last executing test programs:

1.123104824s ago: executing program 3 (id=4):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
syz_io_uring_setup(0x6042, 0xfffffffffffffffe, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, 0x0, 0x0)
sendmsg$inet6(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0xa, 0x4e20, 0x2, @loopback={0x0, 0x7ffffffe}, 0xff00}, 0x1c, 0x0}, 0x0)

1.093712036s ago: executing program 3 (id=5):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f00000001c0)={0xa, <r3=>r1, 'id1\x00'})
openat$cgroup_ro(r3, &(0x7f0000000240)='freezer.self_freezing\x00', 0x0, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000100)={'xfrm0\x00', 0x400})
ioctl$TUNDETACHFILTER(r4, 0x401054d6, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r6, 0x5408, &(0x7f00000000c0)={0xcf47, 0x3, 0xffff, 0x9dff, 0x1, "8003e3ffff070900"})
write$binfmt_aout(r6, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000100)={0x0, 0x40, 0x3, 0x7, 0x16, "b0bf2ebb48c849ac0000000003000018bfff40"})
r7 = syz_open_pts(r6, 0x0)
r8 = dup3(r7, r6, 0x0)
ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000000)=0xff)
ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000140)=0x12)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
ioctl$TUNGETFILTER(r5, 0x801054db, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x4, 0x0, [{0x40000010, 0x0, 0x5}, {0x969, 0x0, 0x4}, {0xb6b, 0x0, 0x4}, {0xbbd, 0x0, 0x4}]})
eventfd2(0x3, 0x80000)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f00000000c0)="d8df0f23b3b9ce000000b807000000ba000000000f301b8154fea900c1d8c7213c213c0000c4e28ddc8dcd000000c182fd3f0000c8b950020000b801000400b9a60800000f00510066b87a000f02d8610f01cf300f300fc79d53bf0000c4b961edc30101220f01c3", 0x68}], 0x1, 0x10, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.038460069s ago: executing program 1 (id=2):
open_tree(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x13)
syz_clone(0x2020100, 0x0, 0xfffffffffffffff4, 0x0, 0x0, 0x0)
unshare(0x60000600)
sendmsg$NFT_MSG_GETOBJ_RESET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0xc0, 0x15, 0xa, 0x804, 0x0, 0x0, {0x5, 0x0, 0x1}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x5}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_USERDATA={0x85, 0x8, "da2ff1d7548e92da117d7721b0ca99bcf9fffda0d4f72f50bd187ddfda630c6affff25423069b525f3d656092e4434ddf7d19d939dcf653ccd9f24ccd04d67e5352d6d94298b25b25cf6633803aa90d3c9cb31fed3a3555d982bfbd74cdbeea315e42fc83e3003c45bb1bb629a9117c0cb13f321c75f880c677c66d88ab40005d7"}]}, 0xc0}, 0x1, 0x0, 0x0, 0x20004801}, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f0000000340)={'ip6gre0\x00', &(0x7f00000001c0)=@ethtool_cmd={0x2f, 0x80000000, 0x0, 0x9, 0xf, 0x3, 0x3, 0xfc, 0x0, 0x1, 0xffffffff, 0x0, 0x0, 0xff, 0x0, 0xfffffeff}})
r1 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r1, &(0x7f0000000540)="900000001c001f4d154a817393278bff0a80a57802000000e503740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e00a2c5fed0759cb068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cef7cff81d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003240)=[{{0x0, 0x0, &(0x7f00000016c0)=[{0x0}], 0x1}}], 0x1, 0x4000800)
syz_clone3(&(0x7f0000003440)={0x88000000, 0x0, 0x0, 0x0, {0x29}, 0x0, 0x0, 0x0, 0x0}, 0x58)

1.028016549s ago: executing program 0 (id=1):
r0 = userfaultfd(0x80001)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x3000009, 0x32, 0xffffffffffffffff, 0x261c5000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1})
syz_genetlink_get_family_id$nl80211(&(0x7f00000020c0), 0xffffffffffffffff)
syz_genetlink_get_family_id$devlink(&(0x7f0000002100), 0xffffffffffffffff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0x78b})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r3, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='net/tcp\x00')
read$FUSE(r4, &(0x7f00000054c0)={0x2020}, 0x2020)
read$msr(r4, &(0x7f0000002080)=""/16, 0x10)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=ANY=[@ANYBLOB="f000000010000100ddffffff00010000fe880000000000000000000020000001fc01000000000000000000e6ffffff01000107144e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c0000007f000001000000000000000000000000000000000000000092010000000000000600000000000000ffff0000000000001c250800000000000200000000000000f8ffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000feffffffffffffff02000000fcffffff000000002abd700005350000020001002000000000000000"], 0xf0}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00')
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f0000000280)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7, 0x1, 0x2, 0x4, 0x4, 0x8}, 0x20)
read$FUSE(r5, &(0x7f0000000040)={0x2020}, 0x2020)

978.020952ms ago: executing program 2 (id=3):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x10003, 0x0, 0xd7c4, 0xfffffff9}, 0x10)
write(r0, &(0x7f00000000c0)="240000001e005f0214fffffffffffff8070000001d00000004000000080009000d000000", 0x24)
socket(0x10, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
ioctl$AUTOFS_IOC_READY(r2, 0x9360, 0xfffffffffffffffa)
getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r1, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xf788, r3}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000080)='O', 0x1}], 0x1}}], 0x1, 0x20040010)

950.023303ms ago: executing program 2 (id=6):
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01)
ioctl$EVIOCSABS0(r0, 0x401845c0, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r2 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
writev(r2, &(0x7f0000000f00)=[{&(0x7f0000000000)="c805", 0x2}], 0x1)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r3, 0x5408, &(0x7f00000000c0)={0xb3ca, 0x4cc, 0xffff, 0x7f, 0x10, "0000faffffff00"})
write$binfmt_aout(r3, &(0x7f0000000300)=ANY=[], 0xff2e)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x3, 0x7fff, 0x16, "b0bf2ebb48c849ac0000000003000018bfff40"})
r4 = syz_open_pts(r3, 0x0)
r5 = dup3(r4, r3, 0x0)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000000)=0xff)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r7, r8, &(0x7f0000243000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x5c, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
mremap(&(0x7f0000064000/0x3000)=nil, 0x3000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
r9 = userfaultfd(0x801)
ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r9, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
ioctl$UFFDIO_WRITEPROTECT(r9, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x3})
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x6000001, 0x3032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
close_range(r1, 0xffffffffffffffff, 0x0)

728.410684ms ago: executing program 1 (id=7):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000243000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x5c, 0x0, 0x0)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r4, 0x3309)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
close_range(r0, 0xffffffffffffffff, 0x0)

434.270718ms ago: executing program 1 (id=8):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$sock_int(r0, 0x1, 0x22, &(0x7f0000000000)=0xfffffc01, 0x4) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'})
mlockall(0x7)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000a, 0x204031, 0xffffffffffffffff, 0x76413000) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x2, 0x0) (async)
r1 = socket$netlink(0x10, 0x3, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000000)="89edee2c78daddb4b473", 0xa}], 0x1) (async)
sendmsg$netlink(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="180000007600"], 0x1c}], 0x1, 0x0, 0x0, 0x4004000}, 0x0) (async)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') (async)
r3 = memfd_create(&(0x7f0000000180)='v\xa6\xf5lj6,r\xaf\xe8\x10/\xecg\xed\xe3h\x80\xb8!y6w\xda\xdd\xb9\nR\xe8@\x99\xb9\x8a\x0fZ\t\xc5\xa7p;\a\xeb\xe0~\xa1\xd8\x90\x8bp\x10\x84\xdc\xe2\x86t\x8a\xba\xc6\xfb\xd2\f\xef&+C\xd69c\xfc\xf2\xad\xa8M\xe8\\\x15Hd~\\\x11\x95\xf8\xe6\xa7\xc3\xbc\x18+\x92\x92N\x17\xa7\x7fN\x9bL\xf8\xebQs@}\n\xd2fX\x95\xb0n\x9d\x85\xea\x1a*\x1bI\xd8\x1c\xe8\x9bYS%\x1d\x10\x86\xa0\v\xea\xd9\x89\xda\xa7Wd\xa4Eu\x8cs\x87\xc8\x10\xc3\xb2I\x1a\xb2\xfd7\x98\x16\xca\x83y\xf9\x1a\xe7\x06h\av\xa8\xd8\xce\xc8\x1c\xafJ\x90\xefa\xb1/\xee1=\xbfM\xeaw\f\xa2\x87\x1c(\x1a-\xeb\xfbV\xeb4Z\x03H\xd9\x86\xe12N\x1f\xd8{\xf5\xcf\x92\xb0\x9fzw\x03\xd7\xe9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe2\xe9\xf1u\xf4\xf8[\xdd\xdf\x95\xae\xf1\xab\a\xd6\xad\xf2\x7f9\xcf\xbe\xf0\x1c\xbdV(I\xef\xc6~\x8a\x04\xbf#\x1e}\xfd=\vG\xfb\xf7\xb29\nZ\x91;\'\x82\xe1z\x93\xfeYDc}\xde\x853\xed\xff\xc9\x80\xa2\xa8h\x94\xbe1}h\x84,RQj\xdf\xac\vU\xa3\xf2\xacC)\nC\xee}Vv\xde\xc9\xe0\xa2`\x19\"\x01\x05\x7f\x99l^d6L\a8\x99a\x9d\xaf\xa3\xc4&\xeb\xb2\x8d$=A<W\xbb\xeb\xa0b\xc7^\xf9n\x96sag`', 0x1)
mmap(&(0x7f000008a000/0x3000)=nil, 0x3000, 0x2000006, 0x11, r3, 0x2772d000) (async)
read$FUSE(r2, &(0x7f0000000640)={0x2020}, 0x2020) (async)
mount$tmpfs(0x0, &(0x7f0000001880)='.\x00', &(0x7f00000018c0), 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="290400"]) (async)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
r4 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r4, &(0x7f0000002780)={0x2020}, 0x5ecfb203) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'veth0_virt_wifi\x00', <r5=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000100)={r5, 0x2, 0x6}, 0x10)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'})

351.276893ms ago: executing program 1 (id=9):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="01000000770d00000000000800000000", @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x80}}, 0x4004044)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x200280, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TDLS_MGMT(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x4c, r3, 0x4, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0xc90, 0x44}}}}, [@NL80211_ATTR_TDLS_DIALOG_TOKEN={0x5, 0x89, 0x1}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x2c5}, @NL80211_ATTR_TDLS_INITIATOR={0x4}, @NL80211_ATTR_TDLS_DIALOG_TOKEN={0x5, 0x89, 0x8}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x27}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x18}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24046001}, 0x10)
socket$can_bcm(0x1d, 0x2, 0x2) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) (async)
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10) (async)
sendmsg$can_bcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="01000000770d00000000000800000000", @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x80}}, 0x4004044) (async)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x200280, 0x0) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_TDLS_MGMT(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x4c, r3, 0x4, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0xc90, 0x44}}}}, [@NL80211_ATTR_TDLS_DIALOG_TOKEN={0x5, 0x89, 0x1}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x2c5}, @NL80211_ATTR_TDLS_INITIATOR={0x4}, @NL80211_ATTR_TDLS_DIALOG_TOKEN={0x5, 0x89, 0x8}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x27}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x18}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24046001}, 0x10) (async)

351.167643ms ago: executing program 1 (id=10):
pwritev(0xffffffffffffffff, &(0x7f0000000480)=[{&(0x7f00000003c0)="77cccb0deedbb94f1afd3ccb469a6721cc637e9cbc7f0685c4ab02897a615638b1ba209474e485e5c676dab2f779fc45e14a15eb8cab8dce71eaea08ea87db5609", 0x41}], 0x1, 0x4, 0x5)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000040)={[0x4, 0x2, 0x80, 0x5, 0x20000004, 0x7f, 0x4233, 0x6305e5a4, 0x81, 0x9c1, 0x8003, 0x1005, 0x7, 0x4db6, 0x0, 0xfffffdfffffffffd], 0x2000, 0x80300})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000001c0)=@arm64={0x1, 0xa, 0x99, '\x00', 0xe})
ioctl$KVM_RUN(r2, 0xae80, 0x4000000)

298.469785ms ago: executing program 2 (id=11):
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff})
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000008300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
splice(r3, 0x0, r4, 0x0, 0x88, 0x0)
close_range(r0, r3, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
getsockopt$CAN_RAW_FILTER(r2, 0x65, 0x1, &(0x7f0000000080)=[{}, {}], &(0x7f0000000140)=0x10)
ioctl$VHOST_SET_VRING_ENDIAN(r2, 0x4008af13, &(0x7f0000000180)={0x2, 0xff})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
ioctl$NS_GET_OWNER_UID(r2, 0xb704, &(0x7f0000000280)=<r6=>0x0)
ioctl$TUNSETOWNER(r0, 0x400454cc, r6)
flock(r5, 0x2)
landlock_restrict_self(r5, 0x8)
write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYRESOCT=r5], 0xffe)
r7 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/fscreate\x00', 0x2, 0x0)
ioctl$XFS_IOC_GETBMAP(r7, 0xc0205826, &(0x7f0000000200)={0x3, 0x7fffffff, 0x5, 0x5, 0x401})

288.964996ms ago: executing program 1 (id=12):
r0 = socket$netlink(0x10, 0x3, 0x15)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="400000001400011504000000000000000a0000000400000014000900ff01000000000000000000000000000114000280bf"], 0x40}, 0x1, 0x0, 0x0, 0x20000804}, 0x8018)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000002940)=ANY=[@ANYBLOB="12010002000000106e050c0100000000000109022400010000500009040000090300010009210000000122090009058103000008fce9"], 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup(r2)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000003900)=ANY=[@ANYBLOB="200000001600010a000000000000030000000c000a00"/32], 0x20}}, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="083c86dd0001110004600000a60c6eec00be00442cfffe8000000000000000000000000000aaff020000000000000000000000000001", @ANYRES16=r3], 0xfdef)
r6 = epoll_create(0x7)
r7 = epoll_create(0x9)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000140)={0x60000000})
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r7, &(0x7f00000000c0)={0x4})
syz_genetlink_get_family_id$tipc(&(0x7f0000000300), 0xffffffffffffffff)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r8 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x0)
ioctl$EVIOCSKEYCODE_V2(r8, 0x40284504, &(0x7f0000000100)={0x5, 0x17, 0x92e9, 0x2, "265ad12c5bb016165c91f1c21328be017fdda8be0000001834eafa8c00"})
sendmsg$NFT_BATCH(r0, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a7c000000140a01020000000000000000010000080900020073797a32000000000900020073797a31000000000800034000000009040008000000020073797a31000000000c00064000000000000000010c0006400000000055f123d40900010073797a31000000000900010073797a30000000000800034000000009e0000000000a050000000000000000000100000400000240000000030c00044000000000000000030800024000000003120006006b707f70bbc8bccc95e5eb210a160000080002400000000177000600e0e269b771f65b2c344742374f4f62dd4e15d260dc52965ff39387bcfc26a09c5dd0ca907e18ed3434169b2ce6d7a110319d0b56bd7031afd5fde27288da1850419ab29781bee880c0c7eb284eb76a42e9999f1940b3487489652fb4ac97fdce2f549403e30aa56488c9b733f557ad2f962ea03fc892ed9e2e8aa16ca8750d000c00044000000000000000010c00044000000000000000053c000000060a010100000000000000000000000308000b40000000010c000340000000000000000508000940000000030c00064000000000000000031400000011000100"], 0x107}, 0x1, 0x0, 0x0, 0x48004}, 0x40050)
syz_usb_control_io(r1, &(0x7f00000002c0)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="2023a0000000a00f23838722da6b7e84"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
pread64(r9, &(0x7f000001a240)=""/102400, 0x19000, 0x1000000000)
write$tun(0xffffffffffffffff, &(0x7f00000009c0)={@val={0x0, 0xa00}, @void, @eth={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @random="c1778a8d8043", @void, {@mpls_uc={0x8847, {[{}, {0x6, 0x0, 0x1}, {0x6}], @ipv6=@gre_packet={0x4, 0x6, "6da091", 0x137b, 0x2f, 0xff, @mcast2, @ipv4={'\x00', '\xff\xff', @multicast1}, {[@hopopts={0x87, 0x16, '\x00', [@calipso={0x7, 0x38, {0x3, 0xc, 0x5, 0x4, [0x6, 0x5, 0x1, 0x4, 0x7, 0x7]}}, @calipso={0x7, 0x28, {0x0, 0x8, 0x1, 0x0, [0x3, 0xce, 0x9, 0x8]}}, @calipso={0x7, 0x48, {0x0, 0x10, 0x81, 0xd9, [0x363, 0x9, 0x0, 0x1, 0x4da, 0x0, 0x100, 0xb70d]}}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}]}, @dstopts={0x8, 0xf, '\x00', [@hao={0xc9, 0x10, @remote}, @padn={0x1, 0x1, [0x0]}, @generic={0xb2, 0x42, "493b555697feab381bade7e54003b9d8b2f915f186c14cdb56d32e0650a0487c2bd1617cd7e54f698be8e1559c3719bdee2da72bb3feb1c9491ae10655e87aa17bee"}, @enc_lim={0x4, 0x1, 0x8}, @pad1, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @generic={0xb8, 0x8, "36438488447abb4b"}, @enc_lim={0x4, 0x1, 0x5}]}, @hopopts={0x32, 0x1, '\x00', [@enc_lim={0x4, 0x1, 0x9}, @pad1, @generic={0xff}]}, @routing={0x21, 0xa, 0x1, 0xe, 0x0, [@private2, @private1={0xfc, 0x1, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private1={0xfc, 0x1, '\x00', 0x1}, @private0]}, @routing={0x18, 0x6, 0x1, 0x9, 0x0, [@mcast2, @mcast2, @private2={0xfc, 0x2, '\x00', 0x1}]}, @dstopts={0x3c, 0x8, '\x00', [@calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x8, [0x0, 0xffffffffffffffff, 0x401, 0x7, 0x8]}}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00'}, @pad1]}], {{0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x44, 0x2, [], "8ed3fe75cfb2415ed52513ac9ed9db89fb933bd1bde713e30ffc7698fb257539502075810d4a90bdd8c121bd6e498db4249fab7d3637e11a9fba43e88fa6881f373c4a99"}, {0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x800, [], "5dfb733c2f585b424d9a5dbb8b9a5752571a741f06709194d0e0c2dd77717752207254f50d90ba4b3dfedc454f687ed8df5ad856a5b1c3a91dc131398c58123e0e"}, {0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x86dd, [0x52bc, 0x4, 0x2], "551576136012f897686154565e03aa7c13ddc3ca364e441ae28ef68f59b288c5166bba5583026a95e65d0cd57233d25dac8ae1e7362d4e71658e4e2deef510220aba898c175468b91699468e418f14c352b5ef2540facb6316eefa32f0aaf9a926fb7c12a6dd3a89de07af797859c786255837ccef922420726ccd5c664e4e49968bba36aff40bda8f7b72d98486d82996cb8ba464668bd788c3242cef5a72b23cab6c8849a92916fbaf264902d5b3bcfe77616bdd66e7a7cf01cdae19b1a5f4c33286203cb35268b1e015e6aeb5fbdb64ed1041d43868fa07532b82c1f6569c6655a071db24d2537e07d593337d3974b85e33a0231fc1c51398697dde0c9a8bf241d5459e474de0ed852d060c56cd56fc05e63350a7a192f2440b15c44542e0dd042176771a387446ec7b198053535a9818f65741c7c32584f000d80471a5ac7894afa0db8d14e3867ab7e49d681bb8ebe1234a00c66cca7024fda764e41d127decfdde47d0eb88e779e21bfb02646c053563042a5f3f759ca15626680067f47bdcc6a60eab658adb574aa1356d2e120bb6001609c18f0c5e934cf823e6c1e73b8b591a0abcaa1aab8739f4de30b848d74f570a61253225aa3681e43016b8c2b975105c9052a038c84482daf9a96e7eb5e4eff469ca6777085c5e4b1d8fcf9b95a7d59fe75c58a03652ece8bd597513db4673959c4057385ee602555d75da35e8f48e8bfc666d5c22ce2303d43063b400114845d732182da2cafd9e7d5f7640abf21377ee9be49f6f379474939d249cb934aad2392137f9a68078d42cbe61d1b152aff944ede9ce21b2121df85fb4f541ef65bddea10ac2306ce43e0614f171ce62f5835df95ed52cc47a5bab0e6131ef40b7342d8beace16de093bce84c87ad7bf8be70794f426d2a976c95a3a5d147f5dc4fdd45c1ccb1929853997469039cd9442176a727aa6a5a4218e8738aa149d2ab19a14d520c108a5b9299ed8dade435461fee89bae102c59aff93df89cde1bf04200efb47313a595a1e82947f30409701a9fe975a4f6f27a36e3d2f5b96667214c3a067334e1635b7edc43300cb1bf47cfbd3ec55753e78530052b1132d9ad49606bf2e40e3c5df07c3db47a2427e6873184f92a9bc90eb8b0ab53793ada2dbc33e8b05795ecf39ab9556aea3a8bf159a686f70b74b5007b13ac516533192fe4f3d31806b3fc678a2ff02992eba636163504052b82f7485d73f194d36bee77b595452bfe8c501a38da3ea0edef3f3510b62f4e650031ba92f8898f21de6093cd17ccafcab97816d3817a3a00e7d5a92efd9f8be83fa245d00d22a2b3ff7b1bf0df43ded73debcaa24b8572a54a27019a09f86a005e083bebc1b52b0345df14a7588b5d27114ab1828018f9a5ed17bbe29650ab553f4e6aef37d656575afeba098624617982028a3f7359ca93dcf4f1c03b57f7b08edf689c4f5d0cfb78e401175230e270ea0189686a611be4d3eb4fbda6f0be931dd681e0cb75e622f8da0bd67c9b4f60a1a3266d03ce3a2214cf82035b1b4508f8cb3ee08377afe0fe15d165ee42c64e44d39c03d171222c9a1b0ebe70ef398563d6ca8a8e04218d46ebb87e5c0d371d5925c246fbf0500b1417e18b2c84e00f9efc88aeac6ddcc58aa874e0e2ef50865ea7b133662447f0f28fb343c75cba9899db2b28f07ad9eff528c50eecdb4195ab6f0f2a0e13379425cddd10743c3d3dac69af44fef794d4d63967b8cf368455ce74e644278f39f47e1d9f9f8f5f20524de4f4284bdb5256b96c747fe06bacc7205878f029cf1de6912792fd21f196db2027a6accdfa9275a8791fa25a502d1772978522c6ee35e6dabc3863163acc9081175a3962a759b8c3efdc91be95a532a6c26c22c8f4bdd927024a26756611f457941e5c50d5c3f3887bf0ce3e628f79e95b26bdbcc7a7bb91bd5da1222c081da12b58cc09fd82540647656e2963d447c1c0c647c8427e46b42c73ea035537d2e767dd73f14f698ae542d31473dcdc76fc91964203175716507c011a66dafbc43c5f23c5e0b8897b0a2273a616df626e9400665b191a0cc5952c3ffa12f107c38df3cc821ba3e7a3829c8273569f3bc98dc6a289839fe583130c4a1ee81e9c85878907decdb6b1185412ebb66c3e2adacb63b775a286db3a2c629a721f6b53ec6a65288612cb821c62ac187140ffc8d4c7eacaf231409fdc9ca914289bc5508b1fad8246d8f2f17bc5ee6491ef7462dddb339adb515b4c47d07fd273e169eae48110b2a3f91f4c17d7e10cd14bd6df93f6e2d391b61b69a0e87a3c2c2535131d5952f8761ac8c220a093d5afd2049df31f2b94c32d25e2564055050b5fe8f6f11e43a191bdae657721c003ef8652b6d9760dd4e1422c717d5a67452f30b9e5d4423a711ab9b3f7552c22e1f05d2d294098d863f43702e4249719e1e4964f65c6445f8bf45f3ba853b14eab9c08490e60e85039c8726caefcba6327aef837afdac516744ef75f656f2c87ec2d0d38a4fb2c39bd6d0315a7a4a80755b21227d6c3b5f68ca8f07c75d162f170864d6001fe5b7990379a4a5fa7e940bd8dae7d3c753d762ec9eac61475160462e45f1f1b1f0005f1a9d512e67098648ef3f00fc6afc1cf5be5b6a4b206b344ffb2de8e310b3dfa01db721705dd3e6ade2dc3e2b2ffbb9d8ea18c4890111a071c977c524d85b4de74be6450af9ddcd8f6ebea9e951e0a7a65f66a87dda5461de6c3a1051a9cb48a656a857a888c7a6ce7785597470e6e946a25b70520faf94b368491c032ce3069f82ee1616f891389c4031c664aca6cf1a46cf2b957ea6cfc870a476a9727870ba65336de815d802438aef13f1cf6c8c6c42b17dbf6943e8d789b8bd5adab6b5c5878664f76b5eb2da2530709fde05a50fe9d258c90b1c71cae6b9275956bc41c52a6c2fc410bfda2ec827855248ff228fcacdb82ede2446cb4132cea47ca3be000b269cf49278160224a02fba5a2a807e4be60862a3b82841bfb311be992137945fd6c91dedf684eb61e1e317a9b71668013a7f433688a57dc1f2d8bb679ea8690c0e12b252dbb2e30b85cccde6c3237244db156cc758b4069e55f4c7b7151a455b652b7cead241990c82d8cea9bad662d5f89d2915f6e863d324f352b3ef04126204021a6097436775bb9a4dd8b2129df12f6a4810f1ce9399608b95969f600b4d291d41097407207e7f23d5cb56a289d64029c56a31d8313bf01a81992039da70657895951fc83bda95471a9efe6dd77122b5ea5a3d8cc1dff80304995b9bd45359f0ab127caa80045bbf83bdaca5010b1e16b50f259a83ef4cc87b60ddf2bf16e18897ea7456c1aac4adcc40de0b02ef812ce3e75af6e8e3082a7f6d2db6574e7d4072bd243d8362e2208df9f88a021357ae16241d1d8d5047f1f30d615019d1b5e069c1ca848e48b9d6a00f4f019507b86f5a13b311d128fd877ebde7223e1fa5f97c664da1a345af426fc3d40ad8a0b5b05be82f224cc6f565e972795ae42a0768fafd0ca4db400150234e7db7fe2b269d033c01091cdf3ae0629926995e84463a6415ee812d423349ed864e35bf71f5a6e7956b52635a9ec0dda1040d09223de8a29d00f04fc685648b787266dc25f0c7883539c32084e69873fda58de0c59739be7b92d9cd03a65cafbb5875e2937eff6f51e2452b247af531fc3e571a3479063c8d01792573034e87d7fd3a457084a0f1dbc35be07a682f88830693828954789842aa351c1953a80885122da039a7465b8f2eef144c9a3b873a3bbdb46e432bced60e4bd5b4d5aa4ae22ff11ae789d4be8e0895c5c1175e4353cd4f1cbb94ad01d239c5467158b7d1a94e557e241818ad249e9f5156575deb810b686abf69d39e526d0a843eaa1d0fa088d16c2e995aaf73927a66ce28ccb7c1f6d6c3fc4de8efeeeef41492ac08c735bca8ee3999a2f1bcd9f52f7346faf0f290939124ad6281c9e6f45ee6335d6a887776d301bf56fea97574c374b9d8286a8c94d8e0380b281f889148ec1f34713600338f103fdf5aa04a26632d9f4bf34f1b63b30bb0bff8e35902c3aa5850c098aeb83d5a6e4e706e5532a5158d94e7a801c7baaae92a3611a40f3685c172ce86e0ee14a54f3ed2c5cf7c15141c68416410e6710a2a4268d839aef3600c1df923ef3cc8c274f82af470822b227d411b18e4ef080c6021bf32e4da409a6ee3af216ec03eade878945cc912a84eabc8150f6fa5a3eb648ac5c15212023376e547e41b0d7bb25d8007bb6ffa6adc209d1a7100a2b3120f031c7a0820c310a4c8dc06d38bde8c5ba7fca2f0b01d122a1ac6be57fab8842306194f5e7d3adec5b6ced4fd793456d4f95aa0ec23cb445c1cdfe3e35b90da7aaa43fb4e50b4d4c4dd2696227acfff8d3b372928956083cc81dda7df6eb7c54a93f549317778a6777cc23184dae5a8b2a8556435cc6d527b35f1c495b7da6b4300db715ea5093a8a190d6a1eededab62715f7fd4c4842d1e35706414d1a3abeefdba65af9c7fbb70cc13a9da0389fff999a44b1d64d36e653e1a278b097141d8b1753c6da6053e70f51908532a5f9cad620d829ed544a8b9f766b5b4e159832670bb4e91e53c0bf6b44d372d0fdf4b31c019e4b0766e9c7efe1f83a1cf6bceee2c6605f745bf30867b8f3a622b8a4ce6bd91250fcde1da7ef82ca945e04773395d7a2668473175c9fbc41503c61ed09cc03ab7debfc3922cb137ca3d5828ae2a634bb7bb705265515bcd58b54f8a3a351a2de675b52edda18c9f2d7cf6771dd86d2a161d3d380c9c93b79a40bd9851784c40df3e50facfa1786f62c525ff831b34624c6894b290afe5be793b78c999b231ba50e62229b312b28389fee7de15a69a80d8012da0a3518f6b80a793e1d38b49ae049c02ca1ef7641b3f0d8d1f4aaff28cfd4dd10f3bcf35c6c8efb863ef80491fda7f02cb92c358ad2ac01dd548b6e373a191c55b162b887e5793d99698c1f9468abaa709586438186e2dae0a099d9a985383a3e66aba78220ec06a91e0b71910d69812682c81919464297a27fa6ea5e075ff406850be2e198b79848e2febcdba43490095ed4def0b23cab7b1835b52919cd9d0e34a77749542c7a91a763e322ebbb2165c83027bcccdfb7851894d4184260738d5c3a68d8362a95b72c2b5d5002ad63a5f522753521f850931cb57818baf5c792fb076604d6cdc097cc48c65e55e7023e90ebd7fc991c4dc533434063d08a1ab06fe903958b5f4cee75b50edb3b97d71a17d353f273aff5f693c777082df7c14b9318bc9a59019e335c1e30556c2c9ab237a61c0fa6c80ba13a6e05bca7e8f784d55abc0b2bc18adb947ba1663586615e2694babec8329477585867c6ee6173a627a1487d1e261b79e039331d5a5b867125b98d4afad0841bc6aa23c457e7cad40d921aa99e79e7906d55c7c287f5b43f9224824d3de7cc307a490971c5c38850c8c918b2628239a02e34375375203387d62489708371233680892944815f16156d30e81a63ef975b54836de7693f3f90354bbc326d952e0ceac20300b686217b0295deb7865e5a3d9ce9b92396a5f101b5c61ae3a7ac4f4b7a737d82da0ced2993a6a7ad88ee14f16885e61fca2bdc078a87b3f56c5ac6bdccfb87af3d0f6b58e3e10fcc977f897a0d188c85fc12066d45aa9eb2c6ab6097650f64541cf577c4bd350203a35d54a53d5d8aaacb090a93b50083f4ab193e6c36fd24afe747616c943f8b72c84171b2af0df34710af8e14969ee2fc6df7f70f24e06203f2376c79"}, {0x8, 0x88be, 0x0, {{0x7, 0x1, 0x8, 0x1, 0x1, 0x1, 0x5, 0xd}, 0x1, {0x4}}}, {0x8, 0x22eb, 0x4, {{0x1, 0x2, 0x0, 0x2, 0x1, 0x3, 0x1, 0xf}, 0x2, {0x7a, 0x727, 0x2, 0x6, 0x0, 0x1, 0x3, 0x0, 0x1}}}, {0x8, 0x6558, 0x2, "2d853c9d28803db93842f360ea200212f3e8294c895da1b4607b591630c5e712a5308630467ac4a50274acaf757f87432ddf2b6eba3c1e3308af95329b20f12287e97dc05a35e5b9797cb9950e54f708b32144d95f46be617840e732ff21be37057a2715203fd1fa222d52383cfd0c2b532d5435"}}}}}}}}}, 0x13c1)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r9, 0xc0406618, &(0x7f0000000380)={@desc={0x1, 0x0, @desc1}})

239.352818ms ago: executing program 2 (id=13):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180) (async)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) (async)
r0 = openat2$dir(0xffffff9c, &(0x7f00000000c0)='./file0/file1\x00', &(0x7f0000000140)={0x40, 0x110, 0x2}, 0x18)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r1=>0x0})
bind$xdp(0xffffffffffffffff, &(0x7f0000000080)={0x2c, 0x4, r1, 0x17}, 0x10) (async)
r2 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
lseek(r2, 0x7fffffffffffffff, 0x2) (async)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
dup(r3)
unshare(0x4000400) (async)
r4 = socket$xdp(0x2c, 0x3, 0x0)
lsetxattr$trusted_overlay_nlink(&(0x7f00000001c0)='./bus\x00', &(0x7f00000002c0), &(0x7f0000000300)={'U-', 0x955}, 0x16, 0x1) (async)
bind$xdp(r4, 0x0, 0x0) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x143802, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x12, r5, 0x91a4b000) (async)
madvise(&(0x7f00000b3000/0x2000)=nil, 0x2000, 0xe) (async)
sendmmsg(0xffffffffffffffff, &(0x7f0000006300)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000001180)="ba", 0x1}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x1) (async)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0) (async)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000280), 0x80, 0x0) (async)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)})
r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8c)
r7 = openat$incfs(r6, &(0x7f0000000340)='.pending_reads\x00', 0x0, 0x0)
ioctl$TIOCL_GETKMSGREDIRECT(r7, 0xc058671e, &(0x7f00000000c0)) (async)
ioctl$BLKRRPART(r5, 0x125f, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000084)

117.940474ms ago: executing program 0 (id=14):
r0 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
ioctl$AUTOFS_IOC_READY(r1, 0x9360, 0xfffffffffffffffa)
getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xf788, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000080)='O', 0x1}], 0x1}}], 0x1, 0x20040010)

95.857246ms ago: executing program 0 (id=15):
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000001940)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000002b40)=""/4078, 0xfee}, {&(0x7f0000004980)=""/202, 0xca}, {&(0x7f0000000000)=""/83, 0x53}, {&(0x7f0000000840)=""/87, 0x57}, {&(0x7f0000005580)=""/4094, 0xffe}, {&(0x7f0000000180)=""/268, 0x10c}, {&(0x7f00000008c0)=""/242, 0xf2}, {&(0x7f0000000580)=""/95, 0x5f}, {&(0x7f0000000a80)=""/211, 0xd3}, {&(0x7f0000000600)=""/104, 0x68}], 0xa}, 0x5e}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x90}, {{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, 0x0}, 0xfffffffe}, {{0x0, 0x0, 0x0}, 0x3ff8}, {{0x0, 0x0, 0x0}, 0x4}], 0x8, 0x10000, 0x0)

57.857747ms ago: executing program 3 (id=16):
pwritev(0xffffffffffffffff, &(0x7f0000000480)=[{&(0x7f00000003c0)="77cccb0deedbb94f1afd3ccb469a6721cc637e9cbc7f0685c4ab02897a615638b1", 0x21}], 0x1, 0x4, 0x5)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000040)={[0x4, 0x2, 0x80, 0x5, 0x20000004, 0x7f, 0x4233, 0x6305e5a4, 0x81, 0x9c1, 0x8003, 0x1005, 0x7, 0x4db6, 0x0, 0xfffffdfffffffffd], 0x2000, 0x80300})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000001c0)=@arm64={0x1, 0xa, 0x99, '\x00', 0xe})
ioctl$KVM_RUN(r2, 0xae80, 0x70000)

0s ago: executing program 2 (id=17):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
munmap(&(0x7f0000c75000/0x4000)=nil, 0x4000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
read(r0, &(0x7f00000002c0)=""/153, 0x99)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x5000002, 0x14032, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_MOVE(r0, 0xc028aa05, &(0x7f0000000140)={&(0x7f00000e9000/0x2000)=nil, &(0x7f0000c76000/0x1000)=nil, 0x2000, 0x1})

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.181' (ED25519) to the list of known hosts.
[   24.057978][   T36] audit: type=1400 audit(1774242398.580:64): avc:  denied  { mounton } for  pid=282 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   24.059009][  T282] cgroup: Unknown subsys name 'net'
[   24.080903][   T36] audit: type=1400 audit(1774242398.580:65): avc:  denied  { mount } for  pid=282 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   24.108491][   T36] audit: type=1400 audit(1774242398.610:66): avc:  denied  { unmount } for  pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   24.108714][  T282] cgroup: Unknown subsys name 'devices'
[   24.292209][  T282] cgroup: Unknown subsys name 'hugetlb'
[   24.297865][  T282] cgroup: Unknown subsys name 'rlimit'
[   24.471797][   T36] audit: type=1400 audit(1774242399.000:67): avc:  denied  { setattr } for  pid=282 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   24.495359][   T36] audit: type=1400 audit(1774242399.000:68): avc:  denied  { mounton } for  pid=282 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   24.504436][  T284] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   24.520441][   T36] audit: type=1400 audit(1774242399.000:69): avc:  denied  { mount } for  pid=282 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   24.549706][  T282] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   24.552274][   T36] audit: type=1400 audit(1774242399.050:70): avc:  denied  { relabelto } for  pid=284 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   24.587051][   T36] audit: type=1400 audit(1774242399.050:71): avc:  denied  { write } for  pid=284 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   24.612784][   T36] audit: type=1400 audit(1774242399.070:72): avc:  denied  { read } for  pid=282 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   24.638431][   T36] audit: type=1400 audit(1774242399.070:73): avc:  denied  { open } for  pid=282 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   25.393153][  T290] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.400289][  T290] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.407384][  T290] bridge_slave_0: entered allmulticast mode
[   25.415304][  T290] bridge_slave_0: entered promiscuous mode
[   25.423683][  T290] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.430891][  T290] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.438131][  T290] bridge_slave_1: entered allmulticast mode
[   25.444405][  T290] bridge_slave_1: entered promiscuous mode
[   25.520933][  T289] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.528355][  T289] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.535548][  T289] bridge_slave_0: entered allmulticast mode
[   25.542061][  T289] bridge_slave_0: entered promiscuous mode
[   25.559018][  T289] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.566108][  T289] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.573272][  T289] bridge_slave_1: entered allmulticast mode
[   25.579487][  T289] bridge_slave_1: entered promiscuous mode
[   25.607330][  T292] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.614677][  T292] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.621876][  T292] bridge_slave_0: entered allmulticast mode
[   25.628067][  T292] bridge_slave_0: entered promiscuous mode
[   25.634734][  T292] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.641940][  T292] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.649119][  T292] bridge_slave_1: entered allmulticast mode
[   25.655493][  T292] bridge_slave_1: entered promiscuous mode
[   25.690634][  T291] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.697876][  T291] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.705000][  T291] bridge_slave_0: entered allmulticast mode
[   25.711240][  T291] bridge_slave_0: entered promiscuous mode
[   25.717978][  T291] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.725159][  T291] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.732318][  T291] bridge_slave_1: entered allmulticast mode
[   25.738509][  T291] bridge_slave_1: entered promiscuous mode
[   25.788533][  T290] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.795627][  T290] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.802946][  T290] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.810171][  T290] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.887841][  T292] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.894990][  T292] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.902349][  T292] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.909571][  T292] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.935967][  T289] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.943060][  T289] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.950363][  T289] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.957394][  T289] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.966044][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.974729][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.982443][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.990479][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.997760][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.005218][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.034694][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.041790][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.070610][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.077683][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.085376][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.092472][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.107359][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.114525][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.127396][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.134488][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.158918][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.166291][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.202815][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.209912][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.229118][  T290] veth0_vlan: entered promiscuous mode
[   26.243268][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.250337][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.262015][  T289] veth0_vlan: entered promiscuous mode
[   26.270955][  T292] veth0_vlan: entered promiscuous mode
[   26.290721][  T289] veth1_macvtap: entered promiscuous mode
[   26.299459][  T292] veth1_macvtap: entered promiscuous mode
[   26.323917][  T290] veth1_macvtap: entered promiscuous mode
[   26.353788][  T289] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   26.387113][  T291] veth0_vlan: entered promiscuous mode
[   26.432348][  T312] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   26.432456][  T291] veth1_macvtap: entered promiscuous mode
[   26.587591][  T324] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2'.
[   26.590559][  T322] SELinux: failed to load policy
[   26.650644][  T323] kvm: kvm [311]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x5407
[   26.659440][  T323] kvm: kvm [311]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x5b07
[   26.888996][  T332] random: crng reseeded on system resumption
[   27.085045][  T336] tmpfs: Unknown parameter ')'
[   27.452431][  T291] ------------[ cut here ]------------
[   27.458213][  T291] WARNING: CPU: 0 PID: 291 at fs/overlayfs/util.c:602 ovl_dir_modified+0x15a/0x190
[   27.467612][  T291] Modules linked in:
[   27.471602][  T291] CPU: 0 UID: 0 PID: 291 Comm: syz-executor Not tainted syzkaller #0 1899ccadb87a2390231fcfce9a7a94d2fcd39aaf
[   27.483386][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   27.493813][  T291] RIP: 0010:ovl_dir_modified+0x15a/0x190
[   27.499586][  T291] Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 de 75 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d e9 fc f1 5a 03 cc e8 f6 48 3f ff <0f> 0b e9 3e ff ff ff e8 ea 48 3f ff 0f 0b e9 6e ff ff ff 44 89 f9
[   27.520230][  T291] RSP: 0018:ffffc9000b66fb48 EFLAGS: 00010293
[   27.526350][  T291] RAX: ffffffff82485faa RBX: 0000000000000000 RCX: ffff88812505cc00
[   27.534563][  T291] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   27.542715][  T291] RBP: ffffc9000b66fb70 R08: ffff8881219e9dbf R09: 1ffff1102433d3b7
[   27.550830][  T291] R10: dffffc0000000000 R11: ffffed102433d3b8 R12: 0000000000000000
[   27.559015][  T291] R13: dffffc0000000000 R14: ffff8881219e9d20 R15: ffff88811a645aa0
[   27.567084][  T291] FS:  000055558507d500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   27.576385][  T291] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   27.583139][  T291] CR2: 00007f4b75f48060 CR3: 000000011f816000 CR4: 00000000003526b0
[   27.591242][  T291] Call Trace:
[   27.594653][  T291]  <TASK>
[   27.597655][  T291]  ovl_do_remove+0x81b/0xda0
[   27.602333][  T291]  ? ovl_set_redirect+0x780/0x780
[   27.607406][  T291]  ? down_write+0xee/0x2b0
[   27.611977][  T291]  ? __cfi_down_write+0x10/0x10
[   27.616870][  T291]  ovl_rmdir+0x1e/0x30
[   27.620986][  T291]  vfs_rmdir+0x3e0/0x560
[   27.625395][  T291]  incfs_kill_sb+0x109/0x230
[   27.630023][  T291]  deactivate_locked_super+0xd5/0x2a0
[   27.635416][  T291]  deactivate_super+0xb8/0xe0
[   27.640215][  T291]  cleanup_mnt+0x406/0x4a0
[   27.644646][  T291]  __cleanup_mnt+0x1d/0x40
[   27.649073][  T291]  task_work_run+0x1e8/0x260
[   27.654321][  T291]  ? __cfi_task_work_run+0x10/0x10
[   27.659538][  T291]  ? __x64_sys_umount+0x12e/0x180
[   27.664624][  T291]  ? __cfi___x64_sys_umount+0x10/0x10
[   27.670439][  T291]  ? __kasan_check_read+0x15/0x20
[   27.675608][  T291]  resume_user_mode_work+0x35/0x50
[   27.681457][  T291]  syscall_exit_to_user_mode+0x63/0xb0
[   27.687270][  T291]  do_syscall_64+0x63/0xf0
[   27.691855][  T291]  ? clear_bhb_loop+0x50/0xa0
[   27.696739][  T291]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   27.703150][  T291] RIP: 0033:0x7fe77599d9d7
[   27.707685][  T291] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[   27.727566][  T291] RSP: 002b:00007fff02bb8aa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   27.736409][  T291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe77599d9d7
[   27.744542][  T291] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff02bb8b60
[   27.752840][  T291] RBP: 00007fff02bb8b60 R08: 00007fff02bb9b60 R09: 00000000ffffffff
[   27.760976][  T291] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff02bb9bf0
[   27.769158][  T291] R13: 00007fe775a32050 R14: 0000000000006ad9 R15: 00007fff02bb9c30
[   27.777191][  T291]  </TASK>
[   27.780361][  T291] ---[ end trace 0000000000000000 ]---
[   27.786356][  T291] ------------[ cut here ]------------
[   27.791889][  T291] WARNING: CPU: 1 PID: 291 at fs/overlayfs/util.c:602 ovl_dir_modified+0x15a/0x190
[   27.801426][  T291] Modules linked in:
[   27.805352][  T291] CPU: 1 UID: 0 PID: 291 Comm: syz-executor Tainted: G        W          syzkaller #0 1899ccadb87a2390231fcfce9a7a94d2fcd39aaf
[   27.818853][  T291] Tainted: [W]=WARN
[   27.822717][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   27.832995][  T291] RIP: 0010:ovl_dir_modified+0x15a/0x190
[   27.838681][  T291] Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 de 75 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d e9 fc f1 5a 03 cc e8 f6 48 3f ff <0f> 0b e9 3e ff ff ff e8 ea 48 3f ff 0f 0b e9 6e ff ff ff 44 89 f9
[   27.839667][    T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   27.858744][  T291] RSP: 0018:ffffc9000b66fb48 EFLAGS: 00010293
[   27.858776][  T291] RAX: ffffffff82485faa RBX: 0000000000000000 RCX: ffff88812505cc00
[   27.880450][  T291] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   27.888454][  T291] RBP: ffffc9000b66fb70 R08: ffff8881219e9dbf R09: 1ffff1102433d3b7
[   27.896549][  T291] R10: dffffc0000000000 R11: ffffed102433d3b8 R12: 0000000000000000
[   27.904945][  T291] R13: dffffc0000000000 R14: ffff8881219e9d20 R15: ffff88811a645aa0
[   27.913455][  T291] FS:  000055558507d500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   27.922645][  T291] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   27.929271][  T291] CR2: 00007f4b751e9e80 CR3: 000000011f816000 CR4: 00000000003526b0
[   27.937573][  T291] Call Trace:
[   27.941004][  T291]  <TASK>
[   27.944231][  T291]  ovl_do_remove+0x81b/0xda0
[   27.948954][  T291]  ? ovl_set_redirect+0x780/0x780
[   27.954528][  T291]  ? down_write+0xee/0x2b0
[   27.960160][  T291]  ? __cfi_down_write+0x10/0x10
[   27.965325][  T291]  ovl_rmdir+0x1e/0x30
[   27.969698][  T291]  vfs_rmdir+0x3e0/0x560
[   27.974166][  T291]  incfs_kill_sb+0x1a0/0x230
[   27.978999][  T291]  deactivate_locked_super+0xd5/0x2a0
[   27.984594][  T291]  deactivate_super+0xb8/0xe0
[   27.990122][  T291]  cleanup_mnt+0x406/0x4a0
[   27.994988][  T291]  __cleanup_mnt+0x1d/0x40
[   27.999716][  T291]  task_work_run+0x1e8/0x260
[   28.004363][  T291]  ? __cfi_task_work_run+0x10/0x10
[   28.009734][  T291]  ? __x64_sys_umount+0x12e/0x180
[   28.014885][  T291]  ? __cfi___x64_sys_umount+0x10/0x10
[   28.020338][  T291]  ? __kasan_check_read+0x15/0x20
[   28.025632][  T291]  resume_user_mode_work+0x35/0x50
[   28.031221][  T291]  syscall_exit_to_user_mode+0x63/0xb0
[   28.036850][  T291]  do_syscall_64+0x63/0xf0
[   28.041617][  T291]  ? clear_bhb_loop+0x50/0xa0
[   28.046343][  T291]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   28.049678][    T9] usb 2-1: Using ep0 maxpacket: 16
[   28.052835][  T291] RIP: 0033:0x7fe77599d9d7
[   28.059529][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   28.062400][  T291] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[   28.074604][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   28.092286][  T291] RSP: 002b:00007fff02bb8aa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   28.105636][    T9] usb 2-1: New USB device found, idVendor=056e, idProduct=010c, bcdDevice= 0.00
[   28.113875][  T291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe77599d9d7
[   28.123282][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   28.131011][  T291] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff02bb8b60
[   28.144142][    T9] usb 2-1: config 0 descriptor??
[   28.147316][  T291] RBP: 00007fff02bb8b60 R08: 00007fff02bb9b60 R09: 00000000ffffffff
[   28.160656][  T291] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff02bb9bf0
[   28.168836][  T291] R13: 00007fe775a32050 R14: 0000000000006ad9 R15: 00007fff02bb9c30
[   28.176955][  T291]  </TASK>
[   28.180057][  T291] ---[ end trace 0000000000000000 ]---
[   28.187121][  T306] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   28.339695][  T306] usb 1-1: Using ep0 maxpacket: 16
[   28.346762][  T306] usb 1-1: unable to get BOS descriptor or descriptor too short
[   28.357460][  T306] usb 1-1: New USB device found, idVendor=0e41, idProduct=4249, bcdDevice= 0.40
[   28.374181][  T306] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   28.383108][  T306] usb 1-1: Product: syz
[   28.387395][  T306] usb 1-1: Manufacturer: syz
[   28.392670][  T306] usb 1-1: SerialNumber: syz
[   28.575251][    T9] elecom 0003:056E:010C.0001: unbalanced collection at end of report description
[   28.585264][    T9] elecom 0003:056E:010C.0001: probe with driver elecom failed with error -22
[   28.675796][  T306] usb 1-1: 1:1 : UAC_AS_GENERAL descriptor not found
[   28.683202][  T306] usb 1-1: unit 7 not found!
[   28.691415][  T306] usb 1-1: USB disconnect, device number 2
[   28.715805][  T309] udevd[309]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   28.840566][    T9] usb 2-1: USB disconnect, device number 2