last executing test programs:

15.708341695s ago: executing program 4 (id=1631):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x10, 0x2}, 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x8, 0xf, &(0x7f0000000180)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00'}, 0x90)
syz_emit_ethernet(0x3e, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaa8aaaaffffffffffff080047000030000000000006907800845532ce0000008608000000000002"], 0x0)
syz_emit_ethernet(0x60, &(0x7f0000000400)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x32}, @void, {@mpls_uc={0x8847, {[{0x6}, {0x4412, 0x0, 0x1}, {0x9}], @generic="ca271771bb0c03100e59e701dde264b0fe3cb55371a13730237a36f22dba2c3e15d85ab557e6f1d7ddc5571488eeaf63fc8ebb11daa08d3a6d5c9e67dd6f41ac7fa2b6ae9ab0"}}}}, &(0x7f0000000480)={0x1, 0x4, [0x236, 0x357, 0x6d2, 0x705]})
r2 = syz_usb_connect(0x0, 0x41, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000e518a708ac0501859d200000690109022f00010000000009040000000e010000152403"], 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
syz_open_dev$loop(&(0x7f00000004c0), 0x8, 0x10000)
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000000)='./file0\x00', 0x6900, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = getpid()
fcntl$setsig(0xffffffffffffffff, 0xa, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
mkdir(0x0, 0x0)
r5 = openat$sysfs(0xffffff9c, &(0x7f0000000200)='/sys/kernel/notes', 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000280)=""/112, 0x70}], 0x1, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r3, 0x40806685, &(0x7f0000000500)={0x1, 0x1, 0x1000, 0xfd, &(0x7f0000000300)="bfa11c15fab1ad1c20b66d98b4379841ab7d95242e81737adcb3440da8e0bcf2ba915cc12da6c35437773dc2d0646baaa486e07d34a76f5e7665fc1cc257d4f5a3fec33ad122cd1efcc0315ccd243e9ecb115474f7b82d3992088626d279ec86d6fdd04eb00dc3cec137040fa685dee8fd2e6ff0b7ac609fa1dcd542baeff1f45d356af5f750de19d4882dbfd1c8adccaa543df7a398844a53f463994e0eedda72470eb3bdf6951e993178524208e454a228e5ab359476aa5575a17c873ff7c5f7d444c486c8d1aace47d418fb8988b2803d2d57c5542ecf8e9ac9fcb468b76965b9c4c5ee1a3eddf81377f2bca4249ba92b84253d9609bf67831e9dad", 0xbd, 0x0, &(0x7f00000000c0)="0b63ea92f38bef6460825533c5b104324eaab156ee7f6cd9bfd2fa0d2fd7d9ead3799eb034272e2940335fe866084d256e50895e2eafab034be8973ea79c8ba7e39e5dfcbbb47d699da8055bef815f83f6c892cb13754f808836c049386694bbff21c418239122b87260c7a413ac74788f9969cd39b53b26e615c289d0ce7f3518e376efeec5069b66400959a1b65f402dd7357d98bed2777ce6f1add16497e19a192e380c6101fdf9d9fb5cab8d8b68661a61cd2976b32195ad164ed5"})
r9 = dup(r8)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x81c0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000100000000000000010200850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r10 = creat(&(0x7f0000000280)='./file0\x00', 0x2)
close(r10)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="7472fddfcc3166642c7266e37885b4d31d47bf0a676c4f893eb68175f0c761ca84b62955556f1d2a09c046de5937203b5a5d38263e8a9b5ace61eb11530bb5d0bda0323d1399ff8e2eb95d76318ee981d83c8f042ae3a89fd0263e23d8f8403d70c64d47eb5e13758ef74171917c53a91e4be88c00acf1a03b2e822a4b00093103b0a53eaa100e19f647e8a82720694bdacd3a29e5611b9b3b09e44fae1aeacc2c86f53317b93e45b5", @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRES64=0x0, @ANYRES32=r9, @ANYRESOCT=r5, @ANYRESOCT=r10, @ANYRES16=r2, @ANYRESOCT, @ANYRES8=r7, @ANYRES8=r8, @ANYBLOB="ae31ff9061c0dc0b5bcd37dfde5b6a1bb4b2b13a907f6629200d9f29e8159cf0bdcf23415b4825b06b04144da627c83386acf9fb34"])
mknodat(r10, &(0x7f0000000080)='./file1\x00', 0x81c0, 0x3)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000500)={r1, 0x0, 0xe, 0x0, &(0x7f0000000040)="e0b9547ed3877d97ddc053e1d682", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

15.308550563s ago: executing program 1 (id=1633):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r0, 0x0, 0x0)
bind$inet(r0, 0x0, 0x0)
connect$inet(r0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000540)={0x2020}, 0x2020)
write$FUSE_LK(0xffffffffffffffff, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = gettid()
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
read(r3, &(0x7f0000000200)=""/209, 0xd1)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r3, 0x4040534e, &(0x7f0000000080)={0x325, @time={0x1, 0xd}, 0x0, {}, 0xbf, 0x0, 0x1})
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000600)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r3, 0xc05c5340, &(0x7f0000000500))
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r3, 0x80045300, 0x0)
tkill(r2, 0x7)
socket$nl_netfilter(0x10, 0x3, 0xc)
setuid(0x0)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5], 0x28}}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xff, 0x86, 0x76, 0x8, 0x424, 0x7800, 0xe941, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x7a, 0xcd, 0x37}}]}}]}}, 0x0)
madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x11)
add_key(&(0x7f0000000000)='asymmetric\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58)
accept4(r6, 0x0, 0x0, 0x0)

13.926281213s ago: executing program 4 (id=1645):
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x36, 0x0, 0x0, 0x3, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
fchmodat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0xea)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000540)='binfmt_misc\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)={{0x12, 0x1, 0x0, 0x1d, 0x12, 0x26, 0x10, 0x18d1, 0x1eaf, 0x779, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe1, 0x15, 0x3d}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000340)={0x1c, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x0, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x4}})

12.912546916s ago: executing program 1 (id=1647):
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000001c80)={{0x12, 0x1, 0x300, 0xc8, 0x5f, 0x62, 0x8, 0x423, 0xc, 0x2ebf, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x8, 0x6, 0x0, 0x22, [{{0x9, 0x4, 0xff, 0x1, 0x0, 0x71, 0xc0, 0xd9, 0x8}}]}}]}}, &(0x7f00000023c0)={0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000002580)={0x2c, 0x0, &(0x7f0000002480)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x82c}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$printer(r0, &(0x7f0000003440)={0x14, 0x0, &(0x7f00000033c0)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0xd9, 0x72, 0xa4, 0x40, 0x20b7, 0x1540, 0xb75a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff}}]}}]}}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_PIT(r3, 0x4068aea3, &(0x7f0000000080)={[{0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}]})
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000340)={0x44, &(0x7f0000000000)={0x0, 0x0, 0x3, "0f6179"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, &(0x7f00000008c0)={0x2c, &(0x7f0000000700)=ANY=[@ANYBLOB="00000800000004"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r1, &(0x7f00000000c0)={0x14, &(0x7f0000000000)={0x20, 0x4, 0x4c, {0x4c, 0x25, "614ee86277c9864d53e6f06440aa22c8cd1ed9c79f515465c89dd6d79148badaad7a22d24412b5ed2bbb4fb6f351a43c1137da65248002ea7027f498690c0603b82ac3041c65baca100f"}}, &(0x7f0000000080)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000300)={0x44, &(0x7f00000003c0)={0x40, 0xa, 0x81, "636ce73c8abe1e5f26e5c8f85090a8e2658fa52b146279217da550a39be608e22730d9f64fd22efbab11a6cd21f4855ada93980b5939af157b7c3ae1341d9c1c15379028e09b2ce9aca2f79a23da83548b20ca5f38b05f48a53f958871409ce45b678d2945872cb99da3ce371421aa291a650dfcb1b2f82bc135cda7bcf0bf68f2"}, &(0x7f0000000140)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000180)={0x0, 0x8, 0x1, 0x8}, &(0x7f00000001c0)={0x20, 0x80, 0x1c, {0x5, 0x7ff, 0x7, 0x2c17, 0x0, 0x7, 0x1, 0xea, 0x2e, 0x0, 0x0, 0x3}}, &(0x7f0000000200)={0x20, 0x85, 0x4, 0x4}, &(0x7f0000000240)={0x20, 0x83, 0x2}, &(0x7f0000000280)={0x20, 0x87, 0x2, 0x81}, &(0x7f00000002c0)={0x20, 0x89, 0x2, 0x1}})

12.501470537s ago: executing program 2 (id=1651):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={0x0, 0x0, 0x3e}, 0x20)
capset(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f00000001c0)=ANY=[@ANYRESDEC=r1, @ANYRESHEX=r0, @ANYRESOCT=r2], 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r3)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
syz_usb_disconnect(0xffffffffffffffff)
pselect6(0x0, 0x0, &(0x7f00000000c0)={0x72, 0x6, 0x40, 0x98f, 0x0, 0x8000000000004dd, 0x7, 0x762}, &(0x7f0000000100)={0x40000, 0xfffffffffffffffe, 0x1, 0x7, 0xfffffffffffffff5, 0x1ff, 0x2, 0xfb1}, &(0x7f0000000140), 0x0)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="31010000dccd5e08cb060700000800000001090224000100007e"], 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xaece, 0x0)
preadv(r3, &(0x7f0000000180)=[{&(0x7f00000017c0)=""/229, 0xe5}, {&(0x7f0000000380)=""/69, 0x45}], 0x2, 0x0, 0x3)
socket$inet6(0xa, 0x80002, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000300)=[{&(0x7f0000000400)=""/215, 0xd7}, {&(0x7f00000018c0)=""/4096, 0x1000}], 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000f00)=@raw={'raw\x00', 0x3c1, 0x3, 0x500, 0x340, 0x130, 0x26010000, 0x340, 0x130, 0x430, 0x220, 0x220, 0x430, 0x220, 0x3, 0x0, {[{{@uncond, 0x0, 0x320, 0x340, 0x0, {0x0, 0x25e}, [@common=@unspec=@bpf1={{0x230}, @fd={0x2, 0x0, r2}}, @common=@hbh={{0x48}, {0x7, 0x0, 0x1, [0x3, 0xf, 0x5, 0x0, 0x96, 0x3, 0xd, 0x1, 0x1000, 0x8001, 0x6, 0xe, 0xffff, 0x8, 0xf, 0x4], 0xf}}]}, @unspec=@NOTRACK={0x20}}, {{@ipv6={@dev, @mcast1, [], [], 'bridge_slave_0\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x2, 0x0, 0x0, 0x0, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x560)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000006000000"], &(0x7f0000000140)='syzkaller\x00', 0x10001, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r6}, 0x10)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000740)=ANY=[@ANYBLOB="880100001a00010000000000fcffffff000000000000000300000000000000010000000000001a41000000000000000000000000000000000000020000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff0200000000000000000000000000010000000033000000ac1414aa00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000008d0003006465666c61746500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000028020000c6b8294a1abcaecebaf2ea5f0bd5f194a5e176b80be24975f14745c28545683d02862e9007d1"], 0x188}}, 0x0)
capset(&(0x7f00000000c0)={0x19980330}, &(0x7f0000000100))
r7 = memfd_secret(0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000b00)={&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, 0x0, r7}, 0x68)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000, 0x0, 0x0, 0xfffffffd}, 0x1c)
listen(0xffffffffffffffff, 0x0)
unshare(0x20000600)

12.448360111s ago: executing program 3 (id=1652):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_mr_vif\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ioctl$GIO_UNISCRNMAP(r5, 0x4b69, &(0x7f0000000040)=""/17)
ioctl$TIOCGLCKTRMIOS(r5, 0x5456, &(0x7f0000000080)={0x1, 0x8, 0xb, 0x6, 0xd, "bbd5eb66b297a68f3f42eb928d63b213c672c9"})
r6 = dup2(r5, r5)
ioctl$TCSETS(r6, 0x5402, &(0x7f00000000c0)={0xf967, 0x10, 0x7, 0x764d72fe, 0x13, "e6ca191c461eda891c8a2ed4588eaa0ac660fc"})
ioctl$TIOCMSET(r6, 0x5418, &(0x7f0000000100)=0x8)
ioctl$TIOCCBRK(r5, 0x5428)
r7 = fcntl$dupfd(r6, 0x406, r6)
ioctl$TIOCSCTTY(r7, 0x540e, 0x68)
preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000000180)=""/60, 0x3c}], 0x1, 0x2c, 0x0)

11.549869922s ago: executing program 3 (id=1653):
r0 = accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$IOMMU_IOAS_MAP(0xffffffffffffffff, 0x3b85, &(0x7f00000000c0)={0x28, 0x1, 0x0, 0x0, &(0x7f00000003c0)})
statx(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', 0x100, 0x7ff, &(0x7f0000000bc0))
syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB], 0xc)
syz_emit_vhci(&(0x7f0000000040)=ANY=[], 0x15)
r2 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r2, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r1, <r4=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000300)=r1}, 0x20)
getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000600)={<r5=>0x0, @local, @dev}, &(0x7f0000000640)=0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xb, 0x27, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ldst={0x2, 0x3, 0x2, 0x0, 0x6, 0xc, 0xfffffffffffffff0}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @cb_func={0x18, 0x3, 0x4, 0x0, 0x2}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x22f}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9}], {{}, {}, {0x85, 0x0, 0x0, 0xa2025a5735d41983}}}, &(0x7f00000005c0)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x8, '\x00', r5, 0x5, r1, 0x8, &(0x7f0000000680)={0x7, 0x4}, 0x8, 0x10, &(0x7f00000006c0)={0x3, 0x8, 0xe, 0xe}, 0x10, 0x0, 0xffffffffffffffff, 0xa, &(0x7f0000000700)=[r1, r1], &(0x7f0000000740)=[{0x0, 0x4, 0x1, 0x4}, {0x2, 0x1, 0x8}, {0x4, 0x1, 0x5, 0xc}, {0x5, 0x2, 0x9, 0x7}, {0x5, 0x3, 0xe, 0xb}, {0x1, 0x5, 0xc, 0xc}, {0x4, 0x1, 0xc, 0x4}, {0x4, 0x1, 0x9, 0x6}, {0x3, 0x3, 0x8, 0x6}, {0x4, 0x3, 0xc, 0x7}], 0x10, 0x1ff}, 0x90)
dup(r3)
openat$ttynull(0xffffffffffffff9c, &(0x7f00000008c0), 0x301a40, 0x0)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r6, 0x8916, 0x0)
r7 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000100)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33)
recvmsg(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001640)=""/4090, 0xffa}, {&(0x7f0000003540)=""/4092, 0xffc}, {&(0x7f0000000380)=""/161, 0xa1}, {&(0x7f0000000140)=""/99, 0x63}, {&(0x7f00000001c0)=""/228, 0xe4}], 0x5}, 0x140)

5.667805789s ago: executing program 3 (id=1655):
sched_setscheduler(0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140), 0x0, &(0x7f0000000280)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x47f9, 0x0, 0x0, 0x0, 0x0)
clock_nanosleep(0x9, 0x0, &(0x7f00000000c0)={0x0, 0x989680}, 0x0)

5.667408803s ago: executing program 0 (id=1656):
r0 = syz_open_dev$dri(&(0x7f0000000500), 0x1, 0x44000)
ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000580)={0x4, 0x0, &(0x7f0000000540)=[0x0, 0x0, 0x0, <r1=>0x0]})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000006c0)={&(0x7f00000005c0)=[0x0, 0x0], &(0x7f0000000600)=[0x0], &(0x7f0000000640)=[0x0, 0x0, <r2=>0x0, 0x0], &(0x7f0000000680)=[0x0, 0x0], 0x2, 0x1, 0x4, 0x2})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r0, 0xc01064ab, &(0x7f0000000700)={0x9, r1, r2})
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)={@empty, <r3=>0x0}, &(0x7f00000001c0)=0x14)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc0, 0xc0, 0x8, [@const={0x8}, @int={0x1, 0x0, 0x0, 0x1, 0x0, 0x76, 0x0, 0x26}, @datasec={0x8, 0x2, 0x0, 0xf, 0x3, [{0x3, 0x4, 0xfc}, {0x3, 0x94a, 0x1}], "c12599"}, @datasec={0x7, 0x8, 0x0, 0xf, 0x1, [{0x2, 0x4, 0x7}, {0x3, 0xb, 0x8000}, {0x5, 0xf08, 0xe}, {0x1, 0x8, 0x81}, {0x1, 0x6, 0x5}, {0x2, 0x3, 0x3}, {0x3, 0x10000, 0x7}, {0x5, 0x8a8434f3, 0x8}], "dd"}, @int={0x4, 0x0, 0x0, 0x1, 0x0, 0x43, 0x0, 0x61, 0x1}]}, {0x0, [0x2e, 0x61, 0x30, 0x61, 0x0, 0x30]}}, &(0x7f0000000440)=""/151, 0xe0, 0x97, 0x0, 0x137}, 0x20)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x5, 0x1, 0x0, 0x424, 0x1, 0x3ff, '\x00', r3, r4, 0x4, 0x3, 0x2, 0x6}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r5, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20)
r6 = gettid()
setresuid(0x0, 0x0, 0x0)
r7 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r9 = socket(0x200000100000011, 0x803, 0x0)
r10 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000040)={'xfrm0\x00', <r11=>0x0})
sendto$packet(r9, &(0x7f0000000080)="4dcdc7d96a766000002f000500000000000000ff071bc9252feb8fb55c093a44d77cfee9a81370773ef34fc4639580070544fb42", 0x34, 0x0, &(0x7f0000000000)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @dev}, 0x14)
setsockopt$sock_int(r8, 0x1, 0x2d, &(0x7f0000000040)=0x803ea, 0x4)
ioctl$CAPI_GET_ERRCODE(r7, 0xc0104307, &(0x7f0000000300))
kcmp(r6, 0x0, 0x6, r5, r5)
r12 = open$dir(&(0x7f0000000080)='./file0\x00', 0x20000, 0xb)
r13 = syz_open_dev$mouse(&(0x7f0000000180), 0x9, 0x203c00)
renameat2(r12, &(0x7f00000000c0)='./file0\x00', r13, &(0x7f0000000140)='./file0\x00', 0x4)

5.667187594s ago: executing program 1 (id=1657):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000280), 0xffffffffffffffff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x10000)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)={0x24, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8}, @WGDEVICE_A_PEERS={0x8, 0x8, 0x0, 0x1, [{0x4}]}]}, 0x24}}, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x0, 0x9}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
syz_emit_vhci(&(0x7f0000000300)=ANY=[], 0xc)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
connect$inet6(r5, &(0x7f0000000300)={0xa, 0x0, 0x102, @private1}, 0x1c)
sendmmsg$inet6(r5, 0x0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000240)={0x0, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r5, 0x84, 0x7c, &(0x7f0000000080), 0x8)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
stat(&(0x7f0000000280)='./file0\x00', &(0x7f00000003c0))
ioctl$TIOCSETD(r6, 0x5423, 0x0)
ioctl$TCSETS(r6, 0x89f2, &(0x7f00000000c0)={0x0, 0x0, 0x80000000, 0x0, 0x1, "bb5dee00"})

5.666200202s ago: executing program 4 (id=1658):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040))
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, 0x0, 0x0)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0xff00)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_MGMT_C_ADDDEF(r3, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f00000003c0), 0x7fffffff, 0x0)
pselect6(0x40, &(0x7f0000000100)={0x38}, 0x0, 0x0, 0x0, 0x0)
ioctl$BINDER_THREAD_EXIT(r5, 0x40046208, 0x0)
r6 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000200), 0x1, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(r6, 0x80044dfc, &(0x7f0000000240))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x6, [@var={0x4, 0x0, 0x0, 0xe, 0x4}, @func_proto={0x0, 0x0, 0x0, 0xd, 0x4}, @ptr={0x0, 0x0, 0x0, 0x10, 0x4}, @func={0x4, 0x0, 0x0, 0x12, 0x3}]}, {0x0, [0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x52}, 0x20)
r7 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r8 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000540)="0706675823b8a37f19b37e0f9f120663b78a6a322f28cb301825eddc42c667fc68923d7df9f4c1843c5f11b63d2684fff43955079736fa4c80100487c31c09706b6bf145eb1baf416d2681491bd6a3098fe1a6741d65b085b4075db8419d9e6d17b1eec4dfb860a71d61af753459bcc5ea1f20d6c1c74afda3b0c08bf98886eaac01b08aa753b8727f25773c98cd6a78c06b758992b03b81e2e09cf103dc16a5658a3b58626b457ee4773d41b3548f2258a2e11cc22555da4ef9035cbfe8dc1e", 0xc0, r7)
r9 = add_key$user(&(0x7f0000000180), &(0x7f0000000200)={'syz', 0x3}, &(0x7f0000000140)="04", 0x1, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f00000001c0)={r9, r8, r9}, &(0x7f0000000240)=""/249, 0xf9, &(0x7f0000000400)={&(0x7f0000000100)={'sha512-generic\x00'}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000200)='i2c_write\x00'}, 0x10)
r10 = open(&(0x7f0000000140)='./bus\x00', 0x400145042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x12, r10, 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)

5.572547127s ago: executing program 2 (id=1659):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x43, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x200004}, 0x48)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r0 = io_uring_setup(0x5335, &(0x7f0000000500)={0x0, 0xbeaa, 0x200, 0x2, 0x24})
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x4, 0x10, r0, 0x8000000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000140))
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000580)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000340)={@fda={0x66646185, 0x1, 0x0, 0x13}, @flat=@weak_binder={0x77622a85, 0x0, 0x1}, @fda={0x66646185, 0x9, 0x1, 0x19}}, &(0x7f0000000200)={0x0, 0x20, 0x38}}}], 0x0, 0x0, 0x0})
read$snddsp(r1, &(0x7f0000000740)=""/56, 0x38)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
r8 = syz_io_uring_setup(0x101361, &(0x7f0000000000)={0x0, 0x0, 0x40, 0x3}, &(0x7f0000000240)=<r9=>0x0, &(0x7f0000000100)=<r10=>0x0)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000740)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r11}})
io_uring_enter(r8, 0x2d3c, 0x0, 0x0, 0x0, 0x0)

5.494105874s ago: executing program 3 (id=1660):
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
syz_emit_ethernet(0x5e, 0x0, 0x0)
sendmsg$NFNL_MSG_ACCT_GET(0xffffffffffffffff, 0x0, 0x4008005)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=@newtaction={0x4c, 0x1e, 0x109, 0x70bd29, 0x25dfdbff, {}, [{0x4}, {0x34, 0x1, [@m_pedit={0x30, 0x11, 0x0, 0x0, {{0xa}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x4c}, 0x1, 0x2b1e}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x0)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
ioctl$BINDER_GET_FROZEN_INFO(0xffffffffffffffff, 0xc00c620f, &(0x7f0000000180))
close(r1)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8922, &(0x7f0000002280)={'veth1_to_hsr\x00', @random='\x00\a\x00'})
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
futex(&(0x7f0000000240), 0x85, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000a80)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r3)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000340)={r4, 0xffffffffffffffff, 0x2, 0x0, @val=@uprobe_multi={&(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)=[0x8, 0x8, 0x100638c531c], &(0x7f0000000280)=[0x2, 0x3, 0x5], 0x100, 0x3}}, 0x40)
r5 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r5, 0xfffffffffffffffe, 0x29)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

5.419707519s ago: executing program 0 (id=1661):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, 0x0, &(0x7f0000000040)=""/72, 0x48, 0x0)
r4 = socket(0x10, 0x803, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x698c81, 0x0)
epoll_create1(0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x5, &(0x7f00000000c0)=@framed={{}, [@ldst={0x4}, @ldst={0x3, 0x0, 0x6, 0x0, 0xa, 0x0, 0xa1}]}, &(0x7f0000000000)='syzkaller\x00', 0x2, 0x93, &(0x7f0000000100)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x17, 0x10, 0x0, 0x0, 0x61e5cc96}, 0x22)
setpriority(0x1, r7, 0xffff)
write(r4, &(0x7f0000000180)="2600000022004701050007008980e8ff06006d20002b1f00c0e9ff060000000101c7033500", 0x25)
r8 = socket(0x2c, 0x3, 0x0)
sendmsg$nl_generic(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="186aa96978a55fedf6"], 0x18}}, 0x0)

5.268758447s ago: executing program 2 (id=1662):
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="5000a747", @ANYRES16=0x0, @ANYBLOB="0000000000000000000001000000080001"], 0x58}, 0x1, 0xf000}, 0x0)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="140100002b0001"], 0x114}], 0x1}, 0x0) (fail_nth: 1)

4.326348719s ago: executing program 0 (id=1663):
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000200))
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600))
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
prlimit64(0x0, 0x5, &(0x7f0000000140)={0x6, 0x87}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[], 0x20}}, 0x0)
r4 = syz_io_uring_setup(0x527c, &(0x7f0000000300)={0x0, 0x0, 0x2, 0x0, 0x0, 0x0, r2}, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x2, 0x0, @fd, 0xf3f1, 0x0, 0x5, 0x4, 0x1})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000f80)='//\xf2b\x06\b\xba\xdfXo\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b/Q9\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce\x14\\\xb4\\\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
io_uring_enter(r4, 0x27e2, 0x0, 0x0, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x14, 0x6, 0x1, 0x801, 0x0, 0x0, {0x2}}, 0x14}}, 0x4)
mount$fuse(0x0, 0x0, 0x0, 0x1000007, &(0x7f0000000040)=ANY=[@ANYBLOB='fd', @ANYRESDEC=0x0, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=','])
open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
lsetxattr$security_capability(&(0x7f0000000a40)='./cgroup.cpu/cpuset.cpus\x00', &(0x7f00000003c0), &(0x7f0000000380)=@v3, 0x18, 0x0)
open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x30, r8, 0x0)

3.588061198s ago: executing program 1 (id=1664):
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0), 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x18, &(0x7f00000001c0)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$phonet(0x23, 0x2, 0x1)
sendto$phonet(0xffffffffffffffff, 0x0, 0x0, 0x44, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000e00)={0x50, 0x0, r2, {0x7, 0x27, 0x0, 0x23072d}}, 0x50)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000200)={0x40000001})
sendmsg$NL80211_CMD_SET_WOWLAN(0xffffffffffffffff, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000010000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e1a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080e71113610e10d858e8327edb1fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18c65ae1bd4f4390af9a9ceafd07ed00b0000002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a891588d818a0afc0b3116a130974cac0615232f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a469398685211bbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72c7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9624d37c10223fdae7ed04935c3c9068000000bc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b40000000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f3ca1664fe2f3ced8416dc180604b60c2499d16d7d9158ffffffff00000000ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a9e90d7676074a0bde4471414c99d4894ee7f8139dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8070000001fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b2042b8ff8c21ad702cca54728acad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd20785f653b621491d04aaee0d409731091f4fb94c06006e3c1be2f633c1d987591ec3db58a7bb3042ec3f84e4272d2cc72d4e771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e1590bab105b0cb578af7dc7d5e87d48d376444e2de02f47c61e8e84ff828de457f34c2b08660b080efc707e676e1fb4d5865c0ca177a4c7fbb4e829ab0894a1062b445c00f576b2b5cc7f819abd0f885cc4806f47ffb966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d3676329bb8cda690d192a070886df42b2708398773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169cdfaa4252d4ea6b8f6216ff202b5bfc182cb5e8380100632d03a7ca6f6d0339f9953c30930804fdc3690d10ecb65dc5b47481edbf1eee2e8893e903054d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026def743f1213bf817becd9e5a225d67521d1128eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979030000007081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f324661351df747aa6a65872dfdcfa68f65bd06b4082d43e121861b5cc09b986bf56c747d9a1cc5b506892c3a16ff10feea20bdac89bfb758cf3500000000000000000000000000000098e6db5a96055e764a3bfd4ccb20d2e800994f4b602d25b2c076f21c7102687e054bb93b2d013be6227fd99902b074c0de00733128c81c48c5e140b17d71ac48f137d10798c4272826d2ba55bbda0059636528c132ed06759d880d1bc291a76456cd7ee8bcb392fdf886dbc74879ec4b831904d7c101ebbaef3c0ae6d0cf0000000000000000000000000000000011cb735f66a559ef0cdb5163a15c0bb986474bf5d9542e3e48805ce53127e4c076d69d868df543717aaaa07d7aca056f7f036c2bcba0795d1a64868a29ac5321b3cd6ef5b1a741afc7124ee3df3a35e8014d6cb5fd6c054a10bb2146174c1d68b45fcfd7e531090ceae2f05536a4d5d6a4081e743827fb9c031d1fc9f195c2da189c49eaed6c30c71da0452e502ef393efeb02ebe82b1851cae5fa7c958ba23110b5e0e5b890803f28a356b2920e74564e0f8377b0ba5187fed2882b4780a1bcb583f1cb1470003ef9b592b9461328cfc01ebfce0ecdcea714a517dc40000000000000000000000000006bd0561e1cc72880cc3ec1bdf35eb670a9040e3b53cd826b94ad8aeb014e74787fe89fb3247a87d8bfb6d400142369f88964708d1d4db5a5df9d62ea6d805dfce568b885a50ed8e2eaf8a932287a1d3bfac17774e58875a63b77e07298e4b4f515189c6fcac3cd35dac9240e633219bb6a5a25865e6ed8e16caa5406b56702afe0befcabbc9a2a772a1a087f0d633d457bceb695b2cba3a1a2daa2dda796373cc0fe0a53236d028fc1076bb746b2717c8b6052f58c91bb8cc19474ab9d4d2160773829f078727f6c684ca749136a7f46ca28b00bb4237695b4"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)

3.452639919s ago: executing program 4 (id=1665):
bind$inet(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x15)
readv(r1, &(0x7f0000000040)=[{0x0}], 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r2, 0x29, 0x41, 0x0, &(0x7f00000030c0)=0x2c)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000340)='erofs_lookup\x00', r3}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket(0x2c, 0x3, 0x4)
r4 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f90124fc60", 0x14}], 0x1}, 0x0)
recvmsg$kcm(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000002240)=[{&(0x7f0000002280)=""/4103, 0x1007}, {&(0x7f00000001c0)=""/118, 0x76}, {&(0x7f0000000140)=""/70, 0x2b}], 0x3}, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r6, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c)
sendmsg(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000540)="000018e8c06f814cb43913fa64521aff08521368803607a23f9e86945b5e6e6a5437f6d1aa08ee08737cba96ef98ac846e314fe19d48747ee4480b9bd05ed2820c1d905ba657e76135fd487ad81045a8a5226cc20d1196edf70200000000000000e57442a9e6263783790f017a81e026c3ff7bc5402ee220bca57fef3b70337ff02d62a7eaa0f076a525c7f65b502bd274f7a8e0a3568c019bec02d5e1483ce7d0c0605a39e74ccc7faf130e7fb6521b6ee63c264990b79d2d4e2e5e6b7b46bcbac27ea2a1772ae2ef1c5cef2f47e893511e28d9f0e8683b86d6b04570bace675a474d4ed48169f7958ecddd51d017bb0e738db2cf6b517f7afe207cc6d57d1c36dc336cc22db95e56be353a10416f64157907a6abcf888c6e73fc2b71ad72e9c5e8ec84e63d6c2a93349320874b362eebe72d4ffbcdc15018b902f0164f67f5a4b7919769961e45716a75", 0x14b}], 0x1, 0x0, 0x0, 0x2c}, 0x4)
ioctl$int_in(r6, 0x5452, &(0x7f0000000040)=0x5)
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$inet_udplite(0x2, 0x2, 0x88)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES64=r8, @ANYRES64=0x0, @ANYRES16=<r9=>0xffffffffffffffff, @ANYRES8=<r10=>r7, @ANYRESDEC, @ANYRES8=r6, @ANYRESOCT=r5], 0x5)
syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYRESDEC=r10, @ANYRES8=r9, @ANYRESDEC=r9, @ANYRESDEC, @ANYRES32], 0xfffffffffffffdf8)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socket$kcm(0x2, 0x0, 0x2)

3.452436606s ago: executing program 2 (id=1666):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000800000000000000000850000002c00000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) (fail_nth: 8)

3.018418282s ago: executing program 2 (id=1667):
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'xfrm0\x00'})
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
r3 = syz_io_uring_setup(0x2777, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000140), &(0x7f0000000200)=<r4=>0x0)
r5 = syz_io_uring_setup(0x56ba, &(0x7f0000000540), &(0x7f0000000040)=<r6=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r6, r4, &(0x7f00000001c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0}})
io_uring_enter(r3, 0x184c, 0x0, 0x0, 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x202, 0x0)
ioctl$TIOCOUTQ(r8, 0x5411, 0xfffffffffffffffd)
r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r9, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0, 0xffffffffffffff25}], 0x1, 0x0, 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x42, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(r9, r10, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000340)="66b81cf400000f23d80f21f86635c00000200f23f8640f783cb805008ec83e660f3a0ed669f0096790ba610066edbaf80c66b86ca5178366efbafc0c66b84800000066efbaf80c66b8c257a58266efbafc0ced670f9e50b067d9fc", 0x5b}], 0x1, 0x4, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
r11 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0)
ioctl$VIDIOC_QUERY_EXT_CTRL(r11, 0xc02c5625, &(0x7f0000000140)={0xf0f000, 0x107, "9a555c14c966e134d198b9aaaa7da80f8e4fa888dece6ffdb507a3c83e58e128"})
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1800002, 0x10, r5, 0x8000000)

2.940346057s ago: executing program 0 (id=1668):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r1}, 0x10)
lsetxattr$security_capability(&(0x7f0000000a40)='./cgroup.cpu/cpuset.cpus\x00', &(0x7f00000002c0), 0x0, 0x2700, 0x0)

2.884307477s ago: executing program 3 (id=1669):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000240))
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000680))
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r0, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
quotactl$Q_GETQUOTA(0x0, &(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r3, 0x0)
write$cgroup_int(r2, &(0x7f0000000040), 0x12)
syz_emit_ethernet(0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.swap.events\x00', 0x275a, 0x0)
process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0)

2.744783839s ago: executing program 0 (id=1670):
sched_setscheduler(0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140), 0x0, &(0x7f0000000280)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x47f9, 0x0, 0x0, 0x0, 0x0)
clock_nanosleep(0x9, 0x0, &(0x7f00000000c0)={0x0, 0x989680}, 0x0)

2.621444745s ago: executing program 0 (id=1671):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c41, 0x0)
flock(r1, 0x5)
r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b400000000000000791038000000000071003800000000009500000000000000db74589d4b38cc306ac390649f72dea0e50e2317db042855d6c74ff3493c7e31e3f6c643155a8e2e01d50bc3347475750472719cc516fa14b769e7f385ba72c60242263c05ddab05e37efe81b8bffc35cdf2ac0d93263ff755d611c4cca1684b1470af6a83366aa430ad2d700b186da622d6fba70000000000000000000000000200"/173], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48)
flock(r2, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
r7 = eventfd(0x1)
ioctl$VHOST_SET_VRING_BASE(r6, 0x4008af12, &(0x7f0000000080)={0x1, 0x7b})
ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000240)=r7)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1, r7})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f00000001c0)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000280)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

2.615870481s ago: executing program 1 (id=1672):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x0, 0x3, 0x0)
write(r3, &(0x7f0000000000), 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/13], &(0x7f0000000680)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='contention_end\x00', r5}, 0x10)
r6 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r6, &(0x7f0000000040), 0xc)
r7 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
write$binfmt_aout(r7, &(0x7f00000001c0)=ANY=[@ANYBLOB="03010000b5"], 0xc8)
writev(r6, &(0x7f0000000180)=[{&(0x7f0000002680)="1e", 0x1}], 0x1)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000002100), 0x1, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id', @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f000000c3c0)={0x2020, 0x0, <r8=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f00000000c0)={0x50, 0x0, r8, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r4, &(0x7f0000002140)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ed10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000889049938edebcd600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r4, &(0x7f0000004140)="02f00c1d0dda83190c8b2969e5d107b997d557314c4da896298ff72343456d7ad8d0a3c9d50de42ef139d0d06f47aefa86d39e623e4983730bc4acd2a3453e9ce8ab83ca57bba44ef9418053978935925402ab801b6979708a525ed019908b34e02f859ad4fe7ea4a350535a413c192c59200cfe1146cfce7eecb4623aeba4b78d98a60a06859f115f185f5849bc4bf657cc34fdbd22e7093ab80cc806d17ca48f8eece4181c9ac3c9683567bd26348a00f13b4227b52da5dbbff4d3903749eb428bb6a464379db2f0332abbfe4d5a1d8f3175def20fd81e00e99af5cd23e1fe1a02affae45d2fcca7311570b269f073fc727285b6eeaacd862f40f1e5b84abec8f63212c89e4458c61ab5c32f7347d7d537d267708129701bdc744d35218ce52988699adf1e34f61493fd397296b4ca0aefbeeea873eff80fe26c0bf3c058ab0ae570ac08e3c53079d31669f34bee6d68b92398fe21c1d76a24d858af557d7723d27c0435f70fe46b18d17f3c207ad809bf3cf81c3074be87ba9d2beb513903109a9dae4a56576ae7bd3ecd4917a2f22c756f100eb0f3b48f3c506aa5d717b9683762e8d268ecddcf5121ab06300b1cf3586c910bf23de3defeedfcc1e899c899eb483c9b30cc56181f34937c70e9a2482ce13531bb80293f85fe080e722bb628b67a1cc9a9e7607313f0ce60a8f79fb0807139f503622c7cdfbdef26fc004897ca200a9b4328e0961a79e46ea7734a51d3c8930ff903d4779a48b338f43ba5d6b50f27f69802ffeb5473b15e66835035b7bf41489804e99eab0fc7579f569b1ba37151913454be46c6cb12b4e5f8c7a0a64c992fe18e07088d4ae91fbe6ef05d74d63173823bcd63948ebd29b70f144c7a03c951de8e3873623c14c4a99b52a9ad881206005e66f8588b0d73994cbfd6aefddbf8cec9622f948fe21287b38b9daf40c6ccb3feedf50f90e8f4da6a6bbc14b87e514cd976302e223a3c9165ec4b79f341908a97e13331582f39da15f2e9a6ea5a836bff4a42cd816f7f2028763bee37e7bbd0ccdf419edd48c55a6883825cb3373eb0b222187fdbf7a0dd4c862e9c658a5590c62b95b2467b155a87013ad20d47bfc8e8049f8bee091cb893b5d507772ccaadabf407a25647019312cad64b940137ceb603e9854a41d540649d52e5b2a39e7865ac1ab41cc1304712520e8e2827403b01dbee87b8b0caffa3c1bdd3b81538743a5422be517a5c679543282fdb46b29cf256a9d7e1c3dfb69c399db615e2e785d5a3cc719cafaa7973a542679b3185f5f86e4864637ececc4557a5465b05bfbdfe433546fe822d00f41b45c1473fe88d8a6911cd673f3d71518d3d3918ed766030448f01ad5e5ab66a6eac88720f7205491f9bd15d448172de258c865534b0dad6e607819aca86211254ecaafe4597af845c1c92098320dc14d1bae44486a02b8e81733a2be227acf940df9a2e717d9373a52a82ae0863af2320ec820fa8778b1e0123d41e6a79055adbe1b63da8e84ad6eb7906ab65b92c493a8150685dab1e2f2a16da54abe9cddf141dc41ea8a600a5e28bd8a342be318fa91d2e98c36a681c98f5676b27583d49f4948666c80f3b49b2ef6b71896e980c6cf93856d2dfb59cdeab1d8940296207d1f15cf75d7beb6f744fdb38f34e00148f48b3b92d65dab43f3514761864c693e6fdf1e08be74ec507d180301d419cf151901bf2bbc1245bedfe9f8b91f64c869d0741026acb0499a4a7cb167107f609141c349a7810d16b417727ded0decd32b4d48a624d027a3d057a9763ac5139adb0042d70caf9969c7a6bad7afe5d8a48d0e5726396d379a2bfaf957468748c9944bad2dcbefb1474a7d782b2e8e278a10dc6d6dc921476d661cea4439d8ba17c95c9189ef879b52a1889574f70c022b0cb973587a70e5d4147aaf1d1f58836540eb0824e73386d2c3a94d253b99d4532c97c2a75588c536cbc24e47088dfebf31ffc0cb23076bb2f515546b3721d8063e3b88d3a8ea196b88564f65e5f808eff5ab6a30095d6e0978a286b9d693a6053231d71dbf96967b5a2c6eec44117078851bab60718ff22a3e8c522fa8d85d6df1a816b62a557b47b05c5df626a47928523541c23e9f0a0a86515437bc0eb7b9b4b7bb866206e093fb4a5dba6ad9d2424d7fb2f8f220b00be734c781a91ad4555f2714c6c59588300ad47d3ecb86fae178609fe60d9f604be31c05cf3cf1edffb45cc2ce24ec44434107834c6335ac09e2e931b0a8c6cea5ddee3686ec9bf9ef6693fc85e36a7fe1146aa93da6f4dd5f36ab0dcbc28d29ddeb481d5d4f8a2817733a8dff3cb07ac1256bd43dab768c1661e4c8bd3ede3aa548f90424fea8e39c6d5d639b49b7b4da6a95700ac6d9f66bae43320ebe5add0c0cf5fb8a1482c60a21d1ed54ca7967bc22362ccad5c9aca0a7151b53546618500ab0a32151c7e61fc1cd7207f165449d4935337ac69259142d952d83e415bf39227224f208ccd4f6476804b7a9ed45f14f7414e36c9c1000ae4ff34e5ccfa224875c81bf30a73300a22c9dbba7770d0078ff37c965b2d9f97e50e64072d7db371fe4cd364e305f64c1fc70b682cde8fa865fdd7cefbc528f3177a67a4f31f3085ab385705a5008d7572b8f6690c07a9f0d8754614bf036d4efa96b09258cc43787df3259138f995a6d9dd13728fa1745c8e4af63e48853bc63106859defe07c53ead96f2bbd300ace2df4281ee764ba0c2234d4e0da8c0bce90ee74322d50a5653001a6706c8f4f315219bbc7fa42ee186ac031ae2a7f806e539f6d498514c3b657f6b6864ba1cc94879bc70ec199ce4124907bbaf5087280f9288a51f6d2849a2ad906aac9e98874fa678c66e0d71479f71d81aea11acca91b1a80e1517f6ce93d63deb7712a15232856db2e4e33b0c50f638c5c0b11fb81c4d9d1f4ba9914b8cdb1ee091b320db91850700a5ee1f8b837deaf3eac758b1aa03ceaf559cd87f5bea97897b97661746fd0e08713fd5fe42a87de04a2c9256571a14818750dc51d3c5190d8c2055860c0470309ebdbcdf1c050e0de01e6111bafd83eed68935fa61dea3dc55c278080935ee9d36233148dcc1ea0a3867ece386248ffb58ad2c198ef8ba29ea07983740e584daad92c62ec10c3dc16be4283bae22ed5e39a9821a29a40952950abf6b41732933950312719749ad06eee0c08eae0136eb4f16cee5ed167df66482ece475632dd25cc43782df12a8573492fa46da81b527213b098e3d9b0bfc9da02bde9c8f0672778cc418f4c0a113a513b358674de8b218fd3345ccf4179a9db6c0e1858e558e749036ea70c045d572ead75e60cf08fb26551741fdb86ff3c0bfcda029aecb789c9b8e27f360ce04159b9814674a3b5ac823546d4ac467ae878d2d4482e4d5bbf8945155410b8e7ec05619c3d6e254e30879f4dcc3d93b5c3e3f73230e2bb406accf83cc5a3f4b8388b851a98fafa03ddf392b9c0c5232445a313f440f158b20cbc34c29a0e36a062a10ec77d0bbeeba5771da4dfdf3654140f53e85d98f6a065850ff5afec907eddae8b7128ba9dd0821acc8511f3e3c68e9ef9da35df09315619ab781192a648baf254fd5f35cb650b7672a9a82f989bf2039961f68763e34db401c903a40a5ee9495b7011893639ed3c3b83998503905cdc1dcfbc223bec4cbb5e1459ec4bfc6eb14dec0741e2364eb9cd9d988013ae2740b722704d99576f897aca6b3d5c34a057d8a5f51c1bce080936a21fe214c3516c6edda99c4fd104e033fb553839a386fa74549921ff4216589dfee205fec1031e121bb58ede2fad12805785abedd162396e11d36dcdb1993853eefb6e1c8c72afecf98969db8216da5276e347a327c60ec97865e2397127198151feeb9e0e6268fa6e88c50ec8d681450e642fc01455fa216f9835d6e309f9e4b5129a2a56db042f0c0486a47033b52f59513094864c0c6c313c7edebebc28db44679c3544e93375c80cb782763f37d85eba6c0bae5934875444245d467de5d6a463443933ae95400f88441d70891e6455f73356717f68e408b0cf91f0deb9aabce6c1cbb1459d8095433a1e08039132fb8ec30687f856e524ca8ba00b6a20225da41bfd260fa214c26de5844246d44ac5ee2af44f158da1f55188277161d7158fcb97b1e37ff3088cad7e79e78b19c7440ae76356f0b094f928a61e9195fe87a0330baa29dc5e1370abc024577a521ad224074f5ee52c30326e2d1e87044b2027232ac28ba099e211a7b33df9fb6d2fd662b7d38a14c40538dcad133f4f75ce114cf8e583f74d2d5251547541af0236aa59075263e2611fc807ff898163c56ef01e7454da2a6000ac229530ea7bf1eb75529d3c98e6f7fbf3d4cba327ed5cdcb83df0c11fbead1de4ec3ac5c2cb8dda8591f4c316e23a0668ca25149f8a55a47649daf9e40f784319e8b901e70a8a31bb4f8c0a86a4999bdfcb0e9f297e753bdb2a275ef98a92b8dbab2d6eedc06ce92502ae7ae76f6b13264ba41e717f8257e34bf1ba512b335d5d178d74742cc0ec6e7b16942095cde010cd90b5c8a158b65fc51d958a96a7d20446c1fd8d1b0fc9f2de8f404a80b504098dc68e2c60b0f43ab538cba0ca5409dacfbdff2267374775605dce498514ee7b32a7f55452986b12dc6178d6a926dfbac6bbdcc051d0cd54bc3aca47bd665e01bf1f050f7903f031197594c513ce5ba931e2819f5bb63c5238c19c1be9f4d9668e5c075804fd43ea60f0ab9f00e06683b8e29379a9326b40e8fe05161adf1cb519c31ecebcb042ed1fbb4b9f1b12470bef6e964855baaff5a7dd6146f07caa8097c778bd10e5ce995884d1f3b91962a7974d84de6157d3f54735d5b82e11e6fc000874ecd396114c693ce2297caf7a9c6a6814a890e4d74e17a16339ba103c0d2da87e522ed67cd23047c7d9bd1562234aec98b85ad4534522cca58ee17ccb9c8fe7cd68ad3d6d6e0edbb550ec957772ee1109d501ab76e364a988e02e6b4a5b62f72e61fa7cc6120d12414d3c8ea09bfaac8e806d19dd76f940b769863d200861e44c72bfd870005f6663a7a6d1d60ac1e376806293d5143968d37af14301c9d6506985eb7bdd607dfa4d3cb5cb058019cc5502c534d3a5a1337bbf6306184230cc21e3ef7744b839cd82fc6347316e098e05ced0f25b9cf5721f2d003bdb4e0a79eff90ec4aacd6afbb78ca6f129cd16c8b2f3aefb5a2036951db7ebb40d36723a75723b3d1011e6085493664bf5d336c5cb4079ae1ca2412c53c464831844c27f089ffe345a2029118672b2fd2a24c72f9088dc5f92cc5f3bcd6c7359f52d32ea15172e95af7e6c81c52f20995877cafed48dd49762701c88c225bbffbbc3160d838957588fc2d41efab4148bc961e8d66b5b21e7eb4228a132d61a1c9f6e2baf7430d92478a3948fca4e10594167ca5e72678189cb4e90a0b0e45caada64d15010d73157cd8b4d04099ecefb1ed187d673d1bd33f13dbe4b44d351a34738280f21a79b3146b0071a0924e643c1dffe0d8c72b3bdcc00f203153f63c249f18e0e9e7ed1c0237411893832fc5be40d308b194bb04a17e38f0717a0808058b7291d20b6f0f1e5ba11e2351d985138c61806b41ea5a77ef80feb1f6f7383000e97549487f1bc9c3b5e8ccb6ed7ab8e08b258c75d5aad2a01fe8b5777ef5c7ec1eb3feca16dabf8eb50312f8786d5018d7bb7c9776f028af7b3423af3410696587f3feba823e5e3ccacfeb23fd4359c252b2ab5136d2fa7a6633758b5c45099f70a672999329eba1c89f07af0eb7c3fea5ac468ce042d699b6f391eaccadcf6d14e97c620a5eff7d92946f09d79d31cc876da261182a73a3234d5e53709185680c8b5376e4d8445fe4fff988062f23e42e4b7908ec079a840f0be839062074c22c44b7f4c4b23be2b6656abbb103acc0bd5058e0112a7d55cdce5042a76fe24ba5e9a1105c68dab94dddd44cc6c860172847f20e6ebc49787ed8ca19824b09468933ae9a496e960b7c592e783b6a5f10a9d9c2265794c5891ae7eb9cca9b3f99981a252d522047b95fdb518fe681829948a9d329b9cc7cb2f806ee81a3c930c73c8f12a05b47f1470ff08d5a03f37dacc1e4a7f65563f8825f9ffc316c2ed7a5ea434cab348c850d1b8eaaa0ab2ef7460269aef06f9c46a1957575cee49e1aa72d470dc9763b4abd61d34693e462353c1d023249bb7085f1362ec6bab9d349633d5f9637e6a12690e502f8af9c2d37a3f573411595539c66e9f82d5b39c01606af258e769b2391c3cd0bb0d93eaa36e168136b301d516724ecb173a0766ea9e9d5be5dcbf58e0322261e584d22594cfac91d16bcf38b8cb69e022b0956fb4be2981a526bb1832749ea1f7b188dce590927620ad9d6162ea52bbdbd14b45ff967f183c1af4269dc16a1be7b0b5278ec02a259aed022039e70a9c1456997fc1d053b1ab54238d8282dd11b68b806c745a257a7c0fcfad3277245b1f7749243f457121b3d17122f27be6b1c56e9bc151f52db66c92246072ca4e5d10619a6730b1609f133b5db1f2b0bb4a86dee2c44a6e25299ee74b99eeab5f195728aa45dc7bd300bccb48819bd40b12152b40e1395ac25d8b0cd1ae12b9cd46a8e54f495cca85a680cd43f70f55505f1a72c030dcebbb2e5b26ec971cd58c76ee67d86fe075bcad475658f1cdf09c94bcb5b4db83b3147882f65f67921267f8471d8deb7b159761c83fb9547db71b6878a21287aef6a2e01134e735c073645d2488138f280754ddf66cf8c0208e51a96696e185120a6b84a73d2c9bfbfa9e501f1126b44c491ec437a0b490cbcec5e8e0e0c21f803354d2d1923fe82509706ab34eb03101dded5f6421a6b90dea3db643a22eee1549e30d44184bbe7b842a656b91184ebbea76d00942b429dc07c704750fcab290c43bfdd2aed8257c21312933a11a76d0be361753a49ccbad5fab68eef867e11fa99a1d8021218809c0ce0bd52bed2d5c97fff7283e549afee371b7f1b3973ebebcf11f9687c7086129ada7bc09bca2da4fc02c0af28aa043f3f2c1e02dadfbc3a245dfd2e30e6050e05388006852e871b6890ddc006072d1a062978240df6166ba6ccb732195f21bec579d3d2b3f13e818e9fac77be72152fd441f6ab772b7fd3f888a91f8420f336e5a69e36dfdcc23b066506167960dcd1e5c84d4f236bb83f8daf03007d86d5b34aee798755077dea9b4faf98daa725cc3ab671b3b2b95c193530e0d018309a460a518878ee82e8495622028383ee97fe6a0111521b9a60fe51011bd0c62ee11e7a3dc5a0e8e8b82e476e752f63c5ba75a32e7b5b40d8ed1f539b3262351ce42d1bbcae0371ca72790ca4deff1441404f072947970ed3f23894e6c894c9fc7644c4082188b1ac8ef1e5c045bf438b9b81c7333859fcd071100785e14568c784ca30c4aea8a728a7796a201aa1b65a9355cf368b440498c433414141aaeaf722b9ee70b7cd28a3c2beb61ed99b619a4486b4b7210fe5b1cffa4474421b41303f6de7432874327532cbaecd0e1e9e90f00cf03161e9748807f3728e947c1ce281f3417a3a162deb2d01a5aa330e95b5624769d278aabfdfe6e8089c62ee1c26be5c121cfef2fcb549c1671497a05c2a397f5090caf6913fb39f01a095d55d33ae31d36bf223cd506ef2eaa48b1729c2dbdd7cf84bd1c2d0ebed7b6487991de616517c4e53665e60e6bbf559dd5cddd5eb88087fe6d0e2632f10b9e0f653bafbf992f55dd2592bea82a9a5958ae3e767bcf2c50b691e33dab8d2b1b2fb33419b5dae945a7d4a0169ec64817cc02b02139d7f70bfb42516c913311b42323cca46e690467c894a26ea624432b3c536f48ad569d56d8bf131048f81c0bf77460bf7acdf513087bcca1366bbfd05136ab5456f7e99f545f343eebf57299bfb4ef4a3af05357037e7080ba36084505eaa7339fc981cb99e381c3456d3de6cec5c5dc76427b13db53c9bfe516577b51411602146929e08c8762e6c99325a00242bd15f511f25eed7aac3537aca0407c70f362a0583fa10bb259f758feca1edb4f8adff7626bbf67fa0d940bb773d1afd523033b25107fe02161faa7a2bfcd629e58d681be5e980f8d563daac8532bc747a4242fa539416bfedf38cd8e3aab1764102c87627308abc41f6ebf8f03126d26ef90c10f0dd0fb5be22ee794fffb3ef0537f640b92c2ec335ff99422fe5fa41467e1a95fdc98e13881e1912f73afb489f237acfa971f6f64d9dc0066552167ebad1a7797412998a748d3b236e41ee5a8c223a1fa033389dfd2beb582987344db19988096e3bc0c44c8fcc4ef4a1d60b3991a5e3eb08d476c6dbdef30ce2b7f84de6925e28eed23daafe6be895d9b9c055519f9f3dd5c67cfafb5138380f581ec2bcd15c415087c85c32db56fd589883d3f1c81d56fe2436e910bc873596d4fc5abe0046e00934912f70c028c41390091988fe9fc46df6f10edb697bd1408486860fb6e77c76b4778a151769be25d891c1bde084ddcf964a7d3e528fb39835d8a003ee95e31f7c6c8f22e2d97454b8bff0450f6d9d3f3066041f19aa7e99cd00bcdb238e493912ffa5992eaa0c10dc4e0c4277ad8b5b9be74f72a0b2b89cb5df3ff6e06d84b4db052a1846a2b8284d49c0562f561dde8fe38bde79afa4eb12095c9fcfb9805ff76db4c63f2c737bb97117f880284feac51aeb26e21071a8770cffb4670fb94894c5b7cb6b60c3cc6a0e04458371bf59669f07be5517d5aafd2485aac11e29332bc9c0d9aab851d40aa713665be691c1887ed057e63bdb4da732f70dfe503a009c6c431d6780559273215a222228082dbe613d2dc235908927b1693adf812ddd267d1f7b64abc5e174b057e550c60d5b4e5f4aed8fe16dc5ecd7d7fbc3647efe8abbd9f2ce4f21a14d2e76af8a0551d99f1d35cfee6a068f521af0340750658b415685ae99459744c3b29e24f70977ca21e8638045a3dcb88556904f4cdb31920b89dadc5b846d7a1306d1f86d179e1f611d0c061146e3df0aac42cc6710231d844e167a57b99f68ca174152d088d5af232d5d4e186f026dbd0fff228e7de1ce0e5d28f439e94b6cf106306a740071a03ee25387d1c0b2da3b24dfbbbf078458e3db1c42d1c369b3f57946cfba615151c118e5bc31d43f9621bc30ab6fca226285c50eaca6daedb148d0c4acf1d9691e875338221074630d9ac117fc704b06da6b595f9906681f5a598d0308da0d56e45a216860a3acbb2e00376d2931a21695239a8216347d39f649c0d990191a62a32563cc967a03e606ada7dc76e67a1e867ace9e05e8a27d96987b93eec3cbce6c8c4021ef2a7a862bcb49b2450c63802c41bbfd8ae9f3c9a55a570470c41a9ac7ec88c83d5c1f2c9342b30ab09e50271a7be04feedf85abac9efaf1422a045f6383886d3014c6436c7986f264d119b1f8aec8c67be8147feebbb94266c009d98db54dcfd9b6f275f13c210d10d808b55cb558faaa2a89f90023fb7aff01dcd6143c7fb985e286ae7bcd521916794ac148bf85ef14d8a54fe91739a4b0c3bfa4e77d70ebe0bd187364be48953bbcbb220dd43f2e9382d430dd0baf069b6e3fa46d696317b4b0dc030c7edf27c416f33082ae1b0b13290580b5c513adb90fd373af0403f268521fcad12940dec7f0532aff0f78813416cf965937f7ca0eaeee97dcf7a7ec603b892ba55801a6637ff1a8e4d99bbb969ae06bfadc232f131b19cece7b8c998d6c57b9b68d2252d7e543091583b67b868c8dc079c1c95294c5e039c637b1a02e58d614fdb79f3f08a29f9f90ba09370675ac1b071f07bbf97e48d3e3d102590c2fc4ccf5354c088f41f1abe507901a1b5e246c88f81e297a2876182669b16f1be10e68f3bc66c7e20f34ea5a5252ea013f71ef78931ea4e99f5ee9e4761cc3f773eb02fce9065c333eb58da334a67525d9f885747aeeb3193c3e6b60e037b7006435be7bf1eb5ac592e288984885b5f9781a900885c59ee235785501ab93d73ce758aba261f5cf1d732246096412a0a9334fc113b1fdedd0a15961a252479a91a889dd312a4fe44a49a5c8f3364740e2c84ad375226b0a8070d6e5f316320c6f33461e7c32395c60b531aef2690da2ce0a965df38756c26be257f62e89404ce58a62846e11ae30490ed476a484c5b798d0c67cbd795b7e02d460fc1be0dbf85180fbc7d650c14cc86cfe65259fde8d330ff96a175c49ccdca9dcc9886dcfdd763a8ac7bf4c02cec7ca5f808406a9a04ea18cab07febdb8f1f65e987de2cf830ed782ee590f857385f3514798bd3c98bc0bf3c9ceb63b7d2c4d084332f0f4702c185fe9b1a5780f8b11f18b10c9eae1d18a5d45d2677cda5c927906c507f21b987026965d5a9edc182cf6b104878aa8afe22731b2ec16b692cd2819b37a50036db1b6a47f6c47299a8bd35735d180eb1d75d956e8d020db4279fe1332664dfc01cedb5742545a3f2173a159841e11552564c3fbd39fdff26c4438d0b2f66b65f4ddd5778734562eb2bf1d56f5970a8463b520cbbc55dbacdf37a6a16e5c7135f3120c7bd4bf2fcefdf47d55d5a7ac628341ecf694098fd457d23bcce0b2296bf99ab9aff749af11b22fa2f24d4ee95659f3faf48978aea794a80415c845a6d7f924c68a62972db65b9185ff527719c5f8bae299fd50bb7ee1ced73528ab0648b870d8e8ff0acecabf2de8fd4ad30b1fce4084d8e1cfcee237f13a27e4d238f6d2eff350f2393f5ed9918cc35917f2035b1a5faf297bff886b6716db37215b822c8af5142ac94849e5484adb4e59ef85dd56473b1f6e1f6065c8e744377d98815f53244558c42af67e3502865bc81c37741c5ed3ed07e33c64a9d8b2f527e54e3c7e10666dd95eed759e8a3244c5a704a9349ee929752226d01c10bfa94d31ac2ced8261e5fc3a15f68500a9e7b5ad53fe3de581ae3fc9a03fc4da706c17b40ba5d9505938dd55f09989812e25ee54f7668fe8bd274e0c0b040a15c18b9d8bcee0cc88590637a8e7b6792ea8aa8dfd4fa8cfa183f3ce15308acc9d91d02e7f7b46f472c8fabead73ebe033fcc507384948a1eaf03548d79b649be7715b1aa0814a59183424e49e86bc9781ce2e9e8277a85f9b0b4faff231453829faa628ab00daedf8b8aeaeef758bbcbeaf8863ba179e1054b3da56466486fd9b8dcc42ca1bae2d4ff8e0877d9a726744080e125f7a1bbca906bcc59e8798e73bd79e5de3b4a79aa2bc2e8be40b695b5add3a8fc0952053bfc352849fe1ba9da83daca4c904c66fe91e55709ebca2a36356912a285f2206446b3216d78c9fe498431025b1af22d99537d5f86efb23e11e6e8e7d6cd97069c533e908cfb234c26a3424915459c53bf76ff18d7cceca11511b689611ff74118844aed1d4882f5d2a9d051bc3e051a53b7633138d0325082263497c9102cd33fb16c27a93055617ad14befe6321d40251d239d45a89bb079e24b04470fa75454d91bcc39c233eb0ad4a03d5667b9c7eea0d927d665dc2db377c71cfee93bbcd77f6096a2dd14452f1d74a9ebc7288670943ce9910f", 0x2000, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x18, 0xfffffffffffffffe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r9 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0)
ioctl$sock_qrtr_TIOCOUTQ(r9, 0x5411, &(0x7f0000000000))
syz_fuse_handle_req(r4, &(0x7f0000006380)="f7709f77945ec10b4eecea480cce6641402373da5e6d7f24014f7acee96be0135b59ce90b463223252169e036a4daf3dae250a1e6de526211d43d9512ae526730f553268794994fd54868ec480d09862b687b463a8fc5058903593b9bb4d50879635cbf67a9e7d1110fa0e8ef89dbd2abdae33183737b8c0b907f5cc74ad6ab0383f8240e091417d2816317f40abb64224f616136f93d932f2223ef42fa3c3155d53075d3eb1db73beb32bc364e3fc246d3dcaca2dc91a634815412bae915cdb1a6da7884559403b545235541ddac97d7b1ea8135539ebcfac1edfa2fee8cf78bb46da7644a8f9e42ae06ca7a188b83fa537b0962a10411b67fc4d7dfe9e95cce2aef82e75f4680b8ff9976b6569523b72a86bd3a8c96f30e85812fe33a610c2be0a3c1063e2ee864c6e8bbf331f2768accfea78700a7321e4af2db46fd162457e439369da2217992b77502b9b958df27bc086369963793854d7f8b00c537de3216898b8f2c1dd925049eef1ab57bb6f63b2d88850b49b3c54d71f545afafa16bd2d06ae501344987623890fdf9ac04b179d2131070a34cf143697b6642bf5da67437aaf5e78e7e6be85e44ad7b265d78d2baf92ee5ccb0a452eb32fb3fdd1a41abf3a68086acd20458af55c086f77c30bbbce4c19542f92ab1e68393ffa58b140586b49761aacdf6aeb7682561f01e0869f503c4a161fd405046d3e6523bd4071c09b7516e4e784f4d11706f1c2eb170e735e563c43317a5a9afad28511163cdb63660beb699f7b8a7eaf57d48517974ffa766fe8deab0cfb11562b9c281bce2493d08c40a259e0325c52124e303064c6fbae2826355e531543863030fef484621a381a945b6ec7253e20047e7294bd069442f72672e6dfe1ca17d75d8c6b16c931438cec72e6ee53f3db89a10a38a93cc84c7393773461db5074b4f5060dd0a04a069a7a9b078856a3fa1786fc8dab621ba622acafd0781b523ea097283afb0c59222a316c6ddc0554bcaccc70288e524ed7719fc02a86283b57690a7320af028efbaedd5bd158a9dc9ea8e4f53c7da7566cdbdd4f4d9f01a9dfa6251a355e338efc8eee258add8731c7d22161482b7e3c8bc83f30482f9935fcc5974d9d0685b5fba3b07d7f85cc8fef18ac4e8e915b8476bb44d7384c996921ae40a4fdd2dd2a70ba17e1c2d6ec67b8f7b45568c105d52afa9c82bdc1dc7fd951b1e4fc1212bf29231d8e41ed4dacafec9a823a672dceeee0e4048b5620373c53ab8f3553c842a5a6d914f8334d6d8a4af785f418e6b4aab3965f94ca9d80a74a5a034fb6edd0322696aa1060d82c7b104983f8889026819ffdf3d45c604e53066b03dfae13fad499e3894120c10944eaf752989daee4e172decca9c2b324a817a7c787e6bc59fc2884e358a1a9b14b3704cabe374d23c002b8112be68f409302d3dad0a4c02105cb54c4350c24e6f3b7588bf1c28ae321ebebb930cf0c3b607acff20663eab8a593320c518eba8f9205350f11a9c1530115f7e00f2aa335c92e1305ffcfeac7cdecd6f1b6a33710ec77ce428484712d66bad137b6c8da5aa51d1b7196d981a14a40df8406b292f385cb149cfc0a86701566674e089b88487f34fdb0bf16ca94d9da4a837f15d5cf8f11d9c226844d3eb18d848420f344a3992772125319abb641ea56f03fc626f092f67a8b6716b29cf8585cf5fe25a35f5dab0e3e075ba3c84116fb6cbbf99a8153d179ffc1e64356f1fa0bca6823ebd8e1a176636962cff271cee5c5bafcb68fad4921e070c4ae08cd8fa0b94534f11e66403d129a5e8253bd3a9dc09a8189895819ff618532bf6743b17a243d515e63868bdf9287fd1bad0d525759953624c8e82debf88159b2c22945535d9379c911f89c7856be1438bd02df70c939b80741ddad245082a72556a2ab3c2390b84c17b6119103a0b8126dbc55e05b153ef9a12cc67f649c14160c698a7127b39fe88fb91d19b2a381c08114c6e3e6d3d42b77602c838c421a9a414f1eb182d0197ff67dcfb5d79404afbdf9c96f475a0d5afc9a4d7cdad458eed6b1de6c13b11c46004243db779e7ad6dbbf15e69ee34bd2524cf72e49a5352992a9251a86c3dc30d7d5fe61ae538928e8fdca0e04fdb5917523d8266b7b4f1679a5082e798f587c5ed9084c70965e94e12f643ab0191e606c2eb0c3359a2b8504f3bb2e721cfbcfdd90c31cde10992c9400273bbc45fe5ba34d7ede773036e2fd1fec1f001c495accdf8ff572de3eb23d2b1448fd67368d0c37f8bfbbf09bafc8f99a44b187f4f443c82b21f66f722fb59f40ce0f9d83c52b9b3358a80e102b21795a1cfcb986c787ccbb9f9c96c2b66d2f7a94ef2c2a5b65d5c2970ba6f3107609f4a67432835c2ce1682d260f6826072a6b6d4b113a5b06311677ca01260f3567ff1ab6be13b455f93916906273c5430fcccb57e0d78224ebec422763ee3a6b94528749a7ee5f70c9036cf3a99a9c98abc0e8aec18733a0c7da76814f2ff741582a9d96eb798426065764fcf86e40b6490f545494b48749fa8d398c5938d6bc7dbe183deecb913ef4c61aef27ea6bb77c23af09c3dec453f01d8e0cf1a3df30d73d44c4e147d9ff2853cb05b1d9fcd2d80815416f65368c477f3e8b676ee1ef5b9154850f02951060f5335d7b8b1c395151b443130d27b4aa0cdd9c1badc38e1825cbaea22480e1d8a986b001a4464fea618707f43bdf7949f500f3f9293b7f7f28170d45eb3e9422d7a107d5dfab18b8e7a2cbc4b42a818384136a49a021721fe07dff4fb2f26e74ee6b5725166409d794c69a1a5b27cb6263c387b81612add3c9e9e509845843a6ffb2250d37c365e3f57f0ad6e908fab119211e7679b41c8e298f9e85558be25ec0a4e6c9aa3d523ef3771971bfd272fcb736d10fa98a87b78c532fcc322f5e24baa21f2a3c84a90ec9b546869400bad19dec3575ebc69c8e512210b81667ed3cede89d10ee5871a6fb166b2f5c96f079cd5bf97f41327930b210627106c4cb6d77e3793b808c425b8a4118bbaa2d1a1454b162cf9886ec17e215d12223a65348ab33185861ab1f3166a4a925d25a63def895a5b01deea11bcaf17c79d27a922834a32aa0f8676793c7257e44d3f7768de19292a385a7a4b3fc992abfb9f8f3ada57b83dc7955c0b2edef1a8214dd8ea2cc9679685137dd63f3918020e2e2f38602005a4a6e84422867b9160f65e92e053d0b58191eadcd5a8a69b18e3216ea63df3f31869c81de88fc75a1d9e15cbdf8d68ba50cd8dfa55259aa362c2615ccab13489844d5ed995383e334074f561a4a67e1060e64a818fc96135d34e604cabe3d9195cf1283725c7700e397ecb72fc8b36f38cd0830b19b439101e4b3839c48ddc95367bff87b888407a517f94fbe58a7033db1123c0a0074c730e34ce821e12f43d84d3b4f0310c6ecd8afe7779671d7b825bb3892825c762b86f0ffd182b6aafd477fadf0c7a931cb61e2b05fc11267bf0a9882e7c2f8e84d3480d9e4576cc03f0e1dbfbef9f66840ad37e76da3ff8a419730a0076de67e9b913f03f5b637287d981eafa1223feafb86bcff5b2ce987f6fa8386ee036a3f75fe014ef90b05a744e038c43766b5fd552e66b9b4996f774988d2a70fa0bf05fbc453cc4fd0ab642db1bc71e1b63919f3c49254f177306f9b00af5782c0633d68ecb85f93fc1afd8dee3dd1ca8b0d7ba0ea463de0b6e3e05c080f832e129cec16853923cf15f06d9a38e20a5a6fa5125d03c1b72680547eafd9fdf246af08dcb4d4d746577478fbc72d7a36bb4bd3b5ba4dc5e407babfcd64b8c413d7dd5433d6a4ee17d5b4835a74c81414a9397d73e15ae387f04a5012a37c88b226207aba933d68a67bcd38f5e0fb8b24c4434c3a0109deaef4f9ab1d230ea6a4acd6db0c3962d0de3bb64e33a29af8dcbf39d48a27c1649a66d4aecdce2db60c50bcec31677559369184608db197f2ebed81ca8fbeb9d2f8c486ec9839e765df69ea634f2815e75eac613febfa26012767c28eae207ed9315bf19c42de9602f44f45a9cb9913a67548787a30c9e56f3399ab281c537751a28d98392655a60ceb9f2515772d2f1d5d2843952312e2a59061b60f128def6795e0c8eb7b12a710c1afacc84f498a29d683d1949c17f3aeeb8b9a32eb10bb242d61a2db5902d592224fb8e1e713ef33caafc6f8516333ca4886345555166e91a6469d67f39241d144c6457c0f74c60e662439281a660b3c802eafa5825fab36b764d4753b33920dc72ec4b7136be556c7d0d528eef67049f5a7bd9cc7e4e94a4874ad8d06595ed38a5f1cafff1018c1351d1d7eab144edba6d4f9eeb7924a25b9f7a3eb20984919d9ade66a18c33f92b65031472ca657a724d86053a3fc60fc5502acec81822bc609954e402a406081cfe7931a1adbfc45a3168e30a451561302a131ff702b4d6c5d3603ea9d1b54c64aad93407e078d6b435154236ba594e8d2f798bbdface489b43120bc0bd7e1bcb6658c2c192ccf18f278e9c5bb14dbdf1a4eb3412f9dc64a31abefd79bd7c91bb7297c9f694840a75cae5d3482d15a2d148092a6545972b7f95a23206bda509260bb370a012b744c2bb46b57da12367d35e778b7d7f463fd8230368b5a5636f28e2cddd03c69adc9c913027a726130c95d818fa38ca7ba8421d3fcf0736cd3001ffcf80701cf6d737cc3dd8f905af39fb2806d2f22289d0001c74eb482f4faf0a1863099cc1b236edd1cfa206b21a2ed86affb4e6a3a4dfb54fab46c8c06cd3e370b50e08e1b7a08864269d867eba5fae8a49560e9479209966002c09719ab8ca58702bfb0071d3859df0193a956ed4d8ad19a2c79656c6dd42eb5a44b808df394333683b605ad0cf176bfcfdc89b01317a802cf0ab02fc3673822b55fcfba512792c9e40a150cfae4dcd40b2b12296ba95063a2f50f552b4682c4d461b1efb7555816b5b836ff0319af6935ae5b41e67329a7b21da93c36fcd87cbba1653c0d00077b14cfcba24f891d62219c157b6354300837d211fbcf1881f5e98d6195fb782479e106c072020b56285107e2fd7947bc64ec9a43a0b239c140ec0456685ac3eba988952e641d2eb16cd0132d2bb25576fc6bcd5e29eb9da2d40e8b50776abe5cd7ea45da8442a311977c51755015b3e4995739edef0567a3f169e980addb1705224175372339de904eb952e13f648449722258fa21f7e53f4a1956e8e9a39dbb18c6d2d10d9146358158a0ab7ce3f54120b705e1ccb7a13fb7e9103d0b80faaac31cab07f6d2d9f668c707b5e3bdf259923a1057816a31e8c771267fd974193d90e1a9000001009ba52f7af599c1aeed13f6619cc0b334396b750c9017f84cff56c0dfecc12faee59e37cf7d44575bb448abb19616d4fa79f4fdf96631328dd0d0717f12b9587d76b577bbe78eaa7b0acace3b79776b5d2e77942c57745e347ec766170e90cc66a5191bff3ad49d423ba2817cf92be74e653cc6274a20bade324638d57a27f2fea01d4670bc1ad5ec4d006492ff5fa616a0010be824766f12acec9b26a7606cc8453382c3dd1f5f5c85354569123824002c44d0ae4cd2e1ebb4e33e3d7b69fe14e05fb53af9d66f53990a830120cd618cfaa10e5f6deab4ef4522afd380ea52f90b181fd5b538f424900aac643d118c33dbb6ffe0b2428844f51943412d8fda4a327b71c814cd6345b3690a4716f04fc7323ff1af08e82ef5e571c9fb0fa9b22af40948febda32ea14ecf61700eb02967d09bfd078ace6cea259952c0be90fab1ce841f1022d2da82f173c580d43effdb424b1729aa9fe40292c082043a7c901bc76426ef6e3de788db31e50f54458ca4e360bb803b48d5a4be50724c1f48b504b086d9dca3ae74eae76a1849d14a4074f389aba805b793f9662f072405026afc3ef108ede69dbd2c769886dfc75a9a2e093137d92b38e34a050eca73cd3067d56dfd58fedaff2857e720b09d676607a1e8eeeb06b26494cc2b844f5e856271732477f384af839e98889d5c9cc28651f6eb74029f839150f947d180e48776ef1c829509e12016c6d1b717713e6325751a944cd259b1b86b1f5e793cdb55a73784498be09c2cebdd70159c77abc7c64af2e2de1a860a3e9dd8646b7a6866e1891fcf97a2b3ea47c0c57c5fa9a94129c2e27940ab9fe996eb1813d21d48fb6dbc9b8071c50dc26b4ed21588211fc5edb1ca873c70b606678ae7de9c10d2d083f372421a3038c592a38aec69020862f4432ef9ae7f400ed53b44bb58e92b022ac8b62a6b459337af339dc3346a809b715f9974d21e606244d23cf4dcb0956f93c14047243172adc97a1fed868bc49fb57ecc123425a21e94dd5b9d1ff52bc45965a7be2f5ea8218750e2cc8f174fbd2c7811742f5f17fa1f954b8423c403fd2e4e96296e37e0bfe2edd52e8c3b921dac771c61524455b401017ab5f655eca76139557a4a87cc30210b052ae17a5ca8b634322657ea4d87e0da2392c470f8951ac0560a01b4d0befe632ee311d0b87af31465d6cf7854f5738cb5debfa1d7381c74f45eea08c06d4ddc9e811d1a33394a35efdb7121cdf5f1603343df8431c87718a5d4cf3b2e593508d8b63f0d1e82f9ebc40d4022ba06327cc8233f29c0995da512b318bfa212e9582cb880d9bd6a02050a014294ef321bb2c65e4638a4fd2c8c27fd9ac28c9e49cdae6dd9eb05dafb38a4a003a56dba826e386f5fd3ab0d54b92f53ec11c850927fc4c5b669c67505ce59306ad86460b480b711d4b31c512829b7037d1c45b5b84c0be40a038b5e975c57c860476318a22df2e4f90009c38481e519b9511e54dc59e89a6593bc53ae03224466513930c5ed3689793f00be192a58a919db9ad1267962c0ee60327ee710accb0da037610ef8aaff63f6582f691096fbdfb1996abc4443cd4ffe04fcad3608413044b978d86d3a18bdf86fdb70cf7e7bbb0e4db9d36176d0ba8a4cf81369fa84ee55466df70e6d4431a873000c19bb5caff30c01c7f7f928cde86bea5c401e525fb8a938fd016bffd5c9d52b279e867bc64f575b80eec74e7f66fe92aef613636e50c8f32831ab4b7eabbc89ce6d7bbfd03b6b005e0c5ba27268369f5083b2ded32c1f9e8cd73a1daee26cf03dbbf9c476fd0f14935244eb7b544f8db1c19d8a21de7e8a88f540e8949f721f20d7a47cfad3f52d93c11a796fbe9fbe415194193e5c70b33237f70790905816b856c252a30e72c081a8bac6a1c9fd2c372b9f870831d6ba6671fd8684f25e60cc7e3a1a02ed5f1a4fe426373bf61404a68571e93f35659b6c37f939233ca6663603b053c8fc74da84dd971b9319a1260fa2f5d66609962e93f7f33a40b22066b86a74fb38bf1444d025f27f14e922661471ef8ad503e97f8e7dd6b9c9a420885e519e085a1f26f7149b82881908021f601679f79c944549bcb431a7d2b12f75aa54cae39f9caafefc01e7eb589d2eb574937abbe18b419d7d27309acb330293456337cb9d753e08f7b890bbf76c4d6ef548bc3b5965302bc65ab08a2420527c1ad8be374cae7cc858376219d39a7a6d58c478a721678e789bcc317a4d1acbf47870a4802a07ac0332f7fdad7156065de511862c2a076e264138b98e7abd1a2555ef2e1ca44ee68f06725508891051f6bd24479a616606024841c8203744b999868b9f2b3b5e8a42f454d25fcddf8f5569594716a4022c3ac8ba67115b93d8bb50684b0fb100dabca7f6b7e29b723007776435829c6f21223d7a2556766d198c76ab6cce3b6e6da5c4d14a26b7cda1cebe6792ce4c1498fe644fb4408189e472efde923506ea4d18aa3284ec311fa942dfa5d8b939e509a10c69461993cc9d3ace2fef29afee8d0894764ffd82371d5ed363b5968447ad3c0962b86584cc97740d7bc3838ab1c1b0198ea830f122b200722d3c2c8815a2a5f90382e1c58f2348dbd38449e28c67ed85f66ea3e383b91c782a4e77ad4aa538db6d15ab90dd464318ded6fd293a1b0279852335e3c94bcce6f37950fb23d96f84465aeaa8fc2f71ce61a1416e579399c363bb37ded602fbea1ba5de87ab12bc7aeb5c62f026f648ab2babea2517c3ade2828109da58c010e6efef544088ba412ea57d3cd4fad3fd85b17e386ffc8a700664b2604c8a71c011e894ac03a109d9ddbe0b6d625d33d7d16fba5bcbc1ee1cdcfc6a475a23aff414e5b4f83e9d18e10f9e6dc49e518561ad53a110794d2ad9c7fee95a03b632b2acbebac42c996e1b856b2f18a2a3bf7cb0726c10b6aa3ec2d78bebd26e86ecf78b87736017cffa7d654b357be120985c553d11dbc932139ea6e1efdb7ef34598db568e66d42429e414b5903ad6e616ff7faff6ecedec529cf16b280c18dd4c3c8cd5192f625965e15c29104855364565a4a52ac5ff78eb31a6e7602e84226a87364708c2a9fdcf2f66f5dd0951aacb7b6c8f9bd0e534ae44b47799cdb8f683db5a3258d6f1943e04e59b11fbc6f57d16ff150c94a22717c1b483ad064c25f09022cc4ce09e76fed2b2ce84e9a50623f84cb013d00b8ee3fd2eaf1ed84df2b29d3119865f5df8fbb6d7440ec6da33deff5c60f466f91959c0d7c7800937cf59fdc6e2d53e809a6f6754ed545fc71c42a95d198df6329a3f32ecd091e7e643727ee34241b9244ea9a2118ccc6d5b52f8dbd61dbc7a4b65e8a4b0e937669a8a6377022df74ac0d2d42008edfa83a71c2e14c8cb7f3e54612cbe5b64b31371f445ea6235467b339b285bffaad0acd9af5159b84f58a3e0230a7e6f055a016a0737b893e0d1b2dba11de53529c825bea86a455bba90eb4f10ea5425d498c18c0bc643a5bb07491a8b6d89b1c92329aaff3a9cb9302f81100d97b78a09d1f5c512c26409796608b77c969c070f6e55037c97bef2c30ebb373110c2356e0663c0a7010d13f18f9b7b1d4a5de88b110efe433a5dc9dd03ac7621a6de39584de91e9b43c5ef4cb435eeb45b8865540355030acddeaf451a453a0b0a76cb064ea1e939dc5491f2c591973c741cf1f73ef4451a1b43ed9d9e0c7b126b869e7cd326900a470dc08a15fb176346f7431dadd6b820ec10cba33d7097ebac9c1ff147fe39d9cedad2828facd8c37cb22a8b7d55b63170f55ccf45fc25715d00e7eb7c3f32c5a7dce02bb07073daa170caa4813b2102648cf6a5bc9ae5ef3fc4c6240447190340469cea21650f79f5ff0ab60e6fa8a30a45f29ca7f4356c275ef4dad63b07f73cc672d26091db75eff3e19b51272b0b786609333f6580a3ad3c83673df3776d04cd05fa86b7b8066076b71377580d8b226d9daec174cf2a62ffd48259ca04821e949021b3f540b5268c794a5314de9cb143dafce0575c06750f0c125b507bf39bf0abfc25b9bc39ddbc4450f0f3a70c312905a5c2d11f7b39a3cb0fd08be6f8b74c5d74fdfb0477c942caac42ae596e0aa36db5f10e1571231ebfc327e5a6111eb2f2a0e1be0b0752018973500f1b7c832cf36078c24717f66983bb72649829af53389e89694bce146f8cb358d7922ba07dfa9da6fbd65b7f5159010b1bc6847967b9eeef7c6db90f48b1c1a7ab63481809111b2876c73c005064bdca8064ee8d6d7b3817db8f5dc82709c586afea5850f415ca7641b5e6f45ff93b9dbc2f62c40c47dbe61a069d88e3664c8dfc9be2b35f8896e6d5c8a35b864b50d50364d3cec828a4f7dcff3cb314c9f7ab03c93e1fd8c5bfa2c303d76cb0954b401927a000babc400497d3f3a37c1f7a685ecc12b28db4b9b75debccfb132a4bb3b19ba91a441a94403eef6ad8222edd1dcecf215580296020731cab55029a189561499d34faef21eadfc370f98872c2192aef73f0cdf80de61cc9157d1e08d7153a49f7d1151fb9f110febc34e760c1afb87eb36c9df1d6aa047cb655b3ec5fdae8e2d93861070f98bd5f1c53c26f07d7c43cb295440af75e87671a552e39f9bfe1853222eb8ba0c8013944ee61dbe21281b1d4e3ea3dc0353d4ded5db0128504b97491353120c63bea1c5656be047a77bebe93efbab10375cb0946624e076a93a6ffdc284f4aa9fcf54ebda3653d5abf7da76f19c165d0982d48279ba8ee9f33b2fb060491aa26517e39f2cb4d4ce7726b249f070aeefca6843a813026e45c6ddfccd1e0b8883a7170644c43b227a2a3c03cbd17b8f3dc0910685169ada487a72251eeb6e6a1dd5661294337cf4cee2d74fdfbe00ff6d07847e63880059bcd12951e8b649cca1dc6a355a7d2c26ef8cabd467b21d6bbe28b108b385ffff7304d96b03500c912efd2af7c45f81f5f2f0e3357ec7da616f81ead2f823a128696ec7dd65a6587e5ecb56a8fba1bdea28909da5e085e164b046310182fad711d4e46abaa61281c88c729810c615ce9636b5c96e4150e2fcec6c111469ba8b0c010963d4338fba8a8a080e384198e1410af15f7ee18e5396b721fc331860e072207da236b35dd94fa7dab288a114ea46e754f1d0b4bfa1a5b216706652e52c489e9a3a1cee8ab4fe5d416ac22c2649673715909c27f31684f6e103913bfd28e02fca507940b86405cebb8084d1c6532a5508b716070c67ba544a1593895f4cc1a8d075415feb69d50fb674c3a89b59f80032cdfa8d1181856817bb16f50bafd0e21aa656661bf3b6bfc207a7a645a8edc15ff1cb706b6292a3263ef5ad1479338f59058d08ce76dc801d8e11e280badd5a0c0dcf1c6285d95cc087e7f0dd823b6b7c353d22f1e7ed03c1461cc4c170e33cd06c45f17fe1af233cca638611449493d533f701d77163f6784202d995e17b797d4d2f0d87d05a00728e8fdda47c70ecf919a2a110371da3474580720e8eae934888cf84f1f1a5530baf815e7c16129732ec4af417c1be0970b845dbced563f00a86135bda35c525aa020f285116b00071858e6eacf7b124b635ff7b62410e8c27a4c76adcdec10f5180130e8c554d2d8038677650171a2f6c3da4c04e340b48df92cf41d08a499f680a2cd6ab099fcede2f8b1888aa052c7f2dffdb203e19fb1e2e6237e19b218740c89cce311ff168437500a6eec570780938c3291a19482656a8d53b19bde3d4148bf1a9f2ea67ae835df675662f27b5b6f5e2652d0471c81740acef306d9605b4ca09a2c4c0f3f8063b6fa5fe01109c5e348eb318074785771ab2cedc48d0f5e15b3a368ace5aea415aa2d566063f25571b7a218b9e95117aaf0a389284e763e448c88b49205392fe032ed206ca8e27fb1c65a72d125cc860913dabe714be1a2a85120066cad66d53dec9a30664bfdd33e25398199211b15fe0770cb243bee320e95e506be4617c3e5e6825342c769bc1da3127f8d34c922f60ed2727f5d9209fc28099ec86c29572fc7159f6ced79b0a2a2653100230a55f7a578e2f1d90f6301069ed04106de45b976f2aabe769ed17d59a53116b74fa2f598c0d1e9919ca8d9cc21265ebc218ab9808b094eebd9a48d8349cf3faeaaa7c8ddb07f6eb874f70cdfafe050de69c6e7da6c8d2f71d581d6c604f4bb29243e9d1bbcb0890b436cb43d1a33c4b96a08af4137135a8c8fe74034dcaf1581856f80077100", 0x2000, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}}}, 0x0, 0x0, 0x0, 0x0, 0x0})

2.571859093s ago: executing program 4 (id=1673):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, 0x0, &(0x7f0000000040)=""/72, 0x48, 0x0)
r4 = socket(0x10, 0x803, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x698c81, 0x0)
epoll_create1(0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x5, &(0x7f00000000c0)=@framed={{}, [@ldst={0x4}, @ldst={0x3, 0x0, 0x6, 0x0, 0xa, 0x0, 0xa1}]}, &(0x7f0000000000)='syzkaller\x00', 0x2, 0x93, &(0x7f0000000100)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x17, 0x10, 0x0, 0x0, 0x61e5cc96}, 0x22)
setpriority(0x1, r7, 0xffff)
write(r4, &(0x7f0000000180)="2600000022004701050007008980e8ff06006d20002b1f00c0e9ff060000000101c7033500", 0x25)
r8 = socket(0x2c, 0x3, 0x0)
sendmsg$nl_generic(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="186aa96978a55fedf6"], 0x18}}, 0x0)

304.492614ms ago: executing program 2 (id=1674):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = io_uring_setup(0x2e34, &(0x7f0000000180))
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, <r3=>0xffffffffffffffff})
read$FUSE(r3, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
pipe2(0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)

304.03139ms ago: executing program 4 (id=1675):
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, 0x0, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000000)='veth1_virt_wifi\x00', 0x10)
connect$inet6(r6, &(0x7f0000004540)={0xa, 0x0, 0x0, @dev}, 0x1c)
sendmmsg$inet6(r6, &(0x7f0000000100), 0x40000c4, 0x7ffffff7)

152.081116ms ago: executing program 1 (id=1676):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1802000001040000000000000000000095000000000000009cfae2b7933282efe00eea1c741a4ca3d4de835ca373fa"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe22}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000001c0), 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="670000000008ffffffffffffffff0000000000200000030000000000d730f4bd1e3a6e670ffccff9f424408f4277ed3e437305f5b9df0fe6a7218e49f7ebcaf03e9fef543f4a913f8b197be04c"], 0x1c}}, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00', 0x5})
bind$isdn_base(0xffffffffffffffff, &(0x7f0000000300)={0x22, 0x85, 0x2, 0x7, 0x8}, 0x6)
ioctl(r1, 0x8b32, &(0x7f0000000440)="c276698601010000000000002704ea64adb4f3015a3d4d848cbe03e523408c5f84fb893b7a7f387c9649995d8da1c98651a04cdddbd418b53c5a0fdb9d9890f6f3de3d4225d7b15969fc8118fd7a0aeedb9076f28a09810f8718a4a5eef4183cbefa9235bdbd527310bdfad3016c78e9530ce492c1609305c74a063b01fe0899807387a145bb790af2b9ef")
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18010000000000850000fa0d717b0595000000000000000000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='kmem_cache_free\x00'}, 0x10)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io(r2, &(0x7f00000011c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00f2010000000658206a8118ef00"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r2, 0x81, 0xee, &(0x7f00000006c0)="b9425b446512d23236973599b76c4705397f00466eb0ef01e208e7f49ad068c4ffce4c6b81fdb183acf730ddbf395346f7fd23f2e107b224e7ea1deb33c65c884689393c15d155a710eb972acd778cd33d3a8a9cf9000000003da8dd3898c315943f48ff06761880b65af57bfd7dea10c0dce889c610bdafcc160d7c453163670206007fcd28d20e282d7cc68ebcd3a55ba06daabdb5b6168158aea2d2282a4352edeeb08063fe2761a374c7000000000000ab1bfef70376eac0f39353b39851eaa5fb23ff14841cf4d1c270630347cd3d84471d69c55b82a1ccb4ce31ebb7f8b44400000000000000000000db78")
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040), 0xc, 0x0}, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
socket$inet_tcp(0x2, 0x1, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/stat\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)

0s ago: executing program 3 (id=1677):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000240), 0x4)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001280)='/proc/sysvipc/sem\x00', 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x280000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000004c0)=ANY=[@ANYRESDEC=r1, @ANYRES32=r0, @ANYRESHEX=r2, @ANYRES64=r5, @ANYBLOB="0a00060008021100000000001800508009000100e8e82ea940000000080007000100000004000b00"], 0x44}, 0x1, 0x0, 0x0, 0x48001}, 0x0)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r3, 0x4068aea3, &(0x7f0000000640)={0xbc, 0x0, 0x95985995879ec6bc})
r6 = semget$private(0x0, 0x4, 0x0)
read$hiddev(r1, &(0x7f0000001100)=""/234, 0xea)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
semctl$IPC_STAT(r6, 0x0, 0x2, &(0x7f0000000200)=""/5)
sendmsg$NFT_BATCH(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a0300000000000000f400010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000240000000001800038014000100626f6e64300000000000000000000000080001400000000048000000180a01010000000000000000010000000900020073797a30000000000900010073797a30000000001c000380140001"], 0xe8}}, 0x4)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={0x0}, 0x10)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x38)
syz_emit_ethernet(0xfdef, &(0x7f00000002c0)=ANY=[@ANYRESHEX=r0, @ANYRES8=r5], 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
close(r8)
r9 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000800)}, 0x0)
recvmsg$kcm(r9, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r8, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random='\\\x00\x00 \x00'})
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="20000052000100000000000000008215baab845751af9bdcd6a0e020000a000000090004007d5c28230000000000"], 0x20}}, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4055ab3c5dc63800b10f5fb5d14a", @ANYRES32, @ANYRESOCT=r10], 0x40}, 0x1, 0x0, 0x0, 0x4004004}, 0x0)
setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, &(0x7f0000000380)=0x101040, 0x4)

kernel console output (not intermixed with test programs):

romiscuous mode
[  560.062211][T10638] veth0_vlan: entered promiscuous mode
[  560.091472][T10638] veth1_vlan: entered promiscuous mode
[  560.179095][T10645] veth0_macvtap: entered promiscuous mode
[  560.229142][T10645] veth1_macvtap: entered promiscuous mode
[  560.276250][T10638] veth0_macvtap: entered promiscuous mode
[  560.338607][T10638] veth1_macvtap: entered promiscuous mode
[  560.442298][T10638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  560.463044][ T5257] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  560.483307][T10638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  560.518680][T10638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  560.535337][T10638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  560.546371][T10638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  560.560218][T10638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  560.585451][T10638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  560.596442][T10638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  560.609534][T10638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  560.620409][T10638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  560.639616][T10638] batman_adv: batadv0: Interface activated: batadv_slave_0
[  560.651310][T10645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  560.680716][T10932] Falling back ldisc for ttyS3.
[  560.695614][ T5257] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  560.707740][T10645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  560.726680][T10645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  560.745426][ T5257] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  560.762041][T10645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  560.789233][ T5257] usb 3-1: New USB device found, idVendor=056a, idProduct=033c, bcdDevice= 0.00
[  560.791963][T10645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  560.827870][T10645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  560.844073][ T5257] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  560.850027][T10645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  560.881233][ T5257] usb 3-1: config 0 descriptor??
[  560.901316][T10645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  560.938047][T10645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  560.972258][T10645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  560.999976][T10645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  561.032057][T10645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  561.070961][T10645] batman_adv: batadv0: Interface activated: batadv_slave_0
[  561.115472][ T5257] usbhid 3-1:0.0: can't add hid device: -71
[  561.135395][ T5257] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  561.146290][T10638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  561.159082][T10638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  561.185628][T10638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  561.221603][ T5257] usb 3-1: USB disconnect, device number 35
[  561.240858][T10638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  561.276978][T10638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  561.354167][T10638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  561.389678][T10638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  561.402502][T10638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  561.414901][T10638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  561.437887][T10638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  561.464354][T10638] batman_adv: batadv0: Interface activated: batadv_slave_1
[  561.484781][T10638] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  561.504363][T10638] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  561.522821][T10638] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  561.552737][T10638] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  561.619947][T10645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  561.657274][T10645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  561.683932][T10645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  561.704584][T10645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  561.726246][T10645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  561.737190][T10645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  561.770859][T10645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  561.962811][T10645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  561.975720][T10645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  561.992441][T10645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  562.144563][T10645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  562.359855][T10645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  562.405312][T10645] batman_adv: batadv0: Interface activated: batadv_slave_1
[  562.459259][T10645] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  562.519813][T10645] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  562.532445][T10645] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  562.572762][T10645] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  563.024144][T10977] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  563.128177][ T1260] ieee802154 phy0 wpan0: encryption failed: -22
[  563.135180][ T1260] ieee802154 phy1 wpan1: encryption failed: -22
[  563.842491][ T5683] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  563.874250][ T5680] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  563.899082][ T5683] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  563.911929][ T5680] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  564.092104][ T3033] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  564.158471][ T3033] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  564.206260][ T5668] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  564.264741][ T5668] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  565.242735][    T9] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  565.362992][ T5224] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0
[  565.374386][ T5224] Bluetooth: hci6: Injecting HCI hardware error event
[  565.382922][ T5224] Bluetooth: hci6: hardware error 0x00
[  565.454871][    T9] usb 1-1: Using ep0 maxpacket: 8
[  565.486317][    T9] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  565.525771][    T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  565.589383][    T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  565.654068][    T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  565.678338][    T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  565.695680][    T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  565.711551][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  565.843381][T11005] syz.3.1269 (11005) used greatest stack depth: 18544 bytes left
[  566.309317][    T9] usb 1-1: usb_control_msg returned -32
[  566.387821][    T9] usbtmc 1-1:16.0: can't read capabilities
[  566.703477][   T55] Bluetooth: hci6: unexpected event for opcode 0x1003
[  567.524919][ T5224] Bluetooth: hci6: Opcode 0x0c03 failed: -110
[  567.662748][ T5304] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  567.863949][ T5304] usb 3-1: Using ep0 maxpacket: 8
[  567.893485][ T5304] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  567.942841][ T5304] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  567.987562][ T1864] usb 1-1: USB disconnect, device number 26
[  567.993859][ T5304] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  568.033437][ T5304] usb 3-1: New USB device found, idVendor=05ac, idProduct=0274, bcdDevice= 0.00
[  568.042714][ T5304] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  568.107630][ T5304] usb 3-1: config 0 descriptor??
[  568.195018][T11082] netlink: 209840 bytes leftover after parsing attributes in process `syz.4.1319'.
[  568.332839][T11082] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1319'.
[  568.567915][ T5304] apple 0003:05AC:0274.000F: item fetching failed at offset 6/70
[  568.629710][T11086] bridge_slave_1: left allmulticast mode
[  568.633360][ T5304] apple 0003:05AC:0274.000F: parse failed
[  568.646732][ T5304] apple 0003:05AC:0274.000F: probe with driver apple failed with error -22
[  568.663306][T11086] bridge_slave_1: left promiscuous mode
[  568.697508][T11086] bridge0: port 2(bridge_slave_1) entered disabled state
[  568.867228][ T5304] usb 3-1: USB disconnect, device number 36
[  569.081604][T11102] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  570.365852][T11105] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  570.931783][T11127] FAULT_INJECTION: forcing a failure.
[  570.931783][T11127] name failslab, interval 1, probability 0, space 0, times 0
[  570.959557][T11127] CPU: 1 UID: 0 PID: 11127 Comm: syz.2.1330 Not tainted 6.11.0-rc4-syzkaller-00002-gb0da640826ba #0
[  570.970369][T11127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  570.980438][T11127] Call Trace:
[  570.983730][T11127]  <TASK>
[  570.986666][T11127]  dump_stack_lvl+0x241/0x360
[  570.991363][T11127]  ? __pfx_dump_stack_lvl+0x10/0x10
[  570.996574][T11127]  ? __pfx__printk+0x10/0x10
[  571.001236][T11127]  ? __kmalloc_noprof+0xb0/0x400
[  571.006194][T11127]  ? __pfx___might_resched+0x10/0x10
[  571.011498][T11127]  ? __lock_acquire+0x137a/0x2040
[  571.016634][T11127]  should_fail_ex+0x3b0/0x4e0
[  571.021346][T11127]  ? ip_options_get+0x9c/0x570
[  571.026169][T11127]  should_failslab+0xac/0x100
[  571.030859][T11127]  ? ip_options_get+0x9c/0x570
[  571.035636][T11127]  __kmalloc_noprof+0xd8/0x400
[  571.040421][T11127]  ip_options_get+0x9c/0x570
[  571.045028][T11127]  ? __pfx_lock_acquire+0x10/0x10
[  571.050081][T11127]  ? __pfx_ip_options_get+0x10/0x10
[  571.055321][T11127]  ? ip4_string+0xd5/0xb90
[  571.059758][T11127]  ? __pfx_lock_release+0x10/0x10
[  571.064821][T11127]  ip_cmsg_send+0x4cf/0xa80
[  571.069357][T11127]  raw_sendmsg+0x615/0x2490
[  571.073915][T11127]  ? __pfx_raw_sendmsg+0x10/0x10
[  571.078918][T11127]  ? iovec_from_user+0x61/0x240
[  571.083796][T11127]  ? __pfx_lock_release+0x10/0x10
[  571.088841][T11127]  ? inet_sendmsg+0x330/0x390
[  571.093535][T11127]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  571.098832][T11127]  ? security_socket_sendmsg+0x87/0xb0
[  571.104314][T11127]  __sock_sendmsg+0x1a6/0x270
[  571.109014][T11127]  ____sys_sendmsg+0x525/0x7d0
[  571.113809][T11127]  ? __pfx_____sys_sendmsg+0x10/0x10
[  571.119134][T11127]  __sys_sendmmsg+0x3b2/0x740
[  571.123842][T11127]  ? __pfx___sys_sendmmsg+0x10/0x10
[  571.129103][T11127]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  571.135018][T11127]  ? ksys_write+0x23e/0x2c0
[  571.139535][T11127]  ? __pfx_lock_release+0x10/0x10
[  571.144585][T11127]  ? vfs_write+0x7c4/0xc90
[  571.149018][T11127]  ? __mutex_unlock_slowpath+0x21d/0x750
[  571.154662][T11127]  ? __pfx_vfs_write+0x10/0x10
[  571.159461][T11127]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  571.165459][T11127]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  571.171806][T11127]  ? do_syscall_64+0x100/0x230
[  571.176587][T11127]  __x64_sys_sendmmsg+0xa0/0xb0
[  571.181459][T11127]  do_syscall_64+0xf3/0x230
[  571.185976][T11127]  ? clear_bhb_loop+0x35/0x90
[  571.190666][T11127]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  571.196575][T11127] RIP: 0033:0x7f82f8979e79
[  571.201001][T11127] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  571.220631][T11127] RSP: 002b:00007f82f9727038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  571.229076][T11127] RAX: ffffffffffffffda RBX: 00007f82f8b15f80 RCX: 00007f82f8979e79
[  571.237066][T11127] RDX: 0000000000000001 RSI: 0000000020001880 RDI: 0000000000000003
[  571.245058][T11127] RBP: 00007f82f9727090 R08: 0000000000000000 R09: 0000000000000000
[  571.253052][T11127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  571.261043][T11127] R13: 0000000000000000 R14: 00007f82f8b15f80 R15: 00007fff6c66a968
[  571.269057][T11127]  </TASK>
[  571.409333][T11134] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1333'.
[  571.469772][T11134] overlayfs: conflicting lowerdir path
[  571.803776][T11145] input: syz1 as /devices/virtual/input/input13
[  572.271936][T11153] Falling back ldisc for ttyS3.
[  572.774936][ T1864] hid (null): unknown global tag 0xe
[  572.797752][ T1864] hid-generic 0000:0000:0000.0010: unknown global tag 0xe
[  572.805263][ T1864] hid-generic 0000:0000:0000.0010: item 0 1 1 14 parsing failed
[  572.813744][ T1864] hid-generic 0000:0000:0000.0010: probe with driver hid-generic failed with error -22
[  573.893407][ T1864] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  573.992766][ T5217] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  574.083035][   T25] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  574.104707][ T1864] usb 5-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  574.120445][ T1864] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  574.143894][ T1864] usb 5-1: config 0 descriptor??
[  574.192872][ T5217] usb 2-1: Using ep0 maxpacket: 32
[  574.218291][ T5217] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  574.251362][ T5217] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  574.282742][   T25] usb 3-1: Using ep0 maxpacket: 32
[  574.282867][ T5217] usb 2-1: Product: syz
[  574.292111][ T5217] usb 2-1: Manufacturer: syz
[  574.299437][   T25] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64
[  574.320735][   T25] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32
[  574.338696][ T5217] usb 2-1: SerialNumber: syz
[  574.353849][ T5217] usb 2-1: config 0 descriptor??
[  574.365843][   T25] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  574.369340][ T5217] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  574.386864][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  574.522666][   T25] usb 3-1: Product: syz
[  574.526935][   T25] usb 3-1: Manufacturer: syz
[  574.531575][   T25] usb 3-1: SerialNumber: syz
[  574.776131][T11181] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1348'.
[  574.796483][ T1864] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  574.844397][T11194] netlink: 'syz.2.1349': attribute type 7 has an invalid length.
[  574.852457][ T1864] asix 5-1:0.0: probe with driver asix failed with error -71
[  574.862833][T11194] netlink: 'syz.2.1349': attribute type 6 has an invalid length.
[  574.893673][ T1864] usb 5-1: USB disconnect, device number 22
[  574.960150][   T25] cdc_ncm 3-1:1.0: bind() failure
[  574.989184][   T25] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  575.013066][   T25] cdc_ncm 3-1:1.1: bind() failure
[  575.040556][   T25] usb 3-1: USB disconnect, device number 37
[  575.235289][ T5217] gspca_stk1135: reg_w 0x5 err -71
[  575.241495][ T5217] gspca_stk1135: serial bus timeout: status=0x00
[  575.259002][ T5217] gspca_stk1135: Sensor write failed
[  575.274840][ T5217] gspca_stk1135: serial bus timeout: status=0x00
[  575.288456][ T5217] gspca_stk1135: Sensor write failed
[  575.315373][ T5217] gspca_stk1135: serial bus timeout: status=0x00
[  575.342707][ T5217] gspca_stk1135: Sensor read failed
[  575.348103][ T5217] gspca_stk1135: serial bus timeout: status=0x00
[  575.366909][ T5217] gspca_stk1135: Sensor read failed
[  575.383453][ T5217] gspca_stk1135: Detected sensor type unknown (0x0)
[  575.390102][ T5217] gspca_stk1135: serial bus timeout: status=0x00
[  575.422706][ T5217] gspca_stk1135: Sensor read failed
[  575.428001][ T5217] gspca_stk1135: serial bus timeout: status=0x00
[  575.461957][ T5217] gspca_stk1135: Sensor read failed
[  575.488517][ T5217] gspca_stk1135: serial bus timeout: status=0x00
[  575.515600][ T5217] gspca_stk1135: Sensor write failed
[  575.520932][ T5217] gspca_stk1135: serial bus timeout: status=0x00
[  575.566505][ T5217] gspca_stk1135: Sensor write failed
[  575.595945][ T5217] stk1135 2-1:0.0: probe with driver stk1135 failed with error -71
[  575.647161][ T5217] usb 2-1: USB disconnect, device number 32
[  575.936965][T11214] Falling back ldisc for ttyS3.
[  578.824175][T11243] can0: slcan on ttyS3.
[  579.902790][ T5269] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  580.032942][    T9] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  580.096182][ T5269] usb 4-1: Using ep0 maxpacket: 32
[  580.140684][ T5269] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  580.158477][ T5269] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  580.169005][ T5269] usb 4-1: Product: syz
[  580.173746][ T5269] usb 4-1: Manufacturer: syz
[  580.178485][ T5269] usb 4-1: SerialNumber: syz
[  580.186549][ T5269] usb 4-1: config 0 descriptor??
[  580.204797][ T5269] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  580.222859][T11236] can0 (unregistered): slcan off ttyS3.
[  580.234560][    T9] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  580.273633][    T9] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  580.293290][    T9] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  580.349501][    T9] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  580.369897][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  580.456615][    T9] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  580.633636][T11249] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1367'.
[  580.861855][    T9] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -2
[  580.946972][T11286] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  581.353797][ T5269] gspca_stk1135: reg_w 0x3 err -110
[  581.360354][ T5269] gspca_stk1135: serial bus timeout: status=0x00
[  581.573558][ T5269] gspca_stk1135: Sensor write failed
[  581.578869][ T5269] gspca_stk1135: serial bus timeout: status=0x00
[  581.597126][T11287] vivid-000: disconnect
[  581.601390][ T5269] gspca_stk1135: Sensor write failed
[  581.611922][T11286] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  581.633902][ T5269] gspca_stk1135: serial bus timeout: status=0x00
[  581.644854][ T5269] gspca_stk1135: Sensor read failed
[  581.657151][T11287] vivid-000: reconnect
[  581.668875][ T5269] gspca_stk1135: serial bus timeout: status=0x00
[  581.676302][ T5269] gspca_stk1135: Sensor read failed
[  581.682120][ T5269] gspca_stk1135: Detected sensor type unknown (0x0)
[  581.689869][ T5269] gspca_stk1135: serial bus timeout: status=0x00
[  581.698111][ T5269] gspca_stk1135: Sensor read failed
[  581.704581][ T5269] gspca_stk1135: serial bus timeout: status=0x00
[  581.711027][ T5269] gspca_stk1135: Sensor read failed
[  581.724825][ T5269] gspca_stk1135: serial bus timeout: status=0x00
[  581.736384][ T5269] gspca_stk1135: Sensor write failed
[  581.741892][ T5269] gspca_stk1135: serial bus timeout: status=0x00
[  581.761264][ T5269] gspca_stk1135: Sensor write failed
[  581.768692][ T5269] stk1135 4-1:0.0: probe with driver stk1135 failed with error -110
[  581.821638][T11291] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1374'.
[  582.004023][T11301] xt_CT: You must specify a L4 protocol and not use inversions on it
[  582.086578][T11301] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1377'.
[  582.136725][ T5297] IPVS: starting estimator thread 0...
[  582.212803][    T9] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  582.243036][T11309] IPVS: using max 24 ests per chain, 57600 per kthread
[  582.415882][    T9] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  582.432758][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  582.478859][    T9] usb 5-1: config 0 descriptor??
[  582.511434][    T9] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  582.695187][ T5269] usb 2-1: USB disconnect, device number 33
[  582.834524][T11322] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1379'.
[  582.989594][    T9] gspca_stv06xx: I2C: Read error writing address: -71
[  583.036809][    T9] usb 5-1: USB disconnect, device number 23
[  583.069260][ T5217] usb 4-1: USB disconnect, device number 30
[  583.356187][T11338] can0: slcan on ttyS3.
[  583.937229][T11355] tmpfs: Unknown parameter 'usrquotaH'
[  584.822975][T11334] can0 (unregistered): slcan off ttyS3.
[  586.648114][T11403] ip6_tunnel: non-ECT from 0000:0000:0000:0000:0000:ffff:0000:0000 with DS=0xd
[  586.864233][T11409] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1390'.
[  586.942147][T11409] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1390'.
[  586.995362][T11409] bridge0: entered promiscuous mode
[  587.043625][T11409] batadv_slave_1: entered promiscuous mode
[  587.197133][T11424] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1394'.
[  587.528565][T11436] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1398'.
[  587.916036][ T5297] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  588.058744][T11451] can0: slcan on ttyS3.
[  588.115041][ T5297] usb 3-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  588.191057][ T5297] usb 3-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0x51, changing to 0x1
[  588.224723][T11453] can0 (unregistered): slcan off ttyS3.
[  588.240477][ T5297] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  588.259186][T11457] Falling back ldisc for ttyS3.
[  588.289422][ T5297] usb 3-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 101
[  588.354337][T11459] Falling back ldisc for ttyS3.
[  588.400289][ T5297] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  588.435710][ T5297] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  589.645974][ T5297] ath6kl: Failed to submit usb control message: -110
[  589.653226][ T5297] ath6kl: unable to send the bmi data to the device: -110
[  589.661189][ T5297] ath6kl: Unable to send get target info: -110
[  590.167242][ T5297] ath6kl: Failed to init ath6kl core: -110
[  590.175812][ T5297] ath6kl_usb 3-1:4.0: probe with driver ath6kl_usb failed with error -110
[  594.050150][ T5269] usb 3-1: USB disconnect, device number 38
[  594.669153][T11485] netlink: 'syz.2.1407': attribute type 1 has an invalid length.
[  594.677006][T11485] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.1407'.
[  594.724855][T11485] mkiss: ax0: crc mode is auto.
[  595.244406][T11492] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  595.317565][T11494] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  597.012836][T11509] Falling back ldisc for ttyS3.
[  597.141982][T11505] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1412'.
[  599.184729][   T55] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  599.194805][   T55] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  599.233926][T11530] FAULT_INJECTION: forcing a failure.
[  599.233926][T11530] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  599.241959][T11532] bridge0: port 1(bridge_slave_0) entered blocking state
[  599.254153][T11532] bridge0: port 1(bridge_slave_0) entered forwarding state
[  599.263913][   T55] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  599.276479][   T55] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  599.314313][   T55] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  599.321660][   T55] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  599.342850][T11530] CPU: 0 UID: 0 PID: 11530 Comm: syz.3.1418 Not tainted 6.11.0-rc4-syzkaller-00002-gb0da640826ba #0
[  599.353619][T11530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  599.363668][T11530] Call Trace:
[  599.366934][T11530]  <TASK>
[  599.369858][T11530]  dump_stack_lvl+0x241/0x360
[  599.374528][T11530]  ? __pfx_dump_stack_lvl+0x10/0x10
[  599.379748][T11530]  ? __pfx__printk+0x10/0x10
[  599.384354][T11530]  ? __pfx_lock_release+0x10/0x10
[  599.389386][T11530]  ? vfs_write+0x7c4/0xc90
[  599.393787][T11530]  should_fail_ex+0x3b0/0x4e0
[  599.398478][T11530]  _copy_from_user+0x2f/0xe0
[  599.403059][T11530]  __sys_bpf+0x1a4/0x810
[  599.407289][T11530]  ? __pfx___sys_bpf+0x10/0x10
[  599.412080][T11530]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  599.418071][T11530]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  599.424393][T11530]  ? do_syscall_64+0x100/0x230
[  599.429157][T11530]  __x64_sys_bpf+0x7c/0x90
[  599.433577][T11530]  do_syscall_64+0xf3/0x230
[  599.438085][T11530]  ? clear_bhb_loop+0x35/0x90
[  599.442764][T11530]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  599.448653][T11530] RIP: 0033:0x7fca98979e79
[  599.453099][T11530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  599.472706][T11530] RSP: 002b:00007fca99740038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  599.481116][T11530] RAX: ffffffffffffffda RBX: 00007fca98b15f80 RCX: 00007fca98979e79
[  599.489081][T11530] RDX: 0000000000000050 RSI: 0000000020001240 RDI: 000000000000000a
[  599.497045][T11530] RBP: 00007fca99740090 R08: 0000000000000000 R09: 0000000000000000
[  599.505006][T11530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  599.512967][T11530] R13: 0000000000000000 R14: 00007fca98b15f80 R15: 00007ffcd378d6a8
[  599.520945][T11530]  </TASK>
[  599.541731][T11532] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1421'.
[  599.749716][T11539] kAFS: No cell specified
[  600.032712][   T25] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  600.208796][T11527] chnl_net:caif_netlink_parms(): no params data found
[  600.215749][   T25] usb 4-1: Using ep0 maxpacket: 32
[  600.250288][   T25] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  600.276289][   T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  600.294714][T11546] overlay: ./file0 is not a directory
[  600.333221][   T25] usb 4-1: Product: syz
[  600.358101][   T25] usb 4-1: Manufacturer: syz
[  600.392649][   T25] usb 4-1: SerialNumber: syz
[  600.414419][   T25] usb 4-1: config 0 descriptor??
[  600.425994][   T25] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  600.691745][T11527] bridge0: port 1(bridge_slave_0) entered blocking state
[  600.714011][T11527] bridge0: port 1(bridge_slave_0) entered disabled state
[  600.734697][T11527] bridge_slave_0: entered allmulticast mode
[  600.826031][T11540] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1422'.
[  600.858334][T11527] bridge_slave_0: entered promiscuous mode
[  600.954475][T11527] bridge0: port 2(bridge_slave_1) entered blocking state
[  600.961710][T11527] bridge0: port 2(bridge_slave_1) entered disabled state
[  601.012385][T11527] bridge_slave_1: entered allmulticast mode
[  601.054706][T11527] bridge_slave_1: entered promiscuous mode
[  601.196954][T11561] FAULT_INJECTION: forcing a failure.
[  601.196954][T11561] name failslab, interval 1, probability 0, space 0, times 0
[  601.293945][T11527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  601.312780][T11561] CPU: 1 UID: 0 PID: 11561 Comm: syz.4.1427 Not tainted 6.11.0-rc4-syzkaller-00002-gb0da640826ba #0
[  601.323565][T11561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  601.333615][T11561] Call Trace:
[  601.336885][T11561]  <TASK>
[  601.339807][T11561]  dump_stack_lvl+0x241/0x360
[  601.344483][T11561]  ? __pfx_dump_stack_lvl+0x10/0x10
[  601.349673][T11561]  ? __pfx__printk+0x10/0x10
[  601.354262][T11561]  ? fs_reclaim_acquire+0x93/0x140
[  601.359364][T11561]  ? __pfx___might_resched+0x10/0x10
[  601.364645][T11561]  should_fail_ex+0x3b0/0x4e0
[  601.369315][T11561]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  601.375036][T11561]  should_failslab+0xac/0x100
[  601.379706][T11561]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  601.385423][T11561]  __kmalloc_noprof+0xd8/0x400
[  601.390179][T11561]  ? kfree+0x4e/0x360
[  601.394158][T11561]  tomoyo_realpath_from_path+0xcf/0x5e0
[  601.399709][T11561]  tomoyo_path_number_perm+0x23a/0x880
[  601.405164][T11561]  ? tomoyo_path_number_perm+0x208/0x880
[  601.410793][T11561]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  601.416804][T11561]  ? __fget_files+0x29/0x470
[  601.421390][T11561]  ? __fget_files+0x3f6/0x470
[  601.426059][T11561]  ? __fget_files+0x29/0x470
[  601.430645][T11561]  security_file_ioctl+0x75/0xb0
[  601.435582][T11561]  __se_sys_ioctl+0x47/0x170
[  601.440172][T11561]  do_syscall_64+0xf3/0x230
[  601.444666][T11561]  ? clear_bhb_loop+0x35/0x90
[  601.449339][T11561]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  601.455223][T11561] RIP: 0033:0x7f8e74979e79
[  601.459627][T11561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  601.479223][T11561] RSP: 002b:00007f8e756a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  601.487629][T11561] RAX: ffffffffffffffda RBX: 00007f8e74b15f80 RCX: 00007f8e74979e79
[  601.495591][T11561] RDX: 0000000020000080 RSI: 00000000c0145401 RDI: 0000000000000003
[  601.503553][T11561] RBP: 00007f8e756a0090 R08: 0000000000000000 R09: 0000000000000000
[  601.511516][T11561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  601.519488][T11561] R13: 0000000000000000 R14: 00007f8e74b15f80 R15: 00007ffe1def9d98
[  601.527479][T11561]  </TASK>
[  601.536574][   T55] Bluetooth: hci7: command tx timeout
[  601.543811][T11561] ERROR: Out of memory at tomoyo_realpath_from_path.
[  601.550646][   T25] gspca_stk1135: reg_w 0x5 err -71
[  601.557222][   T25] gspca_stk1135: serial bus timeout: status=0x00
[  601.563603][   T25] gspca_stk1135: Sensor write failed
[  601.568916][   T25] gspca_stk1135: serial bus timeout: status=0x00
[  601.582949][   T25] gspca_stk1135: Sensor write failed
[  601.588275][   T25] gspca_stk1135: serial bus timeout: status=0x00
[  601.594656][   T25] gspca_stk1135: Sensor read failed
[  601.599873][   T25] gspca_stk1135: serial bus timeout: status=0x00
[  601.606385][   T25] gspca_stk1135: Sensor read failed
[  601.611584][   T25] gspca_stk1135: Detected sensor type unknown (0x0)
[  601.619457][   T25] gspca_stk1135: serial bus timeout: status=0x00
[  601.625831][   T25] gspca_stk1135: Sensor read failed
[  601.631027][   T25] gspca_stk1135: serial bus timeout: status=0x00
[  601.637446][   T25] gspca_stk1135: Sensor read failed
[  601.643957][   T25] gspca_stk1135: serial bus timeout: status=0x00
[  601.650336][   T25] gspca_stk1135: Sensor write failed
[  601.655895][   T25] gspca_stk1135: serial bus timeout: status=0x00
[  601.656244][T11527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  601.662214][   T25] gspca_stk1135: Sensor write failed
[  601.662287][   T25] stk1135 4-1:0.0: probe with driver stk1135 failed with error -71
[  601.701402][   T25] usb 4-1: USB disconnect, device number 31
[  601.893903][T11559] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1426'.
[  603.055078][ T5691] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  603.583602][T11527] team0: Port device team_slave_0 added
[  603.612842][   T55] Bluetooth: hci7: command tx timeout
[  603.620542][T11574] Falling back ldisc for ttyS3.
[  603.627240][T11577] input: syz0 as /devices/virtual/input/input14
[  603.644483][T11527] team0: Port device team_slave_1 added
[  603.727309][T11577] FAULT_INJECTION: forcing a failure.
[  603.727309][T11577] name failslab, interval 1, probability 0, space 0, times 0
[  603.780265][T11577] CPU: 0 UID: 0 PID: 11577 Comm: syz.3.1431 Not tainted 6.11.0-rc4-syzkaller-00002-gb0da640826ba #0
[  603.791054][T11577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  603.801144][T11577] Call Trace:
[  603.804435][T11577]  <TASK>
[  603.807376][T11577]  dump_stack_lvl+0x241/0x360
[  603.812076][T11577]  ? __pfx_dump_stack_lvl+0x10/0x10
[  603.817290][T11577]  ? __pfx__printk+0x10/0x10
[  603.821905][T11577]  ? fs_reclaim_acquire+0x93/0x140
[  603.827034][T11577]  ? __pfx___might_resched+0x10/0x10
[  603.832342][T11577]  should_fail_ex+0x3b0/0x4e0
[  603.837043][T11577]  should_failslab+0xac/0x100
[  603.841739][T11577]  __kmalloc_node_track_caller_noprof+0xda/0x440
[  603.848081][T11577]  ? kasprintf+0xd5/0x120
[  603.852436][T11577]  kvasprintf+0xdf/0x190
[  603.856706][T11577]  ? __pfx_kvasprintf+0x10/0x10
[  603.861572][T11577]  ? __fput+0x24a/0x8a0
[  603.865760][T11577]  kasprintf+0xd5/0x120
[  603.869947][T11577]  ? __pfx_kasprintf+0x10/0x10
[  603.874742][T11577]  ? __pfx_input_devnode+0x10/0x10
[  603.879878][T11577]  device_get_devnode+0x193/0x2f0
[  603.884927][T11577]  devtmpfs_delete_node+0xed/0x300
[  603.890062][T11577]  ? __pfx_devtmpfs_delete_node+0x10/0x10
[  603.895857][T11577]  ? do_raw_spin_unlock+0x13c/0x8b0
[  603.901072][T11577]  ? klist_dec_and_del+0x39c/0x3f0
[  603.906200][T11577]  ? _raw_spin_unlock+0x28/0x50
[  603.911070][T11577]  ? klist_del+0xc8/0x110
[  603.915424][T11577]  device_del+0x332/0x9b0
[  603.919782][T11577]  ? __pfx_device_del+0x10/0x10
[  603.924653][T11577]  ? __pfx___mutex_lock+0x10/0x10
[  603.929702][T11577]  ? kobject_put+0x446/0x480
[  603.934310][T11577]  cdev_device_del+0x26/0xf0
[  603.938926][T11577]  mousedev_disconnect+0x21c/0x300
[  603.944057][T11577]  __input_unregister_device+0x373/0x620
[  603.949716][T11577]  input_unregister_device+0xa3/0x100
[  603.955108][T11577]  uinput_destroy_device+0x6d1/0x8f0
[  603.960421][T11577]  uinput_release+0x3e/0x50
[  603.964935][T11577]  ? __pfx_uinput_release+0x10/0x10
[  603.970163][T11577]  __fput+0x24a/0x8a0
[  603.974181][T11577]  task_work_run+0x24f/0x310
[  603.978823][T11577]  ? __pfx_task_work_run+0x10/0x10
[  603.983955][T11577]  ? syscall_exit_to_user_mode+0xa3/0x370
[  603.989698][T11577]  syscall_exit_to_user_mode+0x168/0x370
[  603.995356][T11577]  do_syscall_64+0x100/0x230
[  603.999957][T11577]  ? clear_bhb_loop+0x35/0x90
[  604.004654][T11577]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  604.010535][T11577] RIP: 0033:0x7fca98979e79
[  604.014934][T11577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  604.034541][T11577] RSP: 002b:00007fca99740038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  604.042969][T11577] RAX: 0000000000000000 RBX: 00007fca98b15f80 RCX: 00007fca98979e79
[  604.050943][T11577] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000003
[  604.058902][T11577] RBP: 00007fca99740090 R08: 0000000000000000 R09: 0000000000000000
[  604.066860][T11577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  604.074823][T11577] R13: 0000000000000000 R14: 00007fca98b15f80 R15: 00007ffcd378d6a8
[  604.082810][T11577]  </TASK>
[  604.109764][T11580] input: syz0 as /devices/virtual/input/input15
[  604.170300][T11579] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1432'.
[  604.190793][T11527] batman_adv: batadv0: Adding interface: batadv_slave_0
[  604.207809][T11527] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  604.246032][T11527] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  604.272264][T11527] batman_adv: batadv0: Adding interface: batadv_slave_1
[  604.309244][T11527] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  604.462728][T11527] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  604.566837][T11586] fuse: Bad value for 'user_id'
[  604.571753][T11586] fuse: Bad value for 'user_id'
[  604.658251][T11586] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1435'.
[  604.684046][T11586] openvswitch: netlink: Key type 4112 is out of range max 32
[  604.763718][T11527] hsr_slave_0: entered promiscuous mode
[  604.801943][T11527] hsr_slave_1: entered promiscuous mode
[  604.841711][T11527] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  604.850478][T11527] Cannot create hsr debugfs directory
[  604.983580][ T5269] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  606.048166][ T5269] usb 5-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  606.063778][ T5224] Bluetooth: hci7: command tx timeout
[  606.071895][ T5269] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  606.120849][ T5269] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  606.202752][ T5269] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  606.228269][ T5269] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  606.240175][T11387] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  606.275182][T11593] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  606.467175][T11387] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  606.725103][T11611] overlay: ./file0 is not a directory
[  606.726455][T11387] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.162843][   T25] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  607.765135][T11387] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.797070][T11622] Falling back ldisc for ttyS3.
[  607.831419][   T25] usb 4-1: Using ep0 maxpacket: 32
[  607.848611][   T25] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  607.872630][   T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  607.895741][   T25] usb 4-1: Product: syz
[  607.909445][   T25] usb 4-1: Manufacturer: syz
[  607.926663][   T25] usb 4-1: SerialNumber: syz
[  607.942306][   T25] usb 4-1: config 0 descriptor??
[  607.951060][   T25] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  608.083297][   T55] Bluetooth: hci7: command tx timeout
[  608.089455][T11387] bridge_slave_1: left allmulticast mode
[  608.127312][T11387] bridge_slave_1: left promiscuous mode
[  608.137047][T11387] bridge0: port 2(bridge_slave_1) entered disabled state
[  608.150853][T11387] bridge_slave_0: left allmulticast mode
[  608.164706][T11387] bridge_slave_0: left promiscuous mode
[  608.171972][T11387] bridge0: port 1(bridge_slave_0) entered disabled state
[  608.366931][T11604] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1440'.
[  608.535752][ T5269] aiptek 5-1:17.0: Aiptek using 400 ms programming speed
[  608.563680][ T5269] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input16
[  608.642001][T11387] bridge0 (unregistering): left promiscuous mode
[  609.013226][   T25] gspca_stk1135: reg_w 0x3 err -110
[  609.024659][   T25] gspca_stk1135: serial bus timeout: status=0x00
[  609.042760][   T25] gspca_stk1135: Sensor write failed
[  609.050906][   T25] gspca_stk1135: serial bus timeout: status=0x00
[  609.066130][T11387] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  609.072830][   T25] gspca_stk1135: Sensor write failed
[  609.080324][   T25] gspca_stk1135: serial bus timeout: status=0x00
[  609.087691][   T25] gspca_stk1135: Sensor read failed
[  609.098528][   T25] gspca_stk1135: serial bus timeout: status=0x00
[  609.105706][T11387] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  609.105857][   T25] gspca_stk1135: Sensor read failed
[  609.121564][   T25] gspca_stk1135: Detected sensor type unknown (0x0)
[  609.129241][   T25] gspca_stk1135: serial bus timeout: status=0x00
[  609.136823][   T25] gspca_stk1135: Sensor read failed
[  609.142331][   T25] gspca_stk1135: serial bus timeout: status=0x00
[  609.144452][T11387] bond0 (unregistering): Released all slaves
[  609.150569][   T25] gspca_stk1135: Sensor read failed
[  609.161046][   T25] gspca_stk1135: serial bus timeout: status=0x00
[  609.170064][   T25] gspca_stk1135: Sensor write failed
[  609.178122][   T25] gspca_stk1135: serial bus timeout: status=0x00
[  609.185871][   T25] gspca_stk1135: Sensor write failed
[  609.214639][   T25] stk1135 4-1:0.0: probe with driver stk1135 failed with error -110
[  609.295207][T11624] netlink: 'syz.3.1440': attribute type 10 has an invalid length.
[  609.324241][T11624] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1440'.
[  609.356614][T11624] team0: entered promiscuous mode
[  609.361698][T11624] team_slave_0: entered promiscuous mode
[  609.368772][T11624] team_slave_1: entered promiscuous mode
[  609.377744][T11624] team0: entered allmulticast mode
[  609.383302][T11624] team_slave_0: entered allmulticast mode
[  609.389128][T11624] team_slave_1: entered allmulticast mode
[  609.396136][T11624] bridge0: port 3(team0) entered blocking state
[  609.410401][T11624] bridge0: port 3(team0) entered disabled state
[  609.420427][T11624] bridge0: port 3(team0) entered blocking state
[  609.426856][T11624] bridge0: port 3(team0) entered forwarding state
[  609.441539][T11627] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1444'.
[  609.453574][   T59] usb 4-1: USB disconnect, device number 32
[  609.875279][T11641] vivid-000: disconnect
[  609.892296][T11641] vivid-000: reconnect
[  610.055900][T11643] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  610.123959][T11387] batadv_slave_1: left promiscuous mode
[  610.200614][T11387] hsr_slave_0: left promiscuous mode
[  610.270756][T11387] hsr_slave_1: left promiscuous mode
[  610.471707][T11387] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  610.716201][T11387] batman_adv: batadv0: Removing interface: batadv_slave_0
[  611.172568][T11651] FAULT_INJECTION: forcing a failure.
[  611.172568][T11651] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  611.175453][T11387] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  611.223048][T11651] CPU: 1 UID: 0 PID: 11651 Comm: syz.3.1450 Not tainted 6.11.0-rc4-syzkaller-00002-gb0da640826ba #0
[  611.233864][T11651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  611.244568][T11651] Call Trace:
[  611.247862][T11651]  <TASK>
[  611.250812][T11651]  dump_stack_lvl+0x241/0x360
[  611.255525][T11651]  ? __pfx_dump_stack_lvl+0x10/0x10
[  611.260783][T11651]  ? __pfx__printk+0x10/0x10
[  611.265415][T11651]  ? snprintf+0xda/0x120
[  611.269683][T11651]  should_fail_ex+0x3b0/0x4e0
[  611.274385][T11651]  _copy_to_user+0x2f/0xb0
[  611.278876][T11651]  simple_read_from_buffer+0xca/0x150
[  611.283070][T11387] batman_adv: batadv0: Removing interface: batadv_slave_1
[  611.284261][T11651]  proc_fail_nth_read+0x1ec/0x260
[  611.296409][T11651]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  611.301983][T11651]  ? rw_verify_area+0x520/0x6b0
[  611.306869][T11651]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  611.312446][T11651]  vfs_read+0x204/0xbc0
[  611.316619][T11651]  ? __pfx_lock_release+0x10/0x10
[  611.321674][T11651]  ? __pfx_vfs_read+0x10/0x10
[  611.326524][T11651]  ? _raw_spin_lock_irq+0xdf/0x120
[  611.331647][T11651]  ? __fget_files+0x29/0x470
[  611.336245][T11651]  ? __fget_files+0x3f6/0x470
[  611.340932][T11651]  ksys_read+0x1a0/0x2c0
[  611.345182][T11651]  ? __pfx_ksys_read+0x10/0x10
[  611.349966][T11651]  ? do_syscall_64+0x100/0x230
[  611.354726][T11651]  ? do_syscall_64+0xb6/0x230
[  611.359401][T11651]  do_syscall_64+0xf3/0x230
[  611.363902][T11651]  ? clear_bhb_loop+0x35/0x90
[  611.368575][T11651]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  611.374459][T11651] RIP: 0033:0x7fca989788bc
[  611.378864][T11651] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  611.398462][T11651] RSP: 002b:00007fca99740030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  611.406885][T11651] RAX: ffffffffffffffda RBX: 00007fca98b15f80 RCX: 00007fca989788bc
[  611.414847][T11651] RDX: 000000000000000f RSI: 00007fca997400a0 RDI: 0000000000000003
[  611.422807][T11651] RBP: 00007fca99740090 R08: 0000000000000000 R09: 0000000000000000
[  611.430765][T11651] R10: 00000000200003c0 R11: 0000000000000246 R12: 0000000000000001
[  611.438723][T11651] R13: 0000000000000000 R14: 00007fca98b15f80 R15: 00007ffcd378d6a8
[  611.446698][T11651]  </TASK>
[  611.469615][T11387] veth1_macvtap: left promiscuous mode
[  611.509218][T11387] veth0_macvtap: left promiscuous mode
[  611.538499][T11387] veth1_vlan: left promiscuous mode
[  611.567870][T11387] veth0_vlan: left promiscuous mode
[  611.850409][T11673] overlay: ./file0 is not a directory
[  612.868163][T11387] team0 (unregistering): Port device team_slave_1 removed
[  612.967592][T11387] team0 (unregistering): Port device team_slave_0 removed
[  613.289890][T11679] Falling back ldisc for ttyS3.
[  614.174689][T11660] pim6reg: entered allmulticast mode
[  614.180965][T11661] pim6reg: left allmulticast mode
[  614.631543][T11527] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  614.718524][T11527] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  614.855252][T11527] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  614.971469][T11527] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  615.043174][T11702] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1458'.
[  615.083216][T11704] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1458'.
[  615.213044][ T5268] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  615.318251][T11702] vlan2: entered promiscuous mode
[  615.323622][T11702] vlan2: entered allmulticast mode
[  615.432736][ T5268] usb 2-1: Using ep0 maxpacket: 32
[  615.457741][ T5268] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  615.481885][ T5268] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  615.555082][ T5268] usb 2-1: Product: syz
[  615.566322][ T5268] usb 2-1: Manufacturer: syz
[  615.583738][ T5268] usb 2-1: SerialNumber: syz
[  615.634006][ T5268] usb 2-1: config 0 descriptor??
[  615.669527][ T5268] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  615.809598][ T5224] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  615.843388][ T5224] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  615.854700][ T5224] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  615.865348][ T5224] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  615.887341][ T5224] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  615.899938][ T5224] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  616.105217][T11699] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1460'.
[  616.256427][T11699] netlink: 'syz.1.1460': attribute type 10 has an invalid length.
[  616.314887][T11699] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1460'.
[  616.353388][T11699] team0: entered promiscuous mode
[  616.383057][T11699] team_slave_0: entered promiscuous mode
[  616.389630][T11699] team_slave_1: entered promiscuous mode
[  616.403900][T11699] team0: entered allmulticast mode
[  616.409456][T11699] team_slave_0: entered allmulticast mode
[  616.418537][T11699] team_slave_1: entered allmulticast mode
[  616.435903][T11699] bridge0: port 2(team0) entered blocking state
[  616.446318][T11699] bridge0: port 2(team0) entered disabled state
[  616.480951][T11699] bridge0: port 2(team0) entered blocking state
[  616.487671][T11699] bridge0: port 2(team0) entered forwarding state
[  616.545166][ T5268] gspca_stk1135: reg_w 0x3 err -71
[  616.551524][ T5268] gspca_stk1135: serial bus timeout: status=0x00
[  616.623861][ T5268] gspca_stk1135: Sensor write failed
[  616.634831][ T5268] gspca_stk1135: serial bus timeout: status=0x00
[  616.648294][ T5268] gspca_stk1135: Sensor write failed
[  616.654218][ T5268] gspca_stk1135: serial bus timeout: status=0x00
[  616.660679][ T5268] gspca_stk1135: Sensor read failed
[  616.698238][T11527] 8021q: adding VLAN 0 to HW filter on device bond0
[  616.713125][ T5268] gspca_stk1135: serial bus timeout: status=0x00
[  616.740570][ T5268] gspca_stk1135: Sensor read failed
[  616.741701][T11720] netlink: 'syz.2.1463': attribute type 3 has an invalid length.
[  616.755516][ T5268] gspca_stk1135: Detected sensor type unknown (0x0)
[  616.773030][T11720] netlink: 'syz.2.1463': attribute type 1 has an invalid length.
[  616.784145][ T5268] gspca_stk1135: serial bus timeout: status=0x00
[  616.790763][ T5268] gspca_stk1135: Sensor read failed
[  616.799021][T11719] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1463'.
[  616.831725][ T5268] gspca_stk1135: serial bus timeout: status=0x00
[  616.855769][ T5268] gspca_stk1135: Sensor read failed
[  616.861903][ T5268] gspca_stk1135: serial bus timeout: status=0x00
[  616.895895][ T5268] gspca_stk1135: Sensor write failed
[  616.901532][ T5268] gspca_stk1135: serial bus timeout: status=0x00
[  616.910498][ T5268] gspca_stk1135: Sensor write failed
[  616.917410][ T5268] stk1135 2-1:0.0: probe with driver stk1135 failed with error -71
[  616.941094][ T5268] usb 2-1: USB disconnect, device number 34
[  617.095858][    C1] aiptek 5-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  617.095858][ T5297] usb 5-1: USB disconnect, device number 24
[  617.170054][T11527] 8021q: adding VLAN 0 to HW filter on device team0
[  617.295294][ T1834] bridge0: port 1(bridge_slave_0) entered blocking state
[  617.302404][ T1834] bridge0: port 1(bridge_slave_0) entered forwarding state
[  617.332200][T11724] Falling back ldisc for ttyS3.
[  617.410909][   T59] hid-generic 0000:1000003:0000.0011: unknown main item tag 0x0
[  617.432351][   T59] hid-generic 0000:1000003:0000.0011: unknown main item tag 0x0
[  617.446206][   T59] hid-generic 0000:1000003:0000.0011: unknown main item tag 0x0
[  617.460085][   T59] hid-generic 0000:1000003:0000.0011: unknown main item tag 0x0
[  617.472527][   T59] hid-generic 0000:1000003:0000.0011: unknown main item tag 0x0
[  617.483370][   T59] hid-generic 0000:1000003:0000.0011: unknown main item tag 0x0
[  617.492449][   T59] hid-generic 0000:1000003:0000.0011: unknown main item tag 0x0
[  617.505114][   T59] hid-generic 0000:1000003:0000.0011: unknown main item tag 0x0
[  617.526697][   T59] hid-generic 0000:1000003:0000.0011: unknown main item tag 0x0
[  617.545633][T11387] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  617.576853][   T59] hid-generic 0000:1000003:0000.0011: unknown main item tag 0x0
[  617.587985][   T59] hid-generic 0000:1000003:0000.0011: unknown main item tag 0x0
[  617.614638][   T59] hid-generic 0000:1000003:0000.0011: unknown main item tag 0x0
[  617.645463][   T59] hid-generic 0000:1000003:0000.0011: unknown main item tag 0x0
[  617.657263][   T59] hid-generic 0000:1000003:0000.0011: unknown main item tag 0x0
[  617.667887][   T59] hid-generic 0000:1000003:0000.0011: unknown main item tag 0x0
[  617.695922][   T59] hid-generic 0000:1000003:0000.0011: unknown main item tag 0x0
[  617.712918][    T8] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  617.734441][   T59] hid-generic 0000:1000003:0000.0011: unknown main item tag 0x0
[  617.768158][   T59] hid-generic 0000:1000003:0000.0011: unknown main item tag 0x0
[  617.781375][ T1834] bridge0: port 2(bridge_slave_1) entered blocking state
[  617.788549][ T1834] bridge0: port 2(bridge_slave_1) entered forwarding state
[  617.824953][   T59] hid-generic 0000:1000003:0000.0011: unknown main item tag 0x0
[  617.861942][   T59] hid-generic 0000:1000003:0000.0011: unknown main item tag 0x0
[  617.886478][   T59] hid-generic 0000:1000003:0000.0011: unknown main item tag 0x0
[  618.026909][   T55] Bluetooth: hci0: command tx timeout
[  618.100032][    T8] usb 2-1: config 0 has no interfaces?
[  620.094266][   T55] Bluetooth: hci0: command tx timeout
[  620.754134][    T8] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  620.826949][   T59] hid-generic 0000:1000003:0000.0011: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  620.842722][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  620.890842][    T8] usb 2-1: config 0 descriptor??
[  620.906732][    T8] usb 2-1: can't set config #0, error -71
[  620.925106][T11387] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  620.940807][    T8] usb 2-1: USB disconnect, device number 35
[  621.565017][T11387] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  621.633468][T11711] chnl_net:caif_netlink_parms(): no params data found
[  621.671876][T11387] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  621.746266][T11527] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  621.799291][T11527] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  622.192712][   T55] Bluetooth: hci0: command tx timeout
[  622.462816][T11711] bridge0: port 1(bridge_slave_0) entered blocking state
[  622.469957][T11711] bridge0: port 1(bridge_slave_0) entered disabled state
[  622.530062][T11711] bridge_slave_0: entered allmulticast mode
[  622.542555][T11711] bridge_slave_0: entered promiscuous mode
[  622.573338][   T59] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  622.580780][T11711] bridge0: port 2(bridge_slave_1) entered blocking state
[  622.593616][T11711] bridge0: port 2(bridge_slave_1) entered disabled state
[  622.600935][T11711] bridge_slave_1: entered allmulticast mode
[  622.663285][T11711] bridge_slave_1: entered promiscuous mode
[  622.688284][T11387] bridge_slave_1: left allmulticast mode
[  622.695993][T11387] bridge_slave_1: left promiscuous mode
[  622.701690][T11387] bridge0: port 2(bridge_slave_1) entered disabled state
[  622.733336][T11387] bridge_slave_0: left allmulticast mode
[  622.738992][T11387] bridge_slave_0: left promiscuous mode
[  622.752953][T11387] bridge0: port 1(bridge_slave_0) entered disabled state
[  622.815715][   T59] usb 4-1: Using ep0 maxpacket: 32
[  622.825817][   T59] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  622.847809][   T59] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  622.895967][   T59] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  622.911845][   T59] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  622.971679][   T59] hub 4-1:4.0: USB hub found
[  623.070767][T11767] vivid-000: disconnect
[  623.087790][T11767] vivid-000: reconnect
[  623.200742][   T59] hub 4-1:4.0: 2 ports detected
[  623.424783][T11770] Falling back ldisc for ttyS3.
[  624.252749][   T55] Bluetooth: hci0: command tx timeout
[  624.623343][ T1260] ieee802154 phy0 wpan0: encryption failed: -22
[  624.629793][ T1260] ieee802154 phy1 wpan1: encryption failed: -22
[  624.690881][   T59] hub 4-1:4.0: hub_hub_status failed (err = -32)
[  624.698859][   T59] hub 4-1:4.0: config failed, can't get hub status (err -32)
[  625.146876][T11387] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  625.169745][T11387] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  625.181822][T11387] bond0 (unregistering): Released all slaves
[  625.401887][T11711] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  625.424411][T11711] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  625.513309][ T5269] usb 4-1: USB disconnect, device number 33
[  625.813562][T11800] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  625.879818][T11527] 8021q: adding VLAN 0 to HW filter on device batadv0
[  625.957599][T11711] team0: Port device team_slave_0 added
[  626.162524][T11711] team0: Port device team_slave_1 added
[  627.341261][T11387] hsr_slave_0: left promiscuous mode
[  627.350383][T11387] hsr_slave_1: left promiscuous mode
[  627.873385][T11387] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  627.881007][T11387] batman_adv: batadv0: Removing interface: batadv_slave_0
[  628.455615][T11387] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  628.474909][T11387] batman_adv: batadv0: Removing interface: batadv_slave_1
[  628.549654][T11387] veth1_macvtap: left promiscuous mode
[  628.571751][T11387] veth0_macvtap: left promiscuous mode
[  628.581980][T11387] veth1_vlan: left promiscuous mode
[  628.590032][T11387] veth0_vlan: left promiscuous mode
[  628.624201][T11827] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1487'.
[  628.633613][T11827] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1487'.
[  628.725749][ T5268] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  628.737053][T11823] slcan: can't register candev
[  628.741988][T11823] Falling back ldisc for ttyS3.
[  628.932698][ T5268] usb 3-1: Using ep0 maxpacket: 8
[  628.950996][ T5268] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  628.967509][ T5268] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  628.967560][T11832] input: syz0 as /devices/virtual/input/input18
[  629.007000][    T8] kernel read not supported for file /bus/input/devices (pid: 8 comm: kworker/0:0)
[  629.017469][ T5268] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  629.052511][ T5268] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  629.082659][ T5268] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  629.121622][ T5268] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  629.140172][ T5268] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  629.342744][T11841] 9pnet_fd: Insufficient options for proto=fd
[  629.387067][ T5268] usb 3-1: usb_control_msg returned -32
[  629.396424][ T5268] usbtmc 3-1:16.0: can't read capabilities
[  629.475479][ T5268] usb 3-1: USB disconnect, device number 39
[  630.121890][T11387] team0 (unregistering): Port device team_slave_1 removed
[  631.107326][T11387] team0 (unregistering): Port device team_slave_0 removed
[  631.358935][T11855] kvm: emulating exchange as write
[  632.067420][T11853] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1495'.
[  632.078115][T11853] bridge0: port 3(team0) entered disabled state
[  632.088634][T11853] bridge_slave_1: left allmulticast mode
[  632.111565][T11853] bridge_slave_1: left promiscuous mode
[  632.117834][T11853] bridge0: port 2(bridge_slave_1) entered disabled state
[  632.130638][T11853] bridge_slave_0: left allmulticast mode
[  632.138610][T11853] bridge_slave_0: left promiscuous mode
[  632.144939][T11853] bridge0: port 1(bridge_slave_0) entered disabled state
[  632.299922][T11711] batman_adv: batadv0: Adding interface: batadv_slave_0
[  632.307641][T11711] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  632.339439][T11711] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  632.391583][T11711] batman_adv: batadv0: Adding interface: batadv_slave_1
[  632.402221][T11711] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  632.429098][T11711] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  632.629105][T11711] hsr_slave_0: entered promiscuous mode
[  632.647206][T11870] FAULT_INJECTION: forcing a failure.
[  632.647206][T11870] name failslab, interval 1, probability 0, space 0, times 0
[  632.664638][T11711] hsr_slave_1: entered promiscuous mode
[  632.665669][T11870] CPU: 0 UID: 0 PID: 11870 Comm: syz.2.1500 Not tainted 6.11.0-rc4-syzkaller-00002-gb0da640826ba #0
[  632.681009][T11870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  632.691092][T11870] Call Trace:
[  632.694395][T11870]  <TASK>
[  632.697335][T11870]  dump_stack_lvl+0x241/0x360
[  632.702017][T11870]  ? __pfx_dump_stack_lvl+0x10/0x10
[  632.707243][T11870]  ? __pfx__printk+0x10/0x10
[  632.711867][T11870]  ? fs_reclaim_acquire+0x93/0x140
[  632.717004][T11870]  ? __pfx___might_resched+0x10/0x10
[  632.722336][T11870]  should_fail_ex+0x3b0/0x4e0
[  632.727043][T11870]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  632.732777][T11870]  should_failslab+0xac/0x100
[  632.737451][T11870]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  632.743167][T11870]  __kmalloc_noprof+0xd8/0x400
[  632.747939][T11870]  ? kfree+0x4e/0x360
[  632.751937][T11870]  tomoyo_realpath_from_path+0xcf/0x5e0
[  632.757507][T11870]  tomoyo_path_number_perm+0x23a/0x880
[  632.762977][T11870]  ? tomoyo_path_number_perm+0x208/0x880
[  632.768614][T11870]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  632.774625][T11870]  ? __fget_files+0x29/0x470
[  632.779210][T11870]  ? __fget_files+0x3f6/0x470
[  632.783877][T11870]  ? __fget_files+0x29/0x470
[  632.788464][T11870]  security_file_ioctl+0x75/0xb0
[  632.793401][T11870]  __se_sys_ioctl+0x47/0x170
[  632.797990][T11870]  do_syscall_64+0xf3/0x230
[  632.802532][T11870]  ? clear_bhb_loop+0x35/0x90
[  632.807212][T11870]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.813097][T11870] RIP: 0033:0x7f82f8979e79
[  632.817504][T11870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  632.837102][T11870] RSP: 002b:00007f82f9727038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  632.845520][T11870] RAX: ffffffffffffffda RBX: 00007f82f8b15f80 RCX: 00007f82f8979e79
[  632.853488][T11870] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  632.861451][T11870] RBP: 00007f82f9727090 R08: 0000000000000000 R09: 0000000000000000
[  632.869446][T11870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  632.877408][T11870] R13: 0000000000000000 R14: 00007f82f8b15f80 R15: 00007fff6c66a968
[  632.885402][T11870]  </TASK>
[  632.894076][T11870] ERROR: Out of memory at tomoyo_realpath_from_path.
[  632.902386][   T59] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  633.072700][ T5268] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  633.103364][   T59] usb 4-1: Using ep0 maxpacket: 16
[  633.114975][   T59] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  633.168083][   T59] usb 4-1: New USB device found, idVendor=045e, idProduct=0721, bcdDevice=90.c4
[  633.185357][T11527] veth0_vlan: entered promiscuous mode
[  633.196082][   T59] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  633.234609][   T59] usb 4-1: Product: syz
[  633.241537][T11387] IPVS: stop unused estimator thread 0...
[  633.263357][ T5268] usb 2-1: Using ep0 maxpacket: 8
[  633.264469][   T59] usb 4-1: Manufacturer: syz
[  633.278648][ T5268] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  633.288165][   T59] usb 4-1: SerialNumber: syz
[  633.295892][ T5268] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  633.323552][   T59] usb 4-1: config 0 descriptor??
[  633.326162][ T5268] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  633.372289][T11527] veth1_vlan: entered promiscuous mode
[  633.389002][ T5268] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  633.419668][ T5268] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  633.455393][ T5268] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  633.500091][ T5268] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  633.737278][T11527] veth0_macvtap: entered promiscuous mode
[  633.745108][ T5268] usb 2-1: usb_control_msg returned -32
[  633.771202][ T5268] usbtmc 2-1:16.0: can't read capabilities
[  633.821719][ T5268] usb 2-1: USB disconnect, device number 36
[  633.829593][T11527] veth1_macvtap: entered promiscuous mode
[  633.986414][T11527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  633.997628][T11527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  634.009844][T11527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  634.022329][T11527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  634.032216][T11527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  634.045605][T11527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  634.056058][T11527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  634.068643][T11527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  634.085275][T11527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  634.096217][T11527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  634.109185][T11527] batman_adv: batadv0: Interface activated: batadv_slave_0
[  634.184150][T11527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  634.218490][T11527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  634.243059][T11527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  634.267259][T11527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  634.292634][T11527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  634.309125][T11527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  634.344644][T11527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  634.372673][T11527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  634.412648][T11527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  634.437993][T11527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  634.485633][T11527] batman_adv: batadv0: Interface activated: batadv_slave_1
[  634.502803][   T59] usb 4-1: Found UVC 0.00 device syz (045e:0721)
[  634.516820][T11527] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  634.534077][   T59] usb 4-1: No valid video chain found.
[  634.567074][   T59] usb 4-1: USB disconnect, device number 34
[  634.572651][T11527] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  634.581692][T11527] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  634.617312][T11527] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  634.890061][T11387] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  634.916161][T11387] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  634.953403][ T5217] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  635.026222][T11711] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  635.070492][T11711] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  635.116559][ T1834] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  635.118331][T11711] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  635.142719][ T1834] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  635.163170][ T5217] usb 2-1: Using ep0 maxpacket: 32
[  635.173979][ T5217] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  635.185873][ T5217] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  635.198674][T11711] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  635.206847][ T5217] usb 2-1: Product: syz
[  635.211101][ T5217] usb 2-1: Manufacturer: syz
[  635.217501][ T5217] usb 2-1: SerialNumber: syz
[  635.264539][ T5217] usb 2-1: config 0 descriptor??
[  635.291119][ T5217] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  635.542217][T11711] 8021q: adding VLAN 0 to HW filter on device bond0
[  635.630646][T11711] 8021q: adding VLAN 0 to HW filter on device team0
[  635.661550][ T5683] bridge0: port 1(bridge_slave_0) entered blocking state
[  635.668870][ T5683] bridge0: port 1(bridge_slave_0) entered forwarding state
[  635.723922][T11904] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1505'.
[  635.758138][ T5691] bridge0: port 2(bridge_slave_1) entered blocking state
[  635.765345][ T5691] bridge0: port 2(bridge_slave_1) entered forwarding state
[  635.839045][T11923] netlink: 'syz.1.1505': attribute type 10 has an invalid length.
[  635.866546][T11923] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1505'.
[  636.094454][ T5217] gspca_stk1135: reg_w 0x3 err -71
[  636.123839][ T5217] gspca_stk1135: serial bus timeout: status=0x00
[  636.130233][ T5217] gspca_stk1135: Sensor write failed
[  636.159285][ T5217] gspca_stk1135: serial bus timeout: status=0x00
[  636.190251][ T5217] gspca_stk1135: Sensor write failed
[  636.208165][ T5217] gspca_stk1135: serial bus timeout: status=0x00
[  636.232794][ T5217] gspca_stk1135: Sensor read failed
[  636.246645][ T5217] gspca_stk1135: serial bus timeout: status=0x00
[  636.255580][T11926] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1507'.
[  636.263185][ T5217] gspca_stk1135: Sensor read failed
[  636.271811][ T5217] gspca_stk1135: Detected sensor type unknown (0x0)
[  636.287147][ T5217] gspca_stk1135: serial bus timeout: status=0x00
[  636.298688][ T5217] gspca_stk1135: Sensor read failed
[  636.343129][ T5217] gspca_stk1135: serial bus timeout: status=0x00
[  636.370198][ T5217] gspca_stk1135: Sensor read failed
[  636.388887][ T5217] gspca_stk1135: serial bus timeout: status=0x00
[  636.408031][ T5217] gspca_stk1135: Sensor write failed
[  636.438529][ T5217] gspca_stk1135: serial bus timeout: status=0x00
[  636.465307][ T5217] gspca_stk1135: Sensor write failed
[  636.491268][ T5217] stk1135 2-1:0.0: probe with driver stk1135 failed with error -71
[  636.546733][ T5217] usb 2-1: USB disconnect, device number 37
[  636.628666][T11711] 8021q: adding VLAN 0 to HW filter on device batadv0
[  636.935089][T11953] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1510'.
[  636.994681][T11953] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1510'.
[  637.351170][T11711] veth0_vlan: entered promiscuous mode
[  637.424938][T11711] veth1_vlan: entered promiscuous mode
[  637.525971][T11966] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1511'.
[  637.537428][T11966] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1511'.
[  637.664483][T11711] veth0_macvtap: entered promiscuous mode
[  637.694912][T11711] veth1_macvtap: entered promiscuous mode
[  637.757368][T11711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  637.827170][T11711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  637.911511][T11711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  637.945772][T11711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  637.981117][T11711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  638.012787][T11711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  638.030632][T11711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  638.105304][T11711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  638.139582][T11711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  638.209596][T11711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  638.240261][T11711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  638.281291][T11711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  638.346790][T11711] batman_adv: batadv0: Interface activated: batadv_slave_0
[  638.400411][T11711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  638.449961][T11711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  638.467269][T11711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  638.485243][T11711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  638.506293][T11711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  638.530201][T11711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  638.546286][T11711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  638.573378][T11711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  638.609793][T11711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  638.622733][ T5269] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  638.652870][T11711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  638.675269][T11711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  638.697124][T11711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  638.728355][T11711] batman_adv: batadv0: Interface activated: batadv_slave_1
[  638.778843][T11711] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  638.822841][T11711] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  638.831574][T11711] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  638.852696][ T5269] usb 1-1: Using ep0 maxpacket: 8
[  638.890823][T11711] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  638.902710][ T5269] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  638.910935][ T5269] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  638.952789][ T5269] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  638.981820][ T5269] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  639.010676][ T5269] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  639.064931][ T5269] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  639.069461][T11998] netlink: 'syz.1.1514': attribute type 4 has an invalid length.
[  639.117048][ T5269] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.122133][T11999] netlink: 'syz.1.1514': attribute type 4 has an invalid length.
[  639.235312][ T1834] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  639.252708][ T1834] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  639.303996][ T1834] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  639.320226][ T1834] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  639.364049][ T5269] usb 1-1: usb_control_msg returned -32
[  639.382397][ T5269] usbtmc 1-1:16.0: can't read capabilities
[  639.586534][ T5269] usb 1-1: USB disconnect, device number 27
[  640.535587][T12010] vivid-000: disconnect
[  640.540789][T12010] vivid-000: reconnect
[  643.519552][T12056] FAULT_INJECTION: forcing a failure.
[  643.519552][T12056] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  643.536891][T12056] CPU: 1 UID: 0 PID: 12056 Comm: syz.4.1525 Not tainted 6.11.0-rc4-syzkaller-00002-gb0da640826ba #0
[  643.547695][T12056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  643.557777][T12056] Call Trace:
[  643.561074][T12056]  <TASK>
[  643.564017][T12056]  dump_stack_lvl+0x241/0x360
[  643.568717][T12056]  ? __pfx_dump_stack_lvl+0x10/0x10
[  643.573926][T12056]  ? __pfx__printk+0x10/0x10
[  643.578552][T12056]  ? __pfx_lock_release+0x10/0x10
[  643.583618][T12056]  should_fail_ex+0x3b0/0x4e0
[  643.588323][T12056]  _copy_from_user+0x2f/0xe0
[  643.592938][T12056]  copy_msghdr_from_user+0xae/0x680
[  643.598163][T12056]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  643.604010][T12056]  __sys_sendmsg+0x23d/0x3a0
[  643.608626][T12056]  ? __pfx___sys_sendmsg+0x10/0x10
[  643.613756][T12056]  ? vfs_write+0x7c4/0xc90
[  643.618232][T12056]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  643.624582][T12056]  ? do_syscall_64+0x100/0x230
[  643.629364][T12056]  ? do_syscall_64+0xb6/0x230
[  643.634060][T12056]  do_syscall_64+0xf3/0x230
[  643.638587][T12056]  ? clear_bhb_loop+0x35/0x90
[  643.643284][T12056]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  643.649194][T12056] RIP: 0033:0x7efdb9b79e79
[  643.653623][T12056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  643.673244][T12056] RSP: 002b:00007efdba89f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  643.681676][T12056] RAX: ffffffffffffffda RBX: 00007efdb9d15f80 RCX: 00007efdb9b79e79
[  643.689662][T12056] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000004
[  643.697647][T12056] RBP: 00007efdba89f090 R08: 0000000000000000 R09: 0000000000000000
[  643.705631][T12056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  643.713614][T12056] R13: 0000000000000000 R14: 00007efdb9d15f80 R15: 00007ffe82ae2f58
[  643.721610][T12056]  </TASK>
[  644.922906][T12081] No control pipe specified
[  645.322969][    T9] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  645.623115][    T9] usb 3-1: Using ep0 maxpacket: 8
[  645.723049][    T9] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  645.741555][    T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  645.762077][    T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  645.784459][T12093] FAULT_INJECTION: forcing a failure.
[  645.784459][T12093] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  645.812658][    T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  645.834204][T12093] CPU: 0 UID: 0 PID: 12093 Comm: syz.0.1532 Not tainted 6.11.0-rc4-syzkaller-00002-gb0da640826ba #0
[  645.845020][T12093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  645.855072][T12093] Call Trace:
[  645.858342][T12093]  <TASK>
[  645.861258][T12093]  dump_stack_lvl+0x241/0x360
[  645.865928][T12093]  ? __pfx_dump_stack_lvl+0x10/0x10
[  645.871131][T12093]  ? __pfx__printk+0x10/0x10
[  645.875740][T12093]  ? snprintf+0xda/0x120
[  645.879981][T12093]  should_fail_ex+0x3b0/0x4e0
[  645.884645][T12093]  _copy_to_user+0x2f/0xb0
[  645.889055][T12093]  simple_read_from_buffer+0xca/0x150
[  645.894435][T12093]  proc_fail_nth_read+0x1ec/0x260
[  645.899476][T12093]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  645.905015][T12093]  ? rw_verify_area+0x520/0x6b0
[  645.909852][T12093]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  645.915411][T12093]  vfs_read+0x204/0xbc0
[  645.919551][T12093]  ? __pfx_lock_release+0x10/0x10
[  645.924567][T12093]  ? __pfx_vfs_read+0x10/0x10
[  645.929228][T12093]  ? __fget_files+0x29/0x470
[  645.933806][T12093]  ? __fget_files+0x3f6/0x470
[  645.938473][T12093]  ksys_read+0x1a0/0x2c0
[  645.942723][T12093]  ? __pfx_ksys_read+0x10/0x10
[  645.947487][T12093]  ? do_syscall_64+0x100/0x230
[  645.952249][T12093]  ? do_syscall_64+0xb6/0x230
[  645.956920][T12093]  do_syscall_64+0xf3/0x230
[  645.961415][T12093]  ? clear_bhb_loop+0x35/0x90
[  645.966090][T12093]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.971977][T12093] RIP: 0033:0x7f510bb788bc
[  645.976383][T12093] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  645.995983][T12093] RSP: 002b:00007f510c99b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  646.004391][T12093] RAX: ffffffffffffffda RBX: 00007f510bd16058 RCX: 00007f510bb788bc
[  646.012354][T12093] RDX: 000000000000000f RSI: 00007f510c99b0a0 RDI: 0000000000000005
[  646.020313][T12093] RBP: 00007f510c99b090 R08: 0000000000000000 R09: 0000000000000000
[  646.028273][T12093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  646.036236][T12093] R13: 0000000000000000 R14: 00007f510bd16058 R15: 00007fff8b794a18
[  646.044210][T12093]  </TASK>
[  646.065996][    T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  646.094470][    T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  646.127714][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  646.362669][T12098] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1533'.
[  646.384683][T12098] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1533'.
[  646.389444][    T9] usb 3-1: GET_CAPABILITIES returned 0
[  646.422020][    T9] usbtmc 3-1:16.0: can't read capabilities
[  646.423616][ T5224] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  646.450207][ T5224] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  646.461860][ T5224] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  646.473060][ T5224] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  646.482293][ T5224] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  646.490305][ T5224] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  646.593293][    T9] usb 3-1: USB disconnect, device number 40
[  646.929005][T12099] chnl_net:caif_netlink_parms(): no params data found
[  647.809702][T12099] bridge0: port 1(bridge_slave_0) entered blocking state
[  647.833863][T12099] bridge0: port 1(bridge_slave_0) entered disabled state
[  647.842421][T12099] bridge_slave_0: entered allmulticast mode
[  647.861423][T12099] bridge_slave_0: entered promiscuous mode
[  647.871090][T12099] bridge0: port 2(bridge_slave_1) entered blocking state
[  647.879802][T12099] bridge0: port 2(bridge_slave_1) entered disabled state
[  647.891529][T12099] bridge_slave_1: entered allmulticast mode
[  647.909197][T12099] bridge_slave_1: entered promiscuous mode
[  647.990630][T12099] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  648.029619][T12099] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  648.148711][T12124] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1537'.
[  648.159413][T12124] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1537'.
[  648.636724][T12099] team0: Port device team_slave_0 added
[  648.652827][ T5224] Bluetooth: hci6: command tx timeout
[  648.675443][T12099] team0: Port device team_slave_1 added
[  648.679754][T12129] FAULT_INJECTION: forcing a failure.
[  648.679754][T12129] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  648.698079][T12129] CPU: 1 UID: 0 PID: 12129 Comm: syz.1.1540 Not tainted 6.11.0-rc4-syzkaller-00002-gb0da640826ba #0
[  648.708862][T12129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  648.718926][T12129] Call Trace:
[  648.722201][T12129]  <TASK>
[  648.725124][T12129]  dump_stack_lvl+0x241/0x360
[  648.729832][T12129]  ? __pfx_dump_stack_lvl+0x10/0x10
[  648.735028][T12129]  ? __pfx__printk+0x10/0x10
[  648.739617][T12129]  ? __pfx_lock_release+0x10/0x10
[  648.744639][T12129]  should_fail_ex+0x3b0/0x4e0
[  648.749312][T12129]  _copy_from_user+0x2f/0xe0
[  648.753896][T12129]  sk_getsockopt+0x1d2/0x3890
[  648.758590][T12129]  ? __pfx_sk_getsockopt+0x10/0x10
[  648.763709][T12129]  ? __lock_acquire+0x137a/0x2040
[  648.768737][T12129]  ? __pfx_lock_acquire+0x10/0x10
[  648.773759][T12129]  ? __fget_files+0x29/0x470
[  648.778367][T12129]  ? vfs_write+0x7c4/0xc90
[  648.782798][T12129]  ? __pfx_lock_release+0x10/0x10
[  648.787844][T12129]  do_sock_getsockopt+0x270/0x850
[  648.792894][T12129]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  648.798459][T12129]  ? __fget_files+0x3f6/0x470
[  648.803173][T12129]  __sys_getsockopt+0x271/0x330
[  648.808047][T12129]  ? __pfx___sys_getsockopt+0x10/0x10
[  648.813433][T12129]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  648.819780][T12129]  ? do_syscall_64+0x100/0x230
[  648.824560][T12129]  __x64_sys_getsockopt+0xb5/0xd0
[  648.829607][T12129]  do_syscall_64+0xf3/0x230
[  648.834125][T12129]  ? clear_bhb_loop+0x35/0x90
[  648.838824][T12129]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.844735][T12129] RIP: 0033:0x7f83f3179e79
[  648.849159][T12129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  648.868774][T12129] RSP: 002b:00007f83f3fcd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  648.877205][T12129] RAX: ffffffffffffffda RBX: 00007f83f3315f80 RCX: 00007f83f3179e79
[  648.885189][T12129] RDX: 000000000000003b RSI: 0000000000000001 RDI: 0000000000000006
[  648.893173][T12129] RBP: 00007f83f3fcd090 R08: 0000000020001000 R09: 0000000000000000
[  648.901153][T12129] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001
[  648.909133][T12129] R13: 0000000000000000 R14: 00007f83f3315f80 R15: 00007ffe9ab207a8
[  648.917129][T12129]  </TASK>
[  649.074266][T12099] batman_adv: batadv0: Adding interface: batadv_slave_0
[  649.081250][T12099] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  649.922899][T12099] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  649.985194][T12145] FAULT_INJECTION: forcing a failure.
[  649.985194][T12145] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  650.013223][T12099] batman_adv: batadv0: Adding interface: batadv_slave_1
[  650.020208][T12099] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  650.060561][T12145] CPU: 1 UID: 0 PID: 12145 Comm: syz.2.1543 Not tainted 6.11.0-rc4-syzkaller-00002-gb0da640826ba #0
[  650.071381][T12145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  650.081448][T12145] Call Trace:
[  650.084738][T12145]  <TASK>
[  650.087675][T12145]  dump_stack_lvl+0x241/0x360
[  650.092371][T12145]  ? __pfx_dump_stack_lvl+0x10/0x10
[  650.097581][T12145]  ? __pfx__printk+0x10/0x10
[  650.102202][T12145]  ? snprintf+0xda/0x120
[  650.106461][T12145]  should_fail_ex+0x3b0/0x4e0
[  650.111160][T12145]  _copy_to_user+0x2f/0xb0
[  650.115599][T12145]  simple_read_from_buffer+0xca/0x150
[  650.120996][T12145]  proc_fail_nth_read+0x1ec/0x260
[  650.126041][T12145]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  650.131611][T12145]  ? rw_verify_area+0x520/0x6b0
[  650.136478][T12145]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  650.142042][T12145]  vfs_read+0x204/0xbc0
[  650.146209][T12145]  ? __pfx_lock_release+0x10/0x10
[  650.151266][T12145]  ? __pfx_vfs_read+0x10/0x10
[  650.155963][T12145]  ? __fget_files+0x29/0x470
[  650.160573][T12145]  ? __fget_files+0x3f6/0x470
[  650.165286][T12145]  ksys_read+0x1a0/0x2c0
[  650.169555][T12145]  ? __pfx_ksys_read+0x10/0x10
[  650.174341][T12145]  ? do_syscall_64+0x100/0x230
[  650.179120][T12145]  ? do_syscall_64+0xb6/0x230
[  650.183800][T12145]  do_syscall_64+0xf3/0x230
[  650.188295][T12145]  ? clear_bhb_loop+0x35/0x90
[  650.192967][T12145]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  650.198854][T12145] RIP: 0033:0x7f82f89788bc
[  650.203261][T12145] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  650.222856][T12145] RSP: 002b:00007f82f96e5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  650.231262][T12145] RAX: ffffffffffffffda RBX: 00007f82f8b16130 RCX: 00007f82f89788bc
[  650.239224][T12145] RDX: 000000000000000f RSI: 00007f82f96e50a0 RDI: 0000000000000005
[  650.247185][T12145] RBP: 00007f82f96e5090 R08: 0000000000000000 R09: 0000000000000000
[  650.255147][T12145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  650.263112][T12145] R13: 0000000000000000 R14: 00007f82f8b16130 R15: 00007fff6c66a968
[  650.271088][T12145]  </TASK>
[  650.277452][T12099] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  650.487704][T12155] fuse: Unknown parameter 'grou00000000000000000000'
[  650.755753][ T5224] Bluetooth: hci6: command tx timeout
[  651.082516][T12099] hsr_slave_0: entered promiscuous mode
[  651.210212][T12160] No control pipe specified
[  651.211893][T12099] hsr_slave_1: entered promiscuous mode
[  652.047967][T12099] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  652.435302][T12099] Cannot create hsr debugfs directory
[  652.802855][ T5224] Bluetooth: hci6: command tx timeout
[  653.849872][T12182] FAULT_INJECTION: forcing a failure.
[  653.849872][T12182] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  653.868551][T12182] CPU: 1 UID: 0 PID: 12182 Comm: syz.4.1553 Not tainted 6.11.0-rc4-syzkaller-00002-gb0da640826ba #0
[  653.879352][T12182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  653.889414][T12182] Call Trace:
[  653.892685][T12182]  <TASK>
[  653.895619][T12182]  dump_stack_lvl+0x241/0x360
[  653.900319][T12182]  ? __pfx_dump_stack_lvl+0x10/0x10
[  653.905508][T12182]  ? __pfx__printk+0x10/0x10
[  653.910092][T12182]  ? __pfx_lock_release+0x10/0x10
[  653.915114][T12182]  should_fail_ex+0x3b0/0x4e0
[  653.919781][T12182]  _copy_from_user+0x2f/0xe0
[  653.924362][T12182]  copy_msghdr_from_user+0xae/0x680
[  653.929554][T12182]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  653.935367][T12182]  __sys_sendmsg+0x23d/0x3a0
[  653.939966][T12182]  ? __pfx___sys_sendmsg+0x10/0x10
[  653.945068][T12182]  ? vfs_write+0x7c4/0xc90
[  653.949501][T12182]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  653.955814][T12182]  ? do_syscall_64+0x100/0x230
[  653.960560][T12182]  ? do_syscall_64+0xb6/0x230
[  653.965220][T12182]  do_syscall_64+0xf3/0x230
[  653.969706][T12182]  ? clear_bhb_loop+0x35/0x90
[  653.974369][T12182]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  653.980246][T12182] RIP: 0033:0x7efdb9b79e79
[  653.984733][T12182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  654.004337][T12182] RSP: 002b:00007efdba89f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  654.012758][T12182] RAX: ffffffffffffffda RBX: 00007efdb9d15f80 RCX: 00007efdb9b79e79
[  654.020713][T12182] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[  654.028667][T12182] RBP: 00007efdba89f090 R08: 0000000000000000 R09: 0000000000000000
[  654.036638][T12182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  654.044598][T12182] R13: 0000000000000000 R14: 00007efdb9d15f80 R15: 00007ffe82ae2f58
[  654.052587][T12182]  </TASK>
[  654.055655][    C1] vkms_vblank_simulate: vblank timer overrun
[  654.133692][T12184] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1552'.
[  654.168366][T12184] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1552'.
[  654.885483][ T5224] Bluetooth: hci6: command tx timeout
[  656.141930][T12099] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  656.212520][T12209] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1559'.
[  656.450190][T12212] fuse: Unknown parameter 'grou00000000000000000000'
[  657.096681][T12214] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1559'.
[  657.112010][T12214] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1559'.
[  657.453499][T12099] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  657.631532][T12099] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  657.693099][    T9] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  658.455458][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  658.490404][    T9] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  658.623045][T12099] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  658.633646][    T9] usb 2-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4
[  658.718757][    T9] usb 2-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0
[  658.816308][    T9] usb 2-1: Manufacturer: syz
[  658.868134][    T9] usb 2-1: config 0 descriptor??
[  659.146972][T12099] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  659.188247][T12099] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  659.204503][T12243] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1567'.
[  659.213825][T12243] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1567'.
[  659.235037][T12099] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  659.253688][T12244] cgroup: name respecified
[  659.255192][T12099] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  659.553613][T12099] 8021q: adding VLAN 0 to HW filter on device bond0
[  659.617212][T12099] 8021q: adding VLAN 0 to HW filter on device team0
[  659.662548][ T1834] bridge0: port 1(bridge_slave_0) entered blocking state
[  659.669746][ T1834] bridge0: port 1(bridge_slave_0) entered forwarding state
[  659.839461][ T5691] bridge0: port 2(bridge_slave_1) entered blocking state
[  659.846681][ T5691] bridge0: port 2(bridge_slave_1) entered forwarding state
[  661.486393][   T25] usb 2-1: USB disconnect, device number 38
[  661.509816][T12099] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  661.587173][T12256] FAULT_INJECTION: forcing a failure.
[  661.587173][T12256] name failslab, interval 1, probability 0, space 0, times 0
[  661.610020][T12256] CPU: 0 UID: 0 PID: 12256 Comm: syz.2.1570 Not tainted 6.11.0-rc4-syzkaller-00002-gb0da640826ba #0
[  661.620828][T12256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  661.630907][T12256] Call Trace:
[  661.634210][T12256]  <TASK>
[  661.637157][T12256]  dump_stack_lvl+0x241/0x360
[  661.641857][T12256]  ? __pfx_dump_stack_lvl+0x10/0x10
[  661.647073][T12256]  ? __pfx__printk+0x10/0x10
[  661.651706][T12256]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  661.657189][T12256]  ? __pfx___might_resched+0x10/0x10
[  661.662493][T12256]  should_fail_ex+0x3b0/0x4e0
[  661.664779][T12253] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1569'.
[  661.667181][T12256]  should_failslab+0xac/0x100
[  661.680789][T12256]  ? alloc_pipe_info+0xeb/0x4d0
[  661.685657][T12256]  __kmalloc_cache_noprof+0x6c/0x2c0
[  661.690964][T12256]  alloc_pipe_info+0xeb/0x4d0
[  661.695655][T12256]  splice_direct_to_actor+0xaac/0xc90
[  661.701064][T12256]  ? __pfx_direct_splice_actor+0x10/0x10
[  661.706721][T12256]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  661.708777][T12253] netlink: 'syz.0.1569': attribute type 4 has an invalid length.
[  661.712619][T12256]  ? __fget_files+0x29/0x470
[  661.712648][T12256]  ? __pfx_lock_release+0x10/0x10
[  661.712676][T12256]  do_splice_direct+0x28c/0x3e0
[  661.734843][T12256]  ? __pfx_do_splice_direct+0x10/0x10
[  661.740263][T12256]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  661.746182][T12256]  ? security_file_permission+0x7f/0xa0
[  661.751752][T12256]  ? rw_verify_area+0x1d2/0x6b0
[  661.756629][T12256]  do_sendfile+0x56d/0xe20
[  661.761081][T12256]  ? __pfx_do_sendfile+0x10/0x10
[  661.766065][T12256]  __se_sys_sendfile64+0x17c/0x1e0
[  661.771204][T12256]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  661.776869][T12256]  ? do_syscall_64+0x100/0x230
[  661.781661][T12256]  ? do_syscall_64+0xb6/0x230
[  661.786355][T12256]  do_syscall_64+0xf3/0x230
[  661.790882][T12256]  ? clear_bhb_loop+0x35/0x90
[  661.795578][T12256]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.801490][T12256] RIP: 0033:0x7f82f8979e79
[  661.805919][T12256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  661.825544][T12256] RSP: 002b:00007f82f9727038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  661.833979][T12256] RAX: ffffffffffffffda RBX: 00007f82f8b15f80 RCX: 00007f82f8979e79
[  661.841973][T12256] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000006
[  661.849957][T12256] RBP: 00007f82f9727090 R08: 0000000000000000 R09: 0000000000000000
[  661.857944][T12256] R10: 0000000000000e8a R11: 0000000000000246 R12: 0000000000000001
[  661.865950][T12256] R13: 0000000000000000 R14: 00007f82f8b15f80 R15: 00007fff6c66a968
[  661.873955][T12256]  </TASK>
[  661.887823][T12257] netlink: 'syz.0.1569': attribute type 4 has an invalid length.
[  662.309120][T12268] fuse: Unknown parameter 'grou00000000000000000000'
[  662.928029][T12099] 8021q: adding VLAN 0 to HW filter on device batadv0
[  663.258409][T12275] Device name cannot be null; rc = [-22]
[  663.601581][T12251] Bluetooth: hci4: command 0x0406 tx timeout
[  663.743010][T12251] Bluetooth: hci5: command 0x0406 tx timeout
[  663.750489][T12251] Bluetooth: hci2: command 0x0406 tx timeout
[  664.786681][T12099] veth0_vlan: entered promiscuous mode
[  664.861101][T12285] FAULT_INJECTION: forcing a failure.
[  664.861101][T12285] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  664.878025][T12285] CPU: 0 UID: 0 PID: 12285 Comm: syz.2.1578 Not tainted 6.11.0-rc4-syzkaller-00002-gb0da640826ba #0
[  664.888826][T12285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  664.898899][T12285] Call Trace:
[  664.902190][T12285]  <TASK>
[  664.905131][T12285]  dump_stack_lvl+0x241/0x360
[  664.909826][T12285]  ? __pfx_dump_stack_lvl+0x10/0x10
[  664.915036][T12285]  ? __pfx__printk+0x10/0x10
[  664.919664][T12285]  ? __pfx_lock_release+0x10/0x10
[  664.924703][T12285]  ? vfs_write+0x7c4/0xc90
[  664.929143][T12285]  should_fail_ex+0x3b0/0x4e0
[  664.933843][T12285]  _copy_from_user+0x2f/0xe0
[  664.938463][T12285]  __sys_bpf+0x1a4/0x810
[  664.942730][T12285]  ? __pfx___sys_bpf+0x10/0x10
[  664.947523][T12285]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  664.953519][T12285]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  664.959870][T12285]  ? do_syscall_64+0x100/0x230
[  664.964651][T12285]  __x64_sys_bpf+0x7c/0x90
[  664.969081][T12285]  do_syscall_64+0xf3/0x230
[  664.973619][T12285]  ? clear_bhb_loop+0x35/0x90
[  664.978328][T12285]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  664.984241][T12285] RIP: 0033:0x7f82f8979e79
[  664.988672][T12285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  665.008312][T12285] RSP: 002b:00007f82f9727038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  665.016761][T12285] RAX: ffffffffffffffda RBX: 00007f82f8b15f80 RCX: 00007f82f8979e79
[  665.024761][T12285] RDX: 0000000000000020 RSI: 0000000020000000 RDI: 0000000000000012
[  665.032754][T12285] RBP: 00007f82f9727090 R08: 0000000000000000 R09: 0000000000000000
[  665.040742][T12285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  665.048731][T12285] R13: 0000000000000001 R14: 00007f82f8b15f80 R15: 00007fff6c66a968
[  665.056723][T12285]  </TASK>
[  665.082084][T12099] veth1_vlan: entered promiscuous mode
[  665.655595][T12099] veth0_macvtap: entered promiscuous mode
[  665.659610][T12294] FAULT_INJECTION: forcing a failure.
[  665.659610][T12294] name failslab, interval 1, probability 0, space 0, times 0
[  665.687547][T12294] CPU: 1 UID: 0 PID: 12294 Comm: syz.2.1580 Not tainted 6.11.0-rc4-syzkaller-00002-gb0da640826ba #0
[  665.698360][T12294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  665.708413][T12294] Call Trace:
[  665.711686][T12294]  <TASK>
[  665.714613][T12294]  dump_stack_lvl+0x241/0x360
[  665.719297][T12294]  ? __pfx_dump_stack_lvl+0x10/0x10
[  665.724495][T12294]  ? __pfx__printk+0x10/0x10
[  665.729087][T12294]  ? fs_reclaim_acquire+0x93/0x140
[  665.734196][T12294]  ? __pfx___might_resched+0x10/0x10
[  665.739499][T12294]  should_fail_ex+0x3b0/0x4e0
[  665.744174][T12294]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  665.749896][T12294]  should_failslab+0xac/0x100
[  665.754568][T12294]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  665.760284][T12294]  __kmalloc_noprof+0xd8/0x400
[  665.765049][T12294]  ? kfree+0x4e/0x360
[  665.769034][T12294]  tomoyo_realpath_from_path+0xcf/0x5e0
[  665.774589][T12294]  tomoyo_path_number_perm+0x23a/0x880
[  665.780047][T12294]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  665.785678][T12294]  ? tomoyo_path_number_perm+0x208/0x880
[  665.791307][T12294]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  665.797282][T12294]  ? sb_end_write+0xe9/0x1c0
[  665.801868][T12294]  ? vfs_write+0x7c4/0xc90
[  665.806280][T12294]  ? __pfx_vfs_write+0x10/0x10
[  665.811053][T12294]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  665.817036][T12294]  security_file_ioctl+0x75/0xb0
[  665.821976][T12294]  __se_sys_ioctl+0x47/0x170
[  665.826570][T12294]  do_syscall_64+0xf3/0x230
[  665.831067][T12294]  ? clear_bhb_loop+0x35/0x90
[  665.835739][T12294]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  665.841627][T12294] RIP: 0033:0x7f82f8979e79
[  665.846040][T12294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  665.865642][T12294] RSP: 002b:00007f82f9727038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  665.874052][T12294] RAX: ffffffffffffffda RBX: 00007f82f8b15f80 RCX: 00007f82f8979e79
[  665.882014][T12294] RDX: 0000000000000000 RSI: 0000000040603d10 RDI: 0000000000000004
[  665.889975][T12294] RBP: 00007f82f9727090 R08: 0000000000000000 R09: 0000000000000000
[  665.897936][T12294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  665.905895][T12294] R13: 0000000000000000 R14: 00007f82f8b15f80 R15: 00007fff6c66a968
[  665.913871][T12294]  </TASK>
[  665.923723][T12099] veth1_macvtap: entered promiscuous mode
[  665.950458][T12099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  665.968088][T12099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  665.980488][T12099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  665.995138][T12099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  666.002835][T12294] ERROR: Out of memory at tomoyo_realpath_from_path.
[  666.021551][T12099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  666.062616][T12099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  666.085435][T12099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  666.111738][T12099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  666.127344][T12099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  666.132296][T12295] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1579'.
[  666.147213][T12295] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1579'.
[  666.149152][T12099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  666.172711][T12099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  666.184536][T12099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  666.196183][T12099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  666.207075][T12099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  666.262046][T12099] batman_adv: batadv0: Interface activated: batadv_slave_0
[  666.305860][T12099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  666.397680][T12099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  666.427946][T12099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  666.454705][T12099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  666.465540][T12099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  666.489701][T12099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  666.501179][T12099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  666.512850][T12099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  666.524095][T12099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  666.544295][T12099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  666.581297][T12099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  666.592940][T12099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  666.612676][T12099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  666.633581][T12099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  666.681094][T12099] batman_adv: batadv0: Interface activated: batadv_slave_1
[  666.743062][ T1864] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  666.758124][T12099] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  666.778322][T12099] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  666.787409][T12099] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  666.796639][T12099] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  666.949484][T12309] netlink: 'syz.0.1585': attribute type 10 has an invalid length.
[  666.963718][ T1864] usb 5-1: Using ep0 maxpacket: 8
[  666.981629][ T1864] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 13
[  667.011829][ T1864] usb 5-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  667.012510][T12309] team0: Port device netdevsim0 added
[  667.035978][ T1864] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  667.062787][ T1864] usb 5-1: Product: syz
[  667.067118][ T1864] usb 5-1: Manufacturer: syz
[  667.073298][ T1864] usb 5-1: SerialNumber: syz
[  667.104226][ T1864] usb 5-1: config 0 descriptor??
[  667.109361][ T1105] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  667.137174][ T1864] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[  667.154320][ T1105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  667.220184][ T1105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  667.254792][ T1105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  668.587453][ T1864] gspca_zc3xx: reg_w_i err -110
[  668.632897][T12326] vivid-000: disconnect
[  668.649979][T12326] vivid-000: reconnect
[  672.562901][ T1864] gspca_zc3xx: Unknown sensor - set to TAS5130C
[  672.569258][ T1864] gspca_zc3xx 5-1:0.0: probe with driver gspca_zc3xx failed with error -110
[  672.726018][    T9] usb 5-1: USB disconnect, device number 25
[  672.850834][T12339] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1592'.
[  672.966936][T12343] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1593'.
[  673.014158][T12343] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1593'.
[  674.558015][T12369] vivid-000: disconnect
[  674.564670][T12361] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1599'.
[  674.581170][T12369] vivid-000: reconnect
[  674.663025][ T1864] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  674.828923][T12380] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1606'.
[  674.883146][ T1864] usb 5-1: Using ep0 maxpacket: 16
[  674.895154][ T1864] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  674.914750][T12385] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1607'.
[  674.926460][ T1864] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 3
[  674.968442][T12382] netlink: 'syz.2.1607': attribute type 11 has an invalid length.
[  674.968669][ T1864] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  675.018396][ T1864] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  675.039888][ T1864] usb 5-1: Product: syz
[  675.051766][ T1864] usb 5-1: Manufacturer: syz
[  675.072403][ T1864] usb 5-1: SerialNumber: syz
[  676.225098][ T1864] usb 5-1: USB disconnect, device number 26
[  676.364418][T12404] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.1613'.
[  676.543754][T12412] vivid-000: disconnect
[  676.549284][T12412] vivid-000: reconnect
[  676.955104][T12415] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1616'.
[  677.235142][T12424] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1619'.
[  677.282975][T10873] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  677.663463][T10873] usb 5-1: Using ep0 maxpacket: 8
[  677.729967][T10873] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  677.742366][T10873] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  678.305168][T10873] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  678.315971][T10873] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  678.328640][T10873] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  678.341728][T10873] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  678.352711][T10873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  678.972704][T11618] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  679.004761][T10873] usb 5-1: usb_control_msg returned -71
[  679.010514][T10873] usbtmc 5-1:16.0: can't read capabilities
[  679.044527][T10873] usb 5-1: USB disconnect, device number 27
[  679.225129][T11618] usb 4-1: Using ep0 maxpacket: 16
[  679.239516][T12448] vivid-003: =================  START STATUS  =================
[  679.249681][T12448] vivid-003: Radio HW Seek Mode: Bounded
[  679.255956][T12448] vivid-003: Radio Programmable HW Seek: false
[  679.262209][T12448] vivid-003: RDS Rx I/O Mode: Block I/O
[  679.268933][T12448] vivid-003: Generate RBDS Instead of RDS: false
[  679.275860][T12448] vivid-003: RDS Reception: true
[  679.281300][T12448] vivid-003: RDS Program Type: 0 inactive
[  679.288129][T12448] vivid-003: RDS PS Name:  inactive
[  679.298149][T12449] vivid-000: disconnect
[  679.305127][T12449] vivid-000: reconnect
[  679.311789][T11618] usb 4-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 7.79
[  679.329761][T11618] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  679.349407][T12448] vivid-003: RDS Radio Text:  inactive
[  679.362840][T12448] vivid-003: RDS Traffic Announcement: false inactive
[  679.370368][T11618] usb 4-1: Product: syz
[  679.376702][T12448] vivid-003: RDS Traffic Program: false inactive
[  679.383359][T11618] usb 4-1: Manufacturer: syz
[  679.388167][T11618] usb 4-1: SerialNumber: syz
[  679.398664][T12448] vivid-003: RDS Music: false inactive
[  679.404736][T12448] vivid-003: ==================  END STATUS  ==================
[  679.417082][T11618] usb 4-1: config 0 descriptor??
[  679.632798][T11618] usb 4-1: Cannot retrieve CPort count: 0
[  679.646962][T11618] usb 4-1: Cannot retrieve CPort count: -5
[  679.659184][T11618] es2_ap_driver 4-1:0.0: probe with driver es2_ap_driver failed with error -5
[  679.762995][T10873] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  679.845081][ T1864] usb 4-1: USB disconnect, device number 35
[  679.965083][T10873] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  679.983241][T11618] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  679.984086][T10873] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  680.013619][T10873] usb 3-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00
[  680.025876][T10873] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  680.072123][T10873] usb 3-1: config 0 descriptor??
[  680.212737][T11618] usb 5-1: Using ep0 maxpacket: 8
[  680.228056][T11618] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  680.244294][T11618] usb 5-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d
[  680.259928][T11618] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105
[  680.268941][T11618] usb 5-1: SerialNumber: syz
[  680.280095][T11618] usb 5-1: config 0 descriptor??
[  680.290943][T11618] usb 5-1: Found UVC 0.00 device <unnamed> (05ac:8501)
[  680.298486][T11618] usb 5-1: No valid video chain found.
[  680.310759][T12455] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  680.354084][T12455] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  680.409300][T10873] usbhid 3-1:0.0: can't add hid device: -71
[  680.433046][T10873] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  680.475126][T10873] usb 3-1: USB disconnect, device number 41
[  680.708329][    T9] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  680.788920][T12482] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1636'.
[  680.799241][T10873] usb 5-1: USB disconnect, device number 28
[  680.906511][    T9] usb 2-1: Using ep0 maxpacket: 8
[  680.914274][    T9] usb 2-1: New USB device found, idVendor=0424, idProduct=7800, bcdDevice=e9.41
[  680.940103][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  680.976855][    T9] usb 2-1: config 0 descriptor??
[  681.105314][T12492] vivid-000: disconnect
[  681.110933][T12492] vivid-000: reconnect
[  681.186027][T11618] usb 2-1: USB disconnect, device number 39
[  682.651332][T12516] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1648'.
[  682.663208][T12516] hub 6-0:1.0: USB hub found
[  682.667964][T12516] hub 6-0:1.0: 1 port detected
[  682.708780][T11618] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  682.783403][T10873] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  682.918568][T11618] usb 5-1: Using ep0 maxpacket: 16
[  682.937833][T11618] usb 5-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 7.79
[  682.954304][T11618] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  682.969639][T11618] usb 5-1: Product: syz
[  682.973453][T10873] usb 2-1: Using ep0 maxpacket: 8
[  682.987014][T10873] usb 2-1: unable to get BOS descriptor or descriptor too short
[  682.988432][T11618] usb 5-1: Manufacturer: syz
[  683.017469][T11618] usb 5-1: SerialNumber: syz
[  683.032352][T10873] usb 2-1: config 8 has an invalid interface number: 255 but max is 0
[  683.051969][T11618] usb 5-1: config 0 descriptor??
[  683.834642][T10873] usb 2-1: config 8 has no interface number 0
[  683.863021][T10873] usb 2-1: config 8 interface 255 has no altsetting 0
[  683.898424][T10873] usb 2-1: New USB device found, idVendor=0423, idProduct=000c, bcdDevice=2e.bf
[  683.917184][T10873] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  683.944421][T10873] usb 2-1: Product: syz
[  683.965020][T10873] usb 2-1: Manufacturer: syz
[  683.976449][ T5257] usb 3-1: new full-speed USB device number 42 using dummy_hcd
[  683.980786][T10873] usb 2-1: SerialNumber: syz
[  684.015360][T11618] usb 5-1: Cannot retrieve CPort count: 0
[  684.025392][T11618] usb 5-1: Cannot retrieve CPort count: -5
[  684.039961][T11618] es2_ap_driver 5-1:0.0: probe with driver es2_ap_driver failed with error -5
[  684.135948][ T5257] usb 3-1: device descriptor read/64, error -71
[  684.223727][    T9] usb 5-1: USB disconnect, device number 29
[  689.461164][ T1260] ieee802154 phy0 wpan0: encryption failed: -22
[  689.467532][ T1260] ieee802154 phy1 wpan1: encryption failed: -22
[  689.662842][ T5257] usb 3-1: new full-speed USB device number 43 using dummy_hcd
[  689.718200][T10873] eth%d: CATC EL1210A NetMate USB Ethernet at usb-dummy_hcd.1-1, 00:00:00:00:00:00.
[  689.818399][T10873] usb 2-1: USB disconnect, device number 40
[  691.548831][T12564] FAULT_INJECTION: forcing a failure.
[  691.548831][T12564] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  691.573877][T12564] CPU: 1 UID: 0 PID: 12564 Comm: syz.2.1662 Not tainted 6.11.0-rc4-syzkaller-00002-gb0da640826ba #0
[  691.584695][T12564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  691.594839][T12564] Call Trace:
[  691.598123][T12564]  <TASK>
[  691.601038][T12564]  dump_stack_lvl+0x241/0x360
[  691.605716][T12564]  ? __pfx_dump_stack_lvl+0x10/0x10
[  691.610930][T12564]  ? __pfx__printk+0x10/0x10
[  691.615516][T12564]  ? __pfx_lock_release+0x10/0x10
[  691.620543][T12564]  should_fail_ex+0x3b0/0x4e0
[  691.625210][T12564]  _copy_from_user+0x2f/0xe0
[  691.629789][T12564]  copy_msghdr_from_user+0xae/0x680
[  691.635000][T12564]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  691.640847][T12564]  __sys_sendmsg+0x23d/0x3a0
[  691.645459][T12564]  ? __pfx___sys_sendmsg+0x10/0x10
[  691.650582][T12564]  ? vfs_write+0x7c4/0xc90
[  691.655059][T12564]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  691.661408][T12564]  ? do_syscall_64+0x100/0x230
[  691.666192][T12564]  ? do_syscall_64+0xb6/0x230
[  691.670887][T12564]  do_syscall_64+0xf3/0x230
[  691.675392][T12564]  ? clear_bhb_loop+0x35/0x90
[  691.680080][T12564]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  691.685979][T12564] RIP: 0033:0x7f82f8979e79
[  691.690379][T12564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  691.709971][T12564] RSP: 002b:00007f82f9727038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  691.718370][T12564] RAX: ffffffffffffffda RBX: 00007f82f8b15f80 RCX: 00007f82f8979e79
[  691.726328][T12564] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004
[  691.734285][T12564] RBP: 00007f82f9727090 R08: 0000000000000000 R09: 0000000000000000
[  691.742249][T12564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  691.750230][T12564] R13: 0000000000000000 R14: 00007f82f8b15f80 R15: 00007fff6c66a968
[  691.758198][T12564]  </TASK>
[  691.761263][    C1] vkms_vblank_simulate: vblank timer overrun
[  691.947534][T12573] FAULT_INJECTION: forcing a failure.
[  691.947534][T12573] name failslab, interval 1, probability 0, space 0, times 0
[  691.965981][T12573] CPU: 1 UID: 0 PID: 12573 Comm: syz.2.1666 Not tainted 6.11.0-rc4-syzkaller-00002-gb0da640826ba #0
[  691.976768][T12573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  691.986819][T12573] Call Trace:
[  691.990085][T12573]  <TASK>
[  691.993011][T12573]  dump_stack_lvl+0x241/0x360
[  691.997680][T12573]  ? __pfx_dump_stack_lvl+0x10/0x10
[  692.002861][T12573]  ? __pfx__printk+0x10/0x10
[  692.007445][T12573]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  692.012891][T12573]  ? __pfx___might_resched+0x10/0x10
[  692.018167][T12573]  should_fail_ex+0x3b0/0x4e0
[  692.022833][T12573]  should_failslab+0xac/0x100
[  692.027496][T12573]  ? __xdp_reg_mem_model+0x1e3/0x620
[  692.032771][T12573]  __kmalloc_cache_noprof+0x6c/0x2c0
[  692.038042][T12573]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  692.044009][T12573]  __xdp_reg_mem_model+0x1e3/0x620
[  692.049132][T12573]  ? __pfx___xdp_reg_mem_model+0x10/0x10
[  692.054783][T12573]  ? page_pool_list+0x232/0x280
[  692.059630][T12573]  xdp_reg_mem_model+0x22/0x40
[  692.064410][T12573]  bpf_test_run_xdp_live+0x31e/0x2110
[  692.069778][T12573]  ? arch_stack_walk+0x16d/0x1b0
[  692.074720][T12573]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  692.080515][T12573]  ? mark_lock+0x9a/0x350
[  692.084854][T12573]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  692.090763][T12573]  ? __might_fault+0xaa/0x120
[  692.095447][T12573]  ? __might_fault+0xc6/0x120
[  692.100116][T12573]  ? _copy_from_user+0xa6/0xe0
[  692.104878][T12573]  ? bpf_test_init+0x15a/0x180
[  692.109633][T12573]  ? xdp_convert_md_to_buff+0x5b/0x330
[  692.115084][T12573]  bpf_prog_test_run_xdp+0x80e/0x11b0
[  692.120446][T12573]  ? __pfx_lock_release+0x10/0x10
[  692.125463][T12573]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  692.131253][T12573]  ? __fget_files+0x29/0x470
[  692.135848][T12573]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  692.141637][T12573]  bpf_prog_test_run+0x33a/0x3b0
[  692.146580][T12573]  __sys_bpf+0x48d/0x810
[  692.150850][T12573]  ? __pfx___sys_bpf+0x10/0x10
[  692.155604][T12573]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  692.161577][T12573]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  692.167903][T12573]  ? do_syscall_64+0x100/0x230
[  692.172656][T12573]  __x64_sys_bpf+0x7c/0x90
[  692.177057][T12573]  do_syscall_64+0xf3/0x230
[  692.181541][T12573]  ? clear_bhb_loop+0x35/0x90
[  692.186200][T12573]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  692.192076][T12573] RIP: 0033:0x7f82f8979e79
[  692.196474][T12573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  692.216103][T12573] RSP: 002b:00007f82f9727038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  692.224502][T12573] RAX: ffffffffffffffda RBX: 00007f82f8b15f80 RCX: 00007f82f8979e79
[  692.232455][T12573] RDX: 0000000000000050 RSI: 00000000200000c0 RDI: 000000000000000a
[  692.240405][T12573] RBP: 00007f82f9727090 R08: 0000000000000000 R09: 0000000000000000
[  692.248356][T12573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  692.256511][T12573] R13: 0000000000000000 R14: 00007f82f8b15f80 R15: 00007fff6c66a968
[  692.264514][T12573]  </TASK>
[  692.267652][    C1] vkms_vblank_simulate: vblank timer overrun
[  692.738580][T12589] syz.3.1669: attempt to access beyond end of device
[  692.738580][T12589] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0
[  693.253815][T12600] fuse: Unknown parameter 'group_id00000000000000000000'
[  795.414138][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  795.421112][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P12604/1:b..l
[  795.429617][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=55245, q=442 ncpus=2)
[  795.437339][    C0] task:syz.2.1674      state:R  running task     stack:25328 pid:12604 tgid:12603 ppid:10641  flags:0x00004002
[  795.450367][    C0] Call Trace:
[  795.453647][    C0]  <TASK>
[  795.456578][    C0]  __schedule+0x17ae/0x4a10
[  795.461098][    C0]  ? __lock_acquire+0x137a/0x2040
[  795.466146][    C0]  ? __pfx___schedule+0x10/0x10
[  795.471005][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  795.477000][    C0]  ? preempt_schedule_irq+0xf0/0x1c0
[  795.482277][    C0]  preempt_schedule_irq+0xfb/0x1c0
[  795.487375][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  795.493095][    C0]  irqentry_exit+0x5e/0x90
[  795.497493][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  795.503458][    C0] RIP: 0010:lock_acquire+0x264/0x550
[  795.508736][    C0] Code: 2b 00 74 08 4c 89 f7 e8 fa d6 87 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
[  795.528354][    C0] RSP: 0018:ffffc9000bdaf240 EFLAGS: 00000206
[  795.534411][    C0] RAX: 0000000000000001 RBX: 1ffff920017b5e54 RCX: cedc0630cf42ac00
[  795.542369][    C0] RDX: dffffc0000000000 RSI: ffffffff8beae6e0 RDI: ffffffff8c3f9980
[  795.550352][    C0] RBP: ffffc9000bdaf388 R08: ffffffff934f4847 R09: 1ffffffff269e908
[  795.558319][    C0] R10: dffffc0000000000 R11: fffffbfff269e909 R12: 1ffff920017b5e50
[  795.566296][    C0] R13: dffffc0000000000 R14: ffffc9000bdaf2a0 R15: 0000000000000246
[  795.574272][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  795.579287][    C0]  ? set_pte_range+0x3e5/0x750
[  795.584042][    C0]  ? __pfx_validate_chain+0x10/0x10
[  795.589231][    C0]  __pte_offset_map+0x9e/0x380
[  795.593985][    C0]  ? __pte_offset_map+0x82/0x380
[  795.598906][    C0]  ? mark_lock+0x9a/0x350
[  795.603221][    C0]  ? __pfx___pte_offset_map+0x10/0x10
[  795.608592][    C0]  ? __lock_acquire+0x137a/0x2040
[  795.613610][    C0]  pte_offset_map_nolock+0xad/0x1f0
[  795.618798][    C0]  ? __pfx_pte_offset_map_nolock+0x10/0x10
[  795.624597][    C0]  handle_pte_fault+0x1b2/0x6fc0
[  795.629559][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  795.634577][    C0]  ? __pfx_handle_pte_fault+0x10/0x10
[  795.639941][    C0]  ? follow_page_pte+0x29a/0x1ee0
[  795.644949][    C0]  ? follow_page_pte+0x83f/0x1ee0
[  795.649957][    C0]  ? __pfx_lock_release+0x10/0x10
[  795.654971][    C0]  ? count_memcg_event_mm+0x3c2/0x420
[  795.660350][    C0]  ? do_raw_spin_unlock+0x13c/0x8b0
[  795.665557][    C0]  ? folio_mark_accessed+0x6f6/0x11b0
[  795.670956][    C0]  handle_mm_fault+0xf70/0x1880
[  795.675842][    C0]  ? __pfx_handle_mm_fault+0x10/0x10
[  795.681134][    C0]  ? __pfx_find_vma+0x10/0x10
[  795.685799][    C0]  ? vma_is_secretmem+0xd/0x50
[  795.690576][    C0]  ? check_vma_flags+0x500/0x5a0
[  795.695502][    C0]  __get_user_pages+0x6ec/0x16a0
[  795.700437][    C0]  ? __pfx___get_user_pages+0x10/0x10
[  795.705804][    C0]  populate_vma_page_range+0x264/0x330
[  795.711253][    C0]  ? __pfx_populate_vma_page_range+0x10/0x10
[  795.717217][    C0]  ? userfaultfd_unmap_complete+0x30c/0x360
[  795.723121][    C0]  ? do_mmap+0x961/0x1010
[  795.727444][    C0]  __mm_populate+0x27a/0x460
[  795.732027][    C0]  ? __pfx___mm_populate+0x10/0x10
[  795.737131][    C0]  vm_mmap_pgoff+0x2c3/0x3d0
[  795.741712][    C0]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  795.746809][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  795.753124][    C0]  ? do_syscall_64+0x100/0x230
[  795.757884][    C0]  ? ksys_mmap_pgoff+0xdf/0x720
[  795.762739][    C0]  ? __x64_sys_mmap+0x7f/0x140
[  795.767493][    C0]  do_syscall_64+0xf3/0x230
[  795.771984][    C0]  ? clear_bhb_loop+0x35/0x90
[  795.776647][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  795.782525][    C0] RIP: 0033:0x7f82f8979e79
[  795.786925][    C0] RSP: 002b:00007f82f9727038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  795.795340][    C0] RAX: ffffffffffffffda RBX: 00007f82f8b15f80 RCX: 00007f82f8979e79
[  795.803308][    C0] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000000020000000
[  795.811282][    C0] RBP: 00007f82f89e7916 R08: ffffffffffffffff R09: 0000000000000000
[  795.819244][    C0] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000
[  795.827205][    C0] R13: 0000000000000000 R14: 00007f82f8b15f80 R15: 00007fff6c66a968
[  795.835184][    C0]  </TASK>
[  795.838186][    C0] rcu: rcu_preempt kthread starved for 10541 jiffies! g55245 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  795.849359][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  795.859320][    C0] rcu: RCU grace-period kthread stack dump:
[  795.865197][    C0] task:rcu_preempt     state:R  running task     stack:25816 pid:17    tgid:17    ppid:2      flags:0x00004000
[  795.876910][    C0] Call Trace:
[  795.880177][    C0]  <TASK>
[  795.883097][    C0]  __schedule+0x17ae/0x4a10
[  795.887600][    C0]  ? __pfx___schedule+0x10/0x10
[  795.892440][    C0]  ? __pfx_lock_release+0x10/0x10
[  795.897448][    C0]  ? __asan_memset+0x23/0x50
[  795.902026][    C0]  ? __pfx_lockdep_init_map_type+0x10/0x10
[  795.907816][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  795.914129][    C0]  ? schedule+0x90/0x320
[  795.918359][    C0]  schedule+0x14b/0x320
[  795.922506][    C0]  schedule_timeout+0x1be/0x310
[  795.927385][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  795.932742][    C0]  ? __pfx_process_timeout+0x10/0x10
[  795.938018][    C0]  ? prepare_to_swait_event+0x32e/0x350
[  795.943550][    C0]  rcu_gp_fqs_loop+0x2df/0x1330
[  795.948400][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[  795.953617][    C0]  ? __pfx_dyntick_save_progress_counter+0x10/0x10
[  795.960114][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  795.965390][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  795.971272][    C0]  ? finish_swait+0xd4/0x1e0
[  795.975852][    C0]  rcu_gp_kthread+0xa7/0x3b0
[  795.980428][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  795.985612][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  795.991512][    C0]  ? __kthread_parkme+0x169/0x1d0
[  795.996542][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  796.001764][    C0]  kthread+0x2f0/0x390
[  796.005830][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  796.011012][    C0]  ? __pfx_kthread+0x10/0x10
[  796.015589][    C0]  ret_from_fork+0x4b/0x80
[  796.019991][    C0]  ? __pfx_kthread+0x10/0x10
[  796.024566][    C0]  ret_from_fork_asm+0x1a/0x30
[  796.029325][    C0]  </TASK>
[  796.032327][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  796.038631][    C0] Sending NMI from CPU 0 to CPUs 1:
[  796.043843][    C1] NMI backtrace for cpu 1 skipped: idling at acpi_safe_halt+0x21/0x30