last executing test programs:

6m5.005805122s ago: executing program 0 (id=687):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x60303, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000440)='\x00'/12, 0xc)
r4 = accept4(r3, 0x0, 0x0, 0x80000)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmmsg$inet6(r5, &(0x7f0000003b80)=[{{0x0, 0xd, &(0x7f00000003c0)=[{&(0x7f00000000c0)="e6", 0x1}], 0x1, 0x0, 0x0, 0x7000300}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000440)='&', 0x23fff}], 0x1}, 0xff03}], 0x4000070, 0x8000)

6m2.302875277s ago: executing program 0 (id=696):
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0xe6)
prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c00000001040102000000000034c0829ffdd3bb8300000005000000"], 0x1c}}, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc)
read$FUSE(0xffffffffffffffff, &(0x7f0000004380)={0x2020}, 0x2020)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000001c0)={r2, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f0000000040)={&(0x7f0000000300)=[0x0, 0x0, <r4=>0x0], &(0x7f0000000040), 0x3, r3, 0xcccccccc})
ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000380)={0x0, 0x1, &(0x7f0000000440)=[r3], &(0x7f0000000200), &(0x7f00000000c0)=[r4], &(0x7f0000000040), 0x0, 0x300})

6m0.838749543s ago: executing program 0 (id=698):
prctl$PR_SET_NAME(0xf, &(0x7f0000000040)='\x00')
openat$dsp1(0xffffffffffffff9c, 0x0, 0x5bb9c1, 0x0)
socket$kcm(0x10, 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
syz_emit_ethernet(0x4e, &(0x7f0000000540)=ANY=[@ANYBLOB], 0x0)
fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_open_dev$admmidi(0x0, 0x2, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r2, 0x8983, &(0x7f00000001c0)={0x3, 'vlan1\x00', {0x3}, 0x7}) (fail_nth: 4)

5m59.765678076s ago: executing program 0 (id=701):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000080)='./file0\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x8)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x7fff, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(r0, r3, &(0x7f00001bb000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="bad004b8f8ffeff3a5f2e0a40f20c06635020000000f22c00f01cff42e670f20246665660f6d310f01932900f7b70028", 0x30}], 0x1, 0x40, &(0x7f0000000100), 0x0)
syz_open_dev$video(&(0x7f0000000000), 0x10003, 0x36001)
bpf$MAP_CREATE(0x0, 0x0, 0x48) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='dyn']) (async)
chdir(&(0x7f0000000080)='./file0\x00') (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) (async)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x8) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x7fff, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202}) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
syz_kvm_setup_cpu$x86(r0, r3, &(0x7f00001bb000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="bad004b8f8ffeff3a5f2e0a40f20c06635020000000f22c00f01cff42e670f20246665660f6d310f01932900f7b70028", 0x30}], 0x1, 0x40, &(0x7f0000000100), 0x0) (async)
syz_open_dev$video(&(0x7f0000000000), 0x10003, 0x36001) (async)

5m59.355238206s ago: executing program 0 (id=704):
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0x4000, &(0x7f0000000780)='\x00\xff\xff\x00\x02@qGP\xc5\x94\xa6\x8fB\xc3\x93\xe5\xc1a\x05!\x9a\x8b\xeb\xcew\xd8\x1e\xda\xc1\x9f\xe9\xc4c\xdd\xf6^\xcb\xec\x9b\x82\xcf\x14\xde\xa5\xef\x162bP\x95/\xefMs\xe0%}\xe4\xf1=\x05\xf6l\xb7\xc1\xe9c\xc3\x7f\tg\xf56\xeasl\xbd\x02\xc1\x8a\xa9\x83\xaf\xfa\x95W+N$\x06R\x92\xe5Z\x97\xfb\xb6e}fW\x8bm\x04\'{\xaf\xe2zd\x91+-\xb1\xd8\ftK|\xb8\xd2\xb6\x7f\xf4\x84\v\x1e\x00R\xfc\xbcg\x81\xbb\xc4\xcd\xe9\xe5.\x9b\x7f\xeb\x04\xe6,N\x00\x9a\x9d\xf8\xd1\x8aR4;\x7f\x8a\x86\xb7\xd7o\x90\xfd\xa9dJ\xd5.\x18F2\x00\x00\x00\xf2y\x99\xfd\xca\xff*\xd3;\x84F\x8f !N\x1c\xfaI\xa5\x85:\xc1\x9ed\x13\xaf\xd0/\x00\x9b\x0e\xb6\xca\xa5X\xb9]<\n\x04\x00\x00\x00\x00\x00\x00\x00\xc2\xf6\x1bw\n6^\xfa\xea\r\xf1\xc1\xd0\xd821\x9e\v4Q\xc6{\xa0\xf7\xcd\x82 6zL\xeeqG\t~\xafQ(\xc3\xd8\x05\xcb\xbfB\xb0\xe1b\x0f\xa8f\xe6\xb1\xe8\x9aB\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xcd\xefx\x0f\xf5\x85M\x14\xbb\xab1)\x8e%\xb7\x89\x17/')
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x200000087}, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(r0, 0x3b88, &(0x7f00000000c0)={0xc})
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setresgid(0x0, 0xee01, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r5, &(0x7f0000000980)={0x2020}, 0x2020)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cgroup.controllers\x00', 0x275a, 0x0)
linkat(r6, &(0x7f0000000000)='\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1400)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
symlink(&(0x7f0000000080)='.\x00', 0x0)
rename(0x0, 0x0)
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00')
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000d4c000/0x2000)=nil, 0x2000, &(0x7f0000000040)='%pK    \x00')
mremap(&(0x7f0000d4d000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil)

5m58.056622991s ago: executing program 0 (id=709):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = add_key$user(&(0x7f0000002100), &(0x7f0000002180)={'syz', 0x1}, &(0x7f00000021c0)='b', 0x1, 0xfffffffffffffffe)
r5 = add_key$user(&(0x7f0000002300), &(0x7f0000002340)={'syz', 0x3}, &(0x7f0000000100)="370c099069effa43de3e1404db09b4ce1ef77bde4b371532dd16447c1b13403656c86711f6e750026f23029a50d44299c7bf5c78dc5efae2d041016160e8bef7b30c05e298aa9572540dd950307987eef2115e1bcf512bea3410ca5a9e9f827e4b13490dbbd4fc5a45e0738b959acafd2c12863045265bcbc2c9426ac3f614746b436fe86a72dc642dd67d970604a69b4f22cd0076beedc18056ab4bea4c825b69a7a77adcd5488684872b1bb9eb84586549e11b080468668e8fd0e52ce0705a", 0xc0, 0xffffffffffffffff)
keyctl$dh_compute(0x17, &(0x7f0000000400)={r4, r5, r5}, &(0x7f0000000540)=""/204, 0xcc, &(0x7f00000003c0)={&(0x7f0000000340)={'streebog512\x00'}, 0x0, 0xf0ff})

5m57.329945692s ago: executing program 32 (id=709):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = add_key$user(&(0x7f0000002100), &(0x7f0000002180)={'syz', 0x1}, &(0x7f00000021c0)='b', 0x1, 0xfffffffffffffffe)
r5 = add_key$user(&(0x7f0000002300), &(0x7f0000002340)={'syz', 0x3}, &(0x7f0000000100)="370c099069effa43de3e1404db09b4ce1ef77bde4b371532dd16447c1b13403656c86711f6e750026f23029a50d44299c7bf5c78dc5efae2d041016160e8bef7b30c05e298aa9572540dd950307987eef2115e1bcf512bea3410ca5a9e9f827e4b13490dbbd4fc5a45e0738b959acafd2c12863045265bcbc2c9426ac3f614746b436fe86a72dc642dd67d970604a69b4f22cd0076beedc18056ab4bea4c825b69a7a77adcd5488684872b1bb9eb84586549e11b080468668e8fd0e52ce0705a", 0xc0, 0xffffffffffffffff)
keyctl$dh_compute(0x17, &(0x7f0000000400)={r4, r5, r5}, &(0x7f0000000540)=""/204, 0xcc, &(0x7f00000003c0)={&(0x7f0000000340)={'streebog512\x00'}, 0x0, 0xf0ff})

12.443865009s ago: executing program 1 (id=1728):
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xe7, 0x84, 0xdd, 0x8, 0x3f0, 0x26b, 0x4629, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x2, 0x90, 0x0, [{{0x9, 0x4, 0x73, 0x0, 0x0, 0xf6, 0x23, 0x7a}}]}}]}}, 0x0)
syz_usb_control_io(r0, &(0x7f00000004c0)={0x2c, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000000240)={0x14, &(0x7f00000000c0)={0x40, 0x21, 0x101, {0x101, 0x11, "e8dd461be55996681a0c849b708b4f9eca6450a3e88bb205d91dd6c9b03ea392045db48bf5b52ff8a462e2d455e833668f0fddbe4e87f11803fe6c557a88ecf54b0251fe503787318713f3dae42508eeb85e73e37ee9d34b4ca84a47ec78d074203b7c3439baf925293f6fe11262c3c2a9d0fc63cf1aa8ea5e2a93ed51cbe68e554c9f05896fdbc9fc81e3254eff3bd86a8d64b5a65627551f5ed9bc4ab887fe91550b18d844635da59c462e9385ecc037342c4ad29cc2ebfd883f90814756e1b40a87ac33ddb7d6554e07a09617feec7f30c9828dd9b3c6aa476b24c14220e9e482308694fd921cbf435b7f527f8ce65c46690f8874c3a0dce58269ee01f2"}}, &(0x7f0000000200)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1401}}}, &(0x7f0000000580)={0x44, &(0x7f0000000280)={0x20, 0x13, 0x37, "886e6ad89ccb9c2bb47620e36494d0de93b9ea496dcda3a629c9e2348f7e5b442c81fc2c5bf24e335ed1ebbd89c07c99330b67121a5e40"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x18}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000380)={0x20, 0x81, 0x3, "3fd10c"}, &(0x7f0000000400)={0x20, 0x82, 0x2, "ad9e"}, &(0x7f0000000680)=ANY=[@ANYBLOB="208301000000965c0b06508a133c0ee275c8b3d16735d1c2adb1f064ba519be57c159d26c021d125e585f34889f6eb360f433b3a97984cee8f8be0c6e650d856d6c3ce21dff04eb2ba30d78ac3b1c5279f0b9124eb4aa763a3c3c22c22cd1a53d8b5efd626ac1afae4fac1de25bb4b94eb1a1759b6d96efc60e7f609bdbed79cb23129ca9c8e1f17498f1a20dafff8c35f765e919658807007b22bf7c90b33f8c3a29003856e646e129b81115183f774f5a8d8b5aff61d6b29bb0bb87b0be77e9cb0425ca7d6310dc6e3b1fbea0839c1000001000000"], &(0x7f0000000480)={0x20, 0x84, 0x3, "86a20f"}, &(0x7f0000000500)={0x20, 0x85, 0x3, "2bb3fa"}})
syz_usb_control_io$printer(r0, 0x0, 0x0) (async)
syz_usb_control_io$uac1(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, 0x0, &(0x7f0000000540)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000040)={0x1, 0x3}, 0x18, 0x3)
landlock_restrict_self(r1, 0x0)
r2 = fsopen(&(0x7f0000000080)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) (async)
r3 = getpgid(0xffffffffffffffff)
sched_setscheduler(r3, 0x5, &(0x7f0000000000)=0x4) (async, rerun: 32)
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000600)={<r4=>0xffffffffffffffff, 0xc, 0x3, 0x8}) (rerun: 32)
ioctl$SNDCTL_TMR_TEMPO(r4, 0xc0045405, &(0x7f0000000640)=0xa4) (async, rerun: 64)
fsmount(r2, 0x0, 0x1) (async, rerun: 64)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r5 = getpid()
sched_setscheduler(r5, 0x1, &(0x7f0000000400)=0x7) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e) (async)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) (async)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=ANY=[@ANYBLOB="0400000004000000040000000500010000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00'/28], 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r8, 0x58, &(0x7f0000000340)={0x0, <r9=>0x0}}, 0x10)
r10 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={r9}, 0xc)
close(r10)

11.160682434s ago: executing program 4 (id=1737):
sendmmsg(0xffffffffffffffff, &(0x7f0000001500)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x500, 0x4000000, @remote, 0x0, 0x3}, 0x80, 0x0}, 0x5b4}], 0x1, 0x0)
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f00000001c0)=0x2001)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r1, &(0x7f0000000180)=[{0xff, 0x0, 0x0, 0x0, @tick=0x4, {}, {}, @result={0x1, 0x2}}, {0x0, 0x0, 0xff, 0x3, @tick=0xf27, {0x1}, {}, @addr={0x2a, 0x5}}], 0x38)
read$FUSE(r1, &(0x7f0000000a40)={0x2020}, 0x2020)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000900)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x115, 0x2081}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_ACTIVE_SLAVE={0x8}, @IFLA_BOND_MODE={0x5, 0x1, 0x3}]}}}]}, 0x44}}, 0x28000000)

10.089375849s ago: executing program 1 (id=1740):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid() (async)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x69703000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_int(r3, 0x29, 0x1000000000021, &(0x7f0000000000)=0xaf, 0x4)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @mcast2, 0x9}, 0x1c) (async)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @mcast2, 0x9}, 0x1c)
sendmmsg(r3, &(0x7f0000000480)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x500, 0x4000000, @remote, 0x0, 0x3}, 0x80, 0x0}, 0x5b4}], 0x1, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000700), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x34, r5, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0xa2ab}]}, 0x34}}, 0x0) (async)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x34, r5, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0xa2ab}]}, 0x34}}, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = io_uring_setup(0x4f04, &(0x7f00000002c0)={0x0, 0x48c7, 0x1, 0x0, 0xffffffff})
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r7, 0xfffffffc) (async)
listen(r7, 0xfffffffc)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
close_range(r6, 0xffffffffffffffff, 0x0)

9.263907157s ago: executing program 4 (id=1742):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0x2}, 0x18) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) (async, rerun: 64)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (rerun: 64)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) (async, rerun: 32)
mmap(&(0x7f00007a9000/0x1000)=nil, 0x1000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (rerun: 32)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) (async)
r4 = socket$pppl2tp(0x18, 0x1, 0x1) (async)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @dev}, 0x2}}, 0x2e) (async, rerun: 64)
setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000bc0)={{{@in=@loopback, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x2, 0x0, 0x8, 0x8, 0x4}, {0x4}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x3f}, 0x80, 0x32}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x8}}, 0xe8) (async, rerun: 64)
syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) (async)
r6 = getpid() (async)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
socket$unix(0x1, 0x1, 0x0) (async)
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f00000000c0), 0x4) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r9}, 0x10)

8.415209577s ago: executing program 4 (id=1746):
r0 = syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b892000000010902900902000000000904"], 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) (async)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYRESOCT=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
ioctl$EVIOCGKEYCODE_V2(r1, 0x80284504, &(0x7f0000000040)=""/185)

8.171742025s ago: executing program 5 (id=1747):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000640)={&(0x7f0000000540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x4, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x1, 0x3}]}, @var={0x2, 0x0, 0x0, 0xe, 0x3}, @union]}, {0x0, [0x5f, 0x61]}}, 0x0, 0x4c}, 0x28)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB, @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f00000021c0)={0x2020}, 0x2020)
syz_fuse_handle_req(r4, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r4, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ccc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb190df08747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb81035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22263e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485e4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6b3f0000f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784753f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2205eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e44312c24c2ce8e642bb73c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a748cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d9f95e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad24c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc5908", 0x2000, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x8000}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
syz_fuse_handle_req(r4, &(0x7f0000006380)="c66dd220cbdeb68f27c1f98bf43fd861bcf841572658a3308737983b31a434673f1003eeeb6d9b934bcd19cf754f4882114d61e15354449f763f772e86c9e2252731f7a098faad2accca3e470845b32918bcf530f9474d3cd610d9028cb7b247d3a73d887719f70554d8976c10784c8073e521a80b5ebe7501d6c3b6b5cf9a498a1e97b8201ac756e5f35d71bdd4d196e73cae0cc34c7140cde8380de823e8c76662f0844f549818b5ef6c732b8f412b79273508b69f2e6a653709b4d9bded080b6c15ca5c5b8ff23309e05d460dfb40403f60a3e5a0e1d4e1aa59d53823a047427673267e79d40fdd6f12ef696fe22887d24087373f64987e48ba20e7f47d1f08871e0c22a02593156648fc106c4529d8cf17c71d473f4ad43992b1cdbf5cfaaf1ce401d5ad8b9c6bdc3c60a88a91c52f5aae74a5d25e0cd738fd80169a98b84d4d24a7e86c9d8e4c3e3ff1a9fc44a87558aeb7acbfec13a26a4b121b2cb9ae628c682aa4c44311c45a673bab25880665d6cdf589e5c5415794c4fd6b940e7a44df93a34a684183581c850fbe97ef8c1de852ea836e0db1a104b498d6dd8fdf65c606e772de2e9dfe46a418fac3c0bdd72916c951e3df04f2ae85839305be2a86aebcf4898b6e49c27df6033ad2b8651279ceb20c779716240d3d0fef3bb6c417a8c6f75398a91942d8ab11f21f5795767650a96e246c7244f8e4935e9c01349616a098ae810487d657fd095beee05a36812f39f4266f25f4508e80f19a4aec7116f1d8bc48bc2c1f0f96ff34b66a965d428852766b78f1e7eb0260bbb355cc0859af6988ff7efa0b3fede3d5f2f2147ffae4a5eb58a7585b596270334c360a1547787a95634e13d59bf53f51f48e75a6a3e48f8348f4cb495d9699dfdf8cc71668c5b9622578100f7163394cb3171fc8a6c1e7f88f08b8c3cf4b0cd9a1bc16bd1488ebe43199d97cdf4bbcde8a06a79c5af6ff2ebf1a04add74830cfac0b946514b18de249e934dd8a1a96fce085320fa857c853480170208533acd3d41c4384a932eeccd4ce7d09827efae4c0d19d00c5b48943c4d877017be59434dae6bef767fb9ffd073c2261b06c0f23a0c77a5bcb1f5738dceb6abee00bd7c649f6ebc64b4b8b948319a22ed4add48eedda8a2cd1bad6799e1d9ed778e5ce22d5fead0cd06806cb4b7b5661f9db6bcf9ddcdc9e49e0e6a8ec98fc42c660d5d75311fb9c9d06074611ebbdbea45672dd78760ed92d0e95c1d5ae234d674dc3ffaeef3d928aa4b93c0fe55fa886bd3f2371a5bb22c4dd6b8bc13250490cf279d4e56b646dec4eaa53951d55f602c1f4081d49316f6bcb35aad0453b44c7f266e99838683404859bc372d1df5f1512f35558b3706b32093b72a78a40c8a188852a0b5aca11a34ba23195cb598ca595f243c260392cd793b65dda856f81be1b54d873a0366407ac26687262d6bda693e058f598bde80e304c83dd0c2fd0e634ff15e1ca4e2918bfa8e3a626aee7b5e445aa7fae096595fe58032c993eb06ce49c1045b1f132f2c90d6e23b76076838ad7ed7a6a74245d7ad72b38bdc04e458d3908d1d272f23fe18f68ad746e5440cfbcc3b7ad477dccd6fb2db536df0e4d24480d2765e724ca06cbde7e01cd32e36681796a454c801adc1b25b501cc4aaae778f3783dad15d12e656b09bb3d8f37efc86cc7faea5e51913902faed79ae5973f4413e275f78e7e66099f9e41bd73a07445a780dde0b189308e3b83d1a3cf5aef2d3e11fcad930eb6c60ebb899b22cdbd539412b2371d28a4331394d8f29d8b16f94ffd91d4eb5c278e7f6b4024fcc7af9dfde1b3c915b06dae683760fad05d6638c6389fdd19a9b12956c11e9b9ea7d30e09b13d9f681e012f1e41746341a61b71ac6c333b29883ca2cd1aaa3c02e66c85de1e3b2b7e77b0dd1469ab9db5c17beb2d33862db20fd77de685a1e70ba55b0d9cf4b2d3d1196196b5317324e5f189605baa37493c9586b7e475865b4bb21b335e8b291b9dea17f6afc1cd84618b189567817511de821a866a00b62c62516b716cf55dcf7f5b7d7520306fe03f00cc61b7dc297886459d74bedb8ac1d05cc506db74d018c877da735481c318224fd06f349b59f69b0d2d017c817e5a1f934d263789d418eb69c772d923b01a6a4a6afbba4a6980fbf7cddd84f8e4392eaccb98cdd30488919ea6d492d32f9ca4233649117474f4116f6ca4cb762d524c0f92bbb40d3f430dbd50dba20adda8b4170a73c3b66257c412311a7bd3ea3ecca0da47a7a00ef0a464ee0a4b2402b61db833f3cfe1847b9630de47f331d575f6e3c6fb44a9021700c6d8055ea982a05a5ba6a91a41e7445fdba7ac09202fee733a5c216b3c3090991225b98178508d1985832f8e7dae58482ec0fa2215c935bd0ef9f03c0ed3caf97bf4de023605aa8535f1e88e841471bd8842084c6715a3fd3acd07ec9c43f635e5f868d82cdc6f9424ed978d39e72cc92535c2637164f15e9a67770389535ba46cbf786189562908872274ba126b313bd1c0780e9d0ca38956d1277b58f04eaa1f97ed8c6c83d9c05df0df8b43da930707a84662e480a33d1868edc9ff65368d51fda828ad29ecbd3b2cc0ddb0aad251b4736f872ba5f066617a9e9675ed7f80685544af44c677b9d39a1a353984ea4ccbf36d759b490f8dcd5621e573baaa2c03ef367f543ca5d36d1c9d33d4762bb0b1e02ec67d3511582d69b06a57d15f5260fab5ed8d9361948eabf88d9e776a18c5c4f2d42bb46373861b613db9a91ccff8fbd563ddb37f0738fa1723c23c85cac0f9eb53a41d115fe0339eed3167f59b2f2f0739cf9c0ba5769b18a213d5809bccadecee6e781811bf584c22a6557516d12bd58420f5c67c673fdf0888ab31edcee3198927b5b87a63f89f7a07d1da8cb946f0a87e7d3bb455c888f394d17694378446c9073e54368564dc546b6c930ae17afcc8360cb2e31d87ad8923f60033aa637a399707398ffa51645ab1d9963c29375c834746004ac16d24d8f006e9674e45da3d938de524857c57fd39b22678f39096309527ed22c41677a65a67dc0998a8babc9cb688a56628d09a732773d9019d92399415e93852a12d66ccbfa571837b7689c7cc50026ed643a89c8f1bdef6d01016e6e1c21bb779db52c2254f5dae40ff173943ba62ce343ec035d93d5c92c64884d654777cf6995dd0c485c7c132db383769ae1f35f1980654d2b47e92b1862f653eeb81ada4eed6c9d0fe9da3d7db5dfb4d66b2d576676beddc4394ade2acf55f9ec24aee7c4c77138e799f62deb19367ce226a66715da515479b176c9ca06c739566d279142ce2163b8835c840a3de6e2d275b5d5a948b26ec8faa6cf322c5038fc00fb0a27f0b76b5e305780c9145e99feadf571bf8d87dc93ea0f8ff3bc246b16d4e43256507abc7ccc92e113a037ab13855058ba1e0770b90f52e0740c157d68963b3d236f681454589385c6124bddf948c5aa2e147a3543c301dc6d82acb504f76239c890b7d3d76dbd7c26445ab6fe66f9f71d95f4f0d6c51533ce4b05353ef27178f6b6813366189ff4cc19cc5c9f7aca4d6b6f3b5b213e828cbf8b8b5cacb42ade1fa2594cc4ccd3457a45a5b19926f17b9061c9072fdce96afbd3f2bbecc6dfbdf9d9b3e1a621e65a7cdf0a97cb0223b220b39a88b7414ce91e5fb52f3c9c7e10199ffc8fad826d40a798ecaebbd8881c1605f986bb0af06f416280f63f3a3c28d399d13c21e6d79501cbbfcc9483a73a931e91358807fbebefd39b466cb9f251fa4fc7d5f4fd2d87d4604c9750593d3a801b963085ad7aaa91e023977742b728d292b046d0bd49f81717a686f10096e154681b85aeb81a26fa8f46bf3dfdf5dc7c7ca37aa3da37e53a105be5935640baff476453f53ffcf786894eac35d1933a5e97fb9b6d975f9fbe7914d09dc948d305005eb4aba3a9b8cdefb30dbb3300f46041db06567956ba4327280721addb17425a2b223e81bc41467cb413cebbe16818468eeb5b24b6cd79ec4787f693f3c301e5dd10747bea13bf042d6fde42d18c48fec0e3e43454799da1d5501130fc98917fed27d696ae85a39debdb67d5b3d70a82a2097095476e24211757626c91a29e917796766bc4016456c4acf0436b6c02055778ce7f34e605264f7d6d1321072c4ba341866ac6f78e9b99a30478eb7f09a17f4fb3e23184e878c2f60d2c18617185007841778c7c256750a287ec0bbdd20bd37ab50538e43a5929456d336fb46a04593765b2692ba15e7b71b97788970a7903e12088211098bd356132862a4d586508b4aac077d3acd4f77c67d9066b436d14b20d3e2870cb19cdad5581de2e08da761fc95755c43cf0dc2cff84e6a3a8fa2d0390fcfee285a133b37ac7b2fefd0d3665b1705784187e228579680be97982194329136fb72d8b61cdeaa88f3dfc835ae22167c0130529fe81043b0e1c3aebccb1f4aadc28cb484f850158504439d389d1e559ff424217dc031d422a8b7b51731db75dc541e16fed8fae14f58c1f9c8d0fb91a685245ba558c1aeb243aa728db51c3f3aa6d8f7a4a547b8d95018402283a59a45173e7696f02304954ebfb43c2215f180c8e47e433e5262e279fdb63405c81b0f128b7d6a095ff5f85690331d94d34923a3e8beef5cccbf7b208b2a0aa898f9a32b2f1bb55aca4eaaefcdf09acd871f4b88feb535be87dfdbb5ad45ff3c26a2765230011d90baa4b5d5baaac5519f9013c8fd497d57083403ee6eb0c4e23428cf3846bd34d69840d021196f9a9a4fc101016fe2d4fbf4ec23c11e9d737c5e6d2cc3da7e0981c00ea9df07ed88ab05b7821033b2d311f2fe0525176660d0a33b0eb23a57f5b1d41e2c1698ac7bfe5f59c27792f899fd39610052b705862e798a27084450edfccd180a13d8adf8072430e9305f41b0a67bd1784b6ba9450b1e872794e0b7b55b22a2f649f83270b98d0a0137694fec0d16ec2ebf37c72d9398d231a71e40c912428929a29a433dc0fdcb697f64e07540da92067b1b5a7735fb7fb8ac8da2591fa44b676bbaa32ef5e6cc11f1b2ab3b262d9bc4b2082e081ee50fe71def63cf6e2d588bb8d66a8daa8c8a30ca07d2956463e1affc76003e4bacc632cdeee50098fe80cd7485fefed6eab639d8c42a1357fefae5a5a779fad536474e3bdebf6aab699552e807ffd8a44030f439756748dee9ddf19a6cbf5f75307b03c5ef4185a31a41583fb4ca3699e06319371c5d932d6e5f4e1bf77c02c70564d2140f7510e183ba2fa7ead8a9b8cfb085a9d0fa7dbca7561bd9dc1e5c1a1da0322982ff29c0fa2cc33bea18646445cc59b44965a01570b7b739d730df8f1f2cfe3558e7102de13994d6745ef8f91965265fbe0d29c3f381e1eb9c63242962a4409ddb0a4946ef9ce5b0eda90f8365362681943247a0d87d9b7fbbdd26d4902be34068499b6e2ab2ea746634402e1065c8cb9c32a211d10fc2796f1a7045c59b9cbc4771dbf56a5c38303f93951194d06a1b8cce31dd4869a148ae90a797d09de168e47974ed9699eab3a6424781f481d03cf1046df28b454af02df72c0f56c693343a82f7f383afb3ac452200ff155444010f6c988de71e3fb6f079bc6ac2bfab6ff451242b7e3e70578b8206529816764206d47115cda77b3e356e54f825ec745017ea8c3dcb412523b754b951d19fc075ec66012cceff51da925af9079f547e840c3f2774239cce5fd6533f3ee8d194812de2d4499ef18c4bebfa8d7273307d7aa0ac09e6ebfd95ba99946a585a4bd4afef8bb0b52857e8415a32b42e0a9ccb0749599d7a43cec793b22c96b3de91534c905456b25a5972124b83c7d8f0520cd71c5544e49afab26cccacdb7e112f0af1acbcb2b68760c7538aa6c990814d7cf7bde5ddd618bfd55bfbdd968e53e28f94042fafa2796b5bf2d1be612c81dbafbf90b0728b4b06fe216aab91b8898780ab06cff75be5239c39ac836dbdb5482222e61ff5971ea492c5b5ef509720fc886f8a07a9232653d427d176574c99d65244f1618fdaab109f732e1e1295391a25f9b750c9761bbceb81d316d9f9dcd555afb762191b7e173f06a4d8f4d97ab88b9ae19f6c85c361b8b5cbe91a3493cae594063ed457f3be99772485b34d3308da4e751e58a14cf7c771d8e5be77f88c7567af095caae1eb83d259cea709ea5441047ce96f0e21faf89ed491bba5d0dcc6bc33a07237fbef2fe671447ce14e16a1cae4361938767ce65ecfe0c63e1261cce5fbf603a2537d21b50c9a3a3ed6a7cf112a0586a653b43f813912a226aa4722f7edaf8dda5553efb22721dc71924aa73bf232c2439b1d806d3beaf157442643c81ce2b551b82d63cbcd4195029e2f63aef127ed4df0bffd41665d86213512557ce90ee54fcd01078a6a19085bde6a0343595f540b1ff610bd7a5a2d695bdc5e508cbf544d15cf5920b3e405ef4e10e6651c5ffff039adde2f805143b78916188fec05cadac443c93447d23bb25b0a0cfc787754a20f7efcdee5798de939b758f238f15c23f2622b8ed682378017c8f251dda0261baa33c6262d42d6365e68e85d43a46d92aaf04acee203c09487755df49f07ea1129782b1be0feb6f011bb914266fe2cf5361c377fe33a491089f701ac61bcab2bfa3bbe8bf7b0b834dba1bf187ab78fca751b57f1bddfc670c80d83c34c3461d823d7762b45ff0accc3af21b38137276d4e4d7a5d0a075902865f17f084cfa94cc28f70ee7296e216401b172184df0e060dd61be91efcdbeb03b4a6699c88a16ebb18f3e938cb458a377e29a3f3cbdaaf121e278b691c02b6f0dc790510840b3970b1f905b421a1cb376043cc7511e70e94cc63941ed0f864b4118592878538e12e986b9abaaf2ed588ad5f0e5e0851ffc29ef21aed080eb6f35fa10052f27767d0ddf3fea5a08c14657d68a9c3e6cba422d93a6aff222c40eee9f3c9fcb03a310453b616a80c48646f7d196433736fedcfc2ff4fa1a43bf9f8fc0a0660cf9f79fd0d8e106591a2319cff5eb0a5be578d178e0e184a9eca92991ca63bf1e9c5b1c56dba3c836975a74d9eb9b763ce7c5dc753cde77fb2d048e3656a15f9aa7f9dea249c4a3dc0456b64533513e69861fcb9f4348d78acd5b8ce1f3c41271b8551ba4d5754fbb123862236bc94192a5306c29adb2b0b053cd7d4deaa1be6c61f75bca27b53765a7356dd34a48437d5e5b356d48db64749243fea9b1f44e4625fe7ce820dc9f1a6022d77198e6e917cd4f5e23622d5b3b2fafd4f9be0b85db21371f5d35c7c651a616a8351a02dbfa74f9d273a0eb7d2ab9fca254bd28509b3d6f5420108cabc42d9a5670779dfdfb78afe74cd87fdf8e3be937e6c6981eb88156f5cbc91e4b92f8d65a151ee3307cce381dc189c54a29d21c9fa9f512c50dbc9f1c0ddb43b6b10d5190b8169f9e06f7c60a2103c9c3fa3fe0d1cab8358cf4ddf95d5e26fbed636b2f1f474b7d10426afb5aa21948f7486e0df5275ffa6c091c46c3868703c4e30e1a15a8d27a708b6d5fa7d123f1524c221fb93b5f9f8d87b0286de38c6112a05d1f07706923b531e335db326ff756acf6cf9a5e5352953d112a842d7b2f05d296f644b01bca413f2686dbdea6b2cc6dd8115e22d832af742eb801ee61f6b90f93d227b694fe474385125801d6eb58867c15246faa6c0a1cae0b05f104fb2e97476c73a79185796e0c26bb1b59527aba4b79db6ec99f1650898b996e068329d17b94730cd6ab79a3d77d80e5ed78eecc7d680b5425231357f24c46fd01732052eb18737634915131c7ffcdb0b48a35d8761c402ff5b56aa1a9080b46836e4a888c86d7a260fb6cc2f3b9f68d52201531220bbfe0e7b2890a390acb33831fa1126b88dceb126a555181edbfa4680cadb08d38abe00c91980ce68ab58274ec28eaa697f8a4d7d6db744d8c9daac2035d40a5eb565e12c8be5c2bc1d725f713d45a03ac14ceaf91bb1c5dddcac87553b9d22e23d738742e3bf994412ab153f66ddea53a35c9ec19c555a49ae1aea112a70ddc10201258536ba93ae0dc7fb60d51ffbbe9e96eb8eeea6878e3784dcd686fc0db4516249cdfcb9f6d880fdcf8f86cdadd23ea7455b3b7e3a0e8affc9b61be59814f8e32175c869adaf7dbb5acb4c994e2269d2657011e8751c5c0e6e97e9eda4e8e6c309e842c8ea01c20de3c5f4f6372cc8cb7cdf2b0e3519155e4c662fc8572c36d9d3b7eb3ee19e985bfab9eb20e077c20dec4172e584357cc54f9cd49742e0b31d1fed87812f19efa9ae81ebebb021df0c280aa9790d2f1acb94b38f268ca7861b1da63cbb86daaeac3a5b067c86fc532a1db230a29578563f16dee5b4267f9d474c81c9ad762216452cb3a37c8ed44cbaab2e4b9a9583b134da3a64390fe5f76946879a1757d127e6e10b3b3042de48189350d844ede16134c770dba47cf56483cc14e2cfc93fc11f47cd33b06b720f531efdd1ff1254966b68fc46645ec3b45c2a60427e69ba1d710f25571522ba90622315f9f0cad33f8b1a1053a45aa07964892621ecc9256b7c4e21716e546c235fdb618f339b55c377a30b61a9add4e3b5657e3433a6feaff5b67ef34771ae6d04449b5228b6b99ce7237996b307613d14602d76f21a58a55cdc71a1f348ca18265634f094012bf4eae241df634d7424de578eb4c4199de382f2795c17eefa11ac2ad4625be7263373de4bbe189d42fa51953652d433323b9e6110f00c7cb44e4e7df1e6e1cc421c5cc5e78eac4009824d73b4bf0a0340ebd883acb90e928f6034d6a44edee021abc40726df358ef83429351f46aaf10b63b0a5f4c68bdf4e425f8ce7c6a8ad95dc4874836a56a298f586a602ad7b33350fabaacfda30b80210432dc6b59cb807d50782399624d624bbb5e759c09daec8ab3afbff204f62f94754e377cca96b00ba4842d52d8f12a5ce7d1dd81b760c1c5392f739d91f8bdc8c290090fc6e3221ee69abd2648b6c7a818e8a0d04ffd83464f7b26002e4d5614392848205fc0e766713e4c65f46ec2f9d221e98fdeaa5c329d8a0e7481690164fa1ad829ce9dd2eec2fe92231b33415c3f564161353ea7f823e3dc97c9e905f40d693082be719aff77b3b35a832ed3fc16e3bf57305fbabfbbadea1d33ece1f05ba482d3dcc391e0c709c02c335a6289a8deb035fd5b99edde61f0d936631e21251eb65c1dc23574a7a8f9ba8fd0b6c958ee146954cdab3daf90c17ffe92aef5390b4e19d32fef469e9e60ef8ea16af6b66dab7de1d6ddfeeb602cd69d8f32e4d5f06bfaebe7f000d62abc793ad34d77d1369c63785e93c2ff205769589011208ed6affc73dda9287bc8f4d9e27d33038b699431f56285f92fd9f02e78745fcdca4a4840dcfc307bf8f1806146d954ed5ccc8a66edf2179e2a5356624b3b30f8f78839ddc9940794acce40290e5eb73dbb52fe1c633e88d1492aedc69b351912a0890b63eda0d8756a5b7c47c740fcd73a0f419fa363fbf0cd3fcdd38f0fd055627932c998421f086ee0cbe0520b2f2fd6d38fce1575a2c90fef9f81aa23fc7c4c5625d6f46fbfd02ac31cd1620a92c43b7884e4a050e5ef5bb9b8f9825a159bb0370c828519ef71090e09ab43ff2bd2cc75563fb9073eadcfd869f0d9b6986e4320b1986ce3f19a3f5dce202f8c13757726e5d6a9fc9e2b0b357625362fb873709fb307ee51bc58494857fdd3811f6a8aee0086b0a62da4e327c698e5639e373567d5eefc76e0d6725272527cdbc01a2b40e7511ac986e32bb7e48558756dca3b944855fd9dfdbb2358a52e53769817cad50af13d8a5941c41f6bd121cb267acdc461c500855c6f6c0750367c62dd32fa41595a6070e728f1915bab951e5536ff8230a0608ac96c2e19a5c1415209a3774c091174f575bc937d544d495370294aaffc5e6be76364c7a212bbb4ec7f3bd38db75a159b68e2b3075ae6bb68ffa02e6bfb42553b505da20f133b2855572b7e6f8f3de240d9ab1ff32b3d9825f087774f4932024be806b78f059d4b3b40414df456aef405d1cffb2f3604834dae38932d830298df7045d404f005f5edf81061850808d4998f6ce80bc7569081765875d908d4b6a0edcb434317543a4f5954a5e0e5b7c4da75cb369e2810e2aebf950b973ad3380bca5d0de8311e59a6ed3f01d8f7c1b39060fddc7ac1febe659626ed7ad27dcee7b3d409b9f84e4f55ceb2e462f55627857f8c485c35c9abdc2fa87c4281365790ecdf1971f3a285ea0bb2038ae91d927729f4bf847bf0fc724b002cb029d2a57b89218bd4a763ab01902b7b48cb609cf3b9ad8fb568aef0ceff20c5def1a4faee11d33d304e2227b83f3ab06f0b9fa5502b1d9c6fe2a34bf9abb9a5b13928800149488cead47e48c754c75a061d5ea8a515f7f55611b0c048b88c9772ca4b1eb3d6fc931801990f1611e9b1171223527dceccfe8cfd72600a88a8486e088e21c30b997af1b60b55bc5443cecb18c2dcf54dbca3ac34f10ad2be9d755679519bb674b42904be579df62436bcf06de4cfd636d592840d674d11195edeb4dfe61370e9a9453378957fdecf2115ee008224fb8c97fcd051ddb1ed8d0419b950f2cd085bf1debaafb2a46cf65be863939cffde741797fdf64c17f3b447464be0e6bb90324c4c65b3cf66958a15d537a1675dffbc4e41f7a6c92ed27c5ef0dd0dcce6f96225b4e0ece510ce00f9611e395215e116026499dce3417cee3fbde0106b2a6fbd5937423124f6549c2206afc2ad1df5bedcc5e1371ed2b9f09f76576589450b09dd990811c59c3f848c1a4fccdfe686968903edffbc010eb73f55ac5a675fa3db70db12c826c8b7360617d8abeacefa6e2a8da62e4f304543cc9217fe1b0ec4fb044ca849802c4a140b91cc056d566c8670e4600941a54b2eb8643ff206c3401c0bd9838a025545227ae3e6bcb47fa3dcd1b40d8a0917f63744fb1ec2b72211c6cfda13248b2d0b4232e4fe7015cc42d4928f07ca9161640102f22236cca7ca3b81ffc81c4ff20532b5203e0d94771b8d0ec70e637135fdbb788fa8b4704e11d3c6083a45f51efd8560c0e63435516586aa82eaa998c140767d3ce35491e301c12f74583c61cd4d2ef1caa6fea3e353637cdeb3332d964155c9d32f826829a7174ab06c44e32063e46ce742b7027cffb8999302b602949c60496a0bf3c7cdf859d4ba51102674414867af614cffb88ac177dfbdb6131f7370dcb851002cec1742fb1561257716850c9ed3b075a6c023bcf05b5d580ac8e5d7ab7e5b1723212c681989e5f91958b635e0d076634584920c1b98d7f6ea0ddded6be9eb74de778b3c57c36b18e0c56c3a051014e09fac70ce6a7b0f042f5eeca8b8885e500bcb41f6fd974e5f6888859abdf3600706a3de9fce060c3069600c63106aff24210461c5d3423fa4e350041fd166902ad86bdba8cf965917f7e3ab019e1911d8013dad576465319c4e04b89b5ee1d07f54705718592d6aa453558294743daa8dba33159fb0e291829ac220562b007597e067e5f65841563673b69cc1d549f50e9efbdf256d797fe8c7d09596c167a45d", 0x2000, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x18, 0xfffffffffffffff5, 0xffffffff, {0x4}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000100), 0xfea7)
socket$alg(0x26, 0x5, 0x0)
writev(r5, &(0x7f0000000000)=[{&(0x7f0000000040)="48ab307c92ec6652cdfa0547111d6516f295e09bf0d1a11bb40ce287fa2a56", 0xffffff1f}], 0x1)
close(r4)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x402, @loopback}], 0x1c)
sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000180)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd2d, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {}, {0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000440)=ANY=[], 0x9)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000300), 0x8)

7.817194466s ago: executing program 1 (id=1748):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$unix(0x1, 0x1, 0x0)
r1 = socket(0x10, 0x803, 0x0)
write(r1, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000000)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x2003}, 0x94)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0, 0x9}, 0x94)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r3, &(0x7f00000024c0)=[{{0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000800)=""/245, 0xf5}], 0x1}, 0x9}], 0x1, 0x10000, 0x0)

6.75528697s ago: executing program 5 (id=1749):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002840)={{0x14, 0x10, 0x1, 0x0, 0x40000000}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_OFFSET={0x8}, @NFTA_PAYLOAD_BASE={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc4}}, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000280)={0x2, 0x4e20, @empty}, 0x10)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x66, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0x63, 0x0, &(0x7f0000000000)="ff", 0x0, 0x149d, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x200000, @empty, 0x1}, 0x1c)
listen(r5, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
accept(r5, 0x0, 0x0)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
close_range(r0, 0xffffffffffffffff, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r8, 0x0, 0x9}, 0x18)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x42000, 0x0)
ioctl$TUNSETLINK(r9, 0x400454cd, 0x336)
close(r9)

6.684213823s ago: executing program 3 (id=1750):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x20000084)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@bridge_dellink={0x34, 0x13, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r1}, [@IFLA_AF_SPEC={0x14, 0x1a, 0x0, 0x1, [@AF_INET={0x10, 0x4, 0x0, 0x1, {0xc, 0x1, 0x0, 0x1, [{0x8, 0x1}]}}]}]}, 0x34}}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="24000000680001"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0)

6.522401098s ago: executing program 4 (id=1751):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f00000012c0)={0x2, {{0x2, 0x0, @multicast2}}, 0x0, 0xa, [{{0x2, 0x0, @broadcast}}, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, {{0x2, 0x0, @loopback}}, {{0x2, 0x0, @empty}}, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @remote}}, {{0x2, 0x0, @loopback}}]}, 0x590)
setsockopt$inet_group_source_req(r0, 0x0, 0x2b, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @empty}}}, 0x108)
capset(&(0x7f00000002c0)={0x20080522}, &(0x7f0000000300))
r1 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=@newqdisc={0x50, 0x14, 0xf0b, 0x3, 0x0, {0x2, 0x0, 0x0, 0x0, {}, {}, {0x0, 0xa}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0xf4f}, @qdisc_kind_options=@q_pie={{0x8}, {0x1c, 0x2, [@TCA_PIE_TARGET={0x8, 0x1, 0x8}, @TCA_PIE_TUPDATE={0x8, 0x3, 0x3e20}, @TCA_PIE_TARGET={0x8, 0x1, 0x9}]}}]}, 0x50}}, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001736e7202d15390500000000030109021b0002000000000904000545080000000904"], 0x0)
r2 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="32000000000000001800000000000000670900000000000046000000000000002000000000000000020000000000000003000000000000000000000000000000180000000000000000000000010000000a00000000000000bc0000000000000066ba4000b057ee48b80d000000000000000f23d00f21f8350000000f0f23f82666410f38808900000000f43e0f00500226642e3e0fc7bcb90000000066baf80cb8acb1e88eef66bafc0c46ed653e260f47a22330127166b8b8008ec80fc7b300000000c3460000000000000020000000000000000000000000000000b8130000000000003200000000000000000000000000000023080000000000000a0000000000000086000000000000008f09589914b73e19913624000066baf80cb87431418cef66bafc0ced660f388126c744240054c591e6c744240200000000c7442406000000000f011424c744240000c0ffffc7442402b73e2f77c7442406000000000f011c240f01c567f2a70f01745d4eb94e020000b80a000000ba000000000f30c30a000000000000005b00000000000000b8010000000f01d90f20c035000000800f22c0c42231cf3665430f01cbb90e0b0000b897000000ba000008000f30f3acc4415651e626430f663cc5229530ed8f497812c266b8e9008ec0c3140000000000000018000000000000000f000000000000000a000000000000005b000000000000000f20c035000000200f22c0dd5e0d460f791fb9000400000f324f0fc7583766b863008ed848b80f000000000000000f23c00f21f83502000c000f23f8460f060f72e60eb9850100000f32c34600000000000000200000000000000000000000000000000700000000000000460000000000000000000000000000000200000000000000dd040000000000003200000000000000000000000000000080040000000000000000000000000000180000000000000007000000000000000000000000000000180000000000000000100000000000001e000000000000002000000000000000fa0900000000000000000000000000001e000000000000002000000000000000df0a00000000000002000000000000003200000000000000000000dc02000000000000460000000000000020000000000000000300000000000000050000000000000032000000000000001800000000000000e50b00000000000032000000000000001800000000000000720d0000000000001e0000000000000020000000000000006d02000000000000e70000000000000046000000000000002000000000000000040000000000000001000000000000001400000000000000180000000000000009000000070000000000000000000000180000000000000000000000000000001e0000000000000020000000000000008c0200000000000004000000000000001e00000000000000200000000000000037090000000000000200000000000000"], 0x428})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/warn_count', 0x80, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x0, 0x2000000, 0x100010, r2, 0x0)

6.30251194s ago: executing program 2 (id=1752):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$TCSETA(0xffffffffffffffff, 0x5406, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioperm(0x0, 0x6, 0x8c80)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xf, 0x2, &(0x7f0000000040)=ANY=[@ANYBLOB="85000000a400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x6d, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
sendmsg$rds(r2, 0x0, 0x0)
r3 = openat$smackfs_change_rule(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$binfmt_script(r3, &(0x7f0000000000)={'#! ', './file0', [{0x20, 'llT\xf0'}, {0x20, 'ax\xe8\x9b^\xfb^$\r\'uij\r\xd9\xef\xd2Et^Q\v\x9fOFL\x95`Z\xae\xc3a\xfe%\x94\x1a\xebt\xc6\x06\x8fD,\xf7\xae#\x80\x80\xdf\xa3\xcaO\xc6\x8a\x91\x90\xadR\aW\xe1\xf3n\xca\xa3\x8f\xd6F\x03\x0e\x9b\xe5yb\xfc\xa19wUs\x83\xf1{&\n\x1d\x8e\x82y\x1a.B\x0e\xea\x17\xc7\xe7H\xa9\xd4\x8e\xe7 gD\x89*\xb5c<d\x1f\\\x10$o\x93\x02\x9c@\x9ddt\x8c\x875\xf7@\x9aM\xa3j\xfa\x1f\xe5\x81\xc9u<\xf0?w8P>\xc5\x8a\xe6R\xe5YGq\xf5\xb6\x95\xbc\x112\x9bno\xc8\x06\xb6\b\xcc\x03{Sn\x94G\x01\xb4\xffJQ8t\x99vY\xaaf\xc7,\x9f\xbb\x15G\x1cr\x19\xef\xab\n\xa8\xbc\xbd\xa2E\x16\x1cm\xbd=\x98\x7fU\xcbg\x15%\x95\xb11\x017\x83*\x14\xcbt\xc2\xcb\x04\x1e~?\xb9j\x18\x96\x84EA\xeaB\a\x83\xba\xdco<\x00'/256}]}, 0x111)
r4 = signalfd4(r2, &(0x7f0000000080)={[0xfffffffffffffffc]}, 0x8, 0x800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x1}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0xa0}, @generic={0xa7}, @initr0, @exit]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20, r4}, 0x94)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x0, 0x10d)
syz_clone3(&(0x7f0000000300)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r7}}, 0x58)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r6)
syz_emit_ethernet(0x36, &(0x7f0000000b40)={@local, @link_local={0x3, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0xfffc, 0x0, 0x0, 0x6, 0x0, @local, @initdev={0xac, 0x1e, 0x0, 0x0}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x0, 0xfffe}}}}}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)

6.2322595s ago: executing program 3 (id=1753):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b52, 0x0)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet6(0xa, 0x0, 0x5)
r3 = syz_open_dev$evdev(0x0, 0x1ff, 0x0)
ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, &(0x7f0000000580)="1b025a7c7faa5d48fc68a99cecc2c0ee41f87299f91ad95c959089882a56f1424219c0580d74507548a080f97e84cc3ba2c5822f961bc22aa54ff5be948922b35001")
ioctl$EVIOCSCLOCKID(r3, 0x400445a0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r4 = io_uring_setup(0x1694, &(0x7f0000000080)={0x0, 0x10002bbb, 0x400, 0xffffffff, 0x2000, 0x0, r1})
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

5.764135831s ago: executing program 2 (id=1754):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$inet(r0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x30, r3, 0x1, 0x0, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x0, 0x2000000}}}}, 0x30}, 0x1, 0xa6ff, 0x0, 0x4008000}, 0x1004)

4.835021523s ago: executing program 3 (id=1755):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x88}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x20, 0x4}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94)

4.78020839s ago: executing program 5 (id=1756):
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setuid(0xee01)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000200)={0x2020}, 0x2020)
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000180)='tmpfs\x00', 0x2800408, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r1, &(0x7f0000003800)={0x2020}, 0x2020) (fail_nth: 3)

4.767114869s ago: executing program 2 (id=1757):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, {0x0, 0x6}}}, 0x24}}, 0x0)
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=@newqdisc={0x24, 0x24, 0x2, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x0)
openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r0, 0x8008f511, &(0x7f0000000380))
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x2000)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r2, 0xc0145401, &(0x7f0000000080)={0xfffffffffffffffc, 0x2, 0x5, 0x0, 0x2})
getsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
bind$alg(r0, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(md5,cbc-camellia-asm)\x00'}, 0x58)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000014c0)=@newtfilter={0x3c, 0x2c, 0x52f, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {}, {}, {0xd, 0xe}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0x3, 0xfff2}}]}}]}, 0x3c}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x12)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)

4.666696663s ago: executing program 3 (id=1758):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000240)='/dev/comedi3\x00', 0x81, 0x0)
r1 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000001280)="b7f2288a9119", 0x6)
r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000280), 0x40000, 0x0)
ioctl$RTC_ALM_SET(r5, 0x40247007, 0x0)
accept$alg(r4, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='highspeed\x00', 0xa)
bind$inet6(r6, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000)
r7 = syz_open_procfs(0x0, &(0x7f0000000240)='cmdline\x00')
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
read$FUSE(r7, &(0x7f0000000280)={0x2020}, 0x2020)
writev(r0, &(0x7f0000000700)=[{&(0x7f0000000740)="93", 0x1}], 0x1)

4.567982358s ago: executing program 5 (id=1759):
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r0, &(0x7f00000021c0)=""/102384, 0x18ff0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="8c000000", @ANYRES16=r3, @ANYBLOB="010000000000000000000c00000018000180140002006261746164765f736c6176655f310000600003805c0003800c000180080001"], 0x8c}}, 0x0)
ioctl$sock_inet6_tcp_SIOCOUTQ(r1, 0x5411, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0)
sendmmsg(r4, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x8, 0xc, 0x4, 0x1}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x11}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r6}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r7, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="020a0000020000000000000020000000"], 0x10}}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x5153, 0xa204, 0x4, &(0x7f0000002180)={[0x5]}, 0x8)
close(r7)

4.541463862s ago: executing program 2 (id=1760):
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x6, 0x0)
ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000080)={0x0, 0x0, {0x10000, 0xa, 0xfffffff9, 0x2ac}})
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, &(0x7f00000000c0), 0x10)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000540)={0x3, 0x0, [{0xeeee0000, 0x3a, &(0x7f0000000180)=""/58}, {0x1, 0xdc, &(0x7f0000000280)=""/220}, {0xdddd1000, 0x9b, &(0x7f0000000380)=""/155}]})
sendmsg$can_bcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)={0x5, 0x23f, 0x2, {0x0, 0xea60}, {}, {}, 0x1, @can={{}, 0x5, 0x0, 0x0, 0x0, "3fae8a9ad451a727"}}, 0x48}, 0x1, 0x0, 0x0, 0x4008040}, 0x0)
ioctl$UI_END_FF_UPLOAD(0xffffffffffffffff, 0x406855c9, &(0x7f00000000c0)={0x3, 0x1, {0x54, 0x86, 0x7ff, {0x9, 0x260}, {0x2, 0x101}, @const={0x7fff, {0x3, 0x2, 0x18c, 0xf28d}}}, {0x51, 0x2, 0x87, {0x9, 0x2}, {0x2, 0xfff8}, @period={0x59, 0x5, 0x1, 0x4, 0x3, {0x8, 0x2, 0xfff9, 0x1}, 0x0, 0x0}}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$ptys(0xc, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x2, 0x5, 0x5f8, 0x348, 0x258, 0xffffffff, 0x438, 0x348, 0x550, 0x550, 0xffffffff, 0x550, 0x550, 0x5, 0x0, {[{{@ipv6={@mcast2, @dev, [], [], 'pimreg0\x00', 'veth0\x00'}, 0x0, 0x210, 0x258, 0x0, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@remote, @dev, @remote, @mcast2, @private2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2, @local, @private1, @dev, @private1, @mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2]}}, @common=@frag={{0x30}, {[], 0x0, 0x0, 0x6}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv6=@loopback, @ipv6=@private0}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @broadcast}, @dev, [], [], 'pim6reg1\x00', 'lo\x00'}, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @private}, @ipv4=@local, @port, @icmp_id}}}, {{@ipv6={@dev, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, [], [], 'pim6reg\x00', 'erspan0\x00'}, 0x0, 0xa8, 0xf0}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv6=@private0, @ipv4=@dev, @icmp_id}}}, {{@ipv6={@dev, @empty, [], [], 'pimreg1\x00', 'veth0_to_hsr\x00'}, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x0, @ipv6=@loopback, @ipv4=@loopback, @icmp_id, @gre_key}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x658)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0200000004000000080000000d00000000000000", @ANYBLOB="00000000000000000000000000000010000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket(0x10, 0x803, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r6, 0xc0045627, &(0x7f00000001c0)=0x1)
ioctl$VIDIOC_S_FREQUENCY(r6, 0x402c5639, &(0x7f0000000040)={0x0, 0x2, 0xcadb})
unshare(0x2a020480)
bpf$LINK_DETACH(0x22, &(0x7f0000000080), 0x4)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'team_slave_1\x00'})

3.878650173s ago: executing program 2 (id=1761):
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0xe6)
prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000001c0)={r2, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f0000000040)={&(0x7f0000000300)=[0x0, 0x0, <r4=>0x0], &(0x7f0000000040), 0x3, r3, 0xcccccccc})
ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000380)={0x0, 0x1, &(0x7f0000000440)=[r3], 0x0, &(0x7f00000000c0)=[r4], &(0x7f0000000040), 0x0, 0x300})

2.888208322s ago: executing program 4 (id=1762):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000900), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$PROG_BIND_MAP(0x23, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
r5 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r5, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x200048cc)
setsockopt$sock_attach_bpf(r5, 0x1, 0xd, &(0x7f0000000080), 0x24)
close(r5)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000000714010000000000000000000800", @ANYRES32=r6], 0x30}}, 0x94)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
connect$bt_l2cap(r7, &(0x7f0000000080)={0x1f, 0x0, @any, 0x7ff}, 0xe)
mmap(&(0x7f000046c000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r3, 0x53ef0000)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)

2.867869283s ago: executing program 2 (id=1763):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4)
r3 = socket$netlink(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$team(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000240)={'team0\x00', <r5=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r4, @ANYBLOB="01002abd7000fcdbdf250100000008000100", @ANYRES32=r5, @ANYBLOB="b400028038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000101000038000100240001006e6f746966795f70656572735f696e74657276616c0000000000030000000000050003000300000008000400"], 0xd0}, 0x1, 0x0, 0x0, 0x24004000}, 0x24044880)

2.035823204s ago: executing program 5 (id=1764):
semtimedop(0x0, 0x0, 0x0, 0x0)
shmget$private(0x0, 0x4000, 0x8, &(0x7f0000ffb000/0x4000)=nil)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010800000000000000000a00000508000240000000020900010073797a300000000020000000020a010300000000000000000a0000010900010073797a3000000000140000001100010000000000000000000500000ad79d0a3d8e8ed5eafc60ffa5f483408305bcdff955e0373123761faaa384b717dd8061598c0da90001bc6bed5f35c2edc3d4b7ad009413775a7da5606e4770a2018de53562630846cb7cfb8729524cebda7c20273c0b0e646eb8f67ea1212365ad2b96ec433466c87f10ad8bc7982d0f1f3508338443f40dd0a433024d1b2a8d8e273103612294605cd7cd23a6bda0b1f350d688652aa9e7b3881aecd76283dc4199e7d1b7838cea8c56527dbce3af904ffcdb3b4a78f7606526bdbbe97d45"], 0x70}, 0x1, 0x0, 0x0, 0x20000000}, 0x80c0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = epoll_create1(0x80000)
r4 = fcntl$dupfd(r2, 0x406, r3)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000000))
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000900)=@newtaction={0x98, 0x30, 0xb, 0x5, 0x0, {}, [{0x84, 0x1, [@m_ct={0x80, 0x1, 0x0, 0x0, {{0x7}, {0x58, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x80000001, 0x0, 0x0, 0x0, 0x400}}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @private=0xa010102}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @initdev={0xac, 0x1e, 0x1, 0x0}}, @TCA_CT_LABELS={0x14, 0x7, "e142a1dc6b3a3dd0aaeb9317676b63d2"}, @TCA_CT_MARK={0x8, 0x5, 0x9}, @TCA_CT_NAT_PORT_MIN={0x6, 0xd, 0x4e24}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x8890}, 0x40)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r4, 0xc058534f, &(0x7f00000003c0)={{0x9, 0x9}, 0x1, 0x4, 0x0, {0x9}, 0x5, 0x7fff})
r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x181603, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r6, 0x40085112, &(0x7f00000001c0)=@e={0xff, 0xa, 0xc, 0x2, @generic=0x1f, 0x8, 0x7, 0x4})
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000280), 0x40900, 0x0)
r8 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x79af, 0x20000, 0x8000, 0x40024e}, &(0x7f00000000c0)=<r9=>0x0, &(0x7f0000000040)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f0000000140)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x2007, @fd=r7, 0x6, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1})
io_uring_enter(r8, 0x74d1, 0x4c3, 0x43, 0x0, 0xfffffffffffffd1d)
semop(0x0, 0x0, 0x0)
prctl$PR_SET_MM(0x23, 0xc, &(0x7f0000ffc000/0x3000)=nil)
socket$vsock_stream(0x28, 0x1, 0x0)
semop(0x0, 0x0, 0x0)
semctl$GETZCNT(0x0, 0x2, 0xf, 0x0)

1.941211399s ago: executing program 4 (id=1765):
syz_usb_connect$hid(0x5, 0x62, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x3232, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0xfc}}}}}]}}]}}, 0x0) (async)
r0 = syz_usb_connect$hid(0x5, 0x62, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x3232, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0xfc}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000006c0)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x7, "722abea2"}]}}, 0x0}, 0x0)

889.042994ms ago: executing program 1 (id=1766):
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x38}, 0x40)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000fdffffff00", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

888.065731ms ago: executing program 3 (id=1767):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$inet(r0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x30, r3, 0x1, 0x0, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x0, 0x2000000}}}}, 0x30}, 0x1, 0xffa6, 0x0, 0x4008000}, 0x1004)

844.360398ms ago: executing program 5 (id=1768):
r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9, 0xe7, 0x60, 0x40, 0x1410, 0x7041, 0x470e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xe1, 0x9, 0x2, 0x2a, 0x7e, 0x7, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x20}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = semget$private(0x0, 0x20000000102, 0x200)
semctl$SETALL(r1, 0x0, 0x11, &(0x7f0000000040))
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

287.955803ms ago: executing program 3 (id=1769):
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x52, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$SNAPSHOT_S2RAM(r2, 0x330b)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000340)='sched_kthread_stop_ret\x00', r4}, 0x10)
sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4000000010001fff000000000000000000060000", @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800e0001007769726567756172640000000400028008000a00b8"], 0x40}}, 0x0)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f0000000200)={0x30, 0x5, 0x0, {0x0, 0x1, 0x40005, 0x5}}, 0x30)
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000400), r2)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r5, &(0x7f0000000540)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x24, r6, 0x2, 0x70bd2c, 0x25dfdbff, {}, [@L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e21}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x8010}, 0x44)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000002c0)=ANY=[@ANYBLOB="b0000000000000", @ANYRES16], 0xb0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',posixacl'])

233.746229ms ago: executing program 1 (id=1770):
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setuid(0xee01)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000200)={0x2020}, 0x2020)
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000180)='tmpfs\x00', 0x2800408, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r1, &(0x7f0000003800)={0x2020}, 0x2020) (fail_nth: 4)

0s ago: executing program 1 (id=1771):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_DESTROY$ioas(r1, 0x3b80, &(0x7f0000000540)={0x8, r3})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r2})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r1, 0x3b82, &(0x7f0000000140)={0x18, r3, 0x0, 0x0, 0x0})
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000240)=ANY=[], 0x5c)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000040)=ANY=[], 0x0)
dup2(r0, r0)
mbind(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, &(0x7f0000000480)=0x9, 0x5, 0x7)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r4=>r0, {0x1}}, './file0\x00'})
sendmsg$nl_xfrm(r4, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8010}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@newae={0x1c4, 0x1e, 0x400, 0x70bd26, 0x25dfdbff, {{@in6=@ipv4={'\x00', '\xff\xff', @loopback}, 0x4d3, 0xa, 0x33}, @in=@private=0xa010100, 0x5, 0x3503}, [@encap={0x1c, 0x4, {0xfffffffffffffffe, 0x4e24, 0x4e23, @in=@remote}}, @replay_thresh={0x8, 0xb, 0x8000}, @algo_auth={0x106, 0x1, {{'cmac-aes-ce\x00'}, 0x5f0, "369680c52c738a31c1f723a68d79b8810a523952ab5f8ebb77578bc653f981feceeba03d538606007aa886f67cd1ff1da92a09735d54c9e16132131fd1735bba7f7a9b643ff36a7be73817183614f74bc925317d89b86df12eb82c46d70ce116f167149f285a05ebb813350585da5fa65d38eebbee298b6440d2eb8aa5597109ac983a34bc79e45fb416546fe50825385e551347bccf193019aa6b5af1c20c0f27cedce8f1e703575d941b60b4153c4e841720ecae3623768934bf986636"}}, @proto={0x5, 0x19, 0x32}, @sec_ctx={0x50, 0x8, {0x4c, 0x8, 0x0, 0x7, 0x44, "1661be354ad5f96e02057537a95467966837d70aa3fec9d65e25abaffbc3d88bea00a0086dc0cf5af5250be576362cc5586421fcf957d54feaf94623ecae8917dea876b0"}}]}, 0x1c4}, 0x1, 0x0, 0x0, 0x40}, 0x4000004)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r4, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x41020428}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x14, 0x3, 0x8, 0x101, 0x0, 0x0, {0x1, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)

kernel console output (not intermixed with test programs):

ew high-speed USB device number 22 using dummy_hcd
[  434.524891][ T5916] usb 3-1: Using ep0 maxpacket: 16
[  435.020901][ T5916] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  435.036001][ T5916] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  435.048196][ T5916] usb 3-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  435.180928][ T5916] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  435.415817][ T5916] usb 3-1: config 0 descriptor??
[  435.436103][ T9896] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1022'.
[  435.950865][ T5916] usbhid 3-1:0.0: can't add hid device: -71
[  435.956992][ T5916] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  435.978303][ T5916] usb 3-1: USB disconnect, device number 22
[  436.810893][    T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  436.987222][    T9] usb 6-1: Using ep0 maxpacket: 8
[  437.003810][    T9] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  437.017212][    T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  437.029595][    T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  437.040068][    T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  437.052439][    T9] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  437.073659][    T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  437.088571][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  437.459118][    T9] usb 6-1: usb_control_msg returned -32
[  437.464743][    T9] usbtmc 6-1:16.0: can't read capabilities
[  437.638700][ T9965] netlink: 'syz.1.1037': attribute type 3 has an invalid length.
[  437.646726][ T9965] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1037'.
[  438.298029][ T5916] usb 6-1: USB disconnect, device number 4
[  438.462354][ T9973] syz.2.1039 (9973): drop_caches: 2
[  438.469705][ T9973] syz.2.1039 (9973): drop_caches: 2
[  439.910529][ T9979] lo speed is unknown, defaulting to 1000
[  440.079246][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  440.456545][ T9998] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1045'.
[  441.422208][T10005] netlink: 'syz.4.1049': attribute type 12 has an invalid length.
[  441.454860][T10005] netlink: 'syz.4.1049': attribute type 29 has an invalid length.
[  441.462740][T10005] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1049'.
[  442.025614][T10014] x_tables: duplicate underflow at hook 1
[  442.118844][T10019] x_tables: duplicate underflow at hook 1
[  442.674882][    T9] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  442.882787][    T9] usb 3-1: Using ep0 maxpacket: 16
[  442.963213][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  442.964901][    T9] usb 3-1: config 1 interface 0 altsetting 93 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  442.966754][    T9] usb 3-1: config 1 interface 0 has no altsetting 0
[  442.974951][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  442.974983][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  442.975004][    T9] usb 3-1: SerialNumber: syz
[  443.081433][    T9] usb 3-1: bad CDC descriptors
[  443.975971][T10040] tty tty4: ldisc open failed (-12), clearing slot 3
[  444.250048][T10059] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1061'.
[  444.283601][T10067] netlink: 'syz.3.1063': attribute type 12 has an invalid length.
[  444.291790][T10067] netlink: 'syz.3.1063': attribute type 29 has an invalid length.
[  444.299750][T10067] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1063'.
[  444.714999][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout
[  445.033596][ T3090] usb 3-1: USB disconnect, device number 23
[  445.786524][T10090] dlm: plock device version mismatch: kernel (1.2.0), user (1.3.2)
[  448.090774][T10108] netlink: 'syz.1.1075': attribute type 3 has an invalid length.
[  448.269232][T10108] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1075'.
[  449.073901][T10112] netlink: 'syz.2.1076': attribute type 12 has an invalid length.
[  449.107481][T10112] netlink: 'syz.2.1076': attribute type 29 has an invalid length.
[  449.201422][T10112] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1076'.
[  449.622505][T10120] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1077'.
[  450.585098][ T5952] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  451.131600][T10132] IPVS: set_ctl: invalid protocol: 115 100.1.1.1:20003
[  451.185177][ T5952] usb 6-1: Using ep0 maxpacket: 8
[  451.213078][ T5952] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  451.215711][T10134] overlayfs: failed to resolve './file0': -2
[  451.253041][ T5952] usb 6-1: New USB device found, idVendor=05a9, idProduct=2630, bcdDevice=55.12
[  451.319922][ T5952] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  451.341090][ T5952] usb 6-1: config 0 descriptor??
[  451.434355][ T5952] usb 6-1: Found UVC 0.00 device <unnamed> (05a9:2630)
[  451.510227][ T5952] usb 6-1: No valid video chain found.
[  451.732055][T10125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  451.765577][T10125] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  451.815788][T10125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  451.824529][T10125] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  451.845066][T10143] netlink: 'syz.2.1087': attribute type 3 has an invalid length.
[  451.872419][ T5952] usb 6-1: USB disconnect, device number 5
[  451.903816][T10143] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1087'.
[  452.806842][T10153] netlink: 'syz.2.1090': attribute type 5 has an invalid length.
[  452.978629][ T3545] Bluetooth: hci5: Frame reassembly failed (-84)
[  452.997372][T10156] Bluetooth: hci5: Frame reassembly failed (-84)
[  453.018434][T10156] Bluetooth: hci5: Frame reassembly failed (-84)
[  453.027200][T10160] overlayfs: missing 'workdir'
[  453.039850][T10156] Bluetooth: hci5: Frame reassembly failed (-84)
[  453.074898][ T3090] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  453.278259][ T3090] usb 3-1: unable to get BOS descriptor or descriptor too short
[  453.310844][ T3090] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  453.323125][ T3090] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  453.335380][ T3090] usb 3-1: config 1 interface 1 has no altsetting 0
[  453.390752][ T3090] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  453.458570][ T3090] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  453.495747][ T3090] usb 3-1: Product: syz
[  453.500508][ T3090] usb 3-1: Manufacturer: syz
[  453.509095][ T3090] usb 3-1: SerialNumber: syz
[  453.906751][ T3090] usb 3-1: 2:1 : invalid UAC_AS_GENERAL desc
[  454.185285][T10178] syz.5.1097 (10178): drop_caches: 2
[  454.194254][T10178] syz.5.1097 (10178): drop_caches: 2
[  454.623513][ T3090] usb 3-1: USB disconnect, device number 24
[  455.045466][ T5843] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  455.096356][T10183] FAULT_INJECTION: forcing a failure.
[  455.096356][T10183] name failslab, interval 1, probability 0, space 0, times 0
[  455.233580][T10183] CPU: 1 UID: 0 PID: 10183 Comm: syz.4.1099 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  455.233610][T10183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  455.233622][T10183] Call Trace:
[  455.233630][T10183]  <TASK>
[  455.233639][T10183]  dump_stack_lvl+0x189/0x250
[  455.233667][T10183]  ? __pfx____ratelimit+0x10/0x10
[  455.233689][T10183]  ? __pfx_dump_stack_lvl+0x10/0x10
[  455.233714][T10183]  ? __pfx__printk+0x10/0x10
[  455.233745][T10183]  ? __pfx___might_resched+0x10/0x10
[  455.233766][T10183]  ? fs_reclaim_acquire+0x7d/0x100
[  455.233793][T10183]  should_fail_ex+0x414/0x560
[  455.233819][T10183]  should_failslab+0xa8/0x100
[  455.233841][T10183]  __kmalloc_noprof+0xcb/0x4f0
[  455.233859][T10183]  ? kfree+0x4d/0x440
[  455.233883][T10183]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  455.233911][T10183]  tomoyo_realpath_from_path+0xe3/0x5d0
[  455.233938][T10183]  ? tomoyo_domain+0xda/0x130
[  455.233968][T10183]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  455.233989][T10183]  tomoyo_path_number_perm+0x1e8/0x5a0
[  455.234013][T10183]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  455.234038][T10183]  ? sb_end_write+0xe9/0x1c0
[  455.234061][T10183]  ? vfs_write+0x8d8/0xa90
[  455.234123][T10183]  ? ksys_write+0x1e1/0x250
[  455.234149][T10183]  security_file_ioctl+0xcb/0x2d0
[  455.234174][T10183]  __se_sys_ioctl+0x47/0x170
[  455.234205][T10183]  do_syscall_64+0xfa/0x3b0
[  455.234225][T10183]  ? lockdep_hardirqs_on+0x9c/0x150
[  455.234245][T10183]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.234264][T10183]  ? clear_bhb_loop+0x60/0xb0
[  455.234287][T10183]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.234305][T10183] RIP: 0033:0x7f02cdd8eb69
[  455.234323][T10183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  455.234339][T10183] RSP: 002b:00007f02cec52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  455.234360][T10183] RAX: ffffffffffffffda RBX: 00007f02cdfb5fa0 RCX: 00007f02cdd8eb69
[  455.234374][T10183] RDX: 0000200000000300 RSI: 00000000c1007c00 RDI: 0000000000000003
[  455.234386][T10183] RBP: 00007f02cec52090 R08: 0000000000000000 R09: 0000000000000000
[  455.234398][T10183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  455.234410][T10183] R13: 0000000000000000 R14: 00007f02cdfb5fa0 R15: 00007ffc62766138
[  455.234441][T10183]  </TASK>
[  455.234489][T10183] ERROR: Out of memory at tomoyo_realpath_from_path.
[  455.373445][T10189] netlink: 'syz.1.1100': attribute type 3 has an invalid length.
[  455.419934][    C0] vkms_vblank_simulate: vblank timer overrun
[  455.515068][T10189] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1100'.
[  455.697718][T10193] syz.5.1102 (10193): drop_caches: 2
[  455.709295][T10193] syz.5.1102 (10193): drop_caches: 2
[  456.546024][T10188] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  456.668953][T10188] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  456.682164][T10188] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  456.688740][T10188] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  456.713734][T10188] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  456.955257][T10204] syz.4.1103 (10204): drop_caches: 2
[  456.973067][T10204] syz.4.1103 (10204): drop_caches: 2
[  458.635241][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout
[  458.710939][T10206] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  458.721156][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout
[  458.727364][ T5850] Bluetooth: hci4: command 0x0c1a tx timeout
[  458.733402][ T5850] Bluetooth: hci3: command 0x0c1a tx timeout
[  458.734978][ T5843] Bluetooth: hci1: command 0x0c1a tx timeout
[  459.169325][T10221] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1108'.
[  459.183909][T10221] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1108'.
[  460.439294][T10214] ÿÿÿÿÿÿÇ(
¯J: renamed from lo (while UP)
[  462.339458][T10291] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1114'.
[  462.348685][T10291] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1114'.
[  462.933068][T10289] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  463.886040][T10293] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1118'.
[  464.088912][T10299] can0: slcan on ptm0.
[  464.274024][T10302] netlink: 'syz.4.1117': attribute type 3 has an invalid length.
[  464.281916][T10302] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1117'.
[  464.862430][ T3090] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  465.235049][ T3090] usb 6-1: Using ep0 maxpacket: 16
[  465.252616][ T3090] usb 6-1: unable to get BOS descriptor or descriptor too short
[  465.261151][T10295] can0 (unregistered): slcan off ptm0.
[  465.276678][ T3090] usb 6-1: config 159 has an invalid interface number: 195 but max is 0
[  465.319849][ T3090] usb 6-1: config 159 has no interface number 0
[  465.355436][ T3090] usb 6-1: config 159 interface 195 altsetting 5 endpoint 0x1 has invalid wMaxPacketSize 0
[  465.401585][ T3090] usb 6-1: config 159 interface 195 has no altsetting 0
[  465.417080][ T3090] usb 6-1: New USB device found, idVendor=17e9, idProduct=b889, bcdDevice=ec.5c
[  465.430836][ T3090] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  465.448697][ T3090] usb 6-1: Product: syz
[  465.458398][ T3090] usb 6-1: Manufacturer: syz
[  465.473293][ T3090] usb 6-1: SerialNumber: syz
[  465.703885][ T3090] udl 6-1:159.195: [drm] Unrecognized vendor firmware descriptor
[  465.716402][ T3090] [drm:udl_init] *ERROR* Selecting channel failed
[  465.730978][T10317] FAULT_INJECTION: forcing a failure.
[  465.730978][T10317] name failslab, interval 1, probability 0, space 0, times 0
[  465.799444][T10318] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1123'.
[  466.374957][T10317] CPU: 0 UID: 0 PID: 10317 Comm: syz.2.1124 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  466.374986][T10317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  466.374996][T10317] Call Trace:
[  466.375005][T10317]  <TASK>
[  466.375014][T10317]  dump_stack_lvl+0x189/0x250
[  466.375041][T10317]  ? __pfx____ratelimit+0x10/0x10
[  466.375062][T10317]  ? __pfx_dump_stack_lvl+0x10/0x10
[  466.375084][T10317]  ? __pfx__printk+0x10/0x10
[  466.375114][T10317]  ? __pfx___might_resched+0x10/0x10
[  466.375140][T10317]  should_fail_ex+0x414/0x560
[  466.375166][T10317]  should_failslab+0xa8/0x100
[  466.375189][T10317]  __kmalloc_noprof+0xcb/0x4f0
[  466.375206][T10317]  ? tcf_idr_check_alloc+0x637/0x7b0
[  466.375226][T10317]  ? tcf_idr_create+0x5d/0x6c0
[  466.375261][T10317]  tcf_idr_create+0x5d/0x6c0
[  466.375282][T10317]  ? __nla_parse+0x40/0x60
[  466.375308][T10317]  tcf_sample_init+0x325/0x9c0
[  466.375346][T10317]  ? __pfx_tcf_sample_init+0x10/0x10
[  466.375385][T10317]  ? nla_memcpy+0x5b/0xc0
[  466.375417][T10317]  tcf_action_init_1+0x460/0x6d0
[  466.375446][T10317]  ? __pfx_tcf_action_init_1+0x10/0x10
[  466.375468][T10317]  ? _raw_read_unlock+0x28/0x50
[  466.375484][T10317]  ? tc_action_load_ops+0x214/0x4e0
[  466.375523][T10317]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  466.375552][T10317]  ? __nla_parse+0x40/0x60
[  466.375578][T10317]  tcf_action_init+0x2cf/0xab0
[  466.375611][T10317]  ? __pfx_tcf_action_init+0x10/0x10
[  466.375663][T10317]  ? __pfx___nla_validate_parse+0x10/0x10
[  466.375725][T10317]  tc_ctl_action+0x430/0xbd0
[  466.375757][T10317]  ? __pfx_tc_ctl_action+0x10/0x10
[  466.375788][T10317]  ? rcu_is_watching+0x15/0xb0
[  466.375853][T10317]  ? __pfx_tc_ctl_action+0x10/0x10
[  466.375875][T10317]  rtnetlink_rcv_msg+0x779/0xb70
[  466.375906][T10317]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  466.375929][T10317]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  466.375952][T10317]  ? ref_tracker_free+0x63a/0x7d0
[  466.375971][T10317]  ? __copy_skb_header+0xa7/0x550
[  466.375994][T10317]  ? __pfx_ref_tracker_free+0x10/0x10
[  466.376015][T10317]  ? __skb_clone+0x63/0x7a0
[  466.376041][T10317]  netlink_rcv_skb+0x205/0x470
[  466.376069][T10317]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  466.376096][T10317]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  466.376137][T10317]  ? netlink_deliver_tap+0x2e/0x1b0
[  466.376162][T10317]  ? netlink_deliver_tap+0x2e/0x1b0
[  466.376194][T10317]  netlink_unicast+0x75c/0x8e0
[  466.376230][T10317]  netlink_sendmsg+0x805/0xb30
[  466.376278][T10317]  ? __pfx_netlink_sendmsg+0x10/0x10
[  466.376313][T10317]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  466.376332][T10317]  ? __pfx_netlink_sendmsg+0x10/0x10
[  466.376363][T10317]  __sock_sendmsg+0x21c/0x270
[  466.376389][T10317]  ____sys_sendmsg+0x505/0x830
[  466.376425][T10317]  ? __pfx_____sys_sendmsg+0x10/0x10
[  466.376463][T10317]  ? import_iovec+0x74/0xa0
[  466.376494][T10317]  ___sys_sendmsg+0x21f/0x2a0
[  466.376525][T10317]  ? __pfx____sys_sendmsg+0x10/0x10
[  466.376592][T10317]  ? __fget_files+0x2a/0x420
[  466.376612][T10317]  ? __fget_files+0x3a0/0x420
[  466.376645][T10317]  __x64_sys_sendmsg+0x19b/0x260
[  466.376677][T10317]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  466.376717][T10317]  ? __pfx_ksys_write+0x10/0x10
[  466.376732][T10317]  ? rcu_is_watching+0x15/0xb0
[  466.376758][T10317]  ? do_syscall_64+0xbe/0x3b0
[  466.376784][T10317]  do_syscall_64+0xfa/0x3b0
[  466.376805][T10317]  ? lockdep_hardirqs_on+0x9c/0x150
[  466.376825][T10317]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.376843][T10317]  ? clear_bhb_loop+0x60/0xb0
[  466.376866][T10317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.376885][T10317] RIP: 0033:0x7f45df18eb69
[  466.376902][T10317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  466.376920][T10317] RSP: 002b:00007f45dff6c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  466.376941][T10317] RAX: ffffffffffffffda RBX: 00007f45df3b5fa0 RCX: 00007f45df18eb69
[  466.376955][T10317] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  466.376968][T10317] RBP: 00007f45dff6c090 R08: 0000000000000000 R09: 0000000000000000
[  466.376980][T10317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  466.376991][T10317] R13: 0000000000000000 R14: 00007f45df3b5fa0 R15: 00007ffc0741ec18
[  466.377021][T10317]  </TASK>
[  467.019845][ T3090] [drm] Initialized udl 0.0.1 for 6-1:159.195 on minor 2
[  467.036735][ T3090] [drm] Initialized udl on minor 2
[  467.073358][T10324] input: syz1 as /devices/virtual/input/input30
[  467.087733][ T3090] udl 6-1:159.195: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  467.384295][ T3090] udl 6-1:159.195: [drm] Cannot find any crtc or sizes
[  467.533986][ T5923] udl 6-1:159.195: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  467.866238][ T5923] udl 6-1:159.195: [drm] Cannot find any crtc or sizes
[  467.964927][ T3090] usb 6-1: USB disconnect, device number 6
[  468.230222][T10339] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1129'.
[  470.716651][T10350] netlink: 'syz.5.1131': attribute type 3 has an invalid length.
[  470.724428][T10350] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.1131'.
[  471.617834][T10356] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1132'.
[  471.757470][T10361] FAULT_INJECTION: forcing a failure.
[  471.757470][T10361] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  471.787035][T10361] CPU: 1 UID: 0 PID: 10361 Comm: syz.1.1134 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  471.787086][T10361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  471.787098][T10361] Call Trace:
[  471.787107][T10361]  <TASK>
[  471.787115][T10361]  dump_stack_lvl+0x189/0x250
[  471.787143][T10361]  ? __pfx____ratelimit+0x10/0x10
[  471.787164][T10361]  ? __pfx_dump_stack_lvl+0x10/0x10
[  471.787187][T10361]  ? __pfx__printk+0x10/0x10
[  471.787226][T10361]  should_fail_ex+0x414/0x560
[  471.787268][T10361]  _copy_to_user+0x31/0xb0
[  471.787298][T10361]  simple_read_from_buffer+0xe1/0x170
[  471.787324][T10361]  proc_fail_nth_read+0x1df/0x250
[  471.787353][T10361]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  471.787379][T10361]  ? rw_verify_area+0x258/0x650
[  471.787406][T10361]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  471.787432][T10361]  vfs_read+0x200/0x980
[  471.787466][T10361]  ? __pfx___mutex_lock+0x10/0x10
[  471.787489][T10361]  ? __pfx_vfs_read+0x10/0x10
[  471.787520][T10361]  ? __fget_files+0x2a/0x420
[  471.787547][T10361]  ? __fget_files+0x3a0/0x420
[  471.787567][T10361]  ? __fget_files+0x2a/0x420
[  471.787599][T10361]  ksys_read+0x145/0x250
[  471.787619][T10361]  ? __pfx_ksys_read+0x10/0x10
[  471.787641][T10361]  ? rcu_is_watching+0x15/0xb0
[  471.787668][T10361]  ? do_syscall_64+0xbe/0x3b0
[  471.787694][T10361]  do_syscall_64+0xfa/0x3b0
[  471.787714][T10361]  ? lockdep_hardirqs_on+0x9c/0x150
[  471.787734][T10361]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.787754][T10361]  ? clear_bhb_loop+0x60/0xb0
[  471.787777][T10361]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.787796][T10361] RIP: 0033:0x7fbdc178d57c
[  471.787813][T10361] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  471.787830][T10361] RSP: 002b:00007fbdc2626030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  471.787851][T10361] RAX: ffffffffffffffda RBX: 00007fbdc19b5fa0 RCX: 00007fbdc178d57c
[  471.787866][T10361] RDX: 000000000000000f RSI: 00007fbdc26260a0 RDI: 0000000000000004
[  471.787878][T10361] RBP: 00007fbdc2626090 R08: 0000000000000000 R09: 0000000000000000
[  471.787891][T10361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  471.787902][T10361] R13: 0000000000000000 R14: 00007fbdc19b5fa0 R15: 00007ffd31e19f78
[  471.787933][T10361]  </TASK>
[  473.035241][ T5923] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  473.269962][T10383] binder: Bad value for 'max'
[  473.331097][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  473.375131][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  473.389246][T10385] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1141'.
[  473.402654][T10385] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1141'.
[  473.469812][ T5923] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  473.703314][ T5923] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  473.824015][    T9] IPVS: starting estimator thread 0...
[  473.949617][ T5923] usb 3-1: config 0 descriptor??
[  473.966214][T10393] IPVS: using max 49 ests per chain, 117600 per kthread
[  474.054993][ T6029] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  474.217072][ T6029] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  474.271842][ T6029] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  475.006351][ T5923] cm6533_jd 0003:0D8C:0022.000A: item fetching failed at offset 4/5
[  475.026016][ T6029] usb 6-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  475.026653][ T5923] cm6533_jd 0003:0D8C:0022.000A: parse failed
[  475.044973][ T5923] cm6533_jd 0003:0D8C:0022.000A: probe with driver cm6533_jd failed with error -22
[  475.111436][ T6029] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  475.124608][ T5900] usb 3-1: USB disconnect, device number 25
[  475.195801][ T6029] usb 6-1: config 0 descriptor??
[  475.598161][T10410] netlink: 'syz.2.1146': attribute type 3 has an invalid length.
[  475.606185][T10410] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1146'.
[  476.071917][   T43] usb 6-1: USB disconnect, device number 7
[  476.263104][T10415] QAT: failed to copy from user cfg_data.
[  477.633163][T10445] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  478.117509][ T5900] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  478.285067][ T5900] usb 3-1: Using ep0 maxpacket: 8
[  478.296926][ T5900] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  478.305565][ T5900] usb 3-1: config 179 has no interface number 0
[  478.311875][ T5900] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  478.414861][ T5900] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  478.478750][ T5900] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  478.517742][ T5900] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  478.563744][ T5900] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  478.598590][ T5900] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  478.728673][ T5900] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  478.762018][T10466] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  478.912571][T10488] netlink: 'syz.5.1162': attribute type 12 has an invalid length.
[  478.926290][T10488] netlink: 'syz.5.1162': attribute type 29 has an invalid length.
[  478.935013][T10488] netlink: 148 bytes leftover after parsing attributes in process `syz.5.1162'.
[  479.745987][T10490] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1157'.
[  479.798743][T10466] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  479.805324][T10466] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  479.977176][T10466] vhci_hcd vhci_hcd.0: Device attached
[  480.118538][T10491] vhci_hcd: connection closed
[  480.119891][T10263] vhci_hcd: stop threads
[  480.121319][ T5900] usb 3-1: USB disconnect, device number 26
[  480.124609][T10263] vhci_hcd: release socket
[  480.124638][    C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  480.124680][    C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  480.135188][T10263] vhci_hcd: disconnect device
[  481.080034][T10521] FAULT_INJECTION: forcing a failure.
[  481.080034][T10521] name failslab, interval 1, probability 0, space 0, times 0
[  481.093862][T10521] CPU: 0 UID: 0 PID: 10521 Comm: syz.3.1173 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  481.093888][T10521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  481.093900][T10521] Call Trace:
[  481.093908][T10521]  <TASK>
[  481.093916][T10521]  dump_stack_lvl+0x189/0x250
[  481.093943][T10521]  ? __pfx____ratelimit+0x10/0x10
[  481.093964][T10521]  ? __pfx_dump_stack_lvl+0x10/0x10
[  481.093985][T10521]  ? __pfx__printk+0x10/0x10
[  481.094016][T10521]  ? __pfx___might_resched+0x10/0x10
[  481.094043][T10521]  should_fail_ex+0x414/0x560
[  481.094068][T10521]  should_failslab+0xa8/0x100
[  481.094092][T10521]  __kmalloc_noprof+0xcb/0x4f0
[  481.094111][T10521]  ? sk_prot_alloc+0xe7/0x220
[  481.094143][T10521]  sk_prot_alloc+0xe7/0x220
[  481.094168][T10521]  ? sk_alloc+0x24/0x370
[  481.094197][T10521]  sk_alloc+0x3a/0x370
[  481.094222][T10521]  ? bpf_ctx_init+0x167/0x1d0
[  481.094251][T10521]  bpf_prog_test_run_skb+0x2ed/0x1560
[  481.094275][T10521]  ? __fget_files+0x2a/0x420
[  481.094312][T10521]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  481.094339][T10521]  bpf_prog_test_run+0x2c7/0x340
[  481.094372][T10521]  __sys_bpf+0x4a4/0x860
[  481.094402][T10521]  ? __pfx___sys_bpf+0x10/0x10
[  481.094441][T10521]  ? ksys_write+0x22a/0x250
[  481.094462][T10521]  ? __pfx_ksys_write+0x10/0x10
[  481.094478][T10521]  ? rcu_is_watching+0x15/0xb0
[  481.094506][T10521]  __x64_sys_bpf+0x7c/0x90
[  481.094532][T10521]  do_syscall_64+0xfa/0x3b0
[  481.094552][T10521]  ? lockdep_hardirqs_on+0x9c/0x150
[  481.094569][T10521]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.094588][T10521]  ? clear_bhb_loop+0x60/0xb0
[  481.094612][T10521]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.094630][T10521] RIP: 0033:0x7fa4ecf8eb69
[  481.094651][T10521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  481.094665][T10521] RSP: 002b:00007fa4edd8c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  481.094693][T10521] RAX: ffffffffffffffda RBX: 00007fa4ed1b5fa0 RCX: 00007fa4ecf8eb69
[  481.094707][T10521] RDX: 0000000000000050 RSI: 0000200000000140 RDI: 000000000000000a
[  481.094720][T10521] RBP: 00007fa4edd8c090 R08: 0000000000000000 R09: 0000000000000000
[  481.094730][T10521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  481.094741][T10521] R13: 0000000000000000 R14: 00007fa4ed1b5fa0 R15: 00007ffee9802da8
[  481.094773][T10521]  </TASK>
[  481.385113][   T43] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  481.475484][ T6029] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  481.593397][   T43] usb 6-1: config 0 interface 0 altsetting 252 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  481.697359][ T6029] usb 3-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  481.706719][ T6029] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  481.771150][   T43] usb 6-1: config 0 interface 0 altsetting 252 endpoint 0x81 has invalid wMaxPacketSize 0
[  482.571868][   T43] usb 6-1: config 0 interface 0 has no altsetting 0
[  482.595125][   T43] usb 6-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00
[  482.605523][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  482.619882][   T43] usb 6-1: config 0 descriptor??
[  482.657443][ T6029] usb 3-1: config 0 descriptor??
[  483.298171][ T6029] gspca_main: spca508-2.14.0 probing 8086:0110
[  483.356830][ T5900] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  483.436728][ T6029] gspca_spca508: reg_read err -32
[  483.492347][ T6029] gspca_spca508: reg_read err -32
[  483.616108][ T6029] gspca_spca508: reg_read err -32
[  483.623707][ T6029] gspca_spca508: reg_read err -32
[  483.623856][T10515] overlay: ./file1 is not a directory
[  483.635542][ T6029] gspca_spca508: reg_read err -32
[  483.755194][ T5900] usb 4-1: Using ep0 maxpacket: 8
[  483.781569][ T5900] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  483.805487][ T5900] usb 4-1: config 179 has no interface number 0
[  483.824965][ T5900] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  483.883810][ T5900] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  483.908309][ T5900] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  483.926843][ T5900] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  483.956186][ T5900] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  484.032911][ T5900] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  484.083873][ T5900] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  484.129654][T10532] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  484.155595][ T6029] gspca_spca508: reg write: error -110
[  484.159237][   T43] usbhid 6-1:0.0: can't add hid device: -71
[  484.172933][ T6029] spca508 3-1:0.0: probe with driver spca508 failed with error -110
[  484.181060][   T43] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  484.401347][ T6029] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input31
[  484.414059][T10544] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  484.601275][T10532] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  484.642790][T10532] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  484.907409][ T6029] usb 4-1: USB disconnect, device number 15
[  484.907484][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  484.907539][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  485.102753][   T43] usb 6-1: USB disconnect, device number 8
[  485.123830][ T5900] usb 3-1: USB disconnect, device number 27
[  485.177568][T10550] 9pnet_fd: Insufficient options for proto=fd
[  486.509540][ T5843] Bluetooth: hci2: command 0x0c1a tx timeout
[  488.275022][   T43] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  489.954908][   T43] usb 6-1: Using ep0 maxpacket: 8
[  490.001862][   T43] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  490.038161][   T43] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  490.446880][   T43] usb 6-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52
[  490.489836][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  490.539464][   T43] usb 6-1: Product: syz
[  490.544466][   T43] usb 6-1: Manufacturer: syz
[  490.557779][   T43] usb 6-1: SerialNumber: syz
[  490.579206][   T43] usb 6-1: config 0 descriptor??
[  491.722306][   T43] usb 6-1: USB disconnect, device number 9
[  494.094999][ T5843] Bluetooth: hci0: command 0x0c1a tx timeout
[  494.103397][T10620] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  494.786531][T10620] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  494.818875][T10620] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  494.885954][T10620] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  494.925475][T10620] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  495.304927][   T10] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  495.494878][   T10] usb 5-1: Using ep0 maxpacket: 32
[  495.512191][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  495.543309][T10660] netlink: 'syz.5.1218': attribute type 3 has an invalid length.
[  495.557950][   T10] usb 5-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00
[  495.565697][T10660] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.1218'.
[  495.620192][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  495.660863][   T10] usb 5-1: config 0 descriptor??
[  496.517044][   T10] hid-picolcd 0003:04D8:C002.000B: unknown main item tag 0x0
[  496.524510][   T10] hid-picolcd 0003:04D8:C002.000B: unknown main item tag 0x0
[  496.532429][   T10] hid-picolcd 0003:04D8:C002.000B: unknown main item tag 0x0
[  496.539894][   T10] hid-picolcd 0003:04D8:C002.000B: unknown main item tag 0x0
[  496.547336][   T10] hid-picolcd 0003:04D8:C002.000B: unknown main item tag 0x0
[  496.555171][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[  496.915367][   T10] hid-picolcd 0003:04D8:C002.000B: No report with id 0x11 found
[  496.917099][   T51] Bluetooth: hci3: command 0x0c1a tx timeout
[  496.966390][ T5843] Bluetooth: hci4: command 0x0c1a tx timeout
[  496.973840][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  497.011952][ T6029] usb 5-1: USB disconnect, device number 9
[  498.170176][T10682] netlink: 'syz.1.1225': attribute type 14 has an invalid length.
[  498.218103][T10686] FAULT_INJECTION: forcing a failure.
[  498.218103][T10686] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  498.234351][T10686] CPU: 1 UID: 0 PID: 10686 Comm: syz.2.1226 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  498.234380][T10686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  498.234392][T10686] Call Trace:
[  498.234399][T10686]  <TASK>
[  498.234407][T10686]  dump_stack_lvl+0x189/0x250
[  498.234433][T10686]  ? __pfx____ratelimit+0x10/0x10
[  498.234450][T10686]  ? __pfx_dump_stack_lvl+0x10/0x10
[  498.234470][T10686]  ? __pfx__printk+0x10/0x10
[  498.234496][T10686]  ? __pfx___mutex_lock+0x10/0x10
[  498.234522][T10686]  should_fail_ex+0x414/0x560
[  498.234547][T10686]  _copy_to_user+0x31/0xb0
[  498.234575][T10686]  media_device_ioctl+0x329/0x430
[  498.234597][T10686]  ? __pfx_media_device_ioctl+0x10/0x10
[  498.234644][T10686]  ? __pfx_media_device_ioctl+0x10/0x10
[  498.234661][T10686]  ? media_ioctl+0xfe/0x120
[  498.234679][T10686]  ? __pfx_media_ioctl+0x10/0x10
[  498.234696][T10686]  __se_sys_ioctl+0xfc/0x170
[  498.234722][T10686]  do_syscall_64+0xfa/0x3b0
[  498.234738][T10686]  ? lockdep_hardirqs_on+0x9c/0x150
[  498.234754][T10686]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.234770][T10686]  ? clear_bhb_loop+0x60/0xb0
[  498.234795][T10686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.234812][T10686] RIP: 0033:0x7f45df18eb69
[  498.234828][T10686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  498.234844][T10686] RSP: 002b:00007f45dff6c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  498.234862][T10686] RAX: ffffffffffffffda RBX: 00007f45df3b5fa0 RCX: 00007f45df18eb69
[  498.234874][T10686] RDX: 0000200000000300 RSI: 00000000c1007c00 RDI: 0000000000000003
[  498.234885][T10686] RBP: 00007f45dff6c090 R08: 0000000000000000 R09: 0000000000000000
[  498.234895][T10686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  498.234912][T10686] R13: 0000000000000000 R14: 00007f45df3b5fa0 R15: 00007ffc0741ec18
[  498.234937][T10686]  </TASK>
[  500.089844][T10713] netlink: 41 bytes leftover after parsing attributes in process `syz.4.1232'.
[  500.940156][T10723] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  501.520768][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  502.098374][T10749] syz.5.1241 (10749): drop_caches: 2
[  502.105866][T10749] syz.5.1241 (10749): drop_caches: 2
[  507.671416][T10790] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1251'.
[  507.812834][T10799] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1253'.
[  509.301558][T10805] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  509.427507][T10807] RDS: rds_bind could not find a transport for fec0:ffff::1, load rds_tcp or rds_rdma?
[  509.439148][T10807] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1257'.
[  509.448639][T10807] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1257'.
[  509.458985][   T10] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  509.628785][   T10] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  509.637652][   T10] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  509.650948][   T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  509.660454][   T10] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  509.689873][   T10] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  509.699926][   T10] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  509.719606][   T10] usb 2-1: Product: syz
[  509.732943][   T10] usb 2-1: Manufacturer: syz
[  509.760512][   T10] cdc_wdm 2-1:1.0: skipping garbage
[  509.777903][   T10] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22
[  509.843194][   T43] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  510.005009][   T43] usb 3-1: Using ep0 maxpacket: 32
[  511.117021][T10827] program syz.1.1258 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  511.299436][   T43] usb 3-1: config 0 has an invalid descriptor of length 244, skipping remainder of the config
[  511.762894][   T43] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  511.811418][   T43] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice= 0.00
[  511.859660][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  511.923878][   T43] usb 3-1: config 0 descriptor??
[  511.990961][   T43] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  512.739711][   T43] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  512.879321][   T10] usb 2-1: USB disconnect, device number 16
[  512.886938][T10853] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  512.924328][T10853] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  512.947882][   T43] usb 4-1: unable to get BOS descriptor or descriptor too short
[  512.962983][T10853] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1260'.
[  512.967527][   T43] usb 4-1: not running at top speed; connect to a high speed hub
[  513.080969][   T43] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  513.129006][   T43] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  513.201542][   T43] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  513.234546][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  513.323535][   T43] usb 4-1: Product: syz
[  513.351700][   T43] usb 4-1: Manufacturer: syz
[  513.373581][   T43] usb 4-1: SerialNumber: syz
[  513.624126][   T43] usb 4-1: 0:2 : does not exist
[  513.667989][   T43] usb 4-1: unit 4 not found!
[  513.693724][   T43] usb 4-1: 5:0: cannot get min/max values for control 2 (id 5)
[  513.722339][   T43] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5)
[  513.934598][   T43] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5)
[  514.570778][   T10] usb 3-1: USB disconnect, device number 28
[  514.683160][   T43] usb 4-1: USB disconnect, device number 16
[  515.035639][T10876] netlink: 'syz.2.1275': attribute type 1 has an invalid length.
[  515.116687][T10876] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1275'.
[  515.158921][T10876] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1275'.
[  515.694925][   T10] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  516.011381][   T10] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  516.032191][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  516.051967][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  516.095045][   T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  516.125754][T10674] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  516.214304][   T10] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  516.226599][   T10] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  516.294139][T10674] usb 3-1: Using ep0 maxpacket: 8
[  516.365463][    T9] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  516.559869][    T9] usb 6-1: Using ep0 maxpacket: 16
[  516.769483][T10674] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  516.806609][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  516.824999][   T10] usb 4-1: Manufacturer: syz
[  516.830851][T10674] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  516.854577][   T10] usb 4-1: config 0 descriptor??
[  516.861308][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  516.901730][T10674] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  516.920691][    T9] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  516.954475][T10674] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  516.985079][    T9] usb 6-1: New USB device found, idVendor=046d, idProduct=c227, bcdDevice= 0.00
[  516.998868][T10674] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  517.015477][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  517.038040][T10674] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  517.078281][    T9] usb 6-1: config 0 descriptor??
[  517.086069][T10674] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  517.117897][T10674] usbtmc 3-1:16.0: probe with driver usbtmc failed with error -22
[  517.718666][    T9] lg-g15 0003:046D:C227.000C: hidraw0: USB HID v0.00 Device [HID 046d:c227] on usb-dummy_hcd.5-1/input0
[  517.745125][   T10] appleir 0003:05AC:8243.000D: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[  517.761143][T10897] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  517.770927][T10897] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  517.814499][   T10] usb 4-1: USB disconnect, device number 17
[  518.896479][   T43] usb 3-1: USB disconnect, device number 29
[  519.263862][T10906] syz.3.1286: attempt to access beyond end of device
[  519.263862][T10906] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0
[  519.277293][T10906] EXT4-fs (nbd3): unable to read superblock
[  519.875453][T10674] usb 6-1: USB disconnect, device number 10
[  520.794000][T10919] netlink: 'syz.5.1288': attribute type 12 has an invalid length.
[  520.874677][T10922] =======================================================
[  520.874677][T10922] WARNING: The mand mount option has been deprecated and
[  520.874677][T10922]          and is ignored by this kernel. Remove the mand
[  520.874677][T10922]          option from the mount to silence this warning.
[  520.874677][T10922] =======================================================
[  521.204174][T10921] option changes via remount are deprecated (pid=10920 comm=syz.2.1290)
[  521.213337][T10919] netlink: 'syz.5.1288': attribute type 29 has an invalid length.
[  521.287978][T10919] netlink: 148 bytes leftover after parsing attributes in process `syz.5.1288'.
[  521.297447][T10919] netlink: 'syz.5.1288': attribute type 1 has an invalid length.
[  521.305510][T10919] netlink: 'syz.5.1288': attribute type 2 has an invalid length.
[  521.339275][T10924] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  521.379665][T10919] netlink: 7 bytes leftover after parsing attributes in process `syz.5.1288'.
[  522.265839][   T30] kauditd_printk_skb: 24 callbacks suppressed
[  522.265855][   T30] audit: type=1326 audit(1754228095.412:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10937 comm="syz.4.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02cdd8eb69 code=0x7ffc0000
[  522.880711][   T30] audit: type=1326 audit(1754228095.412:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10937 comm="syz.4.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02cdd8eb69 code=0x7ffc0000
[  522.903828][T10941] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  523.024932][T10944] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  524.252493][   T30] audit: type=1326 audit(1754228096.272:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10937 comm="syz.4.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f02cdd8eb69 code=0x7ffc0000
[  524.274248][   T30] audit: type=1326 audit(1754228096.272:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10937 comm="syz.4.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02cdd8eb69 code=0x7ffc0000
[  524.296010][   T30] audit: type=1326 audit(1754228096.272:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10937 comm="syz.4.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02cdd8eb69 code=0x7ffc0000
[  524.323277][   T30] audit: type=1326 audit(1754228096.272:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10937 comm="syz.4.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f02cdd8eb69 code=0x7ffc0000
[  524.345466][   T30] audit: type=1326 audit(1754228096.272:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10937 comm="syz.4.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02cdd8eb69 code=0x7ffc0000
[  524.367465][   T30] audit: type=1326 audit(1754228096.272:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10937 comm="syz.4.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02cdd8eb69 code=0x7ffc0000
[  524.389296][   T30] audit: type=1326 audit(1754228096.272:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10937 comm="syz.4.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f02cdd8eb69 code=0x7ffc0000
[  524.412107][   T30] audit: type=1326 audit(1754228096.272:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10937 comm="syz.4.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02cdd8eb69 code=0x7ffc0000
[  527.753276][T10989] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1308'.
[  528.538765][T10991] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  528.551668][T10991] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null.
[  528.562192][T10991] xt_CT: You must specify a L4 protocol and not use inversions on it
[  529.259664][T11001] FAULT_INJECTION: forcing a failure.
[  529.259664][T11001] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  529.962380][T11001] CPU: 0 UID: 0 PID: 11001 Comm: syz.4.1312 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  529.962415][T11001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  529.962427][T11001] Call Trace:
[  529.962435][T11001]  <TASK>
[  529.962444][T11001]  dump_stack_lvl+0x189/0x250
[  529.962471][T11001]  ? __pfx____ratelimit+0x10/0x10
[  529.962492][T11001]  ? __pfx_dump_stack_lvl+0x10/0x10
[  529.962514][T11001]  ? __pfx__printk+0x10/0x10
[  529.962539][T11001]  ? __might_fault+0xb0/0x130
[  529.962571][T11001]  should_fail_ex+0x414/0x560
[  529.962598][T11001]  _copy_from_iter+0x1db/0x16f0
[  529.962626][T11001]  ? rcu_is_watching+0x15/0xb0
[  529.962649][T11001]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  529.962671][T11001]  ? __pfx__copy_from_iter+0x10/0x10
[  529.962697][T11001]  ? __build_skb_around+0x257/0x3e0
[  529.962728][T11001]  ? netlink_sendmsg+0x642/0xb30
[  529.962753][T11001]  ? skb_put+0x11b/0x210
[  529.962787][T11001]  netlink_sendmsg+0x6b2/0xb30
[  529.962825][T11001]  ? __pfx_netlink_sendmsg+0x10/0x10
[  529.962860][T11001]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  529.962879][T11001]  ? __pfx_netlink_sendmsg+0x10/0x10
[  529.962907][T11001]  __sock_sendmsg+0x21c/0x270
[  529.962934][T11001]  ____sys_sendmsg+0x52d/0x830
[  529.962969][T11001]  ? __pfx_____sys_sendmsg+0x10/0x10
[  529.963006][T11001]  ? import_iovec+0x74/0xa0
[  529.963033][T11001]  ___sys_sendmsg+0x21f/0x2a0
[  529.963064][T11001]  ? __pfx____sys_sendmsg+0x10/0x10
[  529.963133][T11001]  ? __fget_files+0x2a/0x420
[  529.963154][T11001]  ? __fget_files+0x3a0/0x420
[  529.963187][T11001]  __sys_sendmmsg+0x227/0x430
[  529.963222][T11001]  ? __pfx___sys_sendmmsg+0x10/0x10
[  529.963248][T11001]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  529.963299][T11001]  ? ksys_write+0x22a/0x250
[  529.963321][T11001]  ? __pfx_ksys_write+0x10/0x10
[  529.963336][T11001]  ? rcu_is_watching+0x15/0xb0
[  529.963364][T11001]  __x64_sys_sendmmsg+0xa0/0xc0
[  529.963401][T11001]  do_syscall_64+0xfa/0x3b0
[  529.963421][T11001]  ? lockdep_hardirqs_on+0x9c/0x150
[  529.963441][T11001]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  529.963460][T11001]  ? clear_bhb_loop+0x60/0xb0
[  529.963484][T11001]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  529.963503][T11001] RIP: 0033:0x7f02cdd8eb69
[  529.963520][T11001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  529.963537][T11001] RSP: 002b:00007f02cec52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  529.963557][T11001] RAX: ffffffffffffffda RBX: 00007f02cdfb5fa0 RCX: 00007f02cdd8eb69
[  529.963572][T11001] RDX: 0400000000000235 RSI: 0000200000000000 RDI: 0000000000000003
[  529.963586][T11001] RBP: 00007f02cec52090 R08: 0000000000000000 R09: 0000000000000000
[  529.963599][T11001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  529.963610][T11001] R13: 0000000000000000 R14: 00007f02cdfb5fa0 R15: 00007ffc62766138
[  529.963641][T11001]  </TASK>
[  530.249926][    C0] vkms_vblank_simulate: vblank timer overrun
[  531.519017][T11024] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1315'.
[  532.205367][T11029] netlink: 'syz.1.1320': attribute type 12 has an invalid length.
[  532.215097][T11029] netlink: 'syz.1.1320': attribute type 29 has an invalid length.
[  532.237972][T11029] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1320'.
[  532.279888][T11029] netlink: 'syz.1.1320': attribute type 1 has an invalid length.
[  532.288729][T11029] netlink: 'syz.1.1320': attribute type 2 has an invalid length.
[  532.299033][T11029] netlink: 7 bytes leftover after parsing attributes in process `syz.1.1320'.
[  532.785811][T11044] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1324'.
[  532.867650][ T3545] Bluetooth: Error in BCSP hdr checksum
[  533.079763][   T10] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  533.255669][   T10] usb 2-1: Using ep0 maxpacket: 16
[  533.380507][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  533.397408][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  533.416813][   T10] usb 2-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00
[  533.435397][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  533.617582][   T10] usb 2-1: config 0 descriptor??
[  533.834768][   T10] playstation 0003:054C:05C4.000E: hidraw0: USB HID v0.00 Device [HID 054c:05c4] on usb-dummy_hcd.1-1/input0
[  534.640598][ T5843] Bluetooth: hci5: command 0x1003 tx timeout
[  534.645066][   T51] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  535.984974][   T10] playstation 0003:054C:05C4.000E: Failed to retrieve feature with reportID 18: -71
[  536.014989][   T10] playstation 0003:054C:05C4.000E: Failed to retrieve DualShock4 pairing info: -71
[  536.024390][   T10] playstation 0003:054C:05C4.000E: Failed to get MAC address from DualShock4
[  536.461790][   T10] playstation 0003:054C:05C4.000E: Failed to create dualshock4.
[  536.473265][   T10] playstation 0003:054C:05C4.000E: probe with driver playstation failed with error -71
[  536.486321][   T10] usb 2-1: USB disconnect, device number 17
[  537.510651][T11099] loop2: detected capacity change from 0 to 7
[  537.519857][T11092] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1337'.
[  537.538721][T11099]  loop2: p1
[  537.545019][T11099] loop2: partition table partially beyond EOD, truncated
[  537.567134][T11099] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  539.669798][T11120] hugetlbfs: syz.3.1345 (11120): Using mlock ulimits for SHM_HUGETLB is obsolete
[  540.240678][T11118] syz.1.1344 (11118): drop_caches: 2
[  540.248797][T11118] syz.1.1344 (11118): drop_caches: 2
[  542.476699][T11135] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  546.779531][T11173] binder: 11170:11173 ioctl c0306201 2000000001c0 returned -14
[  548.389442][T11194] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  552.987936][T11216] Invalid option length (1048372) for dns_resolver key
[  554.163569][T11228] netlink: 'syz.3.1377': attribute type 3 has an invalid length.
[  554.171683][T11228] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1377'.
[  555.026502][T11243] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  558.154146][T11278] netlink: 'syz.1.1390': attribute type 3 has an invalid length.
[  558.162063][T11278] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1390'.
[  559.848310][T11295] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  559.879373][T11295] sctp: [Deprecated]: syz.4.1395 (pid 11295) Use of struct sctp_assoc_value in delayed_ack socket option.
[  559.879373][T11295] Use struct sctp_sack_info instead
[  561.955009][ T5843] Bluetooth: hci2: command 0x0c1a tx timeout
[  562.405818][T11331] netlink: 'syz.3.1402': attribute type 3 has an invalid length.
[  562.413795][T11331] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1402'.
[  562.944688][T11337] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1404'.
[  562.961765][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  563.061659][T11343] loop2: detected capacity change from 0 to 7
[  563.078772][T11343]  loop2: p1
[  563.082040][T11343] loop2: partition table partially beyond EOD, truncated
[  563.102734][T11343] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  563.444994][T11349] tap0: tun_chr_ioctl cmd 1074025677
[  563.450975][T11349] tap0: linktype set to 774
[  563.500872][T11352] netlink: 'syz.3.1408': attribute type 3 has an invalid length.
[  563.510293][T11352] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1408'.
[  567.038277][T11412] netlink: 'syz.2.1422': attribute type 3 has an invalid length.
[  567.056764][T11412] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1422'.
[  568.094994][T11431] syzkaller1: entered promiscuous mode
[  568.104046][T11431] syzkaller1: entered allmulticast mode
[  568.140584][T11432] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  569.079786][T11445] x_tables: duplicate underflow at hook 3
[  569.123137][T11443] x_tables: duplicate underflow at hook 3
[  570.016105][T11456] netlink: 'syz.2.1437': attribute type 3 has an invalid length.
[  570.115554][T11456] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1437'.
[  570.250703][T11463] FAULT_INJECTION: forcing a failure.
[  570.250703][T11463] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  570.264030][T11463] CPU: 0 UID: 0 PID: 11463 Comm: syz.4.1438 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  570.264056][T11463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  570.264065][T11463] Call Trace:
[  570.264071][T11463]  <TASK>
[  570.264077][T11463]  dump_stack_lvl+0x189/0x250
[  570.264095][T11463]  ? lockdep_hardirqs_on+0x9c/0x150
[  570.264121][T11463]  ? __pfx_dump_stack_lvl+0x10/0x10
[  570.264136][T11463]  ? dump_stack+0x9/0x20
[  570.264150][T11463]  should_fail_ex+0x414/0x560
[  570.264164][T11463]  _copy_to_user+0x31/0xb0
[  570.264180][T11463]  simple_read_from_buffer+0xe1/0x170
[  570.264194][T11463]  proc_fail_nth_read+0x1df/0x250
[  570.264209][T11463]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  570.264223][T11463]  ? rw_verify_area+0x258/0x650
[  570.264239][T11463]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  570.264252][T11463]  vfs_read+0x200/0x980
[  570.264271][T11463]  ? __pfx___mutex_lock+0x10/0x10
[  570.264283][T11463]  ? __pfx_vfs_read+0x10/0x10
[  570.264299][T11463]  ? __fget_files+0x2a/0x420
[  570.264313][T11463]  ? __fget_files+0x3a0/0x420
[  570.264324][T11463]  ? __fget_files+0x2a/0x420
[  570.264340][T11463]  ksys_read+0x145/0x250
[  570.264353][T11463]  ? __pfx_ksys_read+0x10/0x10
[  570.264365][T11463]  ? do_syscall_64+0xbe/0x3b0
[  570.264379][T11463]  do_syscall_64+0xfa/0x3b0
[  570.264392][T11463]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  570.264402][T11463]  ? asm_sysvec_call_function_single+0x1a/0x20
[  570.264412][T11463]  ? clear_bhb_loop+0x60/0xb0
[  570.264424][T11463]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  570.264434][T11463] RIP: 0033:0x7f02cdd8d57c
[  570.264445][T11463] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  570.264454][T11463] RSP: 002b:00007f02cec31030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  570.264465][T11463] RAX: ffffffffffffffda RBX: 00007f02cdfb6080 RCX: 00007f02cdd8d57c
[  570.264473][T11463] RDX: 000000000000000f RSI: 00007f02cec310a0 RDI: 0000000000000008
[  570.264479][T11463] RBP: 00007f02cec31090 R08: 0000000000000000 R09: 0000000000000000
[  570.264485][T11463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  570.264491][T11463] R13: 0000000000000000 R14: 00007f02cdfb6080 R15: 00007ffc62766138
[  570.264507][T11463]  </TASK>
[  573.057653][T11494] Invalid option length (1048372) for dns_resolver key
[  573.462902][T11499] netlink: 'syz.2.1450': attribute type 1 has an invalid length.
[  573.651157][T11498] syz.4.1451 (11498): drop_caches: 2
[  573.660211][T11498] syz.4.1451 (11498): drop_caches: 2
[  575.008220][ T6029] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  575.196885][ T6029] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  575.226741][ T6029] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  575.347416][ T6029] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  575.404353][ T6029] usb 4-1: config 0 descriptor??
[  576.365888][ T6029] keytouch 0003:0926:3333.000F: fixing up Keytouch IEC report descriptor
[  576.499673][ T6029] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.000F/input/input39
[  576.630906][ T6029] keytouch 0003:0926:3333.000F: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[  577.009901][   T43] usb 4-1: USB disconnect, device number 18
[  577.343409][T11552] Invalid option length (1048372) for dns_resolver key
[  577.938563][T11567] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1469'.
[  577.970206][ T5952] kernel write not supported for file bpf-prog (pid: 5952 comm: kworker/1:8)
[  578.192042][T11574] syz.4.1466 (11574): drop_caches: 2
[  578.200490][T11574] syz.4.1466 (11574): drop_caches: 2
[  581.638151][T11610] Invalid option length (1048372) for dns_resolver key
[  581.972892][T11620] loop5: detected capacity change from 0 to 3727
[  582.104883][T11620]  loop5: [CUMANA/ADFS] p1 [ADFS] p1
[  586.282102][ T5916] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  586.672589][T10674] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  586.844919][T10674] usb 4-1: device descriptor read/64, error -71
[  586.863329][ T5916] usb 3-1: device descriptor read/64, error -71
[  587.655146][T10674] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  587.835830][    T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  588.289748][T11657] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1490'.
[  588.363842][    T9] usb 5-1: Using ep0 maxpacket: 32
[  588.386396][    T9] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  588.415286][    T9] usb 5-1: config 0 has no interface number 0
[  588.427336][    T9] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  588.451519][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  588.528926][    T9] usb 5-1: Product: syz
[  588.546349][    T9] usb 5-1: Manufacturer: syz
[  588.562353][    T9] usb 5-1: SerialNumber: syz
[  588.564670][T11664] netlink: 'syz.1.1494': attribute type 3 has an invalid length.
[  588.575756][    T9] usb 5-1: config 0 descriptor??
[  588.578803][T11664] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1494'.
[  588.705689][    T9] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  588.903113][T11666] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1495'.
[  589.410267][T11671] 9pnet_virtio: no channels available for device 127.0.0.1
[  589.761067][    T9] usb 5-1: selecting invalid altsetting 1
[  589.789941][    T9] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  589.826045][    T9] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  589.855789][    T9] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  589.864138][    T9] usb 5-1: media controller created
[  590.080147][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  590.907350][    T9] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  590.943163][    T9] zl10353_read_register: readreg error (reg=127, ret==-71)
[  590.981606][    T9] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  591.788235][    T9] usb 5-1: USB disconnect, device number 10
[  593.231824][T11701] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1504'.
[  593.559071][T11712] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  593.665010][    T9] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  593.865192][    T9] usb 5-1: device descriptor read/64, error -71
[  594.372474][T11727] dummy0: left allmulticast mode
[  594.377766][T11727] bridge0: port 3(dummy0) entered disabled state
[  594.414256][T11727] bridge_slave_0: left allmulticast mode
[  594.420261][T11727] bridge_slave_0: left promiscuous mode
[  594.426183][T11727] bridge0: port 1(bridge_slave_0) entered disabled state
[  594.498561][    T9] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  594.530822][T11727] bridge_slave_1: left allmulticast mode
[  594.536713][T11727] bridge_slave_1: left promiscuous mode
[  594.542531][T11727] bridge0: port 2(bridge_slave_1) entered disabled state
[  594.639795][T11727] bond0: (slave bond_slave_0): Releasing backup interface
[  594.647376][    T9] usb 5-1: device descriptor read/64, error -71
[  594.728101][T11727] bond0: (slave bond_slave_1): Releasing backup interface
[  594.753066][T11727] team0: Port device team_slave_0 removed
[  594.771929][    T9] usb usb5-port1: attempt power cycle
[  594.789601][T11727] team0: Port device team_slave_1 removed
[  594.796528][T11727] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  594.803978][T11727] batman_adv: batadv0: Removing interface: batadv_slave_0
[  594.887338][T11727] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  594.895070][T11727] batman_adv: batadv0: Removing interface: batadv_slave_1
[  595.002724][T11739] netlink: 31 bytes leftover after parsing attributes in process `syz.1.1515'.
[  595.114915][    T9] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  595.135591][    T9] usb 5-1: device descriptor read/8, error -71
[  595.152388][T11741] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1515'.
[  595.164590][T11744] IPv6: sit1: Disabled Multicast RS
[  595.645074][    T9] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  595.687511][    T9] usb 5-1: device descriptor read/8, error -71
[  595.845772][    T9] usb usb5-port1: unable to enumerate USB device
[  597.321612][T11774] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  599.843659][T11781] /dev/sg0: Can't lookup blockdev
[  599.935852][T11783] Invalid ELF header len 8
[  599.951471][T11783] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  599.958794][T11783] IPv6: NLM_F_CREATE should be set when creating new route
[  599.965001][ T6029] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  599.966267][T11783] IPv6: NLM_F_CREATE should be set when creating new route
[  600.114899][ T6029] usb 5-1: Using ep0 maxpacket: 8
[  600.122270][ T6029] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  600.135837][ T6029] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  600.145948][ T6029] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  600.159480][ T6029] usb 5-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00
[  600.171435][ T6029] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  600.183709][ T6029] usb 5-1: config 0 descriptor??
[  600.473921][T11796] FAULT_INJECTION: forcing a failure.
[  600.473921][T11796] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  600.513088][T11796] CPU: 1 UID: 0 PID: 11796 Comm: syz.3.1531 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  600.513118][T11796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  600.513139][T11796] Call Trace:
[  600.513148][T11796]  <TASK>
[  600.513157][T11796]  dump_stack_lvl+0x189/0x250
[  600.513185][T11796]  ? __pfx____ratelimit+0x10/0x10
[  600.513215][T11796]  ? __pfx_dump_stack_lvl+0x10/0x10
[  600.513236][T11796]  ? __pfx__printk+0x10/0x10
[  600.513260][T11796]  ? fs_reclaim_acquire+0x7d/0x100
[  600.513293][T11796]  should_fail_ex+0x414/0x560
[  600.513318][T11796]  prepare_alloc_pages+0x213/0x610
[  600.513345][T11796]  __alloc_frozen_pages_noprof+0x123/0x370
[  600.513370][T11796]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  600.513402][T11796]  ? policy_nodemask+0x27c/0x720
[  600.513419][T11796]  ? __lock_acquire+0xab9/0xd20
[  600.513440][T11796]  alloc_pages_mpol+0x232/0x4a0
[  600.513462][T11796]  vma_alloc_folio_noprof+0xe4/0x200
[  600.513483][T11796]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  600.513514][T11796]  folio_prealloc+0x30/0x180
[  600.513533][T11796]  __handle_mm_fault+0x2c88/0x5620
[  600.513580][T11796]  ? __pfx___handle_mm_fault+0x10/0x10
[  600.513627][T11796]  ? find_vma+0xe7/0x160
[  600.513643][T11796]  ? __pfx_find_vma+0x10/0x10
[  600.513662][T11796]  handle_mm_fault+0x2d5/0x7f0
[  600.513701][T11796]  do_user_addr_fault+0x764/0x1390
[  600.513744][T11796]  exc_page_fault+0x76/0xf0
[  600.513764][T11796]  asm_exc_page_fault+0x26/0x30
[  600.513781][T11796] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  600.513806][T11796] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  600.513823][T11796] RSP: 0018:ffffc9000eebfa58 EFLAGS: 00050202
[  600.513840][T11796] RAX: ffffffff84b6e501 RBX: ffff88806a168000 RCX: 0000000000000460
[  600.513854][T11796] RDX: 0000000000000000 RSI: ffff88806a168000 RDI: 0000200000003800
[  600.513867][T11796] RBP: ffffc9000eebfbb0 R08: ffff88806a16845f R09: 1ffff1100d42d08b
[  600.513881][T11796] R10: dffffc0000000000 R11: ffffed100d42d08c R12: 1ffff92001dd7faf
[  600.513895][T11796] R13: 0000200000003800 R14: ffffc9000eebfd88 R15: 0000000000000460
[  600.513917][T11796]  ? _copy_to_iter+0x1e1/0x16f0
[  600.513946][T11796]  _copy_to_iter+0x24c/0x16f0
[  600.513970][T11796]  ? seq_write+0xff/0x140
[  600.514005][T11796]  ? __pfx__copy_to_iter+0x10/0x10
[  600.514025][T11796]  ? __up_read+0x280/0x680
[  600.514050][T11796]  ? __pfx___up_read+0x10/0x10
[  600.514093][T11796]  seq_read_iter+0xbeb/0xe10
[  600.514142][T11796]  vfs_read+0x4d0/0x980
[  600.514175][T11796]  ? __pfx_vfs_read+0x10/0x10
[  600.514218][T11796]  ? __fget_files+0x2a/0x420
[  600.514245][T11796]  ksys_read+0x145/0x250
[  600.514265][T11796]  ? __pfx_ksys_read+0x10/0x10
[  600.514285][T11796]  ? do_syscall_64+0xbe/0x3b0
[  600.514311][T11796]  do_syscall_64+0xfa/0x3b0
[  600.514328][T11796]  ? lockdep_hardirqs_on+0x9c/0x150
[  600.514346][T11796]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.514363][T11796]  ? clear_bhb_loop+0x60/0xb0
[  600.514383][T11796]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.514401][T11796] RIP: 0033:0x7fa4ecf8eb69
[  600.514416][T11796] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  600.514432][T11796] RSP: 002b:00007fa4edd8c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  600.514450][T11796] RAX: ffffffffffffffda RBX: 00007fa4ed1b5fa0 RCX: 00007fa4ecf8eb69
[  600.514463][T11796] RDX: 0000000000002020 RSI: 0000200000003800 RDI: 0000000000000004
[  600.514473][T11796] RBP: 00007fa4edd8c090 R08: 0000000000000000 R09: 0000000000000000
[  600.514483][T11796] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  600.514493][T11796] R13: 0000000000000000 R14: 00007fa4ed1b5fa0 R15: 00007ffee9802da8
[  600.514522][T11796]  </TASK>
[  600.607215][ T6029] logitech 0003:046D:C293.0010: bogus close delimiter
[  600.640203][T11798] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1532'.
[  600.721301][ T6029] logitech 0003:046D:C293.0010: item 0 1 2 10 parsing failed
[  600.969508][ T6029] logitech 0003:046D:C293.0010: parse failed
[  600.976307][ T6029] logitech 0003:046D:C293.0010: probe with driver logitech failed with error -22
[  600.990883][ T6029] usb 5-1: USB disconnect, device number 15
[  601.019666][T11801] sch_tbf: burst 19872 is lower than device lo mtu (39799) !
[  601.083854][T11801] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1534'.
[  601.870312][T11817] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  601.912694][T11820] loop2: detected capacity change from 0 to 7
[  601.918979][   T43] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  601.993108][T11820]  loop2: p1
[  601.997372][T11820] loop2: partition table partially beyond EOD, truncated
[  602.007605][T11820] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  602.234974][   T43] usb 3-1: Using ep0 maxpacket: 8
[  602.246838][   T43] usb 3-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  602.256805][   T43] usb 3-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  602.462252][   T43] usb 3-1: Product: syz
[  602.466703][ T5952] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  602.500808][   T43] usb 3-1: Manufacturer: syz
[  602.519792][   T43] usb 3-1: SerialNumber: syz
[  602.521112][T11827] ptrace attach of "./syz-executor exec"[11828] was attempted by "./syz-executor exec"[11827]
[  602.556554][   T43] usb 3-1: config 0 descriptor??
[  602.610465][   T43] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  602.663259][ T5952] usb 2-1: Using ep0 maxpacket: 8
[  602.675736][ T5952] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  602.709455][ T5952] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  602.748054][ T5952] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  602.773780][T11801] serio: Serial port ptm0
[  602.916292][   T43] gspca_zc3xx: reg_w_i err -71
[  602.921178][   T43] gspca_zc3xx 3-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  603.364145][ T5952] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  603.386292][   T43] usb 3-1: USB disconnect, device number 33
[  603.394450][ T5952] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  603.415129][ T5952] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  603.424310][ T5952] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  603.985286][ T5952] usbtmc 2-1:16.0: probe with driver usbtmc failed with error -22
[  604.852009][T11853] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  604.861536][T11853] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  605.831563][T11863] netlink: 'syz.4.1552': attribute type 12 has an invalid length.
[  605.839793][T11863] netlink: 'syz.4.1552': attribute type 29 has an invalid length.
[  605.848985][T11863] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1552'.
[  605.859364][T11863] netlink: 'syz.4.1552': attribute type 1 has an invalid length.
[  605.882542][T11863] netlink: 'syz.4.1552': attribute type 2 has an invalid length.
[  605.893203][T11863] netlink: 7 bytes leftover after parsing attributes in process `syz.4.1552'.
[  605.934997][ T6029] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  605.953273][T11865] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1553'.
[  606.105268][ T6029] usb 3-1: Using ep0 maxpacket: 32
[  606.119752][ T6029] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  606.156856][ T6029] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  606.169460][ T6029] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  606.180498][ T6029] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  606.215182][ T3090] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  606.223935][ T6029] usb 3-1: config 0 descriptor??
[  606.365536][ T3090] usb 4-1: device descriptor read/64, error -71
[  606.605547][ T3090] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  606.926208][ T6029] usbhid 3-1:0.0: can't add hid device: -71
[  606.932205][ T6029] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  606.950690][ T6029] usb 3-1: USB disconnect, device number 34
[  606.999836][   T43] usb 2-1: USB disconnect, device number 18
[  607.018522][ T3090] usb 4-1: device descriptor read/64, error -71
[  607.168345][ T3090] usb usb4-port1: attempt power cycle
[  607.525070][ T3090] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  608.325847][ T3090] usb 4-1: device descriptor read/8, error -71
[  608.345941][   T43] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  608.373364][T11886] netlink: 'syz.1.1559': attribute type 3 has an invalid length.
[  608.388981][T11886] netlink: 199556 bytes leftover after parsing attributes in process `syz.1.1559'.
[  608.504899][   T43] usb 5-1: Using ep0 maxpacket: 32
[  608.561384][   T43] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  608.593373][ T3090] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  608.628474][   T43] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  608.677635][ T3090] usb 4-1: device descriptor read/8, error -71
[  608.703669][   T43] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  608.728618][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  608.744904][   T43] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  608.768249][   T43] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  608.797608][   T43] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  608.956594][ T3090] usb usb4-port1: unable to enumerate USB device
[  609.016679][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  609.136279][   T43] usb 5-1: config 0 descriptor??
[  609.308600][T11898] Invalid option length (1048372) for dns_resolver key
[  609.366903][   T43] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 16 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  609.425100][    T9] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  609.538332][   T43] usb 5-1: USB disconnect, device number 16
[  609.558959][   T43] usblp0: removed
[  609.754961][T10674] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  609.944896][   T43] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  609.955036][T10674] usb 4-1: Using ep0 maxpacket: 8
[  609.967483][T10674] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  609.982839][T10674] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  610.015688][T10674] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  610.104894][   T43] usb 5-1: Using ep0 maxpacket: 32
[  610.113139][T10674] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  610.176248][   T43] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  610.188393][   T43] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  610.197213][T10674] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  610.218583][   T43] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  610.231947][T10674] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  610.249221][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  610.370260][T10674] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  610.380342][   T43] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  610.394348][T10674] usbtmc 4-1:16.0: probe with driver usbtmc failed with error -22
[  610.400301][   T43] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  610.472190][   T43] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  610.529278][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  610.571511][   T43] usb 5-1: config 0 descriptor??
[  610.642423][   T43] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 17 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  610.661935][   T43] usb 5-1: USB disconnect, device number 17
[  610.670794][   T43] usblp0: removed
[  611.039057][   T43] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  611.435523][   T43] usb 5-1: Using ep0 maxpacket: 32
[  611.546674][   T43] usb 5-1: descriptor type invalid, skip
[  611.558634][   T43] usb 5-1: config 128 has an invalid interface number: 87 but max is 0
[  611.574361][   T43] usb 5-1: config 128 has no interface number 0
[  611.591489][   T43] usb 5-1: config 128 interface 87 altsetting 0 endpoint 0x7 has invalid maxpacket 56678, setting to 64
[  611.633933][   T43] usb 5-1: config 128 interface 87 altsetting 0 endpoint 0x2 has an invalid bInterval 129, changing to 11
[  611.647995][   T43] usb 5-1: config 128 interface 87 altsetting 0 has a duplicate endpoint with address 0x2, skipping
[  611.666728][   T43] usb 5-1: New USB device found, idVendor=0bfd, idProduct=0016, bcdDevice=c5.9a
[  611.676241][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  611.684431][   T43] usb 5-1: Product: syz
[  611.689223][   T43] usb 5-1: Manufacturer: syz
[  611.694022][   T43] usb 5-1: SerialNumber: syz
[  611.932030][T11912] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  611.955703][T11912] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  611.999351][T11912] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.1568'.
[  612.027027][   T43] kvaser_usb 5-1:128.87: error -ENODEV: Cannot get usb endpoint(s)
[  612.084314][   T43] usb 5-1: USB disconnect, device number 18
[  612.489686][T11928] netlink: 'syz.5.1572': attribute type 3 has an invalid length.
[  612.508876][T11928] netlink: 199556 bytes leftover after parsing attributes in process `syz.5.1572'.
[  612.555639][   T43] usb 4-1: USB disconnect, device number 25
[  612.722933][T11933] bond0: (slave rose0): Enslaving as an active interface with an up link
[  614.800689][T11945] netlink: 'syz.3.1575': attribute type 3 has an invalid length.
[  614.808677][T11945] netlink: 199556 bytes leftover after parsing attributes in process `syz.3.1575'.
[  616.068115][T11956] Invalid option length (1048372) for dns_resolver key
[  616.401361][T11962] xt_hashlimit: max too large, truncated to 1048576
[  616.616202][T11974] dlm: non-version read from control device 240
[  616.649595][T11974] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.1584'.
[  616.667545][T11976] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  616.708710][T11974] netlink: zone id is out of range
[  616.713925][T11974] netlink: get zone limit has 8 unknown bytes
[  616.731106][T11974] netlink: 'syz.2.1584': attribute type 2 has an invalid length.
[  616.739920][T11974] netlink: 'syz.2.1584': attribute type 22 has an invalid length.
[  618.129191][ T5952] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  618.305131][ T5952] usb 4-1: Using ep0 maxpacket: 8
[  618.604390][ T5952] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  618.619787][ T5952] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  618.629733][ T5952] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  618.640452][ T5952] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  618.650769][ T5952] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  618.684425][ T5952] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  618.705004][ T5952] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  618.751852][ T5952] usbtmc 4-1:16.0: probe with driver usbtmc failed with error -22
[  618.971127][T12002] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1594'.
[  619.015777][T12003] Invalid option length (1048372) for dns_resolver key
[  619.163012][T12005] netlink: 'syz.1.1595': attribute type 12 has an invalid length.
[  619.172584][T12005] netlink: 'syz.1.1595': attribute type 29 has an invalid length.
[  619.190463][T12005] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1595'.
[  619.201241][T12005] netlink: 'syz.1.1595': attribute type 1 has an invalid length.
[  619.228589][T12005] netlink: 'syz.1.1595': attribute type 2 has an invalid length.
[  619.255762][T12005] netlink: 7 bytes leftover after parsing attributes in process `syz.1.1595'.
[  621.311081][ T5952] usb 4-1: USB disconnect, device number 26
[  621.812082][T12034] syz.5.1601 (12034): drop_caches: 2
[  621.819598][T12034] syz.5.1601 (12034): drop_caches: 2
[  624.435247][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  624.531561][T12054] cgroup: fork rejected by pids controller in /syz5
[  624.575029][ T6029] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  624.669279][T12094] Invalid option length (1048372) for dns_resolver key
[  624.835462][ T6029] usb 6-1: Using ep0 maxpacket: 32
[  624.836214][T12099] FAULT_INJECTION: forcing a failure.
[  624.836214][T12099] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  624.858988][ T6029] usb 6-1: unable to get BOS descriptor or descriptor too short
[  624.881258][T12099] CPU: 0 UID: 0 PID: 12099 Comm: syz.1.1610 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  624.881280][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  624.881286][T12099] Call Trace:
[  624.881291][T12099]  <TASK>
[  624.881295][T12099]  dump_stack_lvl+0x189/0x250
[  624.881312][T12099]  ? __pfx____ratelimit+0x10/0x10
[  624.881324][T12099]  ? __pfx_dump_stack_lvl+0x10/0x10
[  624.881336][T12099]  ? __pfx__printk+0x10/0x10
[  624.881349][T12099]  ? __might_fault+0xb0/0x130
[  624.881366][T12099]  should_fail_ex+0x414/0x560
[  624.881380][T12099]  _copy_from_user+0x2d/0xb0
[  624.881395][T12099]  ___sys_sendmsg+0x158/0x2a0
[  624.881414][T12099]  ? __pfx____sys_sendmsg+0x10/0x10
[  624.881448][T12099]  ? __fget_files+0x2a/0x420
[  624.881462][T12099]  ? __fget_files+0x3a0/0x420
[  624.881479][T12099]  __sys_sendmmsg+0x227/0x430
[  624.881499][T12099]  ? __pfx___sys_sendmmsg+0x10/0x10
[  624.881514][T12099]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  624.881540][T12099]  ? ksys_write+0x22a/0x250
[  624.881553][T12099]  ? __pfx_ksys_write+0x10/0x10
[  624.881561][T12099]  ? rcu_is_watching+0x15/0xb0
[  624.881577][T12099]  __x64_sys_sendmmsg+0xa0/0xc0
[  624.881594][T12099]  do_syscall_64+0xfa/0x3b0
[  624.881604][T12099]  ? lockdep_hardirqs_on+0x9c/0x150
[  624.881615][T12099]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  624.881625][T12099]  ? clear_bhb_loop+0x60/0xb0
[  624.881638][T12099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  624.881648][T12099] RIP: 0033:0x7fbdc178eb69
[  624.881658][T12099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  624.881667][T12099] RSP: 002b:00007fbdc2626038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  624.881680][T12099] RAX: ffffffffffffffda RBX: 00007fbdc19b5fa0 RCX: 00007fbdc178eb69
[  624.881687][T12099] RDX: 0400000000000235 RSI: 0000200000000000 RDI: 0000000000000003
[  624.881694][T12099] RBP: 00007fbdc2626090 R08: 0000000000000000 R09: 0000000000000000
[  624.881701][T12099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  624.881706][T12099] R13: 0000000000000000 R14: 00007fbdc19b5fa0 R15: 00007ffd31e19f78
[  624.881722][T12099]  </TASK>
[  624.881847][ T6029] usb 6-1: config 129 has an invalid interface number: 249 but max is 0
[  625.341823][ T6029] usb 6-1: config 129 has no interface number 0
[  625.365514][ T6029] usb 6-1: config 129 interface 249 altsetting 247 bulk endpoint 0x81 has invalid maxpacket 32
[  625.387363][ T6029] usb 6-1: config 129 interface 249 altsetting 247 endpoint 0xA has invalid wMaxPacketSize 0
[  625.404926][ T6029] usb 6-1: config 129 interface 249 has no altsetting 0
[  625.419680][ T6029] usb 6-1: New USB device found, idVendor=0424, idProduct=9908, bcdDevice=2e.38
[  625.431392][ T6029] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  625.445558][ T6029] usb 6-1: Product: syz
[  625.449805][ T6029] usb 6-1: Manufacturer: syz
[  625.454415][ T6029] usb 6-1: SerialNumber: syz
[  625.485242][T12060] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  625.686742][T12118] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  625.840687][   T10] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  628.204921][   T10] usb 3-1: Using ep0 maxpacket: 32
[  628.229746][   T10] usb 3-1: config 0 has an invalid interface number: 111 but max is 0
[  628.275310][ T6029] smsc95xx v2.0.0
[  628.308327][ T6029] smsc95xx 6-1:129.249 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71
[  628.323763][   T10] usb 3-1: config 0 has no interface number 0
[  628.359522][   T10] usb 3-1: config 0 interface 111 has no altsetting 0
[  628.374163][ T6029] smsc95xx 6-1:129.249: probe with driver smsc95xx failed with error -71
[  628.397947][   T10] usb 3-1: New USB device found, idVendor=0403, idProduct=daf9, bcdDevice=be.f3
[  628.467662][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  628.468248][   T10] usb 3-1: Product: syz
[  628.468266][   T10] usb 3-1: Manufacturer: syz
[  628.468280][   T10] usb 3-1: SerialNumber: syz
[  628.472329][ T6029] usb 6-1: USB disconnect, device number 11
[  628.488465][   T10] usb 3-1: config 0 descriptor??
[  628.504987][   T10] usb 3-1: can't set config #0, error -71
[  628.514976][   T10] usb 3-1: USB disconnect, device number 35
[  628.602676][T12197] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1621'.
[  628.769213][T12204] FAULT_INJECTION: forcing a failure.
[  628.769213][T12204] name failslab, interval 1, probability 0, space 0, times 0
[  628.854302][T12204] CPU: 1 UID: 0 PID: 12204 Comm: syz.2.1623 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  628.854331][T12204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  628.854343][T12204] Call Trace:
[  628.854351][T12204]  <TASK>
[  628.854360][T12204]  dump_stack_lvl+0x189/0x250
[  628.854386][T12204]  ? __pfx____ratelimit+0x10/0x10
[  628.854408][T12204]  ? __pfx_dump_stack_lvl+0x10/0x10
[  628.854429][T12204]  ? __pfx__printk+0x10/0x10
[  628.854459][T12204]  ? __pfx___might_resched+0x10/0x10
[  628.854485][T12204]  should_fail_ex+0x414/0x560
[  628.854510][T12204]  should_failslab+0xa8/0x100
[  628.854533][T12204]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  628.854552][T12204]  ? __alloc_skb+0x112/0x2d0
[  628.854582][T12204]  __alloc_skb+0x112/0x2d0
[  628.854612][T12204]  netlink_sendmsg+0x5c6/0xb30
[  628.854650][T12204]  ? __pfx_netlink_sendmsg+0x10/0x10
[  628.854685][T12204]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  628.854704][T12204]  ? __pfx_netlink_sendmsg+0x10/0x10
[  628.854731][T12204]  __sock_sendmsg+0x21c/0x270
[  628.854758][T12204]  ____sys_sendmsg+0x52d/0x830
[  628.854794][T12204]  ? __pfx_____sys_sendmsg+0x10/0x10
[  628.854831][T12204]  ? import_iovec+0x74/0xa0
[  628.854861][T12204]  ___sys_sendmsg+0x21f/0x2a0
[  628.854892][T12204]  ? __pfx____sys_sendmsg+0x10/0x10
[  628.854959][T12204]  ? __fget_files+0x2a/0x420
[  628.854980][T12204]  ? __fget_files+0x3a0/0x420
[  628.855012][T12204]  __sys_sendmmsg+0x227/0x430
[  628.855047][T12204]  ? __pfx___sys_sendmmsg+0x10/0x10
[  628.855073][T12204]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  628.855123][T12204]  ? ksys_write+0x22a/0x250
[  628.855144][T12204]  ? __pfx_ksys_write+0x10/0x10
[  628.855159][T12204]  ? rcu_is_watching+0x15/0xb0
[  628.855188][T12204]  __x64_sys_sendmmsg+0xa0/0xc0
[  628.855219][T12204]  do_syscall_64+0xfa/0x3b0
[  628.855239][T12204]  ? lockdep_hardirqs_on+0x9c/0x150
[  628.855259][T12204]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.855279][T12204]  ? clear_bhb_loop+0x60/0xb0
[  628.855308][T12204]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.855328][T12204] RIP: 0033:0x7f45df18eb69
[  628.855345][T12204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  628.855362][T12204] RSP: 002b:00007f45dff6c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  628.855383][T12204] RAX: ffffffffffffffda RBX: 00007f45df3b5fa0 RCX: 00007f45df18eb69
[  628.855396][T12204] RDX: 0400000000000235 RSI: 0000200000000000 RDI: 0000000000000003
[  628.855410][T12204] RBP: 00007f45dff6c090 R08: 0000000000000000 R09: 0000000000000000
[  628.855421][T12204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  628.855433][T12204] R13: 0000000000000000 R14: 00007f45df3b5fa0 R15: 00007ffc0741ec18
[  628.855464][T12204]  </TASK>
[  630.541351][T12222] netlink: 'syz.2.1626': attribute type 3 has an invalid length.
[  630.549404][T12222] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1626'.
[  633.053665][T12228] FAULT_INJECTION: forcing a failure.
[  633.053665][T12228] name failslab, interval 1, probability 0, space 0, times 0
[  633.070796][T12228] CPU: 0 UID: 0 PID: 12228 Comm: syz.2.1629 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  633.070825][T12228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  633.070838][T12228] Call Trace:
[  633.070846][T12228]  <TASK>
[  633.070854][T12228]  dump_stack_lvl+0x189/0x250
[  633.070881][T12228]  ? __pfx____ratelimit+0x10/0x10
[  633.070909][T12228]  ? __pfx_dump_stack_lvl+0x10/0x10
[  633.070930][T12228]  ? __pfx__printk+0x10/0x10
[  633.070961][T12228]  ? __pfx___might_resched+0x10/0x10
[  633.070987][T12228]  should_fail_ex+0x414/0x560
[  633.071012][T12228]  should_failslab+0xa8/0x100
[  633.071036][T12228]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  633.071057][T12228]  ? __alloc_skb+0x112/0x2d0
[  633.071087][T12228]  __alloc_skb+0x112/0x2d0
[  633.071117][T12228]  netlink_sendmsg+0x5c6/0xb30
[  633.071154][T12228]  ? __pfx_netlink_sendmsg+0x10/0x10
[  633.071190][T12228]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  633.071209][T12228]  ? __pfx_netlink_sendmsg+0x10/0x10
[  633.071237][T12228]  __sock_sendmsg+0x21c/0x270
[  633.071263][T12228]  ____sys_sendmsg+0x52d/0x830
[  633.071298][T12228]  ? __pfx_____sys_sendmsg+0x10/0x10
[  633.071336][T12228]  ? import_iovec+0x74/0xa0
[  633.071367][T12228]  ___sys_sendmsg+0x21f/0x2a0
[  633.071398][T12228]  ? __pfx____sys_sendmsg+0x10/0x10
[  633.071465][T12228]  ? __fget_files+0x2a/0x420
[  633.071485][T12228]  ? __fget_files+0x3a0/0x420
[  633.071518][T12228]  __sys_sendmmsg+0x227/0x430
[  633.071553][T12228]  ? __pfx___sys_sendmmsg+0x10/0x10
[  633.071578][T12228]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  633.071628][T12228]  ? ksys_write+0x22a/0x250
[  633.071648][T12228]  ? __pfx_ksys_write+0x10/0x10
[  633.071664][T12228]  ? rcu_is_watching+0x15/0xb0
[  633.071692][T12228]  __x64_sys_sendmmsg+0xa0/0xc0
[  633.071724][T12228]  do_syscall_64+0xfa/0x3b0
[  633.071744][T12228]  ? lockdep_hardirqs_on+0x9c/0x150
[  633.071764][T12228]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.071783][T12228]  ? clear_bhb_loop+0x60/0xb0
[  633.071809][T12228]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.071827][T12228] RIP: 0033:0x7f45df18eb69
[  633.071844][T12228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  633.071861][T12228] RSP: 002b:00007f45dff6c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  633.071882][T12228] RAX: ffffffffffffffda RBX: 00007f45df3b5fa0 RCX: 00007f45df18eb69
[  633.071901][T12228] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004
[  633.071915][T12228] RBP: 00007f45dff6c090 R08: 0000000000000000 R09: 0000000000000000
[  633.071928][T12228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  633.071940][T12228] R13: 0000000000000000 R14: 00007f45df3b5fa0 R15: 00007ffc0741ec18
[  633.071972][T12228]  </TASK>
[  635.960461][T12259] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1636'.
[  636.368848][   T10] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  636.577939][ T5923] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  636.765750][ T5923] usb 5-1: Using ep0 maxpacket: 32
[  636.827882][ T5923] usb 5-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  636.942039][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  637.182658][ T5923] usb 5-1: Product: syz
[  637.187524][ T5923] usb 5-1: Manufacturer: syz
[  637.192212][ T5923] usb 5-1: SerialNumber: syz
[  637.195942][T12278] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1642'.
[  637.207382][ T5923] usb 5-1: config 0 descriptor??
[  637.331297][T12282] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1644'.
[  637.626743][ T5923] airspy 5-1:0.0: Board ID: 00
[  637.631573][ T5923] airspy 5-1:0.0: Firmware version: 
[  638.016300][T12291] netlink: 212316 bytes leftover after parsing attributes in process `syz.4.1639'.
[  638.326564][T12270] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  638.336744][T12270] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  638.417213][T12270] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  638.430780][T12270] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  638.449534][T12270] geneve2: entered promiscuous mode
[  638.458910][T12270] geneve2: entered allmulticast mode
[  638.858144][ T5923] airspy 5-1:0.0: usb_control_msg() failed -110 request 11
[  638.927864][ T5923] airspy 5-1:0.0: Registered as swradio24
[  638.961890][ T5923] airspy 5-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  639.058905][ T5923] usb 5-1: USB disconnect, device number 19
[  640.075515][T12320] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1653'.
[  640.375232][T12322] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1654'.
[  640.715160][   T10] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  640.904885][ T6029] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  640.934851][   T10] usb 6-1: Using ep0 maxpacket: 8
[  640.951833][   T10] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  640.961991][   T10] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  641.034994][ T5923] usb 3-1: new low-speed USB device number 37 using dummy_hcd
[  641.254247][   T10] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  641.264217][   T10] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  641.274245][ T6029] usb 4-1: Using ep0 maxpacket: 32
[  641.279494][   T10] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  641.294708][ T6029] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  641.307824][   T10] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  641.317482][ T6029] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  641.327341][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  641.335570][ T6029] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  641.344631][ T6029] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  641.358651][   T10] usbtmc 6-1:16.0: probe with driver usbtmc failed with error -22
[  641.372158][ T6029] usb 4-1: config 0 descriptor??
[  641.395075][ T5923] usb 3-1: Invalid ep0 maxpacket: 64
[  641.534933][ T5923] usb 3-1: new low-speed USB device number 38 using dummy_hcd
[  641.595255][ T6029] usbhid 4-1:0.0: can't add hid device: -71
[  641.601247][ T6029] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  641.628680][ T6029] usb 4-1: USB disconnect, device number 27
[  641.694949][ T5923] usb 3-1: Invalid ep0 maxpacket: 64
[  642.487717][ T5923] usb usb3-port1: attempt power cycle
[  643.024929][ T5923] usb 3-1: new low-speed USB device number 39 using dummy_hcd
[  643.033498][T12351] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  643.043066][T12351] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  643.117991][ T5923] usb 3-1: Invalid ep0 maxpacket: 64
[  643.255038][ T5923] usb 3-1: new low-speed USB device number 40 using dummy_hcd
[  643.572609][T12352] ptm ptm1: ldisc open failed (-12), clearing slot 1
[  644.821996][T12364] netlink: 'syz.1.1665': attribute type 12 has an invalid length.
[  644.856990][T12364] netlink: 'syz.1.1665': attribute type 29 has an invalid length.
[  644.902463][T12364] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1665'.
[  644.965611][T12364] netlink: 59 bytes leftover after parsing attributes in process `syz.1.1665'.
[  645.192393][ T5923] usb 3-1: device descriptor read/8, error -71
[  645.198903][ T5952] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  645.317599][ T5923] usb usb3-port1: unable to enumerate USB device
[  645.375016][ T5952] usb 5-1: Using ep0 maxpacket: 16
[  645.405131][ T5952] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  645.422128][T12373] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1667'.
[  645.436139][ T5952] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  645.459327][ T5952] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  645.482760][ T5952] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  645.517601][   T10] usb 6-1: USB disconnect, device number 12
[  645.521602][ T5952] usb 5-1: Product: syz
[  645.541861][ T5952] usb 5-1: Manufacturer: syz
[  645.547266][ T5952] usb 5-1: SerialNumber: syz
[  645.617420][T12377] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1668'.
[  651.275493][    C1] raw-gadget.3 gadget.4: ignoring, device is not running
[  651.965586][    C1] raw-gadget.3 gadget.4: ignoring, device is not running
[  651.986041][    C1] raw-gadget.3 gadget.4: ignoring, device is not running
[  652.001521][ T5952] usb 5-1: 0:2 : does not exist
[  652.054045][ T5952] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  652.135770][ T5952] usb 5-1: USB disconnect, device number 20
[  652.794909][ T5952] usb 5-1: new full-speed USB device number 21 using dummy_hcd
[  652.825010][ T3090] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  652.958742][ T5952] usb 5-1: config 0 has an invalid interface number: 29 but max is 0
[  652.974849][ T5952] usb 5-1: config 0 has no interface number 0
[  652.991523][ T5952] usb 5-1: config 0 interface 29 has no altsetting 0
[  653.006644][ T3090] usb 2-1: Using ep0 maxpacket: 8
[  653.025981][ T5952] usb 5-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  653.041659][ T3090] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  653.062365][ T5952] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  653.074877][ T3090] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  653.095199][ T5952] usb 5-1: Product: syz
[  653.099417][ T5952] usb 5-1: Manufacturer: syz
[  653.104032][ T5952] usb 5-1: SerialNumber: syz
[  653.108810][ T3090] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  653.137864][ T5952] usb 5-1: config 0 descriptor??
[  653.143087][ T3090] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  653.173887][ T3090] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  653.197288][ T3090] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  653.217603][ T3090] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  653.249321][ T3090] usbtmc 2-1:16.0: probe with driver usbtmc failed with error -22
[  653.355326][ T5952] peak_usb 5-1:0.29: PEAK-System PCAN-USB X6 v0 fw v0.0.0 (2 channels)
[  653.369648][T12431] netlink: 'syz.2.1683': attribute type 21 has an invalid length.
[  653.381432][T12431] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1683'.
[  653.561404][ T5952] peak_usb 5-1:0.29 can0: sending command failure: -22
[  653.573214][ T5952] peak_usb 5-1:0.29 can0: sending command failure: -22
[  653.603616][ T5952] peak_usb 5-1:0.29 can0: sending command failure: -22
[  654.035077][ T5952] peak_usb 5-1:0.29: probe with driver peak_usb failed with error -22
[  654.057565][T12438] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  654.350701][T12444] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  654.367458][T12444] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  654.413516][T12438] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  654.416208][T12444] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  654.434683][T12444] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  654.720977][ T5923] usb 5-1: USB disconnect, device number 21
[  655.914937][   T10] usb 2-1: USB disconnect, device number 20
[  656.445182][T10674] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  656.642594][T10674] usb 4-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  656.660072][T10674] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.671147][T12484] netlink: 'syz.2.1698': attribute type 1 has an invalid length.
[  656.682752][T10674] usb 4-1: config 0 descriptor??
[  656.714889][ T5952] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  656.955264][ T5952] usb 5-1: Using ep0 maxpacket: 8
[  656.969871][ T5952] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee
[  657.005020][ T5952] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  657.071992][ T5952] usb 5-1: Product: syz
[  657.084865][ T5952] usb 5-1: Manufacturer: syz
[  657.098799][ T5952] usb 5-1: SerialNumber: syz
[  657.175911][ T5952] usb 5-1: config 0 descriptor??
[  657.411552][T12489] Invalid option length (1048372) for dns_resolver key
[  657.802894][ T5952] dvb_usb_rtl28xxu 5-1:0.0: chip type detection failed -71
[  657.824932][ T5952] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  657.854496][ T5952] usb 5-1: USB disconnect, device number 22
[  657.917816][T10674] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  657.928878][T10674] asix 4-1:0.0: probe with driver asix failed with error -71
[  657.997923][T10674] usb 4-1: USB disconnect, device number 28
[  658.115761][T12495] bridge0: entered allmulticast mode
[  658.129421][T12495] pim6reg: entered allmulticast mode
[  658.171677][T12495] pim6reg: left allmulticast mode
[  658.196069][T12495] bridge0: left allmulticast mode
[  661.275915][T12534] Invalid option length (1048372) for dns_resolver key
[  662.228389][T12541] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  662.237835][T12541] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  662.983757][T11838] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  663.061730][T11838] hid-generic 0000:0000:0000.0011: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  663.837797][T12576] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1721'.
[  664.625839][T12582] Invalid option length (1048372) for dns_resolver key
[  664.749710][T12584] netlink: 'syz.5.1726': attribute type 2 has an invalid length.
[  664.780421][T12584] virtio-fs: tag </dev/md0> not found
[  665.184988][T10674] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  665.294933][ T5952] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  665.360581][T10674] usb 6-1: Using ep0 maxpacket: 32
[  665.371167][T10674] usb 6-1: config 2 has an invalid interface number: 157 but max is 0
[  665.382533][T10674] usb 6-1: config 2 has no interface number 0
[  665.397837][T10674] usb 6-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=a4.1b
[  665.411503][T10674] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  665.421008][T10674] usb 6-1: Product: syz
[  665.425425][T10674] usb 6-1: Manufacturer: syz
[  665.430168][T10674] usb 6-1: SerialNumber: syz
[  665.442797][T10674] imon 6-1:2.157: unable to register, err -19
[  665.445050][ T5952] usb 2-1: Using ep0 maxpacket: 8
[  665.470316][ T5952] usb 2-1: config 0 has an invalid interface number: 115 but max is 0
[  665.494652][ T5952] usb 2-1: config 0 has no interface number 0
[  665.506526][ T5952] usb 2-1: New USB device found, idVendor=03f0, idProduct=026b, bcdDevice=46.29
[  665.515908][ T5952] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  665.525325][ T5952] usb 2-1: Product: syz
[  665.529553][ T5952] usb 2-1: Manufacturer: syz
[  665.534170][ T5952] usb 2-1: SerialNumber: syz
[  665.542006][ T5952] usb 2-1: config 0 descriptor??
[  665.632878][T12605] FAULT_INJECTION: forcing a failure.
[  665.632878][T12605] name failslab, interval 1, probability 0, space 0, times 0
[  665.651592][T12588] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  665.661325][T12588] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  665.672921][T12605] CPU: 0 UID: 60929 PID: 12605 Comm: syz.2.1732 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  665.672949][T12605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  665.672962][T12605] Call Trace:
[  665.672970][T12605]  <TASK>
[  665.672979][T12605]  dump_stack_lvl+0x189/0x250
[  665.673008][T12605]  ? __pfx____ratelimit+0x10/0x10
[  665.673030][T12605]  ? __pfx_dump_stack_lvl+0x10/0x10
[  665.673052][T12605]  ? __pfx__printk+0x10/0x10
[  665.673083][T12605]  ? __pfx___might_resched+0x10/0x10
[  665.673110][T12605]  should_fail_ex+0x414/0x560
[  665.673135][T12605]  ? seq_read_iter+0x1fd/0xe10
[  665.673161][T12605]  should_failslab+0xa8/0x100
[  665.673185][T12605]  __kvmalloc_node_noprof+0x161/0x5f0
[  665.673205][T12605]  ? seq_read_iter+0x1fd/0xe10
[  665.673231][T12605]  ? __mutex_trylock_common+0x153/0x260
[  665.673259][T12605]  seq_read_iter+0x1fd/0xe10
[  665.673307][T12605]  vfs_read+0x4d0/0x980
[  665.673346][T12605]  ? __pfx_vfs_read+0x10/0x10
[  665.673387][T12605]  ? __fget_files+0x2a/0x420
[  665.673419][T12605]  ksys_read+0x145/0x250
[  665.673440][T12605]  ? __pfx_ksys_read+0x10/0x10
[  665.673454][T12605]  ? rcu_is_watching+0x15/0xb0
[  665.673491][T12605]  ? do_syscall_64+0xbe/0x3b0
[  665.673516][T12605]  do_syscall_64+0xfa/0x3b0
[  665.673536][T12605]  ? lockdep_hardirqs_on+0x9c/0x150
[  665.673555][T12605]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  665.673574][T12605]  ? clear_bhb_loop+0x60/0xb0
[  665.673596][T12605]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  665.673614][T12605] RIP: 0033:0x7f45df18eb69
[  665.673631][T12605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  665.673647][T12605] RSP: 002b:00007f45dff6c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  665.673666][T12605] RAX: ffffffffffffffda RBX: 00007f45df3b5fa0 RCX: 00007f45df18eb69
[  665.673681][T12605] RDX: 0000000000002020 RSI: 0000200000003800 RDI: 0000000000000004
[  665.673694][T12605] RBP: 00007f45dff6c090 R08: 0000000000000000 R09: 0000000000000000
[  665.673705][T12605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  665.673716][T12605] R13: 0000000000000000 R14: 00007f45df3b5fa0 R15: 00007ffc0741ec18
[  665.673748][T12605]  </TASK>
[  665.741233][T11838] usb 6-1: USB disconnect, device number 13
[  665.910960][ T5952] pl2303 2-1:0.115: required endpoints missing
[  665.942030][T12609] netlink: 'syz.3.1735': attribute type 11 has an invalid length.
[  665.952149][T12609] netlink: 149476 bytes leftover after parsing attributes in process `syz.3.1735'.
[  666.044202][T12609] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  666.949834][T12623] Invalid option length (1048372) for dns_resolver key
[  667.090119][T12624] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode broadcast(3)
[  667.337646][ T5923] usb 2-1: USB disconnect, device number 21
[  668.320564][T12633] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1739'.
[  668.715092][T12654] FAULT_INJECTION: forcing a failure.
[  668.715092][T12654] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  668.729720][T12646] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  668.755131][T12654] CPU: 1 UID: 60929 PID: 12654 Comm: syz.3.1744 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  668.755150][T12654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  668.755157][T12654] Call Trace:
[  668.755162][T12654]  <TASK>
[  668.755167][T12654]  dump_stack_lvl+0x189/0x250
[  668.755184][T12654]  ? __pfx____ratelimit+0x10/0x10
[  668.755195][T12654]  ? __pfx_dump_stack_lvl+0x10/0x10
[  668.755214][T12654]  ? __pfx__printk+0x10/0x10
[  668.755228][T12654]  ? __might_fault+0xb0/0x130
[  668.755244][T12654]  should_fail_ex+0x414/0x560
[  668.755259][T12654]  _copy_to_iter+0x1db/0x16f0
[  668.755273][T12654]  ? seq_write+0xff/0x140
[  668.755288][T12654]  ? __pfx__copy_to_iter+0x10/0x10
[  668.755298][T12654]  ? __up_read+0x280/0x680
[  668.755313][T12654]  ? __pfx___up_read+0x10/0x10
[  668.755331][T12654]  seq_read_iter+0xbeb/0xe10
[  668.755358][T12654]  vfs_read+0x4d0/0x980
[  668.755380][T12654]  ? __pfx_vfs_read+0x10/0x10
[  668.755412][T12654]  ? __fget_files+0x2a/0x420
[  668.755443][T12654]  ksys_read+0x145/0x250
[  668.755457][T12654]  ? __pfx_ksys_read+0x10/0x10
[  668.755466][T12654]  ? rcu_is_watching+0x15/0xb0
[  668.755481][T12654]  ? do_syscall_64+0xbe/0x3b0
[  668.755495][T12654]  do_syscall_64+0xfa/0x3b0
[  668.755510][T12654]  ? lockdep_hardirqs_on+0x9c/0x150
[  668.755521][T12654]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  668.755531][T12654]  ? clear_bhb_loop+0x60/0xb0
[  668.755544][T12654]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  668.755553][T12654] RIP: 0033:0x7fa4ecf8eb69
[  668.755564][T12654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  668.755573][T12654] RSP: 002b:00007fa4edd8c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  668.755585][T12654] RAX: ffffffffffffffda RBX: 00007fa4ed1b5fa0 RCX: 00007fa4ecf8eb69
[  668.755592][T12654] RDX: 0000000000002020 RSI: 0000200000003800 RDI: 0000000000000004
[  668.755603][T12654] RBP: 00007fa4edd8c090 R08: 0000000000000000 R09: 0000000000000000
[  668.755609][T12654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  668.755615][T12654] R13: 0000000000000000 R14: 00007fa4ed1b5fa0 R15: 00007ffee9802da8
[  668.755632][T12654]  </TASK>
[  668.973060][    C1] vkms_vblank_simulate: vblank timer overrun
[  669.063085][T12657] Bluetooth: MGMT ver 1.23
[  669.285024][T11838] usb 5-1: new full-speed USB device number 23 using dummy_hcd
[  669.462027][T11838] usb 5-1: device descriptor read/64, error -71
[  670.526161][T11838] usb 5-1: new full-speed USB device number 24 using dummy_hcd
[  671.017500][T12679] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1750'.
[  671.045389][T12679] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1750'.
[  671.572584][T11838] usb usb5-port1: attempt power cycle
[  672.584981][T11838] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  672.659769][T11838] usb 5-1: Using ep0 maxpacket: 32
[  672.678367][T11838] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  672.708384][T11838] usb 5-1: too many endpoints for config 0 interface 0 altsetting 5: 69, using maximum allowed: 30
[  672.723327][T12702] FAULT_INJECTION: forcing a failure.
[  672.723327][T12702] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  672.762634][T11838] usb 5-1: config 0 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 69
[  672.782511][T11838] usb 5-1: config 0 interface 0 has no altsetting 1
[  672.789641][T12702] CPU: 0 UID: 60929 PID: 12702 Comm: syz.5.1756 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  672.789670][T12702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  672.789682][T12702] Call Trace:
[  672.789690][T12702]  <TASK>
[  672.789698][T12702]  dump_stack_lvl+0x189/0x250
[  672.789725][T12702]  ? __pfx____ratelimit+0x10/0x10
[  672.789746][T12702]  ? __pfx_dump_stack_lvl+0x10/0x10
[  672.789767][T12702]  ? __pfx__printk+0x10/0x10
[  672.789792][T12702]  ? fs_reclaim_acquire+0x7d/0x100
[  672.789824][T12702]  should_fail_ex+0x414/0x560
[  672.789852][T12702]  prepare_alloc_pages+0x213/0x610
[  672.789883][T12702]  __alloc_frozen_pages_noprof+0x123/0x370
[  672.789912][T12702]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  672.789948][T12702]  ? policy_nodemask+0x27c/0x720
[  672.789973][T12702]  ? __lock_acquire+0xab9/0xd20
[  672.789998][T12702]  alloc_pages_mpol+0x232/0x4a0
[  672.790029][T12702]  vma_alloc_folio_noprof+0xe4/0x200
[  672.790058][T12702]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  672.790095][T12702]  folio_prealloc+0x30/0x180
[  672.790117][T12702]  __handle_mm_fault+0x2c88/0x5620
[  672.790170][T12702]  ? __pfx___handle_mm_fault+0x10/0x10
[  672.790223][T12702]  ? find_vma+0xe7/0x160
[  672.790241][T12702]  ? __pfx_find_vma+0x10/0x10
[  672.790261][T12702]  handle_mm_fault+0x2d5/0x7f0
[  672.790298][T12702]  do_user_addr_fault+0x764/0x1390
[  672.790340][T12702]  exc_page_fault+0x76/0xf0
[  672.790363][T12702]  asm_exc_page_fault+0x26/0x30
[  672.790380][T12702] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  672.790407][T12702] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  672.790422][T12702] RSP: 0018:ffffc9000b14fa58 EFLAGS: 00050202
[  672.790440][T12702] RAX: ffffffff84b6e501 RBX: ffff88807dfc2000 RCX: 0000000000000460
[  672.790455][T12702] RDX: 0000000000000000 RSI: ffff88807dfc2000 RDI: 0000200000003800
[  672.790468][T12702] RBP: ffffc9000b14fbb0 R08: ffff88807dfc245f R09: 1ffff1100fbf848b
[  672.790483][T12702] R10: dffffc0000000000 R11: ffffed100fbf848c R12: 1ffff92001629faf
[  672.790497][T12702] R13: 0000200000003800 R14: ffffc9000b14fd88 R15: 0000000000000460
[  672.790518][T12702]  ? _copy_to_iter+0x1e1/0x16f0
[  672.790549][T12702]  _copy_to_iter+0x24c/0x16f0
[  672.790572][T12702]  ? seq_write+0xff/0x140
[  672.790599][T12702]  ? __pfx__copy_to_iter+0x10/0x10
[  672.790619][T12702]  ? __up_read+0x280/0x680
[  672.790644][T12702]  ? __pfx___up_read+0x10/0x10
[  672.790678][T12702]  seq_read_iter+0xbeb/0xe10
[  672.790726][T12702]  vfs_read+0x4d0/0x980
[  672.790765][T12702]  ? __pfx_vfs_read+0x10/0x10
[  672.790803][T12702]  ? __fget_files+0x2a/0x420
[  672.790835][T12702]  ksys_read+0x145/0x250
[  672.790857][T12702]  ? __pfx_ksys_read+0x10/0x10
[  672.790872][T12702]  ? rcu_is_watching+0x15/0xb0
[  672.790898][T12702]  ? do_syscall_64+0xbe/0x3b0
[  672.790924][T12702]  do_syscall_64+0xfa/0x3b0
[  672.790944][T12702]  ? lockdep_hardirqs_on+0x9c/0x150
[  672.790963][T12702]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.790983][T12702]  ? clear_bhb_loop+0x60/0xb0
[  672.791005][T12702]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.791024][T12702] RIP: 0033:0x7f5987b8eb69
[  672.791047][T12702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  672.791063][T12702] RSP: 002b:00007f59859f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  672.791081][T12702] RAX: ffffffffffffffda RBX: 00007f5987db5fa0 RCX: 00007f5987b8eb69
[  672.791095][T12702] RDX: 0000000000002020 RSI: 0000200000003800 RDI: 0000000000000004
[  672.791107][T12702] RBP: 00007f59859f6090 R08: 0000000000000000 R09: 0000000000000000
[  672.791119][T12702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  672.791129][T12702] R13: 0000000000000000 R14: 00007f5987db5fa0 R15: 00007fff52075658
[  672.791160][T12702]  </TASK>
[  673.431453][T11838] usb 5-1: New USB device found, idVendor=152d, idProduct=0539, bcdDevice= 0.00
[  673.442009][T11838] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  673.450317][T11838] usb 5-1: SerialNumber: syz
[  673.480163][T11838] usb 5-1: config 0 descriptor??
[  673.490854][T11838] usb-storage 5-1:0.0: USB Mass Storage device detected
[  673.538729][T11838] usb-storage 5-1:0.0: Quirks match for vid 152d pid 0539: 4000000
[  673.700065][T11838] usb 5-1: USB disconnect, device number 25
[  675.710991][T12737] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1763'.
[  676.521873][T12739] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  676.565326][T12739] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  676.690585][T12746] loop2: detected capacity change from 0 to 7
[  676.746080][T10674] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  676.749595][T12746]  loop2: p1
[  676.760698][T12746] loop2: partition table partially beyond EOD, truncated
[  676.807250][T12746] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  676.845244][T11838] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  677.138725][T11838] usb 6-1: config 0 has an invalid interface number: 225 but max is 0
[  677.165187][T11838] usb 6-1: config 0 has no interface number 0
[  677.176369][T10674] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  677.181802][T11838] usb 6-1: config 0 interface 225 altsetting 9 bulk endpoint 0x6 has invalid maxpacket 32
[  677.202543][T10674] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  677.224402][T11838] usb 6-1: config 0 interface 225 altsetting 9 bulk endpoint 0x82 has invalid maxpacket 8
[  677.228639][T10674] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  677.272275][T11838] usb 6-1: config 0 interface 225 has no altsetting 0
[  677.272528][T10674] usb 5-1: New USB device found, idVendor=1e7d, idProduct=3232, bcdDevice= 0.00
[  677.292805][T11838] usb 6-1: New USB device found, idVendor=1410, idProduct=7041, bcdDevice=47.0e
[  677.296919][T10674] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  677.304575][T12751] FAULT_INJECTION: forcing a failure.
[  677.304575][T12751] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  677.328598][T11838] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  677.330131][T10674] usb 5-1: config 0 descriptor??
[  677.342999][T11838] usb 6-1: Product: syz
[  677.352987][T11838] usb 6-1: Manufacturer: syz
[  677.359050][T12751] CPU: 0 UID: 60929 PID: 12751 Comm: syz.1.1770 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  677.359081][T12751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  677.359093][T12751] Call Trace:
[  677.359101][T12751]  <TASK>
[  677.359109][T12751]  dump_stack_lvl+0x189/0x250
[  677.359136][T12751]  ? __pfx____ratelimit+0x10/0x10
[  677.359158][T12751]  ? __pfx_dump_stack_lvl+0x10/0x10
[  677.359179][T12751]  ? __pfx__printk+0x10/0x10
[  677.359218][T12751]  should_fail_ex+0x414/0x560
[  677.359243][T12751]  _copy_to_user+0x31/0xb0
[  677.359272][T12751]  simple_read_from_buffer+0xe1/0x170
[  677.359305][T12751]  proc_fail_nth_read+0x1df/0x250
[  677.359333][T12751]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  677.359360][T12751]  ? rw_verify_area+0x258/0x650
[  677.359389][T12751]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  677.359414][T12751]  vfs_read+0x200/0x980
[  677.359449][T12751]  ? __pfx___mutex_lock+0x10/0x10
[  677.359471][T12751]  ? __pfx_vfs_read+0x10/0x10
[  677.359502][T12751]  ? __fget_files+0x2a/0x420
[  677.359529][T12751]  ? __fget_files+0x3a0/0x420
[  677.359547][T12751]  ? __fget_files+0x2a/0x420
[  677.359578][T12751]  ksys_read+0x145/0x250
[  677.359599][T12751]  ? __pfx_ksys_read+0x10/0x10
[  677.359614][T12751]  ? rcu_is_watching+0x15/0xb0
[  677.359640][T12751]  ? do_syscall_64+0xbe/0x3b0
[  677.359665][T12751]  do_syscall_64+0xfa/0x3b0
[  677.359685][T12751]  ? lockdep_hardirqs_on+0x9c/0x150
[  677.359706][T12751]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  677.359725][T12751]  ? clear_bhb_loop+0x60/0xb0
[  677.359749][T12751]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  677.359768][T12751] RIP: 0033:0x7fbdc178d57c
[  677.359786][T12751] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  677.359803][T12751] RSP: 002b:00007fbdc2626030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  677.359823][T12751] RAX: ffffffffffffffda RBX: 00007fbdc19b5fa0 RCX: 00007fbdc178d57c
[  677.359838][T12751] RDX: 000000000000000f RSI: 00007fbdc26260a0 RDI: 0000000000000005
[  677.359849][T12751] RBP: 00007fbdc2626090 R08: 0000000000000000 R09: 0000000000000000
[  677.359861][T12751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  677.359872][T12751] R13: 0000000000000000 R14: 00007fbdc19b5fa0 R15: 00007ffd31e19f78
[  677.359905][T12751]  </TASK>
[  677.370880][T11838] usb 6-1: SerialNumber: syz
[  677.619698][T12753] ------------[ cut here ]------------
[  677.625760][T12753] WARNING: CPU: 1 PID: 12753 at mm/page_alloc.c:4935 __alloc_frozen_pages_noprof+0x2c8/0x370
[  677.636122][T12753] Modules linked in:
[  677.644356][T12753] CPU: 1 UID: 0 PID: 12753 Comm: syz.3.1769 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  677.654562][T12753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  677.665840][T12753] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[  677.672550][T12753] Code: 74 10 4c 89 e7 89 54 24 0c e8 14 14 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 b8 a6 77 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[  677.692287][T12753] RSP: 0018:ffffc90004cc79c0 EFLAGS: 00010246
[  677.698553][T12753] RAX: ffffc90004cc7a00 RBX: 000000000000001c RCX: 0000000000000000
[  677.699520][T12755] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  677.707492][T12753] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90004cc7a28
[  677.722727][T12753] RBP: ffffc90004cc7aa8 R08: ffffc90004cc7a27 R09: 0000000000000000
[  677.731046][T12753] R10: ffffc90004cc7a00 R11: fffff52000998f45 R12: 0000000000000000
[  677.739121][T12753] R13: 1ffff92000998f3c R14: 0000000000040d40 R15: dffffc0000000000
[  677.747195][T12753] FS:  00007fa4edd6b6c0(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[  677.756252][T12753] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  677.762867][T12753] CR2: 0000200000001000 CR3: 0000000075f76000 CR4: 00000000003526f0
[  677.771127][T12753] Call Trace:
[  677.774506][T12753]  <TASK>
[  677.777570][T12753]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  677.784011][T12753]  ? v9fs_fid_xattr_get+0x237/0x2e0
[  677.789342][T12753]  __alloc_pages_noprof+0xa/0x30
[  677.794316][T12753]  ___kmalloc_large_node+0x85/0x210
[  677.795885][T10674] ryos 0003:1E7D:3232.0012: invalid report_size -1564595598
[  677.799640][T12753]  __kmalloc_large_node_noprof+0x18/0x90
[  677.812659][T10674] ryos 0003:1E7D:3232.0012: item 0 4 1 7 parsing failed
[  677.813374][T12753]  __kmalloc_noprof+0x36f/0x4f0
[  677.825849][T12753]  ? v9fs_fid_get_acl+0x4f/0x100
[  677.828931][T10674] ryos 0003:1E7D:3232.0012: parse failed
[  677.830803][T12753]  ? __pfx_v9fs_cache_inode_get_cookie+0x10/0x10
[  677.830844][T12753]  v9fs_fid_get_acl+0x4f/0x100
[  677.830875][T12753]  v9fs_get_acl+0x11b/0x360
[  677.852375][T12753]  v9fs_inode_from_fid_dotl+0x221/0x2b0
[  677.858013][T12753]  v9fs_mount+0x6cb/0xa10
[  677.861219][T10674] ryos 0003:1E7D:3232.0012: probe with driver ryos failed with error -22
[  677.862354][T12753]  ? __pfx_v9fs_mount+0x10/0x10
[  677.862381][T12753]  ? rcu_is_watching+0x15/0xb0
[  677.880664][T12753]  ? cap_capable+0x11f/0x460
[  677.885361][T12753]  legacy_get_tree+0xfd/0x1a0
[  677.890060][T12753]  ? __pfx_v9fs_mount+0x10/0x10
[  677.894977][T12753]  vfs_get_tree+0x92/0x2b0
[  677.899420][T12753]  do_new_mount+0x24a/0xa40
[  677.903956][T12753]  __se_sys_mount+0x317/0x410
[  677.909591][T12753]  ? __pfx___se_sys_mount+0x10/0x10
[  677.915585][T12753]  ? rcu_is_watching+0x15/0xb0
[  677.920410][T12753]  ? do_syscall_64+0xbe/0x3b0
[  677.925178][T12753]  ? __x64_sys_mount+0x20/0xc0
[  677.929984][T12753]  do_syscall_64+0xfa/0x3b0
[  677.934521][T12753]  ? lockdep_hardirqs_on+0x9c/0x150
[  677.939832][T12753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  677.945990][T12753]  ? clear_bhb_loop+0x60/0xb0
[  677.950696][T12753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  677.956652][T12753] RIP: 0033:0x7fa4ecf8eb69
[  677.961089][T12753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  677.980787][T12753] RSP: 002b:00007fa4edd6b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  677.985095][ T5900] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[  677.989287][T12753] RAX: ffffffffffffffda RBX: 00007fa4ed1b6080 RCX: 00007fa4ecf8eb69
[  677.998682][T10674] usb 5-1: USB disconnect, device number 26
[  678.004956][T12753] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000
[  678.004978][T12753] RBP: 00007fa4ed011df1 R08: 0000200000000580 R09: 0000000000000000
[  678.004992][T12753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  678.005004][T12753] R13: 0000000000000000 R14: 00007fa4ed1b6080 R15: 00007ffee9802da8
[  678.005036][T12753]  </TASK>
[  678.005060][T12753] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  678.005077][T12753] CPU: 1 UID: 0 PID: 12753 Comm: syz.3.1769 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  678.005100][T12753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  678.005113][T12753] Call Trace:
[  678.005121][T12753]  <TASK>
[  678.005129][T12753]  dump_stack_lvl+0x99/0x250
[  678.005154][T12753]  ? __asan_memcpy+0x40/0x70
[  678.005182][T12753]  ? __pfx_dump_stack_lvl+0x10/0x10
[  678.005205][T12753]  ? __pfx__printk+0x10/0x10
[  678.005244][T12753]  panic+0x2db/0x790
[  678.005270][T12753]  ? __pfx_panic+0x10/0x10
[  678.005287][T12753]  ? show_trace_log_lvl+0x4fb/0x550
[  678.005328][T12753]  __warn+0x31b/0x4b0
[  678.005346][T12753]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  678.005374][T12753]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  678.005399][T12753]  report_bug+0x2be/0x4f0
[  678.005419][T12753]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  678.005446][T12753]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  678.005470][T12753]  ? __alloc_frozen_pages_noprof+0x2ca/0x370
[  678.005501][T12753]  handle_bug+0x84/0x160
[  678.005526][T12753]  exc_invalid_op+0x1a/0x50
[  678.005550][T12753]  asm_exc_invalid_op+0x1a/0x20
[  678.005568][T12753] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[  678.005595][T12753] Code: 74 10 4c 89 e7 89 54 24 0c e8 14 14 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 b8 a6 77 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[  678.005614][T12753] RSP: 0018:ffffc90004cc79c0 EFLAGS: 00010246
[  678.005633][T12753] RAX: ffffc90004cc7a00 RBX: 000000000000001c RCX: 0000000000000000
[  678.005647][T12753] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90004cc7a28
[  678.005660][T12753] RBP: ffffc90004cc7aa8 R08: ffffc90004cc7a27 R09: 0000000000000000
[  678.005675][T12753] R10: ffffc90004cc7a00 R11: fffff52000998f45 R12: 0000000000000000
[  678.005689][T12753] R13: 1ffff92000998f3c R14: 0000000000040d40 R15: dffffc0000000000
[  678.005727][T12753]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  678.005760][T12753]  ? v9fs_fid_xattr_get+0x237/0x2e0
[  678.005796][T12753]  __alloc_pages_noprof+0xa/0x30
[  678.005819][T12753]  ___kmalloc_large_node+0x85/0x210
[  678.005845][T12753]  __kmalloc_large_node_noprof+0x18/0x90
[  678.005867][T12753]  __kmalloc_noprof+0x36f/0x4f0
[  678.005886][T12753]  ? v9fs_fid_get_acl+0x4f/0x100
[  678.005914][T12753]  ? __pfx_v9fs_cache_inode_get_cookie+0x10/0x10
[  678.005948][T12753]  v9fs_fid_get_acl+0x4f/0x100
[  678.005979][T12753]  v9fs_get_acl+0x11b/0x360
[  678.006011][T12753]  v9fs_inode_from_fid_dotl+0x221/0x2b0
[  678.006041][T12753]  v9fs_mount+0x6cb/0xa10
[  678.006066][T12753]  ? __pfx_v9fs_mount+0x10/0x10
[  678.006086][T12753]  ? rcu_is_watching+0x15/0xb0
[  678.006108][T12753]  ? cap_capable+0x11f/0x460
[  678.006132][T12753]  legacy_get_tree+0xfd/0x1a0
[  678.006154][T12753]  ? __pfx_v9fs_mount+0x10/0x10
[  678.006176][T12753]  vfs_get_tree+0x92/0x2b0
[  678.006199][T12753]  do_new_mount+0x24a/0xa40
[  678.006229][T12753]  __se_sys_mount+0x317/0x410
[  678.006258][T12753]  ? __pfx___se_sys_mount+0x10/0x10
[  678.006279][T12753]  ? rcu_is_watching+0x15/0xb0
[  678.006305][T12753]  ? do_syscall_64+0xbe/0x3b0
[  678.006326][T12753]  ? __x64_sys_mount+0x20/0xc0
[  678.006350][T12753]  do_syscall_64+0xfa/0x3b0
[  678.006371][T12753]  ? lockdep_hardirqs_on+0x9c/0x150
[  678.006392][T12753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  678.006412][T12753]  ? clear_bhb_loop+0x60/0xb0
[  678.006437][T12753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  678.006456][T12753] RIP: 0033:0x7fa4ecf8eb69
[  678.006478][T12753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  678.006496][T12753] RSP: 002b:00007fa4edd6b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  678.006516][T12753] RAX: ffffffffffffffda RBX: 00007fa4ed1b6080 RCX: 00007fa4ecf8eb69
[  678.006532][T12753] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000
[  678.006546][T12753] RBP: 00007fa4ed011df1 R08: 0000200000000580 R09: 0000000000000000
[  678.006560][T12753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  678.006572][T12753] R13: 0000000000000000 R14: 00007fa4ed1b6080 R15: 00007ffee9802da8
[  678.006604][T12753]  </TASK>
[  678.011266][T12753] Kernel Offset: disabled