last executing test programs:

3m22.243169266s ago: executing program 2 (id=492):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c000000bf1414aa000000000000000000000000000018d3a54bf7ab0a9e0000000000000600000000000000ffff0000000000001c250800000000000100000000000000f8ffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000ff0100000000000002000000fcffffff000000002abd700004350000020004fd20000000000000008c0003006465666c617465"], 0x17c}, 0x1, 0x0, 0x0, 0x8801}, 0x10)

3m21.978038423s ago: executing program 2 (id=493):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x84)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
chroot(&(0x7f0000000040)='./file0\x00')

3m20.476377986s ago: executing program 2 (id=503):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c000000bf1414aa000000000000000000000000000018d3a54bf7ab0a9e0000000000000600000000000000ffff0000000000001c250800000000000100000000000000f8ffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000ff0100000000000002000000fcffffff000000002abd700004350000020004fd20000000000000008c0003006465666c617465"], 0x17c}, 0x1, 0x0, 0x0, 0x8801}, 0x10)

3m20.242480828s ago: executing program 2 (id=507):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

3m19.728555599s ago: executing program 2 (id=510):
r0 = openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f0000000500)='/sys/fs/smackfs/mapped\x00', 0x2, 0x0)
writev(r0, 0x0, 0x0)

3m18.164584438s ago: executing program 4 (id=518):
unshare(0x4040600)
r0 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcf\xcb\x92\xf1\x83\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000400)='source', &(0x7f0000000240)='//\xf2/\x06\b\xa30\\/\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas\x9d\x14\xe3\v\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7Gl\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000000)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000100)={@local})
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r1, 0x7b2, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e24, 0x1, @empty, 0x3}], 0x1c)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67200000000000140600000fff07006706000020000000350200000ee60000bf25000000000000bd350000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad53010000000000840400000000000014000000000000009500000000000000db13d5d8b740f2cdaabc8383c8f56b8c2b84a800ea6553f3ef4392b3815dcf00c3eebc52267b042d19d6e31e25e589d5f2692c75a547d6f186641ae8c557ccff3878a93b51a0389749df734f49ed5078b10f1e7f2b37626a3ace1ea89f7d2c570720a86853e26168761f0a53358f7ee2baa0e6a67a98a0d57ac09f36cfefbbc7492bbe7cdf64971a57fd64efd46c26"], &(0x7f0000000380)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x6, 0x10, 0x0, 0x57}, 0x48)
io_uring_enter(0xffffffffffffffff, 0x8af, 0xc0b8, 0x0, &(0x7f0000000100)={[0x6]}, 0x8)
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000180)=0x7)
r2 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0x8e44, 0x1f400, 0x8, 0xc1})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
readv(r3, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000200)=""/87, 0x57}], 0x2)
socket$kcm(0x21, 0x2, 0xa)
r4 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_QBUF(r4, 0xc058560f, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0xb, 0x6, 0xff}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x10007f, 0x20000006, 0x4d, 0x6, 0x3, 0x9, 0x2, 0xffff2d34, 0xffffff01, 0x6, 0x3, 0xfffffff9, 0x5, 0x4, 0x2, 0x7, 0x3c5b, 0x80000001, 0x25, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x3, 0x4c74, 0x80000000, 0x0, 0x3, 0xe, 0x8, 0x8000806e, 0x7, 0x17, 0x1, 0x7, 0x800200, 0x3e, 0x8c, 0x6, 0x6, 0x0, 0x9, 0x4, 0x8, 0x400, 0x80, 0x1, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x7, 0x6c7, 0x8000009, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x7, 0xf56, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x1, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8020, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x43, 0x103], [0x7, 0xa, 0x4, 0x5, 0xffff7ffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xf, 0x4, 0x6, 0x5, 0x0, 0x6, 0x5, 0x1, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2002, 0x2, 0x3, 0x0, 0x2, 0x6d03, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x0, 0x5, 0x6, 0x5, 0xc2, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x1000000a, 0x9, 0x5, 0x1c, 0x120001, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x80000000, 0xb, 0x5, 0x4, 0x6, 0x1000006, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x4, 0xb54, 0x101, 0x10000, 0x4, 0x7fff, 0x10000, 0x7f, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x96, 0xffffffff, 0x80000000, 0x0, 0x4, 0xc8, 0x1, 0xfffff000, 0x10080, 0x3, 0x7e, 0x100, 0xfff, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x1, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)

3m18.107436432s ago: executing program 2 (id=519):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(&(0x7f00000045c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
vmsplice(r5, &(0x7f00000001c0)=[{&(0x7f0000000280)="afc356bf9b09d4372dada82178d12dd14c1ac862", 0xfffffcfa}], 0x1, 0x2)
r6 = socket$inet(0x2, 0x3, 0x7f)
setsockopt$inet_int(r6, 0x0, 0x3, &(0x7f0000000080)=0xfffffffa, 0x4)
connect$inet(r6, &(0x7f0000000040)={0x2, 0x20, @remote}, 0x10)
splice(r4, 0x0, r6, 0x0, 0x8000, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket(0x400000000010, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r11, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x100, 0xe}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r12 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000006040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x4000)

3m17.926098363s ago: executing program 4 (id=522):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010800d972a440b72040155ab7010203010902120001000000000904000000ff"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000700)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001200)=ANY=[@ANYBLOB="61124c00000000006113300000000000bf300000000000002500070007ffffffbd0201000000000095002000000000006916320000000000bf6700000000000004070000b964b01a4607feff00200000540700000ee60090bf050000000000000c5700000000000065070000d23700002c030000000000001f75000000000000bf54000000000000070000000400f9ffad430100000000007c000000000000000500000000000000950000000000000032ed3c5be95e5db67754bb12dc8c4ed68ecf264e0f84f9f17d3c30e3c7bdd2d17f2f175455000078af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd390700000500000000f18c30907d7bee45a0100000fe9de56c9d05000000c6c60bef0d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cac3f055af65727546e7c955ccefa1f6ab689ffffff7f63ede202fa4e0a2127b8b83c71a51445dc8dfd13ff15f852a39e5b2ab7bcb8f512036a5ba6d04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6901fcecc8158f0200000000c8fb735fd552bdc268694aeb0763f65e439ec1120843e326c819b6cf5c8ac86f8a297dff0445a13d0045fb3cda30a673a6037ed8c85f21ec2c081bdce431e56723888fb126a19bc1172b84b3ebe174aba210d739a018f9bbec63222d20cecac4d03723f1c921b5bbf7949632cacfdd32b3a6aa57f1ad2e99e0e67a993716dbf580469f0f53acbb400001e3abd5dedd3f7d2cf5834f2af97787f696649a46e17e090000000000000045eac1720e83b7838e3eede14308d582685e1becd6f35154bcb400000000000000000000008129277dc467148670ad3e2b26539cebca8f4ddc211bc3ccf0bd9d42ca019dd5d022cf74686e9fbe2562979eaed840a7afaab43176e65ec1118d46d1e827f3472f4445d353887a5ad103649afa1769080584f800031e03a651bb04000000ab04871bc47287cd31cc43ea0ffb567b4040c1458d0320ce7d0000413a0000000000000000005f37983f84e98a523d80bd56a57fa82b82f639601ae899a559944cb9a62a29ab028acfc1cb26a0f6a5480a55d624a0c544ba0dc828c22fe30000aa391598000000437d57fcf8295f63a70837f5cd4e5e77964522dc7ca3aa3476b7f2d851d27fd4de6eabb43e0799dc8d9fb7dc6c523ffbd74a6a40e4acb1ac872ade9d1f2ab779b8dbe843aeeda0426c767c00327b8c95b2bb6ddb55117669d9598c0f3598073f3a921c76beceff7e4fbfea5011db9020823b83abe54346c7af0a99fa077ffe7000feb9e44023a1749eb1d0d572b77d6e0d0fcd74031c8ef2629f5ecff4626746d6abe98a255e92c3c4f79bfcd0d91741380000cfeb73dec68ed56b5d3dfdf0cb8b71ad79000000000000000000000000000000dd434a25e95d0ec29d3adaccf89d0888031ecdfdb4dfbe444673be099ece7e4009c76c7108ef0a7e59fd6d906fbc3c9b412e0478cfee4485f423c63f49db43833c92eeeb647cebd4d7a93a17bcbb6bae5ff876375d4fe39cc2d292691672cc18ca372104ceb83a35ecedd97fc191d8f64d2b1d60c6d12911aada66c26aa4802c3514c3d92ec905000000b13f14c3f2ed6c64ec90000022d600000000000000000000028026b80c3899543223a6079ee96198b9a326db3be3a48af415ca28ca51c502550044ed8e29af8d763ef9b1f31befcad2ce5394601c7cdc233ba3d4ce26ed703dcb9fb3ad650f77e339768924dfdbeead13b88371154d743544a6091ec93e0d3fd5b4dc42911c17d51f964727bfd5cc5ba15370f6e1141d2271eded0b15e4316a1e4623272beb249a0928c417720be14c898f397411c88a7bcf3df46ab3efe7cd5e160c2afd3cc945f75011a102d952c7ad17a58d9be6910023a26faea764fae160cc2260bd028162917807ce89e11b5f261052ee0dde18efa1d802af2b7beecaaa61e7a726571df5cf6f8af41933cea0d0343261bccf64ca1c81045153eafbefdb91fbdff9ee3307d4a1837963b2dc2a3698d90e7915b098f19392e792adaea86052f4e948184001b6494e906925a092483adc7e9c8f7a29d226763c100aecae7f00619c36bceb9fb6dd7e55487d8485e498fdfc377fd3d266d21d46ab2f6b2ce22cd0aebba9b0ffbfe8ec3143c3734967c90b16ebbeeae1ce2baaae05aed6bf0f40c8a323f9235dc99698bd0b800067a901a79daada03cc77e74feb98b1586946b452764ff917a8ecc10e529c5bea49cad70e22df522c2803b6ef65df70223c6e22c3433e322d8dbd6e9b040065a9d6b3d5ae276cffe935d559bea88e1aa36b4e6c19e78457904297e77370e013b705a96548d47c609a93c45f4d1382b39c05dcc07d5b49ad75ddb3ce5b5b9416e03995da046c7aa5e6fc1a6f5d663380967ccef9de49a90ced031335e3219ebd9d06c257a50497ec523f5ff7361261ccfe239d603364a42e2e81fc068fcbb9792b673827fe7018a988fbce55bb74cdb327ce27e134548032a307871cea4c89d4b77b8743fb3cb72cc280b9f62e4f92f46a19600b802cba88b7d0a938d9e0e6cfe5d66b8748d004179e5b6025c0e1050faec7ecd9de190a975db2f8c06a551236278c4766d7e22e3b85168c9851de6266c791252f919b4f8b25055e786734e5142e4666c67aef5b7b2f88c6640995434aa8636993089c73f196c54ae829ad4307132655b075ae534fa7f1ea9a17e62357b0bd2bd1d62d34bfc136464025013665b1cf26a863a5cb3e8acc806611792add8254e705fefd2a44d5b15e3b36f6b75c97c9c04c511d8cf9e24c61c8284a913a381cb1a56c4f3f265a09628878040000000000000017b68afd95d4abd79286692439ee7acca2adc3d83d72b1b778e30c2bf2efbbcd054cf51f5705eb0faa8a0d9f18135cb1d8d567c3436fa697b72c5035d98b9e4f7f3379c0b3339debc78352b2e65299223d7ef2bd540e78167a3ac92a4c4f826f6d0e5c4ebf4f7a70c03e2f5ddbebf168586331eb5995d2288a167b7c6b20b32116b0c528dab6d0c4fe2ee402348104bc5d4012babedee898c6d3e1017be2e9bc759d3ab4d615f5000000000000000000000000000000000000000000007fff0000000000e693e314adf7dc9f517d04f1e6ca367d30d31d3647c6059db6e1e9529eb1623ef99e2d9ac2ab4872f8e784b07a31110bef6d000000a6f9e89e6d50ee06ce716f94da60f1f22db669560d296287c13c92070000ee7553eb2df17a39542fa88d09f000e88a90cf4406b9000000000000000000000000f441d6a6f516c235c6f5863e7f454ee0e16b9aa2593eb31fa3836703e7765aaeb77a8770e518efaa6d3dd85e03b3b133eb749057cea9af75a0e6f633532f2891b8e263cb6eecea691842827bc7c887081c8d320642389f5f0c42dba0ff75a257310f2d92cb1d1e16468949f5675262ee6609cf26ae4a8f5eac0ebf318e735930b01d8f586e34537bcff7d6196f494cdcf3a712078d745db0f5687a78ee6d000b3d171a0f08299b52d207f32e9da311ca090000003a42732808515eec574f892622c5be497fc3d9ca122d7c18b9e54637812c8debc61f0e42d838e44a819b74bce1a56108bb0f72c4a02475920532309c55b2c9ae9f281391ec5cc72a5e94cca1cbf1a706ec201eedfa5fbdb537a0c52bd45a9f966c25616cec30c3ea3246cb8e6aac7cf273638e6656a3e4ccadc348f0172028c99cc5f6d5c6d09ed65aa54549e73c28b7c8ad06ad3c5e3c27eec0eff1a6c84f1189919eefcee8072d1f88cb781e4cdb04af00ac92f1080211c4bee74381a0e31021918f27863fdbafb50f70857d52a1f7df51935a80b1980a4778d35f183ea517f55a98c5a471f3521956f8da6a4ccf2071095305701ab3f3ae43f06e91bc7d85e3800b46926944fba9805a985e63e53a62232fcd3f01dbe1728f300e247a7ebe344f9749818ff3961b2a42664ccd680a90bbb6ab400e286acc8f9febef64594777f848ed1cf980a3da2f0f7745760a05887d0c28060d613dd6539d392fc21fee0b5131609664b821d7a994e6c5965a4fa1ec1790c54e54586907dcc5a071ba22251e2de8bac16e79da9c2444d52facb7ab49420900000000000000f888a94365b99b72796fde1b922fc9ae09b526efca65faf1546c17cbb1d2d2fd12cb1a49cad501a3ca218c595b667b634606c57987ebfb0783a4948e4561d5cda158fe74453ff4a837be14d6a483842c57d6005b544b4f80003386edfd3d4a88a667bd41eefe0d808abed08a29e6bc370a80cc0366fb4080bfbaaa946fd47ab662c79c846e403910bbc3a48bb276cbb08a8eab145c06221ef16a238e3d50ad18aea9a2cec97d3c2d0569caabe2bffe02506bc9cb7294c5d020536dd5e7a6351642112df3b55d0215aaec7e45598995e79699e47567e353e68b03f82be860b188554b734e1192f9c1a867b815ef52cdc3307c0cc9be0000fdde69c350e59f11f1d26a4d04d8c8b2c4a4d23ee931d14bc7807db773a614b670acf46f83f7c65a0f8d43c5f647e1f0d27c46d4b686e867e9b0be76a7978a8f962bb5a070df97f2bf7612115cfe5ebdc7ad0bc5a5f3ace25347d0e5c347279d55aa67a967380000000000000000000000000000000000000000000000ed0942d980c754c6c69ef65c375ad018824f78b260d5f51bc3feba504408a8c8141d84f3f417603b5081680faa8cf38dbe4ae19e936511966965ce268b6345a0001c0f26a32e0a999fc869292e939dcf89b9bfd794f9c12d41959a00688cca43015a9eec58f647796adea520cd2abeb0b55c22949d10e5a05fee4543fdc1e02554a55b5fef2427a6e5708edc38fac53c2f961945a3f83cdf01979939b49bc6b1aef8c733401bbe473de8d64efbe0d123739f387d1c0d9e74f2175c174ada1678c7db79492e8dd0f34e2ccf419cf7f14ffa408b50a52685b36aed14aa22ad928191d5a2697646edc52a1c0c5d720ae690add2b34aed161f51cc1cb424f76098e1e1921e5a405f9d298a8461f2da30e47b7c6ed7c95c84c745f58723e4cddffae3b53b5b947f9435e589f9ae55b30ecd3827b2de5df31976870823da8058c2538c04e397f3d0ef90c11c74da984fa558697ecb57224ce8fa6f79aadbd7dbf3678e74d790bc2ee72769a3ada1dd504f8e4133ce1effd446bc9a2f139e65cc4bd83912af3122352506c7c2191b3705113a5ce1c99193886d6008d3565b00000000000000000000000000000000001c260fc175785ca04e31790f542c0f17b6599e93134792eae9878638b299e1d2b38d367be0d5c99d179c6bde265caebbae48bae74338f9d4f12f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe50}, 0x48)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000005c0), r1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = timerfd_create(0x0, 0x0)
timerfd_settime(r4, 0x3, &(0x7f0000000440)={{0x0, 0x3938700}}, 0x0)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x2}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x0, 0x0, 0xd6e, 0x0, 0x6a9}, 0x0, 0x0)
ioctl$TFD_IOC_SET_TICKS(r4, 0x40085400, &(0x7f0000000140)=0xa)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000900)={{0x14}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x3}}, @NFT_MSG_DELCHAIN={0x20, 0x5, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x5c}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=ANY=[@ANYBLOB="380000001800010000000000fedbdf2502141400fe04000900000000060015000400000014001680100008800c00038005000100010000e128d493557d1f5d6c52340692fe958da2486347f9dab8fcdae670c75dd3107caec13a8f0d7f699cc742d8faad9e6b1ddd2e63a307300732d44eaefab8e902623672f10721f360d3e33090f1a09993bf20ea7196aa4661fe103cb72cf58cbba172b49d998693d1f3c6e3142f09"], 0x38}, 0x1, 0x0, 0x0, 0x20000080}, 0x2400c814)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [], {0x14}}, 0x90}}, 0x40014)
sendmsg$IEEE802154_LLSEC_GETPARAMS(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000240)={0x20, r2, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x20}}, 0x40000)

3m17.488077317s ago: executing program 32 (id=519):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(&(0x7f00000045c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
vmsplice(r5, &(0x7f00000001c0)=[{&(0x7f0000000280)="afc356bf9b09d4372dada82178d12dd14c1ac862", 0xfffffcfa}], 0x1, 0x2)
r6 = socket$inet(0x2, 0x3, 0x7f)
setsockopt$inet_int(r6, 0x0, 0x3, &(0x7f0000000080)=0xfffffffa, 0x4)
connect$inet(r6, &(0x7f0000000040)={0x2, 0x20, @remote}, 0x10)
splice(r4, 0x0, r6, 0x0, 0x8000, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket(0x400000000010, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r11, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x100, 0xe}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r12 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000006040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x4000)

3m14.029170739s ago: executing program 4 (id=535):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x103280)
ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000140)={0x80, 0x6, 0x303, 0x4, 0x31, 0xfffe, 0x0})

3m14.010466252s ago: executing program 4 (id=536):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

3m13.88297533s ago: executing program 4 (id=538):
getsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x8, 0x0, &(0x7f0000000000))
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
tkill(0x0, 0x12)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0xf, 0x20000000)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4001, 0x1, @dev={0xfe, 0x80, '\x00', 0x39}, 0x3e}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000000)='veno', 0x4)
sendmmsg$inet6(r3, &(0x7f0000003180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r4 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/time\x00')
r5 = syz_open_dev$dvb_frontend(&(0x7f00000015c0), 0x0, 0x400)
ioctl$FE_GET_PROPERTY(r5, 0x80106f53, &(0x7f0000001080)={0x13, 0x0})
getpeername$unix(r2, 0x0, &(0x7f0000000040))
r6 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r6, &(0x7f0000000140), 0x4924b68, 0x0)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r4, 0x6628)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x9, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0xf, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xfffffff8}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)

3m12.802330459s ago: executing program 3 (id=541):
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00')
fchdir(r0)
getdents64(0xffffffffffffffff, 0xfffffffffffffffe, 0xff80)

3m12.692415573s ago: executing program 3 (id=542):
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000340)={{0x2, 0x4e1f, @remote}, {0x304, @broadcast}, 0x2a, {0x2, 0x4e25, @empty}})
socket$inet(0x2, 0x80000, 0x7)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x82, 0x11fe, 0x0, 0x4000002, 0x9, "064233a5bd000012333fa600", 0x0, 0xfca})
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(0xffffffffffffffff, 0x404c4701, &(0x7f0000000040)={0x20000008, 0x0, 0x0, 0x3, 0xc, "3e01d89700"})
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_smc(0x2b, 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
inotify_init()
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000002, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

3m12.484015227s ago: executing program 3 (id=543):
syz_kvm_add_vcpu$x86(0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x8, &(0x7f0000000080)=[{0x5, 0x0, 0x0, 0xb}, {0x7fff, 0x7, 0xc, 0x5}, {0xa, 0x6, 0x6, 0xff}, {0x7, 0x8, 0xa, 0x5}, {0x1, 0x4, 0x7, 0x9}, {0x5, 0x2, 0x0, 0xf}, {0x5, 0x5, 0x3, 0x1}, {0x8, 0x6, 0x8, 0x3}]})
mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x400, 0x0)
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0xc45, 0x9, 0xfffffffffffffffd, 0x0, 0x10003, 0x3, 0x4002004c2, 0x7ff, 0x9, 0x6, 0x400, 0x80, 0x88, 0x0, 0x3, 0x8d], 0x100000, 0x2c08c6})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r3, &(0x7f0000000100)={0x1d, 0x0, 0x1, {0x1, 0x1}}, 0x18)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x420, &(0x7f0000000040)=ANY=[@ANYBLOB="6d706f6c3d696e746506f501e872deda14715a9bc57195006c656176653d72656c61746976650c00"])
chdir(&(0x7f0000000140)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpu.stat\x00', 0x275a, 0x0)

3m11.445167236s ago: executing program 3 (id=547):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

3m11.432442247s ago: executing program 4 (id=548):
unshare(0x4040600)
r0 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='source', &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcf\xcb\x92\xf1\x83\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000400)='source', &(0x7f0000000240)='//\xf2/\x06\b\xa30\\/\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas\x9d\x14\xe3\v\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7Gl\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0x8e44, 0x1f400, 0x8, 0xc1})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50)
io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0)

3m10.135830519s ago: executing program 33 (id=548):
unshare(0x4040600)
r0 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='source', &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcf\xcb\x92\xf1\x83\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000400)='source', &(0x7f0000000240)='//\xf2/\x06\b\xa30\\/\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas\x9d\x14\xe3\v\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7Gl\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0x8e44, 0x1f400, 0x8, 0xc1})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50)
io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0)

3m10.104525848s ago: executing program 3 (id=552):
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000340)={{0x2, 0x4e1f, @remote}, {0x304, @broadcast}, 0x2a, {0x2, 0x4e25, @empty}})
socket$inet(0x2, 0x80000, 0x7)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x82, 0x11fe, 0x0, 0x4000002, 0x9, "064233a5bd000012333fa600", 0x0, 0xfca})
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(0xffffffffffffffff, 0x404c4701, &(0x7f0000000040)={0x20000008, 0x0, 0x0, 0x3, 0xc, "3e01d89700"})
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_smc(0x2b, 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
inotify_init()
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000002, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

3m8.869683798s ago: executing program 3 (id=556):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_MIDI_INFO(0xffffffffffffffff, 0xc074510c, &(0x7f0000000140)={"37ce7f07583d8ee176f1ff84573b93f549823ebb845077172f2217d45353", 0x9c8, 0x0, 0x8, [0x2, 0x7, 0x6, 0x2, 0xf675, 0x8, 0x8, 0x725, 0x2, 0x80000000, 0x1, 0x1d8, 0x4, 0xa, 0x5, 0x8, 0x42a70c94, 0x87]})
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x180000000)
r3 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r3)
getsockname$packet(r3, &(0x7f0000000140)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000005c0)=0x56)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="200000001000390400000000fedbdf250000", @ANYRES32=r4, @ANYBLOB="01982400419a0440"], 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x0)
mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xa)
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, 0x0, 0x0)
getresuid(&(0x7f0000000400), 0x0, &(0x7f0000000480))
sendmsg$nl_generic(r3, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8001}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, &(0x7f0000000100)={0x1, r2, 0x1, {0x8000, 0x3a52c1e8}, 0x5}, 0x1)
syz_open_dev$sndpcmc(&(0x7f0000000000), 0xb, 0x0)
write$binfmt_elf64(r1, &(0x7f0000002600)=ANY=[], 0x1820)
r6 = openat$nvram(0xffffffffffffff9c, &(0x7f00000001c0), 0x646c41, 0x0)
ioctl$FS_IOC_FSSETXATTR(r6, 0x7041, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r5, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0x7, 0x5], &(0x7f0000000240), 0x0, 0x12}}, 0x40)
r7 = openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/direct\x00', 0x2, 0x0)
read(r7, &(0x7f0000003040)=""/211, 0xd3)
read(r7, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000380)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000040)={0x48, 0x2, r8})
ioctl$TIOCSWINSZ(0xffffffffffffffff, 0x5414, 0x0)
syz_usb_connect(0x3, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
gettid()

3m8.563635632s ago: executing program 34 (id=556):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_MIDI_INFO(0xffffffffffffffff, 0xc074510c, &(0x7f0000000140)={"37ce7f07583d8ee176f1ff84573b93f549823ebb845077172f2217d45353", 0x9c8, 0x0, 0x8, [0x2, 0x7, 0x6, 0x2, 0xf675, 0x8, 0x8, 0x725, 0x2, 0x80000000, 0x1, 0x1d8, 0x4, 0xa, 0x5, 0x8, 0x42a70c94, 0x87]})
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x180000000)
r3 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r3)
getsockname$packet(r3, &(0x7f0000000140)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000005c0)=0x56)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="200000001000390400000000fedbdf250000", @ANYRES32=r4, @ANYBLOB="01982400419a0440"], 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x0)
mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xa)
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, 0x0, 0x0)
getresuid(&(0x7f0000000400), 0x0, &(0x7f0000000480))
sendmsg$nl_generic(r3, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8001}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, &(0x7f0000000100)={0x1, r2, 0x1, {0x8000, 0x3a52c1e8}, 0x5}, 0x1)
syz_open_dev$sndpcmc(&(0x7f0000000000), 0xb, 0x0)
write$binfmt_elf64(r1, &(0x7f0000002600)=ANY=[], 0x1820)
r6 = openat$nvram(0xffffffffffffff9c, &(0x7f00000001c0), 0x646c41, 0x0)
ioctl$FS_IOC_FSSETXATTR(r6, 0x7041, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r5, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0x7, 0x5], &(0x7f0000000240), 0x0, 0x12}}, 0x40)
r7 = openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/direct\x00', 0x2, 0x0)
read(r7, &(0x7f0000003040)=""/211, 0xd3)
read(r7, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000380)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000040)={0x48, 0x2, r8})
ioctl$TIOCSWINSZ(0xffffffffffffffff, 0x5414, 0x0)
syz_usb_connect(0x3, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
gettid()

1m39.860854292s ago: executing program 7 (id=814):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001580)=ANY=[@ANYBLOB="600000000206030000000000b8791fa80000000014000780080012400000000005001500010000000500010006000000050005000200000005000400000000000900020073797a310000000012000300686173683a6e65742c706f7274"], 0x60}}, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000024d00)={0x0, 0x0, &(0x7f0000024cc0)={&(0x7f0000006dc0)=@newchain={0xeec, 0x64, 0x300, 0x70bd2e, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x7, 0x1}, {0x5, 0x10}, {0xf, 0x2}}, [@f_rsvp={{0x9}, {0xebc, 0x2, [@TCA_RSVP_ACT={0xeb8, 0x6, [@m_connmark={0x34, 0xe, 0x0, 0x0, {{0xd}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_pedit={0xe80, 0x3, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x2, 0x7, 0x7, 0x9, 0x1}, 0xf1, 0x2, [{0x5, 0xaf, 0x1, 0x6, 0x4, 0x7}, {0x1, 0x7fff, 0x0, 0x4, 0x4}]}, [{0x2, 0xffffffff, 0x752b, 0x9, 0x5, 0x2}, {0x6507b03b, 0x1, 0x7, 0xfffffffe, 0x6, 0x5}, {0x4, 0x1, 0x3, 0x8a, 0x6, 0x2}, {0x7, 0x1200000, 0x88d, 0x2, 0x4, 0x2}, {0xffff5cff, 0x4, 0x0, 0x1, 0x40, 0x8001}, {0x6, 0x9, 0x400003, 0x0, 0x8, 0xf}, {0x5, 0x6, 0x2, 0x2, 0x3, 0x3}, {0x3, 0x7fffffff, 0x39cbefbf, 0x3, 0x3, 0x8}, {0x6, 0x0, 0xf, 0x1, 0x9, 0x1000}, {0x80000000, 0xffff, 0x4, 0x4, 0x80}, {0x3ff, 0x4, 0x3a14, 0x56d5, 0x2, 0x2}, {0x2, 0x2, 0x8, 0x7, 0xffffff81}, {0x3, 0xc9d, 0x3, 0x13ee, 0x4, 0x6}, {0x7fffffff, 0x1, 0x8, 0x4e80000, 0xf950, 0x9873}, {0x3772, 0x1182, 0x7, 0x6ae9, 0x79, 0xfb28}, {0x8, 0x6962, 0x0, 0x6, 0x4, 0x157}, {0x12968238, 0x0, 0xffffffff, 0x101, 0x0, 0x6}, {0x8, 0x9, 0xa68c, 0x2, 0x1, 0x80000000}, {0x1, 0x80000001, 0x8, 0x1000, 0x7, 0xa}, {0x6, 0x7, 0x9, 0x7fff, 0x6ffb, 0x7}, {0x2, 0x7bb, 0x10, 0xb70, 0x9, 0x9}, {0x6, 0x5, 0x80000000, 0x5, 0x40}, {0xfffff2e7, 0x7, 0x3, 0x7, 0xa2, 0xfffffff9}, {0x7, 0x2, 0xd, 0x5, 0x6, 0x7fffffff}, {0xb30, 0xfffffff8, 0xc767, 0x2, 0x3, 0x805a0}, {0xffff3594, 0x7, 0x8, 0x2, 0xfffff1f2, 0x4}, {0x4, 0x1, 0x3, 0x1ff, 0x3, 0x3ff}, {0xa0d0, 0xffffff30, 0x0, 0x1, 0x5, 0x5}, {0x0, 0x8, 0x3d, 0x4, 0xfffffffd, 0xde0}, {0x6, 0x8, 0xfffffffc, 0x4, 0x80009, 0x10000}, {0x0, 0x80000000, 0x20000085, 0x9, 0x30ba, 0xfc}, {0x6, 0xffffffff, 0xf, 0x7, 0x7f, 0x1efb}, {0xfffffbff, 0x0, 0x3, 0xe8f6, 0x4, 0x98d}, {0x8, 0x7d0, 0x8, 0xff, 0x7, 0x1}, {0x5, 0x3, 0x7ff, 0x0, 0x2, 0x613}, {0x4, 0xfff, 0x4c3c, 0x5, 0x2, 0x2}, {0x8, 0x2, 0x0, 0xfffffffd, 0xdb1c, 0x3ff}, {0x5, 0xfffffffd, 0x8001, 0x81, 0x9, 0x1}, {0x3, 0x4175, 0x0, 0x2, 0x9, 0x5}, {0x1, 0x3, 0x4, 0x9, 0x100, 0x2}, {0x7, 0x10, 0x0, 0x9, 0xdc}, {0xfffffffb, 0x8, 0xff, 0x6, 0x3, 0x8}, {0x5, 0xff, 0x401, 0x6, 0x7, 0x3}, {0x18, 0x1, 0x4, 0xfff, 0xa, 0x2}, {0x6, 0x9, 0xfffd, 0x3f, 0xab9, 0xfffffff5}, {0x7fffffff, 0x2, 0x94c, 0x9dee, 0xffff1483, 0x8}, {0x6fce8c73, 0x81, 0x7, 0x3ff, 0x0, 0x1}, {0x7fff, 0xad, 0x4, 0x0, 0x4, 0x7ff}, {0x1, 0xe364, 0x100, 0x9, 0x3, 0x2}, {0x5, 0x4, 0x80000000, 0x6, 0xb, 0x8}, {0xb95c, 0x80000001, 0x9, 0x6, 0xc, 0xb}, {0x3, 0x3, 0xc1, 0x0, 0x7f7, 0xfffff530}, {0x1, 0x0, 0x40, 0x2, 0x5}, {0x0, 0x3, 0x7, 0x82b, 0x0, 0x5}, {0xfff, 0x98, 0x6a4c, 0x101, 0x9, 0x40}, {0xffff, 0x7, 0x38, 0xb, 0x8, 0x8000}, {0x1, 0x0, 0x0, 0x6, 0x5, 0xf8}, {0x1, 0x6, 0xef0, 0x0, 0x101, 0x2}, {0x8, 0x7, 0x6f, 0x7, 0x6, 0x3}, {0x3f, 0x5, 0x3, 0x8, 0x9, 0x1}, {0x80000001, 0xfffffff9, 0x5, 0x800, 0x543, 0x1}, {0x22a, 0x201, 0x3, 0x0, 0x4, 0x7}, {0xad, 0x7, 0xfffffffa, 0x7b9, 0x164, 0x9}, {0x4, 0x7, 0x9, 0x7, 0x5, 0xc66}, {0x9, 0x3, 0x5, 0x3, 0x54, 0x6}, {0xf, 0x5, 0x9, 0x9, 0xe, 0x7}, {0x2a0d, 0x5, 0x4, 0x7, 0x9, 0x4}, {0x17, 0x200, 0xffff8001, 0x6, 0x62a, 0x4}, {0xc, 0x24000, 0x7f, 0x6b, 0x4, 0xd}, {0x7329e723, 0x4, 0x2, 0x1, 0x2, 0x5}, {0x10000, 0x80, 0x5821, 0x0, 0x5, 0x4}, {0x6, 0x3, 0x2, 0x7, 0x3, 0xcb14}, {0x7, 0x25b, 0x2, 0x6, 0x4, 0x9}, {0x8, 0x7, 0x4, 0xfffffffe, 0x7, 0x9}, {0x7, 0x7, 0x0, 0x648, 0x5, 0x100}, {0x1, 0x0, 0x59a0, 0x1, 0x7, 0x401}, {0x10000, 0x7ff, 0xfffffcca, 0xff, 0x8, 0x3}, {0x1, 0x4, 0x5, 0x7, 0x5}, {0x4, 0x2, 0x6, 0xd, 0x7, 0xb152}, {0x47, 0x9, 0x5, 0xfffffff9, 0x7fffffff, 0xa00000}, {0x4, 0x26c, 0x9, 0x8bab, 0xbc5d}, {0x1, 0x7, 0x5, 0x7, 0x8000, 0x40009}, {0x5f, 0x8, 0x5, 0x200, 0x8, 0x10001}, {0x8, 0x2, 0x80000000, 0x6, 0x101, 0x8}, {0x80000003, 0xfff, 0x10, 0xfffffff3, 0x8, 0x4}, {0x800, 0xffff, 0x5, 0x7, 0x344, 0x2b25}, {0x8, 0x7, 0x6, 0x1, 0x3, 0x8e02}, {0x1, 0x9e6, 0x8, 0x400, 0x6, 0x3}, {0x8, 0x0, 0x1, 0x7, 0x1, 0x3}, {0x9, 0x2, 0x2, 0x8, 0x3, 0x4}, {0x6, 0xfffffec4, 0x200, 0x8, 0x8, 0x9}, {0x1, 0x8, 0x500, 0x400, 0xc52b, 0x4}, {0x9, 0x1, 0x100, 0xb6a, 0x9, 0x32b5}, {0x8, 0x1, 0x4, 0x0, 0xd73, 0x870}, {0xe08c, 0x7ff, 0x2, 0x6, 0x40, 0x9}, {0xffff, 0x4428, 0x3, 0x6, 0x8, 0x9}, {0x1000, 0x10001, 0x5, 0x4, 0x3, 0xb}, {0xfffff0aa, 0x9, 0xfffffffa, 0x5, 0x2, 0x4}, {0xd, 0xfffffff0, 0x4, 0x0, 0x8, 0x101}, {0xd, 0x2, 0x686, 0xfffffffa, 0x4, 0x4}, {0x7fff, 0x6, 0x200, 0x6, 0x4, 0x8}, {0x96, 0x6, 0x7, 0x7, 0x226, 0x8}, {0x6, 0x3, 0x5, 0x6, 0x7, 0xfff}, {0x3, 0xffffffff, 0x2, 0x568, 0x4, 0xffffffeb}, {0x2, 0x200, 0x2, 0x7, 0x6, 0x6}, {0x4, 0x566, 0x10001, 0xb, 0x4, 0x5594fdf3}, {0x423303a3, 0x9, 0x6, 0x3, 0x6, 0x3}, {0x100, 0x3, 0x0, 0x9, 0x8, 0x25}, {0x8, 0xd47, 0x0, 0x0, 0x6, 0x8f6d}, {0xff, 0x0, 0x0, 0x1, 0x7, 0xe}, {0xce1, 0x9, 0x0, 0x4, 0xffffffff, 0x200}, {0x4, 0xe, 0x3, 0x5e0, 0x8, 0x1}, {0x0, 0x1, 0x1, 0x1, 0x4, 0x8}, {0x4f75, 0x8, 0x3c, 0xb, 0x4, 0x5}, {0x3, 0xd64, 0x1, 0x6, 0x8, 0x6}, {0x5, 0x401, 0x6, 0x4, 0x80, 0x640a525a}, {0x5, 0x0, 0x8, 0xfffffffe, 0xe, 0x6cd4}, {0x9, 0x0, 0x8, 0xa9ba, 0x100, 0x5}, {0x15, 0xfffffeff, 0x2, 0x5, 0x5fc0, 0xfffffff1}, {0x39d, 0x9, 0x1, 0x0, 0xfc, 0x7}, {0x6, 0xe69, 0xe, 0xffffff81, 0xbe7e, 0x401}, {0xfffffffa, 0x4, 0x0, 0x0, 0x6, 0xfffff001}, {0xcf2d, 0x8, 0x9176, 0x0, 0x4f, 0x1}, {0x0, 0x9, 0x5, 0xfff, 0x9030}, {0x4, 0x4, 0x800, 0x41e, 0x8000}, {0x6, 0xfffffffa, 0x0, 0x9a, 0x6, 0x8}, {0x3, 0xb, 0xf079, 0x7fffffff, 0x200, 0x1000007}, {0x65f, 0x100, 0x8, 0x1, 0x400, 0x2}], [{0x3}, {0x1, 0x1}, {0x5, 0x1}, {}, {}, {0x5}, {0x4}, {}, {0x0, 0x1}, {0x4}, {0x3, 0x1}, {0x0, 0x1}, {0x2}, {0x1, 0x1}, {0x3, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x3, 0x1}, {0x3}, {0x0, 0x1}, {0x4}, {0x3}, {0x4, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x2}, {0x3, 0x1}, {0x3}, {0x2}, {0x3}, {0x3}, {0x1}, {0x0, 0x1}, {0x3}, {0x0, 0x1}, {}, {0x5, 0x1}, {0x5}, {}, {0x4, 0x1}, {0x2}, {}, {0x2}, {0x2, 0x1}, {0x6, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {}, {}, {0x5, 0x649fb4c58d4cf3cc}, {0x0, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x2}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {0x3}, {0x1, 0x1}, {0x3}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x3, 0x1}, {0x4}, {0x2, 0x1}, {0x2, 0x1}, {0x2}, {0x1}, {0x3}, {0x3, 0x1}, {0x2}, {0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x2}, {0x3}, {0x3, 0x1}, {0x4, 0x1}, {0x7, 0x1}, {0x3}, {0x1}, {0x2, 0xd2cd4f2f2bcaea07}, {0x5, 0x1}, {0x2, 0x1}, {0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x3}, {0x3, 0x1}, {0x1}, {0x4, 0x1}, {0x1}, {0x2}, {0x1, 0x1}, {0x2, 0x8dafc58315d2bbb3}, {0x2}, {}, {0x0, 0x1}, {0x3, 0x1}, {0x3}, {0x5, 0x1}, {0x5}, {0x5}, {0x3}, {0x4, 0x9889dd74d1bcf2ee}, {0x1, 0x1}, {}, {0x3}, {0x4}, {}, {0x3}, {0x3}, {0x1}], 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}]}]}}]}, 0xeec}, 0x1, 0x0, 0x0, 0x810}, 0x1)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r1 = io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff})
vmsplice(r3, &(0x7f0000001280)=[{0x0}], 0x1, 0x0)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="54000000090601020000000000000000020000000900020073797a310000000005000100070000002c0007800c00018008000140ac1414aa0500070084000000060004404e2000000c00028008000140ffff"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

1m38.731464735s ago: executing program 0 (id=817):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x0, 0x0, 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, &(0x7f0000000280)=0x7fffffff)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x80)
getresgid(&(0x7f0000000380), 0x0, &(0x7f0000000400))

1m37.39649781s ago: executing program 0 (id=819):
r0 = openat$panthor(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$DRM_IOCTL_VERSION(r0, 0xc0406400, &(0x7f00000000c0)={0x9, 0x9, 0x2, 0x0, 0x0, 0xeb, &(0x7f00000005c0)=""/235, 0xb, &(0x7f0000000080)=""/11})

1m37.224824391s ago: executing program 7 (id=821):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0xa, "ef313683"}, @local=@item_4={0x3, 0x2, 0x0, "f85edaca"}, @local=@item_4={0x3, 0x2, 0x3, "d850523c"}]}}, 0x0}, 0x0)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0x0, @none, 0x0, 0x2}, 0xe)

1m36.812851666s ago: executing program 0 (id=822):
r0 = creat(&(0x7f0000000240)='./bus\x00', 0x0)
syz_usb_connect(0x5, 0x46, &(0x7f0000000780)=ANY=[@ANYBLOB="12010000e75fcc08c0070515c5b8010203010902340001000080000904ba00038e4ee2000905000000041a0601090501"], 0x0)
pwritev2(r0, &(0x7f0000000080)=[{&(0x7f0000000280)="14", 0x1}], 0x1, 0x9, 0xfffffffc, 0xa0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', <r1=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000008c0)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', r1, @fallback=0x33, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100)={0x0, 0x0, 0x4}, 0x10, 0x0, r0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000008c0)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', r1, @fallback=0x33, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100)={0x0, 0x0, 0x4}, 0x10, 0x0, r0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
ioctl$KDGKBSENT(0xffffffffffffffff, 0x4b48, &(0x7f00000003c0)={0x6f, "618e64ba10bb00951e98167c3174d9d70a53a420d23d4ac72fa135703e513506a9dd68eca4eb02b2a80dad4bb806c485c5a95ca15051ebd413c4495a583e65c63469c8d783f54e62003f94049e0e002417fd0f40c97a73f2f70f38f9ef88f15413ef4f5ce9110ff9505ef29cd3cad3c3e1f4deed37e34d51cf648c0b579246ef3c227990e7e0309971aaa96b840282c0a54e3015509908029e813502a2ae4ad220ac3f039998d32b176c454a1bf20c106b3d9c1c1826e528993e342e1c16cdc39d50bba0c962bdb641aa736fe187cb58284fa61b4027fa6dcaa55b424646a21b1208cfa85f87a447fbed5ed64421c61d6089af5a598507c94827cc4bb4565be593fe1c8b4734a7a68978ae26d155925876085c992aaa642294836ec3d8a2a71aeb5140e6f7f23710fe326d185b97c978dc20203c14977d8a00d6836d620b107a3764f16240620fb8937d0299c135317b080bab7ce6b403f15c30010e2a82bdb6a18521b6c32d83fd4816fe2824552d5b2e854a9d54b2b66abffdfae9e881d97e21b845478a4966616d32e5d3d651e8a2c2dde4b2bcfab2219e2b786618670ced98fc4d92bff00065b8e63443b31e113a5fbb5d95431f9e52c7936ad01cc376f46c74a8ba7cb4d34fbe57474ae9b680e9763f78e66c72578561b48f27543cd2345cd6cb6216e4c54c10cce00b28663a9823a96cf60c0cf5a953991f8a76132823"})
ioctl$EVIOCSKEYCODE(r0, 0x40084504, &(0x7f0000000040)=[0x81, 0x5])
syz_io_uring_setup(0xbd9, &(0x7f0000000640)={0x0, 0xe826, 0x800, 0x1, 0x3c3}, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$XFS_IOC_GETBMAPX(r3, 0xc0205838, &(0x7f00000000c0)={0x5, 0x6, 0x8, 0x101, 0xd, 0x15, 0xd}) (async)
ioctl$XFS_IOC_GETBMAPX(r3, 0xc0205838, &(0x7f00000000c0)={0x5, 0x6, 0x8, 0x101, 0xd, 0x15, 0xd})
socket$inet6_udp(0xa, 0x2, 0x0) (async)
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r4 = syz_open_procfs$namespace(0x0, &(0x7f0000001380)='ns/cgroup\x00')
open_by_handle_at(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="10000000f1000000", @ANYRES8=r4], 0x0) (async)
open_by_handle_at(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="10000000f1000000", @ANYRES8=r4], 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x1f00, 0x18, 0x19, &(0x7f00000007c0)="9f44948721919580684010a40566", 0x0, 0x7ff, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39", &(0x7f0000000380)="8c5911c525f5cf4c4ecf207ad2ec", 0x0, 0x0, 0xffffffff}, 0x23)

1m34.961185852s ago: executing program 0 (id=826):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

1m34.535991101s ago: executing program 0 (id=828):
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x3, 0x1a74c0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$P9_RCREATE(r1, &(0x7f0000000000)={0x18, 0x73, 0x1, {{0x30, 0x3, 0x7}, 0x8}}, 0x18)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000000f40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000a80)=""/98, 0x62}}], 0x1, 0x10003, 0x0)
setsockopt$inet_int(r2, 0x0, 0x12, &(0x7f0000000180)=0x80000001, 0x4)
setsockopt$inet_int(r2, 0x0, 0x6, &(0x7f0000000000)=0xffffffff, 0x4)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f0000002240)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x24, 0x66, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast, {[@timestamp={0x44, 0x4, 0x8d}]}}, {0x1, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)
r3 = fcntl$getown(r0, 0x9)
wait4(r3, &(0x7f0000000080), 0xa0000000, &(0x7f00000000c0))
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x4, 0x48dd, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac100875397bdb22d0000b420a1a93c9e01177d3d058dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x100000000, 0x7]}})

1m32.842430471s ago: executing program 0 (id=834):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYRESDEC=r0], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0xc0010141, 0x0, 0x10001}]})
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)={0x10000000000000cf, 0x0, [{}]})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
r5 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_TRY_FMT(r5, 0xc0d05640, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xb, 0x4, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000611898000000000095"], &(0x7f0000000500)='GPL\x00', 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$NL80211_CMD_AUTHENTICATE(r0, 0x0, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_complete(0x0)
mkdir(&(0x7f0000000380)='./file1\x00', 0xa)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x400000, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)

1m32.80984534s ago: executing program 7 (id=835):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setuid(0xee01)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r1, 0x1, 0x70bd29, 0xfffffffd}, 0x14}}, 0x0)
fsetxattr$security_capability(r0, &(0x7f0000000080), &(0x7f00000000c0)=@v3={0x3000000, [{0x7, 0x1}, {0x7, 0x8}]}, 0x18, 0x0)

1m31.859122441s ago: executing program 35 (id=834):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYRESDEC=r0], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0xc0010141, 0x0, 0x10001}]})
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)={0x10000000000000cf, 0x0, [{}]})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
r5 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_TRY_FMT(r5, 0xc0d05640, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xb, 0x4, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000611898000000000095"], &(0x7f0000000500)='GPL\x00', 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$NL80211_CMD_AUTHENTICATE(r0, 0x0, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_complete(0x0)
mkdir(&(0x7f0000000380)='./file1\x00', 0xa)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x400000, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)

1m31.829175675s ago: executing program 7 (id=838):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(0x0, &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

1m31.790842381s ago: executing program 7 (id=840):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x1085, 0x0, 0x0, 0x0, 0x8, 0xffffffba, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xd4}, 0x94)

1m30.114959165s ago: executing program 7 (id=845):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000140)={0x1, 0x0, [{0x4000009b, 0x0, 0x6}]})

1m29.789710531s ago: executing program 36 (id=845):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000140)={0x1, 0x0, [{0x4000009b, 0x0, 0x6}]})

11.321869361s ago: executing program 6 (id=1027):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ptrace$ARCH_FORCE_TAGGED_SVA(0x1e, r1, 0x0, 0x4004)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
munlockall()
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
recvmmsg(r5, &(0x7f0000000e00)=[{{0x0, 0x0, &(0x7f00000004c0), 0x0, &(0x7f0000000600)=""/197, 0xc5}, 0x382}], 0x1, 0x2043, &(0x7f0000000f40))
openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x6, 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, 0x0, 0x1)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f0000000180)={@loopback={0x200000000000000}, 0x800, 0x0, 0x3, 0x1}, 0x20)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_WOWLAN(r7, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x0, 0x10, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0xb}, @void, @val={0xc, 0x99, {0xfa, 0x12}}}}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4004800}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x7)

9.900332351s ago: executing program 1 (id=1034):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xe}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x34, 0x2, {{0x0, 0x4, 0x0, 0x0, 0xfffffffc}, [@TCA_NETEM_LOSS={0x18, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0xfffffffb, 0x0, 0x0, 0x1000}}]}]}}}]}, 0x64}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000f80)={0x34, r4, 0x701, 0x70bd2b, 0x25dfdbfc, {0x34}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x2000004}, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000040)='dctcp', 0x5)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000140), 0x10, &(0x7f0000000080)={&(0x7f0000000780)=@canfd={{0x2, 0x1, 0x1, 0x1}, 0x2b, 0x1, 0x0, 0x0, "2d95b525455f4d7c9a96c5afe57d66cea2ebfb80cbdbf024fea7fcdb3e3c09b3bfc778fdcec5b6cc7a622ba6008ca13cb3bd3a1a574883259ac3a8b1b751d24c"}, 0x48}, 0x1, 0x0, 0x0, 0x84844}, 0x0)
bind$inet6(r5, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
sendto$inet6(r5, 0x0, 0x0, 0x20000045, &(0x7f0000000140)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c)

9.898843515s ago: executing program 5 (id=1035):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x12, 0x3, 0x5, 0x6}, 0x50)
r1 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x3c1, 0x3, 0x2c0, 0x0, 0xc8, 0x8, 0x0, 0x5803, 0x328, 0x2e8, 0x2e8, 0x328, 0x2e8, 0x3, 0x0, {[{{@ipv6={@local, @private1, [0xffffff00, 0xff000000], [0xff, 0x34da508f3e8fb0eb, 0xffffff00, 0xff], 'veth0_to_batadv\x00', 'veth1_to_team\x00', {0xff}, {0xff}, 0x89, 0x7, 0x7, 0x38}, 0x0, 0xa8, 0xe0, 0x0, {0x0, 0x2000000000000}}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x3, 0x6, 0x7}, {0x3, 0x3, 0x6}, {0x1, 0x1, 0x2}, 0x3, 0x29b}}}, {{@ipv6={@remote, @loopback, [], [], 'macvtap0\x00', 'syzkaller1\x00', {}, {0xff}, 0x0, 0x0, 0x2}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00', {0xfffffffffffffffd}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x320)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000020a010200000000000000000a0000060900010073797a310000000008000240000000018c000000020a010100000000000000000000000369000600e62807258a6d38caf4cb1d7a776a7a05e57912414e63207c5e61d47bb4016b21bd5593b033b0968722f2f0f4818a1a13fbb43e79d0ae674d071c0164df9d3701cc15211300766b6ebe326ada9e49cca5c2a07460e46e35eabfb48a4cd2cd83790d7e705b010000000900010073797a31000000001c000000090a030000000000000000000a00000208000c4004"], 0xf8}, 0x1, 0x0, 0x0, 0x2000c814}, 0x4000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000004000ffff0900010073797a30000000000900020073797a3100000000140003800800014000000000"], 0x138}, 0x1, 0x0, 0x0, 0x20040855}, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc", 0x29}], 0x1}, 0x0)
sendmsg$inet(r1, &(0x7f0000000140)={&(0x7f0000000100)={0x2, 0x4e24, @local}, 0x10, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00'], 0x30}, 0x40880)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
r5 = socket(0x10, 0x803, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xc}, {0xffff, 0xffff}, {0xb, 0xfff3}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)=@newtfilter={0x5c, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0x3}, {}, {0x4, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x30, 0x2, [@TCA_U32_CLASSID={0x8, 0x1, {0x1, 0x4}}, @TCA_U32_SEL={0x24, 0x5, {0xc, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0x3, 0x58f, [{0xebd, 0x1, 0x206, 0x7}]}}]}}]}, 0x5c}}, 0x24040084)

9.257590044s ago: executing program 1 (id=1036):
socket$alg(0x26, 0x5, 0x0)
unshare(0x6a040000)
r0 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
keyctl$describe(0x6, r0, &(0x7f0000000100)=""/140, 0x8c)
shmctl$SHM_STAT(0x0, 0xd, 0x0)
add_key(&(0x7f0000000000)='.dead\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000240)="4ba58e5cc226a666f4a8d4769486b0f2ddb142447e09ed9659cf12a8012db1908e811e07254cc1f2f3f5190dbe765589a4fbd3fc500e17517c21e35293c271764acab145a6f88fcf4bd601bcb314e6c91964d863bc0c5f64fa5068d2e9c0d59572fba2c303695598cc378efead9adacddf84489916e732fe39689afd4d482d340a", 0x81, r0)
semop(0x0, &(0x7f0000000100)=[{0x2, 0xec7b, 0x1000}], 0x1)
semtimedop(0x0, &(0x7f00000008c0)=[{0x3, 0x9, 0x1000}, {0x2, 0xd5e2}], 0x2, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
getsockopt(r1, 0x6, 0x400001, 0x0, &(0x7f0000000440))
semctl$GETNCNT(0x0, 0x2, 0xe, &(0x7f0000000380)=""/221)

8.180922132s ago: executing program 5 (id=1038):
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, 0x0, 0x1)
socket$inet_mptcp(0x2, 0x1, 0x106)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013040000000200000088060000ff0f0000002e2e"], 0x0, 0x35}, 0x28)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, 0x0, 0x800)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c000000100003052abdeddcb70738eab638a8350370000c00000000000400", @ANYRES32=0x0, @ANYBLOB="3a000000a0010200140012800b0001006d616373656300000400028008000500", @ANYRES32=0x0, @ANYBLOB], 0x3c}}, 0x800)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r4)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000010000d755dcdcbe2016000000000800000081208100000000008d0000000000000007fdc15bfad3147bdf76b11736043f97d59430bf184df8810c2a10b8608139c126e84ac167cca09c8046024087af93a8bc234349aad5322775a41c80de9d9f2d1d35060e93c75594e3b9506f91305d86a3e41f67f575b03c3aaaf67876fdabc95ff226bfe4acad63b939cbaa9d9105a654d5c42b7e77c0dd7c7c5c58788c2aa89087fc789f5af8247435c0997726d915c771553b7c559e060033685e4ab26a1f16988c52c0208be97227a959c483e094fa093bcd08775d303eecaeafba5463625b395236d3a6b27c6089452682f2f016eb00e9aaee472300251649cc377d4cc5d300a26de7d800"/280], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @sched_cls=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f00000000c0)=0xf4, 0x4)
ioctl$XFS_IOC_SCRUB_METADATA(r5, 0xc040583c, &(0x7f0000000240)={0x1a, 0x162, 0x2, 0x4, 0x200})
prlimit64(r0, 0x1, &(0x7f0000000000)={0x4, 0x7}, &(0x7f0000000100))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180005000000ffff000077b9080000009500000000d3a07e"], &(0x7f0000000080)='GPL\x00', 0x7, 0x4fa, &(0x7f0000000cc0)=""/4096, 0x40f00, 0x5, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0x2, 0x4, 0x9}, 0x1, 0x0, 0x0, 0xff3e, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000240)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x1085, 0x0, 0x0, 0x0, 0x8, 0xffffffba, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xd4}, 0x94)

7.773091446s ago: executing program 6 (id=1040):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
close(r0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x100000e, 0x4018831, 0xffffffffffffffff, 0x0)
r1 = socket(0x1d, 0x2, 0x6)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r1, 0x6a, 0x6, 0x0, 0x0)
userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
syz_io_uring_setup(0x72ae, &(0x7f0000000280)={0x0, 0x0, 0x10100, 0x0, 0x36}, &(0x7f0000000500), &(0x7f0000000000))
syz_io_uring_setup(0x2287, &(0x7f0000000200)={0x0, 0x6e79, 0x2, 0x1, 0x1}, &(0x7f00000004c0), &(0x7f0000001540))
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5)
syz_clone3(&(0x7f0000000900)={0x3800000, &(0x7f0000000040)=<r2=>0xffffffffffffffff, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_setup(0x8, &(0x7f0000000600)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r2, 0x0}])

6.045530474s ago: executing program 5 (id=1041):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff2500008000", @ANYRES32=r0, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}}, 0x4084)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmmsg(r0, &(0x7f0000000000), 0x3ffffffffffffe4, 0x0)

5.867470107s ago: executing program 8 (id=1043):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x44004)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x9}, 0x0)

5.70288703s ago: executing program 8 (id=1045):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYRESDEC=r0], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0xc0010141, 0x0, 0x10001}]})
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)={0x10000000000000cf, 0x0, [{}]})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xb, 0x4, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000611898000000000095"], &(0x7f0000000500)='GPL\x00', 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = syz_io_uring_complete(0x0)
mkdir(&(0x7f0000000380)='./file1\x00', 0xa)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x400000, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
chroot(&(0x7f0000000380)='./file0\x00')
rmdir(&(0x7f0000000080)='./file0\x00')
ioctl$OCFS2_IOC_MOVE_EXT(0xffffffffffffffff, 0x40406f06, &(0x7f0000000300)={0x2, 0x7fffffffffffffff, 0x4d1, 0x7, 0x5})
sendmsg$nl_generic(r5, 0x0, 0x80)
socket$vsock_stream(0x28, 0x1, 0x0)

4.621424205s ago: executing program 6 (id=1046):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
socket(0x1d, 0x2, 0x6)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))

4.365547271s ago: executing program 5 (id=1047):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='hybla', 0x5)
write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000034000000030a010200000000000000000100fffc0900030073797a30000000000900010073797a300000000008000a400400000420000000080a0104000000000000000001000000090001"], 0x9c}, 0x1, 0x0, 0x0, 0x4000}, 0x4)
sendmsg$IPSET_CMD_TEST(r1, &(0x7f0000000200)={&(0x7f0000000080), 0xc, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="180100000b06010200000000000000000100000a05000100070000002800078006001d400008000008001c400000cb39060004404e2300000c001b4000000000000000050900020073797a3200000000740007800800084000000040060004404e2200000c00168008000140000000000c00148008000140e0000001060005404e2100001400170076657468305f746f5f626f6e6400000008000640000000031800168014000240000000000000000000000000000000000900120073797a3100000000340008800c00078005001500fa0000000c00078006001d40000400001800078014001700697036677265746170300000000000000900020073797a3200000000090002000100070000001079a065c75b8699b9c6bfe4c09b7a266a9c"], 0x118}}, 0x4840)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x171042, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x880, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x1c, 0x21, 0x9, 0x2, 0x25dfdbfc, {0x4}, [@typed={0x8, 0x5, 0x0, 0x0, @fd}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24004000}, 0x20004004)
write$binfmt_elf64(r2, &(0x7f0000000180)=ANY=[@ANYBLOB="7f454c460e02f9b7ff7f00000000000002000300fffeffffdf02000000000000400000000000000003030000000000000000000008003a00011d040004000d00030000000080000000000000000000000700000000000000080000000000000005000000000000000204"], 0x78)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x400, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x420, &(0x7f0000000200)={[], [{@rootcontext={'rootcontext', 0x3d, 'staff_u'}}]})
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140), 0x20880, 0x0)
pread64(r4, &(0x7f0000000240)=""/235, 0xeb, 0x9)
r5 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r5, &(0x7f0000006240)=[{{&(0x7f00000001c0)={0xa, 0x4e21, 0x2, @rand_addr=' \x01\x00', 0x4}, 0x1c, 0x0}}], 0x1, 0x80)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9f4f, 0x2)
r8 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
ioctl$VIDIOC_S_SELECTION(r8, 0xc040565f, &(0x7f0000000940)={0xa, 0x0, 0x7, {0x3, 0x1000, 0xfc, 0x4}})
ioctl$vim2m_VIDIOC_S_FMT(r7, 0xc0d05605, &(0x7f0000000100)={0x2, @pix={0xe, 0x4e, 0x32315559, 0x4, 0x7, 0x9, 0x0, 0x2, 0x0, 0x6, 0x0, 0x2}})
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0)
setsockopt$sock_int(r6, 0x1, 0x3d, &(0x7f0000000040)=0x5957c0bf, 0x4)
ioctl$SNDCTL_SEQ_SYNC(r2, 0x5101)
syz_usbip_server_init(0x3)

4.289322506s ago: executing program 6 (id=1048):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000001180)=0x2000000)
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r0, 0x0)
pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RFSYNC(r1, &(0x7f0000000140)={0x7, 0x33, 0x1}, 0x7)
ioctl$SNDCTL_DSP_GETOPTR(r0, 0x5008, 0x0)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000080)={0x10000000})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x69)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)

4.090172506s ago: executing program 8 (id=1049):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0xb, 0x4, 0x3, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007baaf8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) (async)
syz_clone(0x8100, 0x0, 0x0, 0x0, 0x0, 0x0)

3.452709449s ago: executing program 9 (id=1050):
r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.current\x00', 0x26e1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000073018f000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r1, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)

3.433493459s ago: executing program 6 (id=1051):
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
open_by_handle_at(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="3d000000f800000000000000fb3a020939aff31801aa26150d83ca5125423972322c2fab9bc0d5ad00000089a1d84c6c4130e5ddc4d705df43b1384f7b01fbddf4b2bd840d0a"], 0x40)
socket$netlink(0x10, 0x3, 0x9)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000a40), 0x1, 0x1)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r4, 0xc2604111, &(0x7f0000000300)={0x5, [[0x2, 0x42212d2b, 0x8, 0x33, 0x5, 0x6e8f, 0x6, 0x7], [0x2, 0x7, 0x5, 0x3, 0x4, 0xb, 0x6, 0x7], [0x0, 0x3, 0x0, 0x8, 0x8f59, 0x401, 0x8, 0x5]], '\x00', [{0x5, 0x2, 0x1, 0x0, 0x1, 0x1}, {0x81, 0x7, 0x1, 0x0, 0x1, 0x1}, {0x499, 0x80000000, 0x1, 0x1, 0x0, 0x1}, {0x45f, 0x8, 0x1, 0x1, 0x0, 0x1}, {0x6, 0x4, 0x1, 0x1, 0x0, 0x1}, {0x9, 0xc, 0x1, 0x1, 0x0, 0x1}, {0xb39, 0x200, 0x1, 0x0, 0x0, 0x1}, {0x5, 0x9, 0x0, 0x1, 0x1, 0x1}, {0xa, 0x2, 0x0, 0x1, 0x1}, {0x9af, 0x10003}, {0xff8b, 0xc, 0x1}, {0x3ff, 0x400, 0x1, 0x0, 0x1}], '\x00', 0x3})

3.105172071s ago: executing program 8 (id=1052):
creat(&(0x7f00000001c0)='./file0\x00', 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file3\x00', 0x0)
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x2000}, 0x18, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000001280)='./file1/file3\x00', 0x20000, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000340)={0x2000, r1}, 0x0)
landlock_restrict_self(r0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2) (fail_nth: 3)

2.665206395s ago: executing program 9 (id=1053):
mkdirat(0xffffffffffffff9c, &(0x7f0000000800)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400))
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x115)
getdents64(r0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
openat(r0, &(0x7f0000000180)='./file1\x00', 0x111000, 0x3)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r2, 0xc018937e, 0x0)

1.987767972s ago: executing program 6 (id=1054):
r0 = syz_usb_connect$sierra_net(0x0, 0x3f, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x1199, 0x68a3, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x80, 0xfa, "", {{0x9, 0x4, 0x7, 0x0, 0x3, 0xff, 0x0, 0x0, 0x0, "", {{0x9, 0x5, 0x43978451d8f6fedb, 0x2, 0x40, 0x2, 0x1b, 0xfe}, {0x9, 0x5, 0x7, 0x2, 0x200, 0xc, 0x77, 0x3}, {0x9, 0x5, 0x81, 0x3, 0x20, 0x0, 0xfd, 0x32}}}}}}]}}, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, &(0x7f0000000180)={0x14, &(0x7f00000000c0)={0x0, 0x23, 0x7, {0x7, 0x4, "cb97653e2f"}}, &(0x7f0000000740)={0x0, 0x3, 0x4b, @string={0x4b, 0x3, "a7af77a0e5642a088590a4da3eef0017d29925d8abd9d8ca13a7127433db825d5f5af85582a8c344b5a9ed2ed3dc3d82cec11439ae5202693c22ea65d097a76c05bcb936d47831435b"}}}, &(0x7f0000000700)={0x1c, &(0x7f00000001c0)={0x0, 0x31, 0xb2, "30560d0c0fdaeb15aafee456109ca818d80cc0d52e717b7717d6ba6db907eb6c18a43b94cfb0bb93b3ea94a9e78fcc718bd73b55aa47579fa7ed6c9b398ca0a106d49912d276ed7394f7bd9033288d1b6dce4f503983f78f60cb32d5b5852d9461772b0aa06e668656e56d79160f0aeee2ac62fefd106ced1df4523cacb52197dcf3f7cedaa7a5c1864b4b29c02c89fcecc8e036de672f4e90bc26393833d44f05ca9b21e6de24b052f583a9f1b9eb145576"}, &(0x7f0000000280)={0xa1, 0x1, 0x400, "0a2678b3da0f9c14e4d5de25c7dbd8d8100097a65e598af21aa0a75624d2aff8185f1bb92d1fdaf1af38002b51533e475de325a04f6e6176e49196f463696127326b35726d2bd809336aea0dd33415285e75726ef5efff2f40e4222ac26f8de9ee35297cd99cbeb904d3b59eacbae431d8db0a657f2bdca9937e0d2efa8b1bd35d920cb9f81aca4f34d40796801f72d03fa8ea6ad1680b4ff16c386b12c974ff0ff9c2de440bf8489b7e4fc4a7e19c2415ff0f1bc88e73c48fe00e1837afba2a7d1b634483e403f4e5cbe2756f9ac5e97d8b051d30387ef64ae852310adce2da49268c1bf1237d17bfd0b4c0fcad0cdfc2d1304a662901065d3f82ac1503863a2011092a3f150ac32c54b1a1cb1c34e6442058746e9b7da4150582c6f8e7b3b1eeb932fb0ef4fa31eb19c70223000223f5bf2e9eb3c04e81cc4dac3d19e290753e28dcca357d456fb518436eace984b069b267dc22e5cbbe6d5e736f9d770e54175f8c45081bc7ab0918af35d2d4e4c1c4719388d7d2f24061c8176a489ae9b70d155dd82693658afb95e84a50e5f0eb6a04fe1175b1509ec865176387601f0adc5c1d52d3d924542d21c3467822a35f15b9f8a73455a8a160738a1099d652189b2cd5ca8882965e30a78449ad075f76bd3005f8ed6a74d06670a31eca1ae21d89257871b869c51f9850bdec44dd52d04edd1e49ab254b0a322d9e03103630046e239c631f1cae2f9bbeb6adb6b572edc177f776a3552414b10f01139fc82da1d46114abb11b509f3bf1f87995d28f587374047d24cf20842dd7e2a73902673172867b55d8ebf322d1d218485e00c1b525911d6073273631840b8fb597f4e98fd7e26541ecbff9b0944c833a4b764f1e54af06eb9e920de24bb06fd30882cdfc21df2bc0a8b1c3a17861f368be87e2469b33b6ad478809491b928a4bb3b20c23579f776c3d4ebb8409b372ea979d887e7f4fca1341d30965394f4c86b5050b92953e36d243f20ead74161237ca7e072bf3a59255f5642b29dd3dd67fd4c8dabc08cae9fe12b8baa8a46d07243d3dea22c6738f49d9c4b9b78bd0bccfb5b8dd62ca11bc6255a46de78982f246e4ad5a45037e3e65f193e03e0fa9d7ee5d71e0ef0925bb7a5ba74a0ae0948471ae65b2aa2cd97f44e430129a878e23035577add97fff90f5a0a2e6e054e298df5445e12a03a3d0e27ed9f15062547e2d4ce53ae1c72fbb5c757dea638635ac5ad1cbda2daf3056d4dd6a630eb516127b22ff273ed886aa15e099c3f9fc13b392d30aa6c3bb4f7ede80f73390ef259e0d4b4efd206e77fdec2a8df8bf615f003734386376d5be7c9952090c29e27c221062a5f2a0de0c94d22f097e127ee8851f5b99c6cf0328c70da435336f758c805bd1b3351541517eb8e95aef26bfc6872664c5b445c107db5fb06356820ebbd08f855d47c7"}, &(0x7f00000006c0)={0x21, 0x0, 0x4, "23fe18e6"}})

1.985421411s ago: executing program 1 (id=1055):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x44004)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[], 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x9}, 0x0)

1.976251231s ago: executing program 5 (id=1056):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
close(r0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x100000e, 0x4018831, 0xffffffffffffffff, 0x0)
r1 = socket(0x1d, 0x2, 0x6)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r1, 0x6a, 0x6, 0x0, 0x0)
userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
syz_io_uring_setup(0x72ae, &(0x7f0000000280)={0x0, 0x0, 0x10100, 0x0, 0x36}, &(0x7f0000000500), &(0x7f0000000000))
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5)
syz_clone3(&(0x7f0000000900)={0x3800000, &(0x7f0000000040)=<r2=>0xffffffffffffffff, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_setup(0x8, &(0x7f0000000600)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r2, 0x0}])

1.917571441s ago: executing program 8 (id=1057):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080), 0x4)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7005}, 0x4)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x300}, 0x8)

1.84959802s ago: executing program 9 (id=1058):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
socket(0x1d, 0x2, 0x6)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))

1.819676767s ago: executing program 1 (id=1059):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
pwrite64(r0, 0x0, 0x0, 0x5)
ioctl$FE_DISEQC_RECV_SLAVE_REPLY(0xffffffffffffffff, 0x800c6f40, &(0x7f0000000100)={""/4, 0x4})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4)
ioctl$DRM_IOCTL_SYNCOBJ_QUERY(0xffffffffffffffff, 0xc01864cb, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000540)=ANY=[@ANYBLOB="fc01000099deaf0a98761a000100feff09ff0001000064010113ccd1ca000000000000000000fc000000030000000000000000000001000107174e2300050a00", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141435000000000000000000000000000004d433000000ff010000000000000000000000000001fe0000000000000092010000000000100f00000000000000edcb0000000000001c250800000000000500000000000000fcffffffffffffff0000000000000000060000000000000000000000000000001f00000000000000fefffffffffffffffeff7ffffc030000000000007e000000053500000200010024000000000000000b010100626c616b6532732d3232342d61726d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018060000602b237c47d62d5fe9f760ba46ab69bccea081d13fa6b2ff46ac7a80632be2a0f8616d3a07ebdce070b5bbfb2fa2c1fa0119635f78a7c5d43b297a29035ff6ae4721dfb67a616287fa11d175e73db741597ce46223eed24da7036abbad9e579831dc637a1eb7ca6c0428c2b870da9ef14591538f1d8a9cb26bee7da6e815e0a3c33cc477321a99b583d83f6257e2b756f64afdfd26ef4ceb7ebb711d1a0ab6e91dae0233073d58dbfc68dc33bf8a11ca1890aaa6b88aefda9af4ad5b5e777770de6b7800"], 0x1fc}, 0x1, 0x0, 0x0, 0x81}, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x80, 0x5, 0x7fff0003}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000000100))
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
r6 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
dup(0xffffffffffffffff)
unshare(0x400)
io_setup(0x5, &(0x7f0000000040)=<r9=>0x0)
io_submit(r9, 0x0, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r8, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)

1.073267303s ago: executing program 8 (id=1060):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00", @ANYRES16], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0xa, "ef313683"}, @local=@item_4={0x3, 0x2, 0x0, "f85edaca"}, @local=@item_4={0x3, 0x2, 0x3, "d850523c"}]}}, 0x0}, 0x0)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0x0, @none, 0x0, 0x2}, 0xe)

935.782727ms ago: executing program 9 (id=1061):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000300)={0x54, 0x0, 0x8, 0x201, 0x0, 0x0, {0x0, 0x0, 0x2}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x808b}, @CTA_TIMEOUT_DATA={0x24, 0x4, 0x0, 0x1, @fccp=[@CTA_TIMEOUT_DCCP_CLOSING={0x8, 0x6, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_DCCP_CLOSING={0x8, 0x6, 0x1, 0x0, 0xd}, @CTA_TIMEOUT_DCCP_RESPOND={0x8, 0x2, 0x1, 0x0, 0x98bd}, @CTA_TIMEOUT_DCCP_OPEN={0x8, 0x4, 0x1, 0x0, 0x6d6}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000000}, 0x4800)

836.782142ms ago: executing program 9 (id=1062):
socket(0x10, 0x3, 0x0)
r0 = signalfd(0xffffffffffffffff, 0x0, 0x0)
close_range(r0, r0, 0x0)
io_setup(0x8f0, &(0x7f0000002400))
r1 = userfaultfd(0x80001)
read(r1, &(0x7f00000002c0)=""/153, 0x99)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
socket(0xa, 0x802, 0x0)
ioctl$UFFDIO_MOVE(r1, 0xc028aa05, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in=@private, @in=@remote, 0x0, 0xfffd, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, [@tmpl={0x44, 0x5, [{{@in=@loopback, 0x0, 0x6c}, 0x0, @in=@local, 0x4000}]}]}, 0xfc}}, 0x4040000)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_buf(r3, 0x0, 0x8008000000010, &(0x7f0000005e40)="17000000020001000003d68c5ee17688a2003208020300ecff3f0200000300000a000000009afc5ad9485bbb6a880000d6c8db0000dba67e060180000a0000f10607bdff59100ac45761407a681f009cee4a5acb3da400001fb700674f19b44e09f9315033bf79ac2dff060115003901000000000000ea000000000000000009ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e00000000000000000", 0xb6)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$netlbl_unlabel(0x0, 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLIST(r6, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x9c, r4, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'dummy0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @empty}, @NLBL_UNLABEL_A_SECCTX={0x24, 0x7, 'system_u:object_r:cron_log_t:s0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth0_to_hsr\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @empty}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x12}}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4040044}, 0x8850)
r7 = syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/net\x00')
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup=r7, 0x11, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0}, 0x40)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r8=>0x0})
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000003c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010025bd7000000000000200000008000300", @ANYRES32=r8, @ANYBLOB="08009f000600000008002600b409000005005201"], 0x3c}, 0x1, 0x0, 0x0, 0x4c854}, 0x4040000)

583.031502ms ago: executing program 5 (id=1063):
r0 = socket(0x10, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/xfrm_stat\x00')
pread64(r1, &(0x7f0000002240)=""/237, 0xfdef, 0x4eb)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
landlock_restrict_self(0xffffffffffffffff, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x3)
landlock_restrict_self(0xffffffffffffffff, 0x5)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = socket$inet6_icmp(0xa, 0x2, 0x3a)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000280)={0xa, 0x4e20, 0x2, @mcast1, 0x6}, 0x1c)
bind$inet6(r4, &(0x7f0000000240)={0xa, 0x2, 0x1000, @empty}, 0x1c)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
sendmmsg$unix(r1, &(0x7f0000001700)=[{{&(0x7f0000000380)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000000740), 0x0, 0x0, 0x0, 0x48014}}, {{&(0x7f00000007c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000000ec0)=[{&(0x7f0000000840)="c25c38288c2d0a2fb460958e03efa44c9e76ba317f4920dcfed496f12f722daa6f6e0bc166fef1d074d8ae8a00a41bda1c1eb81e41cffd537131aaf336a61f4f266d67d2d5b34dd860ad0254b0c036ad265dee4c820c614c55d018d5425f53476ffad6c0d8e02c3f3383996f35f99bff51045c125dc19bb7f1f79d90a07269ab08244123ab3e49f619164682f164fdfb0a0fbc05f1a8590d8ff7d15870a2f1caf98a81c27a5aeacdc2cb0f728c5b8093a67cd649d5230ca985415ca0336b523e49c4cf49adfe423aedc0b382e0aee684100eee327a9238689af1c7466f", 0xdd}, {&(0x7f0000000940)="2703e87a3ca78738adb04948eb5c1b2ac2c642cfcaff1b6340bc1b5842284d4abf8f8dbed7f85ca94815c81e7adafe592d437ec4e519223852a4ce16777be7daf000c40a2666ebb9406f2e58cf890b6707f00315abbbdfca754395c9080632c1fcc758d7c197a370e6c461deac340b7123517ff5c168b13d5f3ccaf2", 0x7c}, {&(0x7f00000009c0)="6eaf3cdbc4760fb24b3f75ae90782f45875607ea790758a66a9e72a6e1772989cc1018ef7e155e8f4d56c20dcfa9bd15a9a9ef60669f13fc85052047981cc7f97781b2a6b0c69d0f6c5ead78add596c7982dfa228341c7df9a53416533e2dfeacd45402ec0c98b3e0a8f5642620d3645c0884bf75394ae9cae696df46793c65e40ce18b26bb8701f4079f20e041d289c", 0x90}, {&(0x7f0000000a80)="f6d3ecfc85489e1ce42f7fbcb29e63fceebaae159c63b5a9667b83ae768f500293205dde3d6f780c2a93f9f1076585c7956611eee871d54ed38907a180eb8168697f7b50b2bba9f38da3a34143d234c35d44bfc31049dcc174ec3d5a5b9c5a1bd432e4342bab368dee7ea8e611cecd5b790b22cc98659ef4cbcee158d42ee5696d5b0d96ecb11fd667dd03a5dab4f561c95078f9281b424cfda6859303a5ebc836304e12b2017f01b54476c80d3c1710c2351aecec5c330775f85952751fd46fff28bd28e9653c7782bb0d29dd369303bafb646d07121dedb09a2c7edf3cd1a1528c8264422f022de6e3d477e14ee4c96ea391dea4b5c5", 0xf7}, {&(0x7f0000000b80)="cb91c269508b1da314117eae374a4b7fa70ff3954ff0b9702dd7c94813ae8e718a004f591a3a46c3debabe21a411499ae7d6ecbf541f4b411e9f182b302b8e0a41df76187474fa0ff9495682639d954235781ea7ee69e2a62703895f6bf33b7800be6c069877922744da265006f819b6158ba41b2be8d9ac2a41de74c1ffab6858a63f3f114b1f5f244405eb096d0b424ac833c42fa97494c1f8502c204d2e37670e0ce1a5f976740b57c39e5ed81606acb755ff6c43a0f7c7f18398c5e0e06179823a308d9605849dcb2a4b99fef9297fe9c1245bb0337537707329daeb08fbeb52b0333e", 0xe5}, {&(0x7f0000000c80)="540bd8a585c3ce28c4b64aef54c01f67ea12b299f110fc90a1ea218a3e44300eb68e64aad60c490cadc408431bf63ce440237edc5bb0f820156ea8208f7174fb380d711d8979e1715175cd949949fb104f1cc54e77e77457d02d96740b4b73e0efba4d8199249222d1a020453026dfb2801889d07571a2b36bd23c8d9fe53dcfa2ac4b287c5022bb34b25cd0038732413ce03edbf96d749d658c1af41dbf08378a68b05680ec92a45a600cc507a7b2314d0cb6da39dcf713e4cbb4b52c9829f0e573", 0xc2}, {&(0x7f00000000c0)="adf1d278abe141a4023d36381ba1a05fd3c453600854b01a4175852cf39db926", 0x20}, {&(0x7f0000000d80)="488b50088c07a227503531c94064cddb815317a68dc90b410c232193ff42c90ba0c507a69407cef5bb7d261bf1836a53bcc75b35b88bf16e7a9c13319ba7557359ae26399a00794afaa2eb98b14b04a25e22e3ddb21a1ff90c2a89bb54de6b054af2a53c23496dd8693f208f0a3a140eef31b29f35ecd57d74914cc77b5eca49ceb17b7a3e79ee05", 0x88}, {&(0x7f0000000e40)="1232890a5db3930971d04ecaf4c4fec6c11ac0f049c25e678b7e58566aa66cf45fd60bc2adbc840b770a4a4b10fcfb01e2ed43075b73514b6e14690126d6a294e0820ff7d484d079813901b6ac7ba48f1978ce1f2d8b0272a21f0f3f50f36ed31fed5c26f190e4b17ab9372982115f6b", 0x70}], 0x9, &(0x7f0000000580)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r2, @ANYRES32=0x0, @ANYRESHEX=r5, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32=r3, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r2, @ANYRES16=r5, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32=r6, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="204998f9a0fe3c58faf751bde1059a5c98acbc9074dffefa1429d00a69d7ed6cbc983dec47c3e193352c2cf1c1341906d90a65fc9fc0c32cea4b0a124dc1c4d873a943dc35152624825b4e914431e7925b2cd05c349c27af676e372c8be58a3ca04487ba4eba258c5fda2842ad057706c3fbff70482d2da1afe4b63936f052ad4b835718797baecf959aae65a8e699b49a9c0300000000000000d60b8a405bb13d770b5acaf90000000000000000", @ANYRES8=0x0], 0x98, 0x840}}, {{&(0x7f0000001380)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000001680)=[{&(0x7f0000001400)="9d95aa398a27e45263723c4a97628947c7c07980dd", 0x15}, {&(0x7f0000001440)="d156c221614303f2e964ee93873b7ae5730e5afce2f21e40a22efc08ff621359ae289e4e18edd8381f1897fb0c9fefd1489941b3367543120257284e6aa2fd0324b5b6a925fe7fa486f2d78decc5844ed3d44f8d4dbb6dca698278311a8350d4a4427bc585ad06844dfb35673551bd6864666c1163c3468158616380849389f893ed2f7882087c2cebb440a84a70cd8a6b0e16e5876c7b7b928c2cbebc64d9b55af406bdd8be1dbd14bd26824f8c4a28e22497942268f2e20b4fc3fdd91e05052a5b57692a252ffc9f8b5edc86680a41cd9723e846521765a8baf7264bcc02395172fe", 0xe3}, {&(0x7f0000001540)="1277f1f9785ed2ed012e5230ed", 0xd}, {&(0x7f0000001580)="703bb17363", 0x5}, {&(0x7f00000015c0)}, {&(0x7f0000001600)="e692f4a48f991e4b59268570cba7ffa8a017e66344c862a5c0ee951ba718dc2372d0ceb594095b3d5ac220547315861f5aefb0731514f4e7239d4e37df9ff21431af556f", 0x44}], 0x6}}], 0x3, 0x40)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="61123000000000006113100000000000bf2020000000000016000200071b48013f030100000000009500000000000000bc26000000000000bf67000000000000070200000fff07006702000003000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000040), 0x10}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff2500008000", @ANYRES32=r0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002800500190084"], 0x48}}, 0x4084)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)

464.064841ms ago: executing program 1 (id=1064):
socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x1248, &(0x7f0000000200)={0x0, 0xd5a1, 0x1, 0x40000002, 0xb8}, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000300), 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0xdfffffffffffffff, &(0x7f0000000340)=[0xffffffffffffffff], 0x1, 0x0, 0x1})
close(0xffffffffffffffff)
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(0xffffffffffffffff, 0xc2604111, &(0x7f0000000300)={0x9, [[0x5, 0x5, 0x51ea9978, 0xe9, 0x3, 0x641f, 0x9b48, 0x8001], [0x6, 0x101, 0x4, 0xf35, 0xfdff, 0x7, 0xfffff801, 0x7], [0x80000000, 0x7, 0x2, 0x9, 0x7, 0x8, 0x800, 0x5]], '\x00', [{0x8000, 0x5, 0x1, 0x0, 0x1, 0x1}, {0x100, 0x0, 0x1, 0x1, 0x1}, {0xf, 0x8008, 0x1, 0x1, 0x1}, {0x9, 0x200, 0x1, 0x1, 0x1}, {0x9, 0x8, 0x1, 0x0, 0x1}, {0x9, 0x2, 0x0, 0x1, 0x0, 0x1}, {0x1, 0x9, 0x1, 0x1, 0x1}, {0x0, 0x5, 0x1, 0x1}, {0x7, 0x4, 0x0, 0x0, 0x1, 0x1}, {0x80, 0x8f, 0x0, 0x1, 0x1}, {0x3, 0x8, 0x1, 0x1, 0x0, 0x1}, {0xe6, 0x3, 0x0, 0x1}], '\x00', 0x2})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$int_in(r2, 0x5452, &(0x7f0000000000)=0x6)
sendto$inet(r2, 0x0, 0x0, 0x20008014, &(0x7f0000000140)={0x2, 0x4e20}, 0x10)
shutdown(r2, 0x1)

329.404184ms ago: executing program 9 (id=1065):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r1, &(0x7f00000002c0)={0x1f, 0x0, @any, 0x84}, 0xe)
setsockopt$bt_BT_SECURITY(r1, 0x112, 0x4, 0x0, 0x0)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="500100000000fcdbdf2520010000000000000000000000000001000000000000000000000000000000010000006c000000000000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="20010000000000000000000000000002000000fe3200000000000000000000000000ffffac1414bb0000000000000000ca69ffffffffffff0000000000000000080000000000000000000000000000000000000000000000050000000000000043050000000000000700000000000000ffffffffffffff7f000000000000000000000000000000000000000000000000000000002dbd7000003500000a000000500000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000060000000210466d38547aa140db90100000000c54222cb7a"], 0x150}}, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$FUSE_DEV_IOC_BACKING_CLOSE(r3, 0xe503, 0x0)
r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
read$FUSE(r3, &(0x7f0000002100)={0x2020, 0x0, <r5=>0x0}, 0x2020)
ioctl$DRM_IOCTL_GET_CLIENT(r4, 0xc0286405, &(0x7f0000000340)={0xb23, 0xfffffffd, {0xffffffffffffffff}, {<r6=>0xee00}, 0x0, 0x5})
stat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
write$FUSE_ATTR(r3, &(0x7f0000000440)={0x78, 0x0, r5, {0x1, 0x8e4, 0x0, {0x0, 0x6, 0x5, 0x2, 0x2, 0x34b, 0x1, 0x6b, 0xfc64, 0xa000, 0x400, r6, r7, 0x1ff, 0x2}}}, 0x78)
fcntl$setstatus(r3, 0x4, 0x2000)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x413, &(0x7f0000000100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c2f724e0d5101ece9b31ca6de2b426abe6598f9c026498ba8c00c58e90fa7624722ea2eca1d9c8b0e2fb6a3f84263dbfc2099bc966ede665d4bab7f3086c0127a3afd36abb74c0b05b50ab7fee2121fc8788d357cd7126dc9388d89cc3920fe29718e22fb8b64b8bb2deb7efaa6e53704cb7fd5dfb972adf4aa0bdff6b35596e5e981a4328bb2ddf3a6ab9b1e06ca04cbde8d19ff4348cf34081d62772b0ccdfaf11f0b1813409306bffe3bcb4c9251c1b183e0a2753e147ef12db7276893739a768632fe2a48143365fe20c5554308dc5bc4d806410b971accb8a00328513d600aa89e7bdc7092b794915e227b9ed305a11c2aa34ee74af6e8155d6ef88ab5c365152b68c623c70f5da4a9f722fdf8a2c693cfe70e067691a19dbe3a2ab2a0a4ab"])

0s ago: executing program 1 (id=1066):
mlock(&(0x7f00007a5000/0x4000)=nil, 0x4000)
mlock2(&(0x7f00007a4000/0x2000)=nil, 0x2000, 0x1) (fail_nth: 3)

kernel console output (not intermixed with test programs):

0x40/0x90
[  262.604895][ T8168]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.604914][ T8168] RIP: 0033:0x7f4e6dc3c799
[  262.604932][ T8168] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  262.604949][ T8168] RSP: 002b:00007f4e6be8e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  262.604967][ T8168] RAX: ffffffffffffffda RBX: 00007f4e6deb5fa0 RCX: 00007f4e6dc3c799
[  262.604982][ T8168] RDX: 0000000004000000 RSI: 0000200000001200 RDI: 0000000000000003
[  262.604994][ T8168] RBP: 00007f4e6be8e090 R08: 0000000000000000 R09: 0000000000000000
[  262.605005][ T8168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  262.605016][ T8168] R13: 00007f4e6deb6038 R14: 00007f4e6deb5fa0 R15: 00007ffd9f7fb6c8
[  262.605045][ T8168]  </TASK>
[  263.105295][   T10] cdc_mbim 6-1:1.1: probe with driver cdc_mbim failed with error -71
[  263.160118][   T10] usb 6-1: USB disconnect, device number 2
[  263.304089][ T8176] FAULT_INJECTION: forcing a failure.
[  263.304089][ T8176] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  263.304111][ T8176] CPU: 1 UID: 0 PID: 8176 Comm: syz.6.670 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  263.304128][ T8176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  263.304145][ T8176] Call Trace:
[  263.304150][ T8176]  <TASK>
[  263.304156][ T8176]  dump_stack_lvl+0xe8/0x150
[  263.304200][ T8176]  should_fail_ex+0x46b/0x600
[  263.304223][ T8176]  _copy_to_user+0x31/0xb0
[  263.304247][ T8176]  simple_read_from_buffer+0xe1/0x170
[  263.304268][ T8176]  proc_fail_nth_read+0x1be/0x230
[  263.304289][ T8176]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  263.304309][ T8176]  ? rw_verify_area+0x2ac/0x4e0
[  263.304330][ T8176]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  263.304349][ T8176]  vfs_read+0x212/0xa80
[  263.304376][ T8176]  ? __pfx_vfs_read+0x10/0x10
[  263.304410][ T8176]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  263.304432][ T8176]  ? lockdep_hardirqs_on+0x7a/0x110
[  263.304454][ T8176]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  263.304476][ T8176]  ? mutex_lock_nested+0x152/0x1d0
[  263.304493][ T8176]  ? fdget_pos+0x252/0x320
[  263.304516][ T8176]  ksys_read+0x156/0x270
[  263.304537][ T8176]  ? __pfx_ksys_read+0x10/0x10
[  263.304564][ T8176]  do_syscall_64+0x14d/0xf80
[  263.304577][ T8176]  ? trace_irq_disable+0x3b/0x150
[  263.304593][ T8176]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.304607][ T8176]  ? clear_bhb_loop+0x40/0x90
[  263.304624][ T8176]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.304638][ T8176] RIP: 0033:0x7fe3ee63cfce
[  263.304650][ T8176] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  263.304662][ T8176] RSP: 002b:00007fe3ec8cdfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  263.304676][ T8176] RAX: ffffffffffffffda RBX: 00007fe3ec8ce6c0 RCX: 00007fe3ee63cfce
[  263.304686][ T8176] RDX: 000000000000000f RSI: 00007fe3ec8ce0a0 RDI: 0000000000000003
[  263.304695][ T8176] RBP: 00007fe3ec8ce090 R08: 0000000000000000 R09: 0000000000000000
[  263.304703][ T8176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  263.304711][ T8176] R13: 00007fe3ee8f6038 R14: 00007fe3ee8f5fa0 R15: 00007ffefd9f6668
[  263.304732][ T8176]  </TASK>
[  263.472982][ T5886] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  263.661919][ T5886] usb 8-1: config 1 has an invalid interface number: 7 but max is 0
[  263.661946][ T5886] usb 8-1: config 1 has no interface number 0
[  263.661986][ T5886] usb 8-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  263.662011][ T5886] usb 8-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  263.662036][ T5886] usb 8-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  263.669177][ T5886] usb 8-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  263.669196][ T5886] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  263.669208][ T5886] usb 8-1: Product: syz
[  263.669217][ T5886] usb 8-1: Manufacturer: syz
[  263.669227][ T5886] usb 8-1: SerialNumber: syz
[  263.766090][ T8173] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  264.010205][ T8173] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  264.200137][   T55] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  264.248070][ T5886] usb 8-1: Incompatible driver and firmware versions
[  264.298016][ T5886] usb 8-1: USB disconnect, device number 2
[  264.374972][   T55] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  264.376516][   T55] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  264.377562][   T55] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  264.417567][   T55] usb 7-1: New USB device found, idVendor=0fe9, idProduct=db55, bcdDevice=69.fb
[  264.417593][   T55] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=201
[  264.417613][   T55] usb 7-1: Product: syz
[  264.417627][   T55] usb 7-1: Manufacturer: syz
[  264.417641][   T55] usb 7-1: SerialNumber: syz
[  264.459156][   T55] usb 7-1: config 0 descriptor??
[  264.522602][ T8198] No control pipe specified
[  264.874474][ T8183] futex_wake_op: syz.6.671 tries to shift op by -1; fix this program
[  266.020144][ T5912] usb 7-1: USB disconnect, device number 2
[  266.332014][   T55] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  266.483555][   T55] usb 8-1: config index 0 descriptor too short (expected 39, got 27)
[  266.483607][   T55] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  266.483630][   T55] usb 8-1: config 0 interface 0 has no altsetting 0
[  266.486448][   T55] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  266.486474][   T55] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  266.486494][   T55] usb 8-1: Product: syz
[  266.486508][   T55] usb 8-1: Manufacturer: syz
[  266.486521][   T55] usb 8-1: SerialNumber: syz
[  266.584757][   T55] usb 8-1: config 0 descriptor??
[  266.635516][   T55] hub 8-1:0.0: bad descriptor, ignoring hub
[  266.635561][   T55] hub 8-1:0.0: probe with driver hub failed with error -5
[  266.667616][   T55] usb 8-1: selecting invalid altsetting 0
[  266.685965][ T8233] netlink: 'syz.6.684': attribute type 10 has an invalid length.
[  266.707380][ T8233] team0: Device vxcan1 is of different type
[  268.219171][   T55] usb 8-1: USB disconnect, device number 3
[  268.410233][ T5886] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  268.499416][ T8253] openvswitch: netlink: Missing key (keys=40, expected=80)
[  268.500481][ T8253] netlink: 68 bytes leftover after parsing attributes in process `syz.5.688'.
[  268.586132][ T5886] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  268.586151][ T5886] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  268.586163][ T5886] usb 1-1: Product: syz
[  268.586172][ T5886] usb 1-1: Manufacturer: syz
[  268.586181][ T5886] usb 1-1: SerialNumber: syz
[  268.640204][ T5971] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  268.674048][ T5886] usb 1-1: config 0 descriptor??
[  268.790117][ T5971] usb 2-1: Using ep0 maxpacket: 32
[  268.793574][ T5971] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  268.793601][ T5971] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  268.796224][ T5971] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  268.796250][ T5971] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  268.796269][ T5971] usb 2-1: Product: syz
[  268.796282][ T5971] usb 2-1: Manufacturer: syz
[  268.861454][ T5971] hub 2-1:4.0: USB hub found
[  269.068205][ T5971] hub 2-1:4.0: 2 ports detected
[  269.275463][ T5971] hub 2-1:4.0: hub_hub_status failed (err = -71)
[  269.275495][ T5971] hub 2-1:4.0: config failed, can't get hub status (err -71)
[  269.344031][ T5971] usb 2-1: USB disconnect, device number 23
[  269.706446][ T8269] netlink: 8 bytes leftover after parsing attributes in process `syz.5.692'.
[  269.707536][ T8269] netlink: 'syz.5.692': attribute type 30 has an invalid length.
[  269.709701][ T5886] usb 1-1: non-Atmel transceiver xxxxe200
[  269.887918][ T8270] netlink: 8 bytes leftover after parsing attributes in process `syz.5.692'.
[  269.887948][ T8270] netlink: 'syz.5.692': attribute type 30 has an invalid length.
[  270.284750][ T5886] usb 1-1: Firmware version (0.0) predates our first public release.
[  270.284776][ T5886] usb 1-1: Please update to version 0.2 or newer
[  270.285237][ T5886] usb 1-1: atusb_probe: initialization failed, error = -19
[  270.294374][ T5886] usb 1-1: USB disconnect, device number 24
[  271.452847][ T7070] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  271.455865][   T65] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  271.456089][   T65] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  271.456142][   T65] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  274.740885][ T8316] openvswitch: netlink: Missing key (keys=40, expected=80)
[  274.741643][ T8316] netlink: 68 bytes leftover after parsing attributes in process `syz.5.702'.
[  275.860017][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  275.900931][ T8325] openvswitch: netlink: Missing key (keys=40, expected=80)
[  275.927809][ T8325] netlink: 68 bytes leftover after parsing attributes in process `syz.6.703'.
[  276.070028][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  277.140074][   T10] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  277.270069][   T10] usb 8-1: device descriptor read/64, error -71
[  277.520257][   T10] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  277.546935][ T8350] FAULT_INJECTION: forcing a failure.
[  277.546935][ T8350] name failslab, interval 1, probability 0, space 0, times 0
[  277.546964][ T8350] CPU: 1 UID: 0 PID: 8350 Comm: syz.6.712 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  277.546986][ T8350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  277.546997][ T8350] Call Trace:
[  277.547004][ T8350]  <TASK>
[  277.547012][ T8350]  dump_stack_lvl+0xe8/0x150
[  277.547045][ T8350]  should_fail_ex+0x46b/0x600
[  277.547074][ T8350]  should_failslab+0xa8/0x100
[  277.547096][ T8350]  kmem_cache_alloc_noprof+0x87/0x680
[  277.547125][ T8350]  ? skb_clone+0x212/0x3a0
[  277.547150][ T8350]  skb_clone+0x212/0x3a0
[  277.547173][ T8350]  __netlink_deliver_tap+0x404/0x850
[  277.547211][ T8350]  ? netlink_deliver_tap+0x2e/0x1b0
[  277.547238][ T8350]  netlink_deliver_tap+0x19c/0x1b0
[  277.547266][ T8350]  netlink_unicast+0x805/0x9f0
[  277.547297][ T8350]  ? __pfx_netlink_unicast+0x10/0x10
[  277.547322][ T8350]  ? netlink_sendmsg+0x650/0xb40
[  277.547347][ T8350]  ? skb_put+0x11b/0x210
[  277.547379][ T8350]  netlink_sendmsg+0x813/0xb40
[  277.547415][ T8350]  ? __pfx_netlink_sendmsg+0x10/0x10
[  277.547449][ T8350]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  277.547480][ T8350]  ? __pfx_netlink_sendmsg+0x10/0x10
[  277.547506][ T8350]  sock_write_iter+0x4a1/0x4f0
[  277.547531][ T8350]  ? __pfx_sock_write_iter+0x10/0x10
[  277.547575][ T8350]  vfs_write+0x629/0xba0
[  277.547610][ T8350]  ? __pfx_vfs_write+0x10/0x10
[  277.547647][ T8350]  ? __fget_files+0x2a/0x420
[  277.547682][ T8350]  ksys_write+0x156/0x270
[  277.547712][ T8350]  ? __pfx_ksys_write+0x10/0x10
[  277.547752][ T8350]  do_syscall_64+0x14d/0xf80
[  277.547776][ T8350]  ? trace_irq_disable+0x3b/0x150
[  277.547799][ T8350]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.547819][ T8350]  ? clear_bhb_loop+0x40/0x90
[  277.547843][ T8350]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.547863][ T8350] RIP: 0033:0x7fe3ee67c799
[  277.547880][ T8350] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  277.547897][ T8350] RSP: 002b:00007fe3ec8ad028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  277.547917][ T8350] RAX: ffffffffffffffda RBX: 00007fe3ee8f6090 RCX: 00007fe3ee67c799
[  277.547931][ T8350] RDX: 0000000000000140 RSI: 00002000000000c0 RDI: 0000000000000006
[  277.547943][ T8350] RBP: 00007fe3ec8ad090 R08: 0000000000000000 R09: 0000000000000000
[  277.547954][ T8350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  277.547965][ T8350] R13: 00007fe3ee8f6128 R14: 00007fe3ee8f6090 R15: 00007ffefd9f6668
[  277.547995][ T8350]  </TASK>
[  278.490111][   T10] usb 8-1: device descriptor read/64, error -71
[  278.610368][   T10] usb usb8-port1: attempt power cycle
[  278.839291][ T8358] netlink: 'syz.1.713': attribute type 10 has an invalid length.
[  278.849218][ T8358] team0: Device vxcan1 is of different type
[  278.886017][ T8360] netlink: 216 bytes leftover after parsing attributes in process `syz.0.715'.
[  278.886052][ T8360] netlink: 'syz.0.715': attribute type 2 has an invalid length.
[  279.054494][ T5877] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  279.965215][ T5877] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  279.965239][ T5877] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  279.965253][ T5877] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  279.965281][ T5877] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  279.965296][ T5877] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.530606][ T5877] usb 6-1: config 0 descriptor??
[  280.930464][ T5877] usbhid 6-1:0.0: can't add hid device: -71
[  280.930566][ T5877] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  281.434393][ T5877] usb 6-1: USB disconnect, device number 3
[  282.836585][ T8394] openvswitch: netlink: Missing key (keys=40, expected=80)
[  282.837249][ T8394] netlink: 68 bytes leftover after parsing attributes in process `syz.5.721'.
[  283.282372][ T8399] FAULT_INJECTION: forcing a failure.
[  283.282372][ T8399] name failslab, interval 1, probability 0, space 0, times 0
[  283.282405][ T8399] CPU: 1 UID: 0 PID: 8399 Comm: syz.1.724 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  283.282427][ T8399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  283.282439][ T8399] Call Trace:
[  283.282446][ T8399]  <TASK>
[  283.282455][ T8399]  dump_stack_lvl+0xe8/0x150
[  283.282489][ T8399]  should_fail_ex+0x46b/0x600
[  283.282519][ T8399]  should_failslab+0xa8/0x100
[  283.282540][ T8399]  __kmalloc_cache_noprof+0x84/0x690
[  283.282571][ T8399]  ? __se_sys_mount+0x166/0x420
[  283.282594][ T8399]  ? memdup_user+0x99/0xd0
[  283.282623][ T8399]  __se_sys_mount+0x166/0x420
[  283.282653][ T8399]  ? __pfx___se_sys_mount+0x10/0x10
[  283.282683][ T8399]  ? __x64_sys_mount+0x20/0xc0
[  283.282725][ T8399]  do_syscall_64+0x14d/0xf80
[  283.282743][ T8399]  ? trace_irq_disable+0x3b/0x150
[  283.282765][ T8399]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.282785][ T8399]  ? clear_bhb_loop+0x40/0x90
[  283.282810][ T8399]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.282829][ T8399] RIP: 0033:0x7f0b09e6c799
[  283.282847][ T8399] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  283.282863][ T8399] RSP: 002b:00007f0b0809d028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  283.282884][ T8399] RAX: ffffffffffffffda RBX: 00007f0b0a0e6090 RCX: 00007f0b09e6c799
[  283.282898][ T8399] RDX: 0000200000000100 RSI: 0000200000000000 RDI: 0000000000000000
[  283.282910][ T8399] RBP: 00007f0b0809d090 R08: 00002000000003c0 R09: 0000000000000000
[  283.282922][ T8399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  283.282933][ T8399] R13: 00007f0b0a0e6128 R14: 00007f0b0a0e6090 R15: 00007fff8a151e58
[  283.282963][ T8399]  </TASK>
[  283.471603][ T8397] No control pipe specified
[  283.559767][ T8403] FAULT_INJECTION: forcing a failure.
[  283.559767][ T8403] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  283.559797][ T8403] CPU: 1 UID: 0 PID: 8403 Comm: syz.7.725 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  283.559819][ T8403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  283.559831][ T8403] Call Trace:
[  283.559838][ T8403]  <TASK>
[  283.559847][ T8403]  dump_stack_lvl+0xe8/0x150
[  283.559880][ T8403]  should_fail_ex+0x46b/0x600
[  283.559912][ T8403]  _copy_to_user+0x31/0xb0
[  283.559944][ T8403]  simple_read_from_buffer+0xe1/0x170
[  283.559978][ T8403]  proc_fail_nth_read+0x1be/0x230
[  283.560005][ T8403]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  283.560032][ T8403]  ? rw_verify_area+0x2ac/0x4e0
[  283.560060][ T8403]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  283.560085][ T8403]  vfs_read+0x212/0xa80
[  283.560120][ T8403]  ? __pfx_vfs_read+0x10/0x10
[  283.560151][ T8403]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  283.560182][ T8403]  ? lockdep_hardirqs_on+0x7a/0x110
[  283.560221][ T8403]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  283.560252][ T8403]  ? mutex_lock_nested+0x152/0x1d0
[  283.560275][ T8403]  ? fdget_pos+0x252/0x320
[  283.560308][ T8403]  ksys_read+0x156/0x270
[  283.560339][ T8403]  ? __pfx_ksys_read+0x10/0x10
[  283.560378][ T8403]  do_syscall_64+0x14d/0xf80
[  283.560395][ T8403]  ? trace_irq_disable+0x3b/0x150
[  283.560418][ T8403]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.560438][ T8403]  ? clear_bhb_loop+0x40/0x90
[  283.560463][ T8403]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.560482][ T8403] RIP: 0033:0x7f4e6dbfcfce
[  283.560500][ T8403] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  283.560517][ T8403] RSP: 002b:00007f4e6be8dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  283.560537][ T8403] RAX: ffffffffffffffda RBX: 00007f4e6be8e6c0 RCX: 00007f4e6dbfcfce
[  283.560551][ T8403] RDX: 000000000000000f RSI: 00007f4e6be8e0a0 RDI: 0000000000000006
[  283.560563][ T8403] RBP: 00007f4e6be8e090 R08: 0000000000000000 R09: 0000000000000000
[  283.560575][ T8403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  283.560585][ T8403] R13: 00007f4e6deb6038 R14: 00007f4e6deb5fa0 R15: 00007ffd9f7fb6c8
[  283.560615][ T8403]  </TASK>
[  285.259355][ T8420] netlink: 12 bytes leftover after parsing attributes in process `syz.6.730'.
[  285.434384][ T8421] netlink: 8 bytes leftover after parsing attributes in process `syz.6.730'.
[  285.510049][ T8421] tmpfs: Unknown parameter 'rootcontext'
[  285.604521][ T8420] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(12)
[  285.604546][ T8420] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  285.604627][ T8420] vhci_hcd vhci_hcd.0: Device attached
[  286.675466][ T8426] vhci_hcd: connection closed
[  286.945128][ T1365] vhci_hcd vhci_hcd.6: stop threads
[  286.945271][ T1365] vhci_hcd vhci_hcd.6: release socket
[  287.041491][ T1365] vhci_hcd vhci_hcd.6: disconnect device
[  287.116276][    T9] vhci_hcd vhci_hcd.6: vhci_device speed not set
[  288.360822][ T8451] FAULT_INJECTION: forcing a failure.
[  288.360822][ T8451] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  288.360856][ T8451] CPU: 0 UID: 0 PID: 8451 Comm: syz.5.737 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  288.360877][ T8451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  288.360889][ T8451] Call Trace:
[  288.360897][ T8451]  <TASK>
[  288.360905][ T8451]  dump_stack_lvl+0xe8/0x150
[  288.360940][ T8451]  should_fail_ex+0x46b/0x600
[  288.360971][ T8451]  prepare_alloc_pages+0x22a/0x6b0
[  288.361000][ T8451]  __alloc_frozen_pages_noprof+0x12f/0x380
[  288.361026][ T8451]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  288.361052][ T8451]  ? __pfx_policy_nodemask+0x10/0x10
[  288.361074][ T8451]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  288.361110][ T8451]  alloc_pages_mpol+0xd1/0x380
[  288.361134][ T8451]  vma_alloc_folio_noprof+0xea/0x290
[  288.361157][ T8451]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  288.361188][ T8451]  do_wp_page+0x127a/0x49d0
[  288.361237][ T8451]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  288.361269][ T8451]  ? preempt_count_add+0x91/0x190
[  288.361295][ T8451]  ? __pfx_do_wp_page+0x10/0x10
[  288.361320][ T8451]  ? rt_spin_lock+0x2ce/0x400
[  288.361349][ T8451]  ? __pfx_rt_spin_lock+0x10/0x10
[  288.361379][ T8451]  ? pte_offset_map_rw_nolock+0xea/0x160
[  288.361412][ T8451]  handle_mm_fault+0x9f5/0x13c0
[  288.361447][ T8451]  ? handle_mm_fault+0xe7/0x13c0
[  288.361478][ T8451]  ? __pfx_handle_mm_fault+0x10/0x10
[  288.361509][ T8451]  ? follow_page_pte+0xb37/0x1380
[  288.361547][ T8451]  ? __pfx_follow_page_pte+0x10/0x10
[  288.361587][ T8451]  __get_user_pages+0x1679/0x2800
[  288.361644][ T8451]  __gup_longterm_locked+0xdcf/0x1630
[  288.361686][ T8451]  ? sanity_check_pinned_pages+0x1212/0x12d0
[  288.361722][ T8451]  gup_fast_fallback+0x1cf1/0x2240
[  288.361780][ T8451]  ? __pfx_gup_fast_fallback+0x10/0x10
[  288.361816][ T8451]  ? pin_user_pages_fast+0x4d/0xb0
[  288.361847][ T8451]  iov_iter_extract_pages+0x37b/0x5f0
[  288.361884][ T8451]  extract_iter_to_sg+0xe62/0x2520
[  288.361923][ T8451]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  288.361965][ T8451]  ? __asan_memset+0x22/0x50
[  288.361993][ T8451]  af_alg_get_rsgl+0x436/0x810
[  288.362040][ T8451]  skcipher_recvmsg+0x3a3/0x1140
[  288.362078][ T8451]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  288.362102][ T8451]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  288.362130][ T8451]  ? security_socket_recvmsg+0x7e/0x2c0
[  288.362159][ T8451]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  288.362180][ T8451]  sock_recvmsg+0x172/0x1b0
[  288.362208][ T8451]  ____sys_recvmsg+0x1f2/0x4b0
[  288.362243][ T8451]  ? __pfx_____sys_recvmsg+0x10/0x10
[  288.362278][ T8451]  ? import_iovec+0x73/0xa0
[  288.362309][ T8451]  ___sys_recvmsg+0x215/0x590
[  288.362336][ T8451]  ? __pfx____sys_recvmsg+0x10/0x10
[  288.362380][ T8451]  ? __fget_files+0x3a6/0x420
[  288.362416][ T8451]  __x64_sys_recvmsg+0x1c0/0x2a0
[  288.362440][ T8451]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  288.362471][ T8451]  ? __pfx_ksys_write+0x10/0x10
[  288.362511][ T8451]  do_syscall_64+0x14d/0xf80
[  288.362528][ T8451]  ? trace_irq_disable+0x3b/0x150
[  288.362551][ T8451]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.362571][ T8451]  ? clear_bhb_loop+0x40/0x90
[  288.362595][ T8451]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.362615][ T8451] RIP: 0033:0x7f6f9678c799
[  288.362633][ T8451] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  288.362650][ T8451] RSP: 002b:00007f6f949de028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  288.362670][ T8451] RAX: ffffffffffffffda RBX: 00007f6f96a05fa0 RCX: 00007f6f9678c799
[  288.362684][ T8451] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004
[  288.362696][ T8451] RBP: 00007f6f949de090 R08: 0000000000000000 R09: 0000000000000000
[  288.362708][ T8451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  288.362719][ T8451] R13: 00007f6f96a06038 R14: 00007f6f96a05fa0 R15: 00007fff550dbd38
[  288.362749][ T8451]  </TASK>
[  289.108983][ T8454] usb usb1: usbfs: process 8454 (syz.0.736) did not claim interface 0 before use
[  289.332119][   T36] audit: type=1326 audit(1774258862.535:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8450 comm="syz.0.736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e1ed5c799 code=0x7ffc0000
[  289.332375][   T36] audit: type=1326 audit(1774258862.545:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8450 comm="syz.0.736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e1ed5c799 code=0x7ffc0000
[  289.332609][   T36] audit: type=1326 audit(1774258862.545:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8450 comm="syz.0.736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=315 compat=0 ip=0x7f9e1ed5c799 code=0x7ffc0000
[  289.332869][   T36] audit: type=1326 audit(1774258862.545:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8450 comm="syz.0.736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e1ed5c799 code=0x7ffc0000
[  289.333194][   T36] audit: type=1326 audit(1774258862.555:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8450 comm="syz.0.736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e1ed5c799 code=0x7ffc0000
[  289.333437][   T36] audit: type=1326 audit(1774258862.555:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8450 comm="syz.0.736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9e1ed1cfce code=0x7ffc0000
[  289.333679][   T36] audit: type=1326 audit(1774258862.565:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8450 comm="syz.0.736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e1ed5c799 code=0x7ffc0000
[  289.333931][   T36] audit: type=1326 audit(1774258862.565:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8450 comm="syz.0.736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e1ed5c799 code=0x7ffc0000
[  289.334293][   T36] audit: type=1326 audit(1774258862.575:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8450 comm="syz.0.736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9e1ed5c799 code=0x7ffc0000
[  289.334525][   T36] audit: type=1326 audit(1774258862.575:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8450 comm="syz.0.736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e1ed5c799 code=0x7ffc0000
[  290.111837][ T8459] FAULT_INJECTION: forcing a failure.
[  290.111837][ T8459] name failslab, interval 1, probability 0, space 0, times 0
[  290.111871][ T8459] CPU: 0 UID: 0 PID: 8459 Comm: syz.1.739 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  290.111894][ T8459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  290.111906][ T8459] Call Trace:
[  290.111914][ T8459]  <TASK>
[  290.111922][ T8459]  dump_stack_lvl+0xe8/0x150
[  290.111957][ T8459]  should_fail_ex+0x46b/0x600
[  290.111989][ T8459]  should_failslab+0xa8/0x100
[  290.112011][ T8459]  kmem_cache_alloc_lru_noprof+0x8b/0x680
[  290.112042][ T8459]  ? __d_alloc+0x37/0x6f0
[  290.112076][ T8459]  __d_alloc+0x37/0x6f0
[  290.112104][ T8459]  ? rcu_is_watching+0x15/0xb0
[  290.112130][ T8459]  d_alloc_pseudo+0x21/0xc0
[  290.112159][ T8459]  alloc_file_pseudo+0xdd/0x240
[  290.112188][ T8459]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  290.112211][ T8459]  ? evm_inode_alloc_security+0x40/0xb0
[  290.112236][ T8459]  ? security_inode_alloc+0xd5/0x310
[  290.112271][ T8459]  sock_alloc_file+0xb8/0x2f0
[  290.112300][ T8459]  do_accept+0x3ab/0x760
[  290.112334][ T8459]  ? __pfx_do_accept+0x10/0x10
[  290.112384][ T8459]  __sys_accept4+0x139/0x230
[  290.112417][ T8459]  ? __pfx___sys_accept4+0x10/0x10
[  290.112447][ T8459]  ? __pfx_ksys_write+0x10/0x10
[  290.112483][ T8459]  __x64_sys_accept4+0x9a/0xb0
[  290.112516][ T8459]  do_syscall_64+0x14d/0xf80
[  290.112545][ T8459]  ? trace_irq_disable+0x3b/0x150
[  290.112580][ T8459]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.112600][ T8459]  ? clear_bhb_loop+0x40/0x90
[  290.112623][ T8459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.112642][ T8459] RIP: 0033:0x7f0b09e6c799
[  290.112660][ T8459] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  290.112677][ T8459] RSP: 002b:00007f0b080be028 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  290.112697][ T8459] RAX: ffffffffffffffda RBX: 00007f0b0a0e5fa0 RCX: 00007f0b09e6c799
[  290.112710][ T8459] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  290.112721][ T8459] RBP: 00007f0b080be090 R08: 0000000000000000 R09: 0000000000000000
[  290.112733][ T8459] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[  290.112744][ T8459] R13: 00007f0b0a0e6038 R14: 00007f0b0a0e5fa0 R15: 00007fff8a151e58
[  290.112772][ T8459]  </TASK>
[  290.502640][ T8471] netlink: 24 bytes leftover after parsing attributes in process `syz.6.744'.
[  290.622884][ T8477] FAULT_INJECTION: forcing a failure.
[  290.622884][ T8477] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  290.622916][ T8477] CPU: 1 UID: 0 PID: 8477 Comm: syz.5.747 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  290.622938][ T8477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  290.622950][ T8477] Call Trace:
[  290.622958][ T8477]  <TASK>
[  290.622966][ T8477]  dump_stack_lvl+0xe8/0x150
[  290.623002][ T8477]  should_fail_ex+0x46b/0x600
[  290.623032][ T8477]  _copy_to_user+0x31/0xb0
[  290.623063][ T8477]  simple_read_from_buffer+0xe1/0x170
[  290.623092][ T8477]  proc_fail_nth_read+0x1be/0x230
[  290.623119][ T8477]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  290.623147][ T8477]  ? rw_verify_area+0x2ac/0x4e0
[  290.623176][ T8477]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  290.623201][ T8477]  vfs_read+0x212/0xa80
[  290.623236][ T8477]  ? __pfx_vfs_read+0x10/0x10
[  290.623266][ T8477]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  290.623298][ T8477]  ? lockdep_hardirqs_on+0x7a/0x110
[  290.623328][ T8477]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  290.623358][ T8477]  ? mutex_lock_nested+0x152/0x1d0
[  290.623381][ T8477]  ? fdget_pos+0x252/0x320
[  290.623413][ T8477]  ksys_read+0x156/0x270
[  290.623444][ T8477]  ? __pfx_ksys_read+0x10/0x10
[  290.623473][ T8477]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  290.623518][ T8477]  do_syscall_64+0x14d/0xf80
[  290.623536][ T8477]  ? trace_irq_disable+0x3b/0x150
[  290.623559][ T8477]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.623579][ T8477]  ? clear_bhb_loop+0x40/0x90
[  290.623603][ T8477]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.623623][ T8477] RIP: 0033:0x7f6f9674cfce
[  290.623640][ T8477] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  290.623658][ T8477] RSP: 002b:00007f6f949ddfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  290.623679][ T8477] RAX: ffffffffffffffda RBX: 00007f6f949de6c0 RCX: 00007f6f9674cfce
[  290.623693][ T8477] RDX: 000000000000000f RSI: 00007f6f949de0a0 RDI: 0000000000000004
[  290.623705][ T8477] RBP: 00007f6f949de090 R08: 0000000000000000 R09: 0000000000000000
[  290.623717][ T8477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  290.623728][ T8477] R13: 00007f6f96a06038 R14: 00007f6f96a05fa0 R15: 00007fff550dbd38
[  290.623759][ T8477]  </TASK>
[  291.647037][ T8472] gretap0: refused to change device tx_queue_len
[  291.647059][ T8472] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  291.789217][ T8490] netlink: 12 bytes leftover after parsing attributes in process `syz.7.748'.
[  291.807677][ T8491] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  291.840809][ T8494] netlink: 8 bytes leftover after parsing attributes in process `syz.7.748'.
[  291.844106][ T8494] tmpfs: Unknown parameter 'rootcontext'
[  291.888345][ T8494] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(12)
[  291.888370][ T8494] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  291.888460][ T8494] vhci_hcd vhci_hcd.0: Device attached
[  292.000271][ T5877] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  292.150122][ T5912] usb 47-1: new high-speed USB device number 2 using vhci_hcd
[  292.230228][ T8489] capability: warning: `syz.5.749' uses 32-bit capabilities (legacy support in use)
[  292.478634][ T8495] vhci_hcd: connection reset by peer
[  292.479164][  T165] vhci_hcd vhci_hcd.7: stop threads
[  292.479185][  T165] vhci_hcd vhci_hcd.7: release socket
[  292.479245][  T165] vhci_hcd vhci_hcd.7: disconnect device
[  292.625428][    T9] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  292.952491][ T5877] usb 6-1: unable to get BOS descriptor or descriptor too short
[  292.961132][ T5877] usb 6-1: unable to read config index 0 descriptor/start: -71
[  292.961381][ T5877] usb 6-1: can't read configurations, error -71
[  293.399277][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  293.399310][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  293.399345][    T9] usb 1-1: New USB device found, idVendor=0b05, idProduct=1abe, bcdDevice= 0.00
[  293.399369][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.406162][    T9] usb 1-1: config 0 descriptor??
[  293.478239][ T8520] No control pipe specified
[  293.823621][ T8530] netlink: 8 bytes leftover after parsing attributes in process `syz.1.759'.
[  294.390514][ T8510] loop5: detected capacity change from 0 to 7
[  294.424736][ T8510] Dev loop5: unable to read RDB block 7
[  294.424766][ T8510]  loop5: AHDI p1 p2 p3
[  294.424791][ T8510] loop5: partition table partially beyond EOD, truncated
[  294.424990][ T8510] loop5: p1 start 1601398130 is beyond EOD, truncated
[  294.425010][ T8510] loop5: p2 start 1702059890 is beyond EOD, truncated
[  294.670372][    T9] asus 0003:0B05:1ABE.0008: unknown main item tag 0x0
[  294.670406][    T9] asus 0003:0B05:1ABE.0008: unknown main item tag 0x0
[  294.670430][    T9] asus 0003:0B05:1ABE.0008: unknown main item tag 0x0
[  294.670454][    T9] asus 0003:0B05:1ABE.0008: unknown main item tag 0x0
[  294.670479][    T9] asus 0003:0B05:1ABE.0008: unknown main item tag 0x0
[  294.670502][    T9] asus 0003:0B05:1ABE.0008: unknown main item tag 0x0
[  294.670525][    T9] asus 0003:0B05:1ABE.0008: unknown main item tag 0x0
[  294.670547][    T9] asus 0003:0B05:1ABE.0008: unknown main item tag 0x0
[  294.670570][    T9] asus 0003:0B05:1ABE.0008: unknown main item tag 0x0
[  294.670593][    T9] asus 0003:0B05:1ABE.0008: unknown main item tag 0x0
[  294.672795][    T9] asus 0003:0B05:1ABE.0008: item fetching failed at offset 314/483
[  294.673483][    T9] asus 0003:0B05:1ABE.0008: Asus hid parse failed: -22
[  294.673580][    T9] asus 0003:0B05:1ABE.0008: probe with driver asus failed with error -22
[  294.782725][ T8510] netlink: 16 bytes leftover after parsing attributes in process `syz.0.755'.
[  295.063497][ T5166] Dev loop5: unable to read RDB block 7
[  295.063526][ T5166]  loop5: AHDI p1 p2 p3
[  295.063551][ T5166] loop5: partition table partially beyond EOD, truncated
[  295.063753][ T5166] loop5: p1 start 1601398130 is beyond EOD, truncated
[  295.063770][ T5166] loop5: p2 start 1702059890 is beyond EOD, truncated
[  295.065238][ T5877] usb 1-1: USB disconnect, device number 25
[  296.346968][ T8558] autofs: Bad value for 'fd'
[  296.532677][ T8562] netlink: 12 bytes leftover after parsing attributes in process `syz.7.768'.
[  296.584017][ T8565] netlink: 8 bytes leftover after parsing attributes in process `syz.7.768'.
[  296.666591][ T8562] tmpfs: Unknown parameter 'rootcontext'
[  296.762063][ T8562] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(12)
[  296.762088][ T8562] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  296.762475][ T8562] vhci_hcd vhci_hcd.0: Device attached
[  297.126615][ T8571] vhci_hcd: connection closed
[  297.136226][ T7070] vhci_hcd vhci_hcd.7: stop threads
[  297.136250][ T7070] vhci_hcd vhci_hcd.7: release socket
[  297.136320][ T7070] vhci_hcd vhci_hcd.7: disconnect device
[  297.270118][ T5912] vhci_hcd vhci_hcd.7: vhci_device speed not set
[  297.385245][ T8589] TCP: TCP_TX_DELAY enabled
[  297.970502][ T8592] FAULT_INJECTION: forcing a failure.
[  297.970502][ T8592] name failslab, interval 1, probability 0, space 0, times 0
[  297.970524][ T8592] CPU: 1 UID: 0 PID: 8592 Comm: syz.6.777 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  297.970540][ T8592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  297.970549][ T8592] Call Trace:
[  297.970554][ T8592]  <TASK>
[  297.970560][ T8592]  dump_stack_lvl+0xe8/0x150
[  297.970584][ T8592]  should_fail_ex+0x46b/0x600
[  297.970606][ T8592]  should_failslab+0xa8/0x100
[  297.970621][ T8592]  kmem_cache_alloc_noprof+0x87/0x680
[  297.970643][ T8592]  ? alloc_empty_file+0x55/0x1d0
[  297.970663][ T8592]  alloc_empty_file+0x55/0x1d0
[  297.970680][ T8592]  path_openat+0x11b/0x38a0
[  297.970707][ T8592]  ? try_to_take_rt_mutex+0x840/0xb00
[  297.970726][ T8592]  ? arch_stack_walk+0xfb/0x150
[  297.970745][ T8592]  ? rtlock_slowlock_locked+0xfb/0x3c80
[  297.970770][ T8592]  ? __pfx_path_openat+0x10/0x10
[  297.970790][ T8592]  ? __lock_acquire+0x6b5/0x2cf0
[  297.970806][ T8592]  ? kmem_cache_alloc_noprof+0x33b/0x680
[  297.970830][ T8592]  ? do_raw_spin_lock+0x12b/0x2f0
[  297.970856][ T8592]  do_file_open+0x23e/0x4a0
[  297.970876][ T8592]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  297.970906][ T8592]  ? __pfx_do_file_open+0x10/0x10
[  297.970926][ T8592]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  297.970957][ T8592]  ? alloc_fd+0x64e/0x6c0
[  297.970981][ T8592]  do_sys_openat2+0x113/0x200
[  297.971000][ T8592]  ? __pfx_do_sys_openat2+0x10/0x10
[  297.971017][ T8592]  ? ksys_write+0x248/0x270
[  297.971039][ T8592]  ? __pfx_ksys_write+0x10/0x10
[  297.971062][ T8592]  __x64_sys_openat+0x138/0x170
[  297.971082][ T8592]  do_syscall_64+0x14d/0xf80
[  297.971094][ T8592]  ? trace_irq_disable+0x3b/0x150
[  297.971112][ T8592]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.971126][ T8592]  ? clear_bhb_loop+0x40/0x90
[  297.971143][ T8592]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.971156][ T8592] RIP: 0033:0x7fe3ee67c799
[  297.971169][ T8592] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  297.971181][ T8592] RSP: 002b:00007fe3ec8ce028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  297.971195][ T8592] RAX: ffffffffffffffda RBX: 00007fe3ee8f5fa0 RCX: 00007fe3ee67c799
[  297.971205][ T8592] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  297.971215][ T8592] RBP: 00007fe3ec8ce090 R08: 0000000000000000 R09: 0000000000000000
[  297.971223][ T8592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  297.971231][ T8592] R13: 00007fe3ee8f6038 R14: 00007fe3ee8f5fa0 R15: 00007ffefd9f6668
[  297.971252][ T8592]  </TASK>
[  298.332584][ T8597] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  298.332600][ T8597] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  298.332756][ T8597] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  298.332768][ T8597] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[  298.980100][ T5886] usb 8-1: new full-speed USB device number 7 using dummy_hcd
[  299.656764][ T5886] usb 8-1: unable to get BOS descriptor or descriptor too short
[  299.659684][ T5886] usb 8-1: not running at top speed; connect to a high speed hub
[  299.665700][ T5886] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  299.665768][ T5886] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 120, changing to 4
[  299.665797][ T5886] usb 8-1: too many endpoints for config 1 interface 2 altsetting 0: 153, using maximum allowed: 30
[  299.665827][ T5886] usb 8-1: config 1 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 153
[  299.676117][ T5886] usb 8-1: New USB device found, idVendor=4b05, idProduct=1743, bcdDevice= 0.40
[  299.676143][ T5886] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  299.676161][ T5886] usb 8-1: Product: syz
[  299.676174][ T5886] usb 8-1: Manufacturer: syz
[  299.676188][ T5886] usb 8-1: SerialNumber: syz
[  299.797455][ T8628] netlink: 'syz.1.786': attribute type 10 has an invalid length.
[  299.825852][ T8628] team0: Device vxcan1 is of different type
[  299.830270][ T5971] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  299.981122][ T5971] usb 1-1: Using ep0 maxpacket: 32
[  299.983440][ T5971] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  299.983464][ T5971] usb 1-1: config 0 has no interface number 0
[  299.983508][ T5971] usb 1-1: config 0 interface 184 has no altsetting 0
[  299.988021][ T5971] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  299.988047][ T5971] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  299.988066][ T5971] usb 1-1: Product: syz
[  299.988080][ T5971] usb 1-1: Manufacturer: syz
[  299.988093][ T5971] usb 1-1: SerialNumber: syz
[  300.072799][ T5971] usb 1-1: config 0 descriptor??
[  300.130010][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  300.160014][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  300.170014][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  300.180008][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  300.190014][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  300.200006][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  300.210007][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  301.362030][ T8626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  301.362772][ T8626] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  301.464634][ T5971] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  301.464663][ T5971] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[  301.464681][ T5971] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  301.464938][ T5971] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -32
[  303.291217][ T5886] usb 8-1: 1:1 : unknown format tag 0x5 is detected.  processed as MPEG.
[  303.291252][ T5886] usb 8-1: found format II with max.bitrate = 512, frame size=4095
[  303.291399][ T5886] usb 8-1: 1:1 : unknown format tag 0x5 is detected.  processed as MPEG.
[  303.291433][ T5886] usb 8-1: found format II with max.bitrate = 512, frame size=4095
[  303.473098][    T9] usb 1-1: USB disconnect, device number 26
[  303.811290][ T8667] nilfs2: Unknown parameter 'barrierfs2_control'
[  303.973232][ T8678] siw: device registration error -23
[  304.774055][ T5886] usb 8-1: USB disconnect, device number 7
[  305.265198][ T5809] udevd[5809]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  305.686314][ T1365] Bluetooth: (null): Invalid header checksum
[  305.780086][  T992] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  305.940089][  T992] usb 7-1: Using ep0 maxpacket: 16
[  305.942551][  T992] usb 7-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  305.942582][  T992] usb 7-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  305.942605][  T992] usb 7-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[  305.942630][  T992] usb 7-1: config 0 interface 0 has no altsetting 0
[  305.942660][  T992] usb 7-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  305.942681][  T992] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  306.172535][  T992] usb 7-1: config 0 descriptor??
[  306.401780][ T8722] netlink: 20 bytes leftover after parsing attributes in process `syz.0.808'.
[  307.554765][ T8692] binder: 8691:8692 ioctl c0306201 200000000640 returned -14
[  307.834729][  T992] hid (null): invalid report_size 24935
[  307.837826][  T992] hid (null): invalid report_size 29535
[  308.042602][  T992] usb 7-1: USB disconnect, device number 3
[  308.068068][ T8746] netlink: 'syz.5.813': attribute type 10 has an invalid length.
[  308.105855][ T8746] team0: Device vxcan1 is of different type
[  310.582518][   T36] kauditd_printk_skb: 20 callbacks suppressed
[  310.582536][   T36] audit: type=1326 audit(1774258884.125:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8774 comm="syz.5.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f9678c799 code=0x7ffc0000
[  310.596345][   T36] audit: type=1326 audit(1774258884.135:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8774 comm="syz.5.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f9678c799 code=0x7ffc0000
[  310.604759][   T36] audit: type=1326 audit(1774258884.155:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8774 comm="syz.5.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f6f9678c799 code=0x7ffc0000
[  310.604898][   T36] audit: type=1326 audit(1774258884.155:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8774 comm="syz.5.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f9678c799 code=0x7ffc0000
[  310.605017][   T36] audit: type=1326 audit(1774258884.155:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8774 comm="syz.5.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f9678c799 code=0x7ffc0000
[  310.632749][   T36] audit: type=1326 audit(1774258884.185:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8774 comm="syz.5.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6f9678c799 code=0x7ffc0000
[  310.632889][   T36] audit: type=1326 audit(1774258884.185:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8774 comm="syz.5.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f9678c799 code=0x7ffc0000
[  310.633042][   T36] audit: type=1326 audit(1774258884.185:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8774 comm="syz.5.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f9678c799 code=0x7ffc0000
[  310.668858][   T36] audit: type=1326 audit(1774258884.215:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8774 comm="syz.5.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6f9678c799 code=0x7ffc0000
[  310.668991][   T36] audit: type=1326 audit(1774258884.215:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8774 comm="syz.5.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f9678c799 code=0x7ffc0000
[  310.858379][ T8775] netlink: 8 bytes leftover after parsing attributes in process `syz.5.820'.
[  310.858400][ T8775] netlink: 8 bytes leftover after parsing attributes in process `syz.5.820'.
[  311.250907][ T8784] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  311.350544][  T992] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  311.660094][  T992] usb 1-1: Using ep0 maxpacket: 8
[  311.661985][  T992] usb 1-1: config 0 has an invalid interface number: 186 but max is 0
[  311.662010][  T992] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  311.662029][  T992] usb 1-1: config 0 has no interface number 0
[  311.662068][  T992] usb 1-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  311.662089][  T992] usb 1-1: config 0 interface 186 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  311.662110][  T992] usb 1-1: config 0 interface 186 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  311.664285][  T992] usb 1-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  311.664311][  T992] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.664331][  T992] usb 1-1: Product: syz
[  311.664345][  T992] usb 1-1: Manufacturer: syz
[  311.664358][  T992] usb 1-1: SerialNumber: syz
[  311.780211][  T992] usb 1-1: config 0 descriptor??
[  311.805163][  T992] iowarrior 1-1:0.186: no interrupt-in endpoint found
[  311.876240][    T9] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  312.086658][ T5877] usb 1-1: USB disconnect, device number 27
[  312.162175][  T992] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  312.763848][  T992] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  312.763894][  T992] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  312.763930][  T992] usb 6-1: New USB device found, idVendor=0b05, idProduct=1abe, bcdDevice= 0.00
[  312.763953][  T992] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  312.813788][  T992] usb 6-1: config 0 descriptor??
[  312.922961][    T9] usb 8-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  312.922989][    T9] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  312.923028][    T9] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  312.923049][    T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  312.943868][    T9] usb 8-1: config 0 descriptor??
[  312.967954][    T9] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  313.231389][ T8791] loop5: detected capacity change from 0 to 7
[  313.260171][ T6067] Dev loop5: unable to read RDB block 7
[  313.260199][ T6067]  loop5: AHDI p1 p2 p3
[  313.260225][ T6067] loop5: partition table partially beyond EOD, truncated
[  313.260564][ T6067] loop5: p1 start 1601398130 is beyond EOD, truncated
[  313.261103][ T6067] loop5: p2 start 1702059890 is beyond EOD, truncated
[  313.272779][ T8791] Dev loop5: unable to read RDB block 7
[  313.272846][ T8791]  loop5: AHDI p1 p2 p3
[  313.272872][ T8791] loop5: partition table partially beyond EOD, truncated
[  313.273097][ T8791] loop5: p1 start 1601398130 is beyond EOD, truncated
[  313.273150][ T8791] loop5: p2 start 1702059890 is beyond EOD, truncated
[  313.347648][  T992] hid_parser_main: 238 callbacks suppressed
[  313.347668][  T992] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0
[  313.347694][  T992] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0
[  313.347718][  T992] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0
[  313.347742][  T992] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0
[  313.347766][  T992] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0
[  313.347789][  T992] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0
[  313.347812][  T992] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0
[  313.347836][  T992] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0
[  313.347860][  T992] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0
[  313.347883][  T992] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0
[  313.424845][  T992] asus 0003:0B05:1ABE.000A: item fetching failed at offset 314/483
[  313.425539][  T992] asus 0003:0B05:1ABE.000A: Asus hid parse failed: -22
[  313.425633][  T992] asus 0003:0B05:1ABE.000A: probe with driver asus failed with error -22
[  313.530594][ T8791] netlink: 16 bytes leftover after parsing attributes in process `syz.5.825'.
[  313.552957][ T8791] ip6gre1: entered promiscuous mode
[  313.552977][ T8791] ip6gre1: entered allmulticast mode
[  313.624208][ T5971] usb 6-1: USB disconnect, device number 6
[  314.929857][ T8825] netlink: 'syz.5.830': attribute type 10 has an invalid length.
[  314.963526][ T8825] team0: Device vxcan1 is of different type
[  315.075540][   T10] usb 8-1: USB disconnect, device number 8
[  315.078511][ T8829] netlink: 'syz.6.832': attribute type 10 has an invalid length.
[  315.932288][ T8829] team0: Device vxcan1 is of different type
[  316.162919][ T5912] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  316.417289][ T5813] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  316.434947][ T5813] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  316.437320][ T5813] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  316.439398][ T5813] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  316.451454][ T5813] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  316.563563][ T5912] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  316.563588][ T5912] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  316.567568][ T5912] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  316.567592][ T5912] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  316.567611][ T5912] usb 2-1: SerialNumber: syz
[  316.632111][ T1365] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  316.817434][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  316.817495][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  316.923498][ T5912] usb 2-1: 0:2 : does not exist
[  317.011791][ T5912] usb 2-1: USB disconnect, device number 24
[  317.498666][ T6067] udevd[6067]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  318.179046][ T1365] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  318.312194][ T8852] lo speed is unknown, defaulting to 1000
[  318.375691][ T5804] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  318.390333][ T5804] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  318.391531][ T5804] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  318.393193][ T8890] netlink: 'syz.1.849': attribute type 10 has an invalid length.
[  318.406188][ T5804] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  318.424300][ T5804] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  318.490489][ T5804] Bluetooth: hci0: command tx timeout
[  318.569214][ T8890] team0: Device vxcan1 is of different type
[  320.281051][ T1365] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  320.480286][ T5804] Bluetooth: hci4: command tx timeout
[  320.560066][ T5804] Bluetooth: hci0: command tx timeout
[  320.738621][ T1365] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  321.179283][ T8913] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  321.262932][ T8891] lo speed is unknown, defaulting to 1000
[  321.347113][ T8913] usb 7-1: config 1 has an invalid interface number: 7 but max is 0
[  321.347138][ T8913] usb 7-1: config 1 has no interface number 0
[  321.347177][ T8913] usb 7-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  321.347202][ T8913] usb 7-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  321.347226][ T8913] usb 7-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  321.356998][ T8913] usb 7-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  321.357072][ T8913] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  321.357122][ T8913] usb 7-1: Product: syz
[  321.357162][ T8913] usb 7-1: Manufacturer: syz
[  321.357198][ T8913] usb 7-1: SerialNumber: syz
[  321.377985][ T8947] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  321.613868][ T8947] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  321.847790][ T8913] usb 7-1: Incompatible driver and firmware versions
[  321.860303][ T8913] usb 7-1: USB disconnect, device number 4
[  321.886353][ T8972] netlink: 'syz.5.860': attribute type 10 has an invalid length.
[  322.023773][ T8972] team0: Device vxcan1 is of different type
[  322.561275][ T5813] Bluetooth: hci4: command tx timeout
[  322.640092][ T5813] Bluetooth: hci0: command tx timeout
[  322.836561][ T1365] bridge_slave_1: left allmulticast mode
[  322.836581][ T1365] bridge_slave_1: left promiscuous mode
[  322.836727][ T1365] bridge0: port 2(bridge_slave_1) entered disabled state
[  324.064562][ T1365] bridge_slave_0: left allmulticast mode
[  324.064589][ T1365] bridge_slave_0: left promiscuous mode
[  324.064803][ T1365] bridge0: port 1(bridge_slave_0) entered disabled state
[  324.072242][ T5813] Bluetooth: hci3: command 0x0406 tx timeout
[  324.653887][ T5804] Bluetooth: hci4: command tx timeout
[  324.732527][ T5804] Bluetooth: hci0: command tx timeout
[  324.997468][ T9027] FAULT_INJECTION: forcing a failure.
[  324.997468][ T9027] name failslab, interval 1, probability 0, space 0, times 0
[  324.997491][ T9027] CPU: 0 UID: 0 PID: 9027 Comm: syz.1.870 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  324.997507][ T9027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  324.997524][ T9027] Call Trace:
[  324.997530][ T9027]  <TASK>
[  324.997535][ T9027]  dump_stack_lvl+0xe8/0x150
[  324.997561][ T9027]  should_fail_ex+0x46b/0x600
[  324.997583][ T9027]  should_failslab+0xa8/0x100
[  324.997598][ T9027]  kmem_cache_alloc_noprof+0x87/0x680
[  324.997619][ T9027]  ? alloc_empty_file+0x55/0x1d0
[  324.997638][ T9027]  alloc_empty_file+0x55/0x1d0
[  324.997655][ T9027]  path_openat+0x11b/0x38a0
[  324.997682][ T9027]  ? try_to_take_rt_mutex+0x840/0xb00
[  324.997706][ T9027]  ? arch_stack_walk+0xfb/0x150
[  324.997725][ T9027]  ? rtlock_slowlock_locked+0xfb/0x3c80
[  324.997750][ T9027]  ? __pfx_path_openat+0x10/0x10
[  324.997771][ T9027]  ? __lock_acquire+0x6b5/0x2cf0
[  324.997786][ T9027]  ? kmem_cache_alloc_noprof+0x33b/0x680
[  324.997811][ T9027]  ? do_raw_spin_lock+0x12b/0x2f0
[  324.997836][ T9027]  do_file_open+0x23e/0x4a0
[  324.997856][ T9027]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  324.997880][ T9027]  ? __pfx_do_file_open+0x10/0x10
[  324.997899][ T9027]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  324.997930][ T9027]  ? alloc_fd+0x64e/0x6c0
[  324.997954][ T9027]  do_sys_openat2+0x113/0x200
[  324.997972][ T9027]  ? __pfx_do_sys_openat2+0x10/0x10
[  324.997990][ T9027]  ? ksys_write+0x248/0x270
[  324.998012][ T9027]  ? __pfx_ksys_write+0x10/0x10
[  324.998035][ T9027]  __x64_sys_open+0x11e/0x150
[  324.998054][ T9027]  do_syscall_64+0x14d/0xf80
[  324.998067][ T9027]  ? trace_irq_disable+0x3b/0x150
[  324.998083][ T9027]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  324.998097][ T9027]  ? clear_bhb_loop+0x40/0x90
[  324.998113][ T9027]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  324.998127][ T9027] RIP: 0033:0x7f0b09e6c799
[  324.998143][ T9027] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  324.998154][ T9027] RSP: 002b:00007f0b080be028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  324.998168][ T9027] RAX: ffffffffffffffda RBX: 00007f0b0a0e5fa0 RCX: 00007f0b09e6c799
[  324.998178][ T9027] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000000c0
[  324.998187][ T9027] RBP: 00007f0b080be090 R08: 0000000000000000 R09: 0000000000000000
[  324.998196][ T9027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  324.998205][ T9027] R13: 00007f0b0a0e6038 R14: 00007f0b0a0e5fa0 R15: 00007fff8a151e58
[  324.998225][ T9027]  </TASK>
[  326.029403][ T9037] F2FS-fs (loop6): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  326.029452][ T9037] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  326.037339][ T9037] F2FS-fs (loop6): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  326.037383][ T9037] F2FS-fs (loop6): Can't find valid F2FS filesystem in 2th superblock
[  326.450580][ T1365] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  326.511351][ T1365] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  326.531805][ T1365] bond0 (unregistering): Released all slaves
[  326.720380][ T5804] Bluetooth: hci4: command tx timeout
[  326.745978][ T8852] chnl_net:caif_netlink_parms(): no params data found
[  326.812398][ T9043] Bluetooth: MGMT ver 1.23
[  326.812428][ T9043] Bluetooth: hci0: invalid length 0, exp 2 for type 5
[  326.969605][ T9048] binder: 9045:9048 ioctl c018620c 200000000500 returned -1
[  328.222592][ T8891] chnl_net:caif_netlink_parms(): no params data found
[  328.284182][ T8852] bridge0: port 1(bridge_slave_0) entered blocking state
[  328.284300][ T8852] bridge0: port 1(bridge_slave_0) entered disabled state
[  328.284475][ T8852] bridge_slave_0: entered allmulticast mode
[  328.286809][ T8852] bridge_slave_0: entered promiscuous mode
[  328.426692][ T8852] bridge0: port 2(bridge_slave_1) entered blocking state
[  328.426765][ T8852] bridge0: port 2(bridge_slave_1) entered disabled state
[  328.426907][ T8852] bridge_slave_1: entered allmulticast mode
[  328.428553][ T8852] bridge_slave_1: entered promiscuous mode
[  329.000123][ T8920] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  329.160096][ T8920] usb 7-1: Using ep0 maxpacket: 32
[  329.163327][ T8920] usb 7-1: config 0 has an invalid interface number: 184 but max is 0
[  329.163351][ T8920] usb 7-1: config 0 has no interface number 0
[  329.163392][ T8920] usb 7-1: config 0 interface 184 has no altsetting 0
[  329.166043][ T8920] usb 7-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  329.166069][ T8920] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.166089][ T8920] usb 7-1: Product: syz
[  329.166102][ T8920] usb 7-1: Manufacturer: syz
[  329.166117][ T8920] usb 7-1: SerialNumber: syz
[  329.238609][ T8920] usb 7-1: config 0 descriptor??
[  330.009792][ T8852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  330.052699][ T8852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  330.805694][ T9068] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  330.846669][ T9068] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  331.336675][ T8920] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  331.336705][ T8920] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[  331.336725][ T8920] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  331.336987][ T8920] smsc75xx 7-1:0.184: probe with driver smsc75xx failed with error -32
[  331.481062][ T8913] IPVS: starting estimator thread 0...
[  331.571426][ T9110] IPVS: using max 9 ests per chain, 21600 per kthread
[  331.792783][ T8852] team0: Port device team_slave_0 added
[  331.808209][ T8891] bridge0: port 1(bridge_slave_0) entered blocking state
[  331.808316][ T8891] bridge0: port 1(bridge_slave_0) entered disabled state
[  331.808735][ T8891] bridge_slave_0: entered allmulticast mode
[  331.840111][ T8920] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  331.842450][ T8891] bridge_slave_0: entered promiscuous mode
[  331.848085][ T8852] team0: Port device team_slave_1 added
[  331.849181][ T8891] bridge0: port 2(bridge_slave_1) entered blocking state
[  331.849323][ T8891] bridge0: port 2(bridge_slave_1) entered disabled state
[  331.849491][ T8891] bridge_slave_1: entered allmulticast mode
[  331.885081][ T8891] bridge_slave_1: entered promiscuous mode
[  331.915667][ T9120] fuse: Unknown parameter 'userjid'
[  331.971327][ T8920] usb 6-1: device descriptor read/64, error -71
[  332.210085][ T8920] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  333.045127][ T1365] hsr_slave_0: left promiscuous mode
[  333.080754][ T1365] hsr_slave_1: left promiscuous mode
[  333.081821][ T1365] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  333.081843][ T1365] batman_adv: batadv0: Removing interface: batadv_slave_0
[  333.259322][ T8920] usb 6-1: device descriptor read/64, error -71
[  333.274394][ T1365] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  333.274417][ T1365] batman_adv: batadv0: Removing interface: batadv_slave_1
[  333.360404][ T8920] usb usb6-port1: attempt power cycle
[  333.383826][ T1365] veth1_macvtap: left promiscuous mode
[  333.383901][ T1365] veth0_macvtap: left promiscuous mode
[  333.384043][ T1365] veth1_vlan: left promiscuous mode
[  333.384141][ T1365] veth0_vlan: left promiscuous mode
[  333.721205][ T8920] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  333.740609][ T8920] usb 6-1: device descriptor read/8, error -71
[  334.000155][ T8920] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  334.021384][ T8920] usb 6-1: device descriptor read/8, error -71
[  334.130425][ T8920] usb usb6-port1: unable to enumerate USB device
[  334.150687][ T1365] team0 (unregistering): Port device team_slave_1 removed
[  334.206160][ T1365] team0 (unregistering): Port device team_slave_0 removed
[  334.241868][ T5804] Bluetooth: hci1: command 0x0406 tx timeout
[  334.447258][ T8913] usb 7-1: USB disconnect, device number 5
[  334.491027][ T8852] batman_adv: batadv0: Adding interface: batadv_slave_0
[  334.491041][ T8852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  334.491067][ T8852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  334.545473][ T8891] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  334.561594][ T8852] batman_adv: batadv0: Adding interface: batadv_slave_1
[  334.561607][ T8852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  334.561632][ T8852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  334.566088][ T8891] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  334.710629][ T8891] team0: Port device team_slave_0 added
[  334.729467][ T8891] team0: Port device team_slave_1 added
[  335.147711][   T36] kauditd_printk_skb: 46 callbacks suppressed
[  335.147732][   T36] audit: type=1326 audit(1774258908.695:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9146 comm="syz.1.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b09e6c799 code=0x7ffc0000
[  335.147784][   T36] audit: type=1326 audit(1774258908.695:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9146 comm="syz.1.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b09e6c799 code=0x7ffc0000
[  335.147832][   T36] audit: type=1326 audit(1774258908.695:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9146 comm="syz.1.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b09e6c799 code=0x7ffc0000
[  335.147881][   T36] audit: type=1326 audit(1774258908.695:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9146 comm="syz.1.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=281 compat=0 ip=0x7f0b09e6c799 code=0x7ffc0000
[  335.147931][   T36] audit: type=1326 audit(1774258908.695:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9146 comm="syz.1.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b09e6c799 code=0x7ffc0000
[  335.182098][   T36] audit: type=1326 audit(1774258908.715:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9146 comm="syz.1.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b09e6c799 code=0x7ffc0000
[  335.182144][   T36] audit: type=1326 audit(1774258908.715:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9146 comm="syz.1.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b09e6c799 code=0x7ffc0000
[  335.182187][   T36] audit: type=1326 audit(1774258908.715:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9146 comm="syz.1.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b09e6c799 code=0x7ffc0000
[  335.182224][   T36] audit: type=1326 audit(1774258908.715:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9146 comm="syz.1.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f0b09e6c799 code=0x7ffc0000
[  335.182261][   T36] audit: type=1326 audit(1774258908.715:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9146 comm="syz.1.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b09e6c799 code=0x7ffc0000
[  336.205502][   T31] IPVS: starting estimator thread 0...
[  336.351010][ T9168] IPVS: using max 14 ests per chain, 33600 per kthread
[  337.110256][ T9161] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  337.131541][ T8852] hsr_slave_0: entered promiscuous mode
[  337.133293][ T8852] hsr_slave_1: entered promiscuous mode
[  337.137494][ T8891] batman_adv: batadv0: Adding interface: batadv_slave_0
[  337.137529][ T8891] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  337.137598][ T8891] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  337.202446][ T8891] batman_adv: batadv0: Adding interface: batadv_slave_1
[  337.202477][ T8891] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  337.202568][ T8891] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  338.202396][ T8891] hsr_slave_0: entered promiscuous mode
[  338.204822][ T8891] hsr_slave_1: entered promiscuous mode
[  338.206775][ T8891] debugfs: 'hsr0' already exists in 'hsr'
[  338.206800][ T8891] Cannot create hsr debugfs directory
[  338.380117][ T8920] usb 2-1: new full-speed USB device number 25 using dummy_hcd
[  338.473361][ T9180] Bluetooth: hci3: Opcode 0x0401 failed: -4
[  338.520718][ T8920] usb 2-1: device descriptor read/64, error -71
[  338.770068][ T8920] usb 2-1: new full-speed USB device number 26 using dummy_hcd
[  338.850132][   T31] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  338.900133][ T8920] usb 2-1: device descriptor read/64, error -71
[  339.000111][   T31] usb 7-1: Using ep0 maxpacket: 32
[  339.002189][   T31] usb 7-1: config 0 has an invalid interface number: 51 but max is 0
[  339.002212][   T31] usb 7-1: config 0 has no interface number 0
[  339.004605][   T31] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  339.004622][   T31] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  339.004635][   T31] usb 7-1: Product: syz
[  339.004644][   T31] usb 7-1: Manufacturer: syz
[  339.004653][   T31] usb 7-1: SerialNumber: syz
[  339.008472][   T31] usb 7-1: config 0 descriptor??
[  339.013900][ T8920] usb usb2-port1: attempt power cycle
[  339.073978][   T31] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  339.230114][ T8913] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  339.328998][   T31] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  339.352460][ T8920] usb 2-1: new full-speed USB device number 27 using dummy_hcd
[  339.354342][   T31] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  339.364714][ T8913] usb 6-1: device descriptor read/64, error -71
[  339.402275][ T8920] usb 2-1: device descriptor read/8, error -71
[  339.521284][ T1365] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  339.602400][ T8913] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  339.623145][ T8852] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  339.641463][ T8920] usb 2-1: new full-speed USB device number 28 using dummy_hcd
[  339.662290][ T8920] usb 2-1: device descriptor read/8, error -71
[  339.667918][ T8852] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  339.682462][ T5813] Bluetooth: hci3: command 0x0406 tx timeout
[  339.731704][ T8913] usb 6-1: device descriptor read/64, error -71
[  339.916322][ T8913] usb usb6-port1: attempt power cycle
[  339.968684][ T8920] usb usb2-port1: unable to enumerate USB device
[  340.328582][    C1] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71
[  340.342601][   T31] usb 7-1: USB disconnect, device number 6
[  340.380628][   T31] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  340.402982][   T31] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  340.403791][   T31] quatech2 7-1:0.51: device disconnected
[  340.611771][ T8913] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  340.640541][ T8913] usb 6-1: device descriptor read/8, error -71
[  340.716008][ T1365] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  341.494799][ T8852] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  341.540158][ T8913] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  341.561323][ T8913] usb 6-1: device descriptor read/8, error -71
[  341.671249][ T8913] usb usb6-port1: unable to enumerate USB device
[  341.726478][ T8852] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  342.147850][ T8897] IPVS: starting estimator thread 0...
[  342.360070][ T9222] IPVS: using max 11 ests per chain, 26400 per kthread
[  342.422651][ T1365] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  342.604298][ T9218] netlink: 8 bytes leftover after parsing attributes in process `syz.6.904'.
[  342.604323][ T9218] netlink: 'syz.6.904': attribute type 30 has an invalid length.
[  342.633179][ T9218] netlink: 8 bytes leftover after parsing attributes in process `syz.6.904'.
[  342.633200][ T9218] netlink: 'syz.6.904': attribute type 30 has an invalid length.
[  343.438938][ T5952] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  343.470876][ T5952] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  343.508685][ T5952] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  343.509725][ T5952] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  343.778690][ T9239] FAULT_INJECTION: forcing a failure.
[  343.778690][ T9239] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  343.778722][ T9239] CPU: 1 UID: 0 PID: 9239 Comm: syz.6.909 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  343.778743][ T9239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  343.778755][ T9239] Call Trace:
[  343.778762][ T9239]  <TASK>
[  343.778770][ T9239]  dump_stack_lvl+0xe8/0x150
[  343.778803][ T9239]  should_fail_ex+0x46b/0x600
[  343.778832][ T9239]  _copy_from_user+0x2d/0xb0
[  343.778862][ T9239]  ucma_write+0x166/0x2f0
[  343.778888][ T9239]  ? __pfx_ucma_write+0x10/0x10
[  343.778898][ T1365] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  343.778915][ T9239]  ? rw_verify_area+0x25b/0x4e0
[  343.778947][ T9239]  vfs_writev+0x4c6/0x9a0
[  343.778971][ T9239]  ? __pfx_ucma_write+0x10/0x10
[  343.778999][ T9239]  ? __pfx_vfs_writev+0x10/0x10
[  343.779033][ T9239]  ? __fget_files+0x2a/0x420
[  343.779060][ T9239]  ? __fget_files+0x3a6/0x420
[  343.779083][ T9239]  ? __fget_files+0x2a/0x420
[  343.779114][ T9239]  do_writev+0x15a/0x2e0
[  343.779137][ T9239]  ? __pfx_do_writev+0x10/0x10
[  343.779166][ T9239]  do_syscall_64+0x14d/0xf80
[  343.779182][ T9239]  ? trace_irq_disable+0x3b/0x150
[  343.779204][ T9239]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  343.779224][ T9239]  ? clear_bhb_loop+0x40/0x90
[  343.779247][ T9239]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  343.779266][ T9239] RIP: 0033:0x7fe3ee67c799
[  343.779283][ T9239] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  343.779299][ T9239] RSP: 002b:00007fe3ec8ce028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  343.779319][ T9239] RAX: ffffffffffffffda RBX: 00007fe3ee8f5fa0 RCX: 00007fe3ee67c799
[  343.779333][ T9239] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 0000000000000005
[  343.779353][ T9239] RBP: 00007fe3ec8ce090 R08: 0000000000000000 R09: 0000000000000000
[  343.779365][ T9239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  343.779376][ T9239] R13: 00007fe3ee8f6038 R14: 00007fe3ee8f5fa0 R15: 00007ffefd9f6668
[  343.779406][ T9239]  </TASK>
[  343.960529][ T8913] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  344.091947][ T8891] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  344.110109][ T8913] usb 2-1: Using ep0 maxpacket: 16
[  344.117484][ T8913] usb 2-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[  344.117510][ T8913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.117530][ T8913] usb 2-1: Product: syz
[  344.117543][ T8913] usb 2-1: Manufacturer: syz
[  344.117557][ T8913] usb 2-1: SerialNumber: syz
[  344.185923][ T8913] usb 2-1: config 0 descriptor??
[  344.248272][ T8891] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  344.338153][ T8913] visor 2-1:0.0: Sony Clie 3.5 converter detected
[  344.349908][ T9244] tmpfs: Unknown parameter 'rootcontext'
[  344.385843][ T9244] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(12)
[  344.385862][ T9244] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  344.385929][ T9244] vhci_hcd vhci_hcd.0: Device attached
[  344.422190][ T8891] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  344.487611][ T5804] Bluetooth: hci2: command 0x0406 tx timeout
[  344.680126][   T31] usb 45-1: new high-speed USB device number 3 using vhci_hcd
[  344.698412][ T8913] usb 2-1: clie_3_5_startup: get interface number failed: -71
[  344.698549][ T8913] visor 2-1:0.0: probe with driver visor failed with error -71
[  344.747018][ T8913] usb 2-1: USB disconnect, device number 29
[  344.804781][ T8891] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  345.050109][ T9245] vhci_hcd: connection reset by peer
[  345.051246][  T165] vhci_hcd vhci_hcd.6: stop threads
[  345.051267][  T165] vhci_hcd vhci_hcd.6: release socket
[  345.051333][  T165] vhci_hcd vhci_hcd.6: disconnect device
[  345.422279][ T1365] bridge_slave_1: left allmulticast mode
[  345.422306][ T1365] bridge_slave_1: left promiscuous mode
[  345.422512][ T1365] bridge0: port 2(bridge_slave_1) entered disabled state
[  345.567927][ T1365] bridge_slave_0: left allmulticast mode
[  345.567952][ T1365] bridge_slave_0: left promiscuous mode
[  345.568176][ T1365] bridge0: port 1(bridge_slave_0) entered disabled state
[  345.920918][ T8920] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  346.050435][ T8920] usb 2-1: device descriptor read/64, error -71
[  346.470651][ T8920] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  347.030126][ T8920] usb 2-1: device descriptor read/64, error -71
[  347.140542][ T8920] usb usb2-port1: attempt power cycle
[  347.481757][ T8920] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  347.507484][ T8920] usb 2-1: device descriptor read/8, error -71
[  347.530614][ T1365] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  347.613146][ T1365] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  347.633324][ T1365] bond0 (unregistering): Released all slaves
[  347.740059][ T8920] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  347.772486][ T8920] usb 2-1: device descriptor read/8, error -71
[  347.880497][ T8920] usb usb2-port1: unable to enumerate USB device
[  348.037987][ T9295] netlink: 'syz.5.920': attribute type 10 has an invalid length.
[  348.065949][ T9295] team0: Device vxcan1 is of different type
[  348.708325][ T8852] 8021q: adding VLAN 0 to HW filter on device bond0
[  349.559342][ T8852] 8021q: adding VLAN 0 to HW filter on device team0
[  349.713427][ T9308] dummy0: entered promiscuous mode
[  349.713581][ T9308] macvlan2: entered promiscuous mode
[  349.713790][ T9308] macvlan2: entered allmulticast mode
[  349.713805][ T9308] dummy0: entered allmulticast mode
[  349.749121][ T8891] 8021q: adding VLAN 0 to HW filter on device bond0
[  349.762236][ T5952] bridge0: port 1(bridge_slave_0) entered blocking state
[  349.762422][ T5952] bridge0: port 1(bridge_slave_0) entered forwarding state
[  349.840432][   T31] vhci_hcd vhci_hcd.6: vhci_device speed not set
[  349.960357][ T8903] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  349.987315][ T1365] hsr_slave_0: left promiscuous mode
[  350.028002][ T1365] hsr_slave_1: left promiscuous mode
[  350.028846][ T1365] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  350.028869][ T1365] batman_adv: batadv0: Removing interface: batadv_slave_0
[  350.082098][ T1365] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  350.082121][ T1365] batman_adv: batadv0: Removing interface: batadv_slave_1
[  350.132036][ T8903] usb 2-1: config 1 has an invalid interface number: 7 but max is 0
[  350.132060][ T8903] usb 2-1: config 1 has no interface number 0
[  350.132100][ T8903] usb 2-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  350.132124][ T8903] usb 2-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  350.132148][ T8903] usb 2-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  350.134191][ T8903] usb 2-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  350.134213][ T8903] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  350.134231][ T8903] usb 2-1: Product: syz
[  350.134242][ T8903] usb 2-1: Manufacturer: syz
[  350.134254][ T8903] usb 2-1: SerialNumber: syz
[  350.226971][ T9311] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  350.291790][ T1365] veth1_macvtap: left promiscuous mode
[  350.291879][ T1365] veth0_macvtap: left promiscuous mode
[  350.292097][ T1365] veth1_vlan: left promiscuous mode
[  350.292261][ T1365] veth0_vlan: left promiscuous mode
[  350.370112][ T5885] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  350.448038][ T9311] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  350.530189][ T5885] usb 7-1: Using ep0 maxpacket: 32
[  350.533192][ T5885] usb 7-1: config 0 has an invalid interface number: 184 but max is 0
[  350.533223][ T5885] usb 7-1: config 0 has no interface number 0
[  350.533267][ T5885] usb 7-1: config 0 interface 184 has no altsetting 0
[  350.536119][ T5885] usb 7-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  350.536145][ T5885] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  350.536165][ T5885] usb 7-1: Product: syz
[  350.536178][ T5885] usb 7-1: Manufacturer: syz
[  350.536192][ T5885] usb 7-1: SerialNumber: syz
[  350.574429][ T5885] usb 7-1: config 0 descriptor??
[  350.963531][ T9330] netlink: 'syz.5.928': attribute type 10 has an invalid length.
[  351.420561][ T9319] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  351.423866][ T9319] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  352.820775][ T1365] team0 (unregistering): Port device team_slave_1 removed
[  353.141578][ T1365] team0 (unregistering): Port device team_slave_0 removed
[  353.445210][ T3612] bridge0: port 2(bridge_slave_1) entered blocking state
[  353.445344][ T3612] bridge0: port 2(bridge_slave_1) entered forwarding state
[  353.495754][ T8903] sierra_net 2-1:1.7 wwan0: register 'sierra_net' at usb-dummy_hcd.1-1, Sierra Wireless USB-to-WWAN Modem, 00:00:00:00:03:07
[  353.516128][ T9330] team0: Device vxcan1 is of different type
[  353.536577][ T8903] sierra_net 2-1:1.7 wwan0: Submit SYNC failed -71
[  353.536601][ T8903] sierra_net 2-1:1.7 wwan0: Send SYNC failed, status -71
[  353.565757][ T8903] sierra_net 2-1:1.7 wwan0: Submit SYNC failed -71
[  353.566053][ T8903] sierra_net 2-1:1.7 wwan0: Send SYNC failed, status -71
[  353.888657][ T8903] usb 2-1: USB disconnect, device number 34
[  353.906345][ T8903] sierra_net 2-1:1.7 wwan0: unregister 'sierra_net' usb-dummy_hcd.1-1, Sierra Wireless USB-to-WWAN Modem
[  353.941217][ T5885] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  353.941246][ T5885] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  353.941265][ T5885] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  353.941502][ T5885] smsc75xx 7-1:0.184: probe with driver smsc75xx failed with error -71
[  354.022332][ T5885] usb 7-1: USB disconnect, device number 7
[  355.719415][ T8902] sierra_net 2-1:1.7 wwan0 (unregistering): Send SYNC failed, status -19
[  355.719861][ T8902] sierra_net 2-1:1.7 wwan0 (unregistering): Send SYNC failed, status -19
[  355.791464][ T8903] sierra_net 2-1:1.7 wwan0 (unregistered): usb_control_msg failed, status -19
[  355.861623][ T8891] 8021q: adding VLAN 0 to HW filter on device team0
[  355.931848][ T7070] bridge0: port 1(bridge_slave_0) entered blocking state
[  355.932448][ T7070] bridge0: port 1(bridge_slave_0) entered forwarding state
[  355.936255][ T9366] netlink: 12 bytes leftover after parsing attributes in process `syz.5.936'.
[  355.967562][ T9366] netlink: 12 bytes leftover after parsing attributes in process `syz.5.936'.
[  356.042606][ T3177] bridge0: port 2(bridge_slave_1) entered blocking state
[  356.042717][ T3177] bridge0: port 2(bridge_slave_1) entered forwarding state
[  356.220148][ T8913] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  357.284050][ T8913] usb 7-1: config 1 has an invalid interface number: 7 but max is 0
[  357.284069][ T8913] usb 7-1: config 1 has no interface number 0
[  357.284874][ T8913] usb 7-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  357.284896][ T8913] usb 7-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  357.284931][ T8913] usb 7-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  357.292017][ T8913] usb 7-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  357.292044][ T8913] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  357.292063][ T8913] usb 7-1: Product: syz
[  357.292078][ T8913] usb 7-1: Manufacturer: syz
[  357.292088][ T8913] usb 7-1: SerialNumber: syz
[  358.307675][ T9368] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  358.567039][ T9368] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  358.867154][ T9391] netlink: 8 bytes leftover after parsing attributes in process `syz.1.942'.
[  358.867278][ T9391] netlink: 'syz.1.942': attribute type 30 has an invalid length.
[  359.173012][ T9392] netlink: 8 bytes leftover after parsing attributes in process `syz.1.942'.
[  359.173044][ T9392] netlink: 'syz.1.942': attribute type 30 has an invalid length.
[  359.305202][   T13] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  359.319075][ T8913] sierra_net 7-1:1.7 wwan0: register 'sierra_net' at usb-dummy_hcd.6-1, Sierra Wireless USB-to-WWAN Modem, 00:00:00:00:04:07
[  359.323182][ T8913] sierra_net 7-1:1.7 wwan0: Submit SYNC failed -71
[  359.323457][ T8913] sierra_net 7-1:1.7 wwan0: Send SYNC failed, status -71
[  359.336096][ T8913] sierra_net 7-1:1.7 wwan0: Submit SYNC failed -71
[  359.336152][ T8913] sierra_net 7-1:1.7 wwan0: Send SYNC failed, status -71
[  359.416076][   T13] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  359.425792][ T1493] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  359.454408][ T5952] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  359.480280][ T8913] usb 7-1: USB disconnect, device number 8
[  359.499098][ T8913] sierra_net 7-1:1.7 wwan0: unregister 'sierra_net' usb-dummy_hcd.6-1, Sierra Wireless USB-to-WWAN Modem
[  359.550115][ T5885] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  359.743404][ T5885] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  359.743430][ T5885] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  359.743463][ T5885] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  359.743484][ T5885] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.793270][ T5885] usb 6-1: config 0 descriptor??
[  359.802022][ T8913] sierra_net 7-1:1.7 wwan0 (unregistered): usb_control_msg failed, status -19
[  360.002803][    C1] raw-gadget.0 gadget.5: ignoring, device is not running
[  360.004502][ T5885] usb 6-1: string descriptor 0 read error: -71
[  360.006851][ T5885] usb 6-1: USB disconnect, device number 15
[  360.063169][ T8852] 8021q: adding VLAN 0 to HW filter on device batadv0
[  360.107990][ T8891] 8021q: adding VLAN 0 to HW filter on device batadv0
[  362.206186][ T9430] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  363.010812][ T9442] FAULT_INJECTION: forcing a failure.
[  363.010812][ T9442] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  363.010847][ T9442] CPU: 1 UID: 0 PID: 9442 Comm: syz.6.950 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  363.010871][ T9442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  363.010883][ T9442] Call Trace:
[  363.010891][ T9442]  <TASK>
[  363.010899][ T9442]  dump_stack_lvl+0xe8/0x150
[  363.010934][ T9442]  should_fail_ex+0x46b/0x600
[  363.011022][ T9442]  _copy_from_user+0x2d/0xb0
[  363.011094][ T9442]  do_sys_poll+0x2a0/0xfa0
[  363.011157][ T9442]  ? __pfx_do_sys_poll+0x10/0x10
[  363.011179][ T9442]  ? __lock_acquire+0x6b5/0x2cf0
[  363.011201][ T9442]  ? is_bpf_text_address+0x26/0x2b0
[  363.011322][ T9442]  ? set_user_sigmask+0xcd/0x1c0
[  363.011350][ T9442]  ? __pfx_set_user_sigmask+0x10/0x10
[  363.011376][ T9442]  ? rt_mutex_slowunlock+0x1cb/0x300
[  363.011403][ T9442]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  363.011436][ T9442]  __se_sys_ppoll+0x209/0x2b0
[  363.011458][ T9442]  ? fput+0xa0/0xd0
[  363.011516][ T9442]  ? __pfx___se_sys_ppoll+0x10/0x10
[  363.011539][ T9442]  ? __pfx_ksys_write+0x10/0x10
[  363.011594][ T9442]  ? __x64_sys_ppoll+0x20/0xc0
[  363.011620][ T9442]  do_syscall_64+0x14d/0xf80
[  363.011637][ T9442]  ? trace_irq_disable+0x3b/0x150
[  363.011661][ T9442]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  363.011681][ T9442]  ? clear_bhb_loop+0x40/0x90
[  363.011706][ T9442]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  363.011726][ T9442] RIP: 0033:0x7fe3ee67c799
[  363.011744][ T9442] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  363.011762][ T9442] RSP: 002b:00007fe3ec8ce028 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  363.011783][ T9442] RAX: ffffffffffffffda RBX: 00007fe3ee8f5fa0 RCX: 00007fe3ee67c799
[  363.011797][ T9442] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[  363.011810][ T9442] RBP: 00007fe3ec8ce090 R08: 0000000000000000 R09: 0000000000000000
[  363.011822][ T9442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  363.011833][ T9442] R13: 00007fe3ee8f6038 R14: 00007fe3ee8f5fa0 R15: 00007ffefd9f6668
[  363.011863][ T9442]  </TASK>
[  363.669496][ T8891] veth0_vlan: entered promiscuous mode
[  363.709294][ T8891] veth1_vlan: entered promiscuous mode
[  363.736023][ T8852] veth0_vlan: entered promiscuous mode
[  363.758796][ T8852] veth1_vlan: entered promiscuous mode
[  363.806678][ T8891] veth0_macvtap: entered promiscuous mode
[  363.822192][ T8891] veth1_macvtap: entered promiscuous mode
[  363.899443][ T8852] veth0_macvtap: entered promiscuous mode
[  363.947294][ T8852] veth1_macvtap: entered promiscuous mode
[  363.965128][ T8891] batman_adv: batadv0: Interface activated: batadv_slave_0
[  364.023169][ T8891] batman_adv: batadv0: Interface activated: batadv_slave_1
[  365.530535][ T8852] batman_adv: batadv0: Interface activated: batadv_slave_0
[  365.714798][ T5952] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  365.801800][   T36] kauditd_printk_skb: 169 callbacks suppressed
[  365.801815][   T36] audit: type=1326 audit(1774258939.355:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9460 comm="syz.6.955" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe3ee67c799 code=0x0
[  365.886324][ T8852] batman_adv: batadv0: Interface activated: batadv_slave_1
[  365.901229][ T5952] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  365.906897][ T5952] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  365.961972][ T5952] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  366.021492][ T3177] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  366.109622][ T5952] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  366.129231][ T5952] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  366.157988][ T5952] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  366.207572][ T9478] netlink: 'syz.1.959': attribute type 10 has an invalid length.
[  366.232337][ T9478] team0: Device vxcan1 is of different type
[  366.439543][ T3177] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  366.439884][ T3177] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  368.990356][ T7070] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  368.990374][ T7070] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  369.099376][ T9498] netlink: 'syz.6.963': attribute type 10 has an invalid length.
[  369.103156][ T9498] team0: Device vxcan1 is of different type
[  370.336040][ T1351] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  370.336058][ T1351] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  370.515545][ T1351] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  370.515564][ T1351] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  370.620752][ T9508] netlink: 24 bytes leftover after parsing attributes in process `syz.5.966'.
[  374.524137][ T9566] 9p: Bad value for 'wfdno'
[  374.550075][ T8897] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  374.707669][ T9568] netlink: 8 bytes leftover after parsing attributes in process `syz.1.976'.
[  374.707731][ T9568] netlink: 4 bytes leftover after parsing attributes in process `syz.1.976'.
[  374.707885][ T9568] netlink: 'syz.1.976': attribute type 13 has an invalid length.
[  374.707919][ T9568] netlink: 'syz.1.976': attribute type 12 has an invalid length.
[  374.991368][ T8897] usb 9-1: Using ep0 maxpacket: 8
[  375.081333][ T8897] usb 9-1: config 135 has an invalid interface number: 230 but max is 0
[  375.081403][ T8897] usb 9-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  375.081445][ T8897] usb 9-1: config 135 has no interface number 0
[  375.250244][ T8897] usb 9-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30
[  375.250288][ T8897] usb 9-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[  375.250321][ T8897] usb 9-1: config 135 interface 230 has no altsetting 0
[  375.327235][ T8897] usb 9-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  375.327264][ T8897] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  375.327285][ T8897] usb 9-1: Product: syz
[  375.327306][ T8897] usb 9-1: Manufacturer: syz
[  375.327321][ T8897] usb 9-1: SerialNumber: syz
[  375.406797][ T8897] uvcvideo 9-1:135.230: probe with driver uvcvideo failed with error -22
[  375.632674][ T9554] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  375.633129][ T9554] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  375.638633][ T9554] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  375.639201][ T9554] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  375.696705][ T9576] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  375.696705][ T9576] The task syz.1.979 (9576) triggered the difference, watch for misbehavior.
[  375.749309][ T8903] usb 9-1: USB disconnect, device number 2
[  376.539773][ T9590] FAULT_INJECTION: forcing a failure.
[  376.539773][ T9590] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  376.539826][ T9590] CPU: 1 UID: 0 PID: 9590 Comm: syz.6.981 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  376.539849][ T9590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  376.539861][ T9590] Call Trace:
[  376.539869][ T9590]  <TASK>
[  376.539877][ T9590]  dump_stack_lvl+0xe8/0x150
[  376.539912][ T9590]  should_fail_ex+0x46b/0x600
[  376.539945][ T9590]  prepare_alloc_pages+0x22a/0x6b0
[  376.540039][ T9590]  __alloc_frozen_pages_noprof+0x12f/0x380
[  376.540065][ T9590]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  376.540091][ T9590]  ? __pfx_policy_nodemask+0x10/0x10
[  376.540139][ T9590]  ? preempt_schedule_thunk+0x16/0x30
[  376.540171][ T9590]  alloc_pages_mpol+0xd1/0x380
[  376.540216][ T9590]  alloc_pages_noprof+0xce/0x1e0
[  376.540245][ T9590]  get_free_pages_noprof+0xf/0x80
[  376.540267][ T9590]  __kasan_populate_vmalloc+0x38/0x1d0
[  376.540334][ T9590]  ? rt_spin_unlock+0x160/0x200
[  376.540361][ T9590]  alloc_vmap_area+0xd73/0x14b0
[  376.540440][ T9590]  ? __pfx_alloc_vmap_area+0x10/0x10
[  376.540469][ T9590]  ? __kmalloc_cache_node_noprof+0x27d/0x6c0
[  376.540539][ T9590]  ? __get_vm_area_node+0x171/0x350
[  376.540566][ T9590]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[  376.540594][ T9590]  __get_vm_area_node+0x226/0x350
[  376.540628][ T9590]  __vmalloc_node_range_noprof+0x372/0x1730
[  376.540659][ T9590]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[  376.540687][ T9590]  ? __lock_acquire+0x6b5/0x2cf0
[  376.540707][ T9590]  ? __pfx___schedule+0x10/0x10
[  376.540749][ T9590]  ? irqentry_exit+0x59e/0x620
[  376.540783][ T9590]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  376.540826][ T9590]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[  376.540850][ T9590]  __vmalloc_noprof+0xd2/0x120
[  376.540879][ T9590]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[  376.540908][ T9590]  bpf_prog_alloc_no_stats+0x4a/0x4f0
[  376.540939][ T9590]  bpf_prog_alloc+0x3c/0x1a0
[  376.540968][ T9590]  bpf_prog_load+0x7ba/0x1ae0
[  376.541032][ T9590]  ? __pfx_bpf_prog_load+0x10/0x10
[  376.541078][ T9590]  ? bpf_lsm_bpf+0x9/0x20
[  376.541117][ T9590]  ? security_bpf+0x7e/0x2d0
[  376.541167][ T9590]  __sys_bpf+0x618/0x950
[  376.541194][ T9590]  ? __pfx___sys_bpf+0x10/0x10
[  376.541252][ T9590]  __x64_sys_bpf+0x7c/0x90
[  376.541275][ T9590]  do_syscall_64+0x14d/0xf80
[  376.541293][ T9590]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.541314][ T9590]  ? clear_bhb_loop+0x40/0x90
[  376.541338][ T9590]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.541358][ T9590] RIP: 0033:0x7fe3ee67c799
[  376.541377][ T9590] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  376.541395][ T9590] RSP: 002b:00007fe3ec88c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  376.541416][ T9590] RAX: ffffffffffffffda RBX: 00007fe3ee8f6180 RCX: 00007fe3ee67c799
[  376.541431][ T9590] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005
[  376.541444][ T9590] RBP: 00007fe3ec88c090 R08: 0000000000000000 R09: 0000000000000000
[  376.541456][ T9590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  376.541467][ T9590] R13: 00007fe3ee8f6218 R14: 00007fe3ee8f6180 R15: 00007ffefd9f6668
[  376.541497][ T9590]  </TASK>
[  376.541867][ T9590] syz.6.981: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  376.543904][ T9590] CPU: 1 UID: 0 PID: 9590 Comm: syz.6.981 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  376.543930][ T9590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  376.543945][ T9590] Call Trace:
[  376.543954][ T9590]  <TASK>
[  376.543963][ T9590]  dump_stack_lvl+0xe8/0x150
[  376.544001][ T9590]  warn_alloc+0x263/0x3e0
[  376.544028][ T9590]  ? kasan_quarantine_put+0xbb/0x1f0
[  376.544065][ T9590]  ? __pfx_warn_alloc+0x10/0x10
[  376.544089][ T9590]  ? __get_vm_area_node+0x23f/0x350
[  376.544120][ T9590]  ? __get_vm_area_node+0x171/0x350
[  376.544153][ T9590]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[  376.544186][ T9590]  ? __get_vm_area_node+0x23f/0x350
[  376.544236][ T9590]  __vmalloc_node_range_noprof+0x397/0x1730
[  376.544276][ T9590]  ? __lock_acquire+0x6b5/0x2cf0
[  376.544299][ T9590]  ? __pfx___schedule+0x10/0x10
[  376.544349][ T9590]  ? irqentry_exit+0x59e/0x620
[  376.544388][ T9590]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  376.544440][ T9590]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[  376.544469][ T9590]  __vmalloc_noprof+0xd2/0x120
[  376.544503][ T9590]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[  376.544552][ T9590]  bpf_prog_alloc_no_stats+0x4a/0x4f0
[  376.544583][ T9590]  bpf_prog_alloc+0x3c/0x1a0
[  376.544611][ T9590]  bpf_prog_load+0x7ba/0x1ae0
[  376.544652][ T9590]  ? __pfx_bpf_prog_load+0x10/0x10
[  376.544716][ T9590]  ? bpf_lsm_bpf+0x9/0x20
[  376.544737][ T9590]  ? security_bpf+0x7e/0x2d0
[  376.544762][ T9590]  __sys_bpf+0x618/0x950
[  376.544791][ T9590]  ? __pfx___sys_bpf+0x10/0x10
[  376.544848][ T9590]  __x64_sys_bpf+0x7c/0x90
[  376.544873][ T9590]  do_syscall_64+0x14d/0xf80
[  376.544892][ T9590]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.544923][ T9590]  ? clear_bhb_loop+0x40/0x90
[  376.544961][ T9590]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.544980][ T9590] RIP: 0033:0x7fe3ee67c799
[  376.544998][ T9590] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  376.545015][ T9590] RSP: 002b:00007fe3ec88c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  376.545034][ T9590] RAX: ffffffffffffffda RBX: 00007fe3ee8f6180 RCX: 00007fe3ee67c799
[  376.545048][ T9590] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005
[  376.545060][ T9590] RBP: 00007fe3ec88c090 R08: 0000000000000000 R09: 0000000000000000
[  376.545072][ T9590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  376.545083][ T9590] R13: 00007fe3ee8f6218 R14: 00007fe3ee8f6180 R15: 00007ffefd9f6668
[  376.545113][ T9590]  </TASK>
[  376.545141][ T9590] Mem-Info:
[  376.545189][ T9590] active_anon:273 inactive_anon:10592 isolated_anon:0
[  376.545189][ T9590]  active_file:6345 inactive_file:43229 isolated_file:0
[  376.545189][ T9590]  unevictable:768 dirty:246 writeback:0
[  376.545189][ T9590]  slab_reclaimable:12514 slab_unreclaimable:105399
[  376.545189][ T9590]  mapped:34075 shmem:4250 pagetables:1713
[  376.545189][ T9590]  sec_pagetables:0 bounce:0
[  376.545189][ T9590]  kernel_misc_reclaimable:0
[  376.545189][ T9590]  free:1303656 free_pcp:5879 free_cma:0
[  376.545264][ T9590] Node 0 active_anon:1092kB inactive_anon:42368kB active_file:25164kB inactive_file:172916kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:136300kB dirty:980kB writeback:0kB shmem:15464kB kernel_stack:15072kB pagetables:6688kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  376.545328][ T9590] Node 1 active_anon:0kB inactive_anon:0kB active_file:216kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB kernel_stack:64kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  376.545390][ T9590] Node 0 DMA free:15344kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  376.545484][ T9590] lowmem_reserve[]: 0 2506 2506 2506 2506
[  376.545659][ T9590] Node 0 DMA32 free:1261328kB boost:0kB min:3932kB low:6468kB high:9004kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1092kB inactive_anon:42368kB active_file:25164kB inactive_file:172916kB unevictable:1536kB writepending:980kB zspages:0kB present:3129332kB managed:2566496kB mlocked:0kB bounce:0kB free_pcp:23516kB local_pcp:17216kB free_cma:0kB
[  376.545757][ T9590] lowmem_reserve[]: 0 0 0 0 0
[  376.545924][ T9590] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:416kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  376.546016][ T9590] lowmem_reserve[]: 0 0 0 0 0
[  376.546183][ T9590] Node 1 Normal free:3937952kB boost:0kB min:6364kB low:10472kB high:14580kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:216kB inactive_file:0kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  376.546286][ T9590] lowmem_reserve[]: 0 0 0 0 0
[  376.546453][ T9590] Node 0 DMA: 0*4kB 0*8kB 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15344kB
[  376.547051][ T9590] Node 0 DMA32: 1620*4kB (UME) 1242*8kB (UE) 501*16kB (U) 41*32kB (UE) 14*64kB (UE) 50*128kB (UM) 68*256kB (UM) 33*512kB (UM) 20*1024kB (UM) 21*2048kB (UME) 276*4096kB (M) = 1261328kB
[  376.547825][ T9590] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  376.548323][ T9590] Node 1 Normal: 10*4kB (U) 9*8kB (UM) 9*16kB (UM) 5*32kB (UM) 4*64kB (UM) 4*128kB (UM) 2*256kB (M) 4*512kB (UM) 2*1024kB (UM) 0*2048kB 960*4096kB (M) = 3937952kB
[  376.549122][ T9590] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  376.549158][ T9590] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  376.549194][ T9590] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  376.549243][ T9590] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  376.549280][ T9590] 53821 total pagecache pages
[  376.549316][ T9590] 0 pages in swap cache
[  376.549341][ T9590] Free swap  = 124996kB
[  376.549368][ T9590] Total swap = 124996kB
[  376.549395][ T9590] 2097051 pages RAM
[  376.549421][ T9590] 0 pages HighMem/MovableOnly
[  376.549447][ T9590] 423708 pages reserved
[  376.549473][ T9590] 0 pages cma reserved
[  376.555380][ T9590] netlink: 8 bytes leftover after parsing attributes in process `syz.6.981'.
[  376.555436][ T9590] netlink: 4 bytes leftover after parsing attributes in process `syz.6.981'.
[  376.555577][ T9590] netlink: 'syz.6.981': attribute type 13 has an invalid length.
[  376.555609][ T9590] netlink: 'syz.6.981': attribute type 12 has an invalid length.
[  378.274914][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  378.275512][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  382.149676][ T9632] netlink: 'syz.9.992': attribute type 2 has an invalid length.
[  384.660235][ T8897] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  384.741987][ T9649] bridge0: port 2(bridge_slave_1) entered disabled state
[  384.744512][ T9649] bridge0: port 1(bridge_slave_0) entered disabled state
[  384.815867][ T9676] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1002'.
[  384.834071][ T8897] usb 10-1: config 1 has an invalid interface number: 7 but max is 0
[  384.834097][ T8897] usb 10-1: config 1 has no interface number 0
[  384.834144][ T8897] usb 10-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  384.834172][ T8897] usb 10-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  384.834199][ T8897] usb 10-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  384.889099][ T8897] usb 10-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  384.889128][ T8897] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.889167][ T8897] usb 10-1: Product: syz
[  384.889183][ T8897] usb 10-1: Manufacturer: syz
[  384.889199][ T8897] usb 10-1: SerialNumber: syz
[  384.928186][ T9669] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  384.978518][ T9676] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12)
[  384.978541][ T9676] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  384.978697][ T9676] vhci_hcd vhci_hcd.0: Device attached
[  384.979285][ T9680] vhci_hcd: connection closed
[  385.010003][ T1365] vhci_hcd vhci_hcd.1: stop threads
[  385.010022][ T1365] vhci_hcd vhci_hcd.1: release socket
[  385.010106][ T1365] vhci_hcd vhci_hcd.1: disconnect device
[  385.141185][ T9669] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  385.711101][ T9649] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  385.731765][ T9649] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  386.339839][ T9687] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1004'.
[  386.339865][ T9687] netlink: 'syz.1.1004': attribute type 30 has an invalid length.
[  389.300528][ T9649] dummy0: left allmulticast mode
[  389.526692][ T9649] macvlan2: left promiscuous mode
[  389.526713][ T9649] macvlan2: left allmulticast mode
[  390.592243][ T9716] netlink: 84 bytes leftover after parsing attributes in process `syz.6.1013'.
[  390.600765][ T9716] tmpfs: Unknown parameter 'rootcontext'
[  390.617397][ T9716] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(12)
[  390.617421][ T9716] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  390.617516][ T9716] vhci_hcd vhci_hcd.0: Device attached
[  391.051380][ T5885] usb 45-1: new high-speed USB device number 4 using vhci_hcd
[  391.419947][ T9718] vhci_hcd: connection reset by peer
[  391.428414][ T7070] vhci_hcd vhci_hcd.6: stop threads
[  391.428436][ T7070] vhci_hcd vhci_hcd.6: release socket
[  391.428503][ T7070] vhci_hcd vhci_hcd.6: disconnect device
[  391.710113][   T31] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  391.773777][ T8897] sierra_net 10-1:1.7 wwan0: register 'sierra_net' at usb-dummy_hcd.9-1, Sierra Wireless USB-to-WWAN Modem, 00:00:00:00:05:07
[  391.774357][ T8897] sierra_net 10-1:1.7 wwan0: Submit SYNC failed -71
[  391.774379][ T8897] sierra_net 10-1:1.7 wwan0: Send SYNC failed, status -71
[  391.774949][ T8897] sierra_net 10-1:1.7 wwan0: Submit SYNC failed -71
[  391.774970][ T8897] sierra_net 10-1:1.7 wwan0: Send SYNC failed, status -71
[  391.775506][   T12] netdevsim netdevsim6 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  391.775534][   T12] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  391.919569][   T12] netdevsim netdevsim6 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  391.919729][   T12] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  392.500281][ T1351] netdevsim netdevsim6 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  392.500318][ T1351] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  392.507717][ T1351] netdevsim netdevsim6 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  392.507748][ T1351] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  392.764750][   T31] usb 2-1: config 1 has an invalid interface number: 7 but max is 0
[  392.764780][   T31] usb 2-1: config 1 has no interface number 0
[  392.764940][   T31] usb 2-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  392.764971][   T31] usb 2-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  392.765000][   T31] usb 2-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  392.779829][   T31] usb 2-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  392.779857][   T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  392.779877][   T31] usb 2-1: Product: syz
[  392.779891][   T31] usb 2-1: Manufacturer: syz
[  392.780278][   T31] usb 2-1: SerialNumber: syz
[  392.852741][ T8897] usb 10-1: USB disconnect, device number 2
[  392.906281][ T8897] sierra_net 10-1:1.7 wwan0: unregister 'sierra_net' usb-dummy_hcd.9-1, Sierra Wireless USB-to-WWAN Modem
[  392.926583][ T9723] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  392.979879][ T9731] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1020'.
[  393.132873][ T9723] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  393.133475][ T5813] Bluetooth: hci0: Dropping invalid advertising data
[  393.133521][ T5813] Bluetooth: hci0: Malformed LE Event: 0x02
[  393.169678][ T8897] sierra_net 10-1:1.7 wwan0 (unregistered): usb_control_msg failed, status -19
[  393.563275][   T31] usb 2-1: Incompatible driver and firmware versions
[  393.592874][   T31] usb 2-1: USB disconnect, device number 35
[  394.017312][ T8920] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  394.190021][ T8920] usb 9-1: Using ep0 maxpacket: 8
[  394.194377][ T8920] usb 9-1: unable to get BOS descriptor or descriptor too short
[  394.197717][ T8920] usb 9-1: config index 0 descriptor too short (expected 31335, got 45)
[  394.197745][ T8920] usb 9-1: config 90 has too many interfaces: 59, using maximum allowed: 32
[  394.197767][ T8920] usb 9-1: config 90 has an invalid descriptor of length 152, skipping remainder of the config
[  394.197788][ T8920] usb 9-1: config 90 has 0 interfaces, different from the descriptor's value: 59
[  394.263582][ T8920] usb 9-1: New USB device found, idVendor=0637, idProduct=0001, bcdDevice=5c.08
[  394.263612][ T8920] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.263635][ T8920] usb 9-1: Product: syz
[  394.263652][ T8920] usb 9-1: Manufacturer: syz
[  394.263669][ T8920] usb 9-1: SerialNumber: syz
[  394.730275][ T9750] F2FS-fs (loop9): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  394.730328][ T9750] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[  394.739421][ T9750] F2FS-fs (loop9): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  394.739478][ T9750] F2FS-fs (loop9): Can't find valid F2FS filesystem in 2th superblock
[  395.528494][ T8920] usb 9-1: USB disconnect, device number 3
[  396.310067][ T5885] vhci_hcd vhci_hcd.6: vhci_device speed not set
[  396.977504][ T9781] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1030'.
[  396.989202][ T9781] tmpfs: Unknown parameter 'rootcontext'
[  397.027608][ T9781] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(12)
[  397.027633][ T9781] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  397.027720][ T9781] vhci_hcd vhci_hcd.0: Device attached
[  397.280046][ T8920] usb 51-1: new high-speed USB device number 2 using vhci_hcd
[  397.563571][ T9793] FAULT_INJECTION: forcing a failure.
[  397.563571][ T9793] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  397.563609][ T9793] CPU: 0 UID: 0 PID: 9793 Comm: syz.1.1032 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  397.563635][ T9793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  397.563649][ T9793] Call Trace:
[  397.563669][ T9793]  <TASK>
[  397.563680][ T9793]  dump_stack_lvl+0xe8/0x150
[  397.563722][ T9793]  should_fail_ex+0x46b/0x600
[  397.563758][ T9793]  _copy_to_user+0x31/0xb0
[  397.563797][ T9793]  simple_read_from_buffer+0xe1/0x170
[  397.563934][ T9793]  proc_fail_nth_read+0x1be/0x230
[  397.563993][ T9793]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  397.564026][ T9793]  ? rw_verify_area+0x2ac/0x4e0
[  397.564072][ T9793]  ? tun_chr_write_iter+0x190/0x200
[  397.564152][ T9793]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  397.564183][ T9793]  vfs_read+0x212/0xa80
[  397.564224][ T9793]  ? __pfx_vfs_read+0x10/0x10
[  397.564262][ T9793]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  397.564300][ T9793]  ? lockdep_hardirqs_on+0x7a/0x110
[  397.564334][ T9793]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  397.564371][ T9793]  ? mutex_lock_nested+0x152/0x1d0
[  397.564398][ T9793]  ? fdget_pos+0x252/0x320
[  397.564463][ T9793]  ksys_read+0x156/0x270
[  397.564499][ T9793]  ? __pfx_ksys_read+0x10/0x10
[  397.564546][ T9793]  do_syscall_64+0x14d/0xf80
[  397.564567][ T9793]  ? trace_irq_disable+0x3b/0x150
[  397.564595][ T9793]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.564618][ T9793]  ? clear_bhb_loop+0x40/0x90
[  397.564646][ T9793]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.564677][ T9793] RIP: 0033:0x7f0b09e2cfce
[  397.564699][ T9793] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  397.564720][ T9793] RSP: 002b:00007f0b080bdfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  397.564743][ T9793] RAX: ffffffffffffffda RBX: 00007f0b080be6c0 RCX: 00007f0b09e2cfce
[  397.564759][ T9793] RDX: 000000000000000f RSI: 00007f0b080be0a0 RDI: 0000000000000004
[  397.564774][ T9793] RBP: 00007f0b080be090 R08: 0000000000000000 R09: 0000000000000000
[  397.564788][ T9793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  397.564801][ T9793] R13: 00007f0b0a0e6038 R14: 00007f0b0a0e5fa0 R15: 00007fff8a151e58
[  397.564837][ T9793]  </TASK>
[  397.685404][ T9785] vhci_hcd: connection reset by peer
[  397.728858][   T57] vhci_hcd vhci_hcd.9: stop threads
[  397.728927][   T57] vhci_hcd vhci_hcd.9: release socket
[  397.729105][   T57] vhci_hcd vhci_hcd.9: disconnect device
[  398.470863][ T9796] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1033'.
[  398.470887][ T9796] netlink: 'syz.8.1033': attribute type 30 has an invalid length.
[  398.499087][ T9796] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1033'.
[  398.499109][ T9796] netlink: 'syz.8.1033': attribute type 30 has an invalid length.
[  398.519632][   T65] netdevsim netdevsim8 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  398.543928][ T1351] netdevsim netdevsim8 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  398.545330][ T1351] netdevsim netdevsim8 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  398.545396][ T1351] netdevsim netdevsim8 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  399.877962][ T9805] lo speed is unknown, defaulting to 1000
[  401.852044][ T9823] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1041'.
[  401.852138][ T9823] netlink: 'syz.5.1041': attribute type 30 has an invalid length.
[  401.945602][ T9824] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1041'.
[  401.945637][ T9824] netlink: 'syz.5.1041': attribute type 30 has an invalid length.
[  402.410696][ T8920] vhci_hcd vhci_hcd.9: vhci_device speed not set
[  402.603885][ T9839] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1044'.
[  403.833767][ T9850] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1047'.
[  403.899640][ T9848] tmpfs: Unknown parameter 'rootcontext'
[  403.955771][ T9848] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(12)
[  403.955796][ T9848] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  403.955881][ T9848] vhci_hcd vhci_hcd.0: Device attached
[  404.474099][ T9852] vhci_hcd: connection closed
[  404.488473][ T1351] vhci_hcd vhci_hcd.5: stop threads
[  404.488497][ T1351] vhci_hcd vhci_hcd.5: release socket
[  404.488553][ T1351] vhci_hcd vhci_hcd.5: disconnect device
[  404.510054][ T8897] usb 43-1: new high-speed USB device number 2 using vhci_hcd
[  404.510113][ T8897] usb 43-1: enqueue for inactive port 0
[  404.596739][ T8897] vhci_hcd vhci_hcd.5: vhci_device speed not set
[  405.676845][ T9869] FAULT_INJECTION: forcing a failure.
[  405.676845][ T9869] name failslab, interval 1, probability 0, space 0, times 0
[  405.676877][ T9869] CPU: 0 UID: 0 PID: 9869 Comm: syz.8.1052 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  405.676898][ T9869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  405.676910][ T9869] Call Trace:
[  405.676918][ T9869]  <TASK>
[  405.676926][ T9869]  dump_stack_lvl+0xe8/0x150
[  405.676959][ T9869]  should_fail_ex+0x46b/0x600
[  405.676989][ T9869]  should_failslab+0xa8/0x100
[  405.677010][ T9869]  kmem_cache_alloc_noprof+0x87/0x680
[  405.677040][ T9869]  ? do_getname+0x2e/0x250
[  405.677115][ T9869]  do_getname+0x2e/0x250
[  405.677140][ T9869]  __se_sys_renameat2+0x43/0x2c0
[  405.677186][ T9869]  do_syscall_64+0x14d/0xf80
[  405.677204][ T9869]  ? trace_irq_disable+0x3b/0x150
[  405.677227][ T9869]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  405.677246][ T9869]  ? clear_bhb_loop+0x40/0x90
[  405.677269][ T9869]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  405.677289][ T9869] RIP: 0033:0x7f63e222c799
[  405.677307][ T9869] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  405.677324][ T9869] RSP: 002b:00007f63e047e028 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[  405.677343][ T9869] RAX: ffffffffffffffda RBX: 00007f63e24a5fa0 RCX: 00007f63e222c799
[  405.677357][ T9869] RDX: ffffffffffffff9c RSI: 0000200000000180 RDI: ffffffffffffff9c
[  405.677393][ T9869] RBP: 00007f63e047e090 R08: 0000000000000002 R09: 0000000000000000
[  405.677406][ T9869] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  405.677417][ T9869] R13: 00007f63e24a6038 R14: 00007f63e24a5fa0 R15: 00007fff69f4c868
[  405.677447][ T9869]  </TASK>
[  406.163199][ T8903] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  406.795441][ T8903] usb 7-1: config 1 has an invalid interface number: 7 but max is 0
[  406.795471][ T8903] usb 7-1: config 1 has no interface number 0
[  406.795516][ T8903] usb 7-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  406.795546][ T8903] usb 7-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  406.795574][ T8903] usb 7-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  406.798626][ T8903] usb 7-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  406.798656][ T8903] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  406.798678][ T8903] usb 7-1: Product: syz
[  406.798694][ T8903] usb 7-1: Manufacturer: syz
[  406.798710][ T8903] usb 7-1: SerialNumber: syz
[  406.828029][ T9873] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  407.060506][ T9873] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  407.267816][ T8903] usb 7-1: Incompatible driver and firmware versions
[  407.278563][ T9896] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1062'.
[  407.384203][ T8920] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  407.547639][ T8920] usb 9-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  407.547691][ T8920] usb 9-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  407.547731][ T8920] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  407.547754][ T8920] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  407.611793][ T8920] usb 9-1: config 0 descriptor??
[  407.652625][ T8920] usbhid 9-1:0.0: couldn't find an input interrupt endpoint
[  407.717784][ T8897] usb 7-1: USB disconnect, device number 9
[  407.798775][ T9907] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1063'.
[  407.831512][ T9909] fuse: Unknown parameter '/rNQ
����+Bj�e���&I���X��bG"�.���/���Bc�� ���n�f]K�0��z:�6��L�
[  407.831512][ T9909] ����x�5|�m�8���9 �)q�"��d��-�~���7��߹r������U��遤2���󦫛��ލ�CH�4bw+���@���;�L�Q����u>~�-�'h�s�v�2�*H3e� �UC�[��A�̸�(Q'
[  407.988673][ T9911] FAULT_INJECTION: forcing a failure.
[  407.988673][ T9911] name failslab, interval 1, probability 0, space 0, times 0
[  407.988708][ T9911] CPU: 1 UID: 0 PID: 9911 Comm: syz.1.1066 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  407.988731][ T9911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  407.988744][ T9911] Call Trace:
[  407.988753][ T9911]  <TASK>
[  407.988763][ T9911]  dump_stack_lvl+0xe8/0x150
[  407.988803][ T9911]  should_fail_ex+0x46b/0x600
[  407.988836][ T9911]  should_failslab+0xa8/0x100
[  407.988859][ T9911]  kmem_cache_alloc_noprof+0x87/0x680
[  407.988891][ T9911]  ? anon_vma_clone+0x412/0xa00
[  407.989004][ T9911]  anon_vma_clone+0x412/0xa00
[  407.989044][ T9911]  vma_modify+0x187e/0x1f00
[  407.989083][ T9911]  vma_modify_flags+0x24b/0x330
[  407.989110][ T9911]  ? __pfx_vma_modify_flags+0x10/0x10
[  407.989152][ T9911]  ? mas_next_slot+0xc23/0xd00
[  407.989189][ T9911]  mlock_fixup+0x29e/0x440
[  407.989219][ T9911]  ? __pfx_mlock_fixup+0x10/0x10
[  407.989246][ T9911]  ? mas_find+0xb0e/0xd30
[  407.989281][ T9911]  apply_vma_lock_flags+0x2af/0x3e0
[  407.989315][ T9911]  ? __pfx_apply_vma_lock_flags+0x10/0x10
[  407.989353][ T9911]  ? do_mlock+0x173/0x750
[  407.989381][ T9911]  do_mlock+0x558/0x750
[  407.989415][ T9911]  ? __pfx_do_mlock+0x10/0x10
[  407.989441][ T9911]  ? fput+0xa0/0xd0
[  407.989466][ T9911]  ? ksys_write+0x248/0x270
[  407.989498][ T9911]  ? __pfx_ksys_write+0x10/0x10
[  407.989534][ T9911]  __x64_sys_mlock2+0xac/0xd0
[  407.989559][ T9911]  do_syscall_64+0x14d/0xf80
[  407.989577][ T9911]  ? trace_irq_disable+0x3b/0x150
[  407.989600][ T9911]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.989620][ T9911]  ? clear_bhb_loop+0x40/0x90
[  407.989646][ T9911]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.989674][ T9911] RIP: 0033:0x7f0b09e6c799
[  407.989692][ T9911] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  407.989711][ T9911] RSP: 002b:00007f0b080be028 EFLAGS: 00000246 ORIG_RAX: 0000000000000145
[  407.989731][ T9911] RAX: ffffffffffffffda RBX: 00007f0b0a0e5fa0 RCX: 00007f0b09e6c799
[  407.989744][ T9911] RDX: 0000000000000001 RSI: 0000000000002000 RDI: 00002000007a4000
[  407.989757][ T9911] RBP: 00007f0b080be090 R08: 0000000000000000 R09: 0000000000000000
[  407.989769][ T9911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  407.989781][ T9911] R13: 00007f0b0a0e6038 R14: 00007f0b0a0e5fa0 R15: 00007fff8a151e58
[  407.989811][ T9911]  </TASK>
[  408.088065][ T9910] ------------[ cut here ]------------
[  408.088076][ T9910] anon_vma->num_active_vmas
[  408.088099][ T9910] WARNING: mm/rmap.c:528 at unlink_anon_vmas+0x6c5/0x730, CPU#1: syz.1.1066/9910
[  408.088254][ T9910] Modules linked in:
[  408.088324][ T9910] CPU: 1 UID: 0 PID: 9910 Comm: syz.1.1066 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  408.088386][ T9910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  408.088426][ T9910] RIP: 0010:unlink_anon_vmas+0x6c5/0x730
[  408.088518][ T9910] Code: 08 00 48 3b 6c 24 18 74 29 e8 c7 a3 ad ff 49 89 ee e9 cf fd ff ff e8 ba a3 ad ff 90 0f 0b 90 e9 4d fe ff ff e8 ac a3 ad ff 90 <0f> 0b 90 e9 81 fe ff ff e8 9e a3 ad ff eb 05 e8 97 a3 ad ff 48 83
[  408.088569][ T9910] RSP: 0018:ffffc900049e7888 EFLAGS: 00010293
[  408.088661][ T9910] RAX: ffffffff8216d374 RBX: ffff88803cb42900 RCX: ffff888036549e80
[  408.088712][ T9910] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  408.088744][ T9910] RBP: ffff888033c1d530 R08: 0000000000000000 R09: 0000000000000000
[  408.088786][ T9910] R10: dffffc0000000000 R11: fffffbfff1ed4b97 R12: ffffffffffffffff
[  408.088846][ T9910] R13: 1ffff11006310c1e R14: ffff8880318860f0 R15: ffff88803cb42900
[  408.088890][ T9910] FS:  0000000000000000(0000) GS:ffff888126439000(0000) knlGS:0000000000000000
[  408.088940][ T9910] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  408.088980][ T9910] CR2: 0000001b31c1dff8 CR3: 000000003440a000 CR4: 00000000003526f0
[  408.089020][ T9910] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  408.089052][ T9910] DR3: 000000000000000c DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  408.089079][ T9910] Call Trace:
[  408.089089][ T9910]  <TASK>
[  408.089110][ T9910]  free_pgtables+0x836/0xb70
[  408.089273][ T9910]  ? __pfx_free_pgtables+0x10/0x10
[  408.089363][ T9910]  ? rwbase_write_lock+0x568/0x730
[  408.089491][ T9910]  exit_mmap+0x490/0xa10
[  408.089551][ T9910]  ? __pfx_exit_mmap+0x10/0x10
[  408.089630][ T9910]  ? do_raw_spin_lock+0x12b/0x2f0
[  408.089755][ T9910]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  408.089853][ T9910]  ? __pfx_exit_aio+0x10/0x10
[  408.089977][ T9910]  ? uprobe_clear_state+0x288/0x2a0
[  408.090127][ T9910]  __mmput+0xcb/0x3d0
[  408.090168][ T9910]  exit_mm+0x168/0x220
[  408.090195][ T9910]  do_exit+0x6a2/0x23c0
[  408.090247][ T9910]  ? lockdep_hardirqs_on+0x7a/0x110
[  408.090345][ T9910]  ? rt_spin_lock+0x1e0/0x400
[  408.090412][ T9910]  ? __pfx_do_exit+0x10/0x10
[  408.090463][ T9910]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  408.090584][ T9910]  ? rt_spin_unlock+0x160/0x200
[  408.090685][ T9910]  do_group_exit+0x21b/0x2d0
[  408.090755][ T9910]  __x64_sys_exit_group+0x3f/0x40
[  408.090795][ T9910]  x64_sys_call+0x221a/0x2240
[  408.090849][ T9910]  do_syscall_64+0x14d/0xf80
[  408.090898][ T9910]  ? trace_irq_disable+0x3b/0x150
[  408.090971][ T9910]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.091032][ T9910]  ? clear_bhb_loop+0x40/0x90
[  408.091114][ T9910]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.091166][ T9910] RIP: 0033:0x7f0b09e6c799
[  408.091195][ T9910] Code: Unable to access opcode bytes at 0x7f0b09e6c76f.
[  408.091207][ T9910] RSP: 002b:00007fff8a152198 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  408.091229][ T9910] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0b09e6c799
[  408.091250][ T9910] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[  408.091279][ T9910] RBP: 00007fff8a1521fc R08: 0000000000000000 R09: 00000000000927c0
[  408.091318][ T9910] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000102
[  408.091347][ T9910] R13: 00000000000927c0 R14: 00000000000637d9 R15: 00007fff8a152250
[  408.091454][ T9910]  </TASK>
[  408.091492][ T9910] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  408.091535][ T9910] CPU: 1 UID: 0 PID: 9910 Comm: syz.1.1066 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  408.091593][ T9910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  408.091628][ T9910] Call Trace:
[  408.091657][ T9910]  <TASK>
[  408.091677][ T9910]  vpanic+0x56c/0xa60
[  408.091749][ T9910]  ? __pfx__printk+0x10/0x10
[  408.091812][ T9910]  ? __pfx_vpanic+0x10/0x10
[  408.091888][ T9910]  ? is_bpf_text_address+0x292/0x2b0
[  408.091953][ T9910]  ? is_bpf_text_address+0x26/0x2b0
[  408.092052][ T9910]  panic+0xc5/0xd0
[  408.092128][ T9910]  ? __pfx_panic+0x10/0x10
[  408.092237][ T9910]  __warn+0x315/0x4f0
[  408.092268][ T9910]  ? unlink_anon_vmas+0x6c5/0x730
[  408.092324][ T9910]  ? unlink_anon_vmas+0x6c5/0x730
[  408.092434][ T9910]  __report_bug+0x29a/0x540
[  408.092548][ T9910]  ? unlink_anon_vmas+0x6c5/0x730
[  408.092627][ T9910]  ? __pfx___report_bug+0x10/0x10
[  408.092708][ T9910]  ? do_raw_spin_lock+0x12b/0x2f0
[  408.092818][ T9910]  ? unlink_anon_vmas+0x6c5/0x730
[  408.092925][ T9910]  report_bug+0x16a/0x220
[  408.092996][ T9910]  ? unlink_anon_vmas+0x6c5/0x730
[  408.093066][ T9910]  ? unlink_anon_vmas+0x6c7/0x730
[  408.093140][ T9910]  handle_bug+0x9c/0x200
[  408.093187][ T9910]  exc_invalid_op+0x1a/0x50
[  408.093236][ T9910]  asm_exc_invalid_op+0x1a/0x20
[  408.093282][ T9910] RIP: 0010:unlink_anon_vmas+0x6c5/0x730
[  408.093313][ T9910] Code: 08 00 48 3b 6c 24 18 74 29 e8 c7 a3 ad ff 49 89 ee e9 cf fd ff ff e8 ba a3 ad ff 90 0f 0b 90 e9 4d fe ff ff e8 ac a3 ad ff 90 <0f> 0b 90 e9 81 fe ff ff e8 9e a3 ad ff eb 05 e8 97 a3 ad ff 48 83
[  408.093329][ T9910] RSP: 0018:ffffc900049e7888 EFLAGS: 00010293
[  408.093375][ T9910] RAX: ffffffff8216d374 RBX: ffff88803cb42900 RCX: ffff888036549e80
[  408.093412][ T9910] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  408.093439][ T9910] RBP: ffff888033c1d530 R08: 0000000000000000 R09: 0000000000000000
[  408.093473][ T9910] R10: dffffc0000000000 R11: fffffbfff1ed4b97 R12: ffffffffffffffff
[  408.093508][ T9910] R13: 1ffff11006310c1e R14: ffff8880318860f0 R15: ffff88803cb42900
[  408.093563][ T9910]  ? unlink_anon_vmas+0x6c4/0x730
[  408.093659][ T9910]  ? unlink_anon_vmas+0x6c4/0x730
[  408.093756][ T9910]  free_pgtables+0x836/0xb70
[  408.093835][ T9910]  ? __pfx_free_pgtables+0x10/0x10
[  408.093863][ T9910]  ? rwbase_write_lock+0x568/0x730
[  408.093894][ T9910]  exit_mmap+0x490/0xa10
[  408.093927][ T9910]  ? __pfx_exit_mmap+0x10/0x10
[  408.093957][ T9910]  ? do_raw_spin_lock+0x12b/0x2f0
[  408.093996][ T9910]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  408.094038][ T9910]  ? __pfx_exit_aio+0x10/0x10
[  408.094074][ T9910]  ? uprobe_clear_state+0x288/0x2a0
[  408.094109][ T9910]  __mmput+0xcb/0x3d0
[  408.094139][ T9910]  exit_mm+0x168/0x220
[  408.094164][ T9910]  do_exit+0x6a2/0x23c0
[  408.094185][ T9910]  ? lockdep_hardirqs_on+0x7a/0x110
[  408.094220][ T9910]  ? rt_spin_lock+0x1e0/0x400
[  408.094244][ T9910]  ? __pfx_do_exit+0x10/0x10
[  408.094265][ T9910]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  408.094301][ T9910]  ? rt_spin_unlock+0x160/0x200
[  408.094329][ T9910]  do_group_exit+0x21b/0x2d0
[  408.094357][ T9910]  __x64_sys_exit_group+0x3f/0x40
[  408.094380][ T9910]  x64_sys_call+0x221a/0x2240
[  408.094400][ T9910]  do_syscall_64+0x14d/0xf80
[  408.094417][ T9910]  ? trace_irq_disable+0x3b/0x150
[  408.094441][ T9910]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.094462][ T9910]  ? clear_bhb_loop+0x40/0x90
[  408.094487][ T9910]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.094508][ T9910] RIP: 0033:0x7f0b09e6c799
[  408.094525][ T9910] Code: Unable to access opcode bytes at 0x7f0b09e6c76f.
[  408.094536][ T9910] RSP: 002b:00007fff8a152198 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  408.094555][ T9910] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0b09e6c799
[  408.094569][ T9910] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[  408.094581][ T9910] RBP: 00007fff8a1521fc R08: 0000000000000000 R09: 00000000000927c0
[  408.094593][ T9910] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000102
[  408.094605][ T9910] R13: 00000000000927c0 R14: 00000000000637d9 R15: 00007fff8a152250
[  408.094635][ T9910]  </TASK>
[  408.095237][ T9910] Kernel Offset: disabled