):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000000)="d8000000100081", 0x7}], 0x1}, 0x20000880)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe33)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r1, 0x45809000)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f00000000c0)={{0x1, 0x1, 0x18}, './file0\x00'})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r2, &(0x7f0000000080), 0x0, 0x24020804, &(0x7f0000000140)={0x2, 0x4e24, @multicast2}, 0x10)
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)=<r3=>0x0)
syz_open_procfs(r3, &(0x7f0000000040)='net/ip6_flowlabel\x00')

13m41.568594461s ago: executing program 1 (id=3857):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad", 0x1)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000003c80)=ANY=[], 0x12f4}}, 0x0)
read$alg(r1, &(0x7f0000000000)=""/107, 0x6b)
recvmsg$unix(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000100)=""/44, 0x1289}], 0x1, 0x0, 0x950f}, 0x0)

13m41.4783632s ago: executing program 1 (id=3858):
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0xcd)
r1 = gettid()
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e20, 0x7, @private0, 0x4}}, 0x7ff, 0x10000, 0xa6, 0xe1ec, 0x3}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010024bd7000e8dbdf252100000008000300", @ANYRES32=r6, @ANYBLOB="08009e00"], 0x24}, 0x1, 0x0, 0x0, 0x4014001}, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
r7 = socket(0x2, 0x3, 0xff)
r8 = socket$l2tp6(0xa, 0x2, 0x73)
getsockopt$IP6T_SO_GET_ENTRIES(r8, 0x29, 0x41, &(0x7f0000000340)=ANY=[], &(0x7f0000000080)=0x28)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x25, &(0x7f0000000100)=0xa, 0x4)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
connect$inet(r7, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg$unix(r7, &(0x7f0000002fc0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)="643c87cf2bd21d995e613d73613b1e78334efea0", 0x14}], 0x1}}], 0x1, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
recvmmsg(r0, &(0x7f000000a900)=[{{0x0, 0xa00, 0x0}, 0xfff2}], 0x1, 0x0, 0x0)

13m40.63751316s ago: executing program 1 (id=3866):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000300)=ANY=[@ANYBLOB="e00000027f00000101000800020000007f000001ffffffff"], 0x18)
r1 = socket$alg(0x26, 0x5, 0x0)
close(0x3)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='debugfs\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f0000000100)='./file0\x00', 0x0)
timer_create(0x6, &(0x7f0000000600)={0x0, 0x4, 0x4, @thr={&(0x7f0000000680)="a2006aefc4ab151a2c1d548400c52023e2beb2fe6773e940f3eee8a1cb5c16b976c7c507b83178a1dedcc32092fe4fc0fa66a4beb62fd8c4d1f939cd561527544d7560bdaecd911a892182b16459998567c57e6d7a98a7a173ea103bb0622fc11d74952d98d3e24ccb1e50d04c12071ecfb319d45b146d9d58a4e75e785cb78bb231438bd207c16f9ad46b2998bb1f0eca30f5c88dbcedabcc46a5f9418d8e223840310146a21bc0847e5febe133eb7b9bd1ed91818fa225a266a46d7c1bada70dd0c60ee1000c2e22ba685bcb1a5be2ffe8f0da9d76e0627ea72514f04e12e92790a86bb86872e43777e3572b86f5fbb5b02de8f3807469ce801a0f", &(0x7f00000005c0)="95d21132f374bc85a496804464"}}, &(0x7f0000000780))
bind$alg(r1, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r3 = accept4(r1, 0x0, 0x0, 0x80000)
sendmsg$alg(r3, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x800}, 0x4000010)
sendto$inet(0xffffffffffffffff, &(0x7f00000007c0)="e5e2707d48f3495529f619e8d01ab37345cfd24ba0919d3f5f0b517a0324e3c610f985ba487bb368b27a2addc97ac05be94fa832268d9ae1e4d46ba9ea12230dcaf9f1306a3963e522d1afca", 0x4c, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x3e8, 0x0, 0xfffffffffffffd25)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(0xffffffffffffffff, 0x84, 0x40081, &(0x7f0000000340)="1a00000002000000", 0x8)
sendto$inet6(r4, &(0x7f0000000100)="b8", 0x1, 0x2400c851, &(0x7f0000000140)={0xa, 0x4e23, 0x10, @loopback, 0xffffffff}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r4, 0x84, 0x17, &(0x7f0000000440)=ANY=[], 0x9)
sendto$inet6(r4, &(0x7f0000000180)="d64b79", 0x3, 0x4000004, &(0x7f0000000040)={0xa, 0x4e22, 0xf, @loopback, 0x2}, 0x1c)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendto$ax25(r3, 0x0, 0x0, 0x10, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
recvmsg(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000180)=""/182, 0xb6}], 0x1}, 0x1)
syz_usb_connect$cdc_ncm(0x0, 0x122, &(0x7f0000000400)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902100102010650080904000001020d00000b24060001f0b07b0aa555052400a9b30d240f01090000000300ff000606241a0c0014152412f8ffa317a88b045e4f01a607c0ffcb7e392a042402000724140300fdff0c241b7a074010770701800308241c00180000007a24130d573144166eb7da6e9dc339fca4ed5f18912ea41518bc7fa50c1d74f6d3d2d205990e7e8db4eda8f08c059e89e2501fa743453d450f939f4bfb249f86d21a1743b0db945eb4cda8fd586d709b702d43dc800ecc1363e90d08c0e36f12987d54427a8713ddd6caeec2cea7aa58555f9b9d96145e02bcfb0905810320000e0c000904010000020d00000904010102020d00fed5c952304dbb6f0b03090503020800090307"], 0x0)

13m37.565053291s ago: executing program 1 (id=3871):
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000040)=[0x0, 0x0, <r1=>0x0, 0x0], 0x4})
r2 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r2, 0xc01064c8, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000000300)=[0x0]})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000300)={&(0x7f0000000140)=[0x0], &(0x7f0000000180)=[{}, {}, {}], &(0x7f0000000280)=[0x0, 0x0, 0x0, <r3=>0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0], 0x3, 0x4, 0x1})
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000040)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r6, 0x6, 0x23, &(0x7f0000000000)=""/36, &(0x7f0000000040)=0x24)
r7 = syz_open_dev$dri(&(0x7f0000000700), 0xffffffffffffffff, 0x400000)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r7, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[<r8=>0x0, 0x0, <r9=>0x0], &(0x7f00000000c0), 0x3, r5})
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f00000000010000005e140602000000000e000a000d000000028000001294", 0x2e}], 0x1}, 0x0)
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r4, 0xc01864ba, &(0x7f0000000300)={0x14, r9, r5})
r11 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r11, 0x4010640d, &(0x7f0000000000)={0x14, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r11, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r12=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r11, 0xc02064b6, &(0x7f00000001c0)={r12, <r13=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r11, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r11, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000300)=[0x0, 0x0, <r14=>0x0], &(0x7f0000000040), 0x3, r13})
r15 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100), 0x220000, 0x0)
fcntl$setflags(r15, 0x2, 0x1)
r16 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_GET_CAP(r16, 0xc010640c, &(0x7f0000000080)={0x2})
ioctl$DRM_IOCTL_MODE_ATOMIC(r11, 0xc03864bc, &(0x7f0000000380)={0x201, 0x1, &(0x7f0000000440)=[r13], &(0x7f0000000200), &(0x7f00000000c0)=[r14], &(0x7f0000000340)})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f00000005c0)={&(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000480), &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0], 0x3c3c6bb, 0x4, 0x5})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f00000006c0)={0x0, 0x2, &(0x7f00000000c0)=[0x0, r1], &(0x7f0000000100)=[0x7f, 0xb3c, 0x1, 0x8, 0xfd3, 0x9], &(0x7f0000000640)=[r8, r3, 0x0, r9, r14, 0x0, 0x0], &(0x7f0000000680)=[0x5, 0x6, 0x0, 0xfffffffdfffffff9], 0x0, 0xfffffffffffff608})

13m37.268630508s ago: executing program 1 (id=3872):
sendmsg(0xffffffffffffffff, &(0x7f0000001500)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000440)="817bb97cdac2f8f819447aa4a50c293af36b43ca32641b77530000008052221c709e64406077e047", 0x28}], 0x2}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8b19, &(0x7f0000000040)={'wlan1\x00', @random="0100"})

13m37.076817972s ago: executing program 33 (id=3872):
sendmsg(0xffffffffffffffff, &(0x7f0000001500)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000440)="817bb97cdac2f8f819447aa4a50c293af36b43ca32641b77530000008052221c709e64406077e047", 0x28}], 0x2}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8b19, &(0x7f0000000040)={'wlan1\x00', @random="0100"})

11m59.280641281s ago: executing program 3 (id=4372):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x220980, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000040)="8fa808cd78c33a66baf80cb841c28985ef66bafc0cb0f7eec461f812d1c744240006000000c74424020a000000c7442406000000000f011424c4c2f9303766ba4100edb9000100c00f328f496094c866b821008ec826400fb05e00", 0x5b}], 0x1, 0x16, &(0x7f00000001c0), 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0)
ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, &(0x7f0000000300)={0x10, 0x0, 0x0})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x3, 0x0, 0x0, 0x0, 0x7e, 0x0, 0x4, 0x0, 0x0, 0xef5f, 0x0, 0x6, 0x6], 0x0, 0x8340})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

11m59.186314232s ago: executing program 3 (id=4373):
syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x4b, 0x41, 0x46, 0x8, 0x1660, 0x932, 0x80ea, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x5, 0x10, 0xf}}]}}]}}, 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
r1 = accept4$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @multicast2}, &(0x7f00000000c0)=0x10, 0x0)
syz_usb_connect(0x1, 0x43e, &(0x7f0000000c80)={{0x12, 0x1, 0x201, 0xe, 0xde, 0x37, 0x10, 0xb05, 0xcd59, 0x6da9, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x42c, 0x2, 0x1, 0xc1, 0x10, 0xe, [{{0x9, 0x4, 0x50, 0x8, 0xd, 0xff, 0x47, 0xd0, 0x4, [], [{{0x9, 0x5, 0x2, 0x3, 0x0, 0x3, 0x7f, 0x6}}, {{0x9, 0x5, 0x9, 0x0, 0x200, 0x8b, 0x96, 0x70, [@generic={0x3e, 0x23, "511c7165671f0cc7407fde457ac2eba5abae919bc2267a31d9035b87714f47173264ffe212a1a6a0613ee1fc61e313ae5ed775d096c4259e4b762c78"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x3, 0xfff7}]}}, {{0x9, 0x5, 0x5, 0x11, 0x1ff, 0x2, 0x7, 0x2}}, {{0x9, 0x5, 0x0, 0x0, 0x8, 0x9, 0x2, 0x9}}, {{0x9, 0x5, 0xb, 0x10, 0x10, 0x4, 0x78, 0x3, [@generic={0x99, 0x5, "203f24a99abfbbaa465dc9c744e06c990cd2c6926ed1dca5cef912827eb3b8cd000778b855d4026cd6d31bf4feb92286248a65a0af7e4ba9836e859443280f196a18afc7cfd57e501df9e63ac4f0d7586881a571a0e5bc8dd53f757e85d3814bb27b9a62a7f80f306aa2f1f01a3b50b05911e594eb4b23eaa833711825541d454068ce47968110bf11028890aebbb9197ff20f2434c9f7"}]}}, {{0x9, 0x5, 0xf, 0x0, 0x3ff, 0x7, 0x3, 0x9}}, {{0x9, 0x5, 0xa, 0x8, 0x200, 0x8, 0x8, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x6, 0x6}, @generic={0x5c, 0x4, "123abb2f27b4799583530d939383569dcae38e25a3a06ee9b918c9f74f6d9ae27de91fc4bf8ee55bcea9f97c5df00c6041659169fdf8bcad832497c440ac71c5828de52f02ecf9247213de4a877835f8e25a654ed933582beee7"}]}}, {{0x9, 0x5, 0xd, 0x1, 0x400, 0x2, 0x10, 0xb, [@generic={0x79, 0x21, "649f805342991e56af585fdc00d9d1a7ec38f4ffd82b7ee7121cec7449d566563867fb846591a8c012fb082dd4fd1ce2840edb5c55d6b62a3dd3b5eaafbbf191c60af9e04af8f5318151ff09bb2bb2fc4b54f62b173a79de0d788564b2ebba14d63ec8c16105282273e9572798d6d24cf752bf1073e753"}, @uac_iso={0x7, 0x25, 0x1, 0x24e363f6078cc5e5, 0xe, 0x4}]}}, {{0x9, 0x5, 0x7, 0x0, 0x20, 0xd, 0x0, 0x1}}, {{0x9, 0x5, 0x80, 0x2, 0x10, 0x81, 0x0, 0xf9, [@generic={0xb3, 0x5, "66687c6ca5d69b8108e4b90c2b1ab12ae057fc5f97d5142eedb5af0ebe8a417fc949d36e3a1f63fd9fe57a517b4d2a68f6d09d677d7952d7dc05982ddd95e90a4ede900e3b1d1124e0452833498c9918ad7541879763e3d5201ecf1f9f71ef9dc49367f9dd3d815b29c56eafc546f454d82b24ea241142a23fc09151635ba73c9999ca3d4d3fc851a0239a31413689ec0fb8d900f62fbcfb6e5137f1c68d40a8bb1a08e275b873e20b8326520ec52bfdb9"}]}}, {{0x9, 0x5, 0xc, 0x4, 0x3ff, 0xff, 0x7, 0xa, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x40, 0x1}]}}, {{0x9, 0x5, 0x8, 0x0, 0x8, 0xf, 0x1, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x182, 0x7, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x5, 0x8}]}}, {{0x9, 0x5, 0x5, 0x8, 0x20, 0x3, 0x5, 0x40, [@generic={0x65, 0x7, "5ebc8a96d8a0299af6fd77ab2d500fe76bf4cdcfaefaec43f51cb31a6aa90b39231f4e443edaa5902544abb49b8b8b8edca8697129f2c03b8803272d920fe68ae2bdc91388b531ffc328e1f1311258033b0203d9b9eb177664bcf06113651f0b337348"}]}}]}}, {{0x9, 0x4, 0x7b, 0x4, 0x3, 0x97, 0x71, 0xc5, 0xa, [], [{{0x9, 0x5, 0x4, 0x0, 0x8, 0x5, 0x1, 0x10, [@generic={0x8c, 0x9, "d44d1929b65633a984ca78f26dee6e6404d6d4066a348df295fe58ddcdc239de81876b191e90f9f375e1dfc16467c322c7b9b00221b63839c7a3a98e5b97d8936504f4bde16f5afe121ab2609f6b2d2ac6faf6b764da3cd0af65f0d76602ea47d38daf85233de7861217e5e2aaaf79e47bb66176fea7c8541073ab9cb1f3c1720b34914d9bbdd9b28fb5"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0xff, 0x2}]}}, {{0x9, 0x5, 0x4, 0x3, 0x40, 0x0, 0x4, 0x1}}, {{0x9, 0x5, 0xd, 0x0, 0x20, 0x3, 0x80, 0xa}}]}}]}}]}}, &(0x7f0000000980)={0xa, &(0x7f00000005c0)={0xa, 0x6, 0x300, 0x9, 0x9, 0x1, 0x10, 0x4}, 0x19, &(0x7f0000000600)={0x5, 0xf, 0x19, 0x1, [@ssp_cap={0x14, 0x10, 0xa, 0x5, 0x2, 0x2, 0xf, 0x396, [0x3f00, 0xff]}]}, 0x9, [{0xaf, &(0x7f0000000bc0)=@string={0xaf, 0x3, "66dba92529ce1988ac7cade1db098a947491f5715d48a3704f2a641b1f4c643adc071fe1888c827211f8f0ad577b1464061a929d1faece9cb6310794252d35018664b8380715233d64226e5e7ff2250e1ccfc97e6789d9b07d4a2116a9a838fe6e5cc773633450ec83dcdd489bcfaf0b32a1d2fefb43aa2b6f6597438a665bb214f24b130769d55be0fe28703bb1b0adc15060709e3d97877cf5a5d8297e4b902e8da0ae784ec4c6deb08a5091"}}, {0x95, &(0x7f0000000680)=@string={0x95, 0x3, "82b509f4bf105e4ab04ae74ee13c812204d0dfa5afa88673510ad34d4818325d452062d94512c67ee2e8d5aba0d689544afe7215bc2b0a1f35e37ddf81c23d528ff410ee5e966e761c9104ecc48b269406d8e4ba32fea0539673e3f5aaf0e927184712b1f07c152afba0f2e3a7c6fc648804b468e66cfbcbbbac4e6211ff9049b621f1bb5255cc9c4d512888e8d6f1a799b8aa"}}, {0x7a, &(0x7f0000000800)=@string={0x7a, 0x3, "db9864b3cd49f70585930a689b849cb7875f06b114ed337426968d7e5bb2b0ecf6712d9becb30895de27f280535569eb23eeb4a9c5b68eec70ddc988a1f8810ab8fe1c69c525fa5635d887cd180d0617d521cc9464b925495f62c1e315c05cb2f3fae0e2950108e54e3b84602f47c8d0385f02f753e2e958"}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x415}}, {0x9e, &(0x7f0000000a40)=@string={0x9e, 0x3, "e6c030f1188b46523573eb7383996f41dbfcb2dfa21088da0615c0d6dc1b1ad1fd5ccf9fc63403cb130e66de713915bc97715371bd95e5132f1fd6036ce038b8b876434baa27a7f09e4f1ccb4288b61fcdaf9961b5042c283592b0aab01f1982036c6829ad115bb60d317547be28a6d731ec1483670e4e82adfd3918f751e9095b05db30f81b82c5bb368796621cf569447aa0b913e041b279630f67"}}, {0x4, &(0x7f0000000880)=@lang_id={0x4, 0x3, 0x409}}, {0x4, &(0x7f00000008c0)=@lang_id={0x4, 0x3, 0x4c0a}}, {0x34, &(0x7f0000000900)=@string={0x34, 0x3, "48a5120f14cea73dbf3a92475b63b9f90acda19ba2589e65b1264495151d13ed123dc916cab9e6d96091ca49a9b0443715b3"}}, {0x4, &(0x7f00000007c0)=@lang_id={0x4, 0x3, 0xe}}]})
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000180)={<r2=>0x0, 0x2b}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000200)={0x8, 0x7, 0x8000, 0x7, 0x8, 0x55, 0x70, 0x9, r2}, &(0x7f0000000240)=0x20)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000040)={&(0x7f0000000100)=[{0x3e, 0x4201, 0x0, 0x0}], 0x1})

11m57.961472673s ago: executing program 3 (id=4378):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$inet6(0xa, 0x80003, 0x6)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8)
r1 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2)
r2 = fcntl$dupfd(r1, 0x0, r1)
write$binfmt_script(r2, &(0x7f0000000100), 0xfffffd9d)
write$P9_RXATTRWALK(r2, &(0x7f0000000000)={0xf, 0x1f, 0x2, 0x4}, 0xca80)
socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r3, 0xffffffffffffffff, 0x0)

11m57.905130316s ago: executing program 3 (id=4379):
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
rmdir(&(0x7f0000000240)='./file1\x00')
chdir(&(0x7f00000001c0)='./bus\x00')
lsetxattr$trusted_overlay_redirect(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x0, 0x0, 0x2)
r0 = creat(&(0x7f0000001380)='./file0\x00', 0x0)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='ntfs3\x00', 0x800000, 0x0)
r1 = socket$isdn(0x22, 0x3, 0x24)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {<r2=>0xffffffffffffffff, 0xee01}}, './file0\x00'})
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005cf000/0x4000)=nil, 0x400000, 0x2, 0x2})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone3(&(0x7f0000000440)={0x100040000, 0x0, 0x0, 0x0, {0x13}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00'})
quotactl_fd$Q_SETQUOTA(r1, 0xffffffff80000800, r2, &(0x7f0000000100)={0x0, 0xc2b1, 0x2, 0xa97, 0xe, 0x5, 0x7, 0x10001, 0x200})
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00') (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) (async)
rmdir(&(0x7f0000000240)='./file1\x00') (async)
chdir(&(0x7f00000001c0)='./bus\x00') (async)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x0, 0x0, 0x2) (async)
creat(&(0x7f0000001380)='./file0\x00', 0x0) (async)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='ntfs3\x00', 0x800000, 0x0) (async)
socket$isdn(0x22, 0x3, 0x24) (async)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0xffffffffffffffff, 0xee01}}, './file0\x00'}) (async)
userfaultfd(0x801) (async)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298}) (async)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) (async)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005cf000/0x4000)=nil, 0x400000, 0x2, 0x2}) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone3(&(0x7f0000000440)={0x100040000, 0x0, 0x0, 0x0, {0x13}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) (async)
quotactl_fd$Q_SETQUOTA(r1, 0xffffffff80000800, r2, &(0x7f0000000100)={0x0, 0xc2b1, 0x2, 0xa97, 0xe, 0x5, 0x7, 0x10001, 0x200}) (async)

11m57.606455714s ago: executing program 3 (id=4380):
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, &(0x7f0000000040))

11m57.281293433s ago: executing program 3 (id=4381):
r0 = syz_usb_connect(0x5, 0x46, &(0x7f0000000780)=ANY=[@ANYBLOB="12010000e75fcc08c0070515c5b8010203010902340001000080000904ba00038e4ee2000905000000041a06010905010300021007c109050c04400006030f07059acb"], 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="e80100000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff020d40f799000000000000000000011400040020010000000000000000000000000001080007400000000010000d800c000380060002004e210000080007400000000da800068004000380080002006401010124000380060001004e230000060001004e230000060001004e210000060002004e24000008000200e000000234000380060002004e230000060002004e240000060001004e200000060002004e200000060002004e230000060001004e200000140004000000000000000000000000000000000008000200ac1414aa140005000000000000000000000000000000000008000100e000000284000e801400018008000100ac141409080002000a0101010600034000000000060003400001000006000340000300000c000280050001009f0000000c00028005000100000000002c00018014000300fe80000000000000000000000000002d14000400fc02000000000000000000000000000106000340000300000600034000040000080008"], 0x1e8}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000100)={0x14, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
r5 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r6, &(0x7f000000c3c0)={0x2020, 0x0, <r7=>0x0, 0x0, <r8=>0x0}, 0x2020)
write$FUSE_INIT(r6, &(0x7f00000001c0)={0x50, 0x0, r7, {0x7, 0x1f, 0x0, 0x0, 0x0, 0x401, 0x100, 0x400008, 0x0, 0x0, 0x2, 0xffffffff}}, 0x50)
syz_fuse_handle_req(r6, &(0x7f00000041c0)="388219d25a8985d3a909841c8e956469a15e906a4fad26298b696426a81fcf0d6134c5dfa3dac33b6ea4c5d859c2e1333584935ed9d80c184939089e0cb436417aef5dcfb0c878732c6827d278c2910d390115e202c3162f4711bda810555b179a84d7df9f870f6c7510312f0255ce1bef6e875780543aaaebfbdf8208ee5dfd0de60437108b819a35569013870ba0bd0700000000000000c69ac3d0f174042b37d31f7821f65636376ab7bac88a99fc39c60286cac8d3edb5ac4c768a68a43fc77a52adea3b7397aaa2433cad989958c9a6118c72006208f95199efe7d08508913b00711053120551466066aebc0f3f5c6fdb9693ae6c2dc5fa839b808b8789cb1f88514918a6aa1d1a76eb131ebf84a0edaa97fbbcff14101f79a159222f4b4f31942f18bd6f1d393d3e298803a8435d214fe2f7bb31e02e2a75370bffa78d6752c8a6221b50162f7ec7174c258e4b65bf2797b4f7b7fec7488a0675990a075f7ec74b93fd845a6a9e12b0baeda5c81ce23be3b4cc15b493d4b9ae40736c55fcb8266f33760fd09c80bee60e1d5269770dd67c34d6c7ee57d67558f6421b3002c66df981a3114be6e62d4ff999c7985aa767f0a073eb499257c7b1b977f18dfae99f3be0664bb0c0d96fe4f3b1df5d904744570d01b517cccdbf17dada77ad37099ff69c040c0826cb23a80391f341749f2c21c32b5977b796b6af2d7194f1af44f2e0a84bf102b28dff97fa723c6792e16807939429c921dcd26d375fe58c59bb76e3d5227a5c4e2331337c3592a7d84ac45b1bd268a9d66fc2fd03aa23a7bcd7ab711c4fca2958883260b5d5741b145717012d4aa15f2d49b54660a46ec7cd7f9181213acb61074c65189bda02ac65f0e916f9b9260fc4cfc4bad08afb07fde1c2dfbe7807835958ac127021a7a2da901700483f8e5809a51fcb9a455fcc58d4dd8745ad4af3567fa9ee1b8750543117a970bd98d2595da38f3ea455b1611d32870677b0e0605ac387ca068892e1fb81411f901a1137ab9f5b78d350aeec44957e54e28f9ceb6d5ce046237b979ce4f7e7211167a6d3a3e99b151c08bc2a1593174e18196290e16e517e3ac66dceb7b1cabca97c38a6aefe048aff9fb203e1e58e5343062cd36b65198005d0b8ae336a47e8e4372a73aee7131804013d24e3d9bcd5ae2dd7baf036d571ba12ea7f17976e3e20887d8f24db24b2eb3c5e3f3b9ca8611ad4f4be7aa435c9641f290fb478168d3e204edb8181eebe3acb2552ddfa1f01d368d6604c03f84cbe78ce58284dc3b99aef5936adce8fb81118af0ef5a236391b9856bed6d1bc6cf02990c48b7f6c917efdab113ce0851f87258fb0d3f8633c6d41f33cf76f54492c4a1dcd4459153cd28c6473351371c73d73dd8f9a22f175959febadb76a866a9625b926fa1a12b32ba97df3c2e3b5d6893fab9a6352f168c423b38db9d13895afe3a017d27c84b7c20363f4e8a81f0af52c5368b856ecab23f52cf87f1ee3f73bdefc424b253c9c55f91df8a02b7df35a7c7defb7d260e4edf040503ed18f16aaf742b2c30ffb7f0108a48f50a7e603e24e0399c309781689118b2f1c23721e2528a3f020a4a43cf5439d169b4c116c284aac82ca2a5cecafb97d9dffb2b56af3cd73fe9ca2553ad33c12add00f01fbf7e11f8b30d3bee0096418b1bfdf2f458d8534c3660da46483bcf884088c171d105ff05e441d018dcc495eb35ea1f921f98ad1f5a0bc0f5cf69450b70bbb2a24d427511baf0638d3b4da0fbdcbe126e2e9e415b81fb12239b424f8f553d73520aff5f212fad8a15760759dd4726bd2d05eda93ddb10cc2ae01977d1030480fddea6045be4a5983fb67a263bdb86f722592880e4feaf9767dc5352cd898da96b647eacb41d7c97a1e2bf1e48b548172a06ff21962e79ff3724b94c3e339dae7ac1e67225846da5e1399639885fea22620c9501dbb4b8ec62292c1b8392e20ad72bdd72c85d5aff8e7432117097bb4cc173de0f8dfed12134024d92c2c8512cbb96b31f156d759770467abf602e3a580bb0ee26137229e11df6986f33c8de3921b81ecc56f600f6fbe39787b72293d567c3d396ea4d65baa3fae1a25df344c5f33ec1fdcafefc0bee2c5cdf59dbb0408e99ca27f7a6872bfd2c20e11bd8c5b9a38fa98f30b5a56eb3dd10be3cfc60f43264a40ba7e91676920540b87d9b4f88b59f6ed8b66d5144930f0f4d3748084923b27082d8a175f955687cc1598d02937af997018a871db6e0c1db1e2e4431e452cdb0110c65bea7da6c8a9e4a66f0957fcdf1b8c7cb4d808b896ff217db472709690bf7ff4d4ca912017fd57812e1dac1c4d1db8d5113739e917bfba37581118e950ba1a77aa124b4de0611ab834f8a82794bbd0b0b14ef60031642a6bfe152975b1aee3b466d3d9780c0c3b47aacaa8630a117b25409bb49af1f4b6105f0002b84325dce613054b6402d68e16bf3baa7ec6e9bc39cf324759f92cb82492e9b653015f1d795145fa911ed77ac5acbcff00cbbc2db04d2753c937dac0d09dbba128dc2f5c5918febb6ffaca8feb5bdd2c54853b9efe9b93f5356ab3bfe67bad1985e4c7e32c23e47140c540acdf30aaa966627923dc904f334a309789e17af70c2094ae28375a9414233115a635bb783ff422cd130b9efd41dd1c667d571241dab5d773f83e897787094f130f51c6c34f5af6d67ec94e57c5f9c37aba10f0a0433fa55b6ca2ce88b5ff1f44985312efc85fd31cfbf2412431763ec5ed6f39a799171aad1db74fa5c04295f5476446e5c148ddd3062a8ec4e773dba59139e9d0eb72b327cdc6b306bd475ca92ee5310d72c0906faab2950cec8f8619e009cb8c52e75fbec8aa4ce2736b3326583d365da32284f2b5f5d3c849623d15da5e6b2d780de22cf3504e5f06bc502a174db330d72214849ebd6887bdf4e7763db928b159698ef4e0755946d3a3508f92f332dae105a4c177d3ece1c7360dbade67e339934509e2f38b4f5022f5584255163d152f07b987ba838e45d1e62f14e46c45fe9e8a34dc4ba572081e96e9a33f31509d9bd0a362dace52d3a877fd238890d658ff776224609529e4ad4dc5d9138b3a2750dcafbd04de7d3d94d2b00128db71571ca361e4e257dcbecafa1f236c5c7990a37933a62ad28f575d5641b672fbd6b67b52075cc8daf420e4fe703326c05795ec388f6bfcdefeedf0d50617e086f749f7c37aaae655c5e059cdf0a1d2140273b3e6a22f6f79f843e3a4d05e92565260d354d068a71cc9ac41556e795c84291490821f5e5134ec03faf8b1073b774eb6e81a48f16ab2c2b4ecc0ca758cfcf4d2301f524a2dafa7a1a0cccf08b325dde92ee365c23ac818e673e60d887f8a24e3395e02379341b2a21959d01812f2d2de3eed3616e1d38249b4ccb0bfff4049725324c5d3dae738673e8849a889badf69237f98878efdb3c3136db8a902b83a7fbf62f08501f1e55c2fdee54fbb8e824648e58bd8f45e729261c6e75637e454b14b3e7175ef81551e9ce6609d7b7e9e53467aec2ce5b34a1761ad6a510838bf2611722885251732ba1aa8782a4316619bd49194fc0ecb67b3ec0f199e6af276bfa9cae0769d2779f6579792dd100bbc9b8bcd94bfe7bf1fb985789917c2d83b14a8b028d79236e0b01f1cfa00b34554148643a9ec25053baa4b56a1dfec6c84c1767989f2a400beaf4373daaa7f578846ba90de1bf47a921a0dd4f22746ea82800bb2d51bb80d916148b1fbe8e7ebb79cf11c8bf588e2a0b95f6984e866c623a9015371d5d3495a3f3d9b42ee7828f1a3dce118a648342d0b0b8e17dc9cbc95c16fc7410f5a7ade7bf921279611e6f2cec5c945e4115142075287203b65f8a3b14d026c465b83a4447891dacbc37de3f23b801abd1a628973b5858a9fcfcb1c3923eaddc6fa3787f28f5ed0f2e1df91bf9d7396891b4efbe008e0818cb57d3eb178844e98db8b09fc859c11427adb4a92630aafc2ce7ae644f077bbfe3a899b6014be74be9277177d10c72f0b13998fb666af0cf0b28757c5ae8f5021c00adb414d16aea5cb23f22c7f526d8266e4b67b85f124704769e1187c3415acbf81cb3c2d5cc04d95edbd75bfdd32847e984a55d4dc1a7d3781bad2b6b62a576c10ff471e107add2a74e59ab11071bf5fb57c0cc34a45dc8796fe47000811cfea6cfb22c22e2b4656efd5ced8da97ca0179a6c3a4d58a7bd77260516107a9a72036c92c2dc800d825c3f45c6123a0332d37d7e29f84184e19decc59102950da0b0cef36160153f5a453c9c7fcfe2e145aae343fb9bb726bc3aefb9a604708d3ab1c5f51228ef8987a00ab2abfee2f3c1a38c48797035d43f74d1d6ac26df34926ce8d95d1d57f9e442398822b5014367dd8dde2db00ea5972dc8e782a7a193744d3bfa0298f353207e442716d26ba943821a6b0d2e112bd7033d7df3c99f0d875dca45f466567c198c16039b00f1125b77c1c560ac21ca70db4a642ed58f5f55db9acf206fcb3adb31731d9efb1b7dd9cc124858bc8fd9fe2651e31f152f05d2be376f3854d3de9dc464541bbdab3902773b3b5b2a14a20c0e80ae3a2ca02ddb584fab1767af0428969d4a9035cef9092d8d3bb48b8be88bac57d53c6e50b07fa51e0d9351159eb97741e09f55317c802fdb0cb172fa79b2ad25fd55613dbcad1f070a407facbcce6a229f4bc88de1ab99dea251a677209e9bc08fdb2e0299535beea1189044ab8c69c9196fb9d39b6c609c0c815ec929a01cd974d08b6f0e301991101ccb8c7e591f9cf1dd6fb6cfa17d6925d13bf18508103c44a52efb3701176d31e34207aed48792f5d7c4ddb6bb3bf6f0869f528363b7e0650b06b0e4caf53dc30157e80ae1e2432b60a1c64088eec7013a213ed65340adddf6940d277e87802729c3a6dc9c3d5919d835fd55642e15ffce4a9bd8553be5ec276d0867311f2b0e11173eedf0d7d5dcac0d44f8076ffd9ce8e90f828c4443c8b602db35ca19220f2cbc295e8fda0602e6437a46abc775da4237bede18196bb1e1106220235fd2072fa4375fd8bffa037afeddedc4477b315799176a23f47f48afc652fff5083c917ed1b4097cddd186921531357cd0da18996a152639692f5a2bf4c7745c3b640d7ca69e236edca95934c36ca4b9236d9cbbd3f248b948c942f65dfce17167628b4eb0c5893512c2d8439812bcea8d5fe6a229264723b66e4f2cb6f970139415440dde9946c5ad40032a1c5a18c248d35b73100d8f38aac9c5c302354a9db4e8d99a2d845f54a767c4a0623d40b998e28d454aff7defc9bb4cd3673374a33e641a6614c6b5546b3f70ed288f53def2e49baa32d1afb93b4c04a22b5c9ac3a23f1e0cb423eab40f51e2b3c170b501dc517abbac962784e1bd151815494d04e336ae2f16064ca27c7d776f8c5974a76e9b3d313446336e696e24202b2cb94603e2929906ad4000b13f0f7e7ecf6c2d7243e12d0aba4fb5d4a30de4e2c5a0ea8ade6d79bef8dead7b49ceaf6d7157a427382570771040c084c9feba727019c3b03dae0c5880b0a2dbd8150b743f987b5019b421c5d164150592ae0646217618c92e7876e6c4a2b0ecdfde08f04265e0bfa096a2d6f83953af12209e892a9a326368e0270f8e669ed5aca72579d1d6b806eaba059bb28c7f80fc1ce39b994e6816cac5df5cf9d40582bf9301b12deeb09a2eeab9c8a83a7d44d04a87ae0d4a590cb5f5e3824dc381fc56aca6787be5899aa3694f3b9a872b61dd5876c0f8ff3c81f38b4e52792254edfb954b157abd7b2ae2f4f8caee5b78886894e467e38a93c26cbc546022371b44360a317513341933a0db7ba88929844489e51259a489854f8160ad46594a19cbe799515f396168505520a5288d00f8093d3aef119d94a7863e67c9a7d6f900ba9834fd886044513ee1853713c2a4b5121487db6e7424a0b7f19895e5cf5e41e69c34b3378bae46e2e1c7d29c1cfe1bd0370bc2c0649ea144cd1d4d40fa57160cf856f3fb3dd3cd9ff014b4194837af58189305226b534e1a82297adb14e7af42693fa5065873cbb7fd7ceef5a41d8a63c1ec4a0b214182c5ee3cb9430f6dd7cd57fa56e1b6df932c683905f111867e5bc229bedbb3099a72644d96c38aef3e93268dcab401a2882f1f48c63dc068fc102adf0c8e8a1debdf454919cf7042c6b80955bd63cbc27d785e06ef360feb725748e8359e1fe6d64851ad9faf834d28e6273db6830eb655e6ca3d0d437dee2bd6d0ffbe9aac4e54af0e8436ab653f8d6580acb7388634f342b36fac1feb35526eeeb8602a31a65843c18a9bd463c365e42192f6aadaa1a6e4991e9340258532f4f4811788d8662925405b76db6aba7965aee669441818c5e96a3d945d81baebd00ba2d97414f1840b3dfc7d34d9fb13877d241744cad6a367dea3ff5c4f29fd41e06f85c67c614cfa307463b3a8550a5a31cadc8c7111f1236c9113b18c631cf9ede683818be932fc0c8f389457a05c1b02e7a380b27b10853c79d9495ffa702aa01a1953f269c952e4ee95b001c5ebbba33c902a7d3aa81ac9ff01b1f9ed97a6f280f3caae24cf236e41993cf991e7d8f3ff50a173997179a190d92a26beaef64eae0ebf824b485962089f8675c2cc176c2c052948176937a4074f2506edb7e60a65149ab319f76fff07cfde46f6799869202d735e5ae9f91f4d23150de807efd933ecab245fe128554664fc8a3f411a9e45e050ea40c68e45f57403dc62b3a6908df7f6d8cf9ef45133e56b5682757415093b49b86630758075103fe98f1d380f58829b796b9ea4f06499beaa81108976a3a70174c3542eb2130070b1c4354166049b412b2256be40a9d20e18a2600540e1e1c15549892310c09870dbf70874be181a0ed4009592bea754fe30ff3cd96a551071d7ce21c6cfd3e449dd8c39bd97ed47b16bf00096578342112fd1aaef915962aa9a3141276c7442aab367fdaa02b2db13bb1e1be5c7486464196541d584096200520a6a57a228466fef61e2f6f678ba9f3733f6ae80bdd6bf67dda5b13bb7c8d05d20825566ee3ddfb9c94dc270aebe3d5a24933ba6befcb65226de3f2d8fc6fb518a36bb655289d2daa616121a4ce08c9f4effc5127c90d93369d8345357c67e3bdc024263fd43d090b8f1643c75236ce000ba02001c5974035f733ecb05f35d3d205027b393b4bf33dd86050a9e2c8f779de8947a38ee7b2b2b39d427cf48a359f10bc0fbd50763c8f4727ba82a55f6c2e944b71f8e05626bef8e7598c55cd4e587686446adf394282e312d48e02b9ce324b8523b33978c9ed7e67b886479c8c36d136d276b34de843ccb98d624daee93cd3d5db695189a5b1f730091b6339d8ecb93485f9091b46e998ff1efad6d647a2b6d5f4647e84835cb1d863386a337c9ef4ec0ad827fd0acff7498422f8277052c53f0a7001b3771a19241b1d14021d6dbae44dc7fd92365012d1ced3c4f494699e398c404d8ffa5a6cd824e2f7638a4087693dc5191a7c6fb4fd29967e27988234c015a33db9ac71a416a8469f871b7da09c95f3331576c1b4f4c72b7b127ad2e48a57e28804efe74f8145aeaef16c03e2c3e99fe3ccaddded1da622fc62172e8f55d04e1305df63e789774d3640e6cf36ed53c2fcdeef189178dde1b60c640742c68d8d06cae2538b7b7d0ffe1905037537a754ba44950c4194c8013b5a4eb2a2b6406f9795d70e4321c7ab7e630381ce04e2e4f15e49153842118abb5179e246e41ffa49ed2b39b62ea47001f35229be23d332a81b5d47f88a5737b480f27ca75a653efa3afa257ef05e1b4da1cb84653b074e9aace9f6f4b94f48cf50b3fe2b1658d30e3f288b6d6a1164f3c9153b0f185c10a64c861889dc3faf8bebd6caab6f751a31109756cbc8b9a62384faa1a88b2ef8803855414dcc209329752a65b05a0784be9837e3a4a7cdc49b302a1e3e9be08080b6af5049702613b777e55b0033eab3ad76024a6132522289df20d753b595a48b1d116e792b51c9840541f16f56ef185a3c14e64b7e293c178ade690abeffc9d8f908bab3db2460d7f692e48dbdda353b6df648a98411bd8c70f95f6fb27390e6d3241f36fea36c0aea9198cd40fcc23b181d41fd91cf66570aaaf0688a4eff348b6f0e4c8bbda629cf269eafe2d60cab7108dbaeb0119ed441b7c4b379d0198be27dc6de0b53acca37dd9e5a40a558d8405de127fdd4b381a83d6d33b11061ef5428c08a8c64e73a3a6ccb11037cda942aa937f1ec14a9e2088acbb7b5489d173ce08ea04febb1cd93d7c0e1b3fb2facf8536e6568ea349647e2e449fe220516f5e94ab5727a91b92f9ac957cadb2e107b101c286e521d7742b86dc53df904cd29e6b7488ac8d149226254976858d25d388eb6842271f051a082e18d0549232dd0fdc8da13aaa44f925dc3f462a188cdc8e1573bf989d25243f975a7765cbe01e84ae4654fa60e20a39f89b53f008796c5360ca8ad4cd9adf0bac7862002f9a02a30aebadb738673bb12edb7f61755ca16defb8aca9bbcbf2fd39cd556369050407d4a7077b14cf922f3597af3e967ae63f1c1e8a6b6d10fcdb8aca23c2596b72155962438889005fb8a835153ac594f1a8edfef2ffc66db8d642beee43524f6f271a1c24824c92ad58531251df443d712615f7fff6a385298183cfce80296dc95ef4728b5b1b98549460efaa2d230453f8156b4c6d76e5bce6aa9e1b4da827a96949af8681edd094d0d63dc3b582a156480b1800130ec5543c40be0c561d90bb379db82a4b59b657b05333c958908bc65b3a26fa8d745d579b09b5fd5e2223e7c182bc7610d414a379ff9a8922909340433ac17b77130ed417bf23e4ae48ca4a834b038f977d0deefe1291e76395c35b4107b2de4178b1051251cacb6bff04fd2d092d6ae2a72b25213605ab08b71fe478927cf82353ebcf382630cee84d03bd38227bf8b12c1bca16686ec9ffe61aed4635328f39ee09aafebf30da052e0e4bf28da6badd62636022b130dc4f1e196ffce2051d3e7f80ae29a38abf6367f2555d93f6ad2ab346f3037737ca141dad639771645fd683361c2b67abf0b04c1846dff0ce319ae12a9c79a7bad5e8e6fac23ce85860d1201e69319c41924d87066f6f320006bb3fe802d04a5bedbf50dd15e22df446cd94be3486047315f9ba0fea5af6915ea399075704308653b03f29d4e99419a1a7f848302a46537a297f6331abc7c36df88bb535096135b971d41c4335eb8d2a9eac87061d16f2e6899662d327deb8fd788661d6d151a7e4d3f8cb8312a0b8b60807cb6abc7bad6b66e8d5a492cef77759055e15c7c37a20c751b9571e02ad40b65c0b17668eda7ef989f8bde821d2e9c7a119cac9ca3e925f51cf6c2bab2a406699555099e016944554222144a3e970220e01bfe3b152c955ee4e21716c1e521a4bb0228dcd9b0a237f8fc2ccf9b4ecd8d6e2eec4508cd6c6453db134def3be0808a9f0df28960e28385611ec490cdabd63cd76bc53fe10d67af82c755721f6ba406969969008dc072d1a3c0a64a95f5265e9529575bf1038fe0df1925bc40bd7d8831e891aab8f888d1906681a08fccac5bb4cb3c7e67ccdeff175b76d9bd7029f53e0ee15d8845504476940d05b87156cce1d5ed93671d5ee0ce0874f0606f7d09d15cf16d98a1cbb456a5704cffc0a3918ef543a6e9a67e965c4fbb8186991ac3ca2218244cdc44af93a08763e04cce549c5ab00146278a63c2c94859a91544efc6559061cf781ce86969f8b1f5b65389ab3b19c0cc41ddd39e614803b06599b8653ed64cf8e3605c69afc879ae03e6cc5f80f88fedae281d1adf53a9204c491204edb99d1106b68ccb21004d51c419842f3e1564b5a4e01e71a47135178d8d045b07c045cba01436cd0ce6a1ce9a480b1bd6eb48fe2888214ca31766f5c5144edf8bdf7edefe015cf95bc6834bb06aa157b76f9fbcbade1ceb547fa678ff33a24ed4cca831654c0b03bd1a52ceca4287171d524e37d42899a4c5c66da0586ffb7b4aead7cdf892ce24d66eaff3530dcca213f70cec1d24cd59bbdc12e3f6f4bd4d0a2b232fa5f9ce2c70aa529fc85d4d2183f4c20f154da58103cfeffd477901d188ea888aad45f778dc48969936ce7519d2e1f0e14b2fc8b02340af1f83119cb69ab38e5122223950d5045479cbfb0b989013e2b1b995d6c45656b8124e8fc54f7daf9409ff4ad5babdc9789e3d420cccb792bf06a75cbf2bcc8b45a394e62dce6ed5188495c0de5a86d00694fc70a41b1cede2e986a33c13a7bc88d9c79775dbb624b9d66c577466547183ca48a0279ccfc7bffe699d0f4f82bca906d0118865e8851b75f9914ae12a368c0e2881fbf8c1f4374c37fce575034bdac4a06e022e62b34874966952f0ffb6c9fc8138eff8e07ad630635772e84993af6d71dc3eb534bdb00475eeb433da5b6cdf9051a8898a8893ef0ea4102aa24968c2c8be9b5b02e07c075f59c3398e08876054135ad6be1c51a5e98e1400edcca8061640a0d20b3f7a92acff856d20703f70c2159f91f9419d34cfb87f890b578bed938ec52eb1b45fbef56828774cba3704e0a22b1fff7ff6bb94620c9f0317728ee32d09615d186138238fc529247e80fcf71e9269e72fa25962695e40a38a816c2eb5d5e3f169e5c54ae20cecdc206b8cc093f6f5d3461268ff8a7154bafe92cf145aa415556cd9c6b4f5693050d00d6e1f5441c67b4c3abf561803ef525f4e199b2cdd03b806c0d8606ecaf25ca51a750dab89d91aaab170fcb7b6f50766ab8f11cf177bd75e58d432c051cdafccde5fd81233f524d37a6ae391da09b381d46b1333a07d5632b9f83c1aa8cd44f417320550d5b9ae5118502ff8fe89fffba8e0cf4f8fa4c096ea4937b7b3ea6f9dc0fc13e2e2b4ca172c97b67a58404a335436658063a9bd1c71422e9ee5ef345df6534be0b0482273c4750b9ae92c463bb87e7de173b40a8709a4018bdbe9e799b0a95c5946dc424efaac67eb3fe869d49e040d94d42c1c7680c47c9bba3344f7034d68394e65f6d31b9e5b21a763429432b91b85e274a5675011b2d5442f1d329ccf1220275ba714738022742135bb9674a2544d23b09c93d1d07f35738abf59f44b894048faf09bf0467b9d8171afe57ee10c828640fed3801dc8711e0b678b30f42f396be642975cc2724110d48a59d3ae7160781b7a3f4973fc2d720440408ffced0e2b62728e7ef1f5228fab181fb9b7a1077e376df6c5aeba81e9fe3fc9f82919bf476f1e97c64da1aaa0fc7d1e0b31d8519717717a1ca1856bae339cb612e4880d0aed31500c80e63fc888389c20be12e73cb3299f7a23cfcfd47834ce9b0d92d7b732d15b2df232158cc9b690a0c7e9fd2c511bbce0a6aced586059a9446019ac26ce6eb9ab507dfb24c58acfe596dc2d67ff19569211078498f31e7998135b47a5e2f39b23e474bf74484690c080fc1b818474094d960fe89d45b43c926cc0e6b60bdf3fed333ade75161441c622005e243964d6603a29888a5e921a713e7403785a86103c7fa700", 0x2000, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000fc0)={0x78, 0xfffffffffffffff5, 0x0, {0x5, 0x7ff, 0x0, {0x2, 0x8000000, 0x6, 0x0, 0xffffffff, 0x3, 0x201, 0x2, 0x42, 0xc000, 0x0, 0x0, r8, 0x2}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
lstat(&(0x7f0000000240)='./file0\x00', 0x0)
chmod(&(0x7f0000000080)='./file0\x00', 0x1)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000140)="d2ffb49ede31518d65a476b76e4a4e0b75db47c327ab5b7233ac3507e16db41df04709094056af33a6db1e301a74db81f27f6aa6a8ca9d22a565ff96d46e88fa99b284c26c46494072fc2e47da240c71"})
setsockopt$inet6_MCAST_JOIN_GROUP(r5, 0x29, 0x2a, &(0x7f0000000800)={0x2, {{0xa, 0x4e21, 0x7, @private2, 0x7f}}}, 0x88)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000640)={0x8, 0x0, &(0x7f0000000000)=[@decrefs={0x40086315}], 0x0, 0x0, 0x0})
statx(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x800, 0x40, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'syztnl0\x00', &(0x7f0000000240)={'syztnl2\x00', <r10=>0x0, 0x4, 0x8, 0x2, 0x6, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}, @loopback, 0x8, 0x80, 0x1, 0x164b}})
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000002c0)={{{@in, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0, <r12=>0x0}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000003c0)=0xe8)
sendmsg$nl_xfrm(r4, &(0x7f00000006c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000640)={&(0x7f0000000400)=@acquire={0x21c, 0x17, 0x800, 0x70bd2b, 0x25dfdbfc, {{@in6=@private0, 0x4d2, 0xff}, @in6=@loopback, {@in=@empty, @in=@broadcast, 0x4e22, 0x3, 0x4e22, 0xffff, 0x2, 0x80, 0x80, 0x4, r11, r9}, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in=@multicast2, 0x4e22, 0x1, 0x4e24, 0x10, 0xa, 0x80, 0x0, 0x8d, r10, r12}, {0x0, 0x6, 0x0, 0x9, 0x5, 0x119, 0x5, 0x10000}, {0x9, 0x7fffffffffffffff, 0x4e0, 0x4}, 0x401, 0x0, 0x0, 0x0, 0x1, 0x1}, 0xe, 0x8, 0xffff, 0x70bd27}, [@lastused={0xc, 0xf, 0xb}, @replay_esn_val={0x30, 0x17, {0x5, 0x70bd25, 0x70bd25, 0x70bd2b, 0x70bd2e, 0xffffffff, [0x400, 0x6, 0x0, 0x2, 0x1000]}}, @policy_type={0xa, 0x10, {0x1}}, @XFRMA_SET_MARK_MASK={0x8, 0x1e, 0x8}, @algo_auth={0x5f, 0x1, {{'sha384-ce\x00'}, 0xb8, "3ca4bbf72a4cdf805612f82191ff742e1832892f6ccd35"}}, @policy_type={0xa, 0x10, {0x1}}, @tfcpad={0x8, 0x16, 0xffffff37}, @address_filter={0x28, 0x1a, {@in=@private=0xa010101, @in=@multicast2, 0xa, 0x4, 0x6f}}, @XFRMA_IF_ID={0x8, 0x1f, 0x1}]}, 0x21c}, 0x1, 0x0, 0x0, 0x20000850}, 0x20000090)

11m57.108384006s ago: executing program 34 (id=4381):
r0 = syz_usb_connect(0x5, 0x46, &(0x7f0000000780)=ANY=[@ANYBLOB="12010000e75fcc08c0070515c5b8010203010902340001000080000904ba00038e4ee2000905000000041a06010905010300021007c109050c04400006030f07059acb"], 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="e80100000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff020d40f799000000000000000000011400040020010000000000000000000000000001080007400000000010000d800c000380060002004e210000080007400000000da800068004000380080002006401010124000380060001004e230000060001004e230000060001004e210000060002004e24000008000200e000000234000380060002004e230000060002004e240000060001004e200000060002004e200000060002004e230000060001004e200000140004000000000000000000000000000000000008000200ac1414aa140005000000000000000000000000000000000008000100e000000284000e801400018008000100ac141409080002000a0101010600034000000000060003400001000006000340000300000c000280050001009f0000000c00028005000100000000002c00018014000300fe80000000000000000000000000002d14000400fc02000000000000000000000000000106000340000300000600034000040000080008"], 0x1e8}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000100)={0x14, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
r5 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r6, &(0x7f000000c3c0)={0x2020, 0x0, <r7=>0x0, 0x0, <r8=>0x0}, 0x2020)
write$FUSE_INIT(r6, &(0x7f00000001c0)={0x50, 0x0, r7, {0x7, 0x1f, 0x0, 0x0, 0x0, 0x401, 0x100, 0x400008, 0x0, 0x0, 0x2, 0xffffffff}}, 0x50)
syz_fuse_handle_req(r6, &(0x7f00000041c0)="388219d25a8985d3a909841c8e956469a15e906a4fad26298b696426a81fcf0d6134c5dfa3dac33b6ea4c5d859c2e1333584935ed9d80c184939089e0cb436417aef5dcfb0c878732c6827d278c2910d390115e202c3162f4711bda810555b179a84d7df9f870f6c7510312f0255ce1bef6e875780543aaaebfbdf8208ee5dfd0de60437108b819a35569013870ba0bd0700000000000000c69ac3d0f174042b37d31f7821f65636376ab7bac88a99fc39c60286cac8d3edb5ac4c768a68a43fc77a52adea3b7397aaa2433cad989958c9a6118c72006208f95199efe7d08508913b00711053120551466066aebc0f3f5c6fdb9693ae6c2dc5fa839b808b8789cb1f88514918a6aa1d1a76eb131ebf84a0edaa97fbbcff14101f79a159222f4b4f31942f18bd6f1d393d3e298803a8435d214fe2f7bb31e02e2a75370bffa78d6752c8a6221b50162f7ec7174c258e4b65bf2797b4f7b7fec7488a0675990a075f7ec74b93fd845a6a9e12b0baeda5c81ce23be3b4cc15b493d4b9ae40736c55fcb8266f33760fd09c80bee60e1d5269770dd67c34d6c7ee57d67558f6421b3002c66df981a3114be6e62d4ff999c7985aa767f0a073eb499257c7b1b977f18dfae99f3be0664bb0c0d96fe4f3b1df5d904744570d01b517cccdbf17dada77ad37099ff69c040c0826cb23a80391f341749f2c21c32b5977b796b6af2d7194f1af44f2e0a84bf102b28dff97fa723c6792e16807939429c921dcd26d375fe58c59bb76e3d5227a5c4e2331337c3592a7d84ac45b1bd268a9d66fc2fd03aa23a7bcd7ab711c4fca2958883260b5d5741b145717012d4aa15f2d49b54660a46ec7cd7f9181213acb61074c65189bda02ac65f0e916f9b9260fc4cfc4bad08afb07fde1c2dfbe7807835958ac127021a7a2da901700483f8e5809a51fcb9a455fcc58d4dd8745ad4af3567fa9ee1b8750543117a970bd98d2595da38f3ea455b1611d32870677b0e0605ac387ca068892e1fb81411f901a1137ab9f5b78d350aeec44957e54e28f9ceb6d5ce046237b979ce4f7e7211167a6d3a3e99b151c08bc2a1593174e18196290e16e517e3ac66dceb7b1cabca97c38a6aefe048aff9fb203e1e58e5343062cd36b65198005d0b8ae336a47e8e4372a73aee7131804013d24e3d9bcd5ae2dd7baf036d571ba12ea7f17976e3e20887d8f24db24b2eb3c5e3f3b9ca8611ad4f4be7aa435c9641f290fb478168d3e204edb8181eebe3acb2552ddfa1f01d368d6604c03f84cbe78ce58284dc3b99aef5936adce8fb81118af0ef5a236391b9856bed6d1bc6cf02990c48b7f6c917efdab113ce0851f87258fb0d3f8633c6d41f33cf76f54492c4a1dcd4459153cd28c6473351371c73d73dd8f9a22f175959febadb76a866a9625b926fa1a12b32ba97df3c2e3b5d6893fab9a6352f168c423b38db9d13895afe3a017d27c84b7c20363f4e8a81f0af52c5368b856ecab23f52cf87f1ee3f73bdefc424b253c9c55f91df8a02b7df35a7c7defb7d260e4edf040503ed18f16aaf742b2c30ffb7f0108a48f50a7e603e24e0399c309781689118b2f1c23721e2528a3f020a4a43cf5439d169b4c116c284aac82ca2a5cecafb97d9dffb2b56af3cd73fe9ca2553ad33c12add00f01fbf7e11f8b30d3bee0096418b1bfdf2f458d8534c3660da46483bcf884088c171d105ff05e441d018dcc495eb35ea1f921f98ad1f5a0bc0f5cf69450b70bbb2a24d427511baf0638d3b4da0fbdcbe126e2e9e415b81fb12239b424f8f553d73520aff5f212fad8a15760759dd4726bd2d05eda93ddb10cc2ae01977d1030480fddea6045be4a5983fb67a263bdb86f722592880e4feaf9767dc5352cd898da96b647eacb41d7c97a1e2bf1e48b548172a06ff21962e79ff3724b94c3e339dae7ac1e67225846da5e1399639885fea22620c9501dbb4b8ec62292c1b8392e20ad72bdd72c85d5aff8e7432117097bb4cc173de0f8dfed12134024d92c2c8512cbb96b31f156d759770467abf602e3a580bb0ee26137229e11df6986f33c8de3921b81ecc56f600f6fbe39787b72293d567c3d396ea4d65baa3fae1a25df344c5f33ec1fdcafefc0bee2c5cdf59dbb0408e99ca27f7a6872bfd2c20e11bd8c5b9a38fa98f30b5a56eb3dd10be3cfc60f43264a40ba7e91676920540b87d9b4f88b59f6ed8b66d5144930f0f4d3748084923b27082d8a175f955687cc1598d02937af997018a871db6e0c1db1e2e4431e452cdb0110c65bea7da6c8a9e4a66f0957fcdf1b8c7cb4d808b896ff217db472709690bf7ff4d4ca912017fd57812e1dac1c4d1db8d5113739e917bfba37581118e950ba1a77aa124b4de0611ab834f8a82794bbd0b0b14ef60031642a6bfe152975b1aee3b466d3d9780c0c3b47aacaa8630a117b25409bb49af1f4b6105f0002b84325dce613054b6402d68e16bf3baa7ec6e9bc39cf324759f92cb82492e9b653015f1d795145fa911ed77ac5acbcff00cbbc2db04d2753c937dac0d09dbba128dc2f5c5918febb6ffaca8feb5bdd2c54853b9efe9b93f5356ab3bfe67bad1985e4c7e32c23e47140c540acdf30aaa966627923dc904f334a309789e17af70c2094ae28375a9414233115a635bb783ff422cd130b9efd41dd1c667d571241dab5d773f83e897787094f130f51c6c34f5af6d67ec94e57c5f9c37aba10f0a0433fa55b6ca2ce88b5ff1f44985312efc85fd31cfbf2412431763ec5ed6f39a799171aad1db74fa5c04295f5476446e5c148ddd3062a8ec4e773dba59139e9d0eb72b327cdc6b306bd475ca92ee5310d72c0906faab2950cec8f8619e009cb8c52e75fbec8aa4ce2736b3326583d365da32284f2b5f5d3c849623d15da5e6b2d780de22cf3504e5f06bc502a174db330d72214849ebd6887bdf4e7763db928b159698ef4e0755946d3a3508f92f332dae105a4c177d3ece1c7360dbade67e339934509e2f38b4f5022f5584255163d152f07b987ba838e45d1e62f14e46c45fe9e8a34dc4ba572081e96e9a33f31509d9bd0a362dace52d3a877fd238890d658ff776224609529e4ad4dc5d9138b3a2750dcafbd04de7d3d94d2b00128db71571ca361e4e257dcbecafa1f236c5c7990a37933a62ad28f575d5641b672fbd6b67b52075cc8daf420e4fe703326c05795ec388f6bfcdefeedf0d50617e086f749f7c37aaae655c5e059cdf0a1d2140273b3e6a22f6f79f843e3a4d05e92565260d354d068a71cc9ac41556e795c84291490821f5e5134ec03faf8b1073b774eb6e81a48f16ab2c2b4ecc0ca758cfcf4d2301f524a2dafa7a1a0cccf08b325dde92ee365c23ac818e673e60d887f8a24e3395e02379341b2a21959d01812f2d2de3eed3616e1d38249b4ccb0bfff4049725324c5d3dae738673e8849a889badf69237f98878efdb3c3136db8a902b83a7fbf62f08501f1e55c2fdee54fbb8e824648e58bd8f45e729261c6e75637e454b14b3e7175ef81551e9ce6609d7b7e9e53467aec2ce5b34a1761ad6a510838bf2611722885251732ba1aa8782a4316619bd49194fc0ecb67b3ec0f199e6af276bfa9cae0769d2779f6579792dd100bbc9b8bcd94bfe7bf1fb985789917c2d83b14a8b028d79236e0b01f1cfa00b34554148643a9ec25053baa4b56a1dfec6c84c1767989f2a400beaf4373daaa7f578846ba90de1bf47a921a0dd4f22746ea82800bb2d51bb80d916148b1fbe8e7ebb79cf11c8bf588e2a0b95f6984e866c623a9015371d5d3495a3f3d9b42ee7828f1a3dce118a648342d0b0b8e17dc9cbc95c16fc7410f5a7ade7bf921279611e6f2cec5c945e4115142075287203b65f8a3b14d026c465b83a4447891dacbc37de3f23b801abd1a628973b5858a9fcfcb1c3923eaddc6fa3787f28f5ed0f2e1df91bf9d7396891b4efbe008e0818cb57d3eb178844e98db8b09fc859c11427adb4a92630aafc2ce7ae644f077bbfe3a899b6014be74be9277177d10c72f0b13998fb666af0cf0b28757c5ae8f5021c00adb414d16aea5cb23f22c7f526d8266e4b67b85f124704769e1187c3415acbf81cb3c2d5cc04d95edbd75bfdd32847e984a55d4dc1a7d3781bad2b6b62a576c10ff471e107add2a74e59ab11071bf5fb57c0cc34a45dc8796fe47000811cfea6cfb22c22e2b4656efd5ced8da97ca0179a6c3a4d58a7bd77260516107a9a72036c92c2dc800d825c3f45c6123a0332d37d7e29f84184e19decc59102950da0b0cef36160153f5a453c9c7fcfe2e145aae343fb9bb726bc3aefb9a604708d3ab1c5f51228ef8987a00ab2abfee2f3c1a38c48797035d43f74d1d6ac26df34926ce8d95d1d57f9e442398822b5014367dd8dde2db00ea5972dc8e782a7a193744d3bfa0298f353207e442716d26ba943821a6b0d2e112bd7033d7df3c99f0d875dca45f466567c198c16039b00f1125b77c1c560ac21ca70db4a642ed58f5f55db9acf206fcb3adb31731d9efb1b7dd9cc124858bc8fd9fe2651e31f152f05d2be376f3854d3de9dc464541bbdab3902773b3b5b2a14a20c0e80ae3a2ca02ddb584fab1767af0428969d4a9035cef9092d8d3bb48b8be88bac57d53c6e50b07fa51e0d9351159eb97741e09f55317c802fdb0cb172fa79b2ad25fd55613dbcad1f070a407facbcce6a229f4bc88de1ab99dea251a677209e9bc08fdb2e0299535beea1189044ab8c69c9196fb9d39b6c609c0c815ec929a01cd974d08b6f0e301991101ccb8c7e591f9cf1dd6fb6cfa17d6925d13bf18508103c44a52efb3701176d31e34207aed48792f5d7c4ddb6bb3bf6f0869f528363b7e0650b06b0e4caf53dc30157e80ae1e2432b60a1c64088eec7013a213ed65340adddf6940d277e87802729c3a6dc9c3d5919d835fd55642e15ffce4a9bd8553be5ec276d0867311f2b0e11173eedf0d7d5dcac0d44f8076ffd9ce8e90f828c4443c8b602db35ca19220f2cbc295e8fda0602e6437a46abc775da4237bede18196bb1e1106220235fd2072fa4375fd8bffa037afeddedc4477b315799176a23f47f48afc652fff5083c917ed1b4097cddd186921531357cd0da18996a152639692f5a2bf4c7745c3b640d7ca69e236edca95934c36ca4b9236d9cbbd3f248b948c942f65dfce17167628b4eb0c5893512c2d8439812bcea8d5fe6a229264723b66e4f2cb6f970139415440dde9946c5ad40032a1c5a18c248d35b73100d8f38aac9c5c302354a9db4e8d99a2d845f54a767c4a0623d40b998e28d454aff7defc9bb4cd3673374a33e641a6614c6b5546b3f70ed288f53def2e49baa32d1afb93b4c04a22b5c9ac3a23f1e0cb423eab40f51e2b3c170b501dc517abbac962784e1bd151815494d04e336ae2f16064ca27c7d776f8c5974a76e9b3d313446336e696e24202b2cb94603e2929906ad4000b13f0f7e7ecf6c2d7243e12d0aba4fb5d4a30de4e2c5a0ea8ade6d79bef8dead7b49ceaf6d7157a427382570771040c084c9feba727019c3b03dae0c5880b0a2dbd8150b743f987b5019b421c5d164150592ae0646217618c92e7876e6c4a2b0ecdfde08f04265e0bfa096a2d6f83953af12209e892a9a326368e0270f8e669ed5aca72579d1d6b806eaba059bb28c7f80fc1ce39b994e6816cac5df5cf9d40582bf9301b12deeb09a2eeab9c8a83a7d44d04a87ae0d4a590cb5f5e3824dc381fc56aca6787be5899aa3694f3b9a872b61dd5876c0f8ff3c81f38b4e52792254edfb954b157abd7b2ae2f4f8caee5b78886894e467e38a93c26cbc546022371b44360a317513341933a0db7ba88929844489e51259a489854f8160ad46594a19cbe799515f396168505520a5288d00f8093d3aef119d94a7863e67c9a7d6f900ba9834fd886044513ee1853713c2a4b5121487db6e7424a0b7f19895e5cf5e41e69c34b3378bae46e2e1c7d29c1cfe1bd0370bc2c0649ea144cd1d4d40fa57160cf856f3fb3dd3cd9ff014b4194837af58189305226b534e1a82297adb14e7af42693fa5065873cbb7fd7ceef5a41d8a63c1ec4a0b214182c5ee3cb9430f6dd7cd57fa56e1b6df932c683905f111867e5bc229bedbb3099a72644d96c38aef3e93268dcab401a2882f1f48c63dc068fc102adf0c8e8a1debdf454919cf7042c6b80955bd63cbc27d785e06ef360feb725748e8359e1fe6d64851ad9faf834d28e6273db6830eb655e6ca3d0d437dee2bd6d0ffbe9aac4e54af0e8436ab653f8d6580acb7388634f342b36fac1feb35526eeeb8602a31a65843c18a9bd463c365e42192f6aadaa1a6e4991e9340258532f4f4811788d8662925405b76db6aba7965aee669441818c5e96a3d945d81baebd00ba2d97414f1840b3dfc7d34d9fb13877d241744cad6a367dea3ff5c4f29fd41e06f85c67c614cfa307463b3a8550a5a31cadc8c7111f1236c9113b18c631cf9ede683818be932fc0c8f389457a05c1b02e7a380b27b10853c79d9495ffa702aa01a1953f269c952e4ee95b001c5ebbba33c902a7d3aa81ac9ff01b1f9ed97a6f280f3caae24cf236e41993cf991e7d8f3ff50a173997179a190d92a26beaef64eae0ebf824b485962089f8675c2cc176c2c052948176937a4074f2506edb7e60a65149ab319f76fff07cfde46f6799869202d735e5ae9f91f4d23150de807efd933ecab245fe128554664fc8a3f411a9e45e050ea40c68e45f57403dc62b3a6908df7f6d8cf9ef45133e56b5682757415093b49b86630758075103fe98f1d380f58829b796b9ea4f06499beaa81108976a3a70174c3542eb2130070b1c4354166049b412b2256be40a9d20e18a2600540e1e1c15549892310c09870dbf70874be181a0ed4009592bea754fe30ff3cd96a551071d7ce21c6cfd3e449dd8c39bd97ed47b16bf00096578342112fd1aaef915962aa9a3141276c7442aab367fdaa02b2db13bb1e1be5c7486464196541d584096200520a6a57a228466fef61e2f6f678ba9f3733f6ae80bdd6bf67dda5b13bb7c8d05d20825566ee3ddfb9c94dc270aebe3d5a24933ba6befcb65226de3f2d8fc6fb518a36bb655289d2daa616121a4ce08c9f4effc5127c90d93369d8345357c67e3bdc024263fd43d090b8f1643c75236ce000ba02001c5974035f733ecb05f35d3d205027b393b4bf33dd86050a9e2c8f779de8947a38ee7b2b2b39d427cf48a359f10bc0fbd50763c8f4727ba82a55f6c2e944b71f8e05626bef8e7598c55cd4e587686446adf394282e312d48e02b9ce324b8523b33978c9ed7e67b886479c8c36d136d276b34de843ccb98d624daee93cd3d5db695189a5b1f730091b6339d8ecb93485f9091b46e998ff1efad6d647a2b6d5f4647e84835cb1d863386a337c9ef4ec0ad827fd0acff7498422f8277052c53f0a7001b3771a19241b1d14021d6dbae44dc7fd92365012d1ced3c4f494699e398c404d8ffa5a6cd824e2f7638a4087693dc5191a7c6fb4fd29967e27988234c015a33db9ac71a416a8469f871b7da09c95f3331576c1b4f4c72b7b127ad2e48a57e28804efe74f8145aeaef16c03e2c3e99fe3ccaddded1da622fc62172e8f55d04e1305df63e789774d3640e6cf36ed53c2fcdeef189178dde1b60c640742c68d8d06cae2538b7b7d0ffe1905037537a754ba44950c4194c8013b5a4eb2a2b6406f9795d70e4321c7ab7e630381ce04e2e4f15e49153842118abb5179e246e41ffa49ed2b39b62ea47001f35229be23d332a81b5d47f88a5737b480f27ca75a653efa3afa257ef05e1b4da1cb84653b074e9aace9f6f4b94f48cf50b3fe2b1658d30e3f288b6d6a1164f3c9153b0f185c10a64c861889dc3faf8bebd6caab6f751a31109756cbc8b9a62384faa1a88b2ef8803855414dcc209329752a65b05a0784be9837e3a4a7cdc49b302a1e3e9be08080b6af5049702613b777e55b0033eab3ad76024a6132522289df20d753b595a48b1d116e792b51c9840541f16f56ef185a3c14e64b7e293c178ade690abeffc9d8f908bab3db2460d7f692e48dbdda353b6df648a98411bd8c70f95f6fb27390e6d3241f36fea36c0aea9198cd40fcc23b181d41fd91cf66570aaaf0688a4eff348b6f0e4c8bbda629cf269eafe2d60cab7108dbaeb0119ed441b7c4b379d0198be27dc6de0b53acca37dd9e5a40a558d8405de127fdd4b381a83d6d33b11061ef5428c08a8c64e73a3a6ccb11037cda942aa937f1ec14a9e2088acbb7b5489d173ce08ea04febb1cd93d7c0e1b3fb2facf8536e6568ea349647e2e449fe220516f5e94ab5727a91b92f9ac957cadb2e107b101c286e521d7742b86dc53df904cd29e6b7488ac8d149226254976858d25d388eb6842271f051a082e18d0549232dd0fdc8da13aaa44f925dc3f462a188cdc8e1573bf989d25243f975a7765cbe01e84ae4654fa60e20a39f89b53f008796c5360ca8ad4cd9adf0bac7862002f9a02a30aebadb738673bb12edb7f61755ca16defb8aca9bbcbf2fd39cd556369050407d4a7077b14cf922f3597af3e967ae63f1c1e8a6b6d10fcdb8aca23c2596b72155962438889005fb8a835153ac594f1a8edfef2ffc66db8d642beee43524f6f271a1c24824c92ad58531251df443d712615f7fff6a385298183cfce80296dc95ef4728b5b1b98549460efaa2d230453f8156b4c6d76e5bce6aa9e1b4da827a96949af8681edd094d0d63dc3b582a156480b1800130ec5543c40be0c561d90bb379db82a4b59b657b05333c958908bc65b3a26fa8d745d579b09b5fd5e2223e7c182bc7610d414a379ff9a8922909340433ac17b77130ed417bf23e4ae48ca4a834b038f977d0deefe1291e76395c35b4107b2de4178b1051251cacb6bff04fd2d092d6ae2a72b25213605ab08b71fe478927cf82353ebcf382630cee84d03bd38227bf8b12c1bca16686ec9ffe61aed4635328f39ee09aafebf30da052e0e4bf28da6badd62636022b130dc4f1e196ffce2051d3e7f80ae29a38abf6367f2555d93f6ad2ab346f3037737ca141dad639771645fd683361c2b67abf0b04c1846dff0ce319ae12a9c79a7bad5e8e6fac23ce85860d1201e69319c41924d87066f6f320006bb3fe802d04a5bedbf50dd15e22df446cd94be3486047315f9ba0fea5af6915ea399075704308653b03f29d4e99419a1a7f848302a46537a297f6331abc7c36df88bb535096135b971d41c4335eb8d2a9eac87061d16f2e6899662d327deb8fd788661d6d151a7e4d3f8cb8312a0b8b60807cb6abc7bad6b66e8d5a492cef77759055e15c7c37a20c751b9571e02ad40b65c0b17668eda7ef989f8bde821d2e9c7a119cac9ca3e925f51cf6c2bab2a406699555099e016944554222144a3e970220e01bfe3b152c955ee4e21716c1e521a4bb0228dcd9b0a237f8fc2ccf9b4ecd8d6e2eec4508cd6c6453db134def3be0808a9f0df28960e28385611ec490cdabd63cd76bc53fe10d67af82c755721f6ba406969969008dc072d1a3c0a64a95f5265e9529575bf1038fe0df1925bc40bd7d8831e891aab8f888d1906681a08fccac5bb4cb3c7e67ccdeff175b76d9bd7029f53e0ee15d8845504476940d05b87156cce1d5ed93671d5ee0ce0874f0606f7d09d15cf16d98a1cbb456a5704cffc0a3918ef543a6e9a67e965c4fbb8186991ac3ca2218244cdc44af93a08763e04cce549c5ab00146278a63c2c94859a91544efc6559061cf781ce86969f8b1f5b65389ab3b19c0cc41ddd39e614803b06599b8653ed64cf8e3605c69afc879ae03e6cc5f80f88fedae281d1adf53a9204c491204edb99d1106b68ccb21004d51c419842f3e1564b5a4e01e71a47135178d8d045b07c045cba01436cd0ce6a1ce9a480b1bd6eb48fe2888214ca31766f5c5144edf8bdf7edefe015cf95bc6834bb06aa157b76f9fbcbade1ceb547fa678ff33a24ed4cca831654c0b03bd1a52ceca4287171d524e37d42899a4c5c66da0586ffb7b4aead7cdf892ce24d66eaff3530dcca213f70cec1d24cd59bbdc12e3f6f4bd4d0a2b232fa5f9ce2c70aa529fc85d4d2183f4c20f154da58103cfeffd477901d188ea888aad45f778dc48969936ce7519d2e1f0e14b2fc8b02340af1f83119cb69ab38e5122223950d5045479cbfb0b989013e2b1b995d6c45656b8124e8fc54f7daf9409ff4ad5babdc9789e3d420cccb792bf06a75cbf2bcc8b45a394e62dce6ed5188495c0de5a86d00694fc70a41b1cede2e986a33c13a7bc88d9c79775dbb624b9d66c577466547183ca48a0279ccfc7bffe699d0f4f82bca906d0118865e8851b75f9914ae12a368c0e2881fbf8c1f4374c37fce575034bdac4a06e022e62b34874966952f0ffb6c9fc8138eff8e07ad630635772e84993af6d71dc3eb534bdb00475eeb433da5b6cdf9051a8898a8893ef0ea4102aa24968c2c8be9b5b02e07c075f59c3398e08876054135ad6be1c51a5e98e1400edcca8061640a0d20b3f7a92acff856d20703f70c2159f91f9419d34cfb87f890b578bed938ec52eb1b45fbef56828774cba3704e0a22b1fff7ff6bb94620c9f0317728ee32d09615d186138238fc529247e80fcf71e9269e72fa25962695e40a38a816c2eb5d5e3f169e5c54ae20cecdc206b8cc093f6f5d3461268ff8a7154bafe92cf145aa415556cd9c6b4f5693050d00d6e1f5441c67b4c3abf561803ef525f4e199b2cdd03b806c0d8606ecaf25ca51a750dab89d91aaab170fcb7b6f50766ab8f11cf177bd75e58d432c051cdafccde5fd81233f524d37a6ae391da09b381d46b1333a07d5632b9f83c1aa8cd44f417320550d5b9ae5118502ff8fe89fffba8e0cf4f8fa4c096ea4937b7b3ea6f9dc0fc13e2e2b4ca172c97b67a58404a335436658063a9bd1c71422e9ee5ef345df6534be0b0482273c4750b9ae92c463bb87e7de173b40a8709a4018bdbe9e799b0a95c5946dc424efaac67eb3fe869d49e040d94d42c1c7680c47c9bba3344f7034d68394e65f6d31b9e5b21a763429432b91b85e274a5675011b2d5442f1d329ccf1220275ba714738022742135bb9674a2544d23b09c93d1d07f35738abf59f44b894048faf09bf0467b9d8171afe57ee10c828640fed3801dc8711e0b678b30f42f396be642975cc2724110d48a59d3ae7160781b7a3f4973fc2d720440408ffced0e2b62728e7ef1f5228fab181fb9b7a1077e376df6c5aeba81e9fe3fc9f82919bf476f1e97c64da1aaa0fc7d1e0b31d8519717717a1ca1856bae339cb612e4880d0aed31500c80e63fc888389c20be12e73cb3299f7a23cfcfd47834ce9b0d92d7b732d15b2df232158cc9b690a0c7e9fd2c511bbce0a6aced586059a9446019ac26ce6eb9ab507dfb24c58acfe596dc2d67ff19569211078498f31e7998135b47a5e2f39b23e474bf74484690c080fc1b818474094d960fe89d45b43c926cc0e6b60bdf3fed333ade75161441c622005e243964d6603a29888a5e921a713e7403785a86103c7fa700", 0x2000, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000fc0)={0x78, 0xfffffffffffffff5, 0x0, {0x5, 0x7ff, 0x0, {0x2, 0x8000000, 0x6, 0x0, 0xffffffff, 0x3, 0x201, 0x2, 0x42, 0xc000, 0x0, 0x0, r8, 0x2}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
lstat(&(0x7f0000000240)='./file0\x00', 0x0)
chmod(&(0x7f0000000080)='./file0\x00', 0x1)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000140)="d2ffb49ede31518d65a476b76e4a4e0b75db47c327ab5b7233ac3507e16db41df04709094056af33a6db1e301a74db81f27f6aa6a8ca9d22a565ff96d46e88fa99b284c26c46494072fc2e47da240c71"})
setsockopt$inet6_MCAST_JOIN_GROUP(r5, 0x29, 0x2a, &(0x7f0000000800)={0x2, {{0xa, 0x4e21, 0x7, @private2, 0x7f}}}, 0x88)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000640)={0x8, 0x0, &(0x7f0000000000)=[@decrefs={0x40086315}], 0x0, 0x0, 0x0})
statx(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x800, 0x40, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'syztnl0\x00', &(0x7f0000000240)={'syztnl2\x00', <r10=>0x0, 0x4, 0x8, 0x2, 0x6, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}, @loopback, 0x8, 0x80, 0x1, 0x164b}})
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000002c0)={{{@in, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0, <r12=>0x0}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000003c0)=0xe8)
sendmsg$nl_xfrm(r4, &(0x7f00000006c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000640)={&(0x7f0000000400)=@acquire={0x21c, 0x17, 0x800, 0x70bd2b, 0x25dfdbfc, {{@in6=@private0, 0x4d2, 0xff}, @in6=@loopback, {@in=@empty, @in=@broadcast, 0x4e22, 0x3, 0x4e22, 0xffff, 0x2, 0x80, 0x80, 0x4, r11, r9}, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in=@multicast2, 0x4e22, 0x1, 0x4e24, 0x10, 0xa, 0x80, 0x0, 0x8d, r10, r12}, {0x0, 0x6, 0x0, 0x9, 0x5, 0x119, 0x5, 0x10000}, {0x9, 0x7fffffffffffffff, 0x4e0, 0x4}, 0x401, 0x0, 0x0, 0x0, 0x1, 0x1}, 0xe, 0x8, 0xffff, 0x70bd27}, [@lastused={0xc, 0xf, 0xb}, @replay_esn_val={0x30, 0x17, {0x5, 0x70bd25, 0x70bd25, 0x70bd2b, 0x70bd2e, 0xffffffff, [0x400, 0x6, 0x0, 0x2, 0x1000]}}, @policy_type={0xa, 0x10, {0x1}}, @XFRMA_SET_MARK_MASK={0x8, 0x1e, 0x8}, @algo_auth={0x5f, 0x1, {{'sha384-ce\x00'}, 0xb8, "3ca4bbf72a4cdf805612f82191ff742e1832892f6ccd35"}}, @policy_type={0xa, 0x10, {0x1}}, @tfcpad={0x8, 0x16, 0xffffff37}, @address_filter={0x28, 0x1a, {@in=@private=0xa010101, @in=@multicast2, 0xa, 0x4, 0x6f}}, @XFRMA_IF_ID={0x8, 0x1f, 0x1}]}, 0x21c}, 0x1, 0x0, 0x0, 0x20000850}, 0x20000090)

10m36.237196312s ago: executing program 4 (id=4816):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000300)={@multicast2, @loopback, 0x1, 0x1, [@broadcast]}, 0x14)
r1 = socket$alg(0x26, 0x5, 0x0)
close(0x3)
bind$alg(r1, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x800}, 0x4000010)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r4 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r5 = dup(r4)
mount$9p_fd(0x0, &(0x7f0000000100)='./cgroup\x00', &(0x7f0000000180), 0x14000, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r3}})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000340)={&(0x7f00000000c0)=[0x0, 0x0], 0x2, 0x0, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000780)={&(0x7f0000000100)=[<r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000005c0)=[{}, {}, {}, {}, {}, {}], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000004c0)=[0x0, 0x0, 0x0], 0x6, 0x6, 0x9})
r8 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r8, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r8, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r9=>0x0], 0x40000012})
ioctl$DRM_IOCTL_MODE_ATOMIC(r8, 0xc03864bc, &(0x7f0000000180)={0x300, 0x1, &(0x7f0000000340)=[r9], &(0x7f0000000040)=[0x1], &(0x7f0000000200), &(0x7f0000000240), 0x0, 0x7f})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r5, 0xc01864c6, &(0x7f0000000800)={&(0x7f0000000500)=[r6, 0x0, r7, r9], 0x4, 0x80800})
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x3e8, 0x0, 0xfffffffffffffd25)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendto$ax25(r2, 0x0, 0x0, 0x10, 0x0, 0x0)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r12=>0x0})
recvmsg(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000180)=""/182, 0xb6}], 0x1}, 0x1)
syz_usb_connect$cdc_ncm(0x4, 0xa6, &(0x7f0000000400)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x18, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x94, 0x2, 0x1, 0x6, 0xd0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0xb3a9}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x3, 0xff, 0x26}, {0x6, 0x24, 0x1a, 0xc, 0x14}, [@mdlm={0x15, 0x24, 0x12, 0x3}, @mbim_extended={0x8, 0x24, 0x1c, 0x10, 0x7f, 0x2}, @obex={0x5, 0x24, 0x15, 0x5}, @mbim_extended={0x8, 0x24, 0x1c, 0x0, 0x4, 0x6}, @network_terminal={0x7, 0x24, 0xa, 0x81, 0x9, 0x7, 0x89}, @network_terminal={0x7, 0x24, 0xa, 0x5, 0x4, 0x9, 0x11}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0xe, 0xc}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x6, 0xb, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x108, 0x9, 0x3, 0x7}}}}}}}]}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r10, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r11, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r12, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

10m33.1649025s ago: executing program 4 (id=4825):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_usb_connect(0x0, 0x34, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010300a6ff0540cdabeecdb905000000010902220001000000000904000001010351000905f6fefffffff000072501", @ANYRES8=r0], 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/custom1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x110b, 0x8000000000003})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000400)=[@increfs={0x40046304, 0x2}], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000240)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$sock_inet_SIOCGIFBRDADDR(r3, 0x8919, &(0x7f00000000c0)={'nicvf0\x00'})
ioctl$VIDIOC_STREAMOFF(r3, 0x40045613, &(0x7f00000002c0)=0xf)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='nilfs2\x00', 0x200808, 0x0)
r4 = openat$mice(0xffffffffffffff9c, &(0x7f00000000c0), 0x181c00)
r5 = epoll_create1(0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0)
fcntl$lock(r6, 0x7, &(0x7f0000000000)={0x0, 0x2, 0x1b9, 0x7fffffff})
fcntl$lock(r6, 0x6, &(0x7f0000000180)={0x2, 0x1, 0x5, 0x80000001})
epoll_ctl$EPOLL_CTL_MOD(r5, 0x3, r4, &(0x7f0000000000)={0x3000200f})
ioctl$BINDER_THREAD_EXIT(r4, 0x40046208, 0x0)

10m30.058530755s ago: executing program 4 (id=4850):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x12, r0, 0x45809000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mlock2(&(0x7f00002e5000/0xc00000)=nil, 0xc00000, 0x0)
r1 = socket$inet_icmp(0x2, 0x2, 0x1)
recvmmsg(r1, &(0x7f00000009c0)=[{{&(0x7f0000000000)=@rc, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000080)=""/230, 0xe6}, {&(0x7f0000000180)=""/73, 0x49}, {&(0x7f0000000200)=""/74, 0x4a}, {&(0x7f0000000280)=""/179, 0xb3}, {&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f00000003c0)=""/207, 0xcf}], 0x6, &(0x7f0000000540)=""/129, 0x81}, 0x3}, {{&(0x7f0000000600)=@phonet, 0x80, &(0x7f0000000700)=[{&(0x7f0000000680)=""/72, 0x48}], 0x1, &(0x7f0000000740)=""/154, 0x9a}, 0x101}, {{&(0x7f0000000800)=@sco, 0x80, &(0x7f0000000980)=[{&(0x7f0000000880)=""/69, 0x45}, {&(0x7f0000000900)=""/74, 0x4a}], 0x2}, 0x10000}], 0x3, 0x12040, 0x0)

10m29.739651915s ago: executing program 4 (id=4851):
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$FUSE_ENTRY(r0, &(0x7f00000041c0)={0x90, 0x4}, 0x90)
read$FUSE(r0, &(0x7f0000001180)={0x2020}, 0x2020)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000040)='^\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
move_mount(r3, &(0x7f0000000380)='./file0\x00', r3, 0x0, 0x40)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x40010, r1, 0x2000)
ioctl$USBDEVFS_ALLOW_SUSPEND(r3, 0x5522)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000e80)={0x160, r5, 0x205, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@beacon=[@NL80211_ATTR_PROBE_RESP={0x2e, 0x91, "0314eda54144e6e8c13be1bc7bcde74e45dee094217dc0c094a4850b044e3c1942250cd3c9daf9da6592"}, @NL80211_ATTR_BEACON_HEAD={0xf6, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x81}, @device_b, @device_b, @initial, {0x6}}, 0x9, @default, 0x1971, @val={0x0, 0x6, @default_ibss_ssid}, @void, @val={0x3, 0x1, 0xb5}, @void, @val={0x6, 0x2, 0xe}, @void, @void, @val={0x2a, 0x1, {0x1, 0x1, 0x1}}, @val={0x3c, 0x4, {0x1, 0x9, 0xc9, 0xb6}}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0xffffffffffffffff, 0x0, 0x1, 0xffffffffffffffff, 0x2, 0xb}}, @val={0x76, 0x6, {0x4, 0x2, 0x7, 0x5}}, [{0xdd, 0x5b, "3649c8f86ffe76a56d74944a0699673de0e68ba9b0c49c3145662c42d53aabe3c1a6c1653c07a44adf157447b0fa0eeb61e9b8e54186344318e57b26cd41582215c55b964ca0972cfa443023de138e6367265591772f1c40ef80b4"}, {0xdd, 0x3e, "0918774de152cc75746953f32716b6a724a522828a6d15d3a37b357c43b141e9daa985bbe90859568eda99c9192966a1b36bee695ae833914a970f435cb7"}]}}, @NL80211_ATTR_FTM_RESPONDER={0x4}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x160}}, 0x24000080)
socket$inet_sctp(0x2, 0x5, 0x84)

10m29.532504833s ago: executing program 4 (id=4852):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000b80)={0x80, r1, 0x5, 0x0, 0x0, {{0xf, 0x0, 0x300}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @random="13610680c4c9"}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @beacon=[@NL80211_ATTR_BEACON_TAIL={0x20, 0xf, [@ht={0x2d, 0x1a, {0x800, 0x1, 0x0, 0x0, {0x0, 0x128a, 0x0, 0x80, 0x0, 0x1, 0x0, 0x1, 0x1}, 0x1, 0x8, 0x30}}]}, @NL80211_ATTR_IE={0x4}]]}, 0x80}}, 0x0)

10m29.214269223s ago: executing program 4 (id=4853):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r2, &(0x7f0000009780)={0x2020}, 0x2020)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000240)={0xb0, 0x0, 0x3, [{{}, {0x0, 0x0, 0x1, 0x0, '('}}]}, 0xb0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_clone(0x640c7400, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r4, &(0x7f0000001300)="92", 0x2)
read$char_usb(r4, 0x0, 0x0)

10m28.930050083s ago: executing program 35 (id=4853):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r2, &(0x7f0000009780)={0x2020}, 0x2020)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000240)={0xb0, 0x0, 0x3, [{{}, {0x0, 0x0, 0x1, 0x0, '('}}]}, 0xb0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_clone(0x640c7400, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r4, &(0x7f0000001300)="92", 0x2)
read$char_usb(r4, 0x0, 0x0)

10m13.267455138s ago: executing program 6 (id=4912):
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000040)})
r1 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000000300)=[<r2=>0x0]})
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r1, 0xc04064aa, &(0x7f0000000880)={0x0, 0x0, r2})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000300)={&(0x7f0000000140)=[0x0], &(0x7f0000000180)=[{}, {}, {}], &(0x7f0000000280)=[0x0, 0x0, 0x0, <r3=>0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0], 0x3, 0x4, 0x1})
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000040)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r6, 0x6, 0x23, &(0x7f0000000000)=""/36, &(0x7f0000000040)=0x24)
r7 = syz_open_dev$dri(&(0x7f0000000700), 0xffffffffffffffff, 0x400000)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r7, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[<r8=>0x0, 0x0, <r9=>0x0], &(0x7f00000000c0), 0x3, r5})
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r4, 0xc01864ba, &(0x7f0000000300)={0x14, r9, r5})
r11 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r11, 0x4010640d, &(0x7f0000000000)={0x14, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r11, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r12=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r11, 0xc02064b6, &(0x7f00000001c0)={r12, <r13=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r11, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r11, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000300)=[0x0, 0x0, <r14=>0x0], &(0x7f0000000040), 0x3, r13})
r15 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100), 0x220000, 0x0)
fcntl$setflags(r15, 0x2, 0x1)
r16 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_GET_CAP(r16, 0xc010640c, &(0x7f0000000080)={0x2})
ioctl$DRM_IOCTL_MODE_ATOMIC(r11, 0xc03864bc, &(0x7f0000000380)={0x201, 0x1, &(0x7f0000000440)=[r13], &(0x7f0000000200), &(0x7f00000000c0)=[r14], &(0x7f0000000340)})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f00000005c0)={&(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000480), &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0], 0x3c3c6bb, 0x4, 0x5})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f00000006c0)={0x0, 0x2, &(0x7f00000000c0)=[0x0, 0x0], &(0x7f0000000100)=[0x7f, 0xb3c, 0x1, 0x8, 0xfd3, 0x9], &(0x7f0000000640)=[r8, r3, 0x0, r9, r14, 0x0, 0x0], &(0x7f0000000680)=[0x5, 0x6, 0x0, 0xfffffffdfffffff9], 0x0, 0xfffffffffffff608})

10m13.103629389s ago: executing program 6 (id=4913):
syz_usb_connect(0x5, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b05101e8c00000001090212000100000000090401"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x3)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f0000000140)=[{0x2, 0x219, 0x0, 0x0}], 0x1})

10m11.659502895s ago: executing program 6 (id=4918):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba3581ffffff0000000700ff020000000000000000000000000001000000000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b8002944291189"], 0xfdef)

10m11.382191582s ago: executing program 6 (id=4920):
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000040)})
r1 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000000300)=[<r2=>0x0]})
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r1, 0xc04064aa, &(0x7f0000000880)={0x0, 0x0, r2})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000300)={&(0x7f0000000140)=[0x0], &(0x7f0000000180)=[{}, {}, {}], &(0x7f0000000280)=[0x0, 0x0, 0x0, <r3=>0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0], 0x3, 0x4, 0x1})
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000040)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r6, 0x6, 0x23, &(0x7f0000000000)=""/36, &(0x7f0000000040)=0x24)
r7 = syz_open_dev$dri(&(0x7f0000000700), 0xffffffffffffffff, 0x400000)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r7, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[<r8=>0x0, 0x0, <r9=>0x0], &(0x7f00000000c0), 0x3, r5})
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r4, 0xc01864ba, &(0x7f0000000300)={0x14, r9, r5})
r11 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r11, 0x4010640d, &(0x7f0000000000)={0x14, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r11, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r12=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r11, 0xc02064b6, &(0x7f00000001c0)={r12, <r13=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r11, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r11, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000300)=[0x0, 0x0, <r14=>0x0], &(0x7f0000000040), 0x3, r13})
r15 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100), 0x220000, 0x0)
fcntl$setflags(r15, 0x2, 0x1)
r16 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_GET_CAP(r16, 0xc010640c, &(0x7f0000000080)={0x2})
ioctl$DRM_IOCTL_MODE_ATOMIC(r11, 0xc03864bc, &(0x7f0000000380)={0x201, 0x1, &(0x7f0000000440)=[r13], &(0x7f0000000200), &(0x7f00000000c0)=[r14], &(0x7f0000000340)})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f00000005c0)={&(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000480), &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0], 0x3c3c6bb, 0x4, 0x5})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f00000006c0)={0x0, 0x2, &(0x7f00000000c0)=[0x0, 0x0], &(0x7f0000000100)=[0x7f, 0xb3c, 0x1, 0x8, 0xfd3, 0x9], &(0x7f0000000640)=[r8, r3, 0x0, r9, r14, 0x0, 0x0], &(0x7f0000000680)=[0x5, 0x6, 0x0, 0xfffffffdfffffff9], 0x0, 0xfffffffffffff608})

10m11.300311921s ago: executing program 6 (id=4921):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
syz_open_dev$vim2m(&(0x7f0000000240), 0x1, 0x2)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000040)={0x1, 0x1}, 0x2)
write$USERIO_CMD_REGISTER(r1, &(0x7f00000001c0)={0x0, 0x3}, 0x2)
write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000440)={0x1, 0x1}, 0x2)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x40049366, 0x0)
close(0xffffffffffffffff)
socket$packet(0x11, 0x3, 0x300)
socket$inet6_udplite(0xa, 0x2, 0x88)
r3 = geteuid()
openat$cgroup_ro(r2, &(0x7f0000000180)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x0, 0x0)
quotactl_fd$Q_SETINFO(r2, 0xffffffff80000602, r3, &(0x7f0000000140)={0x7, 0x2, 0x1})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect$uac1(0x2, 0xdc, &(0x7f0000001140)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c0311040000000c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r0, @ANYRES8=r4], 0x0)

10m9.854409728s ago: executing program 6 (id=4930):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0)
ioctl$EVIOCSABS0(r1, 0x401845c0, 0x0) (async)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x69, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) (async)
recvmsg$kcm(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000a00)=""/254, 0xfe}, {&(0x7f0000000d00)=""/214, 0xd6}, {&(0x7f0000003100)=""/4059, 0xfdb}, {&(0x7f0000000380)=""/210, 0xd2}, {&(0x7f0000000940)=""/188, 0xbc}, {&(0x7f0000000240)=""/223, 0xdf}, {&(0x7f0000001000)=""/4084, 0xff4}, {&(0x7f00000007c0)=""/199, 0xc7}, {&(0x7f0000000b00)=""/216, 0xd8}, {&(0x7f0000000540)=""/171, 0xab}, {&(0x7f0000000f00)=""/223, 0xdf}, {&(0x7f0000000700)=""/92, 0x5c}], 0xc}, 0x40012100)
recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) (async)
recvmsg$kcm(r0, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0) (async)
syz_open_dev$radio(&(0x7f00000002c0), 0x2, 0x2) (async)
r3 = syz_open_dev$vbi(&(0x7f0000000140), 0x2, 0x2)
ioctl$VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f00000000c0)={0xf0f041})
close_range(r2, 0xffffffffffffffff, 0x0) (async)
r4 = socket(0x1d, 0x2, 0x6)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'gretap0\x00', <r6=>0x0})
bind$can_j1939(r4, &(0x7f0000000040)={0x1d, r6, 0x3, {0x0, 0x1, 0x3}}, 0x18)
mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='squashfs\x00', 0x200002, 0x0)

9m54.830032604s ago: executing program 36 (id=4930):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0)
ioctl$EVIOCSABS0(r1, 0x401845c0, 0x0) (async)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x69, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) (async)
recvmsg$kcm(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000a00)=""/254, 0xfe}, {&(0x7f0000000d00)=""/214, 0xd6}, {&(0x7f0000003100)=""/4059, 0xfdb}, {&(0x7f0000000380)=""/210, 0xd2}, {&(0x7f0000000940)=""/188, 0xbc}, {&(0x7f0000000240)=""/223, 0xdf}, {&(0x7f0000001000)=""/4084, 0xff4}, {&(0x7f00000007c0)=""/199, 0xc7}, {&(0x7f0000000b00)=""/216, 0xd8}, {&(0x7f0000000540)=""/171, 0xab}, {&(0x7f0000000f00)=""/223, 0xdf}, {&(0x7f0000000700)=""/92, 0x5c}], 0xc}, 0x40012100)
recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) (async)
recvmsg$kcm(r0, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0) (async)
syz_open_dev$radio(&(0x7f00000002c0), 0x2, 0x2) (async)
r3 = syz_open_dev$vbi(&(0x7f0000000140), 0x2, 0x2)
ioctl$VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f00000000c0)={0xf0f041})
close_range(r2, 0xffffffffffffffff, 0x0) (async)
r4 = socket(0x1d, 0x2, 0x6)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'gretap0\x00', <r6=>0x0})
bind$can_j1939(r4, &(0x7f0000000040)={0x1d, r6, 0x3, {0x0, 0x1, 0x3}}, 0x18)
mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='squashfs\x00', 0x200002, 0x0)

8m46.222367545s ago: executing program 2 (id=5264):
r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000), 0x4c200, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x1bc, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@empty, 0x0, 0x3, 0x0, 0x0, 0xa, 0x0, 0x20, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d}, {0x0, 0x0, 0x0, 0x2dd}}, [@tmpl={0x104, 0x5, [{{@in=@dev={0xac, 0x14, 0x14, 0x3b}, 0x0, 0x2b}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0xc}, 0x0, 0x0, 0x0, 0xff}, {{@in6=@mcast2, 0x0, 0x3c}, 0x2, @in=@remote, 0x0, 0x1, 0x3}, {{@in6=@mcast2, 0x0, 0x3c}, 0x2, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x6c}, 0x0, @in=@broadcast, 0x0, 0x1}]}]}, 0x1bc}}, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000080)={'syz0\x00', {0x0, 0x2}, 0x0, [0x3, 0x3, 0x3ff, 0x8008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0xfffffffa, 0x0, 0x9, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x4, 0xfffffffc, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x10000000, 0x99, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x7, 0x0, 0x1, 0xfffffffe, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x8, 0x0, 0x3, 0x0, 0x6, 0x3, 0x0, 0x3], [0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x6d, 0xffffffff, 0x8000edc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xa0000000, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xa, 0x2, 0x0, 0x2000079, 0x0, 0x0, 0x0, 0x10000, 0x40000, 0x8, 0xc0000001, 0x0, 0x0, 0xffffffff, 0x0, 0x3, 0x1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4], [0xffffffff, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xfffffffe, 0x0, 0x2, 0x7, 0x0, 0x0, 0x0, 0x3, 0xffffffff, 0x20000000, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0xd, 0x8001, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x44, 0x4000400, 0x0, 0x0, 0xfffffffd], [0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x3, 0x10000000, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0x0, 0x0, 0x2000000, 0x0, 0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffd, 0x10000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x2, 0x0, 0x0, 0x0, 0x100000]}, 0x45c)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478e"])
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$SIOCPNADDRESOURCE(r0, 0x89e0, &(0x7f0000000580)=0x1)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000000)={0x10000000000001a3, 0x0, [{0x8f9, 0x0, 0x275bc9b3}, {0xaad, 0x0, 0x7f}, {0x2af}, {0x2e6, 0x0, 0xa3}, {0xb38, 0x0, 0x8fe}, {0x91a, 0x0, 0x3}]})
r6 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0xffffffffffffffb3, &(0x7f0000000040)=[{&(0x7f00000000c0)="1400000016000b63d25a8064000000000124fc60", 0x14}], 0x1}, 0x8c4)
recvmsg$kcm(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001300)=""/4068, 0xfe4}, {&(0x7f0000000280)=""/177, 0xb1}, {&(0x7f0000000100)=""/29, 0x1d}], 0x3}, 0x12100)
r7 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0x0, 0x2, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x200, 0x0, 0x0, 0x3, 0x0, 0x0, 0x8c], 0xeeee8000})
ioctl$KVM_RUN(r9, 0xae80, 0x0)

8m46.039560846s ago: executing program 2 (id=5265):
r0 = accept$ax25(0xffffffffffffffff, &(0x7f0000000000)={{0x3, @null}, [@null, @rose, @bcast, @bcast, @rose, @default, @null, @rose]}, &(0x7f0000000080)=0x48)
ioctl$SIOCAX25OPTRT(r0, 0x89e7, &(0x7f00000000c0)={@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x2, 0x56})
getsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x4)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
setsockopt$nfc_llcp_NFC_LLCP_RW(r1, 0x118, 0x0, &(0x7f0000000180)=0xf, 0x4)
syz_open_dev$sndmidi(&(0x7f00000001c0), 0x0, 0x2000)
ioctl$VT_GETSTATE(0xffffffffffffffff, 0x5603, &(0x7f0000000240)={0x81, 0x375, 0x8})
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000280)={<r3=>0x0, 0x9}, &(0x7f00000002c0)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000300)={r3, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x4e21, 0x1, @empty, 0x3}}, 0x6, 0x9, 0x8000, 0x712, 0xf6, 0x8000, 0x4}, 0x9c)
syz_emit_vhci(&(0x7f0000000400)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x22}, @l2cap_cid_le_signaling={{0x1e}, @l2cap_ecred_conn_rsp={{0x18, 0x2, 0x1a}, {0x9, 0x5, 0x391, 0x8, [0x5, 0x6, 0x8d59, 0x7, 0x5, 0x2, 0x4, 0x8, 0x2]}}}}, 0x27)
ioctl$TIOCGPKT(0xffffffffffffffff, 0x80045438, &(0x7f00000004c0))
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000540))
setxattr$trusted_overlay_nlink(&(0x7f0000000700)='./file1\x00', &(0x7f0000000740), &(0x7f0000000780)={'L+', 0x8}, 0x16, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000009c0), 0xffffffffffffffff)

8m45.954394942s ago: executing program 2 (id=5266):
r0 = socket(0x23, 0x5, 0x0)
recvmsg$unix(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x40000020)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xcf, 0x8b, 0xed, 0x20, 0xfd9, 0x25, 0x2940, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xca, 0xfb, 0x1a}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000580)={0x24, &(0x7f0000000440)={0x20, 0xd, 0x1, '\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = socket$kcm(0x10, 0x3, 0x4)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r4, 0x4188aec6, &(0x7f0000000040))
close_range(r2, 0xffffffffffffffff, 0x0)
r5 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
getsockopt$bt_BT_CHANNEL_POLICY(r6, 0x112, 0xa, &(0x7f00000000c0)=0x1ff, &(0x7f00000001c0)=0x4)
ioctl$I2C_SMBUS(r5, 0x720, &(0x7f0000000680)={0x1, 0x2, 0x3, &(0x7f0000000400)={0x1b, "65c28678ec59b73ade02da39a66f440cfa56ec4319a52702236bf319b49de48232"}})

8m44.516731825s ago: executing program 2 (id=5273):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r1=>0x0})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @empty}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, 0x0, 0x0)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
unshare(0x2c020400)
mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x80000, 0x0)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="9ade0b53", @ANYRES16=r3, @ANYBLOB="010026bd7000000000003b00000008000300", @ANYRES32=r1, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0xc0}, 0x10)

8m44.382544655s ago: executing program 2 (id=5274):
r0 = accept$ax25(0xffffffffffffffff, &(0x7f0000000000)={{0x3, @null}, [@null, @rose, @bcast, @bcast, @rose, @default, @null, @rose]}, &(0x7f0000000080)=0x48)
ioctl$SIOCAX25OPTRT(r0, 0x89e7, &(0x7f00000000c0)={@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x2, 0x56})
getsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x4)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
setsockopt$nfc_llcp_NFC_LLCP_RW(r1, 0x118, 0x0, &(0x7f0000000180)=0xf, 0x4)
ioctl$VT_GETSTATE(0xffffffffffffffff, 0x5603, &(0x7f0000000240)={0x81, 0x375, 0x8})
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000280)={<r3=>0x0, 0x9}, &(0x7f00000002c0)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000300)={r3, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x4e21, 0x1, @empty, 0x3}}, 0x6, 0x9, 0x8000, 0x712, 0xf6, 0x8000, 0x4}, 0x9c)
syz_emit_vhci(&(0x7f0000000400)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x22}, @l2cap_cid_le_signaling={{0x1e}, @l2cap_ecred_conn_rsp={{0x18, 0x2, 0x1a}, {0x9, 0x5, 0x391, 0x8, [0x5, 0x6, 0x8d59, 0x7, 0x5, 0x2, 0x4, 0x8, 0x2]}}}}, 0x27)
ioctl$TIOCGPKT(0xffffffffffffffff, 0x80045438, &(0x7f00000004c0))
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000540))
setxattr$trusted_overlay_nlink(&(0x7f0000000700)='./file1\x00', &(0x7f0000000740), &(0x7f0000000780)={'L+', 0x8}, 0x16, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000009c0), 0xffffffffffffffff)

8m44.062494579s ago: executing program 2 (id=5276):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r2, &(0x7f0000000000), 0x8)
listen(r2, 0x0)
connect$bt_sco(r2, &(0x7f0000000100)={0x1f, @none}, 0x8)
ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r1, 0x4068aea3, &(0x7f0000000140)={0xa4, 0x0, 0x1})
r3 = signalfd4(r0, &(0x7f00000001c0), 0x8, 0x180800)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r3, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x44, r4, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x6}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x9}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r5, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180), 0x40, 0x0)
close(0x3)
socket$inet(0x2b, 0x801, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r8 = socket$nl_sock_diag(0x10, 0x3, 0x4)
recvmmsg(r8, &(0x7f0000000e40)=[{{0x0, 0x0, 0x0}, 0x53}], 0x1, 0x120, 0x0)
sendmsg$SOCK_DIAG_BY_FAMILY(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000011c0)={0x44c, 0x14, 0x601, 0x0, 0x0, {0x2b, 0xfa}, [@INET_DIAG_REQ_BYTECODE={0xc5, 0x1, "f18dde519bd1b9a4676c3d85e689a3affafe2c6b54bd5435952bbe061f8e4b857978d4f0a250963b151370ebc5d06631bd2429e4fcf99764aad9cb0c339be0e769229fe25e6f1415990cb1dc480260686fbff9319fde07a77ba5b6ffafc44877572806ebc5e70a7313e2ca35d35f6799f1cc8f206d8423444d7dec7495ef55b3a4f28c9e9f7cf4aac95fa84a303be66d8b192c53353ba7cf35bd05c6a6e2886024d54b34d948e11a045bfa8866ca849451a91eccf9db4e8c2862f0bb5440b4b3b4"}, @INET_DIAG_REQ_BYTECODE={0xda, 0x1, "54a513d1c45889db3e897af7917b62bfc0ac7b0d5e38dfa02d2915d1328384293d708f68329e1bfab1680f6f6d76e7ac0e1c7896ac3ed5ddb85df00ee64e3b0a4939a20fa1ddd0b509ab79e61fa49e85fdf61d352b946011f3ffa8e1e9b12179848f4e5309ebcb00a6520ff2060c170c5e26c5f02c587935fb7d782ea72c72bab0648a4834eb2ddc83ae5b1d7990b3a7824031073cef22b603222af09493828571c52c1a908622925d6ce30fa47b9aeb032c149a1900755c788a88363e1ad72aeef514f4a0ffeb3b2bfb63327a5d91566196f96c6a8c"}, @INET_DIAG_REQ_BYTECODE={0x7d, 0x1, "f14a9f1509efbef48b9b8475a317b45642b3c6d1c759d158ebe43ed1098d28f56f1089f02616f57b72cc544945f972635062d5a906ddf3f81a0c91b455a9911bf60bdcd86f4503adfba548e4c8db866f45298079ddd4eb54ed7ff2560d7a1d43893d3e7db595c668214def8eebaeaf4df395381d3b9d07a472"}, @INET_DIAG_REQ_BYTECODE={0xb6, 0x1, "1e0dc25d8c1bfc2bd9ffc8f304ab06a56fe005df9c883140f94807390f365375dbdebfc9020584704e8ee4831f947ddc40d04dc69e8187f90d260bd5efcd118dacb84b4a580eef7eb7eec593d1b0024f964451e8b71b9d84333a1fd2a70cd540d3b2f512d501179cff60e967a7199db36d3237b23bd5c7c121273bdfd3a44d9a4690e972a6f06d48d6b56dec6378524c9919cf514691afa6bea350e4fccdcb1d9f1b29bd3ae5aa23062b4b4cd7c3d61c4963"}, @INET_DIAG_REQ_BYTECODE={0x6, 0x1, "6910"}, @INET_DIAG_REQ_BYTECODE={0x8a, 0x1, "1003cc57807366863d2855f3ff406ed5e55031b2ab0d2d4ac953de2ea9089e26bb498e0b9b7e38ce74bab70487a8b798ea3c648bcba6188581bc6201a243ad634ef79d6c8cc34e6ecbfdfb45b93e21d0449970811e3996098a11de68212ec0d7d7f2642e1c0c189a73986401ea7845c2e251c66bd71e7e1a1d8c64c23c7d858cc28e0c580fd7"}, @INET_DIAG_REQ_BYTECODE={0xc5, 0x1, "de9a47f7ad5156d0474e2c25a94b4ed786d159e3384766cb6d4769f08d1e051f78f91bc846e0c90270fcc607c958d91f622491cc5b99a5f162a05f10f50c55176382ff6b14d64491f5e7227584c5d723f086a243e02d9b55c30cbeca3744c6e34168b0dbc21bb615c066f9443d07a1a7c4624b0c5a643a1e21c35298a269fc9c4c02526a006e9423b9176cd3f0ca235f8752a8e8c630ef47bc9bcc21d665d854d2c0bdf5686e105fd2f44f90ba59f9880e14d0ad07fac654b2e19b93f74d10ab47"}]}, 0x44c}}, 0x0)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000007c0), r6)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000a40)={'wlan0\x00', <r10=>0x0})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)={<r11=>0xffffffffffffffff})
setsockopt$sock_int(r11, 0x1, 0x32, &(0x7f0000000080)=0x4, 0x4)
sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r7, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="01002dbd7000fcdbdf258300000008000300", @ANYRES32=r10, @ANYBLOB="4688d88fb09a62d03cc64f7648f0633c4405305ac231fcb5301d0173de0bf0f86c87f28bbb0f6596884c209043216ce4e63b6a7bf2aeeb2cd38058c72a93addec8080465ad67b84d65056f"], 0x1c}, 0x1, 0x0, 0x0, 0x4008850}, 0x40)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)

8m43.906041998s ago: executing program 37 (id=5276):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r2, &(0x7f0000000000), 0x8)
listen(r2, 0x0)
connect$bt_sco(r2, &(0x7f0000000100)={0x1f, @none}, 0x8)
ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r1, 0x4068aea3, &(0x7f0000000140)={0xa4, 0x0, 0x1})
r3 = signalfd4(r0, &(0x7f00000001c0), 0x8, 0x180800)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r3, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x44, r4, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x6}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x9}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r5, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180), 0x40, 0x0)
close(0x3)
socket$inet(0x2b, 0x801, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r8 = socket$nl_sock_diag(0x10, 0x3, 0x4)
recvmmsg(r8, &(0x7f0000000e40)=[{{0x0, 0x0, 0x0}, 0x53}], 0x1, 0x120, 0x0)
sendmsg$SOCK_DIAG_BY_FAMILY(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000011c0)={0x44c, 0x14, 0x601, 0x0, 0x0, {0x2b, 0xfa}, [@INET_DIAG_REQ_BYTECODE={0xc5, 0x1, "f18dde519bd1b9a4676c3d85e689a3affafe2c6b54bd5435952bbe061f8e4b857978d4f0a250963b151370ebc5d06631bd2429e4fcf99764aad9cb0c339be0e769229fe25e6f1415990cb1dc480260686fbff9319fde07a77ba5b6ffafc44877572806ebc5e70a7313e2ca35d35f6799f1cc8f206d8423444d7dec7495ef55b3a4f28c9e9f7cf4aac95fa84a303be66d8b192c53353ba7cf35bd05c6a6e2886024d54b34d948e11a045bfa8866ca849451a91eccf9db4e8c2862f0bb5440b4b3b4"}, @INET_DIAG_REQ_BYTECODE={0xda, 0x1, "54a513d1c45889db3e897af7917b62bfc0ac7b0d5e38dfa02d2915d1328384293d708f68329e1bfab1680f6f6d76e7ac0e1c7896ac3ed5ddb85df00ee64e3b0a4939a20fa1ddd0b509ab79e61fa49e85fdf61d352b946011f3ffa8e1e9b12179848f4e5309ebcb00a6520ff2060c170c5e26c5f02c587935fb7d782ea72c72bab0648a4834eb2ddc83ae5b1d7990b3a7824031073cef22b603222af09493828571c52c1a908622925d6ce30fa47b9aeb032c149a1900755c788a88363e1ad72aeef514f4a0ffeb3b2bfb63327a5d91566196f96c6a8c"}, @INET_DIAG_REQ_BYTECODE={0x7d, 0x1, "f14a9f1509efbef48b9b8475a317b45642b3c6d1c759d158ebe43ed1098d28f56f1089f02616f57b72cc544945f972635062d5a906ddf3f81a0c91b455a9911bf60bdcd86f4503adfba548e4c8db866f45298079ddd4eb54ed7ff2560d7a1d43893d3e7db595c668214def8eebaeaf4df395381d3b9d07a472"}, @INET_DIAG_REQ_BYTECODE={0xb6, 0x1, "1e0dc25d8c1bfc2bd9ffc8f304ab06a56fe005df9c883140f94807390f365375dbdebfc9020584704e8ee4831f947ddc40d04dc69e8187f90d260bd5efcd118dacb84b4a580eef7eb7eec593d1b0024f964451e8b71b9d84333a1fd2a70cd540d3b2f512d501179cff60e967a7199db36d3237b23bd5c7c121273bdfd3a44d9a4690e972a6f06d48d6b56dec6378524c9919cf514691afa6bea350e4fccdcb1d9f1b29bd3ae5aa23062b4b4cd7c3d61c4963"}, @INET_DIAG_REQ_BYTECODE={0x6, 0x1, "6910"}, @INET_DIAG_REQ_BYTECODE={0x8a, 0x1, "1003cc57807366863d2855f3ff406ed5e55031b2ab0d2d4ac953de2ea9089e26bb498e0b9b7e38ce74bab70487a8b798ea3c648bcba6188581bc6201a243ad634ef79d6c8cc34e6ecbfdfb45b93e21d0449970811e3996098a11de68212ec0d7d7f2642e1c0c189a73986401ea7845c2e251c66bd71e7e1a1d8c64c23c7d858cc28e0c580fd7"}, @INET_DIAG_REQ_BYTECODE={0xc5, 0x1, "de9a47f7ad5156d0474e2c25a94b4ed786d159e3384766cb6d4769f08d1e051f78f91bc846e0c90270fcc607c958d91f622491cc5b99a5f162a05f10f50c55176382ff6b14d64491f5e7227584c5d723f086a243e02d9b55c30cbeca3744c6e34168b0dbc21bb615c066f9443d07a1a7c4624b0c5a643a1e21c35298a269fc9c4c02526a006e9423b9176cd3f0ca235f8752a8e8c630ef47bc9bcc21d665d854d2c0bdf5686e105fd2f44f90ba59f9880e14d0ad07fac654b2e19b93f74d10ab47"}]}, 0x44c}}, 0x0)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000007c0), r6)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000a40)={'wlan0\x00', <r10=>0x0})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)={<r11=>0xffffffffffffffff})
setsockopt$sock_int(r11, 0x1, 0x32, &(0x7f0000000080)=0x4, 0x4)
sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r7, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="01002dbd7000fcdbdf258300000008000300", @ANYRES32=r10, @ANYBLOB="4688d88fb09a62d03cc64f7648f0633c4405305ac231fcb5301d0173de0bf0f86c87f28bbb0f6596884c209043216ce4e63b6a7bf2aeeb2cd38058c72a93addec8080465ad67b84d65056f"], 0x1c}, 0x1, 0x0, 0x0, 0x4008850}, 0x40)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)

2m43.817624181s ago: executing program 7 (id=7217):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000000906010800000001000000000200ffff0900020073797a310000000008000940000000390600010007000000100008800c000780080009"], 0x40}, 0x1, 0x0, 0x0, 0x10000082}, 0x2000481c)

2m43.733494406s ago: executing program 7 (id=7218):
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000000), &(0x7f0000000080)=0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000000906010800000001000000000200ffff0900020073797a310000000008000940000000390600010007000000100008800c000780080009"], 0x40}, 0x1, 0x0, 0x0, 0x10000082}, 0x2000481c)

2m43.542539048s ago: executing program 7 (id=7219):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000120000000001000000000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b"], 0xfdef)

2m43.470293144s ago: executing program 7 (id=7220):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000040)={0x4, 0x0, 0x3, 0xf00, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b920a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1aed6e850ecb3421143c5c4ded0f06affc524dcf3208272619b6a952db5bc96141b26c54d13c7a5416287a3b6f7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa0284abe90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695efbd649f42f310859122c0d2c1e558dc6586958a283762386ecf369274e43003a0fdff59ea515eb44504901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc5092548feaef7204a12cece59181fcb5bad8c24bd9f8f78d17ab82831325501e80d899e9252f99d3a2666343392fda11504800f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d01000100df6f40a80ace2bb8a2aad3b0c66915927db4233181943d88c0c76d5969e2043db5bd77fd60ba0f013139929ccfec965c0c769785a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fd81bc31152538db50f47dc38ba908a0d808687e478a609fe0daa02d4e9c618b99266e7f2e98597e2813e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d472dd0e1338688ba782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71929f918b98c4cbfcb11a90139264a9ee8081973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc42915e4f3a5db642447bc2195a3d64e04c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e0e32b75ce814731c542091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00"})

2m43.411832758s ago: executing program 7 (id=7221):
syz_clone(0x640c7400, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0)
r0 = socket(0x2d, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x2d, 0x0, 0x20, 0x100}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0xc0)
r1 = syz_usb_connect(0x0, 0x371, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000057ec0020c215dcff30bd0102030109025f03019b000000090400000b403b4e000905e2379c"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81004e230e227f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71002", 0x3d}], 0x1)
syz_usb_connect(0x0, 0x4f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000a6ff0540cdabeecdb9050000000109023d0c020000000009049c000301035100090d0a00000000000009050313000000000003270103"], 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000200)={0x14, &(0x7f0000000140)={0x40, 0x31, 0xa1, {0xa1, 0x23, "5c34e9f44e5ca48f982122b0d377de2092d854eb687fd013d55a9a060109b414af1772034f36abfc855c9a5b794eddb797c48669ca8942e8c138adbac3d0451a569552a88c69903f16229394a869f824534918e94e31412b7a1b859d6511194248497d6f048147d37044f6078a31e046c135d074997370547382643489887b68921bdf5b18af0a05d563fb3bc2e3e050e73f31418e922a8e3102cd5ff4a11e"}}, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000480)={0x44, &(0x7f0000000240)={0x20, 0x0, 0x52, "a6ae389e44b99881c7b7fcdc341c367da4eea568b0318e4a21ebff1371e72ef1c95cf2e75df32c32485d9849f41480ddd790c45c2d84112bb9cc889f8614095138c186d7d59f87b93810c6d9db049107511b"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x3}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000340)={0x20, 0x80, 0x1c, {0x4, 0xe1b, 0x6, 0x9, 0x4bf, 0x3, 0xc, 0x7f, 0x6, 0x101, 0x83, 0x7be9}}, &(0x7f0000000380)={0x20, 0x85, 0x4, 0x9}, &(0x7f00000003c0)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000400)={0x20, 0x87, 0x2, 0xfffe}, &(0x7f0000000440)={0x20, 0x89, 0x2, 0x1}})
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x5, @any, 0xb41e, 0x2}, 0xfffffffffffffe0c)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r2, 0x0, 0x0)

2m40.369720699s ago: executing program 7 (id=7232):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000001000000000000000141000000180017040000000000faff6474683a76"], 0x34}}, 0x0)
sync()
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='exfat\x00', 0x200000, 0x0)

2m24.552117468s ago: executing program 38 (id=7232):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000001000000000000000141000000180017040000000000faff6474683a76"], 0x34}}, 0x0)
sync()
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='exfat\x00', 0x200000, 0x0)

7.458463063s ago: executing program 0 (id=8039):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d00200000103aff00000000000000000000380000000008ff020000000000000000000000000001"], 0x4a)

7.456335484s ago: executing program 5 (id=8040):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500c00108005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000012000000000000000001000000000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b"], 0xfdef)

7.290016008s ago: executing program 0 (id=8041):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000040)={0x0, 0x3, 0x1a, 0x2, 0x200, &(0x7f0000000480)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a73090000003ffdfd000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000005000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a13fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb52aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117ad65d242d6dccbe2ce34dccd6005e944a421d3d067b01b9989c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"})

7.15006775s ago: executing program 0 (id=8042):
ioctl$VT_GETSTATE(0xffffffffffffffff, 0x5603, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000400)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_rsp={{0x18, 0x2, 0x8}, {0x9, 0x5, 0x391, 0x8}}}}, 0x15)
ioctl$TIOCGPKT(0xffffffffffffffff, 0x80045438, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
setxattr$trusted_overlay_nlink(0x0, 0x0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000180)=<r1=>0x0)
r2 = getpgrp(0x0)
r3 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000000240)={0x200000000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x36}, &(0x7f00000000c0)=""/61, 0x3d, &(0x7f0000000100)=""/106, &(0x7f00000001c0)=[r1, r2], 0x2, {r3}}, 0x58)

7.142139194s ago: executing program 5 (id=8043):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000300)={@multicast2, @loopback, 0x1, 0x1, [@broadcast]}, 0x14)
r1 = socket$alg(0x26, 0x5, 0x0)
close(0x3)
bind$alg(r1, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x3e8, 0x0, 0xfffffffffffffd25)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendto$ax25(r2, 0x0, 0x0, 0x10, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
recvmsg(r0, 0x0, 0x1)
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f0000000040)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x18, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x6, 0x50, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0xb3a9}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x3, 0xff, 0x6}, {0x6, 0x24, 0x1a, 0xc, 0x14}}, {{0x9, 0x5, 0x81, 0x3, 0x20, 0xe, 0xc}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x6, 0xb, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x9, 0x3, 0x7}}}}}}}]}}, 0x0)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01001000000000e14f003b070000", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001", @ANYRES32=r3, @ANYBLOB="24e1eb6ecc15d0aafbf9f81399157ec3809caf816efb"], 0x6f4}}, 0x0)

6.99419316s ago: executing program 0 (id=8044):
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mknod$loop(&(0x7f0000000400)='./file0\x00', 0xfef, 0x0)
execve(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
r0 = socket$kcm(0xa, 0x2, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, 0x0}], 0x1, 0x40800)
sendmsg$inet(r0, &(0x7f0000000380)={&(0x7f0000000040)={0xa, 0xa, @local}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000080)="a2", 0xff0e}], 0x4, 0x0, 0x0, 0xa6820000}, 0xafe6)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$fou(&(0x7f0000000040), r1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fsetxattr$security_evm(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=ANY=[@ANYRESOCT=r0], 0xb, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmmsg(r2, &(0x7f00000018c0), 0x0, 0x8810)
sendmsg$alg(r3, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4040001}, 0x0)
recvmsg$unix(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001f00)=""/4096, 0x1000}], 0x1}, 0x12060)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r4, &(0x7f0000002000)=[{{&(0x7f00000002c0)={0xa, 0x4e20, 0x4, @mcast2, 0x41}, 0x1c, 0x0}}], 0x1, 0x800)
syz_usb_connect(0x5, 0x51, &(0x7f0000000580)=ANY=[], &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0})
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
r7 = socket$pppl2tp(0x18, 0x1, 0x1)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r8, &(0x7f0000000340)={0xa, 0x4e21, 0x4000, @private1={0xfc, 0x1, '\x00', 0x1}, 0x2084}, 0x1c)
connect$pppl2tp(r7, &(0x7f0000000240)=@pppol2tpv3={0x18, 0x1, {0x0, r3, {0x2, 0x4e22, @multicast1}, 0x4}}, 0x2e)
writev(r7, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1)
ioctl$KVM_CAP_HYPERV_SYNIC2(r6, 0x4068aea3, &(0x7f0000000140))
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000000095000040"])

3.98535891s ago: executing program 5 (id=8052):
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000040)})
r1 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000000300)=[<r2=>0x0]})
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r1, 0xc04064aa, &(0x7f0000000880)={0x0, 0x0, r2})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000300)={&(0x7f0000000140)=[0x0], &(0x7f0000000180)=[{}, {}, {}], &(0x7f0000000280)=[0x0, 0x0, 0x0, <r3=>0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0], 0x3, 0x4, 0x1})
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000040)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r6, 0x6, 0x23, &(0x7f0000000000)=""/36, &(0x7f0000000040)=0x24)
r7 = syz_open_dev$dri(&(0x7f0000000700), 0xffffffffffffffff, 0x400000)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r7, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[<r8=>0x0, 0x0, <r9=>0x0], &(0x7f00000000c0), 0x3, r5})
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f00000000010000005e140602000000000e000a000d000000028000001294", 0x2e}], 0x1}, 0x0) (fail_nth: 7)
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r4, 0xc01864ba, &(0x7f0000000300)={0x14, r9, r5})
r11 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r11, 0x4010640d, &(0x7f0000000000)={0x14, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r11, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r12=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r11, 0xc02064b6, &(0x7f00000001c0)={r12, <r13=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r11, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r11, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000300)=[0x0, 0x0, <r14=>0x0], &(0x7f0000000040), 0x3, r13})
r15 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100), 0x220000, 0x0)
fcntl$setflags(r15, 0x2, 0x1)
r16 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_GET_CAP(r16, 0xc010640c, &(0x7f0000000080)={0x2})
ioctl$DRM_IOCTL_MODE_ATOMIC(r11, 0xc03864bc, &(0x7f0000000380)={0x201, 0x1, &(0x7f0000000440)=[r13], &(0x7f0000000200), &(0x7f00000000c0)=[r14], &(0x7f0000000340)})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f00000005c0)={&(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000480), &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0], 0x3c3c6bb, 0x4, 0x5})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f00000006c0)={0x0, 0x2, &(0x7f00000000c0)=[0x0, 0x0], &(0x7f0000000100)=[0x7f, 0xb3c, 0x1, 0x8, 0xfd3, 0x9], &(0x7f0000000640)=[r8, r3, 0x0, r9, r14, 0x0, 0x0], &(0x7f0000000680)=[0x5, 0x6, 0x0, 0xfffffffdfffffff9], 0x0, 0xfffffffffffff608})

3.966266221s ago: executing program 0 (id=8053):
socket$netlink(0x10, 0x3, 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x1d, 0x91, 0x67, 0x20, 0x174f, 0x6a31, 0x263f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x83, 0x3c, 0x8f}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000900)={0x2c, &(0x7f0000000680)={0x20, 0x9, 0xb2, {0xb2, 0x31, "cc808e5a66dbeffc2ce1cc73a34dd589b6f22d8aaede09e2c628932ab2edc6bdaa8de4e4cff6ae7fb911384244ddaf1aec149faffbc32458bf696746d8dbfa8857fd4cf71ec985f927b2eef5f1c262ea337e7119bc70dcbaca79ca490285dc8e8dd0fd34bced076f261a12509212d6f52003ec99173a82ca2b54f5cafd024f496d712f5a8ed201795564e3ec34c60ff9da22dbf03146bbaf35dead3c489b1ba7fbd9c1b319ed4e12d83a9bed5d885661"}}, &(0x7f0000000740)={0x0, 0x3, 0xbc, @string={0xbc, 0x3, "1839f98ec95daed04176d6130d34654100f5a489fb4484d7e341ac41483945840ab85870cc4520184a91a875d413aef50b4f26e2875dc49011ae92c36164dba71532c04422f10a1802759c15ac13596f966520b5051c29b2d78fd18c47155a3621cba6e0e29934344723f74527b34a53678ec081be120bd8afba4691d51c7bb3ee425e8e1f418fc83b920ee0174c2fa5a27c162811c9caa06cc6f97ef162f3b74a44cb99f2384a182de4ae51c0c9e974ec0feacdb98c7d0da894"}}, &(0x7f0000000840)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000000880)={0x20, 0x29, 0xf, {0xf, 0x29, 0x4, 0x8, 0x0, 0xf, "9e2c770e", "732d3ece"}}, &(0x7f00000008c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xe, 0x80, 0x0, 0x7, 0xf8, 0x10}}}, &(0x7f0000000d80)={0x84, &(0x7f0000000940)={0x40, 0x3, 0x48, "aadb27115d73286e3302e14646cc22fed997a922f07296fe664c8a57332773c66de0f8ed76688eadb8c5893ab7198c896d30420c762e5d439406a500819be653d70dde49d71731fe"}, &(0x7f00000009c0)={0x0, 0xa, 0x1, 0x81}, &(0x7f0000000a00)={0x0, 0x8, 0x1}, &(0x7f0000000a40)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000ec0)=ANY=[@ANYBLOB="2000040000004001100025555e15654b204a305a880698de81642d56e36aa664cfa3f68381d9f6c3bb6d7b939f399fcd3fbae92d09699e03852df91618f950cfec108c8210842f3b02c4518e1ac7c6eb4251c0ec0694abc90fce9df039a555ae0f2aad35b9a3e9e5b5cbd5bf03c4d60545346337be6c7fbefb13ba3cfff0da8f6782eb"], &(0x7f0000000ac0)={0x40, 0x7, 0x2, 0x7}, &(0x7f0000000b00)={0x40, 0x9, 0x1, 0x1d}, &(0x7f0000000b40)={0x40, 0xb, 0x2, "8c42"}, &(0x7f0000000b80)={0x40, 0xf, 0x2, 0x8}, &(0x7f0000000bc0)={0x40, 0x13, 0x6}, &(0x7f0000000c00)={0x40, 0x17, 0x6, @random="b3d24967ae29"}, &(0x7f0000000c40)={0x40, 0x19, 0x2, "d29d"}, &(0x7f0000000c80)={0x40, 0x1a, 0x2, 0x2}, &(0x7f0000000cc0)={0x40, 0x1c, 0x1, 0x4}, &(0x7f0000000d00)={0x40, 0x1e, 0x1, 0xc0}, &(0x7f0000000d40)={0x40, 0x21, 0x1, 0x5}})
syz_usb_control_io$cdc_ecm(r0, &(0x7f00000004c0)={0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="000a9700000097069ef8e978aefcccd32a8f96ce1e4bb00e662f5786f6b55fc52b388ff5a7b8f1d0515f625a94ebfef69a65a7c02b7a459fca855b223b214b678c4b775b2f9f0e13ee13b2c3a50eb0bded102fd33a558b5a5bf6fa177d35dbdef621b9c47fcc1b624bbaf0877670def56045c155a76a1b6b4c9ca6d331de98620c0d8abf8d86d711ae26f02824deddc75add04addd361d0684af3d4f"], &(0x7f0000000240)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000640)={0x1c, &(0x7f0000000e40)=ANY=[@ANYBLOB="0015550000008398768aab28c68975bdaf72a159dc5146d25c44311a2c98bea8f25dd55547f844199fcefae0f85b2f5d80230e1cb27f473bf18a38c113ab796e3002fe3d2d2f3f8e6ac7fae1538150672d0295a15eaf231bfdc4ccd6dff5483d9e4b51f9abb9e078"], &(0x7f0000000580)={0x0, 0xa, 0x1, 0x6}, &(0x7f00000005c0)={0x0, 0x8, 0x1, 0x40}})

3.889718969s ago: executing program 5 (id=8054):
r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x0, 0x1000000000004}}, 0x30)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [], 0x6b}})
chmod(&(0x7f0000000180)='./file0\x00', 0x1d0)
r4 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
pwritev2(r4, &(0x7f0000000100)=[{&(0x7f0000000380)="bc", 0x1}], 0x1, 0x7ffff000, 0x8000, 0x4)

3.748735876s ago: executing program 5 (id=8056):
r0 = socket$kcm(0x10, 0x2, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='westwood\x00', 0x9)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000840)="89000000120081ae08060cdc030000fe7f030005000000000001ffca1b1f0000000024c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00150c00014003080c00bdad446b31007a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947e", 0x75}, {&(0x7f0000000140)="11d6cb557c8496a2fe7a81f38210bfa9b70ee09c", 0x14}], 0x2}, 0x40000)
r2 = socket$alg(0x26, 0x5, 0x0)
r3 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB="400100001000010026bd7000fcdbdf25636263286165732d6165736e6929000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000020000000040000000000000000000008000100000001000800010001040000080001000600000008000100faffffff080001000800ddff070001"], 0x140}, 0x1, 0x0, 0x0, 0x10}, 0x100008c0)
bind$alg(r2, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58)
r4 = accept4$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @broadcast}, &(0x7f0000000200)=0x10, 0x80000)
listen(r4, 0x0)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r2, 0x117, 0x5, 0x0, 0x9)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_AUTOCLOSE(r5, 0x84, 0x4, &(0x7f0000000040)=0xffffffc0, 0x4)

2.810115737s ago: executing program 5 (id=8061):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000300)={@multicast2, @loopback, 0x1, 0x1, [@broadcast]}, 0x14)
r1 = socket$alg(0x26, 0x5, 0x0)
close(0x3)
bind$alg(r1, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x3e8, 0x0, 0xfffffffffffffd25)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendto$ax25(r2, 0x0, 0x0, 0x10, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
recvmsg(r0, 0x0, 0x1)
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f0000000040)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x18, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x6, 0x50, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0xb3a9}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x3, 0xff, 0x6}, {0x6, 0x24, 0x1a, 0xc, 0x14}}, {{0x9, 0x5, 0x81, 0x3, 0x20, 0xe, 0xc}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x6, 0xb, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x9, 0x3, 0x7}}}}}}}]}}, 0x0)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01001000000000e14f003b0700000800", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001", @ANYRES32=r3, @ANYBLOB="24e1eb6ecc15d0aafbf9f81399157ec3809caf816efb"], 0x6f4}}, 0x0)

2.482298094s ago: executing program 8 (id=8064):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000007c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1, 0x0, 0x9}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x6}]}], {0x14, 0x10, 0x1, 0x20000000}}, 0x50}, 0x1, 0x0, 0x0, 0x890}, 0x0)

2.468223362s ago: executing program 8 (id=8065):
r0 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f0000000000)=0xfffffffb)
accept4(r0, &(0x7f0000000040)=@nfc_llcp, &(0x7f00000000c0)=0x80, 0x80000) (async)
r1 = accept4(r0, &(0x7f0000000040)=@nfc_llcp, &(0x7f00000000c0)=0x80, 0x80000)
socket$kcm(0x29, 0x3, 0x0) (async)
r2 = socket$kcm(0x29, 0x3, 0x0)
recvmsg$kcm(r2, &(0x7f0000000500)={&(0x7f0000000100)=@rc={0x1f, @none}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000180)=""/197, 0xc5}, {&(0x7f0000000280)=""/61, 0x3d}, {&(0x7f00000002c0)=""/151, 0x97}, {&(0x7f0000000380)=""/116, 0x74}, {&(0x7f0000000400)=""/106, 0x6a}], 0x5}, 0x40000000)
recvmmsg(r0, &(0x7f0000001f80)=[{{&(0x7f0000000540)=@in={0x2, 0x0, @local}, 0x80, &(0x7f0000000a00)=[{&(0x7f00000005c0)=""/154, 0x9a}, {&(0x7f0000000680)=""/195, 0xc3}, {&(0x7f0000000780)=""/86, 0x56}, {&(0x7f0000000800)=""/244, 0xf4}, {&(0x7f0000000900)=""/37, 0x25}, {&(0x7f0000000940)=""/187, 0xbb}], 0x6, &(0x7f0000000a80)=""/4096, 0x1000}}, {{&(0x7f0000001a80)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c}, 0x80, &(0x7f0000001e80)=[{&(0x7f0000001b00)=""/79, 0x4f}, {&(0x7f0000001b80)=""/116, 0x74}, {&(0x7f0000001c00)=""/182, 0xb6}, {&(0x7f0000001cc0)=""/206, 0xce}, {&(0x7f0000001dc0)=""/11, 0xb}, {&(0x7f0000001e00)=""/82, 0x52}], 0x6, &(0x7f0000001f00)=""/77, 0x4d}, 0x9}], 0x2, 0x101, &(0x7f0000002000)={0x0, 0x3938700})
r3 = accept4$nfc_llcp(r1, &(0x7f0000002040), &(0x7f00000020c0)=0x60, 0x80800)
socket$kcm(0x29, 0xd, 0x0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000002140), r1)
sendmsg$TIPC_NL_NET_GET(r1, &(0x7f0000002200)={&(0x7f0000002100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000021c0)={&(0x7f0000002180)={0x20, r4, 0x100, 0x70bd26, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x800) (async)
sendmsg$TIPC_NL_NET_GET(r1, &(0x7f0000002200)={&(0x7f0000002100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000021c0)={&(0x7f0000002180)={0x20, r4, 0x100, 0x70bd26, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x800)
r5 = creat(&(0x7f0000002240)='./file0\x00', 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000022c0)={{{@in=@multicast1, @in=@remote}}, {{@in6=@remote}, 0x0, @in6=@empty}}, &(0x7f00000023c0)=0xe8) (async)
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000022c0)={{{@in=@multicast1, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0, <r7=>0x0}}, {{@in6=@remote}, 0x0, @in6=@empty}}, &(0x7f00000023c0)=0xe8)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000002400), &(0x7f0000002440)=0xc) (async)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000002400)={0x0, <r8=>0x0}, &(0x7f0000002440)=0xc)
read$FUSE(r5, &(0x7f0000002480)={0x2020, 0x0, 0x0, 0x0, <r9=>0x0}, 0x2020)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000044c0), &(0x7f0000004500)=0xc) (async)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000044c0)={0x0, 0x0, <r10=>0x0}, &(0x7f0000004500)=0xc)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f0000004540)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff, 0xffffffffffffffff}}, './file0\x00'}) (async)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f0000004540)={{0x1, 0x1, 0x18, <r11=>r3, {0xffffffffffffffff, <r12=>0xffffffffffffffff}}, './file0\x00'})
lstat(&(0x7f0000004580)='./file0\x00', &(0x7f00000045c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r13=>0x0})
getegid() (async)
r14 = getegid()
fsetxattr$system_posix_acl(r2, &(0x7f0000002280)='system.posix_acl_access\x00', &(0x7f0000004640)={{}, {}, [{0x2, 0x3, r7}, {0x2, 0x6, r8}], {0x4, 0x3}, [{0x8, 0x1, r9}, {0x8, 0x0, r10}, {0x8, 0x3, r12}, {0x8, 0x4, r13}, {0x8, 0x4, r14}, {0x8, 0x2}, {0x8, 0x4, 0xee00}, {}], {0x10, 0x2}, {0x20, 0x1}}, 0x74, 0x2) (async)
fsetxattr$system_posix_acl(r2, &(0x7f0000002280)='system.posix_acl_access\x00', &(0x7f0000004640)={{}, {}, [{0x2, 0x3, r7}, {0x2, 0x6, r8}], {0x4, 0x3}, [{0x8, 0x1, r9}, {0x8, 0x0, r10}, {0x8, 0x3, r12}, {0x8, 0x4, r13}, {0x8, 0x4, r14}, {0x8, 0x2}, {0x8, 0x4, 0xee00}, {}], {0x10, 0x2}, {0x20, 0x1}}, 0x74, 0x2)
r15 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000004c80)={0x0, &(0x7f00000046c0)=[@code={0x1, 0x53, {"66f3460f1efbc4c24d042c28c462212f72000f78f92e0f01cff3440f10f666baf80cb816ed7c82ef66bafc0c66b8040066ef64470f1fae70a80000f30f32400f01c5"}}, @cpuid={0x2, 0x18, {0x3, 0x75}}, @cpuid={0x2, 0x18, {0x8e, 0x40}}, @code={0x1, 0x5f, {"420f6ad62e0f01c536450f00561f440f20c03504000000440f22c0430f01cbb9b1030000b8b213dc0aba000000000f30b805000000b9fe7f00000f01d90fc77b00450f018003000100c421fb5d33"}}, @cpuid={0x2, 0x18, {0xa, 0x6}}, @cpuid={0x2, 0x18, {0x6, 0x10001000}}, @uexit={0x0, 0x18, 0x9}, @code={0x1, 0x6d, {"262e0f79bf0e0000000f21c226660f381dd2420f30c744240010010000c7442402e9180000ff2c24420fc71d6f5574b50fc72c4a48b802000000000000000f23d80f21f835c00000400f23f8b805000000b9006800000f01c10f00da"}}, @code={0x1, 0x63, {"f3430faed4b91b0600000f320f210dc422ddb8984e600000b9800000c00f3235010000000f30b970070000b800000000ba000000000f30660ff153000f01cf2e0f01cb66baf80cb804fe7185ef66bafc0ced"}}, @code={0x1, 0x6c, {"66410f3a42848200000000e78fc860a2c500b9410a0000b800600000ba000000000f3066baa000ed8fa85897d40048b80e000000000000000f23d80f21f835c00000000f23f80f01dfb9190600000f3267660fee8777bd000043c9"}}, @code={0x1, 0x72, {"c744240000000000c744240233f6b142c7442406000000000f011c2464470f01df66ba4000ecb94d0b0000b800600000ba000000000f3066baf80cb8e4c1698bef66bafc0ced360f8e01480000470f0826f2400f323e0f01cbb8010000000f01c1"}}, @cpuid={0x2, 0x18, {0x8, 0xe0}}, @uexit={0x0, 0x18}, @code={0x1, 0x78, {"b9a80a0000b88e49d4f6ba000000000f30c461c9f5ce0fc7b47b1f00000048b80d6620b1000000000f23c00f21f83500000b000f23f8460fc772000f01c3c744240000280000c744240200000000c7442406000000000f011424c481fd50dfc46201a73b460f32"}}, @code={0x1, 0x7f, {"410f00d40fd460923666430f38815f90b9800000c00f3235004000000f30b805000000b9fee500000f01d93e64e60048b889a7b4e0fbe65c090f23d80f21f835c00000200f23f8c744240034010000c744240206000000ff1c2466baf80cb893499985ef66bafc0cec3e460f01df"}}, @cpuid={0x2, 0x18, {0x1000, 0x200}}, @code={0x1, 0x7a, {"6565643e480fc79b3ae6d3a5c744240028000000c7442402f70ce2f2ff2c2466400fe2c1b98e020000b808000000ba000000000f30b9800000c00f3235001000000f3066b804000f00d866baf80cb8af355688ef66bafc0cec450f017caa00b9e20a00000f32400f08"}}, @code={0x1, 0x59, {"2e450f799b61000000f2ae0f22c5c744240076000000c744240259460000c7442406000000000f011c24f246da77090fc7b502000000f3470f23ce66ba6100ed430f01cf420f01f8"}}, @uexit={0x0, 0x18, 0xad}, @code={0x1, 0x71, {"c4a1e5c64f1600807cbc085ab906080000b843ccc280ba000000000f300fc79800000000b9800000c00f3235000100000f3066baf80cb82c2c9a86ef66bafc0cb800000000ef66660f3882427a450f8a06000000660f38823e66b8f3000f00d0"}}, @cpuid={0x2, 0x18, {0x8, 0xf}}, @uexit={0x0, 0x18, 0x7}], 0x5a3})
ioctl$KVM_SET_REGS(r15, 0x4090ae82, &(0x7f0000004cc0)={[0x400, 0x8, 0x4, 0x3, 0x80000001, 0x3, 0xec, 0x8000000000000000, 0x69, 0x0, 0x8, 0x80000000, 0xc32, 0x8001, 0x1, 0x5], 0x2, 0x8000})
syz_open_dev$ptys(0xc, 0x3, 0x1) (async)
r16 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$TIOCSTI(r16, 0x5412, &(0x7f0000004d80)=0x2)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f0000004e80)={&(0x7f0000004dc0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000004e40)={&(0x7f0000004e00)={0x28, 0x1404, 0x100, 0x70bd29, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x6a16350b4735b653)
openat2(r11, &(0x7f0000004ec0)='./file0\x00', &(0x7f0000004f00)={0x155100, 0x188, 0x1}, 0x18)
r17 = syz_genetlink_get_family_id$mptcp(&(0x7f0000004f80), r5)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, &(0x7f00000050c0)={&(0x7f0000004f40)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000005080)={&(0x7f0000004fc0)={0xb4, r17, 0x10, 0x70bd2a, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0xc, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xffff}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x40}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x5}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x1c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @private=0xa010101}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x4}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x48, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @private=0xa010100}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r6}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r6}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r6}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x3}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xc1}]}, 0xb4}, 0x1, 0x0, 0x0, 0x20000001}, 0x8800)
setsockopt$SO_TIMESTAMP(r5, 0x1, 0x3f, &(0x7f0000005100)=0x1, 0x4)
sendmsg$tipc(r11, &(0x7f0000006840)={&(0x7f0000005140)=@id={0x1e, 0x3, 0x2, {0x4e21, 0x3}}, 0x10, &(0x7f0000006780)=[{&(0x7f0000005180)="51a93e2b58a15801bba0dc22a53b796158689478cd292fb54dd4246e3c05c7e55bdfa7006b7c4f301db6b79f652344ec8e9cf5b5f34e2799523ec6ea97ae4349e8947553f837c774b09c4c468fec1223c038cfad1861571ebbd8b0d8eca9933555ac459a94eb993b5c71d853a57c57353f311a92c86dce9b8d3c3d447cccbb4d3b869074c3eb3e85cc7de99d8af6fdb618d32266855eedafbfb123519be979c6854a87", 0xa3}, {&(0x7f0000005240)="d109d15c93b8bb5ae3b7393ebc97f7458646bf52dbfe92db5a14f149121afffa86b16ad6d9fa4aae0d232feb06eb5587a4b1196ef04ccea41dce3e23baaa84908c3adafe24beca8051e7b18cd2c79c5ca6fa385498e48e5568ab93", 0x5b}, {&(0x7f00000052c0)="6874715f7ecfb94099aff87d4abccd398499ebacca7f1764f023a80e5f894ddfcf4470151254807df4473d90a263d1edecd07a7876310a3f7864f2479b3ca0b703784f9bfbbd3a411f21e3c1d59b831d5a08f226145e590bf5bfdff3afc16746513874d851d89128359fb765fb27d082e5a1da46c612cd615b1404f3933800d30e3ec61bf8d0b8dabef466ac70e9bbe228800de11bf3c2f8c26bdb7ba82e417f296b562aa1f1455c1cb120c0247152906a", 0xb1}, {&(0x7f0000005380)="aabe864de010535d2cb5724de263a95f9acb1e444d255895db62079e3f3252aa8ea3acdb5ff6950d48878dbe6e5ca781288c02ac952054d85ee7f58bb23fae97bde8393be3478d42a4a8d54426b40a4d13543159f44e7de32ddd9768c4065f0980e2c39a4f694d7b66d9b7db4bbd91562b237a450665fca10debdd4cdb5ddd9f4e312d20873664345c2c781504fe2c99f2996721aa161b2aac4a41aec66a205b5270fc9c8a47c5356b13c6dbbeb209aec7f081fe476f21375c44", 0xba}, {&(0x7f0000005440)="80eec2ad7546cd2efd841344a2273cff34d1f7fc7db133859f00929089eef42236d7185abfba5088013d4e40e53cb41aeff4be7e673952e5d58e9cb377db59e1818a110251ca3105afe6766d690be77c04762a2c82112bc93745938e46473abab1ff379bd70f9b100872941b6cd6ca897db81e28784037d25dacade06aed131c5c0b67324cde9d950ee6da22e69b93e6844880f450a1f496c7ffc6816140cd89adfacaa0ef52c3354f636e2c3ff897624bb7cae05adc0d495c8d7d676dc50c63ef6eabc51b7048e924333bc4c79661dc6798b79d72f0f7a0d91d16c02ef31471aaf864ed8a7df67712c1ae975afbaa2337ca9e2a0cb1954b83c510f1384c4b74aa5fd32edf557222ef7d80c1aa230879e09601162df33a156b8e27761690140d79ad482807bc2a9777e79bcf3140f16d72d1d2d59500da716cc313e9c40297bc0d16081dd7722f11c4c93e5d1abd2c925559dbea947a00d1bc15e19d3eecf088564a3d3df9e46d3fce2bd9cb8f19567881ccf70754b2cd8f77b4e37dd74ffe4b975fd311eb7103a3add854dc22ea177e7286ac5978a8fa4eb5cf0a4b757706ceb43ff23e7b9d8105e9252b7bf3af2330320c9496be339fe98de53fd033de38c9b5f5466e8d353c03de69d504f42b34680b719738c7c705693efc9222ba5349a18bff55a0d7aed43f2d1bc2bf96721ac97cf80cb81fe47245f5f5ee8c2fc2c0b083414a80eda700ff99ff2beaa813970906008af7a9245bd71f908a6c9ef7fe65567fe432434d7a717aa0ea53ef2b941239129fe290286740b3a293e510df075c8dcd2443d2318b2237a12e26b0a0c149c5bbddf99fd6ba9e32fc2682974f2ead801706513062a8fd55cf5984c47aeb255a4e47bbef2c690d3f60bc62b9843c8c509926b7c1a43bcfcdc5f5c8ba8b69ed3f55dd3a4b3d56d9324a8ccbb87ccb99088489fe23a9ada9352b3d74575cf30a45df6b7550a767b94a7cb471c32e6ad53069a86ca55944a85b2200aba7fe68b582d41dbfafc50899b08c4a40f20847917472a4e416655d1450191f78be4d39cde90cf3a541cc449b3ef49c240063fbc8c34698fb0be219c2a864212e85c6250b684d21a45dfbf05c8d176698afb5778778b1c6a668f10e800b5a55520200d366fd0e1d57223bee548e90611847039c3e0a9e002a6087a07901623aede1ba033e262cf830f4687d0fe747936773fc156ba999eabd4e11f9a91cb3bdd0a6a0c80e44822e34446b77148b7c456f14d88864d3a3764e7819c4e1f4db2feda3abf1ae5e226fbcb79c16a892e0afb9cb514876034873b5ad7a4e1ba370a7a789e40e21f2e46f1d78237a6abe17c87b6048e54a55821c655abde635e42448438b1aa7eba22871fc1f73e9bc5d3f9fd7fba649ff1555e50831b368b67205696c2b0986ba1820cc1c8c10b312e45b6495efc41ced0cdc4a6f43c3d12ec0697090d324942ed558dd562fabcca7a7e735550cbd90da00aebcafda99ffcfc6631c5bc4e41e82f910e98d6e6e5b4d7d9e7c10a64ba25f6553aff405f77b1b6f5150f78a62cd183617571f0fd3cc956eefef69b0a16b867f71ade6d8f467170e13313c7a0b061b6c339193e1aae9183aa71f5cc7a5051e8e28b47182bfdcf1b476d0349aa8eac27672860777df59788488c040cdaa087f7c826641ed42be4d49c107605a8c9b0e32e141128c67198117c9f33ef6b7928f39f9359f7f2121d039189b8df64b6d40989c3d0c92c4ca2696a08602c7c7a7f785c9df33a05a42b68153075a6364948855f2903146878c9b00ffd121e9f7a28f3fa11fefc63abae93e21cfbcf2e3cf61cd78529a16aa7c1caa74db34be3df9c5987dc482b0745327c9a893dc53747312ae1e6e6b74e333af5b11a40e630c7592f59ef400f3cb82ab669c163a5edf198c6b59f8f0c04992ba100c75515b862b905fcf126202289675f9901e7430d5acd4d4a1160ae1c951f52e75ace1f1f1937ecd32dafa85ef2af47290fa225d9b0b032dac7fd7ad70136b82158e183837e7f560779de68e17585bdbbf76a2fbd0e82eab75b25aa96b51a595dc287a5d6ff844a81d9e902385113534d59999dfbfc6d611672e790bf736ad4d7f87b0667eaf40e40febb52657a6bf01c68e29aeb976051af48597cfb703d597310dd2acabdb98d1c8a83dab95a32f0ba7a65b05f8199573aebf981340a57900079c2f04d82d25e3eadeac58fce06140f3b8664e65289bee097ae4f59930b166697f8f839d73886894279f1edd99a6b5c57ed018e9c68db3c1ba8110a7de6606cb3206ff7acd2668b6c83cb492775324819d4875f0b400e93c25420dced03e5d2ee62a31c0afad829050f0a4e09818584bd070c510748c8fb7c04868e03da793efa0a06dfffa7156dca085ce288b83bdd30d197b06501e0cb896acb95badc74bca292643665668a0595b8b4f118260b9c618a385648b657839b0803b0d9e4bdd5432603ee5de55ffc6d9b038e8e8ea231db42258514126b36a1663947fd02a47c2065bd3b639f387803672d98d044d969e92675f48ba0e7912da35a5c516bbf9fee69d129888538fa84d3eb93411de919b95937b7118c5c221f6717023237702c6f5802ef65cad64cd3c1b3f384fb2046ec4e2f31726c87bf8c56d27ab7899a586e667c8ba79052ed2b080bcca901c88d58724e9cfdb9a9eba51dee731ae22c8ffb55c866eb54c7dadbfd6b661f699e6f10b3a9ea4d35ecbf1fbc5d3d890f429fd59337c3ba2692a84b7b413eb8ba344a92aff7f878b66ca4fcd61ce61e39c8f3324699fa696afed1f1a99d54fd0a758693e59fbf03a2a09b6643d54a007b1d565a80a9518e2589852333570650211dbd87690fb49e80b017e9e86204c546a00b236ed5a4047a19e5151a57aeddbabe9bd64012bbce5e5683adae0de2b33992abf19f0d7588d622b18a3febbb6fb4b919297c65cd96f9ababd215935efe25e5e194bfb112bb2fdd5add61dc816e3253d91f0a33aa4fb77a2e9640cd2420de7e41141708ecfaff79123357102cadb84414ce1ec5fe150ecb3ee6ac3c16144902424058bfc16f4bf847d67a9dbc893ef15806504c2ae0aa356f892b56fe6135d0366808ed7122c3bf3f2901aa26d7f45b9a7cd711d43c9552ae505c75bf251916e76b029794cadf41d938c81f346b4071d2d7c995954a680ec13612867a58d2ed53e93701aab9dbdba5aa7081eedb95ffca5d56e1a09a57210589b9c15ad0d95007c78e490f6bb3fe7a2036dafaccf113e0ecbb2f3aa5e545a35fe0a0128b4267513e3a7688224853ec4c529f2608cec6043629f5462bd059cdb99de0c5901d8a0c3f3d6ab3a2f6e60946d5a411eda067c123ca44d53526668eb106b9d98412ae743ecc45a739782f7d85c3e99d78fa4867678a0b848dd290a6c59db361985d48228e9f484e834df94012c24f8d240d52cb9b781fd15dcb6e07beed7cdff3f96b60b0193fa1e5b6e719313d1edbf9917cbc74874a5fedba734b85fb7c61b0624cc9f0f952c9648f828da65c292eb0ed967f69b99f855e74baf6e7273b2a2697d06d38902080fa1242dace9188a5e3f741fe1783214ee0968aeb61f7be1afe2e25d56d952a9bd72d0f6c70daf87a150523e2a7cf86b1c5d868fb404d2cf92485f4562776b588a5a4b7475ced35ad2cf0d8fb46ddf97a3ac2d3ca2011acaf9126151084df7b837bb5558cf1109440e6addb01754ef1f934530edff1a8da69689dab8b2ff96e494f5f0b7b9918b5878442be84b441880405900bdd1b93a6acd71b9639f6650f846aa0841ad6b1491326416671aee45cdf382ef9cb65a6214da309eef78b5c9acb012b163b798b7eeb0247c27a6af3b38f596fd58d69fe513fba67d290c37d74355f56dcb6a2a6282a19f4870ad8c6f777d82fce6939e2723d67c33fe6d8197b0ed146bc916174e3b46917ffd6bd74bb012b3f71cc06158ff9dbb42daa0705045412afc5a3fd1c2e860f59c8a2ac8f69572139cb5fb8f68a1d833bfc9ef54f54419107a191c36f8198499668cc1fcd0c0ff0a465fd59e3679e800a54b2324878a34606787e3ab200883590e07277668015da9cbaef36c27b651a36a5a29fce4e5dad32dd3f16dca3a76a7c7e88464f34043e94f25b6c492b30d9eb93eccf3ad9aa4c598c583fbab9bf6b9d1fcc63fbbb2b54c47e4da8c776d930a05da5af09980fd62e2830a119c80eee0acb12b1d031cfe167a9d742235502fdb0cbf136a09afd0788dd6b51538bca2a02cf3a2adf020207e00d92445607b077622715aa21057ac5c17fd12b797f964aca8ecb6ee7fac8da3f5e7b7eee54d7adc478affffd16a0c81248b2f914f1798b5870a2314164e21e95eb5baf797ddef85c13c9ac0f48cde6a3b771abe2253afb29bb564894d4b2c65c0e88c8fe99a8301a03915c304e0612338f348ee2894b85c2086c4563875949d0f1da65e8dcfea66b665e07a2025732e9f92bba2f3c806a4e195d6216800436163e2d7c33c5d82d5ec2960efbd7d9a8f5dc4f3891e65831a2e6dabab8b5046d1023ac69ec5a5ad580bda4abef7f26e0ba416f6e4d085d871bb1c2e49102dc52d4fe29e98b83209c9995fb0c1029811eece332f007bad945ac357042cea4909d1365f90f080062d5c04cc5af2a636cb29bfae4439d692e01edd3d5f9f7004d99bf9ce5875cc722a029b20a2809a2fbf3f07ac7f6fdc9572f603ee3a3b37c7000adafb2a15a44bbd15df9441fa576b448eb5c8df1c79397c37f56fc80937720fda51cf1642e2f8d0e3b10837fb3a3a5f972ed700dbcb2f2c02fe0b10607317935940f854a1edc650fb36c0f6159c7aa091f84fef6847edc486f1e12dd610933910e39b222343ccfcc66dd0eacc668111bd7a7f19cfddc0f7e961ae2530b0bc88e1ee33622a030665286652913336c0b1ae59e5e6e7a649ffbc5f3350b2bf559c39b998831d9a222843cbe419122feb01f301404f69d22edad1b21dc4a4024581611384f8c2b4894c4e98904bb1c68e0fa196b95a3c8b77bfff58ca0b16a55c82120d9a3abca6699de5f9372df91f6d66bc1f03e0f5f6ba53d7b3c73da59d994639dc7bcfb5bf0c707eb6175844eb08408de18f1063d247ebea098142321a78e94468d90d409881af9ea84f11d861e3ce27d86387ad3c46a578cf67f7b6a8c7dd547ee6c5e528460b738cfe0be2ca8098b8e47089a4b9857cd80559d40c63bd63fe46b2468646367286c38ba12263eefe7487fe5a4477f37f977bd15a371792e6d1a6070f026a60c1972276712a1011e0c0d437218bbfbc6386ae2ba8caa9ca5dc1cb004473b691afb62140ad71d832833bcc743b76e6a1c60ad8a2068113724c65d5d8048cc65503c7fa120d81219cd4de25070e162737a37abc443cd6010d6011dc5d5720e139cfcbd9a288030813672729037e0b417fda590227813e27e59bb69fbd9b98280084ec3764883f3daf87156d0b7c4a62546734d6bb43438ef4d976ec717f906900a3efb66373e868e5a1a9f2ac12e4d378a08cdb08ef82dd3a7fc7f630d9531f6749419972e892e56706e401fe55a27a9b3d0f61c73943aacb8a72b30e862eef779a5b6d47542c78a84c18c626cfbfbfc26e68f58b94d99473c94f449d403c3d47d630a0b3cd9471772a14a8a6e2da329662c0a233d7e541a46b20b828d90e5110b79946a5404445495b5610ba698b617b18a0974f17bd04114267d7ee987f42e26734dbc36e6c022430c7e4eea8e14dbd3e64752043bd3ea97dc3118832111d8c5f0acc4e777297b3bcb9f7", 0x1000}, {&(0x7f0000006440)="69e1f62ffe2a554859a54d20c0ac21192d6ac2a63e1b3ab02a28d99cf6ee266dc602d1360afc088a85bf109b9965cd30d4afa200c4216c0ad19d956f3047ad0b072800fcbac17a1944ebf7af442d69b94e705e99c409020fef44f79fcbd626cf0e723efc08d718852b2ca0e360d0b315afeb19f326ba0b254beb586b02c4715875da61a4dcaf796ea561ecb4f2d46668416f6117b80764f6bd639ba1b3cb4a7c82e2c0a6989869755b4fcca8fa6e8c0b203e0aefbeae16a265da5c509142cd9294cee9bdf31bb2a402a947a2095741afc2d301db2b39717aac0386c96531320f73c17ae30535fa86ffe9f5d6cef4f112420e5460dbe64b54cf1e6a52fb33", 0xfe}, {&(0x7f0000006540)="81120e357519203df47487b93c36fa8f1997176fab9c2d7adde11995fb2208baf4749b49449c4d23768daf75fb7bedc2c9cacc49177d2a275a9e36a3a87cf56777295e4401f86e1832af72cc88678f45d7f3d99e43c5832cab1321b3c238aa3829ca60c1454829f58afa965c676e4ecf925e766190165534b3410eefdc1b1569161ff0ae6afd9919256145dd8255db5919ca18085097e254460adf6005b83ae0e1fc3d1fa78941303c2a91d28c1f6ae3cc235919802a4fdc6234cda7501006a65e4d6cb7f8f1c06df04d0f5f1770", 0xce}, {&(0x7f0000006640)="29560547472a4c4ec20ec9d8160171303bf766c01206ee7552ca67a56e6f574af21b96d2c96cfd29fd9e7db1ce23a9", 0x2f}, {&(0x7f0000006680)="94b2cc8cf83a3f237bd4426502851a59b475ba5e69994b844223c79776a7b92f678769a03ebd44b8072e7b64ea21284f5eb8b19f72533e729e1dddc8aa012d40ed8cd5bcd4a51db0bed5ba9a81c682f6acbb748f21d4eca7351086d0713b07f204f48b1e2879ccd3cdd4dc6514fbcf087cfbf67251ce26f18583d53451a1c969726a1b9c15444edb73bd0cefc50c16e4121b75cf37af94928c8a8e5c03591585da826adcce4cf64f0ccabf07aa3f7ac04721b6798527dbf667f85c2ddc22c82b303105567b7d46949e5a65bff1c0517326c21d3dabc65b4fd3d16fe6976cd306057eb5ec8c3902b5e330415870d347f3fecab7cf698917", 0xf7}], 0x9, 0x0, 0x0, 0xc0}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

2.417143939s ago: executing program 8 (id=8066):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="640000000206030004000000000000000000000005000100070000000900020073797a30000000001400078005001500040000000800124000000000050005000a000000050004000000000015000300686173683a69702c706f72742c6e6574"], 0x64}}, 0x10000)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r0, 0xfffffffc)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r4, 0x0, 0x33, &(0x7f0000000040)=0x80000001, 0x4)
listen(r4, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r5, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4)
r6 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff)
r7 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r7, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', r6})
keyctl$KEYCTL_MOVE(0x1e, r6, 0xffffffffffffffff, r7, 0x0)
listen(r5, 0x3)
ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000280)=0x2)
write$uinput_user_dev(r3, &(0x7f00000006c0)={'syz1\x00', {0x5, 0x6, 0x9, 0x1}, 0x4c, [0x0, 0x8, 0x4, 0x800, 0x486, 0x7, 0x7f, 0x3, 0x4, 0x9, 0x5, 0x10001, 0x9, 0x1000, 0x2, 0x5, 0x3, 0xe6d1, 0x0, 0x4, 0x2, 0x9, 0x2, 0xeaab, 0x7cc, 0x72d, 0x4, 0x8, 0xfff, 0xcc000000, 0x9, 0x2, 0x2, 0x1, 0x9, 0xa, 0x62bdaf8b, 0x5, 0x3, 0x7, 0x1, 0x1, 0x2, 0x0, 0x3, 0xc6, 0x1ff, 0x20, 0x1b8, 0x1, 0x1, 0x2, 0x2, 0x29800000, 0xe, 0x1, 0x2, 0x8, 0x3, 0x8, 0x1ce0, 0x9, 0x81, 0xe], [0x1000, 0xb13d, 0x2, 0x5, 0xcb7b, 0x1, 0x3, 0x3, 0xb0, 0x1000, 0x80000001, 0xfffffffb, 0x0, 0x8, 0x200, 0x200000, 0x8, 0x6, 0x7, 0xfffffffc, 0xb0, 0x5, 0x1, 0x7, 0xb, 0x4e6, 0x2, 0xfff, 0xc36, 0xaef, 0x1, 0x4c, 0x7, 0x5, 0x0, 0x40, 0x10101, 0x1, 0x4, 0x59, 0x9, 0x60, 0x6, 0xfe56, 0xfa3, 0xfffffff6, 0x200, 0x5, 0x8, 0x1000, 0x5, 0x0, 0x0, 0x7, 0x6, 0x2, 0x1, 0x1, 0x1ff, 0x2, 0x9, 0x7f, 0x8001, 0x248], [0x2, 0xffff, 0x2, 0x4, 0x9, 0x9, 0xddc, 0x3, 0xffff, 0x7, 0x0, 0xfffffff9, 0x40, 0x8, 0x3, 0x3, 0x3, 0x9, 0x4, 0x8d3, 0x40100000, 0x8, 0x4, 0x1, 0x8, 0x40, 0x2005, 0x2, 0x2, 0x8, 0x7ff, 0x1000, 0x8, 0x4, 0x7, 0x7f, 0x3, 0x200, 0x9, 0x8, 0xffff, 0xcb9, 0x800, 0x1, 0x8, 0x0, 0xfffffffd, 0xf5d1, 0x2e88, 0x1, 0x800, 0x9, 0x7, 0x2, 0xac3, 0x7, 0x81, 0x1, 0x53e, 0x1, 0x6, 0x0, 0x100, 0x8], [0x1ff, 0x80000000, 0x5, 0x4d74, 0x1, 0x7, 0xa, 0x0, 0x32, 0x4, 0x4, 0x7, 0x4, 0x1, 0x0, 0x7fff, 0x3ef, 0x1, 0x8, 0xffffffff, 0xb, 0xa, 0x80000000, 0x0, 0x8, 0xfff, 0x5, 0x4, 0x1007, 0x960, 0x6, 0x3, 0x8, 0x0, 0xa56, 0xf, 0x6, 0x0, 0x0, 0x1, 0xc, 0xfc, 0x9f6057e, 0x8, 0x1000100, 0x9, 0x7fffffff, 0x7, 0x3, 0x7, 0x5, 0x0, 0x100, 0x4, 0x9, 0xfffffff7, 0x9, 0x80000001, 0xd, 0x2, 0xfffffffc, 0x6, 0x9, 0x5]}, 0x45c)
r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)
r10 = syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x181003)
ioctl$DRM_IOCTL_SET_VERSION(r10, 0xc0106407, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x61d})
ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000000)=@arm64={0x4, 0x9, 0x1, '\x00', 0x6})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x2, 0x0, 0x0)
r11 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r11, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)

1.399766366s ago: executing program 8 (id=8067):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x28200, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r1, &(0x7f0000000000), 0x10)
setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, &(0x7f0000000040)=[{{0x4, 0x1}, {0x1, 0x0, 0x1, 0x1}}, {{0x2, 0x0, 0x0, 0x1}, {0x3, 0x0, 0x1}}, {{0x0, 0x0, 0x1, 0x1}, {0x2, 0x0, 0x1, 0x1}}, {{0x4}, {0x1, 0x1, 0x1}}, {{0x1, 0x1, 0x1, 0x1}, {0x2, 0x1, 0x1, 0x1}}, {{0x0, 0x1}, {0x4, 0x1, 0x1}}], 0x30)
bind$can_raw(r1, &(0x7f00000000c0), 0x10)
r2 = getpgrp(0xffffffffffffffff)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000100)={'\x00', 0x9, 0x3ff, 0x76, 0x3, 0x5, <r3=>0x0})
r4 = epoll_create1(0x80000)
kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, r0, &(0x7f0000000080)={r4, r1, 0x1})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x28, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @fd=r5}, @nested={0xc, 0x16, 0x0, 0x1, [@typed={0x8, 0xbf, 0x0, 0x0, @u32=0x7fffffff}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r0, 0x7dfff000)

1.369989298s ago: executing program 8 (id=8068):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000030906010800000001000000000200ffff0900020073797a310000000008000940000000390600010007000000100008800c000780080009"], 0x40}, 0x1, 0x0, 0x0, 0x10000082}, 0x2000481c)

1.313206759s ago: executing program 8 (id=8070):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600)
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000100)='./cgroup\x00', &(0x7f0000000040)='befs\x00', 0x200002, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc058534f, &(0x7f00000001c0)={{0xf}, 0x1})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r2, 0x2000)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000380)={@in6={{0xa, 0x4e22, 0x5, @mcast1, 0x3}}, 0x0, 0x0, 0xc, 0x0, "bb798e1c134bcd58692cdbe0e867d8013f5372a15aaa69b24a03784111fc07075c3f9c39cf05e02b7fcd7de47ed8d5bc94e28d8d296b9ac72491711ffeb7d7c50531c6e6e98ff08137ca6960e17103d9"}, 0xd8)
mremap(&(0x7f000061c000/0x13000)=nil, 0x13000, 0x4000, 0x3, &(0x7f0000fb0000/0x4000)=nil)
r4 = syz_usb_connect$uac1(0x3, 0xda, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xc8, 0x3, 0x1, 0x89, 0x20, 0x3, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x7ff, 0x8}, [@input_terminal={0xc, 0x24, 0x2, 0x2, 0x101, 0x3, 0x26, 0xf, 0xac, 0x77}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0xf, 0x6b, 0x2}, @as_header={0x7, 0x24, 0x1, 0x3, 0x42, 0x5}, @as_header={0x7, 0x24, 0x1, 0x9, 0x2, 0x5}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x101, 0x9, 0x1f}, @as_header={0x7, 0x24, 0x1, 0x80, 0x1, 0x1000}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0xf4, 0x3, 0x81, 0x5, "", "10"}]}, {{0x9, 0x5, 0x1, 0x9, 0x7ff, 0xa2, 0x4, 0xff, {0x7, 0x25, 0x1, 0x3, 0x4, 0x6}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x6, 0x0, 0xf, "df"}, @as_header={0x7, 0x24, 0x1, 0xa6, 0x81, 0x5}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x2, 0x3, 0x3, 0x7f, "114e3a50"}, @as_header={0x7, 0x24, 0x1, 0x9, 0x4, 0x1002}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x7, 0x2, 0x6, 0x73, "", "12e00e"}]}, {{0x9, 0x5, 0x82, 0x9, 0x40, 0x9, 0xd, 0x9, {0x7, 0x25, 0x1, 0x2, 0xd3, 0x6}}}}}}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x250, 0x7, 0x9, 0x7, 0x40, 0xb}, 0x15, &(0x7f0000000140)={0x5, 0xf, 0x15, 0x1, [@ssp_cap={0x10, 0x10, 0xa, 0x4, 0x1, 0x8000, 0xf00f, 0x0, [0x30]}]}, 0x2, [{0x2f, &(0x7f0000000180)=@string={0x2f, 0x3, "526c90363f053410e4e2840710c9713c7b28569e2597ecf7e8ff6c6044a825828174d2e40a36cfa91d1bf1ca37"}}, {0xff, &(0x7f00000001c0)=@string={0xff, 0x3, "f3d1c7aeaf9d05f13a5a3a442f8a609ff093598a320f8f76356100659eb1d25c66492b37d38551087b51fe1bed629d5cec35ace2ad56a617721455f4d85b2315e8356c947d541d6ea0b1ad06d524af09134be9acbe1e5299410e6ca7524cd8dc5bf0fcab2e86966fef70d15ae7e204aeb90a5d03a91e190cf138b61d01e79df21fcc6c6e4a2fa44c9652d93cebfd6d434759a0dc668c7431e2c5a382f3453b1c71ffe45502b2b6dd4ab362296a4243cea5ae8ccd6922b4e5b38f6b80c49eb5e78fa94dd6be3e6e1501939bcddbacd64b23480d3dcf829aecd60e2d801e8ff74c76e2d27aeaa4546f8b2623e6dd05e647ee15b6736fd15f38fd6e6cfa96"}}]})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a40))
syz_usb_control_io(r4, &(0x7f0000000540)={0x2c, &(0x7f0000000300)={0x20, 0x23, 0xd6, {0xd6, 0x8, "09a1e2b93735ad6fb7aa63cdba68816d37b9a4973c449f243be44508cd8cc882fc643dd5f415e5e169a539f8410b93197f089488da217f8768adf7197269336fbcd4c10889f268e3a62f929bff11417b91e92f9d5d07cefdbac82aad4ba1100db8c17729b2fdbd3a91d48a54b9d69b17b4313e608107fd21ded6e2b7295e1e4e811bcfa7531202dd6f654e6328763b9d758a820aafc92b53e9ae026430d3b376e6af36dce50f20c547a67207ab076bc3897f4e3bfba4443494f37646b2e3eced23de0f22e85d740dd5c5eafc6ef39b85768d102f"}}, &(0x7f0000000400)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xfcff}}, &(0x7f0000000440)=ANY=[@ANYBLOB="000f71000000050f71000258100ac2fae0879af5d63d383b64e62acb9aa73a20e7d91d5c96b7880c0a5877f422ca0b49e0c6f7cbec2ef1e68c3b973708b6d576ff8be0f120b4b36b9bd4d9c7efe39d70558307bfeb56d23fc944aa5303626ce02e25416d1e628d9c70b7"], &(0x7f00000004c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x81, 0x10, 0x2, 0x3, "904cfc74", "ecaffd38"}}, &(0x7f0000000500)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x0, 0x60, 0x0, 0x4, 0x9f, 0x7, 0xf}}}, &(0x7f0000000980)={0x84, &(0x7f0000000580)={0x60, 0x14, 0x25, "52e41abe5140cda994479a81df0def4a7d6c17017cf85fec616bf997dfcccf2dec96aa5244"}, &(0x7f00000005c0)={0x0, 0xa, 0x1}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x0, 0x7}}, &(0x7f0000000680)={0x20, 0x0, 0x8, {0xd8f07016e8a40276, 0x4, [0xf00f]}}, &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x7}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x2}, &(0x7f0000000740)={0x40, 0xb, 0x2, "ce42"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0x5}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000000800)={0x40, 0x17, 0x6}, &(0x7f0000000840)={0x40, 0x19, 0x2, '>@'}, &(0x7f0000000880)={0x40, 0x1a, 0x2, 0x7}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x9}, &(0x7f0000000900)={0x40, 0x1e, 0x1, 0x9}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x2}})

1.170378507s ago: executing program 9 (id=8071):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x2, 0x20000000, 0x0, 0x7ff7, 0x3, 0x3, 0x0, 0xfffffffffffffff8, 0x2})

1.14655824s ago: executing program 9 (id=8072):
creat(&(0x7f0000000140)='./file0\x00', 0x71)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb1000000080008004803", 0xfffffffffffffeb6, 0x0, &(0x7f0000000140)={0x11, 0x6, r1}, 0x14)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x286802, 0x0)
mount(&(0x7f0000000180)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='bfs\x00', 0x208003, 0x0)

969.676978ms ago: executing program 9 (id=8073):
r0 = syz_open_dev$dmmidi(&(0x7f0000000100), 0x8, 0x2000)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000140)={0x8, 0x4, 0x1, 0x3, 0x8, 0x97})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
ioctl$HIDIOCGFLAG(r3, 0x8004480e, &(0x7f0000000040))
r4 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETSW(r4, 0x5403, &(0x7f0000000000)={0xffff7ffc, 0x80000000, 0x0, 0xd202, 0xd, "1000004000"})
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000cc0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)="75c1cc54649640be1983f79c5bfe88cd6a6a000070ab59578db363168a2559f334d436138406b699de69db13fd737428808940bcd0940dc930c81aaad8b665cd232c5831977dd63ce2c88d43b17760a6e0df533940a702485bb198e47be60c4fe6987ebfdb041df6bbc2d10b61eb755df569c9cb7c4951ddb54505f67244cd16e376fbbdebc994d22a474b7bc494cafcac137748c8ebff7807053222d67c3ee79861e8cf4ff092236fccfbe08dcb5d7c2ba08b25883740695452a401800e631b0309b9a6963cc00e9e52df03723ce3", 0xcf}, {&(0x7f0000000f80)="b0fef28adda62f55a0000000000000001abe0a88f67472c3cd975c9884ae01084df2b71b56e2a043b74efe85a30267fae395e8a051934cefd1a1f19f89180ab13ab8ec7437b08f50479139867ffe20a7e4088d8a3f4304feafe592c403cb5d1991683fcbda9a1404998bc92cb28946223165c906e2bed23adce7939d37148e79c6b485db91083de9905e7de49fd8837cf3792d697bf8b29b9c6e8daee80e86778a4a2426e6459d4a30ad36b138b31570d8342f7094ca640633ba7e0793a6e21acbc4749413f629ba4de97b84ed9acc06a3d29ef68cd6d32fc4398429c472891f8e244d27a4b6241083efd4ecd2c92d91399de6ddcafbcd07000000000000009d1b7d60c898340102268c474bf8b7db27c8787b34cae8a9c676907ec017733c1ece82e11b99a4bdc74c8d9d1871be6af0fef62b529af9ab1f37d60a2f967d715b301856b033a7e7dac74416447a090f7b6693bbd2deaf5eebbfc9adff299bafcf5772b4f35409a8720dc2b78f09198096c60126f911fd42c29cd6fa311e2c8daef3927ccdc90436b2b6ee4c79ff80f6938e0560d9d8e925bd0180000000000000f8d9b7977fff6c4293065de2ff26a041e67954f68871d010d377f9bad3711b3ea5c6361a97d4d46b8b406091be9433f950613083805aa4ae31e3aef57eb8d299548df54dffa5c4af7f00a869c6bdbc6c2bd1a83262981638ae365b2611d2b50c5f000000d620e2a52db4", 0x20a}], 0x2}, 0x0)
recvmsg(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/233, 0xe9}], 0x1, &(0x7f0000001d00)=""/4080, 0xff0}, 0x0)
close(r5)
ioctl$TIOCL_GETMOUSEREPORTING(r4, 0x5412, &(0x7f0000000080)=0xa)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x2, 0x3, 0x101, 0x0, 0x0, {0x0, 0x0, 0x2}, [@NFQA_CFG_CMD={0x8, 0x1, {0x2, 0x0, 0x1d}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x800)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r8, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000000)={<r9=>0x0, 0x1c, &(0x7f0000000040)=[@in6={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000080)={r9, @in={{0x2, 0x4e20, @empty}}, 0x401, 0x4, 0xffffffff, 0x2, 0x4, 0xc, 0x3}, &(0x7f0000000140)=0x9c)
recvfrom(r2, &(0x7f0000000180)=""/75, 0x4b, 0x2, 0x0, 0x0)
r10 = fcntl$getown(0xffffffffffffffff, 0x9)
ioprio_set$pid(0x2, r10, 0x6000)
connect$bt_sco(r1, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0xffffffffffffffb5)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r3, 0x4, &(0x7f0000000080)='\x00', &(0x7f00000000c0)='./file0\x00', r3)
ioctl$FIONCLEX(r1, 0x5450)

617.461811ms ago: executing program 0 (id=8074):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
futex(&(0x7f000000cffc)=0x1, 0xd, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x1, 0xd, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000)
r1 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$inet6_int(r1, 0x29, 0xcf, 0x0, &(0x7f0000000dc0))
r2 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc)
accept4$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x2710, @my=0x0}, 0x10, 0x80000)
getsockopt$MRT6(r2, 0x29, 0xcf, &(0x7f0000000040), &(0x7f0000000080)=0x4)

42.263088ms ago: executing program 9 (id=8075):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000900000030000380140002007369743000007fffffff00000000000006000400ffff00000800030000000000080001"], 0x44}}, 0x0)

41.538129ms ago: executing program 9 (id=8076):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
set_mempolicy(0x4, 0x0, 0x0)
set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r1, 0x3b8b, &(0x7f0000000300)={0x10})
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a14000000020ad9"], 0x3c}, 0x1, 0x1200}, 0x8040080)

0s ago: executing program 9 (id=8077):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0) (async)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
r1 = syz_open_dev$I2C(0x0, 0xfffffffffffffffc, 0x0)
ioctl$I2C_SMBUS(r1, 0x720, 0x0)
syz_usb_connect(0x3, 0x2d, &(0x7f00000004c0)={{0x12, 0x1, 0x220, 0xc3, 0x5a, 0xa, 0x8, 0x2019, 0xed18, 0xca21, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x7, 0x1, 0xe0, 0x5, [{{0x9, 0x4, 0xc2, 0x0, 0x1, 0xc0, 0x7, 0x93, 0x5c, [], [{{0x9, 0x5, 0x7, 0xd, 0x10, 0x2, 0x5f, 0x4}}]}}]}}]}}, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0})
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) (async)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x8031, 0xffffffffffffffff, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x8031, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e24, @multicast1}, 0x10)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) (async)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
mlock2(&(0x7f00002e5000/0xc00000)=nil, 0xc00000, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000380)='\x00', 0x89901)
fchdir(r3) (async)
fchdir(r3)
mmap$IORING_OFF_CQ_RING(&(0x7f0000c87000/0x4000)=nil, 0x4000, 0x9, 0x1010, r3, 0x8000000)

kernel console output (not intermixed with test programs):

ute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1576.006879][T10942] Call Trace:
[ 1576.006886][T10942]  <TASK>
[ 1576.006895][T10942]  dump_stack_lvl+0x189/0x250
[ 1576.006923][T10942]  ? __pfx____ratelimit+0x10/0x10
[ 1576.006947][T10942]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1576.006969][T10942]  ? __pfx__printk+0x10/0x10
[ 1576.006994][T10942]  ? __pfx___might_resched+0x10/0x10
[ 1576.007013][T10942]  ? fs_reclaim_acquire+0x7d/0x100
[ 1576.007040][T10942]  should_fail_ex+0x414/0x560
[ 1576.007086][T10942]  should_failslab+0xa8/0x100
[ 1576.007105][T10942]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1576.007133][T10942]  ? security_file_alloc+0x34/0x330
[ 1576.007165][T10942]  security_file_alloc+0x34/0x330
[ 1576.007193][T10942]  init_file+0x93/0x2f0
[ 1576.007221][T10942]  alloc_empty_file+0x6e/0x1d0
[ 1576.007249][T10942]  path_openat+0x107/0x3830
[ 1576.007265][T10942]  ? arch_stack_walk+0xfc/0x150
[ 1576.007310][T10942]  ? kasan_save_track+0x4f/0x80
[ 1576.007337][T10942]  ? kasan_save_track+0x3e/0x80
[ 1576.007363][T10942]  ? __kasan_slab_alloc+0x6c/0x80
[ 1576.007385][T10942]  ? getname_flags+0xb8/0x540
[ 1576.007416][T10942]  ? __pfx_path_openat+0x10/0x10
[ 1576.007431][T10942]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1576.007466][T10942]  do_filp_open+0x1fa/0x410
[ 1576.007482][T10942]  ? __lock_acquire+0xab9/0xd20
[ 1576.007511][T10942]  ? __pfx_do_filp_open+0x10/0x10
[ 1576.007549][T10942]  ? _raw_spin_unlock+0x28/0x50
[ 1576.007562][T10942]  ? alloc_fd+0x64c/0x6c0
[ 1576.007592][T10942]  do_sys_openat2+0x121/0x1c0
[ 1576.007621][T10942]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1576.007649][T10942]  ? __fget_files+0x2a/0x420
[ 1576.007671][T10942]  ? __fget_files+0x3a0/0x420
[ 1576.007692][T10942]  ? __fget_files+0x2a/0x420
[ 1576.007721][T10942]  __x64_sys_openat+0x138/0x170
[ 1576.007752][T10942]  do_syscall_64+0xfa/0x3b0
[ 1576.007773][T10942]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1576.007793][T10942]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1576.007810][T10942]  ? clear_bhb_loop+0x60/0xb0
[ 1576.007833][T10942]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1576.007850][T10942] RIP: 0033:0x7f0e68d8d290
[ 1576.007867][T10942] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[ 1576.007884][T10942] RSP: 002b:00007f0e69b56470 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1576.007904][T10942] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0e68d8d290
[ 1576.007918][T10942] RDX: 0000000000000002 RSI: 00007f0e68e108f7 RDI: 00000000ffffff9c
[ 1576.007931][T10942] RBP: 00007f0e68e108f7 R08: 0000000000000000 R09: 0000000000000080
[ 1576.007944][T10942] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1576.007955][T10942] R13: 0000000000000063 R14: 0000200000000000 R15: 0000200000001800
[ 1576.007984][T10942]  </TASK>
[ 1576.102898][T10540] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1576.368676][ T5884] usb 10-1: new high-speed USB device number 25 using dummy_hcd
[ 1576.408764][ T5884] usb 10-1: device descriptor read/8, error -71
[ 1576.535428][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1576.640459][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1576.651856][ T5884] usb 10-1: new high-speed USB device number 26 using dummy_hcd
[ 1576.688538][ T5884] usb 10-1: device descriptor read/8, error -71
[ 1576.705336][T10959] FAT-fs (rnullb0): bogus number of reserved sectors
[ 1576.707468][T10540] veth0_vlan: entered promiscuous mode
[ 1576.718339][T10959] FAT-fs (rnullb0): Can't find a valid FAT filesystem
[ 1576.732805][T10961] FAT-fs (rnullb0): bogus number of reserved sectors
[ 1576.740917][T10961] FAT-fs (rnullb0): Can't find a valid FAT filesystem
[ 1576.759004][T15800] Bluetooth: hci0: command tx timeout
[ 1576.760558][T10540] veth1_vlan: entered promiscuous mode
[ 1576.802246][T10540] veth0_macvtap: entered promiscuous mode
[ 1576.813182][ T5884] usb usb10-port1: unable to enumerate USB device
[ 1576.823058][T10540] veth1_macvtap: entered promiscuous mode
[ 1576.851924][T10540] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1576.866155][T10540] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1576.900690][T16391] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1576.909739][T16391] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1576.921603][T16391] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1576.932909][T16391] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1576.987564][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1577.065828][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1577.094344][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1577.162269][ T7118] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1577.164618][T10981] netlink: 'syz.0.7772': attribute type 10 has an invalid length.
[ 1577.171801][ T7118] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1577.297024][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1577.376547][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1577.403987][T11674] udevd[11674]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1577.515853][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1577.610768][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1577.661072][T11674] udevd[11674]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1577.713524][T11014] ptrace attach of "./syz-executor exec"[32163] was attempted by ""[11014]
[ 1577.756238][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1577.808097][T11017] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.7779'.
[ 1577.962481][T11029] fuseblk: Unknown parameter 'fd�ے�p���Y��R�C'�J�����1��ܮ�iL�c:�e�K�j��9�zѕ��Id�
��@��q�B:��č�����uo���VV��	_y���S��򢥀lv��u�e������pΘ��
�VAvO1L��i
[ 1577.962481][T11029] ��$>�ٓyϯ�yffF)�<��|�gN�_M!ݢH
gp�튆�[��S60x0000000000000049'
[ 1578.057787][ T5884] usb 6-1: new high-speed USB device number 93 using dummy_hcd
[ 1578.233954][ T5884] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1578.244316][ T5884] usb 6-1: config 0 has no interfaces?
[ 1578.250218][ T5884] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1578.259664][ T5884] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1578.273948][ T5884] usb 6-1: config 0 descriptor??
[ 1578.787787][T13197] usb 10-1: new high-speed USB device number 27 using dummy_hcd
[ 1578.828288][T15800] Bluetooth: hci0: command tx timeout
[ 1578.917800][T13197] usb 10-1: device descriptor read/64, error -71
[ 1579.167900][T13197] usb 10-1: new high-speed USB device number 28 using dummy_hcd
[ 1579.308129][T13197] usb 10-1: device descriptor read/64, error -71
[ 1579.418215][T13197] usb usb10-port1: attempt power cycle
[ 1579.767831][T13197] usb 10-1: new high-speed USB device number 29 using dummy_hcd
[ 1579.791184][T13197] usb 10-1: device descriptor read/8, error -71
[ 1580.039997][T13197] usb 10-1: new high-speed USB device number 30 using dummy_hcd
[ 1580.069797][T13197] usb 10-1: device descriptor read/8, error -71
[ 1580.178722][T13197] usb usb10-port1: unable to enumerate USB device
[ 1580.741744][T11049] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[ 1580.751650][T11049] VFS: Can't find a romfs filesystem on dev rnullb0.
[ 1580.751650][T11049] 
[ 1580.843091][    T9] usb 6-1: USB disconnect, device number 93
[ 1580.846506][T11052] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1580.908623][T15800] Bluetooth: hci0: command tx timeout
[ 1580.941403][T11054] netlink: 830 bytes leftover after parsing attributes in process `syz.0.7786'.
[ 1580.973399][T11054] bond_slave_0: entered promiscuous mode
[ 1580.980032][T11054] bond_slave_1: entered promiscuous mode
[ 1581.105200][T11079] XFS (rnullb0): Invalid superblock magic number
[ 1581.343834][T11091] FAULT_INJECTION: forcing a failure.
[ 1581.343834][T11091] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1581.357045][T11091] CPU: 0 UID: 0 PID: 11091 Comm: syz.5.7791 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1581.357071][T11091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1581.357083][T11091] Call Trace:
[ 1581.357091][T11091]  <TASK>
[ 1581.357100][T11091]  dump_stack_lvl+0x189/0x250
[ 1581.357125][T11091]  ? __pfx____ratelimit+0x10/0x10
[ 1581.357147][T11091]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1581.357168][T11091]  ? __pfx__printk+0x10/0x10
[ 1581.357189][T11091]  ? __might_fault+0xb0/0x130
[ 1581.357218][T11091]  should_fail_ex+0x414/0x560
[ 1581.357253][T11091]  copy_fpstate_to_sigframe+0xa8d/0xce0
[ 1581.357283][T11091]  ? copy_fpstate_to_sigframe+0x181/0xce0
[ 1581.357313][T11091]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[ 1581.357352][T11091]  ? __lock_acquire+0xab9/0xd20
[ 1581.357383][T11091]  ? fpu__alloc_mathframe+0xad/0x130
[ 1581.357411][T11091]  get_sigframe+0x58d/0x7d0
[ 1581.357441][T11091]  ? __pfx_get_sigframe+0x10/0x10
[ 1581.357470][T11091]  ? posixtimer_deliver_signal+0x2d9/0x3e0
[ 1581.357497][T11091]  x64_setup_rt_frame+0x15b/0xd40
[ 1581.357529][T11091]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1581.357550][T11091]  ? _raw_spin_unlock_irq+0x2e/0x50
[ 1581.357566][T11091]  ? get_signal+0x1151/0x1340
[ 1581.357601][T11091]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[ 1581.357637][T11091]  arch_do_signal_or_restart+0x3d7/0x750
[ 1581.357662][T11091]  ? __pfx_dma_buf_ioctl+0x10/0x10
[ 1581.357688][T11091]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1581.357720][T11091]  ? __fget_files+0x2a/0x420
[ 1581.357750][T11091]  ? exit_to_user_mode_loop+0x40/0x110
[ 1581.357790][T11091]  exit_to_user_mode_loop+0x75/0x110
[ 1581.357818][T11091]  do_syscall_64+0x2bd/0x3b0
[ 1581.357839][T11091]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1581.357859][T11091]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1581.357877][T11091]  ? clear_bhb_loop+0x60/0xb0
[ 1581.357895][T11091]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1581.357910][T11091] RIP: 0033:0x7f0e68d8e927
[ 1581.357923][T11091] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[ 1581.357936][T11091] RSP: 002b:00007f0e69b58038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1581.357953][T11091] RAX: 0000000000000010 RBX: 00007f0e68fb5fa0 RCX: 00007f0e68d8e929
[ 1581.357963][T11091] RDX: 0000200000000080 RSI: 0000000040086200 RDI: 0000000000000007
[ 1581.357973][T11091] RBP: 00007f0e69b58090 R08: 0000000000000000 R09: 0000000000000000
[ 1581.357982][T11091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1581.357992][T11091] R13: 0000000000000000 R14: 00007f0e68fb5fa0 R15: 00007ffee586c338
[ 1581.358013][T11091]  </TASK>
[ 1581.693588][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1581.765013][T11100] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found
[ 1581.772922][T11100] UDF-fs: Scanning with blocksize 4096 failed
[ 1581.804429][T11102] netlink: 1752 bytes leftover after parsing attributes in process `syz.5.7793'.
[ 1582.001853][T11112] netlink: 36 bytes leftover after parsing attributes in process `syz.9.7796'.
[ 1582.081323][T11112] netlink: 'syz.9.7796': attribute type 28 has an invalid length.
[ 1582.417769][    T9] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[ 1582.567763][    T9] usb 1-1: Using ep0 maxpacket: 16
[ 1582.574545][    T9] usb 1-1: config 0 has an invalid interface number: 133 but max is 0
[ 1582.582804][    T9] usb 1-1: config 0 has no interface number 0
[ 1582.589662][    T9] usb 1-1: config 0 interface 133 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1582.602087][    T9] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[ 1582.611340][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1582.619518][    T9] usb 1-1: Product: syz
[ 1582.624796][    T9] usb 1-1: Manufacturer: syz
[ 1582.629798][    T9] usb 1-1: SerialNumber: syz
[ 1582.637032][    T9] usb 1-1: config 0 descriptor??
[ 1582.936971][    T9] keyspan 1-1:0.133: Keyspan 1 port adapter converter detected
[ 1582.968562][    T9] keyspan 1-1:0.133: unsupported endpoint type 0
[ 1582.977226][    T9] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 81
[ 1583.005301][    T9] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 1
[ 1583.019996][    T9] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 2
[ 1583.040647][    T9] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[ 1583.060883][    T9] usb 1-1: USB disconnect, device number 69
[ 1583.095628][T11145] kvm: pic: single mode not supported
[ 1583.095650][T11145] kvm: pic: level sensitive irq not supported
[ 1583.099268][    T9] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[ 1583.122267][T11145] kvm: pic: non byte write
[ 1583.130096][    T9] keyspan 1-1:0.133: device disconnected
[ 1583.131304][T11145] kvm: pic: single mode not supported
[ 1583.136226][T11145] kvm: pic: level sensitive irq not supported
[ 1583.154865][T11145] kvm: pic: non byte write
[ 1583.166820][T11145] kvm: pic: non byte write
[ 1583.171925][T11145] FAULT_INJECTION: forcing a failure.
[ 1583.171925][T11145] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1583.187419][T11145] CPU: 1 UID: 0 PID: 11145 Comm: syz.9.7799 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1583.187438][T11145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1583.187447][T11145] Call Trace:
[ 1583.187453][T11145]  <TASK>
[ 1583.187458][T11145]  dump_stack_lvl+0x189/0x250
[ 1583.187478][T11145]  ? __pfx____ratelimit+0x10/0x10
[ 1583.187493][T11145]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1583.187508][T11145]  ? __pfx__printk+0x10/0x10
[ 1583.187532][T11145]  should_fail_ex+0x414/0x560
[ 1583.187557][T11145]  __kvm_read_guest_page+0x18d/0x240
[ 1583.187577][T11145]  kvm_fetch_guest_virt+0x12b/0x170
[ 1583.187599][T11145]  ? __pfx_kvm_fetch_guest_virt+0x10/0x10
[ 1583.187619][T11145]  __do_insn_fetch_bytes+0x2f9/0x6d0
[ 1583.187637][T11145]  ? __pfx___do_insn_fetch_bytes+0x10/0x10
[ 1583.187652][T11145]  ? kvm_io_bus_sort_cmp+0xcc/0x120
[ 1583.187681][T11145]  ? picdev_write+0x1a1/0x1f0
[ 1583.187702][T11145]  x86_decode_insn+0x33c/0x5310
[ 1583.187750][T11145]  ? __pfx_x86_decode_insn+0x10/0x10
[ 1583.187780][T11145]  ? __asan_memset+0x22/0x50
[ 1583.187807][T11145]  ? init_decode_cache+0x78/0x90
[ 1583.187827][T11145]  ? init_emulate_ctxt+0x4d6/0x660
[ 1583.187849][T11145]  ? __pfx_init_emulate_ctxt+0x10/0x10
[ 1583.187870][T11145]  ? __phys_addr+0xd3/0x180
[ 1583.187891][T11145]  ? __pfx_rcu_note_context_switch+0x10/0x10
[ 1583.187915][T11145]  ? __get_current_cr3_fast+0x90/0x150
[ 1583.187943][T11145]  x86_emulate_instruction+0x60a/0x1ef0
[ 1583.187971][T11145]  ? vmx_vcpu_run+0x1743/0x2900
[ 1583.187997][T11145]  ? __pfx_x86_emulate_instruction+0x10/0x10
[ 1583.188019][T11145]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[ 1583.188038][T11145]  ? __pfx_current_save_fsgs+0x10/0x10
[ 1583.188068][T11145]  ? __lock_acquire+0xab9/0xd20
[ 1583.188097][T11145]  ? handle_io+0x1e3/0x270
[ 1583.188120][T11145]  ? __pfx_handle_io+0x10/0x10
[ 1583.188142][T11145]  vmx_handle_exit+0x1093/0x18a0
[ 1583.188163][T11145]  ? vcpu_run+0x35f2/0x6fa0
[ 1583.188187][T11145]  ? rcu_is_watching+0x15/0xb0
[ 1583.188215][T11145]  vcpu_run+0x434f/0x6fa0
[ 1583.188256][T11145]  ? vcpu_run+0x35f2/0x6fa0
[ 1583.188324][T11145]  ? __pfx_vcpu_run+0x10/0x10
[ 1583.188352][T11145]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[ 1583.188383][T11145]  ? rcu_is_watching+0x15/0xb0
[ 1583.188406][T11145]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[ 1583.188440][T11145]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[ 1583.188464][T11145]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1583.188492][T11145]  ? rcu_is_watching+0x15/0xb0
[ 1583.188511][T11145]  ? trace_contention_end+0x39/0x120
[ 1583.188532][T11145]  ? __mutex_lock+0x330/0xe80
[ 1583.188557][T11145]  ? kasan_quarantine_put+0xdd/0x220
[ 1583.188589][T11145]  ? kvm_vcpu_ioctl+0x22e/0xe90
[ 1583.188614][T11145]  ? __pfx___mutex_lock+0x10/0x10
[ 1583.188637][T11145]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1583.188659][T11145]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1583.188685][T11145]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1583.188712][T11145]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1583.188740][T11145]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1583.188760][T11145]  ? __lock_acquire+0xab9/0xd20
[ 1583.188807][T11145]  ? __fget_files+0x2a/0x420
[ 1583.188834][T11145]  ? __fget_files+0x2a/0x420
[ 1583.188856][T11145]  ? __fget_files+0x3a0/0x420
[ 1583.188878][T11145]  ? __fget_files+0x2a/0x420
[ 1583.188905][T11145]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1583.188933][T11145]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1583.188955][T11145]  __se_sys_ioctl+0xfc/0x170
[ 1583.188977][T11145]  do_syscall_64+0xfa/0x3b0
[ 1583.188997][T11145]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1583.189017][T11145]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1583.189035][T11145]  ? clear_bhb_loop+0x60/0xb0
[ 1583.189059][T11145]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1583.189078][T11145] RIP: 0033:0x7f251918e929
[ 1583.189094][T11145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1583.189111][T11145] RSP: 002b:00007f2519fa7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1583.189132][T11145] RAX: ffffffffffffffda RBX: 00007f25193b5fa0 RCX: 00007f251918e929
[ 1583.189145][T11145] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1583.189157][T11145] RBP: 00007f2519fa7090 R08: 0000000000000000 R09: 0000000000000000
[ 1583.189169][T11145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1583.189181][T11145] R13: 0000000000000000 R14: 00007f25193b5fa0 R15: 00007ffe46bcb0c8
[ 1583.189210][T11145]  </TASK>
[ 1583.781430][T11161] Can't find a SQUASHFS superblock on rnullb0
[ 1583.941946][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1584.042451][T11177] option changes via remount are deprecated (pid=11176 comm=syz.0.7804)
[ 1584.075132][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1584.159354][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1584.230654][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1584.242015][ T5884] usb 10-1: new full-speed USB device number 31 using dummy_hcd
[ 1584.307826][ T7544] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[ 1584.326286][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1584.425115][ T5884] usb 10-1: unable to get BOS descriptor or descriptor too short
[ 1584.436429][ T5884] usb 10-1: unable to read config index 0 descriptor/start: -71
[ 1584.444496][ T5884] usb 10-1: can't read configurations, error -71
[ 1584.472075][ T7544] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1584.487850][ T7544] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1584.502855][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1584.514528][ T7544] usb 1-1: Product: syz
[ 1584.521295][ T7544] usb 1-1: Manufacturer: syz
[ 1584.526089][ T7544] usb 1-1: SerialNumber: syz
[ 1584.549898][ T7544] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1584.574600][    T9] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1584.614717][T11674] udevd[11674]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1584.699472][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1584.813877][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1585.063405][T13197] usb 1-1: USB disconnect, device number 70
[ 1585.137916][   T43] usb 6-1: new high-speed USB device number 94 using dummy_hcd
[ 1585.277803][ T5884] usb 10-1: new high-speed USB device number 32 using dummy_hcd
[ 1585.313783][   T43] usb 6-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1585.323093][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1585.334707][   T43] usb 6-1: config 0 descriptor??
[ 1585.427969][ T5884] usb 10-1: Using ep0 maxpacket: 32
[ 1585.441632][ T5884] usb 10-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[ 1585.453963][ T5884] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1585.463399][ T5884] usb 10-1: Product: syz
[ 1585.470773][ T5884] usb 10-1: Manufacturer: syz
[ 1585.475498][ T5884] usb 10-1: SerialNumber: syz
[ 1585.483726][ T5884] usb 10-1: config 0 descriptor??
[ 1585.499451][ T5884] gspca_main: stk1135-2.14.0 probing 174f:6a31
[ 1585.628022][    T9] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 1585.635484][    T9] ath9k_htc: Failed to initialize the device
[ 1585.643433][T13197] usb 1-1: ath9k_htc: USB layer deinitialized
[ 1585.911532][T11255] FAULT_INJECTION: forcing a failure.
[ 1585.911532][T11255] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1585.924945][T11255] CPU: 0 UID: 0 PID: 11255 Comm: syz.0.7820 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1585.924970][T11255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1585.924979][T11255] Call Trace:
[ 1585.924986][T11255]  <TASK>
[ 1585.924991][T11255]  dump_stack_lvl+0x189/0x250
[ 1585.925015][T11255]  ? __pfx____ratelimit+0x10/0x10
[ 1585.925038][T11255]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1585.925062][T11255]  ? __pfx__printk+0x10/0x10
[ 1585.925094][T11255]  should_fail_ex+0x414/0x560
[ 1585.925127][T11255]  _copy_to_user+0x31/0xb0
[ 1585.925143][T11255]  simple_read_from_buffer+0xe1/0x170
[ 1585.925164][T11255]  proc_fail_nth_read+0x1df/0x250
[ 1585.925194][T11255]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1585.925225][T11255]  ? rw_verify_area+0x258/0x650
[ 1585.925244][T11255]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1585.925271][T11255]  vfs_read+0x1fd/0x980
[ 1585.925289][T11255]  ? __pfx___mutex_lock+0x10/0x10
[ 1585.925306][T11255]  ? __pfx_vfs_read+0x10/0x10
[ 1585.925323][T11255]  ? __fget_files+0x2a/0x420
[ 1585.925355][T11255]  ? __fget_files+0x3a0/0x420
[ 1585.925378][T11255]  ? __fget_files+0x2a/0x420
[ 1585.925412][T11255]  ksys_read+0x145/0x250
[ 1585.925429][T11255]  ? __pfx_ksys_read+0x10/0x10
[ 1585.925467][T11255]  ? do_syscall_64+0xbe/0x3b0
[ 1585.925498][T11255]  do_syscall_64+0xfa/0x3b0
[ 1585.925522][T11255]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1585.925544][T11255]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1585.925567][T11255]  ? clear_bhb_loop+0x60/0xb0
[ 1585.925587][T11255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1585.925602][T11255] RIP: 0033:0x7fd9e3d8d33c
[ 1585.925616][T11255] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1585.925634][T11255] RSP: 002b:00007fd9e4c94030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1585.925659][T11255] RAX: ffffffffffffffda RBX: 00007fd9e3fb5fa0 RCX: 00007fd9e3d8d33c
[ 1585.925676][T11255] RDX: 000000000000000f RSI: 00007fd9e4c940a0 RDI: 0000000000000005
[ 1585.925689][T11255] RBP: 00007fd9e4c94090 R08: 0000000000000000 R09: 0000000000000000
[ 1585.925702][T11255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1585.925715][T11255] R13: 0000000000000000 R14: 00007fd9e3fb5fa0 R15: 00007ffffd1c6598
[ 1585.925741][T11255]  </TASK>
[ 1587.019950][T11224] mkiss: ax0: crc mode is auto.
[ 1587.106403][T11269] mkiss: ax0: crc mode is auto.
[ 1587.726715][T11224] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1587.751267][T11224] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1587.770742][T11820] udevd[11820]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1587.790268][ T5884] gspca_stk1135: reg_w 0x2ff err -71
[ 1587.797326][ T5884] gspca_stk1135: serial bus timeout: status=0x00
[ 1587.807657][ T5884] gspca_stk1135: Sensor write failed
[ 1587.834534][ T5884] gspca_stk1135: serial bus timeout: status=0x00
[ 1587.846609][ T5884] gspca_stk1135: Sensor write failed
[ 1587.855518][ T5884] gspca_stk1135: serial bus timeout: status=0x00
[ 1587.870911][ T5884] gspca_stk1135: Sensor read failed
[ 1587.876291][ T5884] gspca_stk1135: serial bus timeout: status=0x00
[ 1587.887925][T11674] udevd[11674]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1587.894572][ T5884] gspca_stk1135: Sensor read failed
[ 1587.905278][ T5884] gspca_stk1135: Detected sensor type unknown (0x0)
[ 1587.912425][ T5884] gspca_stk1135: serial bus timeout: status=0x00
[ 1587.919166][ T5884] gspca_stk1135: Sensor read failed
[ 1587.924457][ T5884] gspca_stk1135: serial bus timeout: status=0x00
[ 1587.931012][ T5884] gspca_stk1135: Sensor read failed
[ 1587.936257][ T5884] gspca_stk1135: serial bus timeout: status=0x00
[ 1587.946629][ T5884] gspca_stk1135: Sensor write failed
[ 1587.954470][ T5884] gspca_stk1135: serial bus timeout: status=0x00
[ 1587.962339][ T5884] gspca_stk1135: Sensor write failed
[ 1587.967952][ T5884] stk1135 10-1:0.0: probe with driver stk1135 failed with error -71
[ 1587.981878][ T5884] usb 10-1: USB disconnect, device number 32
[ 1587.985058][   T43] pegasus 6-1:0.0: setup Pegasus II specific registers
[ 1588.278522][T27065] Bluetooth: hci2: command 0x0406 tx timeout
[ 1588.374037][   T43] pegasus 6-1:0.0: can't locate MII phy, using default
[ 1588.393689][   T43] pegasus 6-1:0.0: eth21, ELECOM USB Ethernet LD-USB20, d6:4e:94:2e:01:1a
[ 1588.408060][   T43] usb 6-1: USB disconnect, device number 94
[ 1588.797158][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1588.821990][T11330] "syz.5.7829" (11330) uses obsolete ecb(arc4) skcipher
[ 1588.900740][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1589.074033][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1589.348416][ T5884] usb 6-1: new high-speed USB device number 95 using dummy_hcd
[ 1589.468089][    T9] usb 10-1: new high-speed USB device number 33 using dummy_hcd
[ 1589.477984][ T5884] usb 6-1: device descriptor read/64, error -71
[ 1589.617805][    T9] usb 10-1: Using ep0 maxpacket: 32
[ 1589.626559][    T9] usb 10-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[ 1589.635914][    T9] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1589.644161][    T9] usb 10-1: Product: syz
[ 1589.648518][    T9] usb 10-1: Manufacturer: syz
[ 1589.653216][    T9] usb 10-1: SerialNumber: syz
[ 1589.657796][ T5945] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[ 1589.667457][    T9] usb 10-1: config 0 descriptor??
[ 1589.678593][    T9] gspca_main: stk1135-2.14.0 probing 174f:6a31
[ 1589.717843][ T5884] usb 6-1: new high-speed USB device number 96 using dummy_hcd
[ 1589.807764][ T5945] usb 1-1: Using ep0 maxpacket: 32
[ 1589.814713][ T5945] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[ 1589.822946][ T5945] usb 1-1: config 0 has no interface number 0
[ 1589.834860][ T5945] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1589.844150][ T5945] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1589.852418][ T5945] usb 1-1: Product: syz
[ 1589.856742][ T5945] usb 1-1: Manufacturer: syz
[ 1589.862460][ T5945] usb 1-1: SerialNumber: syz
[ 1589.868506][ T5884] usb 6-1: device descriptor read/64, error -71
[ 1589.880385][ T5945] usb 1-1: config 0 descriptor??
[ 1589.895263][ T5945] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1589.991048][ T5884] usb usb6-port1: attempt power cycle
[ 1590.097426][ T5945] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1590.115018][ T5945] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1590.337782][ T5884] usb 6-1: new high-speed USB device number 97 using dummy_hcd
[ 1590.358392][ T5884] usb 6-1: device descriptor read/8, error -71
[ 1590.598076][ T5884] usb 6-1: new high-speed USB device number 98 using dummy_hcd
[ 1590.618515][ T5884] usb 6-1: device descriptor read/8, error -71
[ 1590.663759][    C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1590.678102][   T43] usb 1-1: USB disconnect, device number 71
[ 1590.689166][   T43] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1590.711055][   T43] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1590.726153][   T43] quatech2 1-1:0.51: device disconnected
[ 1590.728843][ T5884] usb usb6-port1: unable to enumerate USB device
[ 1590.986479][T11674] udevd[11674]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1591.059462][T11674] udevd[11674]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1591.084247][T11399] /dev/rnullb0: Can't open blockdev
[ 1591.135195][T11674] udevd[11674]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1591.205999][T11674] udevd[11674]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1591.325959][T11674] udevd[11674]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1591.897117][    T9] gspca_stk1135: reg_w 0x2ff err -71
[ 1591.905533][    T9] gspca_stk1135: serial bus timeout: status=0x00
[ 1591.914490][    T9] gspca_stk1135: Sensor write failed
[ 1591.919930][    T9] gspca_stk1135: serial bus timeout: status=0x00
[ 1591.926295][    T9] gspca_stk1135: Sensor write failed
[ 1591.933331][    T9] gspca_stk1135: serial bus timeout: status=0x00
[ 1591.940928][    T9] gspca_stk1135: Sensor read failed
[ 1591.946156][    T9] gspca_stk1135: serial bus timeout: status=0x00
[ 1591.954379][    T9] gspca_stk1135: Sensor read failed
[ 1591.959758][    T9] gspca_stk1135: Detected sensor type unknown (0x0)
[ 1591.966430][    T9] gspca_stk1135: serial bus timeout: status=0x00
[ 1591.972821][    T9] gspca_stk1135: Sensor read failed
[ 1591.978344][    T9] gspca_stk1135: serial bus timeout: status=0x00
[ 1591.984694][    T9] gspca_stk1135: Sensor read failed
[ 1591.990102][    T9] gspca_stk1135: serial bus timeout: status=0x00
[ 1591.996441][    T9] gspca_stk1135: Sensor write failed
[ 1592.001822][    T9] gspca_stk1135: serial bus timeout: status=0x00
[ 1592.008291][    T9] gspca_stk1135: Sensor write failed
[ 1592.013670][    T9] stk1135 10-1:0.0: probe with driver stk1135 failed with error -71
[ 1592.027606][    T9] usb 10-1: USB disconnect, device number 33
[ 1592.190184][T11437] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1592.807871][ T5884] usb 10-1: new high-speed USB device number 34 using dummy_hcd
[ 1592.970929][ T5884] usb 10-1: Using ep0 maxpacket: 32
[ 1592.978288][ T5884] usb 10-1: unable to get BOS descriptor or descriptor too short
[ 1592.986923][ T5884] usb 10-1: config 1 interface 0 altsetting 5 bulk endpoint 0x82 has invalid maxpacket 24
[ 1592.998911][ T5884] usb 10-1: config 1 interface 0 altsetting 5 bulk endpoint 0x3 has invalid maxpacket 1023
[ 1593.008966][ T5884] usb 10-1: config 1 interface 0 has no altsetting 0
[ 1593.017427][ T5884] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1593.026748][ T5884] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1593.034920][ T5884] usb 10-1: Product: syz
[ 1593.039262][ T5884] usb 10-1: Manufacturer: syz
[ 1593.043957][ T5884] usb 10-1: SerialNumber: syz
[ 1593.052304][T11453] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[ 1593.059797][T11453] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[ 1593.275088][T11674] udevd[11674]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1593.392446][T11674] udevd[11674]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1595.325680][T11674] udevd[11674]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1595.445208][T11484] kvm: pic: single mode not supported
[ 1595.446535][T11484] kvm: pic: single mode not supported
[ 1595.482644][T11484] kvm: pic: non byte write
[ 1595.500705][T11484] kvm: pic: non byte write
[ 1595.505576][T11484] FAULT_INJECTION: forcing a failure.
[ 1595.505576][T11484] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1595.527412][T11484] CPU: 0 UID: 0 PID: 11484 Comm: syz.5.7856 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1595.527438][T11484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1595.527454][T11484] Call Trace:
[ 1595.527462][T11484]  <TASK>
[ 1595.527470][T11484]  dump_stack_lvl+0x189/0x250
[ 1595.527497][T11484]  ? __pfx____ratelimit+0x10/0x10
[ 1595.527519][T11484]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1595.527540][T11484]  ? __pfx__printk+0x10/0x10
[ 1595.527575][T11484]  should_fail_ex+0x414/0x560
[ 1595.527611][T11484]  __kvm_read_guest_page+0x18d/0x240
[ 1595.527638][T11484]  kvm_fetch_guest_virt+0x12b/0x170
[ 1595.527668][T11484]  ? __pfx_kvm_fetch_guest_virt+0x10/0x10
[ 1595.527696][T11484]  __do_insn_fetch_bytes+0x2f9/0x6d0
[ 1595.527721][T11484]  ? __pfx___do_insn_fetch_bytes+0x10/0x10
[ 1595.527749][T11484]  ? picdev_write+0x17c/0x1f0
[ 1595.527771][T11484]  x86_decode_insn+0x33c/0x5310
[ 1595.527819][T11484]  ? __pfx_x86_decode_insn+0x10/0x10
[ 1595.527849][T11484]  ? __asan_memset+0x22/0x50
[ 1595.527876][T11484]  ? init_decode_cache+0x78/0x90
[ 1595.527895][T11484]  ? init_emulate_ctxt+0x4d6/0x660
[ 1595.527916][T11484]  ? __pfx_init_emulate_ctxt+0x10/0x10
[ 1595.527933][T11484]  ? __phys_addr+0xd3/0x180
[ 1595.527950][T11484]  ? __pfx_rcu_note_context_switch+0x10/0x10
[ 1595.527969][T11484]  ? __get_current_cr3_fast+0x90/0x150
[ 1595.527991][T11484]  x86_emulate_instruction+0x60a/0x1ef0
[ 1595.528013][T11484]  ? vmx_vcpu_run+0x1743/0x2900
[ 1595.528033][T11484]  ? __pfx_x86_emulate_instruction+0x10/0x10
[ 1595.528050][T11484]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[ 1595.528064][T11484]  ? __pfx_current_save_fsgs+0x10/0x10
[ 1595.528089][T11484]  ? __lock_acquire+0xab9/0xd20
[ 1595.528125][T11484]  ? handle_io+0x1e3/0x270
[ 1595.528143][T11484]  ? __pfx_handle_io+0x10/0x10
[ 1595.528160][T11484]  vmx_handle_exit+0x1093/0x18a0
[ 1595.528176][T11484]  ? vcpu_run+0x35f2/0x6fa0
[ 1595.528204][T11484]  vcpu_run+0x434f/0x6fa0
[ 1595.528236][T11484]  ? vcpu_run+0x35f2/0x6fa0
[ 1595.528287][T11484]  ? __pfx_vcpu_run+0x10/0x10
[ 1595.528310][T11484]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[ 1595.528334][T11484]  ? rcu_is_watching+0x15/0xb0
[ 1595.528351][T11484]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[ 1595.528378][T11484]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[ 1595.528396][T11484]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1595.528418][T11484]  ? rcu_is_watching+0x15/0xb0
[ 1595.528432][T11484]  ? trace_contention_end+0x39/0x120
[ 1595.528449][T11484]  ? __mutex_lock+0x330/0xe80
[ 1595.528467][T11484]  ? kasan_quarantine_put+0xdd/0x220
[ 1595.528493][T11484]  ? kvm_vcpu_ioctl+0x22e/0xe90
[ 1595.528512][T11484]  ? __pfx___mutex_lock+0x10/0x10
[ 1595.528529][T11484]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1595.528546][T11484]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1595.528561][T11484]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1595.528581][T11484]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1595.528603][T11484]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1595.528618][T11484]  ? __lock_acquire+0xab9/0xd20
[ 1595.528654][T11484]  ? __fget_files+0x2a/0x420
[ 1595.528675][T11484]  ? __fget_files+0x2a/0x420
[ 1595.528693][T11484]  ? __fget_files+0x3a0/0x420
[ 1595.528710][T11484]  ? __fget_files+0x2a/0x420
[ 1595.528730][T11484]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1595.528753][T11484]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1595.528770][T11484]  __se_sys_ioctl+0xfc/0x170
[ 1595.528786][T11484]  do_syscall_64+0xfa/0x3b0
[ 1595.528805][T11484]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1595.528819][T11484]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1595.528834][T11484]  ? clear_bhb_loop+0x60/0xb0
[ 1595.528854][T11484]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1595.528869][T11484] RIP: 0033:0x7f0e68d8e929
[ 1595.528882][T11484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1595.528896][T11484] RSP: 002b:00007f0e69b58038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1595.528912][T11484] RAX: ffffffffffffffda RBX: 00007f0e68fb5fa0 RCX: 00007f0e68d8e929
[ 1595.528924][T11484] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1595.528934][T11484] RBP: 00007f0e69b58090 R08: 0000000000000000 R09: 0000000000000000
[ 1595.528944][T11484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1595.528953][T11484] R13: 0000000000000000 R14: 00007f0e68fb5fa0 R15: 00007ffee586c338
[ 1595.528976][T11484]  </TASK>
[ 1596.241203][ T5884] usb 10-1: bad CDC descriptors
[ 1596.259874][ T5884] usb 10-1: USB disconnect, device number 34
[ 1596.336823][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1596.364438][T11507] syz.5.7859: attempt to access beyond end of device
[ 1596.364438][T11507] loop5: rw=2048, sector=2, nr_sectors = 1 limit=0
[ 1596.382502][T11507] hfsplus: unable to find HFS+ superblock
[ 1596.439700][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1596.530941][T11674] udevd[11674]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1596.572245][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1596.596468][T11517] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem
[ 1596.617907][ T5884] usb 10-1: new high-speed USB device number 35 using dummy_hcd
[ 1596.680742][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1596.777894][ T5884] usb 10-1: Using ep0 maxpacket: 32
[ 1596.795984][ T5884] usb 10-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[ 1596.818970][ T5884] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1596.827615][ T5884] usb 10-1: Product: syz
[ 1596.835126][ T5884] usb 10-1: Manufacturer: syz
[ 1596.841976][ T5884] usb 10-1: SerialNumber: syz
[ 1596.852990][ T5884] usb 10-1: config 0 descriptor??
[ 1596.882571][ T5884] gspca_main: stk1135-2.14.0 probing 174f:6a31
[ 1597.298060][ T7544] usb 1-1: new full-speed USB device number 72 using dummy_hcd
[ 1597.472842][ T7544] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1597.489102][ T7544] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1597.505144][ T7544] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[ 1597.519155][ T7544] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1597.527336][ T7544] usb 1-1: SerialNumber: syz
[ 1597.557376][ T7544] usb 1-1: 0:2 : does not exist
[ 1597.754003][T11543] kvm: kvm [11542]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0x524090000
[ 1597.766646][T13197] usb 1-1: USB disconnect, device number 72
[ 1598.738946][T13197] usb 1-1: new low-speed USB device number 73 using dummy_hcd
[ 1598.867973][T13197] usb 1-1: device descriptor read/64, error -71
[ 1599.083522][ T5884] gspca_stk1135: reg_w 0x2ff err -71
[ 1599.092173][ T5884] gspca_stk1135: serial bus timeout: status=0x00
[ 1599.101906][ T5884] gspca_stk1135: Sensor write failed
[ 1599.107865][T13197] usb 1-1: new low-speed USB device number 74 using dummy_hcd
[ 1599.109774][ T5884] gspca_stk1135: serial bus timeout: status=0x00
[ 1599.121955][ T5884] gspca_stk1135: Sensor write failed
[ 1599.127263][ T5884] gspca_stk1135: serial bus timeout: status=0x00
[ 1599.133694][ T5884] gspca_stk1135: Sensor read failed
[ 1599.139286][ T5884] gspca_stk1135: serial bus timeout: status=0x00
[ 1599.145621][ T5884] gspca_stk1135: Sensor read failed
[ 1599.151951][ T5884] gspca_stk1135: Detected sensor type unknown (0x0)
[ 1599.158728][ T5884] gspca_stk1135: serial bus timeout: status=0x00
[ 1599.165083][ T5884] gspca_stk1135: Sensor read failed
[ 1599.170411][ T5884] gspca_stk1135: serial bus timeout: status=0x00
[ 1599.176788][ T5884] gspca_stk1135: Sensor read failed
[ 1599.182411][ T5884] gspca_stk1135: serial bus timeout: status=0x00
[ 1599.188883][ T5884] gspca_stk1135: Sensor write failed
[ 1599.194188][ T5884] gspca_stk1135: serial bus timeout: status=0x00
[ 1599.200709][ T5884] gspca_stk1135: Sensor write failed
[ 1599.206055][ T5884] stk1135 10-1:0.0: probe with driver stk1135 failed with error -71
[ 1599.220469][ T5884] usb 10-1: USB disconnect, device number 35
[ 1599.247839][T13197] usb 1-1: device descriptor read/64, error -71
[ 1599.361896][T13197] usb usb1-port1: attempt power cycle
[ 1599.651052][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1599.708022][T13197] usb 1-1: new low-speed USB device number 75 using dummy_hcd
[ 1599.740575][T13197] usb 1-1: device descriptor read/8, error -71
[ 1599.785543][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1599.823472][T11674] udevd[11674]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1599.863587][T11612] FAULT_INJECTION: forcing a failure.
[ 1599.863587][T11612] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1599.895651][T11612] CPU: 1 UID: 0 PID: 11612 Comm: syz.5.7869 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1599.895681][T11612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1599.895694][T11612] Call Trace:
[ 1599.895703][T11612]  <TASK>
[ 1599.895714][T11612]  dump_stack_lvl+0x189/0x250
[ 1599.895745][T11612]  ? __pfx____ratelimit+0x10/0x10
[ 1599.895769][T11612]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1599.895792][T11612]  ? __pfx__printk+0x10/0x10
[ 1599.895839][T11612]  should_fail_ex+0x414/0x560
[ 1599.895879][T11612]  _copy_to_user+0x31/0xb0
[ 1599.895903][T11612]  simple_read_from_buffer+0xe1/0x170
[ 1599.895934][T11612]  proc_fail_nth_read+0x1df/0x250
[ 1599.895967][T11612]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1599.895999][T11612]  ? rw_verify_area+0x258/0x650
[ 1599.896022][T11612]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1599.896053][T11612]  vfs_read+0x1fd/0x980
[ 1599.896080][T11612]  ? __pfx___mutex_lock+0x10/0x10
[ 1599.896106][T11612]  ? __pfx_vfs_read+0x10/0x10
[ 1599.896129][T11612]  ? __fget_files+0x2a/0x420
[ 1599.896162][T11612]  ? __fget_files+0x3a0/0x420
[ 1599.896187][T11612]  ? __fget_files+0x2a/0x420
[ 1599.896224][T11612]  ksys_read+0x145/0x250
[ 1599.896248][T11612]  ? __pfx_ksys_read+0x10/0x10
[ 1599.896269][T11612]  ? rcu_is_watching+0x15/0xb0
[ 1599.896296][T11612]  ? do_syscall_64+0xbe/0x3b0
[ 1599.896324][T11612]  do_syscall_64+0xfa/0x3b0
[ 1599.896347][T11612]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1599.896369][T11612]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1599.896391][T11612]  ? clear_bhb_loop+0x60/0xb0
[ 1599.896417][T11612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1599.896438][T11612] RIP: 0033:0x7f0e68d8d33c
[ 1599.896457][T11612] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1599.896476][T11612] RSP: 002b:00007f0e69b58030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1599.896498][T11612] RAX: ffffffffffffffda RBX: 00007f0e68fb5fa0 RCX: 00007f0e68d8d33c
[ 1599.896516][T11612] RDX: 000000000000000f RSI: 00007f0e69b580a0 RDI: 0000000000000005
[ 1599.896528][T11612] RBP: 00007f0e69b58090 R08: 0000000000000000 R09: 0000000000000000
[ 1599.896543][T11612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1599.896556][T11612] R13: 0000000000000000 R14: 00007f0e68fb5fa0 R15: 00007ffee586c338
[ 1599.896589][T11612]  </TASK>
[ 1600.152762][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1600.217120][T11674] udevd[11674]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1600.235847][T13197] usb 1-1: new low-speed USB device number 76 using dummy_hcd
[ 1600.259074][T13197] usb 1-1: device descriptor read/8, error -71
[ 1600.279207][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1600.372085][T13197] usb usb1-port1: unable to enumerate USB device
[ 1600.427564][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1600.444026][T11674] udevd[11674]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1600.500146][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1600.622053][T11637] hfs: can't find a HFS filesystem on dev rnullb0
[ 1600.667234][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1600.737306][T11643] netlink: 40 bytes leftover after parsing attributes in process `syz.5.7877'.
[ 1600.902698][T11651] FAULT_INJECTION: forcing a failure.
[ 1600.902698][T11651] name failslab, interval 1, probability 0, space 0, times 0
[ 1600.940441][T11651] CPU: 1 UID: 0 PID: 11651 Comm: syz.8.7878 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1600.940463][T11651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1600.940479][T11651] Call Trace:
[ 1600.940485][T11651]  <TASK>
[ 1600.940492][T11651]  dump_stack_lvl+0x189/0x250
[ 1600.940514][T11651]  ? __pfx____ratelimit+0x10/0x10
[ 1600.940531][T11651]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1600.940547][T11651]  ? __pfx__printk+0x10/0x10
[ 1600.940566][T11651]  ? __pfx___might_resched+0x10/0x10
[ 1600.940580][T11651]  ? fs_reclaim_acquire+0x7d/0x100
[ 1600.940600][T11651]  should_fail_ex+0x414/0x560
[ 1600.940627][T11651]  should_failslab+0xa8/0x100
[ 1600.940644][T11651]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1600.940657][T11651]  ? rtnl_newlink+0xed/0x1c70
[ 1600.940673][T11651]  ? kasan_save_free_info+0x46/0x50
[ 1600.940694][T11651]  rtnl_newlink+0xed/0x1c70
[ 1600.940710][T11651]  ? netlink_sendmsg+0x805/0xb30
[ 1600.940727][T11651]  ? __sock_sendmsg+0x219/0x270
[ 1600.940740][T11651]  ? ____sys_sendmsg+0x505/0x830
[ 1600.940758][T11651]  ? ___sys_sendmsg+0x21f/0x2a0
[ 1600.940776][T11651]  ? __x64_sys_sendmsg+0x19b/0x260
[ 1600.940794][T11651]  ? do_syscall_64+0xfa/0x3b0
[ 1600.940809][T11651]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1600.940829][T11651]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1600.940860][T11651]  ? kasan_quarantine_put+0xdd/0x220
[ 1600.940881][T11651]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1600.940900][T11651]  ? nlmon_xmit+0xb0/0x100
[ 1600.940919][T11651]  ? kmem_cache_free+0x18f/0x400
[ 1600.940937][T11651]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1600.940951][T11651]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1600.940967][T11651]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1600.940991][T11651]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1600.941006][T11651]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1600.941051][T11651]  ? __lock_acquire+0xab9/0xd20
[ 1600.941090][T11651]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1600.941105][T11651]  rtnetlink_rcv_msg+0x7cf/0xb70
[ 1600.941124][T11651]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1600.941140][T11651]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1600.941155][T11651]  ? ref_tracker_free+0x63a/0x7d0
[ 1600.941173][T11651]  ? __copy_skb_header+0xa7/0x550
[ 1600.941203][T11651]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1600.941224][T11651]  ? __skb_clone+0x63/0x7a0
[ 1600.941261][T11651]  netlink_rcv_skb+0x205/0x470
[ 1600.941279][T11651]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1600.941296][T11651]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1600.941321][T11651]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1600.941337][T11651]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1600.941357][T11651]  netlink_unicast+0x758/0x8d0
[ 1600.941378][T11651]  netlink_sendmsg+0x805/0xb30
[ 1600.941401][T11651]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1600.941420][T11651]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1600.941439][T11651]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1600.941457][T11651]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1600.941479][T11651]  __sock_sendmsg+0x219/0x270
[ 1600.941496][T11651]  ____sys_sendmsg+0x505/0x830
[ 1600.941519][T11651]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1600.941545][T11651]  ? import_iovec+0x74/0xa0
[ 1600.941561][T11651]  ___sys_sendmsg+0x21f/0x2a0
[ 1600.941582][T11651]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1600.941624][T11651]  ? __fget_files+0x2a/0x420
[ 1600.941642][T11651]  ? __fget_files+0x3a0/0x420
[ 1600.941666][T11651]  __x64_sys_sendmsg+0x19b/0x260
[ 1600.941687][T11651]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1600.941713][T11651]  ? __pfx_ksys_write+0x10/0x10
[ 1600.941728][T11651]  ? rcu_is_watching+0x15/0xb0
[ 1600.941746][T11651]  ? do_syscall_64+0xbe/0x3b0
[ 1600.941764][T11651]  do_syscall_64+0xfa/0x3b0
[ 1600.941779][T11651]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1600.941794][T11651]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1600.941808][T11651]  ? clear_bhb_loop+0x60/0xb0
[ 1600.941825][T11651]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1600.941839][T11651] RIP: 0033:0x7f4e1b18e929
[ 1600.941852][T11651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1600.941864][T11651] RSP: 002b:00007f4e1c053038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1600.941880][T11651] RAX: ffffffffffffffda RBX: 00007f4e1b3b5fa0 RCX: 00007f4e1b18e929
[ 1600.941891][T11651] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000007
[ 1600.941900][T11651] RBP: 00007f4e1c053090 R08: 0000000000000000 R09: 0000000000000000
[ 1600.941909][T11651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1600.941917][T11651] R13: 0000000000000000 R14: 00007f4e1b3b5fa0 R15: 00007fffdfec0b38
[ 1600.941938][T11651]  </TASK>
[ 1601.928936][T11689] netlink: 56 bytes leftover after parsing attributes in process `syz.0.7885'.
[ 1602.080396][T11696] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7888'.
[ 1602.090007][T11696] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7888'.
[ 1602.141200][T11698] tmpfs: Bad value for 'mpol'
[ 1603.518208][    T9] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[ 1603.677775][    T9] usb 1-1: Using ep0 maxpacket: 32
[ 1603.686907][    T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1603.701493][    T9] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1603.710842][    T9] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1603.721137][    T9] usb 1-1: Product: syz
[ 1603.725333][    T9] usb 1-1: Manufacturer: syz
[ 1603.733004][    T9] usb 1-1: SerialNumber: syz
[ 1603.746641][    T9] usb 1-1: config 0 descriptor??
[ 1603.753055][T11715] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 1603.767874][    T9] hub 1-1:0.0: bad descriptor, ignoring hub
[ 1603.774313][    T9] hub 1-1:0.0: probe with driver hub failed with error -5
[ 1603.893809][T11733] netlink: 20 bytes leftover after parsing attributes in process `syz.9.7897'.
[ 1603.903454][T11733] netlink: 20 bytes leftover after parsing attributes in process `syz.9.7897'.
[ 1604.098017][T13197] usb 1-1: USB disconnect, device number 77
[ 1604.266725][T11759] netlink: 'syz.9.7903': attribute type 1 has an invalid length.
[ 1604.275755][T11759] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1604.427838][T13197] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[ 1604.587803][T13197] usb 1-1: Using ep0 maxpacket: 32
[ 1604.594780][T13197] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1604.607933][T13197] usb 1-1: string descriptor 0 read error: -22
[ 1604.614631][T13197] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1604.624090][T13197] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1604.635388][T13197] usb 1-1: config 0 descriptor??
[ 1604.646851][T11715] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 1604.655606][T13197] hub 1-1:0.0: bad descriptor, ignoring hub
[ 1604.661934][T13197] hub 1-1:0.0: probe with driver hub failed with error -5
[ 1604.831657][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1604.862165][T11715] netlink: 'syz.0.7894': attribute type 1 has an invalid length.
[ 1604.921973][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1604.988014][T13197] usb 1-1: USB disconnect, device number 78
[ 1605.188537][T11801] netlink: 20 bytes leftover after parsing attributes in process `syz.9.7906'.
[ 1605.198088][T11801] netlink: 20 bytes leftover after parsing attributes in process `syz.9.7906'.
[ 1605.220534][ T7544] usb 6-1: new high-speed USB device number 99 using dummy_hcd
[ 1605.394885][ T7544] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1605.413336][ T7544] usb 6-1: config 0 has no interface number 0
[ 1605.423445][ T7544] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[ 1605.449628][ T7544] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1605.474537][ T7544] usb 6-1: config 0 descriptor??
[ 1605.491931][ T7544] usb 6-1: selecting invalid altsetting 1
[ 1605.518413][ T7544] dvb_ttusb_budget: ttusb_init_controller: error
[ 1605.524998][ T7544] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[ 1605.617595][ T7544] DVB: Unable to find symbol cx22700_attach()
[ 1605.667762][ T7544] DVB: Unable to find symbol tda10046_attach()
[ 1605.673957][ T7544] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[ 1605.737950][T13197] usb 1-1: new high-speed USB device number 79 using dummy_hcd
[ 1605.897783][T13197] usb 1-1: Using ep0 maxpacket: 16
[ 1605.906111][T13197] usb 1-1: config 1 interface 0 has no altsetting 0
[ 1605.917178][T13197] usb 1-1: New USB device found, idVendor=05ac, idProduct=024f, bcdDevice= 0.40
[ 1605.927547][T13197] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1605.937820][T13197] usb 1-1: Product: Л
[ 1605.941955][T13197] usb 1-1: Manufacturer: 坡䲧Ⴆ憼媚鍨㲾ﾇ卝⮞ฐ䠷鱹닳⃢⒀㝌ﵜꚰ꥙嚘演鸱䦃糀脬숞쬃ϼ
[ 1605.958999][T13197] usb 1-1: SerialNumber: Ќ
[ 1606.401535][T13197] usbhid 1-1:1.0: can't add hid device: -71
[ 1606.409627][T13197] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[ 1606.422310][T13197] usb 1-1: USB disconnect, device number 79
[ 1606.954241][T11840] netlink: 277 bytes leftover after parsing attributes in process `syz.0.7909'.
[ 1607.011084][T11842] tipc: Started in network mode
[ 1607.016117][T11842] tipc: Node identity ., cluster identity 4711
[ 1607.025291][T11842] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[ 1607.317310][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1607.986793][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1608.088162][ T5884] usb 6-1: USB disconnect, device number 99
[ 1608.094231][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1608.114025][T11851] binder: BC_ACQUIRE_RESULT not supported
[ 1608.134149][T11851] binder: 11850:11851 ioctl c0306201 200000000580 returned -22
[ 1608.178713][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1608.208451][T11860] netlink: 8 bytes leftover after parsing attributes in process `syz.8.7916'.
[ 1608.236279][T11851] vxcan1 speed is unknown, defaulting to 1000
[ 1608.268971][T11869] FAULT_INJECTION: forcing a failure.
[ 1608.268971][T11869] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1608.312243][T11869] CPU: 0 UID: 0 PID: 11869 Comm: syz.5.7915 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1608.312271][T11869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1608.312284][T11869] Call Trace:
[ 1608.312292][T11869]  <TASK>
[ 1608.312300][T11869]  dump_stack_lvl+0x189/0x250
[ 1608.312327][T11869]  ? __pfx____ratelimit+0x10/0x10
[ 1608.312348][T11869]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1608.312370][T11869]  ? __pfx__printk+0x10/0x10
[ 1608.312392][T11869]  ? __might_fault+0xb0/0x130
[ 1608.312421][T11869]  should_fail_ex+0x414/0x560
[ 1608.312473][T11869]  _copy_from_user+0x2d/0xb0
[ 1608.312495][T11869]  memdup_user+0x5e/0xd0
[ 1608.312522][T11869]  kvm_arch_vcpu_ioctl+0x1aa8/0x2a40
[ 1608.312555][T11869]  ? __lock_acquire+0xab9/0xd20
[ 1608.312583][T11869]  ? kvm_arch_vcpu_ioctl+0x5f8/0x2a40
[ 1608.312616][T11869]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[ 1608.312650][T11869]  ? __lock_acquire+0xab9/0xd20
[ 1608.312700][T11869]  ? is_bpf_text_address+0x26/0x2b0
[ 1608.312738][T11869]  ? is_bpf_text_address+0x292/0x2b0
[ 1608.312768][T11869]  ? is_bpf_text_address+0x26/0x2b0
[ 1608.312801][T11869]  ? kernel_text_address+0xa5/0xe0
[ 1608.312829][T11869]  ? __kernel_text_address+0xd/0x40
[ 1608.312855][T11869]  ? unwind_get_return_address+0x4d/0x90
[ 1608.312876][T11869]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1608.312901][T11869]  ? arch_stack_walk+0xfc/0x150
[ 1608.312935][T11869]  ? stack_trace_save+0x9c/0xe0
[ 1608.312962][T11869]  ? stack_depot_save_flags+0x40/0x900
[ 1608.312992][T11869]  ? kasan_save_track+0x4f/0x80
[ 1608.313021][T11869]  ? kasan_save_track+0x3e/0x80
[ 1608.313060][T11869]  ? __lock_acquire+0xab9/0xd20
[ 1608.313098][T11869]  ? __mutex_trylock_common+0x153/0x260
[ 1608.313124][T11869]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1608.313152][T11869]  ? rcu_is_watching+0x15/0xb0
[ 1608.313173][T11869]  ? trace_contention_end+0x39/0x120
[ 1608.313202][T11869]  ? __mutex_lock+0x330/0xe80
[ 1608.313229][T11869]  ? kasan_quarantine_put+0xdd/0x220
[ 1608.313268][T11869]  ? kvm_vcpu_ioctl+0x22e/0xe90
[ 1608.313295][T11869]  ? __pfx___mutex_lock+0x10/0x10
[ 1608.313319][T11869]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1608.313342][T11869]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1608.313364][T11869]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1608.313392][T11869]  kvm_vcpu_ioctl+0x74d/0xe90
[ 1608.313423][T11869]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1608.313444][T11869]  ? __lock_acquire+0xab9/0xd20
[ 1608.313495][T11869]  ? __fget_files+0x2a/0x420
[ 1608.313524][T11869]  ? __fget_files+0x2a/0x420
[ 1608.313548][T11869]  ? __fget_files+0x3a0/0x420
[ 1608.313572][T11869]  ? __fget_files+0x2a/0x420
[ 1608.313601][T11869]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1608.313631][T11869]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1608.313655][T11869]  __se_sys_ioctl+0xfc/0x170
[ 1608.313678][T11869]  do_syscall_64+0xfa/0x3b0
[ 1608.313718][T11869]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1608.313741][T11869]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1608.313763][T11869]  ? clear_bhb_loop+0x60/0xb0
[ 1608.313789][T11869]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1608.313810][T11869] RIP: 0033:0x7f0e68d8e929
[ 1608.313830][T11869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1608.313849][T11869] RSP: 002b:00007f0e69b58038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1608.313872][T11869] RAX: ffffffffffffffda RBX: 00007f0e68fb5fa0 RCX: 00007f0e68d8e929
[ 1608.313889][T11869] RDX: 0000200000000080 RSI: 000000004008ae89 RDI: 0000000000000005
[ 1608.313903][T11869] RBP: 00007f0e69b58090 R08: 0000000000000000 R09: 0000000000000000
[ 1608.313917][T11869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1608.313931][T11869] R13: 0000000000000000 R14: 00007f0e68fb5fa0 R15: 00007ffee586c338
[ 1608.313980][T11869]  </TASK>
[ 1608.717433][T11674] udevd[11674]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1609.021438][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1609.205694][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1609.236930][T11674] udevd[11674]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1609.420687][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1609.441973][T11946] netlink: 96 bytes leftover after parsing attributes in process `syz.5.7923'.
[ 1609.590069][T11950] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7925'.
[ 1609.722301][T11956] netlink: 'syz.9.7928': attribute type 27 has an invalid length.
[ 1609.782797][T11959] netlink: 'syz.5.7929': attribute type 10 has an invalid length.
[ 1609.825909][T11959] netlink: 40 bytes leftover after parsing attributes in process `syz.5.7929'.
[ 1609.967098][T11968] CUSE: info not properly terminated
[ 1610.153898][T11956] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1610.161456][T11956] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1610.645776][T11956] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1610.686970][T11956] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1611.221045][ T3447] netdevsim netdevsim9 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1611.247157][ T3447] netdevsim netdevsim9 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1611.267450][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1611.305667][   T59] netdevsim netdevsim9 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1611.328659][T11978] exFAT-fs (rnullb0): invalid boot record signature
[ 1611.335304][T11978] exFAT-fs (rnullb0): failed to read boot sector
[ 1611.346787][   T59] netdevsim netdevsim9 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1611.353693][T11980] netlink: 'syz.9.7931': attribute type 10 has an invalid length.
[ 1611.356450][T11978] exFAT-fs (rnullb0): failed to recognize exfat type
[ 1611.677816][T11963] usb 6-1: new high-speed USB device number 100 using dummy_hcd
[ 1611.827994][ T5835] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[ 1611.829832][T11963] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1611.846829][T11963] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1611.857175][T11963] usb 6-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00
[ 1611.866588][T11963] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1611.878426][T11963] usb 6-1: config 0 descriptor??
[ 1611.977926][ T5835] usb 1-1: Using ep0 maxpacket: 32
[ 1611.988987][ T5835] usb 1-1: config 8 has an invalid interface number: 203 but max is 0
[ 1611.997209][ T5835] usb 1-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[ 1612.008249][ T5835] usb 1-1: config 8 has no interface number 0
[ 1612.014860][ T5835] usb 1-1: config 8 interface 203 altsetting 1 has an endpoint descriptor with address 0x93, changing to 0x83
[ 1612.026592][ T5835] usb 1-1: config 8 interface 203 altsetting 1 endpoint 0x83 has invalid maxpacket 1040, setting to 1024
[ 1612.041969][ T5835] usb 1-1: config 8 interface 203 altsetting 1 bulk endpoint 0x83 has invalid maxpacket 1024
[ 1612.052206][ T5835] usb 1-1: config 8 interface 203 altsetting 1 endpoint 0xB has invalid wMaxPacketSize 0
[ 1612.062236][ T5835] usb 1-1: config 8 interface 203 altsetting 1 bulk endpoint 0xB has invalid maxpacket 0
[ 1612.072095][ T5835] usb 1-1: config 8 interface 203 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1612.085279][ T5835] usb 1-1: config 8 interface 203 has no altsetting 0
[ 1612.095619][ T5835] usb 1-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a
[ 1612.104807][ T5835] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1612.113392][ T5835] usb 1-1: Product: syz
[ 1612.117577][ T5835] usb 1-1: Manufacturer: syz
[ 1612.122439][ T5835] usb 1-1: SerialNumber: syz
[ 1612.131845][T11993] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 1612.297105][T11674] udevd[11674]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1612.312520][T11963] hid-led 0003:1D34:000A.002C: item fetching failed at offset 0/3
[ 1612.331995][T11963] hid-led 0003:1D34:000A.002C: probe with driver hid-led failed with error -22
[ 1612.343382][T11993] hfs: can't find a HFS filesystem on dev rnullb0
[ 1612.352923][T12007] hfs: can't find a HFS filesystem on dev rnullb0
[ 1612.384051][ T5835] port100 1-1:8.203: NFC: Could not get supported command types
[ 1612.401751][ T5835] usb 1-1: USB disconnect, device number 80
[ 1612.486779][T11674] udevd[11674]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1612.492356][T12021] netlink: 8 bytes leftover after parsing attributes in process `syz.9.7936'.
[ 1612.572405][ T5884] usb 6-1: USB disconnect, device number 100
[ 1612.700832][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1612.770770][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1612.804844][T12052] FAULT_INJECTION: forcing a failure.
[ 1612.804844][T12052] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1612.820422][T12052] CPU: 1 UID: 0 PID: 12052 Comm: syz.8.7940 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1612.820449][T12052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1612.820461][T12052] Call Trace:
[ 1612.820469][T12052]  <TASK>
[ 1612.820477][T12052]  dump_stack_lvl+0x189/0x250
[ 1612.820503][T12052]  ? __pfx____ratelimit+0x10/0x10
[ 1612.820524][T12052]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1612.820545][T12052]  ? __pfx__printk+0x10/0x10
[ 1612.820567][T12052]  ? __might_fault+0xb0/0x130
[ 1612.820595][T12052]  should_fail_ex+0x414/0x560
[ 1612.820629][T12052]  _copy_from_user+0x2d/0xb0
[ 1612.820655][T12052]  ___sys_sendmsg+0x158/0x2a0
[ 1612.820684][T12052]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1612.820743][T12052]  ? __fget_files+0x2a/0x420
[ 1612.820765][T12052]  ? __fget_files+0x3a0/0x420
[ 1612.820799][T12052]  __x64_sys_sendmsg+0x19b/0x260
[ 1612.820845][T12052]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1612.820883][T12052]  ? __pfx_ksys_write+0x10/0x10
[ 1612.820902][T12052]  ? rcu_is_watching+0x15/0xb0
[ 1612.820927][T12052]  ? do_syscall_64+0xbe/0x3b0
[ 1612.820954][T12052]  do_syscall_64+0xfa/0x3b0
[ 1612.820985][T12052]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1612.821005][T12052]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1612.821024][T12052]  ? clear_bhb_loop+0x60/0xb0
[ 1612.821046][T12052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1612.821064][T12052] RIP: 0033:0x7f4e1b18e929
[ 1612.821080][T12052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1612.821097][T12052] RSP: 002b:00007f4e1c053038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1612.821116][T12052] RAX: ffffffffffffffda RBX: 00007f4e1b3b5fa0 RCX: 00007f4e1b18e929
[ 1612.821131][T12052] RDX: 0000000000040000 RSI: 0000200000000840 RDI: 0000000000000003
[ 1612.821143][T12052] RBP: 00007f4e1c053090 R08: 0000000000000000 R09: 0000000000000000
[ 1612.821154][T12052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1612.821166][T12052] R13: 0000000000000000 R14: 00007f4e1b3b5fa0 R15: 00007fffdfec0b38
[ 1612.821193][T12052]  </TASK>
[ 1613.059717][T12054] vxfs: WRONG superblock magic 00000000 at 1
[ 1613.074248][T12054] vxfs: WRONG superblock magic 00000000 at 8
[ 1613.080558][T12054] vxfs: can't find superblock.
[ 1613.096495][T12054] vxfs: WRONG superblock magic 00000000 at 1
[ 1613.122350][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1613.133260][T12054] vxfs: WRONG superblock magic 00000000 at 8
[ 1613.159060][T12054] vxfs: can't find superblock.
[ 1613.407769][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1613.492257][ T5884] usb 10-1: new high-speed USB device number 36 using dummy_hcd
[ 1613.496957][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1613.525916][T12082] "syz.5.7947" (12082) uses obsolete ecb(arc4) skcipher
[ 1613.583310][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1613.665969][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1613.673213][ T5884] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1613.696241][ T5884] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1613.719474][ T5884] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1613.741370][ T5884] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1613.760279][ T5884] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1613.772051][ T5884] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1613.812190][ T5884] usb 10-1: config 0 descriptor??
[ 1613.923156][T12100] kvm: pic: single mode not supported
[ 1613.923745][T12100] kvm: pic: single mode not supported
[ 1613.929383][T12100] kvm: pic: level sensitive irq not supported
[ 1613.935701][T12100] kvm: pic: single mode not supported
[ 1613.943162][T12100] FAULT_INJECTION: forcing a failure.
[ 1613.943162][T12100] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1613.968530][T12100] CPU: 1 UID: 0 PID: 12100 Comm: syz.5.7953 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1613.968556][T12100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1613.968568][T12100] Call Trace:
[ 1613.968577][T12100]  <TASK>
[ 1613.968585][T12100]  dump_stack_lvl+0x189/0x250
[ 1613.968607][T12100]  ? __pfx____ratelimit+0x10/0x10
[ 1613.968623][T12100]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1613.968638][T12100]  ? __pfx__printk+0x10/0x10
[ 1613.968670][T12100]  should_fail_ex+0x414/0x560
[ 1613.968705][T12100]  __kvm_read_guest_page+0x18d/0x240
[ 1613.968731][T12100]  kvm_fetch_guest_virt+0x12b/0x170
[ 1613.968757][T12100]  ? __pfx_kvm_fetch_guest_virt+0x10/0x10
[ 1613.968777][T12100]  __do_insn_fetch_bytes+0x2f9/0x6d0
[ 1613.968795][T12100]  ? __pfx___do_insn_fetch_bytes+0x10/0x10
[ 1613.968828][T12100]  ? picdev_write+0x17c/0x1f0
[ 1613.968850][T12100]  x86_decode_insn+0x33c/0x5310
[ 1613.968897][T12100]  ? __pfx_x86_decode_insn+0x10/0x10
[ 1613.968918][T12100]  ? __asan_memset+0x22/0x50
[ 1613.968938][T12100]  ? init_decode_cache+0x78/0x90
[ 1613.968952][T12100]  ? init_emulate_ctxt+0x4d6/0x660
[ 1613.968976][T12100]  ? __pfx_init_emulate_ctxt+0x10/0x10
[ 1613.968996][T12100]  ? __phys_addr+0xd3/0x180
[ 1613.969017][T12100]  ? __pfx_rcu_note_context_switch+0x10/0x10
[ 1613.969041][T12100]  ? __get_current_cr3_fast+0x90/0x150
[ 1613.969062][T12100]  x86_emulate_instruction+0x60a/0x1ef0
[ 1613.969081][T12100]  ? vmx_vcpu_run+0x1743/0x2900
[ 1613.969099][T12100]  ? __pfx_x86_emulate_instruction+0x10/0x10
[ 1613.969122][T12100]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[ 1613.969142][T12100]  ? __pfx_current_save_fsgs+0x10/0x10
[ 1613.969171][T12100]  ? __lock_acquire+0xab9/0xd20
[ 1613.969198][T12100]  ? handle_io+0x1e3/0x270
[ 1613.969213][T12100]  ? __pfx_handle_io+0x10/0x10
[ 1613.969229][T12100]  vmx_handle_exit+0x1093/0x18a0
[ 1613.969243][T12100]  ? vcpu_run+0x35f2/0x6fa0
[ 1613.969279][T12100]  vcpu_run+0x434f/0x6fa0
[ 1613.969319][T12100]  ? vcpu_run+0x35f2/0x6fa0
[ 1613.969372][T12100]  ? __pfx_vcpu_run+0x10/0x10
[ 1613.969393][T12100]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[ 1613.969423][T12100]  ? rcu_is_watching+0x15/0xb0
[ 1613.969445][T12100]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[ 1613.969477][T12100]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[ 1613.969499][T12100]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1613.969519][T12100]  ? rcu_is_watching+0x15/0xb0
[ 1613.969531][T12100]  ? trace_contention_end+0x39/0x120
[ 1613.969546][T12100]  ? __mutex_lock+0x330/0xe80
[ 1613.969572][T12100]  ? kasan_quarantine_put+0xdd/0x220
[ 1613.969621][T12100]  ? kvm_vcpu_ioctl+0x22e/0xe90
[ 1613.969647][T12100]  ? __pfx___mutex_lock+0x10/0x10
[ 1613.969664][T12100]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1613.969680][T12100]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1613.969695][T12100]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1613.969723][T12100]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1613.969753][T12100]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1613.969773][T12100]  ? __lock_acquire+0xab9/0xd20
[ 1613.969814][T12100]  ? __fget_files+0x2a/0x420
[ 1613.969839][T12100]  ? __fget_files+0x2a/0x420
[ 1613.969860][T12100]  ? __fget_files+0x3a0/0x420
[ 1613.969884][T12100]  ? __fget_files+0x2a/0x420
[ 1613.969912][T12100]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1613.969940][T12100]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1613.969960][T12100]  __se_sys_ioctl+0xfc/0x170
[ 1613.969976][T12100]  do_syscall_64+0xfa/0x3b0
[ 1613.969991][T12100]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1613.970007][T12100]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1613.970038][T12100]  ? clear_bhb_loop+0x60/0xb0
[ 1613.970061][T12100]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1613.970078][T12100] RIP: 0033:0x7f0e68d8e929
[ 1613.970095][T12100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1613.970111][T12100] RSP: 002b:00007f0e69b58038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1613.970125][T12100] RAX: ffffffffffffffda RBX: 00007f0e68fb5fa0 RCX: 00007f0e68d8e929
[ 1613.970135][T12100] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[ 1613.970143][T12100] RBP: 00007f0e69b58090 R08: 0000000000000000 R09: 0000000000000000
[ 1613.970152][T12100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1613.970160][T12100] R13: 0000000000000000 R14: 00007f0e68fb5fa0 R15: 00007ffee586c338
[ 1613.970188][T12100]  </TASK>
[ 1614.527885][T11964] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[ 1614.623964][T12068] netlink: 'syz.9.7944': attribute type 10 has an invalid length.
[ 1614.641667][T12068] 8021q: adding VLAN 0 to HW filter on device team0
[ 1614.651036][T12068] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1614.686411][T11964] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1614.723544][ T5884] usbhid 10-1:0.0: can't add hid device: -71
[ 1614.747973][T11964] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 20
[ 1614.757080][T11964] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1614.769487][ T5884] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[ 1614.805428][ T5884] usb 10-1: USB disconnect, device number 36
[ 1614.816718][T11964] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1614.869395][T11964] usb 1-1: config 0 descriptor??
[ 1615.086254][T11964] usb 1-1: string descriptor 0 read error: -71
[ 1615.110405][T11964] usb 1-1: USB disconnect, device number 81
[ 1615.144085][T12143] syz.5.7961: attempt to access beyond end of device
[ 1615.144085][T12143] nbd5: rw=0, sector=64, nr_sectors = 1 limit=0
[ 1615.158639][T12143] syz.5.7961: attempt to access beyond end of device
[ 1615.158639][T12143] nbd5: rw=0, sector=256, nr_sectors = 1 limit=0
[ 1615.176111][T12143] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256
[ 1615.186432][T12143] syz.5.7961: attempt to access beyond end of device
[ 1615.186432][T12143] nbd5: rw=0, sector=512, nr_sectors = 1 limit=0
[ 1615.199852][T12143] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512
[ 1615.210776][T12143] syz.5.7961: attempt to access beyond end of device
[ 1615.210776][T12143] nbd5: rw=0, sector=64, nr_sectors = 2 limit=0
[ 1615.224769][T12143] syz.5.7961: attempt to access beyond end of device
[ 1615.224769][T12143] nbd5: rw=0, sector=512, nr_sectors = 2 limit=0
[ 1615.237923][T12143] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256
[ 1615.247633][T12143] syz.5.7961: attempt to access beyond end of device
[ 1615.247633][T12143] nbd5: rw=0, sector=1024, nr_sectors = 2 limit=0
[ 1615.261094][T12143] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512
[ 1615.275560][T12143] syz.5.7961: attempt to access beyond end of device
[ 1615.275560][T12143] nbd5: rw=0, sector=64, nr_sectors = 4 limit=0
[ 1615.289226][T12143] syz.5.7961: attempt to access beyond end of device
[ 1615.289226][T12143] nbd5: rw=0, sector=1024, nr_sectors = 4 limit=0
[ 1615.302393][T12143] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256
[ 1615.312267][T12143] syz.5.7961: attempt to access beyond end of device
[ 1615.312267][T12143] nbd5: rw=0, sector=2048, nr_sectors = 4 limit=0
[ 1615.331405][T12143] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512
[ 1615.349657][T12143] syz.5.7961: attempt to access beyond end of device
[ 1615.349657][T12143] nbd5: rw=0, sector=64, nr_sectors = 8 limit=0
[ 1615.364396][T12143] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256
[ 1615.374268][T12143] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512
[ 1615.383858][T12143] UDF-fs: warning (device nbd5): udf_fill_super: No partition found (1)
[ 1615.608133][ T5835] usb 10-1: new high-speed USB device number 37 using dummy_hcd
[ 1615.759815][ T5835] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1615.778478][ T5835] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1615.796891][ T5835] usb 10-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1615.807633][ T5835] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1615.822050][ T5835] usb 10-1: SerialNumber: syz
[ 1615.892958][T12176] omfs: Invalid superblock (0)
[ 1616.009042][T12183] netlink: 'syz.5.7969': attribute type 10 has an invalid length.
[ 1616.072834][T12152] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1616.105700][T12152] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1616.219720][ T5835] usb 10-1: 0:2 : does not exist
[ 1616.262374][ T5835] usb 10-1: USB disconnect, device number 37
[ 1616.297854][T11972] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[ 1616.303180][T11674] udevd[11674]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1616.353726][T11820] udevd[11820]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1616.390156][T11649] udevd[11649]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1616.474592][T11972] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1616.479372][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1616.492542][T11972] usb 1-1: New USB device found, idVendor=046d, idProduct=c53a, bcdDevice= 0.00
[ 1616.544527][T11972] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1616.568716][T11972] usb 1-1: config 0 descriptor??
[ 1616.625151][T11674] udevd[11674]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1616.836223][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1616.890452][T12246] ntfs3(rnullb0): Primary boot signature is not NTFS.
[ 1616.897538][T12246] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[ 1616.984864][T11649] udevd[11649]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1617.082887][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1617.122077][T13203] udevd[13203]: symlink '../../loop8' '/dev/disk/by-diskseq/114.tmp-b7:8' failed: Read-only file system
[ 1617.195073][T12187] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7970'.
[ 1617.260663][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1617.306558][T11972] usb 1-1: USB disconnect, device number 82
[ 1617.379963][T12303] /dev/sg0: Can't lookup blockdev
[ 1617.558780][T11964] usb 6-1: new high-speed USB device number 101 using dummy_hcd
[ 1617.668896][ T5884] usb 10-1: new high-speed USB device number 38 using dummy_hcd
[ 1617.719244][T11964] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1617.729610][T11964] usb 6-1: config 0 has no interfaces?
[ 1617.735095][T11964] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1617.744999][T11964] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1617.755650][T11964] usb 6-1: config 0 descriptor??
[ 1617.818012][ T5884] usb 10-1: Using ep0 maxpacket: 8
[ 1617.825006][ T5884] usb 10-1: config index 0 descriptor too short (expected 301, got 45)
[ 1617.833563][ T5884] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1617.843465][ T5884] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1617.855320][ T5884] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1617.865798][ T5884] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1617.880100][ T5884] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1617.891909][ T5884] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1618.119067][ T5884] usb 10-1: usb_control_msg returned -32
[ 1618.125476][ T5884] usbtmc 10-1:16.0: can't read capabilities
[ 1619.396294][T12351] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[ 1619.404595][T12351] VFS: Can't find a romfs filesystem on dev rnullb0.
[ 1619.404595][T12351] 
[ 1619.544949][T12357] fuse: Bad value for 'fd'
[ 1619.603837][T12357] netlink: 260 bytes leftover after parsing attributes in process `syz.0.7995'.
[ 1619.613249][T12357] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[ 1619.643975][T12357] sctp: [Deprecated]: syz.0.7995 (pid 12357) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1619.643975][T12357] Use struct sctp_sack_info instead
[ 1619.794874][T12359] kvm: pic: non byte write
[ 1619.802133][T12359] kvm: pic: single mode not supported
[ 1619.803229][T12359] kvm: pic: non byte read
[ 1619.813803][T12359] kvm: pic: single mode not supported
[ 1619.813815][T12359] kvm: pic: level sensitive irq not supported
[ 1620.191186][T12378] sctp: [Deprecated]: syz.8.8000 (pid 12378) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1620.191186][T12378] Use struct sctp_sack_info instead
[ 1620.322856][ T5884] usb 6-1: USB disconnect, device number 101
[ 1620.427833][T12402] FAULT_INJECTION: forcing a failure.
[ 1620.427833][T12402] name failslab, interval 1, probability 0, space 0, times 0
[ 1620.441154][T12402] CPU: 1 UID: 0 PID: 12402 Comm: syz.5.8003 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1620.441181][T12402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1620.441194][T12402] Call Trace:
[ 1620.441202][T12402]  <TASK>
[ 1620.441210][T12402]  dump_stack_lvl+0x189/0x250
[ 1620.441235][T12402]  ? __pfx____ratelimit+0x10/0x10
[ 1620.441256][T12402]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1620.441278][T12402]  ? __pfx__printk+0x10/0x10
[ 1620.441305][T12402]  ? __pfx___might_resched+0x10/0x10
[ 1620.441324][T12402]  ? fs_reclaim_acquire+0x7d/0x100
[ 1620.441350][T12402]  should_fail_ex+0x414/0x560
[ 1620.441395][T12402]  should_failslab+0xa8/0x100
[ 1620.441417][T12402]  __kmalloc_noprof+0xcb/0x4f0
[ 1620.441434][T12402]  ? kfree+0x4d/0x440
[ 1620.441459][T12402]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1620.441489][T12402]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1620.441515][T12402]  ? tomoyo_domain+0xd9/0x130
[ 1620.441543][T12402]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1620.441562][T12402]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1620.441584][T12402]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1620.441623][T12402]  ? __lock_acquire+0xab9/0xd20
[ 1620.441670][T12402]  ? __fget_files+0x2a/0x420
[ 1620.441696][T12402]  ? __fget_files+0x2a/0x420
[ 1620.441718][T12402]  ? __fget_files+0x3a0/0x420
[ 1620.441740][T12402]  ? __fget_files+0x2a/0x420
[ 1620.441768][T12402]  security_file_ioctl+0xcb/0x2d0
[ 1620.441799][T12402]  __se_sys_ioctl+0x47/0x170
[ 1620.441820][T12402]  do_syscall_64+0xfa/0x3b0
[ 1620.441841][T12402]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1620.441861][T12402]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1620.441880][T12402]  ? clear_bhb_loop+0x60/0xb0
[ 1620.441902][T12402]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1620.441921][T12402] RIP: 0033:0x7f0e68d8e929
[ 1620.441938][T12402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1620.441954][T12402] RSP: 002b:00007f0e69b58038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1620.441974][T12402] RAX: ffffffffffffffda RBX: 00007f0e68fb5fa0 RCX: 00007f0e68d8e929
[ 1620.441989][T12402] RDX: 0000200000000040 RSI: 00000000c008ae88 RDI: 0000000000000005
[ 1620.442001][T12402] RBP: 00007f0e69b58090 R08: 0000000000000000 R09: 0000000000000000
[ 1620.442014][T12402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1620.442026][T12402] R13: 0000000000000000 R14: 00007f0e68fb5fa0 R15: 00007ffee586c338
[ 1620.442054][T12402]  </TASK>
[ 1620.442165][T12402] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1620.534480][ T5884] usb 10-1: USB disconnect, device number 38
[ 1620.536789][ T5945] usb 1-1: new full-speed USB device number 83 using dummy_hcd
[ 1620.778795][T12417] netlink: 1688 bytes leftover after parsing attributes in process `syz.9.8006'.
[ 1620.873919][T12421] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1620.895556][ T5945] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1620.910367][ T5945] usb 1-1: unable to read config index 0 descriptor/start: -71
[ 1620.918900][ T5945] usb 1-1: can't read configurations, error -71
[ 1621.268872][ T5835] usb 6-1: new high-speed USB device number 102 using dummy_hcd
[ 1621.428308][ T5835] usb 6-1: Using ep0 maxpacket: 32
[ 1621.442113][ T5835] usb 6-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[ 1621.460822][ T5835] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1621.478081][ T5835] usb 6-1: Product: syz
[ 1621.488452][ T5835] usb 6-1: Manufacturer: syz
[ 1621.495020][ T5835] usb 6-1: SerialNumber: syz
[ 1621.504758][ T5835] usb 6-1: config 0 descriptor??
[ 1621.520501][ T5835] gspca_main: stk1135-2.14.0 probing 174f:6a31
[ 1621.796585][T12446] ntfs3(rnullb0): Primary boot signature is not NTFS.
[ 1621.804562][T12446] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[ 1621.978129][ T5945] usb 1-1: new full-speed USB device number 84 using dummy_hcd
[ 1622.143878][ T5945] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1622.155582][ T5945] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1622.167026][ T5945] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[ 1622.176438][ T5945] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1622.184470][ T5945] usb 1-1: SerialNumber: syz
[ 1622.197935][ T5945] usb 1-1: bad CDC descriptors
[ 1622.203460][ T5945] usb-storage 1-1:1.0: USB Mass Storage device detected
[ 1622.213428][ T5945] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[ 1622.223483][ T5945] scsi host1: usb-storage 1-1:1.0
[ 1623.726564][T12477] qnx4: no qnx4 filesystem (no root dir).
[ 1623.743010][ T5835] gspca_stk1135: reg_w 0x2ff err -71
[ 1623.761289][ T5835] gspca_stk1135: serial bus timeout: status=0x00
[ 1623.775902][ T5835] gspca_stk1135: Sensor write failed
[ 1623.791315][ T5835] gspca_stk1135: serial bus timeout: status=0x00
[ 1623.807092][ T5835] gspca_stk1135: Sensor write failed
[ 1623.815533][ T5835] gspca_stk1135: serial bus timeout: status=0x00
[ 1623.826028][ T5835] gspca_stk1135: Sensor read failed
[ 1623.834236][ T5835] gspca_stk1135: serial bus timeout: status=0x00
[ 1623.842990][ T5835] gspca_stk1135: Sensor read failed
[ 1623.851624][ T5835] gspca_stk1135: Detected sensor type unknown (0x0)
[ 1623.860538][ T5835] gspca_stk1135: serial bus timeout: status=0x00
[ 1623.868471][ T5835] gspca_stk1135: Sensor read failed
[ 1623.873825][ T5835] gspca_stk1135: serial bus timeout: status=0x00
[ 1623.881735][ T5835] gspca_stk1135: Sensor read failed
[ 1623.888223][ T5835] gspca_stk1135: serial bus timeout: status=0x00
[ 1623.894694][ T5835] gspca_stk1135: Sensor write failed
[ 1623.901004][ T5835] gspca_stk1135: serial bus timeout: status=0x00
[ 1623.907444][ T5835] gspca_stk1135: Sensor write failed
[ 1623.913851][ T5835] stk1135 6-1:0.0: probe with driver stk1135 failed with error -71
[ 1623.941657][ T5835] usb 6-1: USB disconnect, device number 102
[ 1624.298647][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1624.314872][T12509] netlink: 1688 bytes leftover after parsing attributes in process `syz.9.8023'.
[ 1624.577840][T11964] usb 6-1: new high-speed USB device number 103 using dummy_hcd
[ 1624.608616][ T5945] usb 1-1: USB disconnect, device number 84
[ 1624.738903][T11964] usb 6-1: Using ep0 maxpacket: 8
[ 1624.749005][T11964] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64
[ 1624.759082][T11964] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024
[ 1624.772951][T11964] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1624.782490][T11964] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1624.790632][T11964] usb 6-1: Product: syz
[ 1624.794901][T11964] usb 6-1: Manufacturer: syz
[ 1624.800436][T11964] usb 6-1: SerialNumber: syz
[ 1624.807269][T11964] usb 6-1: rejected 1 configuration due to insufficient available bus power
[ 1624.816798][T11964] usb 6-1: no configuration chosen from 1 choice
[ 1624.858183][ T5945] usb 1-1: new high-speed USB device number 85 using dummy_hcd
[ 1625.017787][ T5945] usb 1-1: Using ep0 maxpacket: 32
[ 1625.024397][ T5945] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1625.035765][ T5945] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1625.050957][ T5945] usb 1-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[ 1625.060404][ T5945] usb 1-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[ 1625.068847][ T5945] usb 1-1: Product: syz
[ 1625.073019][ T5945] usb 1-1: Manufacturer: syz
[ 1625.077599][ T5945] usb 1-1: SerialNumber: syz
[ 1625.094238][ T5945] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input72
[ 1625.293563][T12502] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1625.303516][T12502] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1625.315613][ T5945] usb 1-1: USB disconnect, device number 85
[ 1625.338411][ T5945] appletouch 1-1:1.0: input: appletouch disconnected
[ 1625.734623][T12545] qnx4: no qnx4 filesystem (no root dir).
[ 1626.150391][T12560] FAULT_INJECTION: forcing a failure.
[ 1626.150391][T12560] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1626.163585][T12560] CPU: 1 UID: 0 PID: 12560 Comm: syz.0.8029 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1626.163605][T12560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1626.163618][T12560] Call Trace:
[ 1626.163626][T12560]  <TASK>
[ 1626.163635][T12560]  dump_stack_lvl+0x189/0x250
[ 1626.163661][T12560]  ? __pfx____ratelimit+0x10/0x10
[ 1626.163683][T12560]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1626.163702][T12560]  ? __pfx__printk+0x10/0x10
[ 1626.163722][T12560]  ? __might_fault+0xb0/0x130
[ 1626.163750][T12560]  should_fail_ex+0x414/0x560
[ 1626.163786][T12560]  fpu__restore_sig+0x1bb/0x1100
[ 1626.163816][T12560]  ? __lock_acquire+0xab9/0xd20
[ 1626.163842][T12560]  ? __pfx_fpu__restore_sig+0x10/0x10
[ 1626.163879][T12560]  __ia32_sys_rt_sigreturn+0x661/0x7b0
[ 1626.163903][T12560]  ? __pfx___ia32_sys_rt_sigreturn+0x10/0x10
[ 1626.163922][T12560]  ? _raw_spin_unlock_irq+0x2e/0x50
[ 1626.163952][T12560]  ? __task_pid_nr_ns+0x28/0x470
[ 1626.163977][T12560]  ? do_syscall_64+0xbe/0x3b0
[ 1626.163995][T12560]  do_syscall_64+0xfa/0x3b0
[ 1626.164009][T12560]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1626.164023][T12560]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1626.164037][T12560]  ? clear_bhb_loop+0x60/0xb0
[ 1626.164052][T12560]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1626.164066][T12560] RIP: 0033:0x7fd9e3d8e927
[ 1626.164077][T12560] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[ 1626.164088][T12560] RSP: 002b:00007fd9e4c94038 EFLAGS: 00000246
[ 1626.164100][T12560] RAX: 000000000000012b RBX: 00007fd9e3fb5fa0 RCX: 00007fd9e3d8e929
[ 1626.164110][T12560] RDX: 0000000000000001 RSI: 000020000000a900 RDI: 0000000000000004
[ 1626.164119][T12560] RBP: 00007fd9e4c94090 R08: 0000000000000000 R09: 0000000000000000
[ 1626.164127][T12560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1626.164135][T12560] R13: 0000000000000000 R14: 00007fd9e3fb5fa0 R15: 00007ffffd1c6598
[ 1626.164155][T12560]  </TASK>
[ 1626.406897][T12562] netlink: 'syz.0.8030': attribute type 10 has an invalid length.
[ 1626.415286][T12562] lo: entered promiscuous mode
[ 1626.425580][T12562] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1627.021498][T12572] kvm: pic: single mode not supported
[ 1627.021744][T12572] kvm: pic: single mode not supported
[ 1627.028698][T12572] kvm: pic: non byte write
[ 1627.038835][T12572] kvm: pic: non byte write
[ 1627.043425][T12572] FAULT_INJECTION: forcing a failure.
[ 1627.043425][T12572] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1627.056696][T12572] CPU: 1 UID: 0 PID: 12572 Comm: syz.0.8033 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1627.056721][T12572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1627.056733][T12572] Call Trace:
[ 1627.056742][T12572]  <TASK>
[ 1627.056750][T12572]  dump_stack_lvl+0x189/0x250
[ 1627.056776][T12572]  ? __pfx____ratelimit+0x10/0x10
[ 1627.056797][T12572]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1627.056818][T12572]  ? __pfx__printk+0x10/0x10
[ 1627.056852][T12572]  should_fail_ex+0x414/0x560
[ 1627.056888][T12572]  __kvm_read_guest_page+0x18d/0x240
[ 1627.056915][T12572]  kvm_fetch_guest_virt+0x12b/0x170
[ 1627.056947][T12572]  ? __pfx_kvm_fetch_guest_virt+0x10/0x10
[ 1627.056973][T12572]  __do_insn_fetch_bytes+0x2f9/0x6d0
[ 1627.057000][T12572]  ? __pfx___do_insn_fetch_bytes+0x10/0x10
[ 1627.057027][T12572]  ? picdev_write+0x17c/0x1f0
[ 1627.057048][T12572]  x86_decode_insn+0x33c/0x5310
[ 1627.057097][T12572]  ? __pfx_x86_decode_insn+0x10/0x10
[ 1627.057129][T12572]  ? __asan_memset+0x22/0x50
[ 1627.057156][T12572]  ? init_decode_cache+0x78/0x90
[ 1627.057176][T12572]  ? init_emulate_ctxt+0x4d6/0x660
[ 1627.057199][T12572]  ? __pfx_init_emulate_ctxt+0x10/0x10
[ 1627.057219][T12572]  ? __phys_addr+0xd3/0x180
[ 1627.057242][T12572]  ? __pfx_rcu_note_context_switch+0x10/0x10
[ 1627.057266][T12572]  ? __get_current_cr3_fast+0x90/0x150
[ 1627.057297][T12572]  x86_emulate_instruction+0x60a/0x1ef0
[ 1627.057327][T12572]  ? vmx_vcpu_run+0x1743/0x2900
[ 1627.057354][T12572]  ? __pfx_x86_emulate_instruction+0x10/0x10
[ 1627.057378][T12572]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[ 1627.057398][T12572]  ? __pfx_current_save_fsgs+0x10/0x10
[ 1627.057431][T12572]  ? __lock_acquire+0xab9/0xd20
[ 1627.057461][T12572]  ? handle_io+0x1e3/0x270
[ 1627.057486][T12572]  ? __pfx_handle_io+0x10/0x10
[ 1627.057510][T12572]  vmx_handle_exit+0x1093/0x18a0
[ 1627.057532][T12572]  ? vcpu_run+0x35f2/0x6fa0
[ 1627.057572][T12572]  vcpu_run+0x434f/0x6fa0
[ 1627.057618][T12572]  ? vcpu_run+0x35f2/0x6fa0
[ 1627.057707][T12572]  ? __pfx_vcpu_run+0x10/0x10
[ 1627.057750][T12572]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[ 1627.057782][T12572]  ? rcu_is_watching+0x15/0xb0
[ 1627.057804][T12572]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[ 1627.057839][T12572]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[ 1627.057863][T12572]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1627.057890][T12572]  ? rcu_is_watching+0x15/0xb0
[ 1627.057908][T12572]  ? trace_contention_end+0x39/0x120
[ 1627.057929][T12572]  ? __mutex_lock+0x330/0xe80
[ 1627.057953][T12572]  ? kasan_quarantine_put+0xdd/0x220
[ 1627.057984][T12572]  ? kvm_vcpu_ioctl+0x22e/0xe90
[ 1627.058010][T12572]  ? __pfx___mutex_lock+0x10/0x10
[ 1627.058032][T12572]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1627.058053][T12572]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1627.058074][T12572]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1627.058100][T12572]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1627.058128][T12572]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1627.058148][T12572]  ? __lock_acquire+0xab9/0xd20
[ 1627.058194][T12572]  ? __fget_files+0x2a/0x420
[ 1627.058221][T12572]  ? __fget_files+0x2a/0x420
[ 1627.058243][T12572]  ? __fget_files+0x3a0/0x420
[ 1627.058266][T12572]  ? __fget_files+0x2a/0x420
[ 1627.058292][T12572]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1627.058320][T12572]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1627.058342][T12572]  __se_sys_ioctl+0xfc/0x170
[ 1627.058363][T12572]  do_syscall_64+0xfa/0x3b0
[ 1627.058383][T12572]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1627.058403][T12572]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1627.058422][T12572]  ? clear_bhb_loop+0x60/0xb0
[ 1627.058445][T12572]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1627.058463][T12572] RIP: 0033:0x7fd9e3d8e929
[ 1627.058496][T12572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1627.058515][T12572] RSP: 002b:00007fd9e4c94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1627.058536][T12572] RAX: ffffffffffffffda RBX: 00007fd9e3fb5fa0 RCX: 00007fd9e3d8e929
[ 1627.058551][T12572] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1627.058564][T12572] RBP: 00007fd9e4c94090 R08: 0000000000000000 R09: 0000000000000000
[ 1627.058577][T12572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1627.058601][T12572] R13: 0000000000000000 R14: 00007fd9e3fb5fa0 R15: 00007ffffd1c6598
[ 1627.058631][T12572]  </TASK>
[ 1627.500466][T11972] usb 6-1: USB disconnect, device number 103
[ 1627.531671][T11821] udevd[11821]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1627.642539][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1627.742053][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1627.784277][T12594] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1628.028236][T11972] usb 1-1: new full-speed USB device number 86 using dummy_hcd
[ 1628.047923][T11964] usb 6-1: new high-speed USB device number 104 using dummy_hcd
[ 1628.181390][T11972] usb 1-1: config 1 has an invalid interface number: 179 but max is 2
[ 1628.191457][T11972] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1628.201914][T11972] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1628.210913][T11972] usb 1-1: config 1 has no interface number 0
[ 1628.217199][T11972] usb 1-1: config 1 interface 179 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[ 1628.217790][T11964] usb 6-1: Using ep0 maxpacket: 16
[ 1628.230444][T11972] usb 1-1: config 1 interface 179 has no altsetting 0
[ 1628.243062][T11964] usb 6-1: config 129 has an invalid interface number: 90 but max is 1
[ 1628.244862][T11972] usb 1-1: New USB device found, idVendor=05c6, idProduct=9000, bcdDevice=75.b6
[ 1628.256749][T11964] usb 6-1: config 129 has an invalid interface number: 99 but max is 1
[ 1628.261194][T11972] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1628.277475][T11972] usb 1-1: Product: syz
[ 1628.282028][T11972] usb 1-1: Manufacturer: Щ
[ 1628.286629][T11972] usb 1-1: SerialNumber: syz
[ 1628.286649][T11964] usb 6-1: config 129 has no interface number 0
[ 1628.304418][T11964] usb 6-1: config 129 has no interface number 1
[ 1628.310877][T11964] usb 6-1: config 129 interface 90 has no altsetting 0
[ 1628.318016][T11964] usb 6-1: config 129 interface 99 has no altsetting 0
[ 1628.327213][T11964] usb 6-1: New USB device found, idVendor=1164, idProduct=0602, bcdDevice=29.48
[ 1628.336411][T11964] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1628.344476][T11964] usb 6-1: Product: syz
[ 1628.349684][T11964] usb 6-1: Manufacturer: syz
[ 1628.354333][T11964] usb 6-1: SerialNumber: syz
[ 1628.505291][T12594] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1628.520650][T12594] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1628.541605][T11972] option 1-1:1.179: GSM modem (1-port) converter detected
[ 1628.558068][T11972] usb 1-1: USB disconnect, device number 86
[ 1628.575260][T11972] option 1-1:1.179: device disconnected
[ 1628.593140][T11964] pvrusb2: Hardware description: Gotview USB 2.0 DVD Deluxe
[ 1628.606778][T11964] usb 6-1: selecting invalid altsetting 0
[ 1628.615126][ T2345] pvrusb2: Invalid write control endpoint
[ 1628.628407][T11964] pvrusb2: Hardware description: Gotview USB 2.0 DVD Deluxe
[ 1628.639221][T11964] usb 6-1: selecting invalid altsetting 0
[ 1628.658351][T11964] usb 6-1: USB disconnect, device number 104
[ 1628.694417][ T2345] pvrusb2: Invalid write control endpoint
[ 1628.705177][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1628.719703][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1628.727250][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1628.737578][ T2345] pvrusb2: Device being rendered inoperable
[ 1628.743592][ T2345] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[ 1628.750860][ T2345] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[ 1628.762402][ T2345] pvrusb2: Attached sub-driver cx25840
[ 1628.793920][ T2345] pvrusb2: Attempted to execute control transfer when device not ok
[ 1628.801969][ T2345] pvrusb2: Attempted to execute control transfer when device not ok
[ 1628.810544][ T2345] pvrusb2: Attempted to execute control transfer when device not ok
[ 1628.818737][ T2345] pvrusb2: Attempted to execute control transfer when device not ok
[ 1628.826732][ T2345] pvrusb2: Module ID 4 (tuner) for device Gotview USB 2.0 DVD Deluxe failed to load.  Possible missing sub-device kernel module or initialization failure within module.
[ 1628.904618][ T2345] TUNER: Unable to find symbol tda829x_probe()
[ 1628.944092][ T2345] DVB: Unable to find symbol tda9887_attach()
[ 1628.952608][ T2345] tuner: 1-0043: Tuner 4 found with type(s) Radio TV.
[ 1628.960094][ T2345] pvrusb2: Attached sub-driver tuner
[ 1628.965407][ T2345] pvrusb2: ***WARNING*** pvrusb2 driver initialization failed due to the failure of one or more sub-device kernel modules.
[ 1628.978313][ T2345] pvrusb2: You need to resolve the failing condition before this driver can function.  There should be some earlier messages giving more information about the problem.
[ 1628.998513][ T2345] pvrusb2: Invalid write control endpoint
[ 1629.051037][ T2345] pvrusb2: Invalid write control endpoint
[ 1629.056796][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1629.066513][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1629.087438][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1629.097511][ T2345] pvrusb2: Device being rendered inoperable
[ 1629.117875][ T2345] cx25840 2-0044: Unable to detect h/w, assuming cx23887
[ 1629.124964][ T2345] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c)
[ 1629.157130][T11674] udevd[11674]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1629.158140][ T2345] pvrusb2: Attached sub-driver cx25840
[ 1629.246828][ T2345] pvrusb2: Attempted to execute control transfer when device not ok
[ 1629.262490][ T2345] pvrusb2: Attempted to execute control transfer when device not ok
[ 1629.272781][ T2345] pvrusb2: Attempted to execute control transfer when device not ok
[ 1629.284712][ T2345] pvrusb2: Attempted to execute control transfer when device not ok
[ 1629.297123][ T2345] pvrusb2: Module ID 4 (tuner) for device Gotview USB 2.0 DVD Deluxe failed to load.  Possible missing sub-device kernel module or initialization failure within module.
[ 1629.425650][ T2345] TUNER: Unable to find symbol tda829x_probe()
[ 1629.487167][ T2345] DVB: Unable to find symbol tda9887_attach()
[ 1629.496336][ T2345] tuner: 2-0043: Tuner 4 found with type(s) Radio TV.
[ 1629.505433][ T2345] pvrusb2: Attached sub-driver tuner
[ 1629.516472][ T2345] pvrusb2: ***WARNING*** pvrusb2 driver initialization failed due to the failure of one or more sub-device kernel modules.
[ 1629.537308][T11674] udevd[11674]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1629.579418][ T2345] pvrusb2: You need to resolve the failing condition before this driver can function.  There should be some earlier messages giving more information about the problem.
[ 1629.681157][T12691] netlink: 1688 bytes leftover after parsing attributes in process `syz.5.8043'.
[ 1629.867945][ T5884] usb 1-1: new high-speed USB device number 87 using dummy_hcd
[ 1630.007757][ T5884] usb 1-1: device descriptor read/64, error -71
[ 1630.247931][ T5884] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[ 1630.377917][ T5884] usb 1-1: device descriptor read/64, error -71
[ 1630.488045][ T5884] usb usb1-port1: attempt power cycle
[ 1630.668733][T12701] netlink: 28 bytes leftover after parsing attributes in process `syz.8.8046'.
[ 1630.726966][T12704] Mount JFS Failure: -22
[ 1630.738201][T12704] jfs_mount failed w/return code = -22
[ 1630.755502][T12704] Mount JFS Failure: -22
[ 1630.762159][T12704] jfs_mount failed w/return code = -22
[ 1630.763982][T12706] netlink: 'syz.8.8048': attribute type 10 has an invalid length.
[ 1630.776757][T12704] Mount JFS Failure: -22
[ 1630.781903][T12704] jfs_mount failed w/return code = -22
[ 1630.789049][T12704] Mount JFS Failure: -22
[ 1630.793508][T12704] jfs_mount failed w/return code = -22
[ 1630.806525][T12704] Mount JFS Failure: -22
[ 1630.811115][T12704] jfs_mount failed w/return code = -22
[ 1630.817608][T12704] Mount JFS Failure: -22
[ 1630.822004][T12704] jfs_mount failed w/return code = -22
[ 1630.831204][T12704] Mount JFS Failure: -22
[ 1630.835457][T12704] jfs_mount failed w/return code = -22
[ 1630.841154][ T5884] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[ 1630.852058][T12704] Mount JFS Failure: -22
[ 1630.856335][T12704] jfs_mount failed w/return code = -22
[ 1630.862880][T12704] Mount JFS Failure: -22
[ 1630.867124][T12704] jfs_mount failed w/return code = -22
[ 1630.873392][ T5884] usb 1-1: device descriptor read/8, error -71
[ 1630.881189][T12704] Mount JFS Failure: -22
[ 1630.885458][T12704] jfs_mount failed w/return code = -22
[ 1630.892162][T12704] Mount JFS Failure: -22
[ 1630.896433][T12704] jfs_mount failed w/return code = -22
[ 1630.903310][T12704] Mount JFS Failure: -22
[ 1630.907579][T12704] jfs_mount failed w/return code = -22
[ 1630.914834][T12704] Mount JFS Failure: -22
[ 1630.919468][T12704] jfs_mount failed w/return code = -22
[ 1630.926009][T12704] Mount JFS Failure: -22
[ 1630.930403][T12704] jfs_mount failed w/return code = -22
[ 1630.936866][T12704] Mount JFS Failure: -22
[ 1630.942654][T12704] jfs_mount failed w/return code = -22
[ 1630.949586][T12704] Mount JFS Failure: -22
[ 1630.954192][T12704] jfs_mount failed w/return code = -22
[ 1630.962208][T12704] Mount JFS Failure: -22
[ 1630.966491][T12704] jfs_mount failed w/return code = -22
[ 1630.973569][T12704] Mount JFS Failure: -22
[ 1630.978323][T12704] jfs_mount failed w/return code = -22
[ 1630.984845][T12704] Mount JFS Failure: -22
[ 1630.990494][T12704] jfs_mount failed w/return code = -22
[ 1630.996965][T12704] Mount JFS Failure: -22
[ 1631.002098][T12704] jfs_mount failed w/return code = -22
[ 1631.010598][T12704] Mount JFS Failure: -22
[ 1631.014869][T12704] jfs_mount failed w/return code = -22
[ 1631.023466][T12704] Mount JFS Failure: -22
[ 1631.027972][T12704] jfs_mount failed w/return code = -22
[ 1631.034391][T12704] Mount JFS Failure: -22
[ 1631.039409][T12704] jfs_mount failed w/return code = -22
[ 1631.045888][T12704] Mount JFS Failure: -22
[ 1631.050520][T12704] jfs_mount failed w/return code = -22
[ 1631.063142][T12704] Mount JFS Failure: -22
[ 1631.067399][T12704] jfs_mount failed w/return code = -22
[ 1631.080095][T12704] Mount JFS Failure: -22
[ 1631.084366][T12704] jfs_mount failed w/return code = -22
[ 1631.094383][T12704] Mount JFS Failure: -22
[ 1631.098916][T12704] jfs_mount failed w/return code = -22
[ 1631.105347][T12704] Mount JFS Failure: -22
[ 1631.110288][T12704] jfs_mount failed w/return code = -22
[ 1631.116834][T12704] Mount JFS Failure: -22
[ 1631.121188][ T5884] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[ 1631.129123][T12704] jfs_mount failed w/return code = -22
[ 1631.136154][T12704] Mount JFS Failure: -22
[ 1631.140919][T12704] jfs_mount failed w/return code = -22
[ 1631.147352][T12704] Mount JFS Failure: -22
[ 1631.151965][T12704] jfs_mount failed w/return code = -22
[ 1631.159733][T12704] Mount JFS Failure: -22
[ 1631.164119][ T5884] usb 1-1: device descriptor read/8, error -71
[ 1631.170723][T12704] jfs_mount failed w/return code = -22
[ 1631.177199][T12704] Mount JFS Failure: -22
[ 1631.181962][T12704] jfs_mount failed w/return code = -22
[ 1631.188950][T12704] Mount JFS Failure: -22
[ 1631.193211][T12704] jfs_mount failed w/return code = -22
[ 1631.200315][T12704] Mount JFS Failure: -22
[ 1631.204585][T12704] jfs_mount failed w/return code = -22
[ 1631.211682][T12704] Mount JFS Failure: -22
[ 1631.216035][T12704] jfs_mount failed w/return code = -22
[ 1631.235838][T12704] Mount JFS Failure: -22
[ 1631.243526][T12704] jfs_mount failed w/return code = -22
[ 1631.250128][T12704] Mount JFS Failure: -22
[ 1631.254385][T12704] jfs_mount failed w/return code = -22
[ 1631.262596][T12704] Mount JFS Failure: -22
[ 1631.266872][T12704] jfs_mount failed w/return code = -22
[ 1631.273517][T12704] Mount JFS Failure: -22
[ 1631.280051][ T5884] usb usb1-port1: unable to enumerate USB device
[ 1631.287040][T12704] jfs_mount failed w/return code = -22
[ 1631.293786][T12704] Mount JFS Failure: -22
[ 1631.298848][T12704] jfs_mount failed w/return code = -22
[ 1631.305295][T12704] Mount JFS Failure: -22
[ 1631.309765][T12704] jfs_mount failed w/return code = -22
[ 1631.316227][T12704] Mount JFS Failure: -22
[ 1631.320906][T12704] jfs_mount failed w/return code = -22
[ 1631.327280][T12704] Mount JFS Failure: -22
[ 1631.332538][T12704] jfs_mount failed w/return code = -22
[ 1631.340124][T12704] Mount JFS Failure: -22
[ 1631.344410][T12704] jfs_mount failed w/return code = -22
[ 1631.351958][T12704] Mount JFS Failure: -22
[ 1631.356208][T12704] jfs_mount failed w/return code = -22
[ 1631.364167][T12704] Mount JFS Failure: -22
[ 1631.368535][T12704] jfs_mount failed w/return code = -22
[ 1631.374843][T12704] Mount JFS Failure: -22
[ 1631.379522][T12704] jfs_mount failed w/return code = -22
[ 1631.385942][T12704] Mount JFS Failure: -22
[ 1631.390389][T12704] jfs_mount failed w/return code = -22
[ 1631.397499][T12704] Mount JFS Failure: -22
[ 1631.402264][T12704] jfs_mount failed w/return code = -22
[ 1631.408885][T12704] Mount JFS Failure: -22
[ 1631.413141][T12704] jfs_mount failed w/return code = -22
[ 1631.420529][T12704] Mount JFS Failure: -22
[ 1631.424788][T12704] jfs_mount failed w/return code = -22
[ 1631.431503][T12704] Mount JFS Failure: -22
[ 1631.435758][T12704] jfs_mount failed w/return code = -22
[ 1631.445646][T12704] Mount JFS Failure: -22
[ 1631.450262][T12704] jfs_mount failed w/return code = -22
[ 1631.456834][T12704] Mount JFS Failure: -22
[ 1631.464131][T12704] jfs_mount failed w/return code = -22
[ 1631.471780][T12704] Mount JFS Failure: -22
[ 1631.476049][T12704] jfs_mount failed w/return code = -22
[ 1631.483130][T12704] Mount JFS Failure: -22
[ 1631.489604][T12704] jfs_mount failed w/return code = -22
[ 1631.496308][T12704] Mount JFS Failure: -22
[ 1631.501849][T12704] jfs_mount failed w/return code = -22
[ 1631.510803][T12704] Mount JFS Failure: -22
[ 1631.515056][T12704] jfs_mount failed w/return code = -22
[ 1631.521592][T12704] Mount JFS Failure: -22
[ 1631.525839][T12704] jfs_mount failed w/return code = -22
[ 1631.532958][T12704] Mount JFS Failure: -22
[ 1631.537212][T12704] jfs_mount failed w/return code = -22
[ 1631.543869][T12704] Mount JFS Failure: -22
[ 1631.551568][T12704] jfs_mount failed w/return code = -22
[ 1631.681873][T12716] syz.9.8050: vmalloc error: size 16105472, failed to allocated page array size 31456, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1631.701046][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1631.707274][T12716] CPU: 1 UID: 0 PID: 12716 Comm: syz.9.8050 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1631.707293][T12716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1631.707302][T12716] Call Trace:
[ 1631.707308][T12716]  <TASK>
[ 1631.707315][T12716]  dump_stack_lvl+0x189/0x250
[ 1631.707337][T12716]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1631.707353][T12716]  ? __pfx__printk+0x10/0x10
[ 1631.707382][T12716]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1631.707399][T12716]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1631.707416][T12716]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 1631.707434][T12716]  warn_alloc+0x214/0x310
[ 1631.707455][T12716]  ? __pfx_warn_alloc+0x10/0x10
[ 1631.707477][T12716]  ? __get_vm_area_node+0x28f/0x300
[ 1631.707492][T12716]  ? kvm_set_memslot+0x4e2/0x1310
[ 1631.707517][T12716]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 1631.707549][T12716]  ? kvm_set_memslot+0x3e/0x1310
[ 1631.707572][T12716]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1631.707595][T12716]  ? kvm_set_memslot+0x4e2/0x1310
[ 1631.707616][T12716]  __vmalloc_noprof+0xb1/0xf0
[ 1631.707632][T12716]  ? kvm_set_memslot+0x4e2/0x1310
[ 1631.707664][T12716]  kvm_set_memslot+0x4e2/0x1310
[ 1631.707698][T12716]  ? kvm_set_memory_region+0x775/0xc00
[ 1631.707723][T12716]  kvm_set_memory_region+0x9bb/0xc00
[ 1631.707756][T12716]  kvm_vm_ioctl_set_memory_region+0x6f/0xa0
[ 1631.707779][T12716]  kvm_vm_ioctl+0x957/0xc60
[ 1631.707801][T12716]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[ 1631.707824][T12716]  ? do_vfs_ioctl+0x12ba/0x1990
[ 1631.707847][T12716]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1631.707885][T12716]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1631.707907][T12716]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1631.707927][T12716]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[ 1631.707945][T12716]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1631.707966][T12716]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1631.708005][T12716]  ? __lock_acquire+0xab9/0xd20
[ 1631.708057][T12716]  ? __fget_files+0x2a/0x420
[ 1631.708085][T12716]  ? __fget_files+0x2a/0x420
[ 1631.708109][T12716]  ? __fget_files+0x3a0/0x420
[ 1631.708133][T12716]  ? __fget_files+0x2a/0x420
[ 1631.708161][T12716]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1631.708192][T12716]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[ 1631.708210][T12716]  __se_sys_ioctl+0xfc/0x170
[ 1631.708232][T12716]  do_syscall_64+0xfa/0x3b0
[ 1631.708255][T12716]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1631.708275][T12716]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1631.708295][T12716]  ? clear_bhb_loop+0x60/0xb0
[ 1631.708330][T12716]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1631.708348][T12716] RIP: 0033:0x7f251918e929
[ 1631.708365][T12716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1631.708389][T12716] RSP: 002b:00007f2519f86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1631.708408][T12716] RAX: ffffffffffffffda RBX: 00007f25193b6080 RCX: 00007f251918e929
[ 1631.708422][T12716] RDX: 0000200000000080 RSI: 000000004020ae46 RDI: 000000000000000a
[ 1631.708434][T12716] RBP: 00007f2519210b39 R08: 0000000000000000 R09: 0000000000000000
[ 1631.708446][T12716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1631.708458][T12716] R13: 0000000000000000 R14: 00007f25193b6080 R15: 00007ffe46bcb0c8
[ 1631.708487][T12716]  </TASK>
[ 1632.029470][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1632.040523][T12716] Mem-Info:
[ 1632.043691][T12716] active_anon:10924 inactive_anon:0 isolated_anon:0
[ 1632.043691][T12716]  active_file:8475 inactive_file:49810 isolated_file:0
[ 1632.043691][T12716]  unevictable:768 dirty:93 writeback:8
[ 1632.043691][T12716]  slab_reclaimable:11544 slab_unreclaimable:112580
[ 1632.043691][T12716]  mapped:36081 shmem:1433 pagetables:2050
[ 1632.043691][T12716]  sec_pagetables:0 bounce:0
[ 1632.043691][T12716]  kernel_misc_reclaimable:0
[ 1632.043691][T12716]  free:1247995 free_pcp:18141 free_cma:0
[ 1632.095513][T12716] Node 0 active_anon:43652kB inactive_anon:0kB active_file:33884kB inactive_file:199004kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:144264kB dirty:372kB writeback:32kB shmem:4152kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:14284kB pagetables:7996kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1632.137979][T12716] Node 1 active_anon:0kB inactive_anon:0kB active_file:16kB inactive_file:236kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:52kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1632.172374][T12716] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1632.203382][T12716] lowmem_reserve[]: 0 2497 2498 2498 2498
[ 1632.209588][T12716] Node 0 DMA32 free:1113020kB boost:0kB min:34232kB low:42788kB high:51344kB reserved_highatomic:0KB free_highatomic:0KB active_anon:43608kB inactive_anon:0kB active_file:33884kB inactive_file:197684kB unevictable:1536kB writepending:404kB present:3129332kB managed:2557012kB mlocked:0kB bounce:0kB free_pcp:30480kB local_pcp:10996kB free_cma:0kB
[ 1632.242008][T12716] lowmem_reserve[]: 0 0 1 1 1
[ 1632.246738][T12716] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[ 1632.285166][T12716] lowmem_reserve[]: 0 0 0 0 0
[ 1632.295290][T12716] Node 1 Normal free:3863500kB boost:0kB min:55652kB low:69564kB high:83476kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:16kB inactive_file:236kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:42160kB local_pcp:21264kB free_cma:0kB
[ 1632.330375][T12716] lowmem_reserve[]: 0 0 0 0 0
[ 1632.335134][T12716] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1632.348227][T12716] Node 0 DMA32: 3589*4kB (UME) 1135*8kB (UME) 691*16kB (UME) 406*32kB (UME) 189*64kB (UME) 44*128kB (UME) 41*256kB (UME) 22*512kB (UM) 6*1024kB (UM) 12*2048kB (UME) 243*4096kB (UM) = 1113020kB
[ 1632.370681][T12716] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[ 1632.382825][T12716] Node 1 Normal: 205*4kB (UM) 71*8kB (UE) 36*16kB (UME) 23*32kB (UME) 81*64kB (UME) 36*128kB (UME) 19*256kB (UM) 12*512kB (UM) 8*1024kB (UM) 5*2048kB (UM) 933*4096kB (UM) = 3863500kB
[ 1632.402450][T12716] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1632.412057][T12716] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 1632.421398][T12716] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1632.431099][T12716] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 1632.440645][T12716] 59703 total pagecache pages
[ 1632.445344][T12716] 0 pages in swap cache
[ 1632.452750][T12716] Free swap  = 124996kB
[ 1632.456916][T12716] Total swap = 124996kB
[ 1632.461121][T12716] 2097051 pages RAM
[ 1632.464930][T12716] 0 pages HighMem/MovableOnly
[ 1632.473600][T12716] 425820 pages reserved
[ 1632.478860][T12716] 0 pages cma reserved
[ 1632.605193][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1632.665514][T12731] netlink: 'syz.5.8052': attribute type 10 has an invalid length.
[ 1632.779843][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1632.902232][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1632.995070][T12753] netlink: 'syz.5.8056': attribute type 1 has an invalid length.
[ 1633.017862][T11972] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[ 1633.177775][T11972] usb 1-1: Using ep0 maxpacket: 32
[ 1633.188701][T11972] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[ 1633.198070][T11972] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1633.206900][T11972] usb 1-1: Product: syz
[ 1633.211779][T11972] usb 1-1: Manufacturer: syz
[ 1633.216404][T11972] usb 1-1: SerialNumber: syz
[ 1633.226187][T11972] usb 1-1: config 0 descriptor??
[ 1633.235942][T11972] gspca_main: stk1135-2.14.0 probing 174f:6a31
[ 1633.377924][   T10] usb 10-1: new high-speed USB device number 39 using dummy_hcd
[ 1633.539568][   T10] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1633.556007][   T10] usb 10-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1633.566199][   T10] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1633.582560][   T10] usb 10-1: config 0 descriptor??
[ 1633.781278][T11674] udevd[11674]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1633.812684][   T10] usbhid 10-1:0.0: can't add hid device: -71
[ 1633.839353][   T10] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[ 1633.886804][   T10] usb 10-1: USB disconnect, device number 39
[ 1633.928587][T12786] netlink: 'syz.5.8061': attribute type 72 has an invalid length.
[ 1634.317958][   T10] usb 10-1: new high-speed USB device number 40 using dummy_hcd
[ 1634.477994][   T10] usb 10-1: Using ep0 maxpacket: 32
[ 1634.486194][   T10] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1634.497550][   T10] usb 10-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[ 1634.506809][   T10] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1634.522047][   T10] usb 10-1: config 0 descriptor??
[ 1634.532688][   T10] ldusb 10-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[ 1634.545255][   T10] ldusb 10-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[ 1634.735229][ T5835] usb 10-1: USB disconnect, device number 40
[ 1634.753355][ T5835] ldusb 10-1:0.0: LD USB Device #0 now disconnected
[ 1635.195740][T12821] netlink: 'syz.8.8067': attribute type 11 has an invalid length.
[ 1635.333791][T12825] befs: (nbd8): No write support. Marking filesystem read-only
[ 1635.344103][T12825] bio_check_eod: 2 callbacks suppressed
[ 1635.344116][T12825] syz.8.8070: attempt to access beyond end of device
[ 1635.344116][T12825] nbd8: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1635.365754][T12825] befs: (nbd8): unable to read superblock
[ 1635.462179][T11972] gspca_stk1135: reg_w 0x2ff err -71
[ 1635.477168][T11972] gspca_stk1135: serial bus timeout: status=0x00
[ 1635.484009][T11972] gspca_stk1135: Sensor write failed
[ 1635.489944][T11972] gspca_stk1135: serial bus timeout: status=0x00
[ 1635.499042][T11972] gspca_stk1135: Sensor write failed
[ 1635.517883][T11972] gspca_stk1135: serial bus timeout: status=0x00
[ 1635.524244][T11972] gspca_stk1135: Sensor read failed
[ 1635.535855][T11972] gspca_stk1135: serial bus timeout: status=0x00
[ 1635.543462][T11972] gspca_stk1135: Sensor read failed
[ 1635.549224][T11972] gspca_stk1135: Detected sensor type unknown (0x0)
[ 1635.556117][T11972] gspca_stk1135: serial bus timeout: status=0x00
[ 1635.563682][T11972] gspca_stk1135: Sensor read failed
[ 1635.569229][T11972] gspca_stk1135: serial bus timeout: status=0x00
[ 1635.576551][T11972] gspca_stk1135: Sensor read failed
[ 1635.581880][T11972] gspca_stk1135: serial bus timeout: status=0x00
[ 1635.597712][T11972] gspca_stk1135: Sensor write failed
[ 1635.603092][T11972] gspca_stk1135: serial bus timeout: status=0x00
[ 1635.609688][T11972] gspca_stk1135: Sensor write failed
[ 1635.615068][T11972] stk1135 1-1:0.0: probe with driver stk1135 failed with error -71
[ 1635.627950][T11972] usb 1-1: USB disconnect, device number 91
[ 1636.758154][   T31] INFO: task syz.7.7232:6669 blocked for more than 143 seconds.
[ 1636.765820][   T31]       Not tainted 6.16.0-rc3-next-20250626-syzkaller #0
[ 1636.777745][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1636.786704][   T31] task:syz.7.7232      state:D stack:25608 pid:6669  tgid:6668  ppid:21354  task_flags:0x400140 flags:0x00004004
[ 1636.799358][   T31] Call Trace:
[ 1636.802682][   T31]  <TASK>
[ 1636.805625][   T31]  __schedule+0x16f5/0x4d00
[ 1636.811270][   T31]  ? schedule+0x165/0x360
[ 1636.815715][   T31]  ? __pfx___schedule+0x10/0x10
[ 1636.821334][   T31]  ? schedule+0x91/0x360
[ 1636.825690][   T31]  schedule+0x165/0x360
[ 1636.830417][   T31]  io_schedule+0x80/0xd0
[ 1636.834859][   T31]  folio_wait_bit_common+0x6b0/0xb90
[ 1636.840626][   T31]  ? __pfx_folio_wait_bit_common+0x10/0x10
[ 1636.846698][   T31]  ? __pfx_wake_page_function+0x10/0x10
[ 1636.852536][   T31]  ? __pfx_filemap_get_folios_tag+0x10/0x10
[ 1636.858825][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1636.863684][   T31]  folio_wait_writeback+0xb0/0x100
[ 1636.869063][   T10] usb 10-1: new high-speed USB device number 41 using dummy_hcd
[ 1636.881471][   T31]  __filemap_fdatawait_range+0x147/0x230
[ 1636.897845][   T31]  ? __pfx___filemap_fdatawait_range+0x10/0x10
[ 1636.909051][   T31]  filemap_fdatawait_keep_errors+0x31/0xd0
[ 1636.914930][   T31]  ? sync_inodes_sb+0x261/0xa10
[ 1636.921646][T11649] udevd[11649]: symlink '../../loop5' '/dev/disk/by-diskseq/130.tmp-b7:5' failed: Read-only file system
[ 1636.932989][   T31]  sync_inodes_sb+0x7a9/0xa10
[ 1636.941666][   T31]  ? down_read+0x1ad/0x2e0
[ 1636.946132][   T31]  ? sync_inodes_sb+0x261/0xa10
[ 1636.951125][   T31]  ? __pfx_sync_inodes_sb+0x10/0x10
[ 1636.956358][   T31]  ? do_raw_spin_unlock+0x122/0x240
[ 1636.962129][   T31]  __iterate_supers+0x13d/0x250
[ 1636.966989][   T31]  ? __pfx_sync_inodes_one_sb+0x10/0x10
[ 1636.972602][   T31]  ksys_sync+0x94/0x150
[ 1636.976902][   T31]  ? __pfx_ksys_sync+0x10/0x10
[ 1636.981718][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1636.986509][   T31]  ? do_syscall_64+0xbe/0x3b0
[ 1636.991277][   T31]  __ia32_sys_sync+0xe/0x20
[ 1636.996101][   T31]  do_syscall_64+0xfa/0x3b0
[ 1637.000692][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1637.005913][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1637.012046][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1637.016749][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1637.022880][   T31] RIP: 0033:0x7fbe5598e929
[ 1637.027482][   T31] RSP: 002b:00007fbe568ac038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 1637.035956][   T31] RAX: ffffffffffffffda RBX: 00007fbe55bb5fa0 RCX: 00007fbe5598e929
[ 1637.044238][   T10] usb 10-1: Using ep0 maxpacket: 8
[ 1637.049433][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1637.057427][   T31] RBP: 00007fbe55bb5fa0 R08: 0000000000000000 R09: 0000000000000000
[ 1637.065632][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1637.073996][   T31] R13: 0000000000000000 R14: 00007fbe55bb5fa0 R15: 00007ffdb22ab6c8
[ 1637.083383][   T31]  </TASK>
[ 1637.086527][   T31] 
[ 1637.086527][   T31] Showing all locks held in the system:
[ 1637.094547][   T10] usb 10-1: unable to get BOS descriptor or descriptor too short
[ 1637.103038][   T31] 3 locks held by kworker/0:1/10:
[ 1637.108722][   T10] usb 10-1: config 7 has an invalid interface number: 194 but max is 0
[ 1637.117244][   T31] 1 lock held by khungtaskd/31:
[ 1637.122192][   T10] usb 10-1: config 7 has no interface number 0
[ 1637.128525][   T31]  #0: ffffffff8e33bf20 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1637.138600][   T31] 4 locks held by kworker/u8:4/59:
[ 1637.143886][   T31]  #0: ffff8880b8739f58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[ 1637.154269][   T31]  #1: ffff8880b8723f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39a/0x6d0
[ 1637.165821][   T31]  #2: ffff8880b8725958 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x1ae/0xf30
[ 1637.175095][   T31]  #3: ffffffff99f0af88 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0xbb/0x420
[ 1637.185528][   T31] 1 lock held by klogd/5194:
[ 1637.190435][   T31]  #0: ffff8880b8739f58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[ 1637.200954][   T10] usb 10-1: New USB device found, idVendor=2019, idProduct=ed18, bcdDevice=ca.21
[ 1637.211051][   T10] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1637.219198][   T31] 2 locks held by getty/5596:
[ 1637.223882][   T31]  #0: ffff888034d7e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1637.233689][   T10] usb 10-1: Product: syz
[ 1637.238008][   T10] usb 10-1: Manufacturer: syz
[ 1637.242691][   T10] usb 10-1: SerialNumber: syz
[ 1637.248053][   T31]  #1: ffffc9000331b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1637.259342][   T31] 3 locks held by syz.0.3117/14030:
[ 1637.269403][   T31]  #0: ffff888021702428 (sb_writers#12){.+.+}-{0:0}, at: vfs_writev+0x288/0x960
[ 1637.279143][   T31]  #1: ffff88805b351b08 (&sb->s_type->i_mutex_key#20){++++}-{4:4}, at: netfs_start_io_write+0xd8/0x100
[ 1637.290365][   T31]  #2: ffff88805b351ec0 (&ctx->wb_lock){+.+.}-{4:4}, at: netfs_begin_writethrough+0x65/0x140
[ 1637.302028][   T31] 4 locks held by kworker/u8:7/22327:
[ 1637.307477][   T31]  #0: ffff88801b6fe948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1637.323083][   T31]  #1: ffffc9000da7fbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1637.333805][   T31]  #2: ffffffff8f71da50 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[ 1637.343263][   T31]  #3: ffffffff8e341900 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[ 1637.353467][   T31] 2 locks held by syz.7.7232/6669:
[ 1637.358783][   T31]  #0: ffff8880217020e0 (&type->s_umount_key#50){++++}-{4:4}, at: super_lock+0x2a9/0x3b0
[ 1637.369173][   T31]  #1: ffff888021702950 (&s->s_sync_lock){+.+.}-{4:4}, at: sync_inodes_sb+0x255/0xa10
[ 1637.378986][   T31] 
[ 1637.381362][   T31] =============================================
[ 1637.381362][   T31] 
[ 1637.392719][   T31] NMI backtrace for cpu 0
[ 1637.392737][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1637.392761][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1637.392773][   T31] Call Trace:
[ 1637.392781][   T31]  <TASK>
[ 1637.392790][   T31]  dump_stack_lvl+0x189/0x250
[ 1637.392820][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1637.392847][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1637.392870][   T31]  ? __pfx__printk+0x10/0x10
[ 1637.392905][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1637.392939][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1637.392966][   T31]  ? _printk+0xcf/0x120
[ 1637.392993][   T31]  ? __pfx__printk+0x10/0x10
[ 1637.393017][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1637.393050][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1637.393083][   T31]  watchdog+0xfee/0x1030
[ 1637.393124][   T31]  ? watchdog+0x1de/0x1030
[ 1637.393156][   T31]  kthread+0x711/0x8a0
[ 1637.393182][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1637.393206][   T31]  ? __pfx_kthread+0x10/0x10
[ 1637.393236][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1637.393253][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1637.393271][   T31]  ? __pfx_kthread+0x10/0x10
[ 1637.393295][   T31]  ret_from_fork+0x3fc/0x770
[ 1637.393326][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1637.393360][   T31]  ? __switch_to_asm+0x39/0x70
[ 1637.393381][   T31]  ? __switch_to_asm+0x33/0x70
[ 1637.393403][   T31]  ? __pfx_kthread+0x10/0x10
[ 1637.393426][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1637.393462][   T31]  </TASK>
[ 1637.393487][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1637.551836][    C1] NMI backtrace for cpu 1
[ 1637.551853][    C1] CPU: 1 UID: 0 PID: 12855 Comm: syz.9.8077 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1637.551876][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1637.551887][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x70
[ 1637.551912][    C1] Code: 8b 3d 14 78 08 0c 48 89 de 5b e9 a3 19 59 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0c 25 08 a0 c3 92 65 8b 15 98 93 03 11 81 e2 00 01 ff 00
[ 1637.551927][    C1] RSP: 0018:ffffc900043fefd8 EFLAGS: 00000202
[ 1637.551948][    C1] RAX: ffffffff822d4363 RBX: 0000000000000001 RCX: 9c302d74eb604f00
[ 1637.551962][    C1] RDX: ffff88805a9d3c00 RSI: ffffffff8be4abe0 RDI: ffffffff8be4aba0
[ 1637.551975][    C1] RBP: ffff88801dd2dbd0 R08: ffff88801dd2db87 R09: 1ffff11003ba5b70
[ 1637.551987][    C1] R10: dffffc0000000000 R11: ffffed1003ba5b71 R12: 0000000000000000
[ 1637.551999][    C1] R13: 0000000000000001 R14: ffffffff822d3f0a R15: 0000000000000000
[ 1637.552010][    C1] FS:  00007f2519fa76c0(0000) GS:ffff888125ae6000(0000) knlGS:0000000000000000
[ 1637.552024][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1637.552034][    C1] CR2: 00007fd9e3f83338 CR3: 000000005090a000 CR4: 00000000003526f0
[ 1637.552048][    C1] Call Trace:
[ 1637.552054][    C1]  <TASK>
[ 1637.552060][    C1]  __update_page_owner_handle+0x4b3/0x570
[ 1637.552082][    C1]  ? __update_page_owner_handle+0x5a/0x570
[ 1637.552103][    C1]  __set_page_owner+0x10b/0x4a0
[ 1637.552121][    C1]  ? __pfx___set_page_owner+0x10/0x10
[ 1637.552140][    C1]  post_alloc_hook+0x240/0x2a0
[ 1637.552159][    C1]  get_page_from_freelist+0x21e4/0x22c0
[ 1637.552179][    C1]  ? mod_memcg_lruvec_state+0x1bb/0x370
[ 1637.552220][    C1]  ? __pfx_get_page_from_freelist+0x10/0x10
[ 1637.552243][    C1]  ? prepare_alloc_pages+0x213/0x610
[ 1637.552266][    C1]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1637.552287][    C1]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1637.552307][    C1]  ? css_rstat_updated+0x24f/0x4e0
[ 1637.552325][    C1]  ? policy_nodemask+0x27c/0x720
[ 1637.552343][    C1]  alloc_pages_mpol+0x232/0x4a0
[ 1637.552365][    C1]  folio_alloc_mpol_noprof+0x39/0x70
[ 1637.552383][    C1]  shmem_alloc_and_add_folio+0x447/0xf60
[ 1637.552400][    C1]  ? filemap_get_entry+0xad/0x2f0
[ 1637.552419][    C1]  ? filemap_get_entry+0xad/0x2f0
[ 1637.552436][    C1]  ? filemap_get_entry+0xad/0x2f0
[ 1637.552456][    C1]  ? shmem_huge_global_enabled+0x174/0x3a0
[ 1637.552480][    C1]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[ 1637.552501][    C1]  ? shmem_allowable_huge_orders+0x414/0x420
[ 1637.552528][    C1]  shmem_get_folio_gfp+0x59d/0x1660
[ 1637.552560][    C1]  shmem_fault+0x179/0x390
[ 1637.552579][    C1]  __do_fault+0x138/0x390
[ 1637.552598][    C1]  __handle_mm_fault+0x3611/0x5440
[ 1637.552632][    C1]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1637.552664][    C1]  ? follow_page_pte+0x7ef/0x13e0
[ 1637.552683][    C1]  handle_mm_fault+0x40a/0x8e0
[ 1637.552711][    C1]  __get_user_pages+0x1699/0x2ce0
[ 1637.552749][    C1]  populate_vma_page_range+0x29f/0x3a0
[ 1637.552777][    C1]  ? __pfx_populate_vma_page_range+0x10/0x10
[ 1637.552800][    C1]  ? userfaultfd_unmap_complete+0x278/0x2d0
[ 1637.552818][    C1]  ? down_read+0x1ad/0x2e0
[ 1637.552839][    C1]  __mm_populate+0x24c/0x380
[ 1637.552863][    C1]  ? __pfx___mm_populate+0x10/0x10
[ 1637.552887][    C1]  ? up_write+0x1c4/0x420
[ 1637.552908][    C1]  vm_mmap_pgoff+0x3f0/0x4c0
[ 1637.552934][    C1]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 1637.552963][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1637.552979][    C1]  ? ksys_mmap_pgoff+0xf4/0x760
[ 1637.553004][    C1]  ? __x64_sys_mmap+0x7f/0x140
[ 1637.553020][    C1]  do_syscall_64+0xfa/0x3b0
[ 1637.553040][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1637.553058][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1637.553074][    C1]  ? clear_bhb_loop+0x60/0xb0
[ 1637.553092][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1637.553107][    C1] RIP: 0033:0x7f251918e929
[ 1637.553121][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1637.553135][    C1] RSP: 002b:00007f2519fa7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1637.553151][    C1] RAX: ffffffffffffffda RBX: 00007f25193b5fa0 RCX: 00007f251918e929
[ 1637.553163][    C1] RDX: 0000000001000005 RSI: 0000000000b36000 RDI: 0000200000000000
[ 1637.553175][    C1] RBP: 00007f2519210b39 R08: ffffffffffffffff R09: 0000000000000000
[ 1637.553188][    C1] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000
[ 1637.553199][    C1] R13: 0000000000000000 R14: 00007f25193b5fa0 R15: 00007ffe46bcb0c8
[ 1637.553217][    C1]  </TASK>
[ 1637.554115][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1638.007852][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1638.019128][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1638.029192][   T31] Call Trace:
[ 1638.032478][   T31]  <TASK>
[ 1638.035404][   T31]  dump_stack_lvl+0x99/0x250
[ 1638.039997][   T31]  ? __asan_memcpy+0x40/0x70
[ 1638.044597][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1638.049806][   T31]  ? __pfx__printk+0x10/0x10
[ 1638.054411][   T31]  panic+0x2db/0x790
[ 1638.058313][   T31]  ? __pfx_panic+0x10/0x10
[ 1638.062733][   T31]  ? __pfx_delay_tsc+0x10/0x10
[ 1638.067507][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 1638.073313][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1638.078688][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 1638.084850][   T31]  watchdog+0x102d/0x1030
[ 1638.089193][   T31]  ? watchdog+0x1de/0x1030
[ 1638.093754][   T31]  kthread+0x711/0x8a0
[ 1638.097840][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1638.102524][   T31]  ? __pfx_kthread+0x10/0x10
[ 1638.107119][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1638.112323][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1638.117523][   T31]  ? __pfx_kthread+0x10/0x10
[ 1638.122139][   T31]  ret_from_fork+0x3fc/0x770
[ 1638.126746][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1638.131867][   T31]  ? __switch_to_asm+0x39/0x70
[ 1638.136639][   T31]  ? __switch_to_asm+0x33/0x70
[ 1638.141418][   T31]  ? __pfx_kthread+0x10/0x10
[ 1638.146016][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1638.150807][   T31]  </TASK>
[ 1638.154229][   T31] Kernel Offset: disabled
[ 1638.158551][   T31] Rebooting in 86400 seconds..