last executing test programs: 6m42.418031918s ago: executing program 1 (id=3724): r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x56db00, 0x0) (async) ioperm(0x8, 0x3, 0x163b) (async) r2 = socket$inet6(0xa, 0x3, 0x88) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000980)={{{@in=@rand_addr=0x64010102, @in=@local, 0xee24, 0x4, 0x0, 0x8001, 0x2, 0x0, 0x0, 0x2c}, {0x0, 0x200000006, 0x40000000007, 0x20000a0de, 0x100000000, 0x0, 0x200004003, 0x9}, {0x5, 0x0, 0x2, 0x8000}, 0x5, 0x0, 0x1, 0x0, 0x5, 0x3}, {{@in6=@dev={0xfe, 0x80, '\x00', 0x16}, 0x0, 0x6c}, 0x0, @in6=@mcast2, 0x3502, 0x3, 0x8, 0x0, 0x9075, 0x800, 0xc5e}}, 0xe8) (async) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, '\x00', 0x36}, 0x7}, 0x1c) (async) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80) (async) r6 = userfaultfd(0x801) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000140)) (async) ioctl$UFFDIO_COPY(r6, 0xc028aa03, 0x0) (async) mkdir(&(0x7f0000000040)='./file0\x00', 0x32) (async) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000008300), 0x2, 0x0) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000240)={0x200100, 0x200100, 0x8, 0x8}) (async) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f0000000000), 0x8040, &(0x7f0000002100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYRESHEX=r6, @ANYRESHEX=r6, @ANYRES8=r4, @ANYRESDEC=0x0]) (async) syz_fuse_handle_req(r7, &(0x7f0000006300), 0x2000, &(0x7f00000041c0)={&(0x7f00000001c0)={0x50, 0x0, 0x0, {0x7, 0x29, 0x7, 0x22110039, 0x1000, 0x0, 0x7ff, 0x58, 0x0, 0x0, 0x6, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) syz_fuse_handle_req(r7, &(0x7f0000004300)="d5c2280baf4e05cfa1d1112770cf43a123827586f0f2675b130041ff58ba6533ea7947f2f65b1d458fe88a96133ea3927f41fa6976fad8c967c88679769ee674b80debcd1ec6ce1eb490888bd66a52141fa82f51882b22a8e36ff462b51560307cd0048156800ad137f359719a9c5d6ad6a8c999984f22461c4ca6614ca4cbbd5e9103a3459228e3bd35e3c1cd5f2a83fbefafe7c5a39617ba1d856f37977da077ffcf4d52f5bb3feffa9e100b0279cb635a61ae9f5f4491bb1c9f04c041818a1ae9a25cbca38c4b4754a8be4f52db20ca464b3b4faf0ea8ff193b414e7b7a4ec8aec2e77adc43d09c62d37fc0aa6296a56a9445f264a245d41e77de43c2694cc5885ebd454a3b78b60172e3e6a2fd79efa8b5fbbe827512aa0656920858da51616244ad32e53ed039a270c042662bc966a8fa05e23a51c76585a6f753e57c63b5a1dd11c4ce8773702c5c759471b79ee9bed600d99853afda9b675f071bdf6ff4eb99cb1ae0128ac1f8132f9b7bef82221276395e59f1323c9f9f6bb937a9db0bc2088670ffc3e6233ba73d4e324df7bc866e84e82ab707ab8aadd593913dd3533cddb396e804a63155ad6911962bc49bad21faba90b5570b62d98eb5328214a7198b36ea6df9a72dc248311040e01539112e1d6bcb4ed9d7fb70d22768ec6603e4727b6ed2616eb9108524985ccd70f1361f68b1fb7088829acdd59ec5af9e84409737f0d852a3c55993cb7398b5640c458bc036115b86de7b8e68f1cff882ee5707040571c3e5c9602c773459cfecad4917d8ba2902bd64a676e2c6e507d06dbc806c13c0fd18175087440ce7d7300dfe745b8e98ac63b400e449a3f2518c6112c9864fde68f580ebc2d72e4bbd03f16a7289be813c258b02f76ce901afdafc69046c947c9e801ac635b2a95cca291c052c7f8149c92aaeaab41edb34a70604a7538c4bb6486b983416843fe6a65d7b828d66deb991e71526b7627e71c6a795a02e787bc561ec4b65d4742a129c59bc71b323850cb416f3d32494d6dbfe3ea73cb473b093ae0b0ebbbd3e3251ece756b3cc381f05ea1b8c3f7fbcbb16fc446fc084725e6c3a608221aad8d8179112f9e5ee3697346a0dc0645e530df523cf4daea14764c25da2da863adebaccefc2c83a9257b3131ac2fe04a27bf3aea8979b6f3091b4fef99e203725368d297bad3b020273d0b606d2368e2ecb0776349cb86bbcbaa5c910636527e3cbeca06b4135170d8808c5f113fcd77ecb2f099d1e663617a46ffc5275c8fcc339d315ca1583f66fe7a7e6430405c0be889826c07fcafa17f04e08bc39570a1f499092d390c5dba82d259f652307ff941e9f1f569a48144da846f14452df295553de6ef4e9ba0cd98dd16cf89d8bead08eacd4eea71cc5f8232349f2d8519b1172c724d3bbc415c19c9e679b5a96bc9051cf6f243f243366622023ab1b7039a89152e7db97f291bb3f0213c445c25caf5f0a5a2b382c841cd8a490dc97d008966e94ed0b5ce07bcc0c13b39c349e4b596147a633f3a73ab6012a1582d3d283293bd7c01f99cdbad8e18d24867c39ed0dc3fc3cc800edd23af24b225acb2cca5aa264bcda40e1432cf2cc0050efdff48fd49ae4225a983d1b12facbaaba73294eb225fff64a677d0ed2cd71bab61b3fde8a1fdae638d2036283a8a4ff5a548d05cb706f56ce7e3f55a688fa6c70393c53c33be11f34a38f61f80c8e94e50fc9d7c3695d234705bb9e0b2a8316cf54d7963f548d49f153bf796d0970ed1264c19d79eb77fd0aad4844796cec73a08206b9eca76f2ad76318a20d52e7d3338eac40d03775cca0c2b29a451cb10bc141289c2703198e7137200a360463000fab97d0da72a7b4e8aadfa8a2e559a7d06bf49d6d4a932cb29994ef7ca0c1beabf05b898bb2338e89a67373d50614300f13523fe451d4058e5a522d364ec884099ee3c6e6db8d4ec1e5dc08d127b6301a308a1d6798878c28ef828b91b529a22b7519d249a189a7eb942b94ce26148ea8bf16a44261cd9691ba980ec2d0c710dbee41756cb39b88213ad5763239ae7636e983580c41a40b0f3a3af9fa6f995ed1981d073f63a623554bb01869bdfda190bc8d9507cc067b897e1c5f0d087cf8dfcb171169541fa3cce7c3a620544c74f2d3234935a0acf6c804c43992812925cbaaa24f497e7a00efb20c45c7acb80adb3322cbe0f08d1015b40f5ae1366003ebea977b7b95f803487d10aedca3fd018cfa7b267dae604ed0ada202cbebd731f86b7c6764911d4ff0c75a318ee43b1b556781ac58fbd773b2bd0dd693f9b12fa149bbe392cb2d6bf72015912f4a120e47654d42d14107c67b4502b5ad62044d0022c7f8b255a3e46da4bb8f9e44515e4076ce7b1aefd57c4e264b2cbee4a9e8612ce8517b028067644c927a9ce7564449c8fb0471a87b9b76f374c7c2559379a3004326bdc91be5ec52672dc5fac0883ec527f2a1248601bb9267c3123568b815b90b40ba06c250e3068dee2d7fc232141eaaa130443a5775d049464ec454a7c980d9eebaa4f67a75075a6bc28ded9a5f07fe658a2b9eafa37f14055155409d1aa50be6343d13d515d0531b84644d2f58c280d6d008dee95607f67eb74c900f664d97f411f4ac6afc18f11b6fb75e78b3ff25680ed3bbf5b20969678475b86faa02a751e4cec87735645753f245047371c9e6e2e7ab5a9ea3182b4c96934a21b9df3628b478f5ef705aeda49a0609d4b8f5bf34424581557d029438306002fd4e9cff5a2d4e7d5e23c2992032d314b8fbb46ccda250070fc1b679c9c8646c5fe22d8fe2e0fff73d8153fc46ef7885aeaa2d1eabbe455544d46fdef8e3ef9debfe589870942bcc7196e62736e927c311782b5e4da2889d530a7c1550bff4909d2055941655cbcc5c924a477c80fc3b8a904cd9e62f5fb005b5b00154db5becbe327c0f3ec8314ef3fb53977ec24ff7d15aa83a13b23ab99c5332306023005d2dfb70d3ea2aefababd019ae16d304c083e38997cc94bdeb746fc151849c98dc2a23554e6fe789d3aba8bf4e31133c7f93a3cdcd884271dfdd2c45be398a5349ef5d08456178dfafa31cb4c607f09394d71b3405b3d615c7c59c125db88f72380140345d24c56094711dd833221d6b7c5864d049585605c1301c31982d19e403b601b797fe99d0bbfe30d647a913da72b4c5306f6123e7c572828308a9a8f4c686d07125d0006229c2e890ff7d3c354dde61ccd3b26069a81a98e112e61a930f253d607cda5023f002a09df6b1371638d9661c5a06bed166434f07120ad21476de8ad47296af4b449d581cddc74f9be42a84596fb0634f330a856216a9b32b080c8b66e9f51a758b9ca2e1215ddfe633714ca512032f6547217b1a60fcdb27ac8a04bc7851718b38607bc92c13118a323c3221bad99a8639762abcc4a08654da9938aeb301c55546f5ae7f61439dd883a1b2dede156a57c805ab12337d5381a2fb25b32916a8827fc4de8e2ecc70eeebeb01659d6bf88055477b863fb897d5db275a0c222d261e7df79474858b721e57747fe8997faaf36f5f175b23dd3c5efb2b93fb5824da18d635cd7027a3b0b1c87e7c90a5681682b8a7c47dc82fdd3f329c7b60270100dec8ccdd310245b92f4b0bd9a92e1f2a5733b1b91966be15a4761b06f6fe3b05b60ee7964b4d028257c2210ca88031db0590190d3714c1b6ec86e2821dca03db2fc0c9f0ad9800d1773c8037e9b38c7eb7c99618b731e0526f8453c7e1bb67cffcc2d96cc297e1f917b13dd7dda2a8b12191ed107c1e076ffd4965b9415f830be97935cac23a87f07e26354273c2663c7ef19a27dfe08543fa057e1285c909051602981f5929078214058684bc80bed493f6ef853012cb654d180e414fd484f5cb2cfd06c9b753f417697ff42794649e05fcaa3d53ad0fdfbb0db57dc549115e59978b14dd621370d136176098af2f39a2de72482a29b616e8b308b3d9b46ac9abf3d57ff89fe59b5a97966cc4b97d06c20ee4fd765e1c2abce54dc271a7c7efe656648800c27a9988583b4b76572222cb28916b9ff5f6f649de93923179809405c879a90cb450f604cbe8af55cf2a6d844a59ab0393b394e09c79e1b3c403af6eba69330f6969f78a49eb7022e77a39363f11e07fcc69f670f63c11497352f3f5bfea0aee446da35428cebe28f1c2d23ef3ff97e16ceeb2f88ab19b2b69dcdcc81b947b483cc06c776c52232489f86f4c377eb38056042e2e9e0943fc0ef1490df472b9b244235598894a2ffc296f0a2e4257baca6a3ea8cfb1a22ea8295ab9e5faaa2a9e964ae7625dbf945cdbb369265f429d475ab69413cc5bcb89af57b1b966bd0076f799a401d4b46e5045aceb1ef36e5bbfb037bb7681f2a38ef1df9b84baa3598201d13a813165355bf052bb5e456dc0abdefed995b4eb37a39b313af800f6029243a6a7bec75a23389a90034cac8df6713b919028a14649d756d0093550278aad494de2dfeb76220fd3ee5be31f73839ace7f0d6da650e26f5ded30471ed55d2e814fc1b89102e5917b4e58840ecc211eaffa5a2937abeb882ccdf29308e3ac30e23d66ee79c29b4fb7e793a55e344cac298e30f1ca3333df8b58f43126a3404a61501ce06b75e6e6a4bf13dbfb05efd7b9b4219efd428c8f7f345884640d19f5515abcce05f315f00e65d9aa8022890a23da45ede06f455d66e0c96bbf7e9cc74eddca999a51174b4784eba8a9ebed13415de6bd0f160443d43b78181cfa381313a54e25f6751a38f290e5972ff7f70692e18c4737af2a7f6d4eac52ea594a22be4fd00fac1484e6d2d4d3196b49212b49598f5bc77b34d8a3633cf7212c869557d6eb27bf0d0a02555d9318194e9de9c9730ac72daee7cad6c2d4b248a8744515670766a8f1c739917fb859d98974532477989f4c24345f120f5320fdb8d8d56fa6ff2511e701bab399513cecb3e740e3761d02685a765f5267554d0f9243b51620197adc3b561b59c58f334307220db357c1121d7dbf593898b5d2c505f333445c084a6cbc6a7e5252724c83fcee85e304534780a01e7ecceb2ef53ffb6bc6cb9051b1400493ce55d62c01e972fff3cc7d0b68a2dd4d263c9191df1b629e323797f570083f122db3df6abb6fd6c4a351bb7500c7241e4392ac76e04259968e517a43e907cb0b0533d6750b9587a1a5d852639c6b789d333e848e3ad66cbf19c5ee5a641036cb7a858f822f657dec36cc134d6c1a629cfce1f1e24dbb73d09fba04f53b2c6309d71d92211a1f08535244eefcbb52e095626bcc78b950db1cb8facc3660fa705dceef155b00aef3291367ffcea06b5abe588bbdcea2637761308dc65509798b6a494dae4a75c1922c1234248dbfcabfaab3088a0dad09a135a45d75105314020f3ba8901dc39ee624a32e9f863ff55844974b44e57b30302cd0c349f3cc091befd5665f918c298ba89454fb811ce573e41f27490853a52abd6144e85d77de88c3f2e5506c8de40a3957e65936f3b294ce92610b63cec888cb16fe0e8a7af3dd142da96b57f602cc64ba69966724584c2872e5fc42348a324ff082a3ecfded82c3e5b7292d3726c4800176acab6a7a1479a0b5fea79f299e90ffdb1b3843e2349b8f8dc7881145b3796380474c2ceb57e27726c9e50b746a2b12a214fea9cfd6c668363fe6e402710665118928fedb2f4900322b0c7d2c348881ea52278dae765c14b51fd5e8f000602aa3978d83b76056410c2260931e35d841793c8a36b191f93c33c0e4e6367ef45a1cf5145d774861224afbb11a7b77bb94492ec49827f713f8309d80d22e17701046e04c5b277f7b423cbbada01e6d40beb56e755e583b8f3de4b67c4b5ac83771b805fa7af49de2fc8b9a223293d83e7eb4eea3a3af1d1221e5d458e7cab60eaf1b51550a1b125ce018d76096f16d922f4aba48a728ec1b7d4812fe2ca789261b6d8e0c8edb3ba9007649084899c4f6b7986c1cb4a98d412c801fb91675ee42e2bb511bff6700772d3c03a7cb6adb41cbddc33053f8f65c164e9bd47b931510046506b169216d0a04edc479bc51c28acc536ced3834a7a9ce8fb55b72fa186a559437bf41f04b733e05986c915bc19f1b2f99d3bae6c13873d32e3c809b71881c3075f8dd1746f36409ac7934c25236ee2752560fcdd5175037a6fc5f0da58a229418ce30f3e64f9eb6ff3fe4498f47fdd69ceac5e792c8c9f087316f334b7f75e3432d3f1d03ee97c8f16485ec906c94e6c9580f7d03d98a8da85ec118b77c6c1d3b2e99fbf4b45e66cb4f8817f786d1f90e1e5e250be8c240a9648a219a02e62acbd72d1b0c0b42c75065a35664ea6a03cb05ea179f2e8e50e3d7ed53d31cdc10cf5fce48781fa338e3ee819f410540f045cb0edd7b2d219993faaa97cf95aa6144e889a02069421291d05eade30693a751039fece452c22d1afba081d1c40178fed7684cae475fcc365484118a184670cd7aa2758bdb01058ea9b244d5241f627bc5be11c9395e3cb839b0eac7842a312e1fc8b4ddae2aa4ef907ca5c9b847785051323e16d5497c4424289496277475bba67da750fa05bd8be730e4aabaeb94641fa2263dd3d4eb511b4fa40b8cf8b16d7aded1163f2258add79b04e1eb888afa27d057de2523863fc2da38d44cc69ae2d455900eede5fce69d7e9f8707cdb2456a45dda14d257eee4982f86259b855a0293068aa4aeff9439bc06c8ed5a370fe46fa88fa9bb92872166ac69152d1cbb4720eec5b9a057890cbb838aef12091454fe721395b46f9fa29ec1829fedf65aaec1176bb9eb15511bd77e7d4fe7321b3e0dfda95e5c90c3663956477885d6d94b280f58edbc77e864dca73536cd4988bcde2a3edb91704ad59148d85a001e393cebdb56ee088fa1033cdc6fbcbea30e2974035bfe29cee1eace13e30950bb4658886dae7e565ffd7b71e41feecbcac35fd97c81a8fff9d2a1d43f183c6e984671e06645eb0a60228d1b6c12c28bc6eaa4b9125c57b48ced2e199ed3acf12dbe10af4a56f2f5dca829fd07fc3f7e0de6913c73be0ada3e43bcbe70de784de699d0b51d7a56a3eacaf5d7dcd77d73cfb82e04633574213e05dc98850d822bc6dc90dc3fd6184296287342e2243fe6f0cf94e6d02a1b900d0c718e2afbe7fea2fafa375f209fb9cef5d844b861a1029aa3dd7081e81fe6501bbb413dcd23e013f279ef87e082335ade324b7688054992ccc63fbf9153213ab6d07ed0b79945d19639aaa5dd10e53aafe57f1e323300246cb1d6ede1eb1f319ca6fe1b0cc8e733b34818425888110b6eabe2db302310d0a8bcdd5342146b29c535cc9a95a455c8926d77323a31b948d47dc611815a329654a252fd09dbcec5f3cd8bc7e465759eb8e72ff6fd4ef1f375e4e8762a58148622d14480b7bb9aca2eeab3367a7376c9c85e6ba1735e56a2fcc6baf92c8d21942883f318eab7a568fc7ff01885a7089aa7661b15d73799bc0b8f8ce6a3b61adb6949965a223850b6825616c036e099952e04fde7cf086b5e76d45b86ab78b322f9af580173f2e798a39df7cade0d365c9d46d3fb36970f8a99d7b20a1b275afff852126f21ac24ca8c34deb49ba511f4d9edb4f56941aaaa477253f9bfc9a25a2694bbbe3b917074dd4eb6f1be20395ac33dd932a7ccf0604d64257b5af3faf271c145c190a528e471a7f23a53b5f9ea1bd0cc36410e9c538e91dd01d162edde856087b60dcba2042e65b6ae7b81787bd3308db9eb025b6fd930a9eb74a30883b83cfa8be5270dd3ee3408db7f7b136adebb3ee30f0e0b8835a0ded325363e4a2991cafd4a73483954c0f5d3358b25780608fa48f3f527c7e617ec12eb017df33f5088676d8bc476da251e608394e3d8fc0883fd4d1804f8e07f5e12ffa4ee80365a88abf29936bf1b255539fef95f5cf3bebcd26817edb28e7b6adf4851dcfe8aa1aa097f67c51557326ccf9c46ee2780d491e87774324d4dcf26f2e472a5e199b0cdef01094ea72bd5ad5fe1be6c9d545df3dc5de550665d220718a2c0baed2833cfb1428e2d1c2b9ea1e29f4b07fd6c51492643d4000716cd1e8a4f9d58b6b04b805d8962495323fd62949b17348418201664c6f2f651f99d73f8d17bb5e52dba2e6f94fa33f816d74bb6a45bd6cbdbd07f530406227c8fd11f390e805bbc17bc0e81076a27c0be023b64777afec0a7a0c3f53f03bc2ca72ae2873d68217a1a6905f414c2cb1b9561dfd07850a026da5f5775a66f8f3a6bc29b48c8a81b06ba30994ba8e7e233e3a3a5d886767ea6de91fbfc0a594c2375d62e71c7209d87d0f6c7a79a0d80da328e93f08650ec745495c771410913d094e4190075b7225761172eb420c82ab493548f6de38e17d3e687a89ce77c67c58b875c48c8a4d1664cbc6f67df357e040444fcd515d92d5823fc3ef6485208b6f3eda8cd09ea3b004f7eb06ac268ae8c3bf571aa3f619222a47540f9af340c80c587f7226e3d715b18c3ee41f64777d3a0a09f32190ad67922f6ecc63c956a715c3c42a6aaaf5e588d119210083ceaa414820b62fef87a678cd3f24f8fa3cdb6629b041cd7555974313f56d1b0e117ea925dc95e18b5d3f4ba9812f1067022945c3f5d547370d45853c4db3c9ca4436d7e649e1ac3ec02f9c1e9139849b46027d4b276cb0eb4b09848999f466f528290e47ba9540ceca89390db3fcbacb1d566e22e917f01f4442bd4dd0d350d057ffdf5b3549ca559901e6ff5147bdc25c11b23f1678f02c20e4e2e6f339b262e2b82eae0b15b4227f1d514f99ec78fbcf80c8f6f243536f2d7a809de05ae5e1d676fe950ad3513f801bbe4d16737def4b5ec4b62f8562cd5432bd372645202edeb286662d7e8d0dadac5b91c903c2756bdc4f5a7c931f2c3f7feace2b83f5459a196000e2ed1e1b2accaa9d637d5e408340161331c4b0047bf2ab31d317bb1c8f6e1b3d52f9f240bd971a447942dd4b73301781656aad9ce9b01aed907b7eb3a78397b97e601b04a4cb028d327ef32cf20c34e8dad9c9b1f981ab5c06a2b0271852e2a1016ee460d8568391c9ece5a2b8f29cbc6f2d6cc2e66c30c96df548e67dd6ad8c1ff09dfa22b2e8b2c52a3948c4febb09e3c2d34c0604a5ef930cd53be69a4bed9c9ee057178ece02a6b4df4624191590952888bdfafd2dbeca128d500872a8b236fba9623672c4dc15f56a761ee0c54026112fc464f72d3039587f009b94930dac0dbe444a939b38c0f5bce7aa366bfc2bb909db231178228846f71a56ab219e28cef1b102c1bfadbe8f0916d10a573b8cb38cc2cc2ec496a410a4e82847006d2ed4bac927a63a00416d0bfce59cc69aaf78ddc9566f23582999a655c8ad3b217486fb5a037ce089baf344d55bbd475be4e90b10e92c9c1bae3202c2d63355549f0ac95058724fea81ff9cec027e7b93e2cee43af81c6978fee5faf6216118785251b8ca023115b2f87d5d4b10c29aa3616628ab40a8ef36668ef57d7f9be505eabc01947ca222362818a71b3d63e5725a4d8a2c619b1867f70daa07703360d026d6f65247330be1ba84ddaaa7779591ca261beda4f4c094af65c5c276fe3bfb89f067c8c54af67e78f61bdc114ed4aa869c3adf282d7a8e7272579e9fd9e47611e0dc89f97561110e0141c69b1fa114e27b3d1e2c825ea008a370e08cd0a0610edef20cdd8a7cda0922fff046edfd2ff391a10ffce5dd6045619ce9af6b03f4193d858a76b201ed5beb0f11321707b7b593b23adaee4a0c0caf39dfeebcbd2948030435dc94ca00990c728502ec4686194f0f454304a422023c1b2c5b1ebbcd8cd50fa2d11361e3bbdc306e2739e27de300eda27b1c1ea62d773104cea77c18037c6bcc76423621b45abbe789b384bfdfb46efa1627ff29d9d840bf6e1f05e7e13fae6383e42ce153dcb062fa0cefd0fe9298ddbe77fd78d7036b5a815504b48267203da08ca685bfe8ae89c031074bbe5d3d6dcc6a3a8a8a4d3102765c3b714867f4516df62f214351b97bb8b5697a9f9a9dd78627342b239c524a3943d1d70f8cdd7391f05e7395731a8fc05210c6733ea256040bbbb53389229b84dafaaa3db1d5eca2971d9e550149461f1a672eae2319a99beed48934520666bc54b63085a744b5fc9a9b089b16c50ae945f74adcd4c5d064a12a6e103ef59bcc035a755ad31836eb7d04e5900d3800c822b96b466a9f6611f46b8a7d6131f91c625a5604de5bf01e5ca5d99a714c8dc1160260010f8d55f9125ee453b61c911bdf0824caa804c76d6512802875c5433de9b2e8b6c579a67fec5d2bc64ed3d1c313854221b75c9a0ed42af6f5354e7b1d1bf8661baa1261e68fc20d14b5652d25a536f208bff2b90fefa163a232696e655bcf95bed39355ec865e272fed582aae18858f5096ece40b9108efb00147f9c2ced59bfe2a79826851850ed95b35908dfb4d9ab7da0668a1fa8933ac4f6534e9598481477791fd1a1c269011ac9fe81f0491790e8aac121ffc00e38a7619a1855e6899abc2c670375a3ba4ac0cf652da89a70628cee1a35ae17b3490102e3c88ca324d06fce2151bc9de49472cf6e76ccb16d2a9cbf4161812e2c7758d73631024190fe9b71935de6968b289d3503b497f3f4b6306446ae9c312f8f1c63c1f7e62652173d9ed48cb128815bd44a12061f9b73fbdc6674ab9e0d01807f7bcfa0aa59168420e5ad8b72d7b576e273a1d229934fce2867689a41cb17767cf9defe1a96515a677ba08e10e187a3ce2f1d78e6b43b0d46c36163a1967b203df4f53379ee98422e973ab5c090adff21b5cc84fc78358021f681a0f0fd744f687e4f6c295470bf8f548d2d3dc841481dd51db9124cacde83bc9fef44a3e69e1cb28579d897f3013ac6133395328247fdcc152e5563678258936576196ced017c79bb6a4ea501a44cb25e5af1697afbdb3abb316837470ffdbe985ac3967334a90731602d3fac4f5c2758f04ec9c161a7cf330b7c7549fb62e6c15d07a7203c94edd3a8141c91b2029d6a90b14322337e6610822d9d7bff58c10d9c6cff71822f6456a421a65fdaa5d2c793f256a4e7a39f0d85d65fb95479eff79345c0615c9bbb4fb3324f9360b70dc709b0200042e8461b8cee9ce30beab3e276df48f41f001262fc14153f9764e13b50397442e00d7b11266bde10a3b7f83818086ff0015409679e4472d9e0215804fa9d21cebfa5cb5099cf88750cbeaaf58c2743f2746ea4cb73760ba88a07b91b68553716d563af5d7702219d0c600916dc54242d825c6d68320baf234a39f0b9ea9e6a4a72c4d5829b2f28508f54b33c7e0394a43fe23e7940d9b04bbe790d903a2d2c979e0ea79931b934d094fa2d5948c05cf278c341d788f2061ff617c9fa4700b1e1f0fbfa1b8c42848f2ea01cd318a8748c3336622ead25527ddbcd8a12ba3a5183f4419deb13558ed0ec99e73448c21ede0dbee9c01fc7675e54c60d4dee29c0f8fe81af6fe7b726f5d3c50dac634aefbf1ca6aa4df1b340a4109acf30939f6094c8591218729788111bfde98cd96d4b04b25bcd1bcb7f826241995573bae", 0x2000, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x78, 0x0, 0x100000000, {0x20000, 0x5, 0x0, {0x5, 0x0, 0x48b, 0x7, 0x400000000000007, 0xd, 0xfff7ffff, 0x6, 0x4101, 0x4000, 0xffff1854, 0xffffffffffffffff, 0x0, 0x2, 0x1}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x800, 0x8) lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) ioctl$FS_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000080)=0x200) (async) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r8, &(0x7f0000000100)={0x1f, 0xffff}, 0x6) (async) r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r9, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r9, 0x400455c8, 0x0) (async) sendmmsg$inet(r0, &(0x7f0000000b00)=[{{&(0x7f0000000400)={0x2, 0x4e21, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="1400000000000000000000000700b0860702000000000000"], 0x18}}], 0x1, 0x8010) 6m42.37449165s ago: executing program 1 (id=3726): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa, 0x20, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {}, 0x2, 0x0, 0x0, 0x1, 0x0, 0x3}}, 0xb8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x10, 0x80}, {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, 0x0, 0x6e6bb5, 0x0, 0x0, 0x3, 0x2}}, 0xb8}}, 0x0) 6m42.37225427s ago: executing program 1 (id=3727): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000200)=0xffffffff, 0x4) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000000)={@local, 0x10000, 0x0, 0x1, 0x1, 0x0, 0x2}, 0x20) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x9, @local, 0x8080000}, 0x1c) getpid() sendmsg$netlink(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000002c0)=ANY=[@ANYBLOB="1000000021ef01"], 0x10}], 0x1, 0x0, 0x0, 0x4}, 0x0) 6m42.305694514s ago: executing program 1 (id=3728): preadv(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000200)=""/128, 0x80}], 0x1, 0x111, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x2010800, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x82000, 0x8c) r1 = openat$incfs(r0, &(0x7f00000001c0)='.pending_reads\x00', 0x0, 0x130) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) iopl(0x3) process_mrelease(0xffffffffffffffff, 0x700000000000013) setsockopt$netlink_NETLINK_CAP_ACK(r2, 0x10e, 0xa, &(0x7f0000000040)=0x6, 0x4) sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=@migrate={0xa0, 0x21, 0x1, 0x0, 0xfffffffe, {{@in6=@private2, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0xfffc, 0x0, 0x0, 0x0, 0xa, 0xe0, 0x80}, 0x2}, [@migrate={0x50, 0x11, [{@in6=@dev={0xfe, 0x80, '\x00', 0x11}, @in=@rand_addr=0x64010102, @in=@local, @in6=@remote, 0x3c, 0x3, 0x0, 0x0, 0xa, 0xa}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x800}, 0x0) r3 = syz_clone(0x41080000, 0x0, 0x0, 0x0, 0x0, 0x0) kcmp(r3, r3, 0x6, 0xffffffffffffffff, 0xffffffffffffffff) process_vm_readv(r3, &(0x7f0000000a00)=[{&(0x7f0000000440)=""/219, 0xdb}, {&(0x7f0000000680)=""/225, 0xe1}, {&(0x7f0000000280)=""/133, 0x85}, {&(0x7f0000000780)=""/171, 0xab}, {&(0x7f0000000840)=""/144, 0x90}, {&(0x7f0000000540)=""/123, 0x7b}, {&(0x7f0000000900)=""/71, 0x47}, {&(0x7f0000000980)=""/123, 0x7b}, {&(0x7f0000000000)=""/18, 0x12}], 0x9, &(0x7f0000000f80)=[{&(0x7f0000000ac0)=""/90, 0x5a}, {&(0x7f0000000b40)=""/128, 0x80}, {&(0x7f0000000bc0)=""/101, 0x65}, {&(0x7f0000000c40)=""/245, 0xf5}, {&(0x7f0000000d40)=""/127, 0x7f}, {&(0x7f0000000100)=""/37, 0x25}, {&(0x7f0000000dc0)=""/160, 0xa0}, {&(0x7f0000000e80)=""/211, 0xd3}], 0x8, 0x0) ioctl$TIOCL_GETKMSGREDIRECT(r1, 0x40106726, &(0x7f00000000c0)) getsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000001000)={@remote, @multicast1, 0x0}, &(0x7f0000001040)=0xc) sendmsg$nl_route_sched_retired(r1, &(0x7f00000012c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001280)={&(0x7f0000001080)=@delqdisc={0x1e0, 0x25, 0x100, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0x2, 0xb}, {0x1, 0x3}, {0xa, 0xb}}, [@q_dsmark={{0xb}, {0x30, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x30}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x2}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0xa}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x3a}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x24}]}}, @q_dsmark={{0xb}, {0xc, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x2e}]}}, @q_dsmark={{0xb}, {0x44, 0x2, [@TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x39}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x500}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x1}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0xe9d4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x6}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x3}]}}, @q_dsmark={{0xb}, {0x18, 0x2, [@TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x2}, @TCA_DSMARK_INDICES={0x6}]}}, @q_dsmark={{0xb}, {0x10, 0x2, [@TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x9}]}}, @q_dsmark={{0xb}, {0x34, 0x2, [@TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x20}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x21}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x8}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0xff}]}}, @q_dsmark={{0xb}, {0x8, 0x2, [@TCA_DSMARK_SET_TC_INDEX={0x4}]}}, @q_dsmark={{0xb}, {0x30, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x2}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x3}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x38}, @TCA_DSMARK_INDICES={0x6}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x25}]}}, @q_dsmark={{0xb}, {0x3c, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6}, @TCA_DSMARK_INDICES={0x6}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x520c}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x8}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x30}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_SET_TC_INDEX={0x4}]}}]}, 0x1e0}, 0x1, 0x0, 0x0, 0x8000}, 0x20008041) 6m42.281474016s ago: executing program 1 (id=3729): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000200)={0x1, 0x0, [{0x400000f3, 0x0, 0x9}]}) 6m41.818552632s ago: executing program 1 (id=3733): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000200)={0x1, 0x0, [{0x400000f3, 0x0, 0x9}]}) (fail_nth: 2) 6m41.674968551s ago: executing program 32 (id=3733): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000200)={0x1, 0x0, [{0x400000f3, 0x0, 0x9}]}) (fail_nth: 2) 3m36.632030755s ago: executing program 2 (id=4895): mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000240)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x0, 0x0) r0 = openat(0xffffffffffffff9c, 0x0, 0x2a2242, 0x8c) r1 = openat$incfs(r0, &(0x7f0000000040)='.log\x00', 0x103000, 0xb8) dup2(r0, r1) 3m36.622112145s ago: executing program 2 (id=4896): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00\f\x00\x00'], 0x0, 0x0, 0x0}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000000)={{}, {0x0, 0x989680}}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) 3m35.043732357s ago: executing program 2 (id=4912): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$fou(&(0x7f0000000040), r0) dup(0xffffffffffffffff) openat$kvm(0xffffffffffffff9c, 0x0, 0x343a03, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x800) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', &(0x7f0000000100)={0x0, 0x0, 0xa}, 0x18) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000180)={0x1, 0x8}, 0x0) syz_clone(0x20001000, 0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdir(&(0x7f0000000340)='./bus\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) rmdir(&(0x7f0000000140)='./file1\x00') chdir(&(0x7f00000001c0)='./bus\x00') rmdir(&(0x7f0000000380)='./file0/../file0\x00') r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r5, 0x4138ae84, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000040)='iocharset', &(0x7f0000000080)='\xe0^@&&}\'\x00', 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000240)={0x0, r2, 0x40, 0xfffffffffffffff9, 0xa, 0x7fffffff}) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) 3m34.799712881s ago: executing program 2 (id=4913): mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = dup(r0) write$tun(r1, 0x0, 0x0) r2 = dup(0xffffffffffffffff) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000080)='.log\x00', &(0x7f00000000c0)='\x00', 0x0) mount$incfs(&(0x7f0000000240)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x2a2242, 0x8c) r4 = openat$incfs(r3, &(0x7f0000000040)='.log\x00', 0x103000, 0xda) io_setup(0x1, &(0x7f00000016c0)=0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x14, 0x13, 0x301, 0x0, 0x25dfdbfc, {0xc}}, 0x14}}, 0x0) io_setup(0x2, &(0x7f0000000000)=0x0) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r7, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x0, 0x2}, 0xe) setsockopt$bt_BT_DEFER_SETUP(r7, 0x112, 0xf, &(0x7f00000000c0)=0x800004, 0x4) r8 = eventfd(0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = fcntl$dupfd(r9, 0x0, r9) r11 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000dc0), r9) sendmsg$TIPC_NL_BEARER_GET(r10, &(0x7f0000001b40)={0x0, 0x0, &(0x7f0000001b00)={&(0x7f00000017c0)={0x18, r11, 0x21, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x10}, 0x4050) io_submit(r5, 0x8, &(0x7f0000000ac0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x4, r2, &(0x7f0000000440)="e15507bbf768bef985a9693a14d2de3a62d457a35f678d6de39987181886628f32fcc996fe233b3d83dfee38e819268a7071b4bbaec1e2f48cad19e95e12547a5a69a17261c1d11d352cd42979dd961798ca84020e7a092274d6dbae78198320c6efca1b77fe4b88d747919dca3c0bc2356cb5a09f183636ed5395adcdcd25a0f1edfcccc982fca1d8289ec5f2b5a14a89b17966fd76ccb94536643aae8b88f2f8f371b721e554de9c4dae1c8395571e84c935aedef655e1290a96d7aa9b86e18138d1c4e9c109b86d32fb728dd60a8b1d4375e2fbe3d98d0a8fc9895bc0a78602f975712c766c9f6f0260302b5d", 0xee, 0x0, 0x0, 0x3, r2}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x7f, r7, &(0x7f0000000600)="cd82b16000243b1bc72ec458dde6cd9097c0d4c7dfafe688cb6fcb763490ce52bc0d720cbb2079c81ada08f887e48bf7fec05f854ef142c1b6c45f80ea67511b8639ac15c990829b6cf21ed2ac7dfccb65d579a6cbc8c4d1cd7cea174a4eb8d8dc2cf8a414645765d16faf1cae7472348e6b6acedd5dda0895d5bb284ec0536b62fba0aafa8277e7b3ae01ee6621f450e4dfce9c0a9b983d252659a24d43158d58c84cc39e45c4a179c5a766df4f6371f74e0aa43545d03c30ace0039c27dff2078c018ce217e745c94d68cd03be77e21fce6ed39f2f63a810f40f24d276e95a4b835fca2993bcbc9361741f4033bc7fc9cb28c0d180e296c1cb7c12", 0xfc, 0x7ff, 0x0, 0x2, r4}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x2, 0xa42, r2, &(0x7f0000000700)="56dd720a4b52cd93728d1784e2bfa36bd33d36b388f895595dfe8d759aa12899d17043a8dbd308a938c20d4eba7672c70c771d971653e09ba43b4cd734e635652859876bc85918e41b3fb0c1ccb6974ec85913b4dfe2b9505d1d046da8de6959b97c32b53d498d0046dc109c5fc10651a33de8efa6b87bbddea7920034a7fb2e925287b59d007d2f6c4855fee4ae8ceedbeb6a4398af10acc2e736e5e9246671476a5c35742c2eae2d83", 0xaa, 0x200, 0x0, 0x0, r2}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x6, 0xffffffffffffffff, &(0x7f0000000380)="62cd6ad0d51db3d97ef4df79e0d18e14d173a0359b26ed54537dc136fb8bbba9deab32758fb0089290123fbea03d10d24e6bece821de8bdb85d55ed1751f61ee381adf750866", 0x46, 0x4, 0x0, 0x3}, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x4, r9, &(0x7f00000007c0)="47d21b037ec684c4a37b2f97e1b0346f6f948e297e983a8ffb62d2ffa4b51bb3c5fce82d4f4b7740a1af8b0b27f55d84e90ad6cb206f005c826b3825fcf58d69605779dbb7042f8c4fb70a3c9187c71222d8ddeafdb8373b1629d0c665b1b2a3c79467cb2e8165c44ffce8326c49326765cb07e40f57fd06757e319652935d979a00b3d52b12d2073643033f976cbb1bc0d6882da95fdf4cf4dd3b5aa8eadd7a62d51cff80927100c7a99c5be8af11805e2ee6009c1d39a41a5997367ab1c303a69375f8f889c392722c389bac7bd21268973c0a1e73292604698a789f512963ca41acf9ae2505c179851371130a90c8cf53ea788ef43eeac59e09159050ed", 0xff, 0x2800000000, 0x0, 0x3, r8}, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x1c, 0xffffffffffffffff, &(0x7f00000008c0)="a36ff379a1180bb22ec6", 0xa, 0x7, 0x0, 0x2, r4}, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x6, 0x180, r2, &(0x7f0000000b00)="59f608f98e1e9af574015199d2df5176a8fb4be617cc201cd294889a49e08eadaaff23e08130bedebcc4f2114e6492829f3e31fdb6501732691374a0d24d1354a09e58730dbffdbe77d462db9c2a9c703f8e50e50b0cb45dd19d8110a06d0fff9b3f973cff5b499929994c2de666028f7c1f9f17344b11f0aa6c25b772c0f59b569774cf479ef596a167f38053b45c240e3426631aa0fb2534cf16af89377acb763e7e308689b95fb0253f654bb693a42aff8118c6551819db5d56914d7e513c8541313311f8472349b992e6894ab15dc10b2835747890b1b821a4987294eac8d996a60853c71e80e36c9cdd3cfcfe6e4aec65ce46a8f22d81e41f0d2f803b5bb3cf961cc4b26c6fdc629083fb38ecced77c18adc640e3dd5b943b4fb3e0a4c4c4ea9c74a30934704ef7d8f25ddbeddd89c7792d9943a090df6175f7756debac51a3d130df7bd5c7d630cecb8696dbba5fa19118e2bce7285899d429891986f4cfba8fd880dfcf8d6e89d17eede9e0eb2ebdc1118deb25f48c06c0eb833afa3f11f20d309692b1fdb7df7904be71dab0e5c1512938f41e79e87c216d1469c57c8d1b88e8ce4aa0d91f4fa6cb0bdc8a9d79f8083132578d8157b8cbffbc7ce280fa032cc9d841eb24b784e5fe258b9c1f18efbe4c8f7b094a02610531759cec285b949f2ce9d906b5693a2ee3d1790e567a825e1a88971a6bd9fe29b4e4bbdebb98f1f8ca05635ee6ce5cba53ad58cd6fae26fc57c68ef0f2b42c045f8cd1c343c610a2c7", 0x224, 0x3, 0x0, 0x0, r2}, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x2, 0x100, r2, &(0x7f0000001700)="9da7aa23b2539fd6c9c4d82bcef10b85c3796ac5ae1353e24d6f9d65f856d418e83b50af54f3a9a6092b786922acc4740d3ce09535b2511b5e16ffac14b54e6b1d0cc83bf86b99d4a05ca8ca8c068aff2cc44e93ba9cb87f95cb9a5d0ecaf2ea6d4201f0895850e627666b96e59ce8bc300b9df2c6fb62d6f141f4aca074808b5302465f9d56426be472fea1ca632da8819653a3659898e2107d37b235ffe71bbd3e2ceeb6c33432c2538f901d27224001463f7431efb7cdf812a0c5f0bcfba5c640167632d4d5b42650ff3994cb83ca86a6128878528a2d8c4b342d1c2e57a9ae03f7bde2cc40d77a542a2fed66a141947494ccf147257e1481c0a902b99fa0f232674ad0050e52e572834422169bf62edb916fc1bc682f27b7564b87a0b3ae9b7d815446ceea393413e82cf5888e0322d0bcecbcc8e0199ca95992806a050c74e10e1ce5d7792d1a25dc0a4f84a8c70d35177b69bf7b87ba392400f2cd90df17311e0814b349781db2f1d52fa8edaa75791bc6024eb246ee20f48930db11ea0dcadd7d443da45d22d759c0cdbc461413ed4c26ee4a00418ec5f32e60a920f19b92e5b736e737d7130d3488c96868fb905e117a020a63d38b36604f8ddc9ef6a2dce36911a12f461ddd1dad7a4e8e9826d6e183853270154c624f5b822df51d16b48d788a08cfa9cda380803f0dd9c3ce6675b8b37e23d74b4a9cc9248307093414c7482916565aa4779c60a527ed6fb6a1bc9fc59c7c4dd1c0d968c7508008639cfa4cc37497f160ad4010aa38c5f213e73315f871cd6c51fa6911c318a9d871eb5879999a8b38767b6a6538713633b3452b00ba24b25be88ff4082db7be456eb759c9cf0896454b9364f3f2fd53535982f6cc1c689696e7ba18ea2b04c1d6e6c52970baabf4bc72668a1736f54f1e26ed5f122f9558027421836d751b286420dc284592871fa19e37907f35eaa84cb5ea269f53ef67cca3ad6b4253bc52d63e924f9ad352f18b39f6cc45eb7699cf0240cfa96473782187118abe21fbd9e19b6c367fdac89d55884b041abfafd676b36a57f21023ebdf260455b57f26289702fa552c7ce8b1e62bdbdabaf047c3094f7389f938e0e34e6c443d8d1da0cdb4b0cd18ef739b51a29dd0f96e344b1a07af7524739f4da2233c94da5d3e01e174f60ba516e1394848c17b2a567765593d4d05b74ac1be18a0ba36256c1fd81229651a90fb06c97798ce6bd3161fc8aded21ff271a863738bdfca2deec94a6acefd1dad63d9a07a1caaacfe60e72b907e4a7a2b1e5389ac59065cbf90a813b02c400350a44eaa9c27328502cd2f21de2359a385791040e0edadac337824dc5cabf7ed3f23b529d67847f95839aea4066c750595851e88599dfab2e80fd20fd60a699dfbd13e609d19af8e0d2587b6810edcee79324cada0a2c1a7c7965c3dfa0710998218eda48fbfeec5a8c1f1de821b9f513745737e0bc3c1c8b2b68968f3e66e632dd9a9b6826012c8af2b8dbab38f48a92519e21e4b19d04ed2b7b9b2a6831bb3ceeaf7b6ef66fc6bc14196a18c5afdb6cc45894051094925d444eda7f6e8d51154ee1611719bc175797ca940c47c8ca22ba559882164858a8d49a669fd011891c4cea8f1d29986b3db289255a99c0d604f0cfae6874f3c514e1aa261b9278cf001c4b7fc4d33b0ccf31317bb86eb5092b35c4689d04aa021c595989b16351edf302269a9b535a6d3fb72a80a118234275a00fa3e8344e3e977fae9fac164d8d79c912fddd410b463545b6f2701b8794f8f2eca83f0b45bc7b4e4773a3cd30caf62c25ace97ba863aafcaf506b2c565b2f38757d41159eac589cdfdb70be5f4b44ae47a9286bf633e8d017df2f5e40a6b5dc420e1389ad13b64913b3b58dd461c1112b66bf3939e80907eb2b72a01b9b132fffd3664d1d741c72934093afc8aa3098404146eb3b6f6d1835959e89be00db0e87c24466860155e4b46b61c0f795e3112ef1e924b419511609e581a78087ae8feb373140652c469af18a07ce8fcb7b1bd208f6b0356fef6b59107f58df7e874ade0a98648d71313c500a8ee1d4d099273c8de035d315d5327822379e8451140e885ed25950fd4c2b4bd02c91e9fe18b23b1645b3df1e25a6f268a690beef3f5f02acc26da6d63f3fc6f1f4341bbc9f3ddc956bb23495e84e406556d9676921883134bbc3566b9b2d4a741a2baa2a4e6a8a12e4c594342ff2872042380eb9a39697cd43081724b3e5f1143fd6f81f64c8c34bdfad828de50ec47cc3a35cbbf4e5dc0670eb54b6626ecacacce4a9b4bca20947ce653a78003b907c624ca5dc1f87cf20fd8207c79ad6afc4d4046ff1de75aaefe8469210f30dc060a4564b89e6813212a28629a245cdb2334db263bc755e0b5a2ea10722415f040950b7a9fb8fd4b0d7198a4393b33e45d87e0caaf5cc68abf523557ce408fbd05d5156acf68aefbfbfa4288e7bea709918f34828a09eff9ea5876bc48db0d551a569ec68eeeee860a38a3878f300d0cc0dfa1f60be0c8adfc780fe79760871bb7e60a93d47f263a6799a15b450ee41d8f1c8a8c75b6b4823cd8715319522c6adec8d3d6d1fca5e0e734733042cb3de9134378fc58883b593740e4e4e4d6969d76230c66bf11151710257246afddc2d826749f46d53e81a91c682194ffeb211be36f6223fd9ec321f4b5d6d119215e017003ac197ea8b6631f78bf3b5ef98b1b5de2314ab24cd2083bd799659495907c175ed78b70d9b12e7f14bdc6f33a930f824d4694d76ec753172a84b152395d4a097b81861da94d016f6c255fab1abe8d4e3613d0d8503532af05ca956d2c9bd67311e49ec8f08b8e0a8e45942df92f3561abf73cfd7308a36cfe6ed980a27a2605874f9b8e30ac0f05654c0a7675e59e04b66da9de709ea94772c0d6fabb2587b4a5f3479d76f2ef186af6e2b8a8367630f904df9dc6af3a7f626d7137dc16e97da7d763b86d106745327265229d3a64638c5f57f05e7866256e2b5258d8d2f5bcc964b830a2eeee6dcb48bba524b1c93d841b15d8fdb1a4e4d89d885eb2cfc86d961a14d8e4377450410f2a141859d005938497b3b80223474ffa21868d589c6f5b51b3410ed906b626bfb243e581e8484184933acf2771858dda092d1a273fbc5087e1e0a19f6bdffd7e3c3165f255102e35ef5806163f01479c91c95875aada8e8d12eebfbad431336efba4ae0891d0b8769d3d3103aca822f0efb88ad4426a3cc223045353be46571ed0fd96a2babb00f1ef548b8ba970ae198545ba6a4315f5811cf6a4fb4e0b8cca9f278a682b6cda00b2b03c62fee96ae3dea15fa1d7f5657b9ed97db08982f61eb64c352121301c7e565296e32aaff8c9f1a52fa9fb4405825b38b90c64de2545c2b2dff49aebb76d493756ed46781f269dba893240e5b81080dc8d7fee7d662bb6da7b2dae81316cec017ec52eb8c37151f551f17d138e9fed1fef1149743c34eef81d1adebf6bc200d46615e92c287d5f9006cdb85ce78869c1cc7843d9a712d9f45e360aaf1e748570b3c38411a6ce976d8f676258bc47b4880e7935b7c082eb9b4473c39d0bc94f6fb0b7e6bbda98f391452a1fe0b833f766fe5f82c165f9e41a4b8a668fb0d1a991cba66ad8db08611a5ae0ac364c970f88918cfb1595fdc49ff447a88939c6697d3be79a53c62237bbb350eb4d4168d9b33bca6d8d2f0f11d7c0950373fc927901e2212d87e1cf9f58c65b36b88fa80c96fea5f89fec0340778abdaeb1a1bf60cbc76243d7af0c407de867a930df0f0ab03a45f5a16f01df45f10f7339ea97ae477bb7ff40ead76392f1649b466895255921e61a512b38a3ef2fb6550962d6903b885536a7af8e8db7db12c7982423f2a3b34483a474d4127451dffb4c780d615783716d1c772f618cb42693a0b9334d69b83813d520c0e2bfb75f7cf5dd53fb7c8a31b085a1f20978e3e0d31efebf0a4e38c77e1d7b9cece9132d6251755b7eb69e7fd5009b6f26fe318b46b70792c24b31277668570749c70caff0ca7c2bef15aec09e32a237b71d05af1227164ca519281028cdc2c1c6d5b4453193b3dea61ab6e862907e0eb79cac02ff40462fa6cc6590677496c2cd260b811637aa6efc8822a81696b96148fad1ddd3a432ceb605b7156dd0a23e23dae603c4834191bf4713292f60953da33ef7c904e8b579612c07f54ae56f912398c412a4a7b4bef7bc4c5c86132b1cddc3991afa6a8bce0f4937ed236bfd62416dbc65fe8f056d5b498109cca2cb129eabb692b5b35cf8d9eed771eec3483e09ecba52b7c50da534cc3ed6e0e75672b634b13472fb95ca63ea8dc3a5ecca80fa1693b2904ed0ff83706421f3969acb2cf3b6cb8a49e9ef2d3b2ee2598c23755375344c3a553b9d13761eb5391d26fe64d93e7f08bd1230a3ed9ed4785eb59dc30b90c94c1df065bc65d11edbf366c6531bffc435e9c7ab45946a39a9c88a622903271282a021ffc16272d079327cf7dd1806b7b752deb9e78e151dcdbc947e014d328a570d6a9c3be1fd517923f2d9e9e73bc14105fc1b54fb0180a65e6fb70573c3fb4cf17b2e8b534d257d3ca4fef9e9f3facb245fb145e66234ec62166b94687137ccac29ec89d6bb8bc4c2683de039c56596dd8e002d858f86bb3ba4aa588fab29cc904b0b4045a6c6c2d9aaabc0fb514599106a22fe66b249380c1ffa61e5fb064de5d225f5fc3fc47b557b4848c5296b5ac462c3a346b4e7d6687aad4f7ec3b207f2474b36a0bc9c0ec0ab8502079bc7ece3888906dbae329a59ee09ae2c38ab74e6010dad3e1f4f6a2a40bf16b6ec73e83add0ab3e52d4f3c478053bf66396225bb453661e4044f4a4537a1606a9e6dc99a42e43af289e938d049c6bee9b80782238ecddf865ea3407fe44b9b06ec54a16d5a0fb56402162f3bf5c9bfae2c6d5504e492260be36411145d2753b176c34b832121faf0e3b49a03ff7224f56b0a2275835c49789e78db95d36f56763644dc0f6adff240ec195c76f09c08c63d89e8d87f4d4730beaef7407957e94048b0028219bc27484af1ac226ade44851df5fd5ddf51ef3ac3385c5328edbdfaf0e570c9a3e17f2de9632068b7ccb6052b27ea5021be1d3440818aa18b09590601796554fb213a0e22ab6f570ea571bc6a539cfa88cd5535a29f19e0dca44e5f50aba70aa074f83b01c53c24bb3ad5aa798cb2c93a507b181710d5c712bd476631b3ac0f9a627190d65dcb6dba8b2694a6c8c30537565a59b7c2f66fceae9ffd58b0b4946432ab6e6ad702060db7472bd0386291d306658672de1995f248d5af7262572cb03a2690458d3cab76862a8ac409736d72e2846dc16cf7170bdc8a3bbd226d013f7aea5e865c256013d4ac98f09d52469ba6c1efa2554d5f50ea7334878e8fd4e3c44848b154fd57078ecbad4b95a18db0a50f746dc82e511154c8387fe92a5d1f2548417fafaa72cecd462f32cd819ab63db82ab9be359896a7f67b6ab1f578504f439ccb0bbd3f5be398f43fde19b0603b66e0d4e5751a02cfa0c301f373f72d8734078eeaab29db3e8a3965ae918920966127ff7d2aa77d03f00f05c441159cdda7200fed895064522c1b1849b5f35ad1133e2ce52e76f2bc92c25c93ac5b8e3e22088c422ce4797ccac8a8cd96b5a20170caadd4f142b5147e339fc8633f9c86fb92d5bf1599e9a1bf0f11981d9c63121e3adf9fd2745cd6e0c8e89da3b651bde51e56fa3d30ddcab642333f55fbcf0f013901d6cc19bbaeeb98fd920aac56410ac", 0x1000, 0x80, 0x0, 0x3, r10}]) syz_clone3(&(0x7f0000000080)={0x21800000, 0x0, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58) io_submit(r6, 0x0, 0x0) r12 = syz_open_procfs(0x0, &(0x7f00000001c0)='auxv\x00') mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x410, &(0x7f0000000180)=ANY=[@ANYRESDEC=r3, @ANYRES8=r12, @ANYRESOCT=r4, @ANYRES64]) 3m34.764669513s ago: executing program 2 (id=4914): mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000240)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x2a2242, 0x8c) r1 = openat$incfs(r0, 0x0, 0x103000, 0xb8) dup2(r0, r1) 3m34.65316021s ago: executing program 2 (id=4915): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r0) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x2844, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r1, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00 \x00', @ANYRES16=r1, @ANYBLOB="0100280000000000000002000000200001800d0001007564703a73797a32"], 0x34}}, 0x0) 3m34.618392701s ago: executing program 33 (id=4915): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r0) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x2844, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r1, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00 \x00', @ANYRES16=r1, @ANYBLOB="0100280000000000000002000000200001800d0001007564703a73797a32"], 0x34}}, 0x0) 2m32.752120497s ago: executing program 3 (id=5297): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000500)=[@text64={0x40, 0x0}], 0x1, 0x14, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x6040000) 2m32.70512303s ago: executing program 3 (id=5298): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000b71b7bb6fa3b001000010000000000000000000000000a64000000060a0b04000000000000000002000000500004802c0001800b000100736f636b657400001c000280080002400000000b081a00016100000003080003000000008920000180080001006475700014000280080001400000000c080002400000000b140000001100010000000000000000000000000a"], 0x8c}}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000080)={0xffffffffffffffff, 0x0, {0x0, 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x2, 0x2, 0xc, "faf98317e5ff039989fc8dbe43ea6acc96e3a2503dc3c13fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c83534464c516bdd8a0f35", "32d8cc26f7090074df2cfc06c89fff7bfe55cd4a5d83cd4a524bd3fff70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a001000", "67523720fd4002002cfcac61b6ad3100", [0x6, 0x7]}}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000140)={'pimreg0\x00', 0x2}) ioctl$TUNGETVNETHDRSZ(r4, 0x400454de, 0xffffffffffffffff) sendmsg$nl_generic(r3, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="240000001000010700000000000000000a000000060001001300000008000a"], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x4000000) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ERR(r5, 0x4008af22, &(0x7f0000000040)={0x2}) r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r8, &(0x7f0000000240), 0x3af4701e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r8, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) ioctl$FS_IOC_RESVSP(r7, 0x4030582b, &(0x7f0000000c00)={0x0, 0x1, 0x4, 0x40000000000000, 0x0, 0xf0}) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='9p\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r2, 0x4048587b, &(0x7f0000000200)={{r9, &(0x7f0000000040)='/dev/kvm\x00', 0x505000, &(0x7f0000000080)={@align=0x5, {0x4, 0x7, 0x5}}, 0x4, &(0x7f00000000c0)={@_ha_fsid}, &(0x7f0000000100)=0x4}, 0x1, &(0x7f00000001c0)=[{0x2, 0xe, &(0x7f0000000140)='/dev/kvm\x00', &(0x7f0000000180)="2820e56c8a816a649dc8ff403a7dd78c74d199cb2e90a904fa043bf224ea179fa975aa96", 0x24, 0x12}]}) 2m32.455310365s ago: executing program 3 (id=5299): prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000000)) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 2m32.400070018s ago: executing program 3 (id=5300): r0 = syz_open_dev$loop(&(0x7f0000000200), 0x5, 0x40803) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1b96, 0x12, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x7, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f0000000280)={0x2c, &(0x7f00000001c0)={0x0, 0xa, 0x19, {0x19, 0x7, "5031ae015875798784332b6bbb49703ee7508f988004f0"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000b80)={0x2c, &(0x7f0000000980)={0x6f4698af661c0f4c, 0x5}, 0x0, 0x0, &(0x7f0000000a40)={0x20, 0x1, 0x13, "bd484ae87e6af3ac41d36c5cbddb31dc867d7c"}, 0x0}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r3, 0x29, 0x4b, &(0x7f0000000000)=0xa5, 0x4) ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000000)=0x4) 2m30.611901501s ago: executing program 3 (id=5316): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) r1 = socket(0x11, 0x3, 0x0) ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000000000)) connect$inet(r0, &(0x7f0000000300)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000000740)='^', 0x1, 0x40000, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@timestamp, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x2000000000000061) r2 = socket$inet_icmp(0x2, 0x2, 0x1) r3 = dup(r2) bind$inet6(r3, &(0x7f0000001dc0)={0xa, 0x4e23, 0x6, @dev={0xfe, 0x80, '\x00', 0x1c}, 0x80000001}, 0x1c) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000200)="994a", 0x5d}], 0x1) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0) 2m30.591502592s ago: executing program 3 (id=5317): setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0) write$cgroup_freezer_state(r1, &(0x7f0000000040)='FROZEN\x00', 0x7) r2 = openat$cgroup_procs(r0, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000001c0)=0x0) write$cgroup_pid(r2, &(0x7f0000000200)=r3, 0x12) mkdirat$cgroup(r0, &(0x7f00000000c0)='syz1\x00', 0x1ff) mkdirat$cgroup(r0, &(0x7f0000000100)='syz0\x00', 0x1ff) sendfile(r1, r1, 0x0, 0x9) 2m14.725059252s ago: executing program 34 (id=5317): setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0) write$cgroup_freezer_state(r1, &(0x7f0000000040)='FROZEN\x00', 0x7) r2 = openat$cgroup_procs(r0, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000001c0)=0x0) write$cgroup_pid(r2, &(0x7f0000000200)=r3, 0x12) mkdirat$cgroup(r0, &(0x7f00000000c0)='syz1\x00', 0x1ff) mkdirat$cgroup(r0, &(0x7f0000000100)='syz0\x00', 0x1ff) sendfile(r1, r1, 0x0, 0x9) 57.051927753s ago: executing program 4 (id=5890): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x10040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_BOOT_CPU_ID(r2, 0xae78, 0x0) 57.051622003s ago: executing program 4 (id=5891): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000000)={0x0, 0x6f}, 0xc) recvmmsg(r0, &(0x7f0000001e40)=[{{0x0, 0x0, 0x0}, 0x7}], 0x1, 0x71, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000000080)) r4 = syz_open_dev$usbmon(&(0x7f0000001a80), 0x7, 0x9001) ioctl$MON_IOCT_RING_SIZE(r4, 0x9204, 0x1000000012abec) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$XFS_IOC_ATTRLIST_BY_HANDLE(r5, 0x4058587a, &(0x7f0000000600)={{r2, &(0x7f0000000400)='\'\x00', 0x500000, &(0x7f0000000440)={@_ha_fsid={[0xe, 0x1]}, {0x100, 0x1, 0xf8, 0x3ff}}, 0xffff, &(0x7f0000000480)={@_ha_fsid}, &(0x7f00000004c0)=0x80}, {[0xccd, 0x4, 0x12c0, 0xfffffffb]}, 0x9, 0xec, &(0x7f0000000500)=""/236}) ioctl$UI_SET_PROPBIT(r7, 0x4004556e, 0xc) syz_usb_connect$uac1(0x2, 0xa6, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000106b1d01010000000003010902940003010040000904000000010100000a2401000000020102ff2406000006000000080000000000000034000000000000000000000924030000000000000924050000f8211cfd0924030500000004000724050401a3d9"], 0x0) setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4) ioctl$XFS_IOC_PATH_TO_FSHANDLE(r3, 0xc0385868, &(0x7f0000000380)={r4, &(0x7f00000001c0)='vlan1\x00', 0x40000, &(0x7f0000000240)={@align=0x3, {0x7b1a, 0x6, 0x4, 0x7fffffff}}, 0x7fffffff, &(0x7f0000000280), &(0x7f0000000340)=0x3ff}) ioctl$EVIOCSREP(r8, 0x40084503, &(0x7f00000003c0)=[0xde2, 0x9851]) sendmsg$IPCTNL_MSG_EXP_NEW(r4, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="5c00000000020208000000000000000003000000060007400002000008000540fffffe00080004401d89e39f2800025298674a76349dea350c3544f76310800c00028005000100210000000c000280050001003a0000000c00028005"], 0x5c}, 0x1, 0x0, 0x0, 0x40010}, 0x5) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'vlan1\x00', 0x0}) sendto$packet(r6, &(0x7f00000002c0)="3303120081fd120000007ef52f555f2a0c09000000fd88a800f788a83baa", 0x1e, 0x40008c1, &(0x7f00000000c0)={0x11, 0x0, r9, 0x1, 0xcf, 0x6, @random="0fe6557a37c0"}, 0x14) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000006c0)={0x2, &(0x7f0000000680)=[{0x8, 0x6, 0x4, 0x10001}, {0xa, 0x5, 0xf}]}) 53.990826561s ago: executing program 4 (id=5901): r0 = socket$inet6(0x10, 0x2, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000240)={0x2, &(0x7f0000000140)=[{0x48, 0x0, 0xfe, 0xffeffffe}, {0x16}]}, 0x10) sendto$inet6(r0, &(0x7f00000002c0)="1c000000120044c182668d867d3d94863449050f0c1000001049b23a", 0x5e, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text16={0x10, &(0x7f00000000c0)="66b8006800000f23c80f21f86635080000000f23f80f00d166b8519900000f23d00f21f86635000000000f23f80f20e06635400000000f22e02665f30f22e40f0f14a0b806018ed00f0fbd0070bf360f23892e650f32", 0x56}], 0x1, 0x0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = open(&(0x7f00000000c0)='./file0\x00', 0x81ff, 0x0) vmsplice(r3, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000001340)={0x0, 0x23ad697ddad077f0}) open_tree(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x101) socket$nl_sock_diag(0x10, 0x3, 0x4) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000ffc000/0x3000)=nil}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 53.915542175s ago: executing program 4 (id=5903): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x2301091, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x0) prctl$PR_MCE_KILL(0x26, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x163) openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', &(0x7f00000000c0)={0x4000, 0x0, 0x20}, 0x18) 53.904977976s ago: executing program 4 (id=5904): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x109200, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) mount$bind(0x0, &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x201008, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r1 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2f, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x4e21, 0x10000000, @remote}}}, 0x108) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xe5) fsopen(&(0x7f0000000040)='adfs\x00', 0x0) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x2000005, 0x8013, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000ec0)='\x00\x00\x00\x00\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\x87\xa3\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Hd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xc9\x91\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\x06\x00\x00\x00\xf2\xd5\b^[D~\x00\x00\x00\x00\x00\x00\x00') 53.747881745s ago: executing program 4 (id=5908): r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2000, 0x0) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x22000, 0x0) mmap(&(0x7f00004ee000/0xb000)=nil, 0xb000, 0x1000002, 0x2012, r1, 0xf1276000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000018c0), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000001bc0)={&(0x7f0000001900)={0x18, r2, 0x2d1904d3112073a9, 0x70bd2d, 0x25dfdbfe, {}, [@TIPC_NLA_MON={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40000004}, 0x8040) 53.705115097s ago: executing program 35 (id=5908): r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2000, 0x0) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x22000, 0x0) mmap(&(0x7f00004ee000/0xb000)=nil, 0xb000, 0x1000002, 0x2012, r1, 0xf1276000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000018c0), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000001bc0)={&(0x7f0000001900)={0x18, r2, 0x2d1904d3112073a9, 0x70bd2d, 0x25dfdbfe, {}, [@TIPC_NLA_MON={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40000004}, 0x8040) 9.743507665s ago: executing program 0 (id=6197): fstat(0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000340)=[{{0x0, 0x25, 0x0}}], 0x3f, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f00000004c0)={0xa0, 0x0, 0x0, {{0x2, 0x2, 0x9, 0xa, 0x99ea, 0x0, {0x5, 0xc4, 0x4, 0x3, 0x8, 0x80000000, 0x2, 0x9, 0x7f, 0xa000, 0x7, r2, 0x0, 0x3, 0x7}}, {0x0, 0x4}}}, 0xa0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)=ANY=[], 0x48}, 0x4054) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r3, r0, &(0x7f00003a1000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f0000000000)="9a01000000f800b8d58800000f23d00f21f8351000000d0f23f864640f79ea66baf80cb8c85f5480ef66bafc0cecc4c2adac17b9550200000f320f2860c7c4e11751df0f2e2d00000080b9800000c00f3235008000000f30", 0x58}], 0x1, 0x4a, 0x0, 0x0) ioctl$KVM_SET_GUEST_DEBUG_x86(r4, 0x4048ae9b, &(0x7f0000000080)={0xe0003, 0x0, {[0xffffffffffffffff, 0x1f8, 0x83, 0xffffffffefffff15, 0x3, 0x4, 0x1, 0x4]}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text16={0x10, &(0x7f00000000c0)="0f060f23c80f21f86635080000000f23f80f00d166b8519900000f23d00f21b66635000000000f23f80f20e0665135400000000022e02665f30f22e40f0f14a0b806018fd00f0fbd0070bf360f23892e650f32", 0x53}], 0x1, 0x0, 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000680), 0x101241, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = dup(r6) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000001340)={0x0, 0x23ad697ddad057f0}) ioctl$KVM_NMI(r8, 0xae9a) ioctl$KVM_RUN(r8, 0xae80, 0x0) 9.65581922s ago: executing program 0 (id=6199): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0xff, 0x41e, 0x2801, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x20, 0xb, [{{0x9, 0x4, 0x0, 0x3, 0x3e, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x3, 0xa, 0x1, {0x22, 0x6a2}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0xd9, 0xb, 0x4}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f0000000640)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x4, "42aaa556"}]}}, 0x0}, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4400ae8f, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000680)={0x2c, &(0x7f00000006c0)={0x60}, 0x0, 0x0, 0x0, 0x0}) 6.592050918s ago: executing program 0 (id=6213): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00') listen(r0, 0x401) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x5, @any, 0x8, 0x1}, 0xe) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x28bd, 0x71, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x1000, 0x1, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0xd, 0x3}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f00000000c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="002212"], 0x0}, 0x0) 5.247779235s ago: executing program 5 (id=6219): r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000000)={0x4, 0xe}, 0x2) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) recvmsg(r2, 0x0, 0x40012140) getpeername$packet(r2, 0x0, &(0x7f0000007480)) write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15) r3 = dup(r1) r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) getsockopt$bt_rfcomm_RFCOMM_LM(r4, 0x12, 0x3, &(0x7f00000021c0), &(0x7f0000002200)=0x4) write$UHID_CREATE2(r3, &(0x7f0000000400)={0xb, {'syz0\x00', 'syz0\x00', 'syz0\x00', 0xee9, 0x4, 0x4, 0x1ff, 0x40, 0x3d4d, "fb5b3103a045d8a9dd02d77e8cc28c40180d0cf1e9bec4bbfa6ba4a3e2aab41dae9892fd70b12fa1a99bee9c39cae1c2edfb5c1a1eba7d526dcbe6d2f76ed55bd05a69939fe367d7a50d7bc9793d8d6d64bcbe97d582e251e1902e0c84704e1bbbd1983744fb569ff5561b124100e5bad7cb46e2b46a63b85440a558f5b53f1871687700d5cc92a8baafa2f7ed700f6c36e2960cbb73323de7a38f00f8a70cf20368e835ca750fb18e7ddf98ecfd6f80e2d604abd0bb8f8de1bae4d5ab68902a0a50bf4cfbc0ce83e3b1375b8c2a85fb34aa20603bfe8985251f8d068737dc38df7f72dc9e6d8d5caa8e48a9c98cd0fa4f750ffce6a3692cd35eae418b413ab37e8eab0a6f4c5df7ed59751e327b97e6f20bee8c01faa0d6be3cae30de9dc154d29cb2ca3b9322fbac615001e87c7cda39b6250a652a2ee37a8f1e8855c133717992b9aaded5de756d217f56a6f1f2e58ad5b8eabc94f3a6024b818f76e4461499edfab6c0a3efea09529a4b766c45bb414b38ffe795b1740c20c032bc17ac3da1fc11f29777cbba19af06292a9fef73ecac75d01e5c3601c38afda8503c2803579b70c8af8af44cbc21727df068a2eb6f4226fb8548344ba4fe93ce81155feb2519d4290f5175f16682110c959f0a4b4c0af6c39db6583a4a1006362597ad340d72af30bbaf92f0488e2207843e16b3e05c282726d45d397e07df2473fb6049beb9e89727edd51d5c76fda4d08a2f20c3ac3872e39dd1e0c07a3ad268bd0755d4ecde85eab40e1644f4b40d85182b02925180a92c31fb3fb20dd69c33b28dc98d14d2aa5c06194016e7fc03f51d83ac8296d23e0e856831e603c477742295ed40bbd8582f953ed1a9d9ca0d5202255e22a5dfe474855fe956adf57df62b89f454d449a9b117375b10fabcf9fd9dda9a38fe162fad14ca38860082fd9700fbbfce554014b48533dc0f3f5477e6deaa8cc01532454a91dbd6dcea2ef6ed3e835dbc077a6af7dbe82aa2bf11d5ce67d037b76cfb88947209c9320cda06c1d5b77cb3c30bcc90305f13eaec07f3a63504e317a47f6ba4eeed7994d88e1baf90311a1bc891f29d3685ecb65da0cb21e27b431fc264b952b77ab7d8414ba80d61b43a7182f83332b221b491f8d5c6fdedb83b00f44c198473393336d1fb3b4562500b82042d1f17ba8ea6cdfbb79f2904addc3e9d10b84dc633ec9ec429884530d0023a2ea1418b6c7d558b5b22f7f20c0988f92e48da52cf6cfd0d570aa8aa1456f8fbd4701a7897800c4ba6afddf97306c3aa7adeaed3e0fab2eb2e8311bb300f532cf2a8f5058b89385a065728ee89e585948640fca9a72c362790ceca5b2df34379bbcbf3e93a7ce5287736a56333fac4a9f5076200a850f44a62f2cdec7ba47233c95e92005f2d2378383505a6b048a42929942929c631229ee7955830ce385b7e876c2ef6993aaa9b06567e83517ca05c42c4163bd28129ea4a2c21e080cea15cf4ec730ac7a8e13ae94de14718ac0145684696ea8bed6bc5982efb5eab22c6aeb02508c9166482c258d97f7a5b153067aa2c54f375f30caeac202a9a894d6b95273438a623e38f639b69fa13745094ae73a085df5c4c3ed0c52e8bb4fa61dd74d7b3328e61e6b0f2c1658fc0d616e9497c7e9c4b74d7331a2143e290863c93d77d243bb5ed20119ae732782f3edd91eafe31b77b6dbc703b1f7dcb4b837725416ddf6f92e879d510f19e21cc818c15e959a040784924d3921ef42cd0ed284f98f39eb979380460ef065bef6bc615dd714af90ba6cb98b423fb36cd05a27017fa693d48af5da24161f25f7c37da5bf971b1cdb7c0d26f1794c9fd44bd06af38a8d7adbbf223fd24e9fc1ffb88b1b8860d577d80e61390dbee15f00eb7ff945fc45035d6c6499ed758cc8cd430638e3a6b2d1cc9f6b78ff95a50748910ab7531f8f89dca8a7862aa6a4e77420d16cc6d2efae187ef21dabcd1af43765bc7afc216a7a6d3380011de36a68c2b786d3662d2c0f137a6c8951c82edfdaaf210e198ed769b9656da1aa42ed1c06ce63d637b30e8357201e8dabfd5c37077a8ff4118bf8c3fbc23f9c348cc5e1670d7550b71538947323ffee6862d1a9a4835237987e95a7318d8f8556f7a41fcee9fd6b0d2ca77a1729a74eaef8f721817207a1a42d0193ffe963003f2ba7a232557ea27059e3a66e7f0db93cad230bcbaa92a1ed5b43ca4b6f13db7988fca6e6077b8cb592eb039ae6442184786dcc90c772d24eb4f6ce97de014360914241b97bfffa4be89597a5e9df86c3dbfee25bca369be0dc1d75c126231612affb0cff7db8c4bd274bd0fd99d0ca24cf5966f58c3dcb828611b6deb4e980215a51e908b8e07c8f52a5d3e915f256cd67665a2ead79b34e412f7c8ba4d0b4a57755c6d7706084148431acb8e0b4ae6c8504ffc5bf634a9f9a36521db95e5783d5a3ebd83ecf994f08b60111f186f37930dfae9cb6a39327f4807bbd69326afd84893aa5a1e4c0cc20468f7bf8daf2b6f90bd248d75dc6a884fefb3575fba8584d7c1eb4756fe0c044001d0bb6b53a03f1138456fa8cf1068727daaf8d069b1a3bc7051883c3540082e547d1cff151049b684f73f4e9f07644ccc69b3e768a3074ee2cc34d38d0a95354877904978c859044af1213930179e27c6a129bc403acd2f1e6a5c97ff632fbe8f8f1ce4d248f6f4fdf58dfe8ac5f4aa217801fc9a308c491492f80a7b62c57fde9b54ffdf74f12a952d478b23678d455f3405dbfefcc4a3023ad34d65d59f122fc1bf72dd04a5a8e9e57d227b3a3a41e1e555076df55116c8910971c2a1d7f384ec11fc70a149ed9eb5184b9bbbaa983234491f294d6d3a99266238a09b0440393f629e294231c5453d9c6bffe5fa399ffe4e99a7545a41502a0bcad8579a718561b53f397a5b48473894479716cc9080bef4b42e9b6d9d27a81dc4b44063f2bab0eaf7b6efdebe56b987abb5bd2a62a26d551555848a8ab3729716fe72d2dcee3e0328d157337967f9edafedcfdaaf75460ec14c6a82d4286f490b6035b5d98eae91044f0a0dfdebd91486b6d5186c634581599b6ad8c0635e6c45c9e4f3a4e4cfdc4414e1b669122009252e66b131695b7c6836e98815452ced472fe1f0e6bfbed1fd473bbbb2c8bfde3d0c7397766e4124f0d308045678e1c00a6e4eaef750ba8261aabaeae8862054e529eb02f261703aa9ff8547687e2a44201491e608d6c3946e8b00c3d2dc84fdfd6c85aefc09f48c6de980b88d33bc43a5ad482814042e0a98806fa4a93dac203f74d1faff9260f69ab877d49a06cb248ddb87a12ca29fd663ecc2a96787f21356f734896bae904310a68e387168b1d7d3b877c1925962fa0541c41548af40e8738187c2c18f459ebead562ff464ae4febbbf210dc8030b161628b7bbb199818181cc9a83383867ffbb5f3c67e4f741549c6be036de98045966ae4215cb8a3ac0c4d2e31bf0e97b644e71b30983647f4962fc39bf9a9faa4f43090edd30766651d5fce09b788e97a1138156ada1d2456dda03c3226068b25f739c9fc014b05df4bcf62f8d06f52b71c923604fe7a7e2bd048ef6be08eb5701a1df0afdc95c5b56888a1d6453cdb9f926b4fa3c60cafd263d20b97ddbec8666a728f28a173b0dfbfdfe78a0af95a36788ed1866d3b471de3e14bc57feba35d663c0164734f1f16c049861fd361ecbf00b159fc428ee92bb3f2fb75c3aa102f6c53d8547daf051dd7b8b2b16190a7fba2599b066572ba0bc0ca1bf847224585d738099f762df8f6e7028783919a74e5e0fdcf29a363375ccd597fbc63e36d7e35eb94b21d37d620ca07f121a6da3f959a1bf56fd4cf4fbaab7e1f0a1ffe12bf889c1a95979223f6e2660a73113fb7bbf15fb36416435172c65315a797661aedca1b451356b331aa0db2b8a9956b87e5c062118a605fb84ba92fc307dca04c96cbfe48a0161f83a35936f921d53c0a1da603a606f509830de54a788896040dd9e7ce26026b85eaecded66a82061ee3b93a7276e5a08333bb4d0e8edfdac47cbce03379b90c8e902c47cee33e26f0264d5dec836ae29e943f2a512f8ef697f55b4a01752cd9c78ce79839a0f87eb7377e19ed0b65873af3aaca20e1c7b5909a407c12fe45431193fa7f92c51b8ba818e03d4f0da3a5425286d26fa3b4263171d8d1a2a737b196778d5402e2eb6af4277d24c423061ace0faad842c9837b08d545d65f303d1e15b7c23b3341e09a659cd16ddfcb0ffa46e20fb2d476e7f341f1191d7ddb6f7eae5c698e90fc482b1ee515a3bee2c462cac87b71ccb6259315b01e4fa5836e42030cc499d86183167456917ee72ee1d65e131ad31dd2f3cbcfe1ff4e36f17a0e5c6ea06db3532f117f7e1e11fc39002090dcc88d1b0990889144daf3036f7731a6637e8bb0075e4e2d7c984e173778348ab96074373ac4cddb60416b4e9c60ffa853fcc7cc2875cad13788c69aa43b398999efbaa3d17eb6471ea1f0a816add83819b38ab2abecc110c713cf4e986b808a2f76dbcb5745072f067f1c3eb381f3c45912cf588e771512f072892b9fe9c59ac12b804f77a5957b2493d0fd18a1b520ebe7638bf32a142304779f726596b0d920778d572b8903e0ea740a767f423cf33cc911395807816727d117eca77ed3b50b2ac30e4c5f2b989c1a013770fffb39ea938262ed5c00d2ab4b394415583d92bdb743b8e380812934df2d997cc674fa55f580de90e333828ad35e029a08bd5fce35f4825aea962c6d493a570f8fb4513be97b45c49efc0f76053c058dcfd7e9f10cae4eb8e4fe9bc3479797b84e97b82e12966e590f01d8f906441254916983b639464055bf79d8aa1e56ed9d10c0247577c62426d79d99015814668eb7300cf367c1189186b13dcca8464808a5fa11b77745bf097d352e7c636ca0a8961f87048464ffe7850f0a6d3b73ff5878b1518159642147f65dccf93d81dc62a0dca8cab6084552a9bbaf6380899eb8a8a843d3a00a5272b7311cc027c3171a24858e790e38b5ed7e39f340f874be2358144a435f2ca5f9b6535316c1df243d8bce0be4c2d54be66965d61882aa6a82346df554f8eb85997de51dfaa1bff9a8770c560907caf7c58325249ca750397119b71ac95dc5f0ca85097b4211071c1b72597cccacb6326b57b4ad2dc6abc073d0d2e4ae8ae50fd1ce58552c422fc6788eacabd2022f696124dee3d7483d368c63eed82323ec9970673ff8f6bc1b8feebda09ded0393cfb4af69e174f45c83dec05d938b7f17c976e0b32dd61ac07dc03c30b3712caf8084d759956fe7b10800a83f7383cb508c74b156469334d6173a92024a413bfd359ffe3e7c6deae697893bd8f55c5468b33113b982c233ce220a3933"}}, 0x1001) ioctl$EVIOCGRAB(r3, 0x40044590, &(0x7f0000000280)=0xfffffffa) r5 = accept4(r0, &(0x7f0000000100)=@ieee802154={0x24, @short}, &(0x7f0000000180)=0x80, 0x800) ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r5, 0x4068aea3, &(0x7f0000000bc0)={0xc1, 0x0, 0x1}) r6 = syz_usb_connect$cdc_ncm(0x2, 0x6e, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010040000904000001020d0000052406000105240000000d240f0100000000000000000406241a0000080903000000000000000904010000020d00000904010102020d000009058202480a000009090503020002000000"], 0x0) syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0) r7 = syz_usb_connect(0x5, 0x544, &(0x7f0000001c00)=ANY=[@ANYBLOB="12010002cee11b40d21950005f8b0102030109023205010d069004090417020dffffff0a0824060001af109605240001000d240f0103000000010006000906241a07000b0624077cc40008241cd55e07030005240102c80c241b07001aff0206ffff01b824130770dfe4c30b89ad065e93fd19d018b813043d276416fe5947873b68b753c52976977ec79a45e262af53dade77f1274d05d930ca97f3dfe2fd83ee5ac7b9f39baffc154412d68a95d6b8271686c51f6f3bedb1433ed7fda925538759e63574ceae5ea71d33dcd0341a0866cd722b85b55899807061edc063c205c33fd196cb477ff6a40f082f30d381078f9b630ac425f505300c6508052dbde786cbef395d10da0d59679b88b2b4d0f190094929579ef4f94105390a240180000a0201020b240806a2007bd9a9e2a90c2402010402e2400080ff000b24050608d733ecdd8b180b2405041a2233ae6bcdfb0924060202010100001324060204060400060009000900020009000809050b024000070201090500000800d2040a0725010282000007250180028dba09050601400000f809d202310a1ab6f536d8cd281ff084cbf0b5df5cb3841e32408a2a4446bdd7c1ba8357f489bfe296b591ee7b60f877da17bf9f665bbc58156c91bb2d52cde0368cf0d184f4d75d6a42efb305952bfe77e3e5d85fcc50dd737ecb3bc2538bbd1d20820b3fc1a8f61da0c3373fdf0a93bdebef3e68466294c3a8340f186a5d082f2fe7d51914a563c7e430d567c8a6fd9524b05f30fc2f8d0dc958f6c2c6c83801b820bfc1d13ce2068a4a082cb7849d9904315a1ba6358be54e66231d51ea037c5198563ddeb45cf34beefbf113ecee05ba52dd09050d0340000204030725010050ff070725010107030009050b031000041013072501800903001803e1b1fe8b44a93a849e9d008e13b4b628115f5c565497090508020002060101f3039a09b90d2f9bd50f086eb8dd3d535ee1f6e454b364f8fa6b7031e574ad28385bae5255a31c3f40585ddfa38446b00f2095af607b506fab90adf55d73f19e28fc2b918ab1b960f1aa8349b6dc2c0c18f0e988de20309d4ed85ee8511d32f32ff381663681ebe7c6b12e0ee45d9e650ac4d6cf119fdeb9154a087ede7548ca7b2b084c105d20763f024a8ff56b70b19e06497c05ab40c6a12bfffdc177a3060741e05347bf779ac90887402b5d35b0d4b26ddeb31bf65a138329a530cbf655b6f09dbc9f223e8b718c1c2b1bf13e34e9c53b27b6b3f2b212b37b26ba7f27aa352e0675535c5c4298d2e9699b8aa09d116f38870525bf026752309f2bdb4b7e85f9668d56585102ed9152416d26f98b92247333794a5d6ce2d27e5c58dac92d123148d8dfeefd213701b3f679ced461e2dde83775fea2dac425bba3dd809f9fe396d24053562a6d8c5bfc302c5b785fcbce065571687a8c44f4b315850e383e552ccddbe6274048e0f8bc68f53a87f642bc24a8b7b958ec895509050500480207fcfa09050e102000100301072501830000002705040000020406039d2262168884481dc8c31bed3b329a20e76f7c9377431999545dd96633589f01b1a6325985d6a5e2843e935510ded3e7a18490aa63142b49e8b08c0d03faf6da5840c7e771e93f4a5475ce78c99d11f6b9271ced596589ea9512ec76802fbd9f3d4819d7beff9b1568f2ed939639e669a8faa1dd0ec32a45b7e0a2d5a9f9dac19d364f973d0ccc9cee7119546aba4adda336831482875a3e9f9d99767f0725010301fbff090506032000070f781b213e80d6d8f68bb2ea1fc34679b384312866c24d9d2a57a1b52009050e0010000308000725018201050009058000200093030307250182030300072501010801000905091040000b06035804b0c8504134d002ec409d26bdf0e917f2a967d9442b1055190b2332c60bdc1c1b47735e97ee978fa6676660d3d40b12ff5bf4d400b4c0097437c8fd279fa0b97063da33"], &(0x7f00000001c0)={0xa, &(0x7f0000000c40)={0xa, 0x6, 0x53460ab06dec3a0b, 0x3, 0xe0, 0x6, 0x8, 0x1}, 0x29, &(0x7f0000000240)=ANY=[@ANYRESHEX=r5], 0x2, [{0xcf, &(0x7f0000000080)=@string={0xcf, 0x3, "ba5fd7aa77b6d3b40cd61d9f2d7ae7eb3a7abd4558b9a246846d3b4e3b68a6bb670dd6ab86adeffe6504484a06136d5063aeaba680b801b39ab0611e18f74c8c06dfc3704bbbaf708ebb257bae1879e92b4e75e5415d2ce2578f347dd4f9d6dd964f550ed4a5d4f58b78d1e983a20a46b49761fa255e1b489cb7f011b5765d63a267eeaddf2f48d3dc6f7820146ac047ef3cd96b11a033a753c06ca5050828ed44c43326a9a6318c784adca4455c161a58765a85d457eb5fcec38ade842f8cd149e7afe41eef39021f9f4e4744"}}, {0xdb, &(0x7f0000000c80)=@string={0xdb, 0x3, "d0223939db52ca3d6424c871ce07ef2d46d6a5e4e5069517bb9d8d2b9afa3f3932c0fdb2b8bcc9b11a517c0b5028842c33e55ac9f14744b8cbd08c32655ff36eba3e8ff27d15ee789ccc18e793f1bc5a14c5ad2bd9bbe8d43276e8f3b79c98212dedb4a73904bfa45a28874941c8b7290abdc139ee7b42c0097f312207adf276fdba015c9c305117f3f8b28fd58e2acabf55f350deb411a88a6abf12c9da07a74455c4ec41e415e5c6a37f293c484abadcfceaf3f06f0db6c34253edbf2537aedd23a43548de9d909da27101e2cc2b03b1367b0ef59ceed801"}}]}) syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r6, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x14, 0x10, 0xf, 0x10, 0xfff6, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r6, &(0x7f0000001680)={0x2c, &(0x7f0000001440)={0x0, 0xb, 0xaf, {0xaf, 0x24, "c9c40c36144ffd17097e65fab6cc50092c6a4bb3aff98281146d0a20ecb61a0a2f53378a47700a1c7472385ea4fb3a3fe9db8f988936e660b22d298ec9248390b0f966eedf99ba2a5fdb40bd050da592559ed4dced77f5049842b6ad8b09b77caf9d08b32608960498c1d0c6570332cfe4fa856798a4d15de2a029bc27fd84b2efeb92bf81f230d9fafe62b300398e4584098d7e13ccfc0941df04397d73f7a5e68b39363ad2222d5376502f95"}}, &(0x7f0000001500)={0x0, 0x3, 0x8c, @string={0x8c, 0x3, "9839ed7d86e1c75b44ae78900c0c2943f393c5bcd828222a0fdc122ea2bf024d7a74c24e6fece88635bf4eb7afb7e43e3230c3816ff553ca9f6e881707363961966e90cc00a5e735a62e3bc23ae49bd20a7b9b4d95e2a57aa8001d100cba01d6b3473d43f95bd53b392ed36826ddd6926c675e6b82ebc3519b76aa170790adf05fd5540c38a099b00d97"}}, &(0x7f00000015c0)={0x0, 0xf, 0xf, {0x5, 0xf, 0xf, 0x2, [@ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x7}]}}, &(0x7f0000001600)={0x20, 0x29, 0xf, {0xf, 0x29, 0xc0, 0x5, 0x9, 0x2, "bdb44954", "368c8783"}}, &(0x7f0000001640)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x7, 0x80, 0x11, 0x0, 0x29, 0x8, 0xffe}}}, &(0x7f0000001b40)={0x84, &(0x7f00000016c0)={0x40, 0x31, 0x7c, "d864af754f10bc66a2285b3de8de6463e2d0b6acfc881c02e152c1d15fa924a28cd25eb85dbc833912ea82a575c12b9cb395687bd28beefdae94f319859692948f2d70466e951075ed85e571325f985c0e8cf1df745c2f9968b93f3d4c8315b5b06369f57ea9a4e50540e59714a02b9078a128d0175f111edc7f84f9"}, &(0x7f0000001780)={0x0, 0xa, 0x1, 0x3}, &(0x7f00000017c0)={0x0, 0x8, 0x1, 0xd}, &(0x7f0000001800)={0x20, 0x0, 0x4, {0x1, 0x1}}, &(0x7f0000001840)={0x20, 0x0, 0x4, {0x0, 0x80}}, &(0x7f0000001880)={0x40, 0x7, 0x2, 0x7}, &(0x7f00000018c0)={0x40, 0x9, 0x1, 0x7}, &(0x7f0000001900)={0x40, 0xb, 0x2, "6f84"}, &(0x7f0000001940)={0x40, 0xf, 0x2, 0x9ee9}, &(0x7f0000001980)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x38}}, &(0x7f00000019c0)={0x40, 0x17, 0x6}, &(0x7f0000001a00)={0x40, 0x19, 0x2, '\r\"'}, &(0x7f0000001a40)={0x40, 0x1a, 0x2, 0x1000}, &(0x7f0000001a80)={0x40, 0x1c, 0x1, 0x3}, &(0x7f0000001ac0)={0x40, 0x1e, 0x1, 0x4}, &(0x7f0000001b00)={0x40, 0x21, 0x1, 0x81}}) syz_usb_control_io$cdc_ecm(r7, &(0x7f00000002c0)={0x14, &(0x7f00000003c0)={0x40, 0x3a61f5aaf261c71b, 0x81, {0x81, 0x6, "f7125d4111fd97a9c4d9ac6f4ebb054f2bcdbe4ac425d33add5601d2f0f38d7941ee94a723fdf55264de039e6afa1605e4706c198f06efe08ea25b80288ccf9e5bb82e139d2c6fabda499996b6213687ca957e614febe0188975e04170801404f744a0bca8897cde36e64dc56a56faef83f6a30b223273c5f0591ba2fefa4d"}}, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000b80)={0x1c, &(0x7f0000000a80)={0x0, 0xc, 0x8a, "73c9b0bb22da2ace72790e76df50b711e7a9294ae4827f240af71605bd219a12994313e789baae11a324367c22901a21b16c49240812372b87f363432ad6c9e4f874c854695454157d67a043281373b5f7f2aa330f7dba69359c8c61196b90848fc4578f0c6908f62048fc3c11cc0d4cfa3d72103ca497970e6f47590b51697cc0cd2aa8816f8882ecbe"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000b40)={0x0, 0x8, 0x1, 0x4}}) syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0) stat(&(0x7f00000022c0)='./file0\x00', &(0x7f0000002300)) openat2$dir(0xffffffffffffff9c, &(0x7f0000002240)='./file0\x00', &(0x7f0000002280)={0x98000, 0x0, 0x3a}, 0x18) 3.623226799s ago: executing program 0 (id=6220): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) 2.785001629s ago: executing program 6 (id=6224): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc) r1 = socket$inet6(0xa, 0x3, 0x26) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000001c0)=0xf) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$TCFLSH(r3, 0x400455c8, 0x4) ioctl$TIOCVHANGUP(r3, 0x5437, 0x0) syz_usb_connect(0x0, 0x3d, 0x0, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0x15}, @in6=@private1, 0x4e20, 0x0, 0x4e22, 0x0, 0xa}, {0x9, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x24}, {0x0, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x5, 0x3}, {{@in=@dev={0xac, 0x14, 0x14, 0x16}, 0x800, 0x33}, 0xa, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x4, 0x401}}, 0xe8) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0) 2.699898803s ago: executing program 5 (id=6225): fstat(0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000340)=[{{0x0, 0x25, 0x0}}], 0x3f, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f00000004c0)={0xa0, 0x0, 0x0, {{0x2, 0x2, 0x9, 0xa, 0x99ea, 0x0, {0x5, 0xc4, 0x4, 0x3, 0x8, 0x80000000, 0x2, 0x9, 0x7f, 0xa000, 0x7, r2, 0x0, 0x3, 0x7}}, {0x0, 0x4}}}, 0xa0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)=ANY=[], 0x48}, 0x4054) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r3, r0, &(0x7f00003a1000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f0000000000)="9a01000000f800b8d58800000f23d00f21f8351000000d0f23f864640f79ea66baf80cb8c85f5480ef66bafc0cecc4c2adac17b9550200000f320f2860c7c4e11751df0f2e2d00000080b9800000c00f3235008000000f30", 0x58}], 0x1, 0x4a, 0x0, 0x0) ioctl$KVM_SET_GUEST_DEBUG_x86(r4, 0x4048ae9b, &(0x7f0000000080)={0xe0003, 0x0, {[0xffffffffffffffff, 0x1f8, 0x83, 0xffffffffefffff15, 0x3, 0x4, 0x1, 0x4]}}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text16={0x10, &(0x7f00000000c0)="0f060f23c80f21f86635080000000f23f80f00d166b8519900000f23d00f21b66635000000000f23f80f20e0665135400000000022e02665f30f22e40f0f14a0b806018fd00f0fbd0070bf360f23892e650f32", 0x53}], 0x1, 0x0, 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000680), 0x101241, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = dup(r6) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000001340)={0x0, 0x23ad697ddad057f0}) ioctl$KVM_NMI(r8, 0xae9a) ioctl$KVM_RUN(r8, 0xae80, 0x0) 2.556298951s ago: executing program 5 (id=6226): quotactl$Q_GETNEXTQUOTA(0x0, &(0x7f0000000040)=@md0, 0xee00, &(0x7f0000000140)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) setxattr$incfs_metadata(&(0x7f0000000080)='./file0\x00', &(0x7f0000000280), &(0x7f00000002c0)="570d5e38a0428a9f51ad889552f361fea1dedf6675df3c84156e0c2350a661190e0fb8f8873bf794e7056f724cab2cd3a45d52769e3778e0db4e6c0aadb30ff4035c16af1665bd5cc1798801e9db5590d41cf6101fc0b7c94b9a394558debb650fe19be9136cfa3c4d45b5a793af0e2cbf46cb1276ee72ae19ef1d9b7f10b7303e53348752b252ebcbb5e355bd367cecac744c77eb12a741bef22aeb304dbb7d7636f6c5bf62cfa618bb262c0a316bd2eab4b48a616e4de957faf425c7cd94c5d42a6bd9aa50c101b0c4a5ac3e551a2f17b8a4a7fea6a68b", 0xd8, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) unlinkat(0xffffffffffffffff, 0x0, 0x134) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r2, 0xa02000000000000, 0x60, &(0x7f0000000880)={'filter\x00', 0x1002, 0x4, 0x3f0, 0x1f8, 0x1d, 0xe8, 0x308, 0x308, 0x308, 0x7fffffe, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0x1f8}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @mac, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0xf, 0xffffffff}}}, {{@arp={@loopback, @multicast1, 0xff000000, 0x0, 0x6, 0x0, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x22}, {[0x0, 0x0, 0x0, 0x0, 0xff, 0xff]}}, {@empty, {[0x0, 0xff, 0x0, 0xff, 0x0, 0xff]}}, 0x6, 0x81, 0x1, 0x1, 0xd13, 0xe106, 'pimreg1\x00', 'veth1_virt_wifi\x00', {0xff}, {0xff}, 0x0, 0x4}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @mac=@random="3330cb30ca8a", @private=0xa010102, @broadcast}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x1fc, 0x19, 0x1, 0x0, 0x10, {{@in=@multicast1, @in=@remote, 0xfffe, 0xb, 0xffff, 0x0, 0xa, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000}, {0x1, 0x0, 0x80}}, [@tmpl={0x144, 0x5, [{{@in=@remote, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x34ff, 0x0, 0x2}, {{@in=@local, 0x0, 0x3c}, 0x0, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x800, 0x800}, {{@in6=@loopback, 0x0, 0x32}, 0x0, @in=@rand_addr=0x64010101, 0x3503, 0x1}, {{@in6=@mcast1, 0x0, 0x33}, 0x0, @in=@private=0xa010101, 0x3504, 0x0, 0x0, 0x1, 0x0, 0xabf}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x32}, 0x1, @in6=@mcast2, 0x0, 0x1, 0x2, 0x0, 0x1}]}]}, 0x1fc}}, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0) r5 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x4a, 0x201, 0x0, 0x0, {0xa, 0x0, 0x300}}, 0x14}}, 0x0) sendto(r5, &(0x7f0000000440)="be5b6f3b5d71afd6dbacef8ff55b2ef3fc2c438229ffcb2aa3f6598498edd561b3cdfe54af878793126a24e4f8", 0x2d, 0x1, &(0x7f00000006c0)=@in6={0xa, 0x4e20, 0x3, @local, 0x6}, 0x80) r6 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) write$UHID_CREATE2(r6, 0x0, 0x2) getsockopt$WPAN_WANTACK(r5, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x2, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_mreq(r7, 0x29, 0x15, 0x0, 0x0) bind$inet6(r7, &(0x7f00000000c0)={0xa, 0x4e1f, 0x9, @loopback, 0x10000006}, 0x1c) connect$inet6(r7, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xd}, 0x1c) ioctl$KVM_RUN(r3, 0xae80, 0x0) r8 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000740), 0x2) ftruncate(r8, 0x5) 2.451914377s ago: executing program 5 (id=6227): sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000004240)=0x40000004, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x4) io_setup(0x2007, &(0x7f0000000980)=0x0) r3 = eventfd2(0x0, 0x0) io_submit(r2, 0x1, &(0x7f0000000280)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x1, r3}]) ppoll(&(0x7f00000003c0)=[{r3, 0x200}], 0x1, 0x0, 0x0, 0x0) shutdown(r1, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000600)=ANY=[], 0x8) recvmmsg(r0, &(0x7f000000b940)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)=""/41, 0x29}, 0x9}], 0x1, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c) socketpair$unix(0x1, 0x2, 0x0, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x58) shutdown(r4, 0x1) listen(r4, 0x5) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r5, &(0x7f0000000140)={0xa, 0x4e20, 0x27, @mcast1, 0x20}, 0x1c) 2.07059866s ago: executing program 6 (id=6228): ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b0d, &(0x7f0000000380)={'veth0_to_bond\x00', @remote}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x4, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000040)=0x1000) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x6, 0xc, 0x0, 0x75, 0x81, 0x10, 0x0, 0x0, 0x82, 0x49, 0x0, 0x0, 0x0, 0x8, 0x7f, 0xe, 0xff, 0x0, '\x00', 0x7}) ioctl$KVM_RUN(r2, 0xae80, 0x2000000) 1.997007774s ago: executing program 6 (id=6229): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0) r1 = socket$inet(0x2, 0x1, 0x0) getsockopt$sock_int(r1, 0x1, 0x4, 0x0, &(0x7f0000000280)) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000000)={0x0, 0x8}) ioctl$SNAPSHOT_ATOMIC_RESTORE(r0, 0x3304) 1.944184957s ago: executing program 6 (id=6230): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) 1.915165579s ago: executing program 6 (id=6232): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x2) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r3, 0x894b, 0x0) r4 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000440)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x8, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000000)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r6, @ANYRESHEX=r2], 0x6c}}, 0x0) sendfile(r1, r4, 0x0, 0x2af) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) dup(r7) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000100)={'ipvlan0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x34}}) r8 = creat(&(0x7f00000005c0)='./file0\x00', 0xecf86c37d53049ce) socket$netlink(0x10, 0x3, 0x0) write$binfmt_elf64(r8, &(0x7f0000000a00)=ANY=[@ANYBLOB="7f454c4603090701810000000000000003003e00f9ffffffd801000000000001000000000000320d000005003800010078000700090007000000db080000ffffff7f00000000000000800000000081fffffffffffffffcffffffffffffff030000000000000002000000000000008c66a330db9c9bdd1d97e21fbdc437139c09b01eba179d78405ddc1b0f4bc1269828234c0d4a02abb8de6c92a6cd2cbd103b5b2407d6a9c7098d1d1bbf8deeaec3f8b3113d2104fd9e5a647ed8dc9fdb54c0bb6d5be481d5a04aff4be16cc3336ebea023b89970d5d819da3ed7c10a221e800822f4fd0d09e3aeadba3a35f58e97f8cd919b1c1d8bddd5b41073d47b558509f9fa402d63f54e72a068b932c0e71743f4e865bf675e511834a489b7e5ac1ebc36e7563cb2e4ad387fa746cc7cf97f965261449a0aa0d77ee88fee7c07707159a610593c558b01156a970f46f8066b7ced4600"/348], 0x78) lsetxattr$security_capability(&(0x7f0000002580)='./file0\x00', &(0x7f00000025c0), 0x0, 0x0, 0x0) close(r8) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000400)={0x0}, 0x1, 0x0, 0x0, 0x20040800}, 0x0) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20082}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4040000}, 0x4000080) r9 = socket(0x10, 0x803, 0x0) sendto(r9, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) syz_clone(0x11, 0x0, 0x41, 0x0, 0x0, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x10442, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r11, 0x4040ae79, &(0x7f00000000c0)={0x101, 0xd000, 0x8, 0xffffffffffffffff, 0x1}) r12 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r12, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000100140001002abd7000fedbdf250100020008000100", @ANYRES8=r9], 0x1c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000780)=""/73, 0x49}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f00000006c0)=""/112, 0x70}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000880)=""/151, 0x97}, {&(0x7f00000001c0)=""/17, 0x1}], 0x8, &(0x7f0000000600)=""/191, 0xbf}, 0x9e2d}], 0x1, 0x40012020, &(0x7f0000003700)={0x77359400}) openat$binfmt_register(0xffffff9c, &(0x7f00000001c0), 0x1, 0x0) 1.88278782s ago: executing program 6 (id=6233): r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000000)={0x4, 0xe}, 0x2) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) recvmsg(r2, 0x0, 0x40012140) getpeername$packet(r2, 0x0, &(0x7f0000007480)) write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15) r3 = dup(r1) r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) getsockopt$bt_rfcomm_RFCOMM_LM(r4, 0x12, 0x3, &(0x7f00000021c0), &(0x7f0000002200)=0x4) write$UHID_CREATE2(r3, &(0x7f0000000400)={0xb, {'syz0\x00', 'syz0\x00', 'syz0\x00', 0xee9, 0x4, 0x4, 0x1ff, 0x40, 0x3d4d, "fb5b3103a045d8a9dd02d77e8cc28c40180d0cf1e9bec4bbfa6ba4a3e2aab41dae9892fd70b12fa1a99bee9c39cae1c2edfb5c1a1eba7d526dcbe6d2f76ed55bd05a69939fe367d7a50d7bc9793d8d6d64bcbe97d582e251e1902e0c84704e1bbbd1983744fb569ff5561b124100e5bad7cb46e2b46a63b85440a558f5b53f1871687700d5cc92a8baafa2f7ed700f6c36e2960cbb73323de7a38f00f8a70cf20368e835ca750fb18e7ddf98ecfd6f80e2d604abd0bb8f8de1bae4d5ab68902a0a50bf4cfbc0ce83e3b1375b8c2a85fb34aa20603bfe8985251f8d068737dc38df7f72dc9e6d8d5caa8e48a9c98cd0fa4f750ffce6a3692cd35eae418b413ab37e8eab0a6f4c5df7ed59751e327b97e6f20bee8c01faa0d6be3cae30de9dc154d29cb2ca3b9322fbac615001e87c7cda39b6250a652a2ee37a8f1e8855c133717992b9aaded5de756d217f56a6f1f2e58ad5b8eabc94f3a6024b818f76e4461499edfab6c0a3efea09529a4b766c45bb414b38ffe795b1740c20c032bc17ac3da1fc11f29777cbba19af06292a9fef73ecac75d01e5c3601c38afda8503c2803579b70c8af8af44cbc21727df068a2eb6f4226fb8548344ba4fe93ce81155feb2519d4290f5175f16682110c959f0a4b4c0af6c39db6583a4a1006362597ad340d72af30bbaf92f0488e2207843e16b3e05c282726d45d397e07df2473fb6049beb9e89727edd51d5c76fda4d08a2f20c3ac3872e39dd1e0c07a3ad268bd0755d4ecde85eab40e1644f4b40d85182b02925180a92c31fb3fb20dd69c33b28dc98d14d2aa5c06194016e7fc03f51d83ac8296d23e0e856831e603c477742295ed40bbd8582f953ed1a9d9ca0d5202255e22a5dfe474855fe956adf57df62b89f454d449a9b117375b10fabcf9fd9dda9a38fe162fad14ca38860082fd9700fbbfce554014b48533dc0f3f5477e6deaa8cc01532454a91dbd6dcea2ef6ed3e835dbc077a6af7dbe82aa2bf11d5ce67d037b76cfb88947209c9320cda06c1d5b77cb3c30bcc90305f13eaec07f3a63504e317a47f6ba4eeed7994d88e1baf90311a1bc891f29d3685ecb65da0cb21e27b431fc264b952b77ab7d8414ba80d61b43a7182f83332b221b491f8d5c6fdedb83b00f44c198473393336d1fb3b4562500b82042d1f17ba8ea6cdfbb79f2904addc3e9d10b84dc633ec9ec429884530d0023a2ea1418b6c7d558b5b22f7f20c0988f92e48da52cf6cfd0d570aa8aa1456f8fbd4701a7897800c4ba6afddf97306c3aa7adeaed3e0fab2eb2e8311bb300f532cf2a8f5058b89385a065728ee89e585948640fca9a72c362790ceca5b2df34379bbcbf3e93a7ce5287736a56333fac4a9f5076200a850f44a62f2cdec7ba47233c95e92005f2d2378383505a6b048a42929942929c631229ee7955830ce385b7e876c2ef6993aaa9b06567e83517ca05c42c4163bd28129ea4a2c21e080cea15cf4ec730ac7a8e13ae94de14718ac0145684696ea8bed6bc5982efb5eab22c6aeb02508c9166482c258d97f7a5b153067aa2c54f375f30caeac202a9a894d6b95273438a623e38f639b69fa13745094ae73a085df5c4c3ed0c52e8bb4fa61dd74d7b3328e61e6b0f2c1658fc0d616e9497c7e9c4b74d7331a2143e290863c93d77d243bb5ed20119ae732782f3edd91eafe31b77b6dbc703b1f7dcb4b837725416ddf6f92e879d510f19e21cc818c15e959a040784924d3921ef42cd0ed284f98f39eb979380460ef065bef6bc615dd714af90ba6cb98b423fb36cd05a27017fa693d48af5da24161f25f7c37da5bf971b1cdb7c0d26f1794c9fd44bd06af38a8d7adbbf223fd24e9fc1ffb88b1b8860d577d80e61390dbee15f00eb7ff945fc45035d6c6499ed758cc8cd430638e3a6b2d1cc9f6b78ff95a50748910ab7531f8f89dca8a7862aa6a4e77420d16cc6d2efae187ef21dabcd1af43765bc7afc216a7a6d3380011de36a68c2b786d3662d2c0f137a6c8951c82edfdaaf210e198ed769b9656da1aa42ed1c06ce63d637b30e8357201e8dabfd5c37077a8ff4118bf8c3fbc23f9c348cc5e1670d7550b71538947323ffee6862d1a9a4835237987e95a7318d8f8556f7a41fcee9fd6b0d2ca77a1729a74eaef8f721817207a1a42d0193ffe963003f2ba7a232557ea27059e3a66e7f0db93cad230bcbaa92a1ed5b43ca4b6f13db7988fca6e6077b8cb592eb039ae6442184786dcc90c772d24eb4f6ce97de014360914241b97bfffa4be89597a5e9df86c3dbfee25bca369be0dc1d75c126231612affb0cff7db8c4bd274bd0fd99d0ca24cf5966f58c3dcb828611b6deb4e980215a51e908b8e07c8f52a5d3e915f256cd67665a2ead79b34e412f7c8ba4d0b4a57755c6d7706084148431acb8e0b4ae6c8504ffc5bf634a9f9a36521db95e5783d5a3ebd83ecf994f08b60111f186f37930dfae9cb6a39327f4807bbd69326afd84893aa5a1e4c0cc20468f7bf8daf2b6f90bd248d75dc6a884fefb3575fba8584d7c1eb4756fe0c044001d0bb6b53a03f1138456fa8cf1068727daaf8d069b1a3bc7051883c3540082e547d1cff151049b684f73f4e9f07644ccc69b3e768a3074ee2cc34d38d0a95354877904978c859044af1213930179e27c6a129bc403acd2f1e6a5c97ff632fbe8f8f1ce4d248f6f4fdf58dfe8ac5f4aa217801fc9a308c491492f80a7b62c57fde9b54ffdf74f12a952d478b23678d455f3405dbfefcc4a3023ad34d65d59f122fc1bf72dd04a5a8e9e57d227b3a3a41e1e555076df55116c8910971c2a1d7f384ec11fc70a149ed9eb5184b9bbbaa983234491f294d6d3a99266238a09b0440393f629e294231c5453d9c6bffe5fa399ffe4e99a7545a41502a0bcad8579a718561b53f397a5b48473894479716cc9080bef4b42e9b6d9d27a81dc4b44063f2bab0eaf7b6efdebe56b987abb5bd2a62a26d551555848a8ab3729716fe72d2dcee3e0328d157337967f9edafedcfdaaf75460ec14c6a82d4286f490b6035b5d98eae91044f0a0dfdebd91486b6d5186c634581599b6ad8c0635e6c45c9e4f3a4e4cfdc4414e1b669122009252e66b131695b7c6836e98815452ced472fe1f0e6bfbed1fd473bbbb2c8bfde3d0c7397766e4124f0d308045678e1c00a6e4eaef750ba8261aabaeae8862054e529eb02f261703aa9ff8547687e2a44201491e608d6c3946e8b00c3d2dc84fdfd6c85aefc09f48c6de980b88d33bc43a5ad482814042e0a98806fa4a93dac203f74d1faff9260f69ab877d49a06cb248ddb87a12ca29fd663ecc2a96787f21356f734896bae904310a68e387168b1d7d3b877c1925962fa0541c41548af40e8738187c2c18f459ebead562ff464ae4febbbf210dc8030b161628b7bbb199818181cc9a83383867ffbb5f3c67e4f741549c6be036de98045966ae4215cb8a3ac0c4d2e31bf0e97b644e71b30983647f4962fc39bf9a9faa4f43090edd30766651d5fce09b788e97a1138156ada1d2456dda03c3226068b25f739c9fc014b05df4bcf62f8d06f52b71c923604fe7a7e2bd048ef6be08eb5701a1df0afdc95c5b56888a1d6453cdb9f926b4fa3c60cafd263d20b97ddbec8666a728f28a173b0dfbfdfe78a0af95a36788ed1866d3b471de3e14bc57feba35d663c0164734f1f16c049861fd361ecbf00b159fc428ee92bb3f2fb75c3aa102f6c53d8547daf051dd7b8b2b16190a7fba2599b066572ba0bc0ca1bf847224585d738099f762df8f6e7028783919a74e5e0fdcf29a363375ccd597fbc63e36d7e35eb94b21d37d620ca07f121a6da3f959a1bf56fd4cf4fbaab7e1f0a1ffe12bf889c1a95979223f6e2660a73113fb7bbf15fb36416435172c65315a797661aedca1b451356b331aa0db2b8a9956b87e5c062118a605fb84ba92fc307dca04c96cbfe48a0161f83a35936f921d53c0a1da603a606f509830de54a788896040dd9e7ce26026b85eaecded66a82061ee3b93a7276e5a08333bb4d0e8edfdac47cbce03379b90c8e902c47cee33e26f0264d5dec836ae29e943f2a512f8ef697f55b4a01752cd9c78ce79839a0f87eb7377e19ed0b65873af3aaca20e1c7b5909a407c12fe45431193fa7f92c51b8ba818e03d4f0da3a5425286d26fa3b4263171d8d1a2a737b196778d5402e2eb6af4277d24c423061ace0faad842c9837b08d545d65f303d1e15b7c23b3341e09a659cd16ddfcb0ffa46e20fb2d476e7f341f1191d7ddb6f7eae5c698e90fc482b1ee515a3bee2c462cac87b71ccb6259315b01e4fa5836e42030cc499d86183167456917ee72ee1d65e131ad31dd2f3cbcfe1ff4e36f17a0e5c6ea06db3532f117f7e1e11fc39002090dcc88d1b0990889144daf3036f7731a6637e8bb0075e4e2d7c984e173778348ab96074373ac4cddb60416b4e9c60ffa853fcc7cc2875cad13788c69aa43b398999efbaa3d17eb6471ea1f0a816add83819b38ab2abecc110c713cf4e986b808a2f76dbcb5745072f067f1c3eb381f3c45912cf588e771512f072892b9fe9c59ac12b804f77a5957b2493d0fd18a1b520ebe7638bf32a142304779f726596b0d920778d572b8903e0ea740a767f423cf33cc911395807816727d117eca77ed3b50b2ac30e4c5f2b989c1a013770fffb39ea938262ed5c00d2ab4b394415583d92bdb743b8e380812934df2d997cc674fa55f580de90e333828ad35e029a08bd5fce35f4825aea962c6d493a570f8fb4513be97b45c49efc0f76053c058dcfd7e9f10cae4eb8e4fe9bc3479797b84e97b82e12966e590f01d8f906441254916983b639464055bf79d8aa1e56ed9d10c0247577c62426d79d99015814668eb7300cf367c1189186b13dcca8464808a5fa11b77745bf097d352e7c636ca0a8961f87048464ffe7850f0a6d3b73ff5878b1518159642147f65dccf93d81dc62a0dca8cab6084552a9bbaf6380899eb8a8a843d3a00a5272b7311cc027c3171a24858e790e38b5ed7e39f340f874be2358144a435f2ca5f9b6535316c1df243d8bce0be4c2d54be66965d61882aa6a82346df554f8eb85997de51dfaa1bff9a8770c560907caf7c58325249ca750397119b71ac95dc5f0ca85097b4211071c1b72597cccacb6326b57b4ad2dc6abc073d0d2e4ae8ae50fd1ce58552c422fc6788eacabd2022f696124dee3d7483d368c63eed82323ec9970673ff8f6bc1b8feebda09ded0393cfb4af69e174f45c83dec05d938b7f17c976e0b32dd61ac07dc03c30b3712caf8084d759956fe7b10800a83f7383cb508c74b156469334d6173a92024a413bfd359ffe3e7c6deae697893bd8f55c5468b33113b982c233ce220a3933"}}, 0x1001) ioctl$EVIOCGRAB(r3, 0x40044590, &(0x7f0000000280)=0xfffffffa) r5 = accept4(r0, &(0x7f0000000100)=@ieee802154={0x24, @short}, &(0x7f0000000180)=0x80, 0x800) ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r5, 0x4068aea3, &(0x7f0000000bc0)={0xc1, 0x0, 0x1}) r6 = syz_usb_connect$cdc_ncm(0x2, 0x6e, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010040000904000001020d0000052406000105240000000d240f0100000000000000000406241a0000080903000000000000000904010000020d00000904010102020d000009058202480a000009090503020002000000"], 0x0) syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0) r7 = syz_usb_connect(0x5, 0x544, &(0x7f0000001c00)=ANY=[@ANYBLOB="12010002cee11b40d21950005f8b0102030109023205010d069004090417020dffffff0a0824060001af109605240001000d240f0103000000010006000906241a07000b0624077cc40008241cd55e07030005240102c80c241b07001aff0206ffff01b824130770dfe4c30b89ad065e93fd19d018b813043d276416fe5947873b68b753c52976977ec79a45e262af53dade77f1274d05d930ca97f3dfe2fd83ee5ac7b9f39baffc154412d68a95d6b8271686c51f6f3bedb1433ed7fda925538759e63574ceae5ea71d33dcd0341a0866cd722b85b55899807061edc063c205c33fd196cb477ff6a40f082f30d381078f9b630ac425f505300c6508052dbde786cbef395d10da0d59679b88b2b4d0f190094929579ef4f94105390a240180000a0201020b240806a2007bd9a9e2a90c2402010402e2400080ff000b24050608d733ecdd8b180b2405041a2233ae6bcdfb0924060202010100001324060204060400060009000900020009000809050b024000070201090500000800d2040a0725010282000007250180028dba09050601400000f809d202310a1ab6f536d8cd281ff084cbf0b5df5cb3841e32408a2a4446bdd7c1ba8357f489bfe296b591ee7b60f877da17bf9f665bbc58156c91bb2d52cde0368cf0d184f4d75d6a42efb305952bfe77e3e5d85fcc50dd737ecb3bc2538bbd1d20820b3fc1a8f61da0c3373fdf0a93bdebef3e68466294c3a8340f186a5d082f2fe7d51914a563c7e430d567c8a6fd9524b05f30fc2f8d0dc958f6c2c6c83801b820bfc1d13ce2068a4a082cb7849d9904315a1ba6358be54e66231d51ea037c5198563ddeb45cf34beefbf113ecee05ba52dd09050d0340000204030725010050ff070725010107030009050b031000041013072501800903001803e1b1fe8b44a93a849e9d008e13b4b628115f5c565497090508020002060101f3039a09b90d2f9bd50f086eb8dd3d535ee1f6e454b364f8fa6b7031e574ad28385bae5255a31c3f40585ddfa38446b00f2095af607b506fab90adf55d73f19e28fc2b918ab1b960f1aa8349b6dc2c0c18f0e988de20309d4ed85ee8511d32f32ff381663681ebe7c6b12e0ee45d9e650ac4d6cf119fdeb9154a087ede7548ca7b2b084c105d20763f024a8ff56b70b19e06497c05ab40c6a12bfffdc177a3060741e05347bf779ac90887402b5d35b0d4b26ddeb31bf65a138329a530cbf655b6f09dbc9f223e8b718c1c2b1bf13e34e9c53b27b6b3f2b212b37b26ba7f27aa352e0675535c5c4298d2e9699b8aa09d116f38870525bf026752309f2bdb4b7e85f9668d56585102ed9152416d26f98b92247333794a5d6ce2d27e5c58dac92d123148d8dfeefd213701b3f679ced461e2dde83775fea2dac425bba3dd809f9fe396d24053562a6d8c5bfc302c5b785fcbce065571687a8c44f4b315850e383e552ccddbe6274048e0f8bc68f53a87f642bc24a8b7b958ec895509050500480207fcfa09050e102000100301072501830000002705040000020406039d2262168884481dc8c31bed3b329a20e76f7c9377431999545dd96633589f01b1a6325985d6a5e2843e935510ded3e7a18490aa63142b49e8b08c0d03faf6da5840c7e771e93f4a5475ce78c99d11f6b9271ced596589ea9512ec76802fbd9f3d4819d7beff9b1568f2ed939639e669a8faa1dd0ec32a45b7e0a2d5a9f9dac19d364f973d0ccc9cee7119546aba4adda336831482875a3e9f9d99767f0725010301fbff090506032000070f781b213e80d6d8f68bb2ea1fc34679b384312866c24d9d2a57a1b52009050e0010000308000725018201050009058000200093030307250182030300072501010801000905091040000b06035804b0c8504134d002ec409d26bdf0e917f2a967d9442b1055190b2332c60bdc1c1b47735e97ee978fa6676660d3d40b12ff5bf4d400b4c0097437c8fd279fa0b97063da33"], &(0x7f00000001c0)={0xa, &(0x7f0000000c40)={0xa, 0x6, 0x53460ab06dec3a0b, 0x3, 0xe0, 0x6, 0x8, 0x1}, 0x29, &(0x7f0000000240)=ANY=[@ANYRESHEX=r5], 0x2, [{0xcf, &(0x7f0000000080)=@string={0xcf, 0x3, "ba5fd7aa77b6d3b40cd61d9f2d7ae7eb3a7abd4558b9a246846d3b4e3b68a6bb670dd6ab86adeffe6504484a06136d5063aeaba680b801b39ab0611e18f74c8c06dfc3704bbbaf708ebb257bae1879e92b4e75e5415d2ce2578f347dd4f9d6dd964f550ed4a5d4f58b78d1e983a20a46b49761fa255e1b489cb7f011b5765d63a267eeaddf2f48d3dc6f7820146ac047ef3cd96b11a033a753c06ca5050828ed44c43326a9a6318c784adca4455c161a58765a85d457eb5fcec38ade842f8cd149e7afe41eef39021f9f4e4744"}}, {0xdb, &(0x7f0000000c80)=@string={0xdb, 0x3, "d0223939db52ca3d6424c871ce07ef2d46d6a5e4e5069517bb9d8d2b9afa3f3932c0fdb2b8bcc9b11a517c0b5028842c33e55ac9f14744b8cbd08c32655ff36eba3e8ff27d15ee789ccc18e793f1bc5a14c5ad2bd9bbe8d43276e8f3b79c98212dedb4a73904bfa45a28874941c8b7290abdc139ee7b42c0097f312207adf276fdba015c9c305117f3f8b28fd58e2acabf55f350deb411a88a6abf12c9da07a74455c4ec41e415e5c6a37f293c484abadcfceaf3f06f0db6c34253edbf2537aedd23a43548de9d909da27101e2cc2b03b1367b0ef59ceed801"}}]}) syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r6, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x14, 0x10, 0xf, 0x10, 0xfff6, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r6, &(0x7f0000001680)={0x2c, &(0x7f0000001440)={0x0, 0xb, 0xaf, {0xaf, 0x24, "c9c40c36144ffd17097e65fab6cc50092c6a4bb3aff98281146d0a20ecb61a0a2f53378a47700a1c7472385ea4fb3a3fe9db8f988936e660b22d298ec9248390b0f966eedf99ba2a5fdb40bd050da592559ed4dced77f5049842b6ad8b09b77caf9d08b32608960498c1d0c6570332cfe4fa856798a4d15de2a029bc27fd84b2efeb92bf81f230d9fafe62b300398e4584098d7e13ccfc0941df04397d73f7a5e68b39363ad2222d5376502f95"}}, &(0x7f0000001500)={0x0, 0x3, 0x8c, @string={0x8c, 0x3, "9839ed7d86e1c75b44ae78900c0c2943f393c5bcd828222a0fdc122ea2bf024d7a74c24e6fece88635bf4eb7afb7e43e3230c3816ff553ca9f6e881707363961966e90cc00a5e735a62e3bc23ae49bd20a7b9b4d95e2a57aa8001d100cba01d6b3473d43f95bd53b392ed36826ddd6926c675e6b82ebc3519b76aa170790adf05fd5540c38a099b00d97"}}, &(0x7f00000015c0)={0x0, 0xf, 0xf, {0x5, 0xf, 0xf, 0x2, [@ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x7}]}}, &(0x7f0000001600)={0x20, 0x29, 0xf, {0xf, 0x29, 0xc0, 0x5, 0x9, 0x2, "bdb44954", "368c8783"}}, &(0x7f0000001640)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x7, 0x80, 0x11, 0x0, 0x29, 0x8, 0xffe}}}, &(0x7f0000001b40)={0x84, &(0x7f00000016c0)={0x40, 0x31, 0x7c, "d864af754f10bc66a2285b3de8de6463e2d0b6acfc881c02e152c1d15fa924a28cd25eb85dbc833912ea82a575c12b9cb395687bd28beefdae94f319859692948f2d70466e951075ed85e571325f985c0e8cf1df745c2f9968b93f3d4c8315b5b06369f57ea9a4e50540e59714a02b9078a128d0175f111edc7f84f9"}, &(0x7f0000001780)={0x0, 0xa, 0x1, 0x3}, &(0x7f00000017c0)={0x0, 0x8, 0x1, 0xd}, &(0x7f0000001800)={0x20, 0x0, 0x4, {0x1, 0x1}}, &(0x7f0000001840)={0x20, 0x0, 0x4, {0x0, 0x80}}, &(0x7f0000001880)={0x40, 0x7, 0x2, 0x7}, &(0x7f00000018c0)={0x40, 0x9, 0x1, 0x7}, &(0x7f0000001900)={0x40, 0xb, 0x2, "6f84"}, &(0x7f0000001940)={0x40, 0xf, 0x2, 0x9ee9}, &(0x7f0000001980)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x38}}, &(0x7f00000019c0)={0x40, 0x17, 0x6}, &(0x7f0000001a00)={0x40, 0x19, 0x2, '\r\"'}, &(0x7f0000001a40)={0x40, 0x1a, 0x2, 0x1000}, &(0x7f0000001a80)={0x40, 0x1c, 0x1, 0x3}, &(0x7f0000001ac0)={0x40, 0x1e, 0x1, 0x4}, &(0x7f0000001b00)={0x40, 0x21, 0x1, 0x81}}) syz_usb_control_io$cdc_ecm(r7, &(0x7f00000002c0)={0x14, &(0x7f00000003c0)={0x40, 0x3a61f5aaf261c71b, 0x81, {0x81, 0x6, "f7125d4111fd97a9c4d9ac6f4ebb054f2bcdbe4ac425d33add5601d2f0f38d7941ee94a723fdf55264de039e6afa1605e4706c198f06efe08ea25b80288ccf9e5bb82e139d2c6fabda499996b6213687ca957e614febe0188975e04170801404f744a0bca8897cde36e64dc56a56faef83f6a30b223273c5f0591ba2fefa4d"}}, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000b80)={0x1c, &(0x7f0000000a80)={0x0, 0xc, 0x8a, "73c9b0bb22da2ace72790e76df50b711e7a9294ae4827f240af71605bd219a12994313e789baae11a324367c22901a21b16c49240812372b87f363432ad6c9e4f874c854695454157d67a043281373b5f7f2aa330f7dba69359c8c61196b90848fc4578f0c6908f62048fc3c11cc0d4cfa3d72103ca497970e6f47590b51697cc0cd2aa8816f8882ecbe"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000b40)={0x0, 0x8, 0x1, 0x4}}) syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0) stat(&(0x7f00000022c0)='./file0\x00', &(0x7f0000002300)) 1.596027177s ago: executing program 5 (id=6235): openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000040)={0x3, 0x9, 0x6d3, 0xc9, 0x7, 0x2, &(0x7f00000001c0)="9af071c1642b64"}) r2 = socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) socket$nl_audit(0x10, 0x3, 0x9) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r2, &(0x7f00000005c0)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x8, r4}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000080)='C', 0x1}], 0x1}}], 0x1, 0x200400c1) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={@rand_addr=' \x01\x00', @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, 0x80000001, 0xff, 0xb2, 0x500, 0x2, 0x4, r4}) r5 = syz_usb_connect$printer(0x3, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0xff, 0x2, 0x7, 0x1, 0x1, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x13}}}}}]}}]}}, 0x0) syz_usb_control_io$printer(r5, 0x0, &(0x7f00000000c0)={0xffffff04, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1, 0x4}}) r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r5) ioctl$EVIOCGMASK(r6, 0x60b, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x9, 0x4, 0x6, 0xfffa}, 0x1d, [0x1, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x2, 0x9, 0x5, 0x2, 0x0, 0x6, 0x3, 0x0, 0x2ab, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0xb, 0x9, 0x1, 0x1f461e2c, 0x7, 0xe661, 0x7fff, 0xb, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x800242, 0xffffffff, 0xe, 0x0, 0x71, 0x2, 0x6, 0x3, 0x2, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x3, 0x80092a3, 0x4, 0x1, 0x20000000, 0x82, 0x0, 0x7, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x401, 0x12f, 0x6, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x5, 0xffe, 0xfffffffc, 0x334000, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x1, 0x0, 0xfffffffe, 0x8, 0x4, 0x8000, 0x9, 0x3fe, 0x401, 0x6, 0x4, 0xfb, 0x5, 0x8000, 0x5f31, 0xbcf5, 0x1, 0x2, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0xb, 0xa, 0x1, 0x9, 0x9, 0x2, 0x7f, 0x9, 0x1, 0x3, 0x9, 0xffffffff, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x400004], [0x6, 0x6, 0x80000001, 0x2, 0xff, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x1, 0xb, 0x4, 0x5, 0x1005, 0x0, 0x1f0, 0xfffffffd, 0x2, 0x86, 0x1, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x800, 0x8, 0x5, 0x8001, 0x7, 0x38, 0x800003, 0x200, 0x80, 0x2, 0xcc52, 0x950bfaf, 0x1000, 0xfffffff6, 0x7, 0x53cf697b, 0xfffffff9, 0x6, 0xb8d, 0xbf, 0x10002, 0x403, 0x7ff, 0x3, 0x0, 0x1, 0xffff, 0x5, 0x6, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0xff], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x1, 0x6, 0x5, 0x0, 0x3, 0x80ce7, 0x1ff, 0x3, 0x7, 0x5, 0x1003, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xe620, 0x2, 0x2, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x4, 0xffffffff, 0x80000000, 0x7, 0x8, 0xc8, 0xee1, 0x0, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0x4, 0x2, 0xffff, 0x6, 0x1, 0x10080, 0x6, 0x8, 0x30b1d693, 0x5a2b, 0xc, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 700.809349ms ago: executing program 7 (id=6239): r0 = socket(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000040)=@id={0x1e, 0x3, 0x0, {0x2000000}}, 0x10) shutdown(r0, 0x2) 687.58013ms ago: executing program 7 (id=6240): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x10, 0x7, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in=@empty, 0x4e22, 0x0, 0x1, 0x0, 0x0, 0x20, 0x0, 0x87, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2}, {0x3, 0x200000, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0) ptrace(0x10, 0x0) ptrace$cont(0x19, 0x0, 0xffffffffffffff7f, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB="040100001a"], 0x104}}, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_PAUSE_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f00000007c0)=ANY=[@ANYBLOB=' \x00', @ANYBLOB, @ANYRES16=r1], 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_WOL_SET(r2, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000200)={0xac, r1, 0x200, 0x70bd27, 0x25dfdbfb, {}, [@ETHTOOL_A_WOL_HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @ETHTOOL_A_WOL_HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gretap0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x8001}, 0x10) sendmsg$IPVS_CMD_GET_SERVICE(r2, &(0x7f00000002c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={0x0}}, 0x40001) 628.118603ms ago: executing program 7 (id=6241): r0 = syz_open_dev$loop(&(0x7f0000000000), 0xf, 0x183043) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000005c0)={r1, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x18, 0xd, "fee8a2ab78fc179fcff8a0e91ddaaca7bd6447a4b4e00d9683dda1afb94c1956b7fb0a018c060000000000000300000000000000000000000000e0ffffff00", "2809e8dbe10859892d0000b420a9c81f40f05f819e0117020000f20020000000e903001000", "90be8b1c5512406c5f00", [0x4, 0x5]}}) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000001280)={r1, 0x200, {0x2a12, 0x80010000, 0x0, 0x3, 0x20000000000006, 0x0, 0x0, 0x7, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7ca64c6a4b4e00d9683dda1af1ea80000000000000000000000deff1200100000000000000000000000000800", "2809a9000000038948224ad54afac11d875375bdb2420000b420a1a93c7540f4767f9e01177d3dd40600000061ac000000800800", "90be8b1c55f96400", [0x5, 0x4]}}) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c03, r0) 627.808343ms ago: executing program 7 (id=6242): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r0) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x2844, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r1, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00\x00!', @ANYRES16=r1, @ANYBLOB="0100280000000000000002000000200001800d0001007564703a73797a32"], 0x34}}, 0x0) 623.300444ms ago: executing program 7 (id=6243): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f00000001c0)={0x1d, r1}, 0x10) close(r0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000002, 0x0, 0x0, 0x7, 0x0, 0x5, 0x100000000, 0x2, 0xffffffffffffffff], 0x9000, 0x200}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 601.984935ms ago: executing program 0 (id=6244): setresuid(0xee01, 0xee01, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) kcmp(r0, r0, 0x8b598a4c6d8f8fc9, 0xffffffffffffffff, 0xffffffffffffffff) r1 = socket$netlink(0x10, 0x3, 0xc) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r4 = socket(0x11, 0x800000003, 0x0) bind$packet(r4, &(0x7f0000000d00)={0x11, 0x0, r3, 0x1, 0x6, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xb5}}, 0x14) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000040)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1) socket$packet(0x11, 0x2, 0x300) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1) r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x56a, 0x331, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x4}}}}}]}}]}}, 0x0) r6 = syz_usb_connect(0x1, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x5, &(0x7f0000000380)={0x5, 0xf, 0x5}}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) fcntl$setsig(r7, 0xa, 0x10) syz_usb_control_io(r5, 0x0, 0x0) syz_usb_control_io$rtl8150(r6, &(0x7f0000000180)={0x14, &(0x7f00000000c0)={0x0, 0xf, 0x34, {0x34, 0x9, "956ee1f73df45daf47f331b105b6b55bf26cb3107f0303dcb23705f8d13a5178cdad45fe48856c57c1d332747da295944111"}}, &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x40b}}}, &(0x7f0000000400)={0x2c, &(0x7f0000000440)=ANY=[@ANYBLOB="4000c200000008bcb42118f543565746ffacfb573d3381d6309247c2264bcd76e1d83ec88f124c382941bc2c3437ccee1d2f1c25d83d1433e934961de7f0588557f71b6c0ed7a599cd205bd44a35399a7f3943c5089d8160b918197869171daf51fc46cce11c6b66c9cf58d7222d2a76bdc1ec27c1e7a761c28f5f0a46e53d64e01a80aaf1bd2eb1b5c05f6426a47daff90c8edfb41ca912778788bb2261964a48b961a82390410d46f1de5029b99102eb6e2c8bdfa2505c477430adb50feea58788ab1599d04c6a"], &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000340)={0xc0, 0x5, 0x4, "56f82c3c"}, &(0x7f00000003c0)={0x40, 0x5, 0x4, "6cb044eb"}}) syz_usb_control_io$hid(r5, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) r8 = dup(0xffffffffffffffff) ioctl$BTRFS_IOC_QGROUP_ASSIGN(r8, 0x40189429, &(0x7f00000001c0)={0x0, 0x81, 0x1}) 515.9847ms ago: executing program 7 (id=6245): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) getrlimit(0xf, &(0x7f0000000180)) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) preadv(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_int(r4, 0x29, 0x10, 0x0, &(0x7f0000002740)) ioctl$KVM_RUN(r3, 0xae80, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x41, &(0x7f0000000280)={'mangle\x00', 0xda, "b6d7855771359c44ac1b81d3825eb7dd8f7dd81afb2482ea915c9bece0b05f465a037cadd235baa03731d488e8b504b214e06062fd052faaf6eec633326f9224eff4b398f7e946b71d1e5f2578898730d732add364219456e82241c2ea82e60b36b3333dedc155862f9de058d3c5877a0116d1926d64c2197987f184f0b11c00999c55a80b807a568909a51e3ddad8a15799cec3b8e1e262657bd4e177cdcdcc8cf6b508171c10233216dd44ed35b4206bac709c682bd0dff15d4a9808c97971472fc63423f0093aec0b50439731802f197ae9a21efdbfb1bfa1"}, &(0x7f0000000100)=0xfe) syz_usb_connect(0x2, 0x24, &(0x7f0000001300)={{0x12, 0x1, 0x300, 0xc4, 0xb1, 0xc2, 0x20, 0x1a0a, 0x104, 0x5a51, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x0, 0x20, 0x8, [{{0x9, 0x4, 0x79, 0xa, 0x0, 0xc4, 0x7a, 0xb2, 0x2}}]}}]}}, &(0x7f0000000e80)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f0000000d40)=@lang_id={0x4, 0x3, 0x820}}, {0x6e, &(0x7f0000000dc0)=@string={0x6e, 0x3, "2c00caa3675afdc5914b60d7f49c29c2a7e733e132a584d0a918ac8f58c8afa6edba0f33d499c8c9f826d54a830fe3d975fcb6850774c413ec805b339d138279982b127d226801d0704a7bfca54bf298c00998cf688059d58fc93917255b3df8913a070d02300980cf6868de"}}]}) setrlimit(0xf, &(0x7f0000000000)={0x1, 0x5}) 80.647095ms ago: executing program 0 (id=6246): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x5ac, 0x27d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x50, 0x0, [{{0x9, 0x4, 0x0, 0xfe, 0xfd, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x4, 0x8, 0x1, {0x22, 0x8}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x7, 0x5, 0x3}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_connect$uac1(0x2, 0xdf, &(0x7f0000000640)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0xff, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xcd, 0x3, 0x1, 0xfe, 0x0, 0xb5, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x9a3e, 0x5}, [@selector_unit={0x6, 0x24, 0x5, 0x4, 0xd9, "af"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x4, 0x5, 0x6, "c3f497f11536b29345"}, @as_header={0x7, 0x24, 0x1, 0x0, 0xd}, @format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0x1d, 0xf464, 0x2e, "c3fb"}, @as_header={0x7, 0x24, 0x1, 0x9, 0x8, 0x3}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x1, 0x2, 0x2, 0x7b, "1a"}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0xa1, 0x5, 0x8, {0x7, 0x25, 0x1, 0x0, 0x1, 0x6}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x7, 0x4, 0x40, "c6e65e3480e6"}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x6, 0x2, 0x8, 0x4a, 'L'}, @format_type_i_continuous={0xe, 0x24, 0x2, 0x1, 0x40, 0x2, 0x2, 0x4, "61b2ea", "a21a72"}, @format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x29, 0x2, 0x0, 0x2, "61e5227bac3c"}]}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0xc, 0x2, 0x99, {0x7, 0x25, 0x1, 0x80, 0x3b, 0x101}}}}}}}]}}, &(0x7f00000005c0)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x250, 0x5, 0x12, 0x5, 0xff, 0x3}, 0x5, &(0x7f0000000340)={0x5, 0xf, 0x5}, 0x5, [{0xcd, &(0x7f0000000240)=@string={0xcd, 0x3, "437cd7c9ee45c68d5725ca2d60857d739f150cd077599edd1563df5c3edf9aae70c9ff5ffa78250bfafdeb10dadafbf2155d2233cdb0105686b178e688223d9ee7a4e1961131b67a7690ab150018910328cda68fa097a2c46fc9e0df7adf94f6aa22582bee7099a966db03ea1351cd70b27f2ad683c5379c7d6e00f4e7cc10598a0bb12a26083a85e29f4093cdec2b010c97ac2c4d7458b8df3433dce4b3073f0aa631973bc42c64ce969cafac2ac909b130250a9584cbb8ce93e5cd6f25f3ab261b93cfd60cb48aa8afb2"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x459}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x436}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x413}}, {0x98, &(0x7f0000000500)=@string={0x98, 0x3, "7a24e596c7b835ef88c3f2350ab426ceccf1918b12b9f291243bd0543a66e13afcee4759733dfef874c2bedb72e8a8f7da746b9d401db63063f473c134ba45b4db3a982de47c070db992293e0a405ca36311dfd8fbaa31e0389c203735cef057919ef9f2d2eb238fe76d9e28641ead9c4198d0b232cc101c9c2eec92396ad7d258f064aa63db68a0c41a6573ebaaa251628751119cb6"}}]}) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0) readv(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)=""/246, 0xf6}, {&(0x7f00000001c0)}], 0x2) syz_usb_control_io$hid(r0, &(0x7f0000000940)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x8, {[@main=@item_4={0x3, 0x0, 0x8, "2375a88b"}, @main=@item_012={0x2, 0x0, 0x8, '\x00\x00'}]}}, 0x0}, 0x0) 0s ago: executing program 5 (id=6247): preadv(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000200)=""/128, 0x80}], 0x1, 0x111, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) write$tun(0xffffffffffffffff, &(0x7f00000004c0)=ANY=[@ANYBLOB="00006002e3a248f8e075"], 0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x1, 0x8000000, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@empty, 0x2, 0x0, 0x4e20, 0x0, 0x0, 0x20, 0x0, 0x16}, {@in=@broadcast, 0x0, 0x33}, @in=@local, {0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x5680000000}, {0x10, 0x9}, 0x0, 0x0, 0x2, 0x1}, [@algo_auth={0x48, 0x1, {{'sha256\x00'}}}, @tfcpad={0x8, 0x16, 0x5}]}, 0x140}}, 0x0) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x2010800, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x82000, 0x8c) r5 = openat$incfs(r4, &(0x7f00000001c0)='.pending_reads\x00', 0x0, 0x130) ioctl$TIOCL_GETKMSGREDIRECT(r5, 0x40106726, &(0x7f00000000c0)) kernel console output (not intermixed with test programs): :0094.005A: probe with driver uclogic failed with error -71 [ 715.737421][ T484] usb 6-1: USB disconnect, device number 38 [ 716.116722][ T484] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 716.267862][ T484] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 716.278814][ T484] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 716.288592][ T484] usb 6-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 716.297679][ T484] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 716.306342][ T484] usb 6-1: config 0 descriptor?? [ 716.606902][T14143] incfs: Error accessing: ./file0. [ 716.612063][T14143] incfs: mount failed -20 [ 716.715132][T14133] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 716.723709][T14133] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 716.732403][T14133] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14133 comm=syz.5.5389 [ 716.745887][ T484] usbhid 6-1:0.0: can't add hid device: -71 [ 716.752030][ T484] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 716.760849][ T484] usb 6-1: USB disconnect, device number 39 [ 717.536718][ T484] usb 6-1: new high-speed USB device number 40 using dummy_hcd [ 717.687716][ T484] usb 6-1: config 220 has an invalid interface number: 76 but max is 2 [ 717.695978][ T484] usb 6-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 717.704992][ T484] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 717.715322][ T484] usb 6-1: config 220 has no interface number 2 [ 717.721605][ T484] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 717.734736][ T484] usb 6-1: config 220 interface 0 has no altsetting 0 [ 717.741545][ T484] usb 6-1: config 220 interface 76 has no altsetting 0 [ 717.748434][ T484] usb 6-1: config 220 interface 1 has no altsetting 0 [ 717.756663][ T484] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 717.765704][ T484] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 717.773718][ T484] usb 6-1: Product: syz [ 717.777922][ T484] usb 6-1: Manufacturer: syz [ 717.782503][ T484] usb 6-1: SerialNumber: syz [ 717.991498][ T484] usb 6-1: Found UVC 7.01 device syz (8086:0b07) [ 717.997931][ T484] usb 6-1: No valid video chain found. [ 718.003442][ T484] usb 6-1: selecting invalid altsetting 0 [ 718.011821][ T484] usb 6-1: USB disconnect, device number 40 [ 718.436554][T14157] bridge0: port 1(bridge_slave_0) entered blocking state [ 718.443678][T14157] bridge0: port 1(bridge_slave_0) entered disabled state [ 718.450980][T14157] bridge_slave_0: entered allmulticast mode [ 718.457336][T14157] bridge_slave_0: entered promiscuous mode [ 718.463645][T14157] bridge0: port 2(bridge_slave_1) entered blocking state [ 718.470736][T14157] bridge0: port 2(bridge_slave_1) entered disabled state [ 718.477829][T14157] bridge_slave_1: entered allmulticast mode [ 718.484007][T14157] bridge_slave_1: entered promiscuous mode [ 718.506695][T14162] netlink: 92 bytes leftover after parsing attributes in process `syz.5.5401'. [ 718.553483][T14157] bridge0: port 2(bridge_slave_1) entered blocking state [ 718.560570][T14157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 718.567925][T14157] bridge0: port 1(bridge_slave_0) entered blocking state [ 718.574987][T14157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 718.594322][T11915] bridge0: port 1(bridge_slave_0) entered disabled state [ 718.601558][T11915] bridge0: port 2(bridge_slave_1) entered disabled state [ 718.611393][T11917] bridge0: port 1(bridge_slave_0) entered blocking state [ 718.618472][T11917] bridge0: port 1(bridge_slave_0) entered forwarding state [ 718.627899][T11915] bridge0: port 2(bridge_slave_1) entered blocking state [ 718.634936][T11915] bridge0: port 2(bridge_slave_1) entered forwarding state [ 718.659615][T14157] veth0_vlan: entered promiscuous mode [ 718.670356][T14157] veth1_macvtap: entered promiscuous mode [ 718.776868][ T63] usb 6-1: new high-speed USB device number 41 using dummy_hcd [ 718.797876][T14176] fuse: Bad value for 'group_id' [ 718.802896][T14176] fuse: Bad value for 'group_id' [ 718.928551][ T63] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 718.939525][ T63] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 718.949326][ T63] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 718.962265][ T63] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 718.971490][ T63] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 718.980085][ T63] usb 6-1: config 0 descriptor?? [ 719.588096][T14164] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 719.596860][T14164] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 719.605615][ T36] audit: type=1400 audit(1770776512.958:31184): avc: denied { mounton } for pid=14163 comm="syz.5.5402" path="/syzcgroup/cpu/syz5/cgroup.procs" dev="cgroup" ino=577 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=file permissive=1 [ 721.542075][ T63] usbhid 6-1:0.0: can't add hid device: -71 [ 721.550829][ T63] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 721.562390][ T63] usb 6-1: USB disconnect, device number 41 [ 721.843786][T14198] fuse: Bad value for 'group_id' [ 721.848840][T14198] fuse: Bad value for 'group_id' [ 721.856709][ T63] usb 6-1: new full-speed USB device number 42 using dummy_hcd [ 721.986687][ T63] usb 6-1: device descriptor read/64, error -71 [ 722.226720][ T63] usb 6-1: device descriptor read/64, error -71 [ 722.466742][ T63] usb 6-1: new full-speed USB device number 43 using dummy_hcd [ 722.596691][ T63] usb 6-1: device descriptor read/64, error -71 [ 722.836719][ T63] usb 6-1: device descriptor read/64, error -71 [ 722.946823][ T63] usb usb6-port1: attempt power cycle [ 723.286693][ T63] usb 6-1: new full-speed USB device number 44 using dummy_hcd [ 723.307813][ T63] usb 6-1: device descriptor read/8, error -71 [ 723.437807][ T63] usb 6-1: device descriptor read/8, error -71 [ 723.676696][ T63] usb 6-1: new full-speed USB device number 45 using dummy_hcd [ 723.697880][ T63] usb 6-1: device descriptor read/8, error -71 [ 723.827909][ T63] usb 6-1: device descriptor read/8, error -71 [ 723.936850][ T63] usb usb6-port1: unable to enumerate USB device [ 724.919572][ T36] audit: type=1326 audit(1770776518.277:31185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14216 comm="syz.6.5420" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9a10b9bf79 code=0x0 [ 725.376683][ T484] usb 6-1: new high-speed USB device number 46 using dummy_hcd [ 725.526678][ T484] usb 6-1: Using ep0 maxpacket: 8 [ 725.533315][ T484] usb 6-1: unable to get BOS descriptor or descriptor too short [ 725.542063][ T484] usb 6-1: config 5 has an invalid interface number: 42 but max is 0 [ 725.550204][ T484] usb 6-1: config 5 has no interface number 0 [ 725.556296][ T484] usb 6-1: config 5 interface 42 has no altsetting 0 [ 725.564602][ T484] usb 6-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice=28.48 [ 725.573690][ T484] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 725.581735][ T484] usb 6-1: Product: syz [ 725.585930][ T484] usb 6-1: Manufacturer: syz [ 725.590577][ T484] usb 6-1: SerialNumber: syz [ 725.678028][ T36] audit: type=1326 audit(1770776519.037:31186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14202 comm="syz.0.5415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f309159bf79 code=0x7fc00000 [ 725.802880][ T484] usb 6-1: USB disconnect, device number 46 [ 726.183351][T14231] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5426'. [ 726.314082][T14236] input: syz1 as /devices/virtual/input/input66 [ 726.320413][T14236] input: failed to attach handler leds to device input66, error: -6 [ 726.867808][T14242] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5431'. [ 726.887404][T14244] FAULT_INJECTION: forcing a failure. [ 726.887404][T14244] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 726.900524][T14244] CPU: 1 UID: 0 PID: 14244 Comm: syz.5.5432 Not tainted syzkaller #0 eb3ac94483332de1dcdde2e475b5ff9bbded7b99 [ 726.900550][T14244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 726.900562][T14244] Call Trace: [ 726.900568][T14244] [ 726.900576][T14244] __dump_stack+0x21/0x30 [ 726.900601][T14244] dump_stack_lvl+0x140/0x1c0 [ 726.900622][T14244] ? __cfi_dump_stack_lvl+0x10/0x10 [ 726.900644][T14244] ? check_stack_object+0x12b/0x150 [ 726.900667][T14244] dump_stack+0x19/0x20 [ 726.900686][T14244] should_fail_ex+0x3d7/0x530 [ 726.900715][T14244] should_fail+0xf/0x20 [ 726.900731][T14244] should_fail_usercopy+0x1e/0x30 [ 726.900748][T14244] _copy_to_user+0x24/0xa0 [ 726.900769][T14244] simple_read_from_buffer+0xed/0x160 [ 726.900794][T14244] proc_fail_nth_read+0x1aa/0x220 [ 726.900811][T14244] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 726.900828][T14244] ? bpf_lsm_file_permission+0xd/0x20 [ 726.900843][T14244] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 726.900859][T14244] vfs_read+0x286/0xcb0 [ 726.900877][T14244] ? __cfi_vfs_read+0x10/0x10 [ 726.900896][T14244] ? __kasan_check_write+0x18/0x20 [ 726.900915][T14244] ? mutex_lock+0x97/0x1d0 [ 726.900931][T14244] ? __cfi_mutex_lock+0x10/0x10 [ 726.900947][T14244] ? __fget_files+0x2c5/0x340 [ 726.900970][T14244] ksys_read+0x145/0x260 [ 726.900989][T14244] ? __cfi_ksys_read+0x10/0x10 [ 726.901007][T14244] ? __cfi_mem_cgroup_handle_over_high+0x10/0x10 [ 726.901024][T14244] ? __kasan_check_read+0x15/0x20 [ 726.901044][T14244] __x64_sys_read+0x7f/0x90 [ 726.901063][T14244] x64_sys_call+0x2638/0x2ee0 [ 726.901085][T14244] do_syscall_64+0x57/0xf0 [ 726.901106][T14244] ? clear_bhb_loop+0x50/0xa0 [ 726.901129][T14244] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 726.901151][T14244] RIP: 0033:0x7f8b3335c84e [ 726.901164][T14244] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 726.901178][T14244] RSP: 002b:00007f8b341dafe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 726.901196][T14244] RAX: ffffffffffffffda RBX: 00007f8b341db6c0 RCX: 00007f8b3335c84e [ 726.901209][T14244] RDX: 000000000000000f RSI: 00007f8b341db0a0 RDI: 0000000000000005 [ 726.901220][T14244] RBP: 00007f8b341db090 R08: 0000000000000000 R09: 0000000000000000 [ 726.901237][T14244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 726.901248][T14244] R13: 00007f8b33616038 R14: 00007f8b33615fa0 R15: 00007ffc3ac48888 [ 726.901262][T14244] [ 727.456685][ T63] usb 6-1: new high-speed USB device number 47 using dummy_hcd [ 727.606685][ T63] usb 6-1: Using ep0 maxpacket: 32 [ 727.612897][ T63] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 727.623789][ T63] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 727.633565][ T63] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 727.642634][ T63] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 727.651257][ T63] usb 6-1: config 0 descriptor?? [ 727.657689][ T63] hub 6-1:0.0: USB hub found [ 727.857970][ T63] hub 6-1:0.0: 1 port detected [ 728.465611][ T63] hub 6-1:0.0: hub_ext_port_status failed (err = -71) [ 728.472485][ T484] usb 6-1: USB disconnect, device number 47 [ 729.226686][ T45] usb 6-1: new high-speed USB device number 48 using dummy_hcd [ 729.352104][T14272] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5444'. [ 729.377025][ T45] usb 6-1: too many configurations: 72, using maximum allowed: 8 [ 729.390066][T14280] fuse: Unknown parameter 'grou00000000000000000000' [ 729.394367][ T45] usb 6-1: New USB device found, idVendor=7de0, idProduct=676e, bcdDevice=77.db [ 729.410723][ T45] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 729.426840][ T45] usb 6-1: config 0 descriptor?? [ 729.474940][T14286] Invalid argument reading file caps for ./file0 [ 729.647857][ T63] usb 6-1: USB disconnect, device number 48 [ 729.681726][ T36] audit: type=1400 audit(1770776523.037:31187): avc: denied { accept } for pid=14294 comm="syz.4.5454" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 729.707561][T14305] fuse: Unknown parameter 'grou00000000000000000000' [ 729.729386][T14309] Invalid argument reading file caps for ./file0 [ 730.092123][T14318] netlink: 72 bytes leftover after parsing attributes in process `syz.6.5463'. [ 730.411668][T14329] fuse: Unknown parameter 'grou00000000000000000000' [ 731.186687][ T45] usb 6-1: new high-speed USB device number 49 using dummy_hcd [ 731.336680][ T45] usb 6-1: Using ep0 maxpacket: 16 [ 731.343799][ T45] usb 6-1: config 1 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 124, changing to 10 [ 731.355153][ T45] usb 6-1: config 1 interface 0 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 731.367979][ T45] usb 6-1: config 1 interface 0 has no altsetting 0 [ 731.375974][ T45] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.40 [ 731.385053][ T45] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 731.393067][ T45] usb 6-1: Product: 騺㕕⫫â¦ä¹„袺㊞é‚ⓚ섔䨗ã‘í¶å’‚⋅둪〢挲䱧꯯ï¾çƒë¦ªá’煮ᚽ쀱헎둹㊾৙ꌴå¶è«§î’´áµ“ïœéžá«›å®¤æ¯²â‘†ë¢ [ 731.408725][ T45] usb 6-1: Manufacturer: 鴶뎰䟖팳颪蜅ૃ寧粒ꨬ䪊穎ੋ컞䤟⸈ä¤á»‘踣⯻祂å¹èˆšá¾€é²‚闼ꦹᎢ홛떷⯤克æ»ï‘µèˆ±ï²‘㓢슎碹㤸êŸÑšï¾åº—ä¨ë ‰ç¨é”‡åš ï”⼭홎㧂㎙鿻ïƒÌ­å¦Ÿî¡–㩹ꆙæ”丳çƒæšž [ 731.430688][ T45] usb 6-1: SerialNumber: 海봄露㔙Ḯ澮襒娇ጬë¥è“勢ᰀ⿪憙湆励䂴Ḟî©á³£Í…饳ࡃ풿趰„痗φ莟躽Nﳮუâ­ï£ŠëŸ·ì½“ï½æ½¬ìµ…层쀀퀀Ԃ⹂亙錛パ [ 731.654896][ T45] usbhid 6-1:1.0: can't add hid device: -71 [ 731.660937][ T45] usbhid 6-1:1.0: probe with driver usbhid failed with error -71 [ 731.671237][ T45] usb 6-1: USB disconnect, device number 49 [ 732.185204][ T45] hid-generic 0003:0004:0000.005B: unknown main item tag 0x0 [ 732.192711][ T45] hid-generic 0003:0004:0000.005B: unknown main item tag 0x0 [ 732.200341][ T45] hid-generic 0003:0004:0000.005B: unknown main item tag 0x0 [ 732.211039][ T45] hid-generic 0003:0004:0000.005B: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 732.232198][T14340] fido_id[14340]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 732.506678][ T45] usb 6-1: new high-speed USB device number 50 using dummy_hcd [ 732.657837][ T45] usb 6-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.01 [ 732.667064][ T45] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 732.675625][ T45] usb 6-1: config 0 descriptor?? [ 732.681884][ T45] ums-jumpshot 6-1:0.0: USB Mass Storage device detected [ 732.689835][ T45] ums-jumpshot 6-1:0.0: Quirks match for vid 05dc pid 0001: 2 [ 732.886287][T11927] Bluetooth: hci0: Frame reassembly failed (-84) [ 733.318962][T14352] fuse: Unknown parameter 'group_i00000000000000000000' [ 733.763823][T14381] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=256 sclass=netlink_xfrm_socket pid=14381 comm=syz.4.5488 [ 734.926728][ T3275] Bluetooth: hci0: command 0x1003 tx timeout [ 734.926728][T10054] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 734.940828][ T45] usb 6-1: USB disconnect, device number 50 [ 736.130451][T11927] Bluetooth: hci0: Frame reassembly failed (-84) [ 736.166574][T14408] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 736.166599][T14408] rust_binder: Read failure Err(EFAULT) in pid:47 [ 736.175172][T14408] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:47 [ 737.025154][T14421] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5502'. [ 738.206706][ T3275] Bluetooth: hci0: command 0x1003 tx timeout [ 738.206706][T10054] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 739.266682][ T63] usb 6-1: new high-speed USB device number 51 using dummy_hcd [ 739.416670][ T63] usb 6-1: Using ep0 maxpacket: 32 [ 739.422975][ T63] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 739.433946][ T63] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 739.443729][ T63] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 739.452825][ T63] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 739.461432][ T63] usb 6-1: config 0 descriptor?? [ 739.468288][ T63] hub 6-1:0.0: USB hub found [ 739.669928][ T63] hub 6-1:0.0: config failed, can't read hub descriptor (err -22) [ 739.880535][ T63] usbhid 6-1:0.0: can't add hid device: -71 [ 739.886510][ T63] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 739.907035][ T63] usb 6-1: USB disconnect, device number 51 [ 740.431115][T14456] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=256 sclass=netlink_xfrm_socket pid=14456 comm=syz.0.5517 [ 740.670395][T14467] kvm: user requested TSC rate below hardware speed [ 741.478455][T14482] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=256 sclass=netlink_xfrm_socket pid=14482 comm=syz.5.5528 [ 741.625382][ T36] audit: type=1400 audit(1770776534.977:31188): avc: denied { watch watch_reads } for pid=14487 comm="syz.5.5530" path="pipe:[147382]" dev="pipefs" ino=147382 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 742.016681][ T45] usb 6-1: new high-speed USB device number 52 using dummy_hcd [ 742.146689][ T45] usb 6-1: device descriptor read/64, error -71 [ 742.386706][ T45] usb 6-1: device descriptor read/64, error -71 [ 742.485481][T14497] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5533'. [ 742.549295][T14499] tc_dump_action: action bad kind [ 742.626752][ T45] usb 6-1: new high-speed USB device number 53 using dummy_hcd [ 742.648476][T11927] Bluetooth: hci0: Frame reassembly failed (-84) [ 742.756722][ T45] usb 6-1: device descriptor read/64, error -71 [ 742.996700][ T45] usb 6-1: device descriptor read/64, error -71 [ 743.106791][ T45] usb usb6-port1: attempt power cycle [ 743.446712][ T45] usb 6-1: new high-speed USB device number 54 using dummy_hcd [ 743.467664][ T45] usb 6-1: device descriptor read/8, error -71 [ 743.597920][ T45] usb 6-1: device descriptor read/8, error -71 [ 743.836727][ T45] usb 6-1: new high-speed USB device number 55 using dummy_hcd [ 743.858134][ T45] usb 6-1: device descriptor read/8, error -71 [ 743.872539][T14508] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=256 sclass=netlink_xfrm_socket pid=14508 comm=syz.0.5538 [ 743.947830][T14512] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5539'. [ 743.988308][ T45] usb 6-1: device descriptor read/8, error -71 [ 744.096756][ T45] usb usb6-port1: unable to enumerate USB device [ 744.686720][ T3275] Bluetooth: hci0: command 0x1003 tx timeout [ 744.687025][T10054] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 744.986707][ T63] usb 6-1: new high-speed USB device number 56 using dummy_hcd [ 745.138012][ T63] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 745.148979][ T63] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 745.159487][ T63] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 745.168618][ T63] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 745.176601][ T63] usb 6-1: Manufacturer: syz [ 745.181849][ T63] usb 6-1: config 0 descriptor?? [ 745.989304][ T63] uclogic 0003:256C:006D.005C: failed retrieving string descriptor #200: -71 [ 745.998273][ T63] uclogic 0003:256C:006D.005C: failed retrieving pen parameters: -71 [ 746.006358][ T63] uclogic 0003:256C:006D.005C: failed probing pen v2 parameters: -71 [ 746.014538][ T63] uclogic 0003:256C:006D.005C: failed probing parameters: -71 [ 746.022101][ T63] uclogic 0003:256C:006D.005C: probe with driver uclogic failed with error -71 [ 746.032249][ T63] usb 6-1: USB disconnect, device number 56 [ 747.953371][T14560] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5561'. [ 747.978031][T14562] veth0_virt_wifi: entered allmulticast mode [ 748.086787][T14562] veth0_virt_wifi: left allmulticast mode [ 748.197138][T14579] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=256 sclass=netlink_xfrm_socket pid=14579 comm=syz.4.5569 [ 748.299969][T14583] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 748.308773][T14583] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 748.631631][T14596] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 748.665382][T14602] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 748.665405][T14602] rust_binder: Read failure Err(EFAULT) in pid:564 [ 748.936722][ T45] usb 6-1: new full-speed USB device number 57 using dummy_hcd [ 749.097835][ T45] usb 6-1: config 0 interface 0 has no altsetting 0 [ 749.104591][ T45] usb 6-1: New USB device found, idVendor=054c, idProduct=09cc, bcdDevice= 0.00 [ 749.113681][ T45] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 749.122373][ T45] usb 6-1: config 0 descriptor?? [ 749.535254][ T45] playstation 0003:054C:09CC.005D: hidraw0: USB HID v0.00 Device [HID 054c:09cc] on usb-dummy_hcd.5-1/input0 [ 749.607235][ T45] playstation 0003:054C:09CC.005D: Failed to retrieve feature with reportID 18: -32 [ 749.616743][ T45] playstation 0003:054C:09CC.005D: Failed to retrieve DualShock4 pairing info: -32 [ 749.626081][ T45] playstation 0003:054C:09CC.005D: Failed to get MAC address from DualShock4 [ 749.634930][ T45] playstation 0003:054C:09CC.005D: Failed to create dualshock4. [ 749.643292][ T45] playstation 0003:054C:09CC.005D: probe with driver playstation failed with error -32 [ 750.154919][T14617] syz.0.5584: attempt to access beyond end of device [ 750.154919][T14617] loop0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 750.167939][T14617] exFAT-fs (loop0): unable to read boot sector [ 750.174111][T14617] exFAT-fs (loop0): failed to read boot sector [ 750.180346][T14617] exFAT-fs (loop0): failed to recognize exfat type [ 750.440259][ T36] audit: type=1400 audit(1770776543.797:31189): avc: denied { getopt } for pid=14643 comm="syz.0.5594" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 751.159096][T14654] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 751.159137][T14654] rust_binder: Read failure Err(EFAULT) in pid:100 [ 751.178766][ T45] hid-generic 0000:0000:0000.005E: unknown main item tag 0x0 [ 751.195046][ T45] hid-generic 0000:0000:0000.005E: hidraw0: HID v0.00 Device [syz1] on syz0 [ 751.312606][T14664] fuse: Unknown parameter 'user_id00000000000000000000' [ 751.402363][ T36] audit: type=1400 audit(1770776544.757:31190): avc: denied { create } for pid=14679 comm="syz.0.5610" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 751.502167][T14686] fuse: Unknown parameter 'user_id00000000000000000000' [ 751.570500][ T36] audit: type=1400 audit(1770776544.927:31191): avc: denied { shutdown } for pid=14687 comm="syz.0.5613" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 751.733971][T14698] FAULT_INJECTION: forcing a failure. [ 751.733971][T14698] name failslab, interval 1, probability 0, space 0, times 0 [ 751.746685][T14698] CPU: 1 UID: 0 PID: 14698 Comm: syz.0.5617 Not tainted syzkaller #0 eb3ac94483332de1dcdde2e475b5ff9bbded7b99 [ 751.746713][T14698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 751.746726][T14698] Call Trace: [ 751.746733][T14698] [ 751.746741][T14698] __dump_stack+0x21/0x30 [ 751.746770][T14698] dump_stack_lvl+0x140/0x1c0 [ 751.746793][T14698] ? __cfi_dump_stack_lvl+0x10/0x10 [ 751.746817][T14698] ? __cfi_avc_has_perm+0x10/0x10 [ 751.746840][T14698] ? kasan_save_alloc_info+0x40/0x50 [ 751.746861][T14698] dump_stack+0x19/0x20 [ 751.746882][T14698] should_fail_ex+0x3d7/0x530 [ 751.746902][T14698] should_failslab+0xac/0x100 [ 751.746928][T14698] __kmalloc_cache_noprof+0x41/0x470 [ 751.746952][T14698] ? vhost_task_create+0x12c/0x400 [ 751.746980][T14698] ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 751.747011][T14698] vhost_task_create+0x12c/0x400 [ 751.747038][T14698] ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 751.747069][T14698] ? __cfi_vhost_task_create+0x10/0x10 [ 751.747097][T14698] ? __cfi_vhost_task_fn+0x10/0x10 [ 751.747124][T14698] ? __kasan_check_write+0x18/0x20 [ 751.747146][T14698] ? mutex_lock+0x97/0x1d0 [ 751.747166][T14698] ? __cfi_mutex_lock+0x10/0x10 [ 751.747185][T14698] ? kernel_text_address+0xa9/0xe0 [ 751.747208][T14698] kvm_mmu_post_init_vm+0x161/0x300 [ 751.747231][T14698] kvm_arch_vcpu_ioctl_run+0xf3/0x1bd0 [ 751.747256][T14698] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 751.747277][T14698] ? kstrtoull+0x13b/0x1e0 [ 751.747300][T14698] ? kstrtouint+0x78/0xf0 [ 751.747317][T14698] ? ioctl_has_perm+0x1bc/0x500 [ 751.747336][T14698] ? __asan_memcpy+0x5a/0x80 [ 751.747358][T14698] ? ioctl_has_perm+0x408/0x500 [ 751.747378][T14698] ? has_cap_mac_admin+0xd0/0xd0 [ 751.747398][T14698] ? __kasan_check_write+0x18/0x20 [ 751.747421][T14698] ? mutex_lock_killable+0x97/0x1d0 [ 751.747442][T14698] ? __cfi_mutex_lock_killable+0x10/0x10 [ 751.747451][ T63] usb 6-1: USB disconnect, device number 57 [ 751.747462][T14698] ? proc_fail_nth_write+0x184/0x220 [ 751.747484][T14698] kvm_vcpu_ioctl+0xa48/0x1000 [ 751.747586][T14698] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 751.747664][T14698] ? __cfi_vfs_write+0x10/0x10 [ 751.747725][T14698] ? __kasan_check_write+0x18/0x20 [ 751.747785][T14698] ? mutex_unlock+0x90/0x240 [ 751.747839][T14698] ? __cfi_mutex_unlock+0x10/0x10 [ 751.747887][T14698] ? __fget_files+0x2c5/0x340 [ 751.747959][T14698] ? __fget_files+0x2c5/0x340 [ 751.748022][T14698] ? bpf_lsm_file_ioctl+0xd/0x20 [ 751.748072][T14698] ? security_file_ioctl+0x3e/0x110 [ 751.748105][T14698] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 751.748163][T14698] __se_sys_ioctl+0x135/0x1b0 [ 751.748233][T14698] __x64_sys_ioctl+0x7f/0xa0 [ 751.748303][T14698] x64_sys_call+0x1878/0x2ee0 [ 751.748375][T14698] do_syscall_64+0x57/0xf0 [ 751.748441][T14698] ? clear_bhb_loop+0x50/0xa0 [ 751.748505][T14698] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 751.748581][T14698] RIP: 0033:0x7f309159bf79 [ 751.748619][T14698] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 751.748670][T14698] RSP: 002b:00007f30923c4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 751.748726][T14698] RAX: ffffffffffffffda RBX: 00007f3091815fa0 RCX: 00007f309159bf79 [ 751.748765][T14698] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 751.748799][T14698] RBP: 00007f30923c4090 R08: 0000000000000000 R09: 0000000000000000 [ 751.748829][T14698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 751.748858][T14698] R13: 00007f3091816038 R14: 00007f3091815fa0 R15: 00007ffef63e8308 [ 751.748903][T14698] [ 751.824183][T14700] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 751.880478][T14701] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 751.884875][T14700] rust_binder: Read failure Err(EFAULT) in pid:572 [ 751.891193][T14701] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:572 [ 752.456734][ T63] usb 6-1: new full-speed USB device number 58 using dummy_hcd [ 752.617877][ T63] usb 6-1: config 135 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 752.629003][ T63] usb 6-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 752.638075][ T63] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 752.647052][T14703] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 752.909524][ T63] usb 6-1: string descriptor 0 read error: -71 [ 752.917536][ T63] usbhid 6-1:135.0: can't add hid device: -71 [ 752.923651][ T63] usbhid 6-1:135.0: probe with driver usbhid failed with error -71 [ 752.932664][ T63] usb 6-1: USB disconnect, device number 58 [ 753.298366][T14708] fuse: Unknown parameter 'user_id00000000000000000000' [ 753.463321][T14719] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=12 (96 ns) > initial count (16 ns). Using initial count to start timer. [ 753.613080][T14728] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 753.613104][T14728] rust_binder: Read failure Err(EFAULT) in pid:586 [ 753.621470][T14728] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 753.628877][T14728] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:586 [ 753.743764][T14735] loop5: detected capacity change from 0 to 7 [ 753.960461][T14739] fuse: Bad value for 'fd' [ 754.206796][ T484] usb 6-1: new high-speed USB device number 59 using dummy_hcd [ 754.356681][ T484] usb 6-1: Using ep0 maxpacket: 16 [ 754.362838][ T484] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 754.373748][ T484] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 754.383540][ T484] usb 6-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00 [ 754.392609][ T484] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 754.401211][ T484] usb 6-1: config 0 descriptor?? [ 754.608615][T14741] syzkaller1: entered promiscuous mode [ 754.614160][T14741] syzkaller1: entered allmulticast mode [ 754.821911][ T484] wacom 0003:056A:00F8.005F: unknown main item tag 0x2 [ 754.829704][ T484] wacom 0003:056A:00F8.005F: hidraw0: USB HID v0.00 Device [HID 056a:00f8] on usb-dummy_hcd.5-1/input0 [ 755.117577][T14751] netlink: 196 bytes leftover after parsing attributes in process `syz.6.5636'. [ 755.139528][T14753] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 755.139551][T14753] rust_binder: Read failure Err(EFAULT) in pid:128 [ 755.175203][T14757] syzkaller0: entered promiscuous mode [ 755.187449][T14757] syzkaller0: entered allmulticast mode [ 755.193286][T14759] fuse: Bad value for 'fd' [ 755.372368][T14767] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 755.381000][T14767] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 755.427768][ T45] usb 6-1: USB disconnect, device number 59 [ 755.444856][T14771] netlink: 7 bytes leftover after parsing attributes in process `syz.5.5644'. [ 755.767297][T14777] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 755.767333][T14777] rust_binder: Read failure Err(EFAULT) in pid:136 [ 755.800928][T14781] fuse: Bad value for 'fd' [ 755.846669][ T45] usb 6-1: new high-speed USB device number 60 using dummy_hcd [ 755.997969][ T45] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 756.008946][ T45] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 756.018009][ T45] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 756.026603][ T45] usb 6-1: config 0 descriptor?? [ 756.433448][ T45] keytouch 0003:0926:3333.0060: fixing up Keytouch IEC report descriptor [ 756.443157][ T45] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0060/input/input70 [ 756.510265][ T45] keytouch 0003:0926:3333.0060: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0 [ 756.634966][T14775] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 756.644958][T14775] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 756.856315][T14775] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 756.864967][T14775] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 756.878859][ T63] usb 6-1: USB disconnect, device number 60 [ 756.908534][T14800] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 756.908575][T14800] rust_binder: Read failure Err(EFAULT) in pid:615 [ 756.965746][T14808] random: crng reseeded on system resumption [ 757.296694][ T63] usb 6-1: new high-speed USB device number 61 using dummy_hcd [ 757.426674][ T63] usb 6-1: device descriptor read/64, error -71 [ 757.666693][ T63] usb 6-1: device descriptor read/64, error -71 [ 757.906695][ T63] usb 6-1: new high-speed USB device number 62 using dummy_hcd [ 758.036696][ T63] usb 6-1: device descriptor read/64, error -71 [ 758.276718][ T63] usb 6-1: device descriptor read/64, error -71 [ 758.366317][T14818] fuse: Unknown parameter '0x0000000000000003' [ 758.382157][T14820] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=256 sclass=netlink_xfrm_socket pid=14820 comm=syz.0.5666 [ 758.386933][ T63] usb usb6-port1: attempt power cycle [ 758.736672][ T63] usb 6-1: new high-speed USB device number 63 using dummy_hcd [ 758.757649][ T63] usb 6-1: device descriptor read/8, error -71 [ 758.887791][ T63] usb 6-1: device descriptor read/8, error -71 [ 759.126714][ T63] usb 6-1: new high-speed USB device number 64 using dummy_hcd [ 759.147799][ T63] usb 6-1: device descriptor read/8, error -71 [ 759.277800][ T63] usb 6-1: device descriptor read/8, error -71 [ 759.386828][ T63] usb usb6-port1: unable to enumerate USB device [ 759.662882][T14837] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14837 comm=syz.4.5673 [ 759.736540][T14842] tipc: Enabling of bearer rejected, already enabled [ 759.754190][T14844] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=256 sclass=netlink_xfrm_socket pid=14844 comm=syz.4.5676 [ 759.858406][T14848] fuse: Unknown parameter '0x0000000000000003' [ 760.174446][T14861] netlink: 'syz.5.5683': attribute type 16 has an invalid length. [ 760.347211][T14866] tipc: Enabled bearer , priority 2 [ 760.431453][T14869] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=256 sclass=netlink_xfrm_socket pid=14869 comm=syz.5.5686 [ 760.510049][T14873] fuse: Unknown parameter '0x0000000000000003' [ 760.527480][T14875] netlink: 'syz.5.5688': attribute type 2 has an invalid length. [ 760.766736][ T63] usb 6-1: new high-speed USB device number 65 using dummy_hcd [ 760.917887][ T63] usb 6-1: config 0 has an invalid descriptor of length 128, skipping remainder of the config [ 760.928247][ T63] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 760.938831][ T63] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 760.947920][ T63] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 760.955922][ T63] usb 6-1: Product: syz [ 760.960121][ T63] usb 6-1: Manufacturer: syz [ 760.964728][ T63] usb 6-1: SerialNumber: syz [ 760.970166][ T63] usb 6-1: config 0 descriptor?? [ 761.175978][ T63] usb 6-1: USB disconnect, device number 65 [ 762.075715][T14894] fuse: Bad value for 'group_id' [ 762.080833][T14894] fuse: Bad value for 'group_id' [ 762.238843][T14897] Invalid argument reading file caps for ./file0 [ 762.263785][T14899] fuse: Unknown parameter '0x0000000000000003' [ 763.489332][T14921] fuse: Unknown parameter 'fd0x0000000000000003' [ 763.776745][ T45] usb 6-1: new high-speed USB device number 66 using dummy_hcd [ 763.926669][ T45] usb 6-1: Using ep0 maxpacket: 8 [ 763.932917][ T45] usb 6-1: config 0 has an invalid interface number: 151 but max is 1 [ 763.941187][ T45] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 763.951321][ T45] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 763.960226][ T45] usb 6-1: config 0 has no interface number 0 [ 763.966333][ T45] usb 6-1: config 0 interface 151 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 763.977243][ T45] usb 6-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83 [ 763.988966][ T45] usb 6-1: config 0 interface 151 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 210 [ 763.999068][ T45] usb 6-1: config 0 interface 151 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 764.013480][ T45] usb 6-1: New USB device found, idVendor=0499, idProduct=500a, bcdDevice=e7.b7 [ 764.022597][ T45] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 764.030615][ T45] usb 6-1: Product: syz [ 764.034765][ T45] usb 6-1: Manufacturer: syz [ 764.039387][ T45] usb 6-1: SerialNumber: syz [ 764.044589][ T45] usb 6-1: config 0 descriptor?? [ 764.049893][T14930] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22 [ 764.313405][ T45] usb 6-1: USB disconnect, device number 66 [ 764.323836][T13717] udevd[13717]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.151/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 765.296751][ T10] usb 6-1: new high-speed USB device number 67 using dummy_hcd [ 765.328591][T14945] fuse: Unknown parameter 'fd0x0000000000000003' [ 765.399529][ T45] kernel read not supported for file /178/net/igmp (pid: 45 comm: kworker/1:1) [ 765.447682][ T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 765.457902][ T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 765.467509][ T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 765.477774][ T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 765.487530][ T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 765.497700][ T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 765.507332][ T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 765.517941][ T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 765.527770][ T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 765.538605][ T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 765.547740][ T10] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0000, bcdDevice= 0.00 [ 765.557073][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 765.582421][T14953] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 765.690225][ T36] audit: type=1400 audit(1770776559.047:31192): avc: denied { connect } for pid=14958 comm="syz.0.5719" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 765.771052][ T10] usb 6-1: string descriptor 0 read error: -71 [ 765.778939][ T10] usb 6-1: USB disconnect, device number 67 [ 765.861136][T14968] netlink: 'syz.6.5723': attribute type 15 has an invalid length. [ 765.869183][T14968] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5723'. [ 765.878375][T14968] netlink: 'syz.6.5723': attribute type 1 has an invalid length. [ 765.886114][T14968] netlink: 'syz.6.5723': attribute type 2 has an invalid length. [ 765.919232][T14973] fuse: Unknown parameter 'fd0x0000000000000003' [ 766.866672][ T10] usb 6-1: new high-speed USB device number 68 using dummy_hcd [ 766.996674][ T10] usb 6-1: device descriptor read/64, error -71 [ 767.236724][ T10] usb 6-1: device descriptor read/64, error -71 [ 767.476680][ T10] usb 6-1: new high-speed USB device number 69 using dummy_hcd [ 767.606757][ T10] usb 6-1: device descriptor read/64, error -71 [ 767.846682][ T10] usb 6-1: device descriptor read/64, error -71 [ 767.956771][ T10] usb usb6-port1: attempt power cycle [ 768.296693][ T10] usb 6-1: new high-speed USB device number 70 using dummy_hcd [ 768.317783][ T10] usb 6-1: device descriptor read/8, error -71 [ 768.447858][ T10] usb 6-1: device descriptor read/8, error -71 [ 768.686764][ T10] usb 6-1: new high-speed USB device number 71 using dummy_hcd [ 768.707935][ T10] usb 6-1: device descriptor read/8, error -71 [ 768.837809][ T10] usb 6-1: device descriptor read/8, error -71 [ 768.949111][ T10] usb usb6-port1: unable to enumerate USB device [ 768.963197][T11915] Bluetooth: hci0: Frame reassembly failed (-90) [ 768.969740][T15003] Bluetooth: hci0: Frame reassembly failed (-84) [ 769.103253][T15008] input: syz0 as /devices/virtual/input/input72 [ 769.130107][T15011] pim6reg1: entered promiscuous mode [ 769.135539][T15011] pim6reg1: entered allmulticast mode [ 769.659415][ T36] audit: type=1400 audit(1770776563.017:31193): avc: denied { read } for pid=15033 comm="syz.5.5749" name="file0" dev="tmpfs" ino=1473 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 769.682194][ T36] audit: type=1400 audit(1770776563.017:31194): avc: denied { open } for pid=15033 comm="syz.5.5749" path="/272/file0" dev="tmpfs" ino=1473 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 770.186703][ T7439] usb 6-1: new high-speed USB device number 72 using dummy_hcd [ 770.316690][ T7439] usb 6-1: device descriptor read/64, error -71 [ 770.556670][ T7439] usb 6-1: device descriptor read/64, error -71 [ 770.796662][ T7439] usb 6-1: new high-speed USB device number 73 using dummy_hcd [ 770.835056][T15059] SELinux: policydb magic number 0x20 does not match expected magic number 0xf97cff8c [ 770.844774][T15059] SELinux: failed to load policy [ 770.926692][ T7439] usb 6-1: device descriptor read/64, error -71 [ 771.006666][T10054] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 771.006667][ T3275] Bluetooth: hci0: command 0x1003 tx timeout [ 771.166685][ T7439] usb 6-1: device descriptor read/64, error -71 [ 771.276789][ T7439] usb usb6-port1: attempt power cycle [ 771.616661][ T7439] usb 6-1: new high-speed USB device number 74 using dummy_hcd [ 771.637693][ T7439] usb 6-1: device descriptor read/8, error -71 [ 771.767783][ T7439] usb 6-1: device descriptor read/8, error -71 [ 772.006684][ T7439] usb 6-1: new high-speed USB device number 75 using dummy_hcd [ 772.027785][ T7439] usb 6-1: device descriptor read/8, error -71 [ 772.158086][ T7439] usb 6-1: device descriptor read/8, error -71 [ 772.266754][ T7439] usb usb6-port1: unable to enumerate USB device [ 772.290162][ T36] audit: type=1400 audit(1770776565.647:31195): avc: denied { accept } for pid=15068 comm="syz.4.5762" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1 [ 773.123474][T15075] random: crng reseeded on system resumption [ 773.506679][ T7439] usb 6-1: new high-speed USB device number 76 using dummy_hcd [ 773.657772][ T7439] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 773.668908][ T7439] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 773.678713][ T7439] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 773.691564][ T7439] usb 6-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 773.700623][ T7439] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 773.709319][ T7439] usb 6-1: config 0 descriptor?? [ 773.915447][T15087] veth0_to_team: mtu greater than device maximum [ 774.123357][ T7439] steelseries 0003:1038:1410.0061: unknown main item tag 0x0 [ 774.131382][ T7439] steelseries 0003:1038:1410.0061: unknown main item tag 0x0 [ 774.138835][ T7439] steelseries 0003:1038:1410.0061: unknown main item tag 0x0 [ 774.146266][ T7439] steelseries 0003:1038:1410.0061: unknown main item tag 0x0 [ 774.153750][ T7439] steelseries 0003:1038:1410.0061: unknown main item tag 0x0 [ 774.161222][ T7439] steelseries 0003:1038:1410.0061: unknown main item tag 0x0 [ 774.168656][ T7439] steelseries 0003:1038:1410.0061: unknown main item tag 0x0 [ 774.176260][ T7439] steelseries 0003:1038:1410.0061: missing HID_OUTPUT_REPORT 0 [ 774.331796][T15121] veth0_to_team: mtu greater than device maximum [ 774.334724][T15087] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 774.346910][T15087] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 774.359933][ T63] usb 6-1: USB disconnect, device number 76 [ 774.547126][T15138] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5787'. [ 774.696727][ T63] usb 6-1: new full-speed USB device number 77 using dummy_hcd [ 774.756562][ T36] audit: type=1326 audit(1770776568.107:31196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15143 comm="syz.0.5790" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f309159bf79 code=0x0 [ 774.869311][ T63] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 774.878448][ T63] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 774.886437][ T63] usb 6-1: Product: syz [ 774.890653][ T63] usb 6-1: Manufacturer: syz [ 774.895252][ T63] usb 6-1: SerialNumber: syz [ 774.901956][ T63] r8152-cfgselector 6-1: Unknown version 0x0000 [ 774.908299][ T63] r8152-cfgselector 6-1: config 0 descriptor?? [ 775.116955][ T63] r8152-cfgselector 6-1: Needed 1 retries to read version [ 775.318575][T15127] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 775.327178][T15127] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 775.335663][ T63] r8152-cfgselector 6-1: USB disconnect, device number 77 [ 775.854915][ T36] audit: type=1400 audit(1770776569.207:31197): avc: denied { write } for pid=15169 comm="syz.5.5793" name="urandom" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1 [ 776.136694][ T7439] usb 6-1: new high-speed USB device number 78 using dummy_hcd [ 776.287736][ T7439] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 776.297892][ T7439] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 776.307485][ T7439] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 776.316510][ T7439] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 776.324639][ T7439] usb 6-1: SerialNumber: syz [ 776.535128][ T7439] usb 6-1: 0:2 : does not exist [ 776.541786][ T7439] usb 6-1: USB disconnect, device number 78 [ 776.551253][ T334] udevd[334]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 777.169045][T15178] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3513840322 (28110722576 ns) > initial count (11673207144 ns). Using initial count to start timer. [ 777.308858][T15184] FAULT_INJECTION: forcing a failure. [ 777.308858][T15184] name failslab, interval 1, probability 0, space 0, times 0 [ 777.321590][T15184] CPU: 0 UID: 0 PID: 15184 Comm: syz.6.5800 Not tainted syzkaller #0 eb3ac94483332de1dcdde2e475b5ff9bbded7b99 [ 777.321620][T15184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 777.321632][T15184] Call Trace: [ 777.321639][T15184] [ 777.321648][T15184] __dump_stack+0x21/0x30 [ 777.321680][T15184] dump_stack_lvl+0x140/0x1c0 [ 777.321698][T15184] ? __cfi_dump_stack_lvl+0x10/0x10 [ 777.321716][T15184] dump_stack+0x19/0x20 [ 777.321731][T15184] should_fail_ex+0x3d7/0x530 [ 777.321746][T15184] should_failslab+0xac/0x100 [ 777.321766][T15184] __kmalloc_cache_node_noprof+0x46/0x430 [ 777.321784][T15184] ? __get_vm_area_node+0x14d/0x3d0 [ 777.321798][T15184] __get_vm_area_node+0x14d/0x3d0 [ 777.321812][T15184] __vmalloc_node_range_noprof+0x30e/0x1480 [ 777.321827][T15184] ? fpu_alloc_guest_fpstate+0x41/0x490 [ 777.321841][T15184] ? kasan_save_track+0x3e/0x80 [ 777.321858][T15184] ? kvm_vm_ioctl_create_vcpu+0x3a3/0xa90 [ 777.321876][T15184] ? kvm_vm_ioctl+0x7c8/0xc60 [ 777.321892][T15184] ? x64_sys_call+0x1878/0x2ee0 [ 777.321910][T15184] ? do_syscall_64+0x57/0xf0 [ 777.321931][T15184] ? __cfi___vmalloc_node_range_noprof+0x10/0x10 [ 777.321948][T15184] ? fpu_alloc_guest_fpstate+0x41/0x490 [ 777.321960][T15184] vzalloc_noprof+0x103/0x1d0 [ 777.321975][T15184] ? fpu_alloc_guest_fpstate+0x41/0x490 [ 777.321987][T15184] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 777.322002][T15184] ? __cfi_vzalloc_noprof+0x10/0x10 [ 777.322016][T15184] ? kasan_save_alloc_info+0x40/0x50 [ 777.322030][T15184] ? __kasan_slab_alloc+0x73/0x90 [ 777.322049][T15184] fpu_alloc_guest_fpstate+0x41/0x490 [ 777.322062][T15184] kvm_arch_vcpu_create+0x436/0xab0 [ 777.322086][T15184] kvm_vm_ioctl_create_vcpu+0x3a3/0xa90 [ 777.322104][T15184] ? _parse_integer+0x2e/0x40 [ 777.322117][T15184] kvm_vm_ioctl+0x7c8/0xc60 [ 777.322134][T15184] ? __cfi_kvm_vm_ioctl+0x10/0x10 [ 777.322150][T15184] ? ioctl_has_perm+0x1bc/0x500 [ 777.322165][T15184] ? __asan_memcpy+0x5a/0x80 [ 777.322181][T15184] ? ioctl_has_perm+0x408/0x500 [ 777.322194][T15184] ? has_cap_mac_admin+0xd0/0xd0 [ 777.322209][T15184] ? proc_fail_nth_write+0x184/0x220 [ 777.322222][T15184] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 777.322237][T15184] ? selinux_file_ioctl+0x732/0x1480 [ 777.322250][T15184] ? vfs_write+0x9a4/0xf90 [ 777.322267][T15184] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 777.322281][T15184] ? __cfi_vfs_write+0x10/0x10 [ 777.322297][T15184] ? __kasan_check_write+0x18/0x20 [ 777.322312][T15184] ? mutex_unlock+0x90/0x240 [ 777.322326][T15184] ? __cfi_mutex_unlock+0x10/0x10 [ 777.322340][T15184] ? __fget_files+0x2c5/0x340 [ 777.322360][T15184] ? __fget_files+0x2c5/0x340 [ 777.322378][T15184] ? bpf_lsm_file_ioctl+0xd/0x20 [ 777.322391][T15184] ? security_file_ioctl+0x3e/0x110 [ 777.322404][T15184] ? __cfi_kvm_vm_ioctl+0x10/0x10 [ 777.322420][T15184] __se_sys_ioctl+0x135/0x1b0 [ 777.322440][T15184] __x64_sys_ioctl+0x7f/0xa0 [ 777.322458][T15184] x64_sys_call+0x1878/0x2ee0 [ 777.322476][T15184] do_syscall_64+0x57/0xf0 [ 777.322495][T15184] ? clear_bhb_loop+0x50/0xa0 [ 777.322515][T15184] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 777.322533][T15184] RIP: 0033:0x7f9a10b9bf79 [ 777.322545][T15184] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 777.322557][T15184] RSP: 002b:00007f9a119cb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 777.322573][T15184] RAX: ffffffffffffffda RBX: 00007f9a10e15fa0 RCX: 00007f9a10b9bf79 [ 777.322584][T15184] RDX: 0000000000000002 RSI: 000000000000ae41 RDI: 0000000000000004 [ 777.322592][T15184] RBP: 00007f9a119cb090 R08: 0000000000000000 R09: 0000000000000000 [ 777.322601][T15184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 777.322610][T15184] R13: 00007f9a10e16038 R14: 00007f9a10e15fa0 R15: 00007ffc66cdcbd8 [ 777.322622][T15184] [ 777.322628][T15184] syz.6.5800: vmalloc error: size 896, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz6,mems_allowed=0 [ 777.713616][T15184] CPU: 1 UID: 0 PID: 15184 Comm: syz.6.5800 Not tainted syzkaller #0 eb3ac94483332de1dcdde2e475b5ff9bbded7b99 [ 777.713644][T15184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 777.713656][T15184] Call Trace: [ 777.713662][T15184] [ 777.713669][T15184] __dump_stack+0x21/0x30 [ 777.713695][T15184] dump_stack_lvl+0x140/0x1c0 [ 777.713716][T15184] ? __cfi_dump_stack_lvl+0x10/0x10 [ 777.713739][T15184] ? _raw_spin_unlock_irqrestore+0x4a/0x70 [ 777.713767][T15184] dump_stack+0x19/0x20 [ 777.713797][T15184] warn_alloc+0x1e7/0x2c0 [ 777.713816][T15184] ? __kasan_kmalloc+0x28/0xb0 [ 777.713845][T15184] ? __cfi_warn_alloc+0x10/0x10 [ 777.713866][T15184] ? __get_vm_area_node+0x3bd/0x3d0 [ 777.713886][T15184] __vmalloc_node_range_noprof+0x333/0x1480 [ 777.713906][T15184] ? kasan_save_track+0x3e/0x80 [ 777.713928][T15184] ? kvm_vm_ioctl_create_vcpu+0x3a3/0xa90 [ 777.713951][T15184] ? kvm_vm_ioctl+0x7c8/0xc60 [ 777.713973][T15184] ? x64_sys_call+0x1878/0x2ee0 [ 777.713997][T15184] ? do_syscall_64+0x57/0xf0 [ 777.714027][T15184] ? __cfi___vmalloc_node_range_noprof+0x10/0x10 [ 777.714050][T15184] ? fpu_alloc_guest_fpstate+0x41/0x490 [ 777.714069][T15184] vzalloc_noprof+0x103/0x1d0 [ 777.714090][T15184] ? fpu_alloc_guest_fpstate+0x41/0x490 [ 777.714108][T15184] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 777.714128][T15184] ? __cfi_vzalloc_noprof+0x10/0x10 [ 777.714149][T15184] ? kasan_save_alloc_info+0x40/0x50 [ 777.714181][T15184] ? __kasan_slab_alloc+0x73/0x90 [ 777.714206][T15184] fpu_alloc_guest_fpstate+0x41/0x490 [ 777.714226][T15184] kvm_arch_vcpu_create+0x436/0xab0 [ 777.714252][T15184] kvm_vm_ioctl_create_vcpu+0x3a3/0xa90 [ 777.714277][T15184] ? _parse_integer+0x2e/0x40 [ 777.714296][T15184] kvm_vm_ioctl+0x7c8/0xc60 [ 777.714321][T15184] ? __cfi_kvm_vm_ioctl+0x10/0x10 [ 777.714345][T15184] ? ioctl_has_perm+0x1bc/0x500 [ 777.714364][T15184] ? __asan_memcpy+0x5a/0x80 [ 777.714386][T15184] ? ioctl_has_perm+0x408/0x500 [ 777.714405][T15184] ? has_cap_mac_admin+0xd0/0xd0 [ 777.714426][T15184] ? proc_fail_nth_write+0x184/0x220 [ 777.714446][T15184] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 777.714465][T15184] ? selinux_file_ioctl+0x732/0x1480 [ 777.714484][T15184] ? vfs_write+0x9a4/0xf90 [ 777.714524][T15184] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 777.714546][T15184] ? __cfi_vfs_write+0x10/0x10 [ 777.714568][T15184] ? __kasan_check_write+0x18/0x20 [ 777.714591][T15184] ? mutex_unlock+0x90/0x240 [ 777.714613][T15184] ? __cfi_mutex_unlock+0x10/0x10 [ 777.714634][T15184] ? __fget_files+0x2c5/0x340 [ 777.714663][T15184] ? __fget_files+0x2c5/0x340 [ 777.714696][T15184] ? bpf_lsm_file_ioctl+0xd/0x20 [ 777.714716][T15184] ? security_file_ioctl+0x3e/0x110 [ 777.714736][T15184] ? __cfi_kvm_vm_ioctl+0x10/0x10 [ 777.714761][T15184] __se_sys_ioctl+0x135/0x1b0 [ 777.714798][T15184] __x64_sys_ioctl+0x7f/0xa0 [ 777.714826][T15184] x64_sys_call+0x1878/0x2ee0 [ 777.714853][T15184] do_syscall_64+0x57/0xf0 [ 777.714880][T15184] ? clear_bhb_loop+0x50/0xa0 [ 777.714910][T15184] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 777.714937][T15184] RIP: 0033:0x7f9a10b9bf79 [ 777.714955][T15184] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 777.714973][T15184] RSP: 002b:00007f9a119cb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 777.714995][T15184] RAX: ffffffffffffffda RBX: 00007f9a10e15fa0 RCX: 00007f9a10b9bf79 [ 777.715011][T15184] RDX: 0000000000000002 RSI: 000000000000ae41 RDI: 0000000000000004 [ 777.715024][T15184] RBP: 00007f9a119cb090 R08: 0000000000000000 R09: 0000000000000000 [ 777.715038][T15184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 777.715052][T15184] R13: 00007f9a10e16038 R14: 00007f9a10e15fa0 R15: 00007ffc66cdcbd8 [ 777.715069][T15184] [ 777.715141][T15184] Mem-Info: [ 777.836731][ T63] usb 6-1: new high-speed USB device number 79 using dummy_hcd [ 777.841649][T15184] active_anon:25180 inactive_anon:239 isolated_anon:0 [ 777.841649][T15184] active_file:25904 inactive_file:2944 isolated_file:0 [ 777.841649][T15184] unevictable:0 dirty:183 writeback:0 [ 777.841649][T15184] slab_reclaimable:6291 slab_unreclaimable:76656 [ 777.841649][T15184] mapped:31804 shmem:16603 pagetables:1154 [ 777.841649][T15184] sec_pagetables:0 bounce:0 [ 777.841649][T15184] kernel_misc_reclaimable:0 [ 777.841649][T15184] free:1476901 free_pcp:1426 free_cma:0 [ 777.998670][ T63] usb 6-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0 [ 777.999337][T15184] Node 0 active_anon:100720kB inactive_anon:956kB active_file:103616kB inactive_file:11776kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:127216kB dirty:732kB writeback:0kB shmem:66412kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:8256kB pagetables:4616kB sec_pagetables:0kB all_unreclaimable? no [ 778.004495][ T63] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 778.009776][T15184] DMA32 free:2958164kB boost:0kB min:19080kB low:23848kB high:28616kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:2963376kB mlocked:0kB bounce:0kB free_pcp:5212kB local_pcp:5144kB free_cma:0kB [ 778.015267][ T63] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 778.035567][T15184] lowmem_reserve[]: [ 778.048534][ T63] usb 6-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 778.053116][T15184] 0 [ 778.059055][ T63] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 778.066326][T15184] 3921 [ 778.085636][ T63] usb 6-1: Product: syz [ 778.093653][T15184] 3921 [ 778.101332][ T63] usb 6-1: Manufacturer: syz [ 778.141749][T15184] [ 778.156674][ T63] usb 6-1: SerialNumber: syz [ 778.186460][T15184] Normal free:2952872kB boost:0kB min:25972kB low:32464kB high:38956kB reserved_highatomic:0KB free_highatomic:0KB active_anon:100720kB inactive_anon:956kB active_file:103616kB inactive_file:11776kB unevictable:0kB writepending:732kB present:5242880kB managed:4015864kB mlocked:0kB bounce:0kB free_pcp:360kB local_pcp:200kB free_cma:0kB [ 778.252729][ T63] usb 6-1: config 0 descriptor?? [ 778.264406][T15184] lowmem_reserve[]: [ 778.267276][ T63] usb-storage 6-1:0.0: USB Mass Storage device detected [ 778.269850][T15184] 0 [ 778.280983][ T63] usb-storage 6-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 778.285789][T15184] 0 0 [ 778.343396][T15184] DMA32: 3*4kB (M) 3*8kB (M) 3*16kB (M) 4*32kB (M) 4*64kB (M) 5*128kB (M) 5*256kB (M) 5*512kB (M) 4*1024kB (UM) 4*2048kB (M) 718*4096kB (M) = 2958164kB [ 778.359019][T15184] Normal: 130*4kB (UME) 69*8kB (UME) 47*16kB (UME) 134*32kB (UME) 52*64kB (UME) 36*128kB (UME) 41*256kB (UME) 42*512kB (UME) 39*1024kB (UME) 16*2048kB (ME) 692*4096kB (UME) = 2953184kB [ 778.377594][T15184] 45690 total pagecache pages [ 778.382295][T15184] 243 pages in swap cache [ 778.386803][T15184] Free swap = 123616kB [ 778.391217][T15184] Total swap = 124996kB [ 778.395384][T15184] 2097051 pages RAM [ 778.399244][T15184] 0 pages HighMem/MovableOnly [ 778.404039][T15184] 352241 pages reserved [ 778.408237][T15184] 0 pages cma reserved [ 778.414168][T15184] Memory allocations: [ 778.418198][T15184] 0 B 0 init/main.c:1477 func:do_initcalls [ 778.425526][T15184] 0 B 0 init/do_mounts.c:186 func:mount_root_generic [ 778.434029][T15184] 0 B 0 init/do_mounts.c:158 func:do_mount_root [ 778.441951][T15184] 0 B 0 init/do_mounts.c:352 func:mount_nodev_root [ 778.450450][T15184] 0 B 0 init/do_mounts_rd.c:241 func:rd_load_image [ 778.458551][T15184] 0 B 0 init/do_mounts_rd.c:72 func:identify_ramdisk_image [ 778.467345][T15184] 0 B 0 init/initramfs.c:507 func:unpack_to_rootfs [ 778.475312][T15184] 0 B 0 init/initramfs.c:508 func:unpack_to_rootfs [ 778.483418][T15184] 0 B 0 init/initramfs.c:509 func:unpack_to_rootfs [ 778.491736][T15184] 0 B 0 init/initramfs.c:101 func:find_link [ 778.499184][T15184] kvm: failed to allocate vcpu's fpu [ 778.502555][ T63] usb 6-1: USB disconnect, device number 79 [ 779.033991][T15205] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:758 [ 783.214930][T15252] incfs: Error accessing: ./bus. [ 783.229094][T15252] incfs: mount failed -20 [ 783.502531][T15262] netlink: 'syz.0.5830': attribute type 27 has an invalid length. [ 783.526825][T15262] veth0_vlan: left promiscuous mode [ 783.532446][T15262] veth0_vlan: entered promiscuous mode [ 783.539416][T15262] veth1_macvtap: left promiscuous mode [ 783.545416][T15262] veth1_macvtap: entered promiscuous mode [ 783.558048][T15152] bridge0: port 1(bridge_slave_0) entered blocking state [ 783.565123][T15152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 783.572940][T15152] bridge0: port 2(bridge_slave_1) entered blocking state [ 783.579968][T15152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 784.089024][T15278] netlink: 57 bytes leftover after parsing attributes in process `syz.5.5836'. [ 784.416659][ T31] usb 6-1: new high-speed USB device number 80 using dummy_hcd [ 784.566705][ T31] usb 6-1: Using ep0 maxpacket: 32 [ 784.573095][ T31] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 784.586050][ T31] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 784.595200][ T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 784.603933][ T31] usb 6-1: config 0 descriptor?? [ 784.610038][ T31] hub 6-1:0.0: bad descriptor, ignoring hub [ 784.615960][ T31] hub 6-1:0.0: probe with driver hub failed with error -5 [ 784.623400][ T31] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 784.689064][T15284] veth0_to_batadv: entered promiscuous mode [ 784.769167][T15292] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 784.779180][T15292] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 784.787556][T15292] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 784.798592][T15292] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 784.806909][T15292] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 784.818504][T15292] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 784.827284][T15292] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 784.835830][T15292] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 784.844021][T15292] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 784.854366][T15292] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 784.867505][T15294] overlayfs: conflicting options: userxattr,verity=on [ 784.972904][ T36] audit: type=1400 audit(1770776578.327:31198): avc: denied { create } for pid=15299 comm="syz.6.5844" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 785.830644][T15311] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5847'. [ 787.212051][T15326] SELinux: failed to load policy [ 787.286835][ T10] usb 6-1: USB disconnect, device number 80 [ 788.166660][ T31] usb 6-1: new full-speed USB device number 81 using dummy_hcd [ 788.317856][ T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 788.328929][ T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 255, setting to 64 [ 788.339776][ T31] usb 6-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00 [ 788.348859][ T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 788.357799][ T31] usb 6-1: config 0 descriptor?? [ 788.363052][T15337] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22 [ 788.574170][T15337] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 788.582961][T15337] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 788.648312][ T31] usbhid 6-1:0.0: can't add hid device: -71 [ 788.654422][ T31] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 788.663366][ T31] usb 6-1: USB disconnect, device number 81 [ 788.806053][ T36] audit: type=1400 audit(1770776582.157:31199): avc: denied { watch watch_reads } for pid=15341 comm="syz.4.5860" path="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 789.404709][T15356] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15356 comm=syz.5.5866 [ 789.436531][ T36] audit: type=1400 audit(1770776582.787:31200): avc: denied { map } for pid=15357 comm="syz.5.5867" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 789.460220][ T36] audit: type=1400 audit(1770776582.787:31201): avc: denied { execute } for pid=15357 comm="syz.5.5867" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 789.706708][ T63] usb 6-1: new full-speed USB device number 82 using dummy_hcd [ 789.857842][ T63] usb 6-1: config 4 has an invalid interface number: 164 but max is 0 [ 789.866115][ T63] usb 6-1: config 4 has no interface number 0 [ 789.872260][ T63] usb 6-1: config 4 interface 164 altsetting 1 endpoint 0x2 has invalid maxpacket 528, setting to 64 [ 789.883172][ T63] usb 6-1: config 4 interface 164 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 789.894275][ T63] usb 6-1: config 4 interface 164 has no altsetting 0 [ 789.902660][ T63] usb 6-1: New USB device found, idVendor=1532, idProduct=1ce5, bcdDevice=d7.e5 [ 789.911806][ T63] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 789.920696][ T63] usb 6-1: Product: syz [ 789.925201][ T63] usb 6-1: Manufacturer: syz [ 789.930347][ T63] usb 6-1: SerialNumber: syz [ 789.936251][T15358] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22 [ 789.943575][T15358] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22 [ 790.002881][T15365] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 790.016805][T15365] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 790.159905][ T36] audit: type=1400 audit(1770776583.507:31202): avc: denied { ioctl } for pid=15357 comm="syz.5.5867" path="/dev/cpu/0/msr" dev="devtmpfs" ino=16 ioctlcmd=0x943c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 790.252343][ T63] usb 6-1: USB disconnect, device number 82 [ 790.977332][T15381] virtiofs: Bad value for 'dax' [ 791.496674][ T45] usb 6-1: new high-speed USB device number 83 using dummy_hcd [ 791.647724][ T45] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 791.658670][ T45] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 791.669253][ T45] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 791.678402][ T45] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 791.686448][ T45] usb 6-1: Manufacturer: syz [ 791.691764][ T45] usb 6-1: config 0 descriptor?? [ 792.040137][T15398] netlink: 144 bytes leftover after parsing attributes in process `syz.4.5879'. [ 792.169335][T15402] kvm: kvm [15401]: vcpu0, guest rIP: 0x9134 Unhandled WRMSR(0x11e) = 0xbe702111 [ 792.256996][T15158] Bluetooth: hci0: Frame reassembly failed (-84) [ 792.699737][T15390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 792.708434][T15390] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 792.717278][T15390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 792.725776][T15390] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 792.734087][ T45] uclogic 0003:256C:006D.0062: failed retrieving string descriptor #100: -71 [ 792.743023][ T45] uclogic 0003:256C:006D.0062: failed retrieving pen parameters: -71 [ 792.751139][ T45] uclogic 0003:256C:006D.0062: failed probing pen v1 parameters: -71 [ 792.759300][ T45] uclogic 0003:256C:006D.0062: failed probing parameters: -71 [ 792.766833][ T45] uclogic 0003:256C:006D.0062: probe with driver uclogic failed with error -71 [ 792.777024][ T45] usb 6-1: USB disconnect, device number 83 [ 793.666704][ T63] usb 6-1: new high-speed USB device number 84 using dummy_hcd [ 793.816661][ T63] usb 6-1: Using ep0 maxpacket: 32 [ 793.822849][ T63] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 793.835810][ T63] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 793.844896][ T63] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 793.853546][ T63] usb 6-1: config 0 descriptor?? [ 793.859757][ T63] hub 6-1:0.0: bad descriptor, ignoring hub [ 793.865682][ T63] hub 6-1:0.0: probe with driver hub failed with error -5 [ 793.873117][ T63] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 794.286707][T15406] Bluetooth: hci0: command 0x1003 tx timeout [ 794.286707][T10054] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 794.369843][T15417] netlink: 268 bytes leftover after parsing attributes in process `syz.6.5886'. [ 796.546784][ T63] usb 6-1: USB disconnect, device number 84 [ 797.163314][T15436] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 16777216 [ 797.182356][T15438] netlink: 104 bytes leftover after parsing attributes in process `syz.5.5895'. [ 797.436642][ T45] usb 6-1: new high-speed USB device number 85 using dummy_hcd [ 797.596653][ T45] usb 6-1: Using ep0 maxpacket: 16 [ 797.603156][ T45] usb 6-1: config 0 has an invalid interface number: 126 but max is 0 [ 797.611664][ T45] usb 6-1: config 0 has an invalid descriptor of length 64, skipping remainder of the config [ 797.622028][ T45] usb 6-1: config 0 has no interface number 0 [ 797.628327][ T45] usb 6-1: config 0 interface 126 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87 [ 797.640178][ T45] usb 6-1: config 0 interface 126 altsetting 0 endpoint 0x87 has invalid maxpacket 34328, setting to 1024 [ 797.652377][ T45] usb 6-1: config 0 interface 126 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 797.663887][ T45] usb 6-1: config 0 interface 126 altsetting 0 endpoint 0x4 has invalid maxpacket 32771, setting to 1024 [ 797.675367][ T45] usb 6-1: config 0 interface 126 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1024 [ 797.685671][ T45] usb 6-1: config 0 interface 126 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4 [ 797.699963][ T45] usb 6-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88 [ 797.709867][ T45] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 797.719409][ T45] usb 6-1: config 0 descriptor?? [ 797.724674][T15440] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 797.732215][T15440] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 797.940286][ T45] usb 6-1: USB disconnect, device number 85 [ 799.286684][ T63] usb 6-1: new high-speed USB device number 86 using dummy_hcd [ 799.307156][T15461] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 799.314760][T15461] SELinux: failed to load policy [ 799.476629][ T63] usb 6-1: Using ep0 maxpacket: 32 [ 799.488280][ T63] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 799.506703][ T63] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 799.536285][ T63] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 799.560549][ T63] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 799.576917][ T63] usb 6-1: config 0 descriptor?? [ 799.587780][ T63] hub 6-1:0.0: bad descriptor, ignoring hub [ 799.595649][ T63] hub 6-1:0.0: probe with driver hub failed with error -5 [ 799.615268][ T63] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 799.637445][T15469] bridge0: port 1(bridge_slave_0) entered blocking state [ 799.644919][T15469] bridge0: port 1(bridge_slave_0) entered disabled state [ 799.652755][T15469] bridge_slave_0: entered allmulticast mode [ 799.660582][T15469] bridge_slave_0: entered promiscuous mode [ 799.667364][T15469] bridge0: port 2(bridge_slave_1) entered blocking state [ 799.674473][T15469] bridge0: port 2(bridge_slave_1) entered disabled state [ 799.681702][T15469] bridge_slave_1: entered allmulticast mode [ 799.688227][T15469] bridge_slave_1: entered promiscuous mode [ 799.761752][T15469] bridge0: port 2(bridge_slave_1) entered blocking state [ 799.768853][T15469] bridge0: port 2(bridge_slave_1) entered forwarding state [ 799.776165][T15469] bridge0: port 1(bridge_slave_0) entered blocking state [ 799.783237][T15469] bridge0: port 1(bridge_slave_0) entered forwarding state [ 799.812722][T15153] bridge0: port 1(bridge_slave_0) entered disabled state [ 799.820993][T15153] bridge0: port 2(bridge_slave_1) entered disabled state [ 799.832050][T15153] bridge0: port 1(bridge_slave_0) entered blocking state [ 799.839121][T15153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 799.849603][T15153] bridge0: port 2(bridge_slave_1) entered blocking state [ 799.856724][T15153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 799.893186][T15469] veth0_vlan: entered promiscuous mode [ 799.908875][T15469] veth1_macvtap: entered promiscuous mode [ 800.430499][T15159] Bluetooth: hci0: Frame reassembly failed (-84) [ 802.147202][ T31] usb 6-1: USB disconnect, device number 86 [ 802.171588][T15524] FAULT_INJECTION: forcing a failure. [ 802.171588][T15524] name failslab, interval 1, probability 0, space 0, times 0 [ 802.184282][T15524] CPU: 0 UID: 0 PID: 15524 Comm: syz.5.5924 Not tainted syzkaller #0 eb3ac94483332de1dcdde2e475b5ff9bbded7b99 [ 802.184310][T15524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 802.184322][T15524] Call Trace: [ 802.184334][T15524] [ 802.184340][T15524] __dump_stack+0x21/0x30 [ 802.184362][T15524] dump_stack_lvl+0x140/0x1c0 [ 802.184379][T15524] ? __cfi_dump_stack_lvl+0x10/0x10 [ 802.184397][T15524] dump_stack+0x19/0x20 [ 802.184413][T15524] should_fail_ex+0x3d7/0x530 [ 802.184428][T15524] should_failslab+0xac/0x100 [ 802.184447][T15524] __kmalloc_cache_noprof+0x41/0x470 [ 802.184466][T15524] ? allocate_cgrp_cset_links+0xe6/0x430 [ 802.184487][T15524] ? __kasan_kmalloc+0x96/0xb0 [ 802.184506][T15524] allocate_cgrp_cset_links+0xe6/0x430 [ 802.184527][T15524] find_css_set+0x983/0x1a70 [ 802.184548][T15524] ? __cfi_synchronize_rcu+0x10/0x10 [ 802.184581][T15524] ? _raw_spin_unlock_irqrestore+0x4a/0x70 [ 802.184604][T15524] ? rcu_sync_func+0x119/0x240 [ 802.184622][T15524] ? cgroup_migrate_prepare_dst+0x930/0x930 [ 802.184644][T15524] ? __cfi_rcu_sync_enter+0x10/0x10 [ 802.184661][T15524] ? unwind_get_return_address+0x51/0x90 [ 802.184677][T15524] cgroup_migrate_prepare_dst+0xe4/0x930 [ 802.184699][T15524] cgroup_attach_task+0x32c/0x630 [ 802.184712][T15524] ? __cfi_percpu_down_write+0x10/0x10 [ 802.184729][T15524] ? __cfi_cgroup_attach_task+0x10/0x10 [ 802.184742][T15524] ? __cfi_cgroup_procs_write_start+0x10/0x10 [ 802.184756][T15524] __cgroup1_procs_write+0x336/0x550 [ 802.184772][T15524] ? cgroup_pidlist_destroy_work_fn+0x230/0x230 [ 802.184788][T15524] ? __kasan_check_write+0x18/0x20 [ 802.184804][T15524] ? _copy_from_iter+0x218/0x1510 [ 802.184821][T15524] cgroup1_procs_write+0x2e/0x40 [ 802.184834][T15524] ? __cfi_cgroup1_procs_write+0x10/0x10 [ 802.184847][T15524] cgroup_file_write+0x2bd/0x5c0 [ 802.184868][T15524] ? __virt_addr_valid+0x2a6/0x380 [ 802.184882][T15524] ? __cfi_cgroup_file_write+0x10/0x10 [ 802.184899][T15524] ? mutex_lock+0x97/0x1d0 [ 802.184912][T15524] ? __cfi_mutex_lock+0x10/0x10 [ 802.184926][T15524] ? __kasan_check_write+0x18/0x20 [ 802.184943][T15524] kernfs_fop_write_iter+0x31f/0x510 [ 802.184957][T15524] ? __cfi_cgroup_file_write+0x10/0x10 [ 802.184974][T15524] vfs_write+0x764/0xf90 [ 802.184991][T15524] ? __cfi_vfs_write+0x10/0x10 [ 802.185007][T15524] ? __cfi_mutex_lock+0x10/0x10 [ 802.185022][T15524] ksys_write+0x145/0x260 [ 802.185038][T15524] ? __cfi_ksys_write+0x10/0x10 [ 802.185055][T15524] ? __kasan_check_read+0x15/0x20 [ 802.185071][T15524] __x64_sys_write+0x7f/0x90 [ 802.185087][T15524] x64_sys_call+0x271c/0x2ee0 [ 802.185106][T15524] do_syscall_64+0x57/0xf0 [ 802.185125][T15524] ? clear_bhb_loop+0x50/0xa0 [ 802.185144][T15524] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 802.185163][T15524] RIP: 0033:0x7f8b3339bf79 [ 802.185174][T15524] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 802.185186][T15524] RSP: 002b:00007f8b341db028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 802.185201][T15524] RAX: ffffffffffffffda RBX: 00007f8b33615fa0 RCX: 00007f8b3339bf79 [ 802.185212][T15524] RDX: 0000000000000012 RSI: 00002000000001c0 RDI: 0000000000000007 [ 802.185222][T15524] RBP: 00007f8b341db090 R08: 0000000000000000 R09: 0000000000000000 [ 802.185230][T15524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 802.185239][T15524] R13: 00007f8b33616038 R14: 00007f8b33615fa0 R15: 00007ffc3ac48888 [ 802.185251][T15524] [ 802.536740][T10054] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 802.536756][T15406] Bluetooth: hci0: command 0x1003 tx timeout [ 802.581376][T15529] overlayfs: failed to resolve './file1/file0': -2 [ 802.936655][ T31] usb 6-1: new full-speed USB device number 87 using dummy_hcd [ 803.088341][ T31] usb 6-1: unable to get BOS descriptor or descriptor too short [ 803.096500][ T31] usb 6-1: not running at top speed; connect to a high speed hub [ 803.105052][ T31] usb 6-1: config 4 has an invalid interface number: 56 but max is 0 [ 803.113180][ T31] usb 6-1: config 4 has no interface number 0 [ 803.119278][ T31] usb 6-1: config 4 interface 56 has no altsetting 0 [ 803.127280][ T31] usb 6-1: New USB device found, idVendor=17cc, idProduct=1000, bcdDevice=61.74 [ 803.136307][ T31] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 803.144326][ T31] usb 6-1: Product: syz [ 803.148536][ T31] usb 6-1: Manufacturer: syz [ 803.153117][ T31] usb 6-1: SerialNumber: syz [ 803.296107][T15536] tmpfs: Unknown parameter 'usrquota0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.296107][T15536] 0 [ 803.398842][T15538] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5919'. [ 803.496991][T15538] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5919'. [ 803.506811][ T31] snd-usb-audio 6-1:4.56: probe with driver snd-usb-audio failed with error -71 [ 803.519653][T15538] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5919'. [ 803.529381][ T31] usb 6-1: USB disconnect, device number 87 [ 803.537105][T15541] input: syz0 as /devices/virtual/input/input73 [ 804.171948][T15552] netlink: 240 bytes leftover after parsing attributes in process `syz.5.5934'. [ 804.332085][T15557] overlayfs: failed to resolve './file1/file0': -2 [ 804.577359][T15575] random: crng reseeded on system resumption [ 804.823813][T15584] overlayfs: failed to resolve './file1/file0': -2 [ 805.057576][T15592] random: crng reseeded on system resumption [ 805.242861][T15602] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 805.242889][T15602] rust_binder: Read failure Err(EFAULT) in pid:913 [ 805.251794][T15602] rust_binder: Error while translating object. [ 805.258412][T15602] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 805.264697][T15602] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:913 [ 805.287137][T15604] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 805.296355][T15604] rust_binder: Read failure Err(EFAULT) in pid:915 [ 805.304598][T15604] FAULT_INJECTION: forcing a failure. [ 805.304598][T15604] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 805.324287][T15604] CPU: 1 UID: 0 PID: 15604 Comm: syz.5.5954 Not tainted syzkaller #0 eb3ac94483332de1dcdde2e475b5ff9bbded7b99 [ 805.324308][T15604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 805.324318][T15604] Call Trace: [ 805.324324][T15604] [ 805.324330][T15604] __dump_stack+0x21/0x30 [ 805.324352][T15604] dump_stack_lvl+0x140/0x1c0 [ 805.324369][T15604] ? __cfi_dump_stack_lvl+0x10/0x10 [ 805.324387][T15604] ? _printk+0xde/0x140 [ 805.324400][T15604] ? asm_exc_page_fault+0x2b/0x30 [ 805.324420][T15604] dump_stack+0x19/0x20 [ 805.324450][T15604] should_fail_ex+0x3d7/0x530 [ 805.324471][T15604] should_fail+0xf/0x20 [ 805.324490][T15604] should_fail_usercopy+0x1e/0x30 [ 805.324513][T15604] _copy_from_user+0x20/0xa0 [ 805.324530][T15604] _RNvCskDQVOo9v79Q_16rust_binder_main17rust_binder_ioctl+0xaed/0x5da0 [ 805.324555][T15604] ? __cfi__RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB5_6Thread14get_work_local+0x10/0x10 [ 805.324583][T15604] ? kvm_sched_clock_read+0x15/0x30 [ 805.324601][T15604] ? __cfi__RNvCskDQVOo9v79Q_16rust_binder_main17rust_binder_ioctl+0x10/0x10 [ 805.324624][T15604] ? cgroup_rstat_updated+0x141/0x810 [ 805.324645][T15604] ? __cfi___update_load_avg_cfs_rq+0x10/0x10 [ 805.324662][T15604] ? update_curr+0x50c/0x9e0 [ 805.324682][T15604] ? __kasan_check_read+0x15/0x20 [ 805.324698][T15604] ? resched_curr+0xb0/0x440 [ 805.324717][T15604] ? __cfi_resched_curr+0x10/0x10 [ 805.324734][T15604] ? kvm_sched_clock_read+0x15/0x30 [ 805.324750][T15604] ? detach_entity_load_avg+0x7b0/0x7b0 [ 805.324769][T15604] ? sched_clock+0x44/0x60 [ 805.324787][T15604] ? assign_cfs_rq_runtime+0x350/0x350 [ 805.324807][T15604] ? update_load_avg+0x506/0x1990 [ 805.324823][T15604] ? update_cfs_group+0x1f3/0x250 [ 805.324843][T15604] ? kvm_sched_clock_read+0x15/0x30 [ 805.324858][T15604] ? sched_clock_noinstr+0xd/0x30 [ 805.324873][T15604] ? __kasan_check_read+0x15/0x20 [ 805.324888][T15604] ? psi_group_change+0xaae/0x1090 [ 805.324908][T15604] ? is_bpf_text_address+0x17b/0x1a0 [ 805.324926][T15604] ? kernel_text_address+0xa9/0xe0 [ 805.324942][T15604] ? __kernel_text_address+0x11/0x40 [ 805.324957][T15604] ? unwind_get_return_address+0x51/0x90 [ 805.324973][T15604] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 805.324987][T15604] ? arch_stack_walk+0x10a/0x170 [ 805.325010][T15604] ? is_bpf_text_address+0x17b/0x1a0 [ 805.325026][T15604] ? kernel_text_address+0xa9/0xe0 [ 805.325042][T15604] ? __kernel_text_address+0x11/0x40 [ 805.325058][T15604] ? unwind_get_return_address+0x51/0x90 [ 805.325072][T15604] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 805.325086][T15604] ? arch_stack_walk+0x10a/0x170 [ 805.325107][T15604] ? stack_depot_save_flags+0x38/0x800 [ 805.325122][T15604] ? stack_trace_save+0xaa/0x100 [ 805.325135][T15604] ? kasan_save_track+0x4f/0x80 [ 805.325153][T15604] ? kasan_save_track+0x3e/0x80 [ 805.325170][T15604] ? kasan_save_alloc_info+0x40/0x50 [ 805.325185][T15604] ? __kasan_slab_alloc+0x73/0x90 [ 805.325204][T15604] ? kmem_cache_alloc_noprof+0x1bf/0x410 [ 805.325220][T15604] ? security_inode_alloc+0x51/0x230 [ 805.325238][T15604] ? inode_init_always_gfp+0x756/0x9e0 [ 805.325257][T15604] ? alloc_inode+0xc5/0x270 [ 805.325276][T15604] ? new_inode+0x25/0x1e0 [ 805.325294][T15604] ? proc_pid_make_inode+0x25/0x140 [ 805.325313][T15604] ? proc_pident_instantiate+0x6d/0x2c0 [ 805.325333][T15604] ? proc_pident_lookup+0x1c7/0x270 [ 805.325352][T15604] ? proc_tid_base_lookup+0x2f/0x40 [ 805.325366][T15604] ? path_openat+0x1312/0x34f0 [ 805.325385][T15604] ? do_filp_open+0x1f5/0x440 [ 805.325405][T15604] ? do_sys_openat2+0x134/0x1d0 [ 805.325417][T15604] ? __x64_sys_openat+0x13a/0x170 [ 805.325430][T15604] ? do_syscall_64+0x57/0xf0 [ 805.325449][T15604] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 805.325469][T15604] ? avc_has_perm_noaudit+0x26c/0x360 [ 805.325486][T15604] ? __asan_memcpy+0x5a/0x80 [ 805.325502][T15604] ? avc_has_perm_noaudit+0x28a/0x360 [ 805.325519][T15604] ? avc_has_perm+0x155/0x240 [ 805.325555][T15604] ? __cfi_avc_has_perm+0x10/0x10 [ 805.325585][T15604] ? kasan_save_alloc_info+0x40/0x50 [ 805.325601][T15604] ? selinux_file_open+0x46c/0x630 [ 805.325615][T15604] ? __cfi_selinux_file_open+0x10/0x10 [ 805.325634][T15604] ? avc_has_extended_perms+0x80b/0xe70 [ 805.325651][T15604] ? __asan_memcpy+0x5a/0x80 [ 805.325667][T15604] ? avc_has_extended_perms+0x969/0xe70 [ 805.325684][T15604] ? __asan_set_shadow_00+0x12/0x20 [ 805.325698][T15604] ? do_vfs_ioctl+0x182d/0x2010 [ 805.325716][T15604] ? arch_stack_walk+0x10a/0x170 [ 805.325735][T15604] ? __ia32_compat_sys_ioctl+0x920/0x920 [ 805.325756][T15604] ? _parse_integer+0x2e/0x40 [ 805.325770][T15604] ? ioctl_has_perm+0x39a/0x500 [ 805.325784][T15604] ? has_cap_mac_admin+0xd0/0xd0 [ 805.325798][T15604] ? proc_fail_nth_write+0x184/0x220 [ 805.325811][T15604] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 805.325825][T15604] ? selinux_file_ioctl+0x732/0x1480 [ 805.325839][T15604] ? vfs_write+0x9a4/0xf90 [ 805.325854][T15604] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 805.325868][T15604] ? __cfi_vfs_write+0x10/0x10 [ 805.325884][T15604] ? __kasan_check_write+0x18/0x20 [ 805.325900][T15604] ? mutex_unlock+0x90/0x240 [ 805.325914][T15604] ? __cfi_mutex_unlock+0x10/0x10 [ 805.325927][T15604] ? __fget_files+0x2c5/0x340 [ 805.325947][T15604] ? __fget_files+0x2c5/0x340 [ 805.325965][T15604] ? bpf_lsm_file_ioctl+0xd/0x20 [ 805.325978][T15604] ? security_file_ioctl+0x3e/0x110 [ 805.325991][T15604] ? __cfi__RNvCskDQVOo9v79Q_16rust_binder_main17rust_binder_ioctl+0x10/0x10 [ 805.326013][T15604] __se_sys_ioctl+0x135/0x1b0 [ 805.326032][T15604] __x64_sys_ioctl+0x7f/0xa0 [ 805.326050][T15604] x64_sys_call+0x1878/0x2ee0 [ 805.326069][T15604] do_syscall_64+0x57/0xf0 [ 805.326087][T15604] ? clear_bhb_loop+0x50/0xa0 [ 805.326106][T15604] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 805.326124][T15604] RIP: 0033:0x7f8b3339bf79 [ 805.326136][T15604] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 805.326149][T15604] RSP: 002b:00007f8b341db028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 805.326164][T15604] RAX: ffffffffffffffda RBX: 00007f8b33615fa0 RCX: 00007f8b3339bf79 [ 805.326174][T15604] RDX: 00002000000001c0 RSI: 00000000c0306201 RDI: 0000000000000004 [ 805.326184][T15604] RBP: 00007f8b341db090 R08: 0000000000000000 R09: 0000000000000000 [ 805.326193][T15604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 805.326201][T15604] R13: 00007f8b33616038 R14: 00007f8b33615fa0 R15: 00007ffc3ac48888 [ 805.326213][T15604] [ 805.970348][T15606] random: crng reseeded on system resumption [ 806.007642][T15606] netlink: 40 bytes leftover after parsing attributes in process `syz.6.5955'. [ 806.033770][T15612] random: crng reseeded on system resumption [ 806.506635][ T10] usb 6-1: new full-speed USB device number 88 using dummy_hcd [ 806.657609][ T10] usb 6-1: config 0 has an invalid interface number: 201 but max is 0 [ 806.665813][ T10] usb 6-1: config 0 has no interface number 0 [ 806.673451][ T10] usb 6-1: New USB device found, idVendor=4f18, idProduct=50cd, bcdDevice=74.c9 [ 806.682561][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 806.695038][ T10] usb 6-1: Product: syz [ 806.699490][ T10] usb 6-1: Manufacturer: syz [ 806.704151][ T10] usb 6-1: SerialNumber: syz [ 806.710165][ T10] usb 6-1: config 0 descriptor?? [ 806.716078][T15153] Bluetooth: hci0: Frame reassembly failed (-84) [ 806.718346][ T10] usb-storage 6-1:0.201: USB Mass Storage device detected [ 806.722850][T15159] Bluetooth: hci0: Frame reassembly failed (-84) [ 806.918839][T15644] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 806.927424][T15644] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 806.936289][ T63] usb 6-1: USB disconnect, device number 88 [ 807.457610][ T36] audit: type=1400 audit(1770776600.825:31203): avc: denied { setattr } for pid=15654 comm="syz.5.5974" name="TIPC" dev="sockfs" ino=163044 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 808.766635][T10054] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 808.766658][T15406] Bluetooth: hci0: command 0x1003 tx timeout [ 809.416821][T15677] netlink: 'syz.0.5982': attribute type 4 has an invalid length. [ 809.435454][T15680] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 809.444304][T15680] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 809.452271][T15680] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5983'. [ 809.461281][T15681] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5983'. [ 809.662611][T15683] input: syz1 as /devices/virtual/input/input74 [ 809.668982][T15683] input: failed to attach handler leds to device input74, error: -6 [ 810.033083][ T36] audit: type=1400 audit(1770776603.395:31204): avc: denied { getopt } for pid=15700 comm="syz.6.5991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 810.922388][T15708] netlink: 188 bytes leftover after parsing attributes in process `syz.6.5994'. [ 811.517708][T15712] netlink: 393 bytes leftover after parsing attributes in process `syz.5.5996'. [ 811.537750][T15714] FAULT_INJECTION: forcing a failure. [ 811.537750][T15714] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 811.550900][T15714] CPU: 1 UID: 0 PID: 15714 Comm: syz.5.5997 Not tainted syzkaller #0 eb3ac94483332de1dcdde2e475b5ff9bbded7b99 [ 811.550930][T15714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 811.550944][T15714] Call Trace: [ 811.550951][T15714] [ 811.550961][T15714] __dump_stack+0x21/0x30 [ 811.550990][T15714] dump_stack_lvl+0x140/0x1c0 [ 811.551007][T15714] ? __cfi_dump_stack_lvl+0x10/0x10 [ 811.551026][T15714] ? unwind_get_return_address+0x51/0x90 [ 811.551042][T15714] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 811.551057][T15714] dump_stack+0x19/0x20 [ 811.551078][T15714] should_fail_ex+0x3d7/0x530 [ 811.551094][T15714] should_fail+0xf/0x20 [ 811.551108][T15714] should_fail_usercopy+0x1e/0x30 [ 811.551123][T15714] _copy_from_user+0x20/0xa0 [ 811.551141][T15714] ___sys_recvmsg+0x176/0x590 [ 811.551163][T15714] ? __sys_recvmsg+0x290/0x290 [ 811.551184][T15714] ? __cfi_kstrtouint_from_user+0x10/0x10 [ 811.551199][T15714] ? selinux_file_permission+0x318/0xb60 [ 811.551216][T15714] ? __fget_files+0x2c5/0x340 [ 811.551237][T15714] do_recvmmsg+0x380/0x830 [ 811.551259][T15714] ? __sys_recvmmsg+0x2a0/0x2a0 [ 811.551279][T15714] ? __cfi_vfs_write+0x10/0x10 [ 811.551298][T15714] ? fput+0x1a4/0x240 [ 811.551311][T15714] __x64_sys_recvmmsg+0x199/0x250 [ 811.551333][T15714] ? __cfi___x64_sys_recvmmsg+0x10/0x10 [ 811.551354][T15714] ? __kasan_check_read+0x15/0x20 [ 811.551373][T15714] x64_sys_call+0x292c/0x2ee0 [ 811.551392][T15714] do_syscall_64+0x57/0xf0 [ 811.551417][T15714] ? clear_bhb_loop+0x50/0xa0 [ 811.551439][T15714] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 811.551459][T15714] RIP: 0033:0x7f8b3339bf79 [ 811.551471][T15714] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 811.551485][T15714] RSP: 002b:00007f8b341db028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 811.551501][T15714] RAX: ffffffffffffffda RBX: 00007f8b33615fa0 RCX: 00007f8b3339bf79 [ 811.551513][T15714] RDX: 0000000000000003 RSI: 00002000000029c0 RDI: 0000000000000003 [ 811.551523][T15714] RBP: 00007f8b341db090 R08: 0000000000000000 R09: 0000000000000000 [ 811.551533][T15714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 811.551542][T15714] R13: 00007f8b33616038 R14: 00007f8b33615fa0 R15: 00007ffc3ac48888 [ 811.551555][T15714] [ 811.608718][T15718] overlayfs: failed to resolve './file1/file0': -2 [ 811.820733][T15721] kvm: user requested TSC rate below hardware speed [ 811.827445][T15723] tipc: Enabling of bearer rejected, failed to enable media [ 811.827891][T15723] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6001'. [ 812.306678][ T10] usb 6-1: new high-speed USB device number 89 using dummy_hcd [ 812.456636][ T10] usb 6-1: Using ep0 maxpacket: 32 [ 812.473952][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 812.487355][ T10] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 812.497012][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 812.505711][T15745] overlayfs: failed to resolve './file1/file0': -2 [ 812.515447][ T10] usb 6-1: config 0 descriptor?? [ 812.525140][ T10] hub 6-1:0.0: bad descriptor, ignoring hub [ 812.532350][ T10] hub 6-1:0.0: probe with driver hub failed with error -5 [ 812.540326][ T10] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 812.565289][T15747] Invalid argument reading file caps for ./file0 [ 812.711962][ T36] audit: type=1400 audit(1770776606.075:31205): avc: denied { checkpoint_restore } for pid=15753 comm="syz.0.6014" capability=40 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 812.789688][T15760] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 812.802040][T15760] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 812.898258][T15763] input: syz0 as /devices/virtual/input/input75 [ 812.932832][T15767] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6017'. [ 813.001597][T15773] overlayfs: failed to resolve './file1/file0': -2 [ 813.518731][T15783] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6024'. [ 813.528532][ T36] audit: type=1400 audit(1770776606.895:31206): avc: denied { open } for pid=15782 comm="syz.0.6024" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=163628 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 813.652197][T15792] netlink: 'syz.0.6027': attribute type 27 has an invalid length. [ 813.935644][T15799] Invalid argument reading file caps for ./file0 [ 815.081451][ T36] audit: type=1400 audit(1770776608.445:31207): avc: denied { create } for pid=15815 comm="syz.5.6036" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 815.176956][ T10] usb 6-1: USB disconnect, device number 89 [ 815.456691][ T10] usb 6-1: new high-speed USB device number 90 using dummy_hcd [ 815.606680][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 815.612949][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 815.623874][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 815.633653][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 815.646456][ T10] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 815.655570][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 815.664374][ T10] usb 6-1: config 0 descriptor?? [ 816.071667][ T10] microsoft 0003:045E:07DA.0063: unknown main item tag 0x0 [ 816.078977][ T10] microsoft 0003:045E:07DA.0063: ignoring exceeding usage max [ 816.088100][ T10] microsoft 0003:045E:07DA.0063: item fetching failed at offset 32/34 [ 816.096413][ T10] microsoft 0003:045E:07DA.0063: parse failed [ 816.102547][ T10] microsoft 0003:045E:07DA.0063: probe with driver microsoft failed with error -22 [ 816.642232][T15831] FAULT_INJECTION: forcing a failure. [ 816.642232][T15831] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 816.655513][T15831] CPU: 0 UID: 0 PID: 15831 Comm: syz.7.6041 Not tainted syzkaller #0 eb3ac94483332de1dcdde2e475b5ff9bbded7b99 [ 816.655543][T15831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 816.655555][T15831] Call Trace: [ 816.655563][T15831] [ 816.655570][T15831] __dump_stack+0x21/0x30 [ 816.655600][T15831] dump_stack_lvl+0x140/0x1c0 [ 816.655623][T15831] ? __cfi_dump_stack_lvl+0x10/0x10 [ 816.655667][T15831] ? kasan_save_alloc_info+0x40/0x50 [ 816.655691][T15831] ? __kasan_slab_alloc+0x73/0x90 [ 816.655720][T15831] dump_stack+0x19/0x20 [ 816.655743][T15831] should_fail_ex+0x3d7/0x530 [ 816.655765][T15831] should_fail+0xf/0x20 [ 816.655784][T15831] should_fail_usercopy+0x1e/0x30 [ 816.655806][T15831] _copy_from_user+0x20/0xa0 [ 816.655831][T15831] msr_io+0xa1/0x2b0 [ 816.655860][T15831] ? __cfi_kvm_arch_vcpu_load+0x10/0x10 [ 816.655887][T15831] ? __cfi_do_get_msr+0x10/0x10 [ 816.655914][T15831] ? kvm_arch_dev_ioctl+0x990/0x990 [ 816.655945][T15831] kvm_arch_vcpu_ioctl+0x9ee/0x2d90 [ 816.655993][T15831] ? __cfi_avc_has_perm+0x10/0x10 [ 816.656019][T15831] ? kasan_save_alloc_info+0x40/0x50 [ 816.656043][T15831] ? __cfi_kvm_arch_vcpu_ioctl+0x10/0x10 [ 816.656077][T15831] ? selinux_file_open+0x46c/0x630 [ 816.656101][T15831] ? __cfi_selinux_file_open+0x10/0x10 [ 816.656127][T15831] ? is_bpf_text_address+0x17b/0x1a0 [ 816.656155][T15831] ? kernel_text_address+0xa9/0xe0 [ 816.656180][T15831] ? __kernel_text_address+0x11/0x40 [ 816.656206][T15831] ? __asan_set_shadow_00+0x12/0x20 [ 816.656227][T15831] ? do_vfs_ioctl+0x182d/0x2010 [ 816.656257][T15831] ? arch_stack_walk+0x10a/0x170 [ 816.656287][T15831] ? __ia32_compat_sys_ioctl+0x920/0x920 [ 816.656319][T15831] ? _parse_integer_limit+0x195/0x1e0 [ 816.656341][T15831] ? _parse_integer+0x2e/0x40 [ 816.656361][T15831] ? kstrtoull+0x13b/0x1e0 [ 816.656381][T15831] ? kstrtouint+0x78/0xf0 [ 816.656418][T15831] ? ioctl_has_perm+0x1bc/0x500 [ 816.656440][T15831] ? __asan_memcpy+0x5a/0x80 [ 816.656466][T15831] ? ioctl_has_perm+0x408/0x500 [ 816.656489][T15831] ? has_cap_mac_admin+0xd0/0xd0 [ 816.656512][T15831] ? __kasan_check_write+0x18/0x20 [ 816.656537][T15831] ? mutex_lock_killable+0x97/0x1d0 [ 816.656561][T15831] ? __cfi_mutex_lock_killable+0x10/0x10 [ 816.656590][T15831] ? proc_fail_nth_write+0x184/0x220 [ 816.656612][T15831] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 816.656635][T15831] kvm_vcpu_ioctl+0x7da/0x1000 [ 816.656668][T15831] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 816.656699][T15831] ? __cfi_vfs_write+0x10/0x10 [ 816.656724][T15831] ? __kasan_check_write+0x18/0x20 [ 816.656749][T15831] ? mutex_unlock+0x90/0x240 [ 816.656772][T15831] ? __cfi_mutex_unlock+0x10/0x10 [ 816.656794][T15831] ? __fget_files+0x2c5/0x340 [ 816.656824][T15831] ? __fget_files+0x2c5/0x340 [ 816.656865][T15831] ? bpf_lsm_file_ioctl+0xd/0x20 [ 816.656885][T15831] ? security_file_ioctl+0x3e/0x110 [ 816.656905][T15831] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 816.656933][T15831] __se_sys_ioctl+0x135/0x1b0 [ 816.656962][T15831] __x64_sys_ioctl+0x7f/0xa0 [ 816.656989][T15831] x64_sys_call+0x1878/0x2ee0 [ 816.657018][T15831] do_syscall_64+0x57/0xf0 [ 816.657046][T15831] ? clear_bhb_loop+0x50/0xa0 [ 816.657076][T15831] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 816.657104][T15831] RIP: 0033:0x7f0162d9bf79 [ 816.657122][T15831] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 816.657139][T15831] RSP: 002b:00007f0163c74028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 816.657162][T15831] RAX: ffffffffffffffda RBX: 00007f0163015fa0 RCX: 00007f0162d9bf79 [ 816.657178][T15831] RDX: 0000200000000200 RSI: 00000000c008ae88 RDI: 0000000000000005 [ 816.657192][T15831] RBP: 00007f0163c74090 R08: 0000000000000000 R09: 0000000000000000 [ 816.657205][T15831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 816.657217][T15831] R13: 00007f0163016038 R14: 00007f0163015fa0 R15: 00007fff88d21588 [ 816.657234][T15831] [ 818.247644][ T7439] usb 6-1: USB disconnect, device number 90 [ 818.390994][T15853] input: syz0 as /devices/virtual/input/input76 [ 818.410767][T15855] netlink: 188 bytes leftover after parsing attributes in process `syz.5.6051'. [ 819.526692][ T45] usb 6-1: new full-speed USB device number 91 using dummy_hcd [ 819.677054][ T45] usb 6-1: too many configurations: 25, using maximum allowed: 8 [ 819.685475][ T45] usb 6-1: config 1 interface 0 altsetting 127 endpoint 0x83 has invalid maxpacket 576, setting to 64 [ 819.696496][ T45] usb 6-1: config 1 interface 0 has no altsetting 0 [ 819.703770][ T45] usb 6-1: config 1 interface 0 altsetting 127 endpoint 0x83 has invalid maxpacket 576, setting to 64 [ 819.714761][ T45] usb 6-1: config 1 interface 0 has no altsetting 0 [ 819.722006][ T45] usb 6-1: config 1 interface 0 altsetting 127 endpoint 0x83 has invalid maxpacket 576, setting to 64 [ 819.732985][ T45] usb 6-1: config 1 interface 0 has no altsetting 0 [ 819.740376][ T45] usb 6-1: config 1 interface 0 altsetting 127 endpoint 0x83 has invalid maxpacket 576, setting to 64 [ 819.751364][ T45] usb 6-1: config 1 interface 0 has no altsetting 0 [ 819.758698][ T45] usb 6-1: config 1 interface 0 altsetting 127 endpoint 0x83 has invalid maxpacket 576, setting to 64 [ 819.769684][ T45] usb 6-1: config 1 interface 0 has no altsetting 0 [ 819.777000][ T45] usb 6-1: config 1 interface 0 altsetting 127 endpoint 0x83 has invalid maxpacket 576, setting to 64 [ 819.787997][ T45] usb 6-1: config 1 interface 0 has no altsetting 0 [ 819.795254][ T45] usb 6-1: config 1 interface 0 altsetting 127 endpoint 0x83 has invalid maxpacket 576, setting to 64 [ 819.806230][ T45] usb 6-1: config 1 interface 0 has no altsetting 0 [ 819.813555][ T45] usb 6-1: config 1 interface 0 altsetting 127 endpoint 0x83 has invalid maxpacket 576, setting to 64 [ 819.824557][ T45] usb 6-1: config 1 interface 0 has no altsetting 0 [ 819.832710][ T45] usb 6-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40 [ 819.841797][ T45] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 819.849973][ T45] usb 6-1: Product: syz [ 819.854130][ T45] usb 6-1: Manufacturer: syz [ 819.858760][ T45] usb 6-1: SerialNumber: syz [ 819.864588][T15860] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 820.210097][T15867] overlayfs: failed to resolve './file1/file0': -2 [ 820.273878][T15875] input: syz0 as /devices/virtual/input/input77 [ 820.304629][ T45] rtl8150 6-1:1.0: couldn't reset the device [ 820.311062][ T45] rtl8150 6-1:1.0: probe with driver rtl8150 failed with error -5 [ 820.320575][ T45] usb 6-1: USB disconnect, device number 91 [ 821.046690][ T7439] usb 6-1: new high-speed USB device number 92 using dummy_hcd [ 821.081419][T15888] overlayfs: overlapping lowerdir path [ 821.196644][ T7439] usb 6-1: Using ep0 maxpacket: 16 [ 821.203014][ T7439] usb 6-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 821.212882][ T7439] usb 6-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 821.222741][ T7439] usb 6-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 821.235699][ T7439] usb 6-1: config 1 interface 0 has no altsetting 0 [ 821.243585][ T7439] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 821.252646][ T7439] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 821.260663][ T7439] usb 6-1: Product: syz [ 821.264810][ T7439] usb 6-1: Manufacturer: syz [ 821.269417][ T7439] usb 6-1: SerialNumber: syz [ 821.477235][ T7439] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 92 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 821.681220][ T36] audit: type=1400 audit(1770776615.045:31208): avc: denied { read write } for pid=15883 comm="syz.5.6064" name="lp0" dev="devtmpfs" ino=1714 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 821.684319][ T63] usb 6-1: USB disconnect, device number 92 [ 821.710327][ T36] audit: type=1400 audit(1770776615.045:31209): avc: denied { open } for pid=15883 comm="syz.5.6064" path="/dev/usb/lp0" dev="devtmpfs" ino=1714 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 821.887758][ T36] audit: type=1400 audit(1770776615.255:31210): avc: denied { ioctl } for pid=15883 comm="syz.5.6064" path=2F6465762F7573622F6C7030202864656C6574656429 dev="devtmpfs" ino=1714 ioctlcmd=0x60b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 821.890306][T15884] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6064'. [ 821.928637][T15883] usblp0: removed [ 822.676644][ T7439] usb 6-1: new high-speed USB device number 93 using dummy_hcd [ 822.826666][ T7439] usb 6-1: Using ep0 maxpacket: 32 [ 822.833059][ T7439] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 822.844004][ T7439] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 822.853793][ T7439] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 822.862856][ T7439] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 822.871591][ T7439] usb 6-1: config 0 descriptor?? [ 822.878150][ T7439] hub 6-1:0.0: USB hub found [ 823.079211][ T7439] hub 6-1:0.0: config failed, can't read hub descriptor (err -22) [ 823.289169][ T7439] usbhid 6-1:0.0: can't add hid device: -71 [ 823.295175][ T7439] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 823.317455][ T7439] usb 6-1: USB disconnect, device number 93 [ 823.391689][T15897] input: syz0 as /devices/virtual/input/input78 [ 823.405603][T15899] input: syz0 as /devices/virtual/input/input79 [ 823.510988][T15904] fuse: Unknown parameter '®)ÊÁø 6ø ®1ȉ<«ä>k r´¸™Ä®jÓÏ00000000000000000000' [ 824.066669][ T10] usb 6-1: new high-speed USB device number 94 using dummy_hcd [ 824.138828][T15918] usb usb5: usbfs: process 15918 (syz.6.6079) did not claim interface 0 before use [ 824.162615][ T36] audit: type=1326 audit(1770776617.525:31211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15919 comm="syz.6.6080" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9a10b9bf79 code=0x0 [ 824.226613][ T10] usb 6-1: Using ep0 maxpacket: 32 [ 824.247072][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 824.257050][ T10] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 824.270387][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 824.294596][ T10] usb 6-1: config 0 descriptor?? [ 824.301240][ T10] hub 6-1:0.0: bad descriptor, ignoring hub [ 824.311574][ T10] hub 6-1:0.0: probe with driver hub failed with error -5 [ 824.320830][ T10] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 824.469548][T15937] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=24 sclass=netlink_tcpdiag_socket pid=15937 comm=syz.6.6088 [ 824.471365][T15159] Bluetooth: hci0: Frame reassembly failed (-84) [ 826.526670][T10054] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 826.526923][T15406] Bluetooth: hci0: command 0x1003 tx timeout [ 826.622579][T15946] SELinux: failed to load policy [ 826.641115][T15948] overlayfs: failed to resolve './file0': -2 [ 826.926796][ T10] usb 6-1: USB disconnect, device number 94 [ 827.816679][T15990] input: syz0 as /devices/virtual/input/input83 [ 827.830319][ T334] udevd[334]: setting owner of /dev/input/event3 to uid=0, gid=104 failed: No such file or directory [ 827.857208][T15994] overlayfs: overlapping lowerdir path [ 828.086674][ T1309] usb 6-1: new high-speed USB device number 95 using dummy_hcd [ 828.236633][ T1309] usb 6-1: Using ep0 maxpacket: 32 [ 828.242753][ T1309] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 828.253790][ T1309] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 828.263655][ T1309] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 828.272759][ T1309] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 828.281358][ T1309] usb 6-1: config 0 descriptor?? [ 828.287539][ T1309] hub 6-1:0.0: USB hub found [ 828.689639][ T1309] hub 6-1:0.0: config failed, can't read hub descriptor (err -22) [ 828.899551][ T1309] usbhid 6-1:0.0: can't add hid device: -71 [ 828.905544][ T1309] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 828.927106][ T1309] usb 6-1: USB disconnect, device number 95 [ 829.558136][T16010] random: crng reseeded on system resumption [ 829.780357][ T36] audit: type=1400 audit(1770776623.145:31212): avc: denied { mounton } for pid=16016 comm="syz.5.6121" path="/398/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1 [ 830.577465][T16026] SELinux: policydb string does not match my string SE Linux [ 830.585058][T16026] SELinux: failed to load policy [ 831.006673][ T10] usb 6-1: new high-speed USB device number 96 using dummy_hcd [ 831.156621][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 831.162930][ T10] usb 6-1: too many endpoints for config 0 interface 0 altsetting 3: 253, using maximum allowed: 30 [ 831.173809][ T10] usb 6-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 831.186908][ T10] usb 6-1: config 0 interface 0 has no altsetting 0 [ 831.193529][ T10] usb 6-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 831.202593][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 831.211241][ T10] usb 6-1: config 0 descriptor?? [ 831.619843][ T10] magicmouse 0003:05AC:0269.0064: unknown main item tag 0x0 [ 831.627248][ T10] magicmouse 0003:05AC:0269.0064: unknown main item tag 0x0 [ 831.634540][ T10] magicmouse 0003:05AC:0269.0064: unknown main item tag 0x0 [ 831.641875][ T10] magicmouse 0003:05AC:0269.0064: unknown main item tag 0x0 [ 831.649226][ T10] magicmouse 0003:05AC:0269.0064: unknown main item tag 0x0 [ 831.657457][ T10] magicmouse 0003:05AC:0269.0064: hidraw0: USB HID v0.06 Device [HID 05ac:0269] on usb-dummy_hcd.5-1/input0 [ 833.782805][ T1309] usb 6-1: USB disconnect, device number 96 [ 833.796805][T16079] overlayfs: failed to resolve './cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 834.086425][ T1309] usb 6-1: new full-speed USB device number 97 using dummy_hcd [ 834.327339][ T1309] usb 6-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 834.338278][ T1309] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 10 [ 834.349160][ T1309] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 834.360060][ T1309] usb 6-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 834.373856][ T1309] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 834.382927][ T1309] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 834.390943][ T1309] usb 6-1: SerialNumber: syz [ 834.396823][T16081] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 834.404708][ T1309] cdc_acm 6-1:1.0: skipping garbage [ 834.604764][T16081] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 834.613467][T16092] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 834.775243][T16096] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 834.956510][T16103] netlink: 104 bytes leftover after parsing attributes in process `syz.7.6156'. [ 836.800718][ T1309] usb 6-1: USB disconnect, device number 97 [ 836.972883][T16133] /dev/sr0: Can't lookup blockdev [ 837.088103][T16136] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6169'. [ 837.345581][ T484] usb 6-1: new high-speed USB device number 98 using dummy_hcd [ 837.495562][ T484] usb 6-1: Using ep0 maxpacket: 8 [ 837.501666][ T484] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 837.509958][ T484] usb 6-1: config 179 has no interface number 0 [ 837.516264][ T484] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 837.527316][ T484] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 837.538557][ T484] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 837.549710][ T484] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 837.561207][ T484] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 837.574550][ T484] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 837.583613][ T484] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 837.592580][T16138] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 838.004547][ T484] usb 6-1: USB disconnect, device number 98 [ 838.004596][ C0] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 838.018815][ C0] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 838.825138][ T1309] usb 6-1: new high-speed USB device number 99 using dummy_hcd [ 838.976546][ T1309] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 838.987553][ T1309] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 838.997478][ T1309] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 839.010307][ T1309] usb 6-1: New USB device found, idVendor=172f, idProduct=0500, bcdDevice= 0.00 [ 839.019534][ T1309] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 839.032147][ T1309] usb 6-1: config 0 descriptor?? [ 839.446317][ T1309] waltop 0003:172F:0500.0065: unknown main item tag 0x0 [ 839.456282][ T1309] waltop 0003:172F:0500.0065: unknown main item tag 0x0 [ 839.463305][ T1309] waltop 0003:172F:0500.0065: unknown main item tag 0x0 [ 839.470638][ T1309] waltop 0003:172F:0500.0065: unknown main item tag 0x0 [ 839.477952][ T1309] waltop 0003:172F:0500.0065: unknown main item tag 0x0 [ 839.485308][ T1309] waltop 0003:172F:0500.0065: unknown main item tag 0x0 [ 839.495155][ T1309] waltop 0003:172F:0500.0065: hidraw0: USB HID v2.00 Device [HID 172f:0500] on usb-dummy_hcd.5-1/input0 [ 841.598286][ T1309] usb 6-1: USB disconnect, device number 99 [ 841.934415][ T1309] usb 6-1: new high-speed USB device number 100 using dummy_hcd [ 842.086727][ T1309] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 842.097722][ T1309] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 842.106809][ T1309] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 842.119075][ T1309] usb 6-1: config 0 descriptor?? [ 842.527786][ T1309] kone 0003:1E7D:2CED.0066: hidraw0: USB HID v0.00 Device [HID 1e7d:2ced] on usb-dummy_hcd.5-1/input0 [ 844.621850][ T365] usb 6-1: USB disconnect, device number 100 [ 845.793958][T16238] netlink: 164 bytes leftover after parsing attributes in process `syz.6.6203'. [ 845.856159][T16250] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 845.864943][T16250] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 847.042792][T16274] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 847.051722][T16274] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 848.012926][ T365] usb 6-1: new full-speed USB device number 101 using dummy_hcd [ 848.163860][ T365] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 848.176825][ T365] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 2632, setting to 64 [ 848.187777][ T365] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 848.199944][ T365] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 848.209258][ T365] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 848.217330][ T365] usb 6-1: Product: syz [ 848.221541][ T365] usb 6-1: Manufacturer: syz [ 848.226203][ T365] usb 6-1: SerialNumber: syz [ 848.233286][ T365] cdc_ncm 6-1:1.0: skipping garbage [ 848.432680][T16278] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22 [ 848.439995][T16278] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22 [ 848.648296][T16278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 848.656872][T16278] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 849.066762][T16278] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22 [ 849.074076][T16278] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22 [ 849.282599][ T365] cdc_ncm 6-1:1.0: bind() failure [ 849.288574][ T365] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found [ 849.295442][ T365] cdc_ncm 6-1:1.1: bind() failure [ 849.488558][ T365] usb 6-1: USB disconnect, device number 101 [ 849.757053][T16282] FAULT_INJECTION: forcing a failure. [ 849.757053][T16282] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 849.770218][T16282] CPU: 1 UID: 0 PID: 16282 Comm: syz.7.6221 Not tainted syzkaller #0 eb3ac94483332de1dcdde2e475b5ff9bbded7b99 [ 849.770251][T16282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 849.770261][T16282] Call Trace: [ 849.770266][T16282] [ 849.770273][T16282] __dump_stack+0x21/0x30 [ 849.770294][T16282] dump_stack_lvl+0x140/0x1c0 [ 849.770311][T16282] ? __cfi_dump_stack_lvl+0x10/0x10 [ 849.770330][T16282] dump_stack+0x19/0x20 [ 849.770345][T16282] should_fail_ex+0x3d7/0x530 [ 849.770360][T16282] should_fail+0xf/0x20 [ 849.770373][T16282] should_fail_usercopy+0x1e/0x30 [ 849.770388][T16282] _copy_to_user+0x24/0xa0 [ 849.770407][T16282] kvm_arch_vcpu_ioctl+0x1adc/0x2d90 [ 849.770429][T16282] ? avc_has_perm+0x155/0x240 [ 849.770446][T16282] ? __cfi_avc_has_perm+0x10/0x10 [ 849.770461][T16282] ? kasan_save_alloc_info+0x40/0x50 [ 849.770478][T16282] ? __cfi_kvm_arch_vcpu_ioctl+0x10/0x10 [ 849.770498][T16282] ? selinux_file_open+0x46c/0x630 [ 849.770513][T16282] ? __cfi_selinux_file_open+0x10/0x10 [ 849.770531][T16282] ? is_bpf_text_address+0x17b/0x1a0 [ 849.770549][T16282] ? kernel_text_address+0xa9/0xe0 [ 849.770565][T16282] ? __kernel_text_address+0x11/0x40 [ 849.770580][T16282] ? __asan_set_shadow_00+0x12/0x20 [ 849.770594][T16282] ? do_vfs_ioctl+0x182d/0x2010 [ 849.770614][T16282] ? arch_stack_walk+0x10a/0x170 [ 849.770633][T16282] ? __ia32_compat_sys_ioctl+0x920/0x920 [ 849.770653][T16282] ? _parse_integer_limit+0x195/0x1e0 [ 849.770672][T16282] ? _parse_integer+0x2e/0x40 [ 849.770684][T16282] ? kstrtoull+0x13b/0x1e0 [ 849.770696][T16282] ? kstrtouint+0x78/0xf0 [ 849.770708][T16282] ? ioctl_has_perm+0x1bc/0x500 [ 849.770722][T16282] ? __asan_memcpy+0x5a/0x80 [ 849.770738][T16282] ? ioctl_has_perm+0x408/0x500 [ 849.770752][T16282] ? has_cap_mac_admin+0xd0/0xd0 [ 849.770766][T16282] ? __kasan_check_write+0x18/0x20 [ 849.770782][T16282] ? mutex_lock_killable+0x97/0x1d0 [ 849.770798][T16282] ? __cfi_mutex_lock_killable+0x10/0x10 [ 849.770812][T16282] ? proc_fail_nth_write+0x184/0x220 [ 849.770827][T16282] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 849.770841][T16282] kvm_vcpu_ioctl+0x7da/0x1000 [ 849.770861][T16282] ? add_del_listener+0x6d6/0x780 [ 849.770878][T16282] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 849.770897][T16282] ? __cfi_vfs_write+0x10/0x10 [ 849.770914][T16282] ? __kasan_check_write+0x18/0x20 [ 849.770929][T16282] ? mutex_unlock+0x90/0x240 [ 849.770943][T16282] ? __cfi_mutex_unlock+0x10/0x10 [ 849.770957][T16282] ? __fget_files+0x2c5/0x340 [ 849.770976][T16282] ? __fget_files+0x2c5/0x340 [ 849.770995][T16282] ? bpf_lsm_file_ioctl+0xd/0x20 [ 849.771008][T16282] ? security_file_ioctl+0x3e/0x110 [ 849.771021][T16282] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 849.771040][T16282] __se_sys_ioctl+0x135/0x1b0 [ 849.771058][T16282] __x64_sys_ioctl+0x7f/0xa0 [ 849.771077][T16282] x64_sys_call+0x1878/0x2ee0 [ 849.771095][T16282] do_syscall_64+0x57/0xf0 [ 849.771114][T16282] ? clear_bhb_loop+0x50/0xa0 [ 849.771135][T16282] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 849.771153][T16282] RIP: 0033:0x7f0162d9bf79 [ 849.771164][T16282] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 849.771177][T16282] RSP: 002b:00007f0163c74028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 849.771193][T16282] RAX: ffffffffffffffda RBX: 00007f0163015fa0 RCX: 00007f0162d9bf79 [ 849.771203][T16282] RDX: 0000200000000000 RSI: 000000008188aea6 RDI: 0000000000000005 [ 849.771213][T16282] RBP: 00007f0163c74090 R08: 0000000000000000 R09: 0000000000000000 [ 849.771222][T16282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 849.771230][T16282] R13: 00007f0163016038 R14: 00007f0163015fa0 R15: 00007fff88d21588 [ 849.771243][T16282] [ 850.204399][T16285] netlink: 72 bytes leftover after parsing attributes in process `syz.7.6222'. [ 850.342962][T15406] Bluetooth: hci0: sending frame failed (-49) [ 850.349112][T10054] Bluetooth: hci0: Opcode 0x1003 failed: -49 [ 850.521930][ T36] audit: type=1400 audit(1770776903.884:31213): avc: granted { setsecparam } for pid=16297 comm="syz.5.6226" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 851.702009][ T63] usb 6-1: new high-speed USB device number 102 using dummy_hcd [ 851.851945][ T63] usb 6-1: Using ep0 maxpacket: 16 [ 851.858171][ T63] usb 6-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 851.868216][ T63] usb 6-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 851.878097][ T63] usb 6-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 851.891061][ T63] usb 6-1: config 1 interface 0 has no altsetting 0 [ 851.898990][ T63] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 851.908074][ T63] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 851.916101][ T63] usb 6-1: Product: syz [ 851.920272][ T63] usb 6-1: Manufacturer: syz [ 851.924916][ T63] usb 6-1: SerialNumber: syz [ 852.132882][ T63] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 102 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 852.334332][ T409] usb 6-1: USB disconnect, device number 102 [ 852.401742][T16338] tipc: Started in network mode [ 852.406736][T16338] tipc: Node identity ac14140f, cluster identity 4711 [ 852.413688][T16338] tipc: New replicast peer: 255.255.255.255 [ 852.419787][T16338] tipc: Enabled bearer , priority 10 [ 852.541940][T16321] usblp0: removed [ 853.088902][T16352] ------------[ cut here ]------------ [ 853.094459][T16352] WARNING: CPU: 0 PID: 16352 at mm/page_alloc.c:5234 __alloc_pages_noprof+0x109/0x7e0 [ 853.104103][T16352] Modules linked in: [ 853.108035][T16352] CPU: 0 UID: 0 PID: 16352 Comm: syz.5.6247 Not tainted syzkaller #0 eb3ac94483332de1dcdde2e475b5ff9bbded7b99 [ 853.119871][T16352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 853.130051][T16352] RIP: 0010:__alloc_pages_noprof+0x109/0x7e0 [ 853.136135][T16352] Code: 00 0f 1f 44 00 00 83 fb 0b 72 28 b8 00 20 00 00 23 44 24 40 75 1d 80 3d 0a b4 0b 06 00 0f 85 c2 00 00 00 c6 05 fd b3 0b 06 01 <0f> 0b 31 c0 e9 b4 00 00 00 83 fb 0a 0f 87 a9 00 00 00 44 8b 64 24 [ 853.155845][T16352] RSP: 0018:ffffc90003277980 EFLAGS: 00010246 [ 853.162062][T16352] RAX: 0000000000000000 RBX: 0000000000000034 RCX: 0000000000000000 [ 853.170065][T16352] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90003277a38 [ 853.178096][T16352] RBP: ffffc90003277aa8 R08: ffffc90003277a37 R09: 0000000000000000 [ 853.186117][T16352] R10: ffffc90003277a20 R11: fffff5200064ef47 R12: ffffc900032779c0 [ 853.194156][T16352] R13: dffffc0000000000 R14: 1ffff9200064ef34 R15: 0000000000000000 [ 853.202170][T16352] FS: 00007f8b341db6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 853.211118][T16352] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 853.217838][T16352] CR2: 0000000000000000 CR3: 000000012c568000 CR4: 00000000003526b0 [ 853.225919][T16352] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083 [ 853.233948][T16352] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 853.242010][T16352] Call Trace: [ 853.245324][T16352] [ 853.248278][T16352] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 853.254181][T16352] ? stack_trace_save+0xaa/0x100 [ 853.259154][T16352] ? pending_reads_dispatch_ioctl+0xc86/0x2080 [ 853.265404][T16352] ___kmalloc_large_node+0x81/0x210 [ 853.270646][T16352] ? pending_reads_dispatch_ioctl+0xc86/0x2080 [ 853.276908][T16352] __kmalloc_large_node_noprof+0x1e/0xd0 [ 853.282606][T16352] ? pending_reads_dispatch_ioctl+0xc86/0x2080 [ 853.288794][T16352] __kmalloc_noprof+0x326/0x500 [ 853.293717][T16352] pending_reads_dispatch_ioctl+0xc86/0x2080 [ 853.299737][T16352] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 853.306245][T16352] ? selinux_file_ioctl+0x732/0x1480 [ 853.311597][T16352] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 853.317189][T16352] ? do_futex+0x37d/0x510 [ 853.321770][T16352] ? __cfi_do_futex+0x10/0x10 [ 853.326487][T16352] ? __fget_files+0x2c5/0x340 [ 853.331228][T16352] ? bpf_lsm_file_ioctl+0xd/0x20 [ 853.336333][T16352] ? security_file_ioctl+0x3e/0x110 [ 853.341592][T16352] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 853.348045][T16352] __se_sys_ioctl+0x135/0x1b0 [ 853.352810][T16352] __x64_sys_ioctl+0x7f/0xa0 [ 853.357448][T16352] x64_sys_call+0x1878/0x2ee0 [ 853.362197][T16352] do_syscall_64+0x57/0xf0 [ 853.366656][T16352] ? clear_bhb_loop+0x50/0xa0 [ 853.371377][T16352] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 853.377342][T16352] RIP: 0033:0x7f8b3339bf79 [ 853.381812][T16352] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 853.401689][T16352] RSP: 002b:00007f8b341db028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 853.410149][T16352] RAX: ffffffffffffffda RBX: 00007f8b33615fa0 RCX: 00007f8b3339bf79 [ 853.418295][T16352] RDX: 00002000000000c0 RSI: 0000000040106726 RDI: 0000000000000008 [ 853.426330][T16352] RBP: 00007f8b334327e0 R08: 0000000000000000 R09: 0000000000000000 [ 853.434365][T16352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 853.442384][T16352] R13: 00007f8b33616038 R14: 00007f8b33615fa0 R15: 00007ffc3ac48888 [ 853.450394][T16352] [ 853.453479][T16352] ---[ end trace 0000000000000000 ]--- [ 853.531565][ T63] tipc: Node number set to 2886997007