last executing test programs:

7.319815665s ago: executing program 3 (id=62):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$IP6T_SO_GET_INFO(r2, 0x29, 0x40, &(0x7f0000000240)={'raw\x00', 0x0, [0x684, 0x8, 0x8, 0x6, 0x3]}, &(0x7f0000000300)=0x54)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x34, 0x3f, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x10, 0x2, 0x0, 0x1, [@nested={0xc, 0x14, 0x0, 0x1, [@typed={0x8, 0xd, 0x0, 0x0, @u32=0x4}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x7)
ioctl$TCSETS(r0, 0x8925, &(0x7f00000001c0)={0xd729, 0x6, 0x2c18, 0x7, 0x5, "f5103746453df8814a84c60a2e83314ef0bfb6"})
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f00000007c0)={0x28, 0x7, r4, 0x0, &(0x7f0000ff8000/0x8000)=nil, 0x8000, 0x757c})
ioctl$IOMMU_IOAS_MAP(r3, 0x3b85, &(0x7f0000000100)={0x28, 0x6, r4, 0x0, &(0x7f0000000200)='~', 0x1, 0x9})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000040)={0x28, 0x2, r4, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xffff})
ioctl$IOMMU_IOAS_MAP(r3, 0x3b85, &(0x7f00000000c0)={0x28, 0x2, r4, 0x0, &(0x7f00000002c0)="0022f4", 0x3, 0x9ff})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r4, 0x0, &(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xfffffffffffffff8})

7.166931419s ago: executing program 3 (id=63):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000002c0), &(0x7f0000000340)=0x4)
write$UHID_CREATE(0xffffffffffffffff, &(0x7f00000004c0)={0x0, {'syz1\x00', 'syz0\x00', 'syz0\x00', &(0x7f00000000c0)=""/31, 0x72, 0xf6, 0x5f, 0x1}}, 0x120)
read(r0, &(0x7f00000003c0)=""/195, 0xc3)
write$UHID_DESTROY(r0, &(0x7f0000000080), 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="1800000024000103000000000000000001"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r4, &(0x7f00000006c0)=[{{0x0, 0x0, &(0x7f0000002e40)=[{&(0x7f0000000040)=""/37, 0x25}], 0x1}, 0xd}], 0x1, 0x10000, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)=ANY=[@ANYBLOB='\a\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r5, @ANYBLOB], 0x28}, 0x1, 0x6c00}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x0, 0x24, &(0x7f0000004200)=ANY=[@ANYBLOB="12010000e2792f10d10501200002000000010902120001000000000904"], 0x0)
r7 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x404000, 0x0)
read$nci(r7, &(0x7f0000000100)=""/107, 0x6b)
write$nci(r7, &(0x7f0000000100)=ANY=[], 0x4)
write$P9_RLERRORu(r7, 0x0, 0xe)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
r9 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$inet_IP_XFRM_POLICY(r9, 0x0, 0x50, 0x0, &(0x7f0000000080))
r10 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
sendmmsg$inet(r10, &(0x7f00000073c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00222200000096231306e53f070c0000002ad001"], 0x0}, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cgroup.controllers\x00', 0x300, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r11, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="18000000760001"], 0x1c}], 0x1, 0x0, 0x0, 0x4004000}, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0100000000000000000005dc000400000000000800020020000000080005007180bbda0500060008008110a6bfdb43f6c97a374d38134aa00000"], 0x38}, 0x1, 0x0, 0x0, 0x4004800}, 0x0)

5.239736618s ago: executing program 1 (id=68):
r0 = syz_open_dev$video(&(0x7f00000001c0), 0xa7, 0x0)
ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000080)={0x1, @pix_mp={0x8000, 0x1, 0x50323234, 0x3, 0x8, [{0x3, 0x10001}, {0x54, 0x8}, {0x6, 0x7}, {0x2, 0x3}, {0x11, 0x5}, {0x2, 0x10000}, {0x5, 0x400}, {0xc, 0x3000000}], 0xd, 0x7, 0x8, 0x1, 0x7}})
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="240000001000010700000000000000000a000000060001001400000008000a"], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x4000000)
r2 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
execveat(r2, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r3 = fsopen(&(0x7f0000000040)='nilfs2\x00', 0x1)
setxattr$trusted_overlay_upper(&(0x7f00000006c0)='./file0\x00', &(0x7f0000001d00), &(0x7f0000003a40)=ANY=[@ANYRES16=r3], 0x1015, 0x3)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0x1)
fchdir(r2)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000100))
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r5)
sendmsg$NFC_CMD_GET_SE(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6, 0x325, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x10)
r7 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_REWIND(r7, 0x40084146, &(0x7f0000000400)=0x934)
write$snddsp(r7, &(0x7f0000000200), 0x0)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r7, 0x4144, 0x0)
mount(&(0x7f0000000240)=@sr0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='msdos\x00', 0x180008, &(0x7f00000003c0)='.-(+]:(\x84X-/\x00')
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

5.158566694s ago: executing program 1 (id=69):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
mmap(&(0x7f000000c000/0x3000)=nil, 0x3000, 0x2000001, 0x10, r0, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r1, &(0x7f0000000440)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x4, {0xa, 0x4e24, 0x6e1, @mcast2, 0xc}}}, 0x32)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x3b, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x303, 0x3a}, "c4d65ab71f5ef2fe", "9e8ecc7bb5352776725e104757e7dc25c6519a85ef828f711330ff2bb17b5508", "dc5db43f"}, 0x38)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r7)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000440)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_ADD_TX_TS(r7, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="010026bd7000fedbdf256900000008000300", @ANYRES32=r9, @ANYBLOB="c5c13834175e281a2a326efa50d4893393c18356a980e7e5c9439fd839c677f807004fe1e6bdcad992952a0425b2d9ae069423909e17ade63b9d65a2c9171ef6103acf7b499296273c482e4ee4d96211a0ceeaca5c1d27fa8250b19d6439e68c2c6644df56aced1eb9978099f930341426a61abf9525dae426272530ff565c377e8e"], 0x1c}, 0x1, 0x0, 0x0, 0x20000040}, 0x20000044)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_NOACK_MAP(r5, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r8, @ANYRESHEX=r6, @ANYRES32=r10, @ANYBLOB="060095000100000006009500018000000600950003000000"], 0x34}, 0x1, 0x0, 0x0, 0x24004044}, 0x80)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r11 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r11, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
statx(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x100, 0x800, 0x0)
read$FUSE(r11, &(0x7f0000006380)={0x2020}, 0x2020)
r12 = socket(0x10, 0x803, 0x0)
sendmsg$nl_xfrm(r12, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="400000001e00010026bc0000000000000000000000000000000004"], 0x40}}, 0x90)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r5)

4.62573904s ago: executing program 2 (id=74):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async)
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0xde, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xc0, 0x5, [{{0x9, 0x4, 0x0, 0x0, 0x81, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x28, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x2, 0xa, 0x11}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x7, {[@global=@item_012={0x1, 0x1, 0x8, "1f"}, @main=@item_012={0x2, 0x0, 0x8, 'Q;'}, @local=@item_012={0x1, 0x2, 0x5, "94"}]}}, 0x0}, 0x0) (async)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000c, 0x3032, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x3, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x31, 0x68, 0xda, 0x20, 0x421, 0x3e27, 0xe288, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x2b, 0x2, 0x0, 0x2, 0xfe, 0xa1}}]}}]}}, 0x0)

4.225253619s ago: executing program 1 (id=76):
pipe2(&(0x7f0000001cc0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@uname={'uname', 0x3d, '\xd0\xae\xde\xc1\xaa \xff\xd8\x1d\x1b\xf8\x93)!|\xb0X\xa3\x96\xed\xa2\xab@\xa2m\x93\xdd\b<\x00t\xdc\xabl\xab!\xae\x16\xc4\xcd\xf9{\xdc5_;A\xd2{eC\x014\\\xb3\xc4\xce\xc3yS2-\x01\xbe\xaarW\x96O\xd3\x0f\xe2\xd7/\x17\x1d\xa7.8\x9f8-\xea<\x8d\x91\x90j\xea\xd5\xd5\xae\xcc\xc0\x97\xef\x10\x92\xea\x98|+\x00\x00\x00\x00\x00\x00\x00\x00'}}]}}) (fail_nth: 2)

4.078165259s ago: executing program 1 (id=77):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000600)={0x44, &(0x7f0000000100)=ANY=[@ANYBLOB="401724"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BLKBSZSET(0xffffffffffffffff, 0x40081271, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000780)={0x18, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000140)=ANY=[@ANYBLOB="201101000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, &(0x7f0000000340)={0x14, &(0x7f0000000240)={0x20, 0x6, 0x67, {0x67, 0x30, "ecb66747153a2d55fedd0051fe038c986d080000005e4ddf88bf5cf90f5d400c2f53bdc0035a7e7c080000922355301d7070dd449a40e716fc8b8c681c64a9780f695e77500b13f37c63232c2d28bb827cafd6697932731cd6198d6e35d8d9b59896087f38"}}, &(0x7f00000002c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x340a}}}, &(0x7f0000000740)={0x34, &(0x7f0000000380)={0x0, 0x6, 0x1d, "f9075a75d5140c282421827daee53fc871b89981e69bff431ecc956a8e"}, &(0x7f00000003c0)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000400)={0x0, 0x8, 0x1, 0xfd}, &(0x7f0000000440)={0xc0, 0xa1, 0x4, 0x6}, &(0x7f0000000480)={0x40, 0xa0, 0x4, 0x2}, &(0x7f00000004c0)={0xc0, 0xa2, 0x2f, "7ff578a19bfb688b1e18d2572d4495736373f5d10d1209ebabb8564294403fbfbaf64100c7b2bfd2818edf5e548de8"}})

3.99227402s ago: executing program 3 (id=78):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xfffffff4}}, 0x0)
sendmsg$key(r1, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[], 0x70}}, 0x0)
sendmmsg(r0, &(0x7f0000000080), 0x0, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x24040, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$TIOCSWINSZ(r3, 0x540b, &(0x7f0000000000))
epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r3)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f00000002c0)={0x48, 0x6, 0xffffffffffffffff, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff7b})
ioctl$sock_ifreq(r1, 0x8919, &(0x7f0000000000)={'veth0\x00', @ifru_mtu})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
fsopen(&(0x7f0000000180)='ramfs\x00', 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000040)={0x4, 0x5}, 0x0)
timerfd_create(0x0, 0x0)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r4)
r6 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r6, 0x0, 0x0)
syz_usb_control_io(r6, 0x0, &(0x7f0000000980)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB="200556010000b0"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$IEEE802154_START_REQ(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x24, r5, 0x1, 0x70bd31, 0x25dfdbfb, {}, [@IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x2}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa2}]}, 0x24}, 0x1, 0x0, 0x0, 0x18800}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x4)
write(r7, &(0x7f00000000c0)="29000000140005b7ff000051915f95eb01010003a606a40e07fff024bb000000000000000040000000", 0x29)
r8 = dup(r7)
read$char_usb(r8, &(0x7f0000000080)=""/139, 0xfdef)
ioctl$SNDCTL_SYNTH_INFO(r8, 0xc08c5102, &(0x7f0000000380)={"88e0f1e8bf20175037fc3c01f75ec954d81b3151d9b2d092edc7f80f70df", 0x10000, 0x2, 0x1, 0x9, 0x0, 0x3, 0xffff1665, 0x1, [0x0, 0x100, 0x8, 0x7, 0x7f, 0x7, 0x8000, 0x7f, 0xfffffffd, 0x8, 0x86b, 0x7, 0xfffffff2, 0x6, 0xb, 0x9, 0xd0, 0x7, 0x3]})
r9 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r9, 0x107, 0x12, &(0x7f0000000000), 0x8)
r10 = socket$packet(0x11, 0x2, 0x300)
bind$packet(r10, &(0x7f0000000140)={0x11, 0xd, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14)

3.446078028s ago: executing program 2 (id=80):
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0x4000, 0x0, 0xa, 0x0, 0xa, 0xfc, 0x0, 0x0, 0xfc, 0xfe, 0x0, 0x1}, {0x5000, 0x8000000, 0x3, 0x1, 0x40, 0x3, 0x4, 0x9, 0x0, 0x0, 0x0, 0x42}, {0x3000, 0xeeef0000, 0x0, 0x8, 0x0, 0x80, 0xb, 0xf, 0x4, 0xe, 0x84, 0x3}, {0x100000, 0x0, 0x0, 0x0, 0x1, 0x3, 0xff}, {0x11000, 0xd000, 0xc, 0x0, 0x0, 0x80, 0x94, 0x0, 0x2, 0x0, 0x1a}, {0xd000, 0x8000000, 0xe, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x20, 0x0, 0x84, 0x2}, {0x8080000, 0x80a0000, 0x4, 0xf0, 0x0, 0xde, 0xfd, 0x6, 0x1, 0x0, 0x20}, {0x1, 0x10000, 0x4, 0xf9, 0x0, 0x70, 0x4, 0xc, 0x0, 0x2f, 0x20, 0x40}, {0x6000, 0x4fe8}, {0x8080000, 0xfffe}, 0x0, 0x0, 0xdddd1000, 0x0, 0xb, 0x0, 0x900, [0x5, 0x8, 0x0, 0x3fffffffffff]})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x2, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x7, 0x2, 0x2, r2, 0xb})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x2, 0x5, 0x0, 0x4002004c5, 0x1000, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2], 0x8080000, 0x1144})
ioctl$KVM_RUN(r3, 0xae80, 0x0) (fail_nth: 6)

3.199434409s ago: executing program 3 (id=81):
r0 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f00000001c0)={0x0, 0x1, 0x5, 0xffffffffffffffff, 0x0, &(0x7f0000000240)={0x4fceeeaa7ddace38, 0x0, '\x00', @string=&(0x7f0000000300)=0x4}})
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f00000009c0)="12", 0x1}], 0x1, 0x2, 0x1, 0x0)
r1 = socket(0x1d, 0x2, 0x6)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00006ca000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x10000)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
r3 = userfaultfd(0x80000)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000400)={{&(0x7f00007a7000/0x4000)=nil, 0x4000}, 0xb})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r4=>0x0})
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000180)=0xa, 0x4)
socket$unix(0x1, 0x5, 0x0)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r6=>0x0})
connect$can_bcm(r5, &(0x7f00000000c0)={0x1d, r6}, 0x10)
sendmsg$can_bcm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[], 0x20000600}, 0x1, 0x0, 0x0, 0x4000}, 0x4)
bind$can_j1939(r1, &(0x7f0000000380)={0x1d, r4, 0x1, {0x0, 0x0, 0x3}, 0xff}, 0x18)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4801}, 0x20044810)
r7 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_IFINDEX(r7, 0x113, 0x9, 0x0, &(0x7f0000000740))
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$EXT4_IOC_SETFSUUID(r7, 0x4008662c, &(0x7f0000000140)={0x10, 0x0, "8e3c8b54b42cd92efdaa0e07f8e011f5"})
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x10000000, 0x0, 0x4})
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_NET_SET(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000a00)=ANY=[@ANYBLOB="f2142ab5f0af551396cd6bcf23c8ce4bcc416d49ef8a9bc27a991c0ce83ff73151518690d423b44669f9900fea920986f131a6a3fff094bb38961d72800fe414fdaac80772f6dfc6dc8103ceeb682dd4a64a1fd6aa0c69d9748367b027f98b6a4b46c1a3fae978a7c06e5a69a53e505d86ca3b9b1bf1fa731663d358f2b3f75f476764d3fee8b1caf630742c5c698e45425ff6902eb4e8369c1fd44a800eb37cc179a6f1a634c28a2920fdc9a48daf472c6b09275a7b1279a2b7fc38c1a5d3b8d5c61d3bc9220ec5a2648688905c7d1ec11824677aac6658dbc4e826e0ae2b1337b96d28e04f71fea9c699595870", @ANYBLOB="64e6afca3e05bfa47bf80a903e55365b71197c1bd24c42fdf0b37805cb0833e7a5bdf205f183fe02b67eb6b07397874a788b227590bd8f5c3583bad1ab54e85063b6740196e609ddf1511d0b5a57828bc79485b320548e7f3d81253d1034897c03b0ae21067cedf27d0240a65d1cf135e9cbce162f601d6514f703c9f1d64088d8b4ba89a24622d1502670e4232c43603c0f3fd43ecf7abe90fa1c2534d62a35fd7f626a93f34afe76a77a5a9fa0c4c9662f7de3f128ea", @ANYBLOB="010080000000fedbf3250f000000"], 0x14}, 0x1, 0x0, 0x0, 0x2805}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00cbf4fbfff3e1c4ee00020900010073797a310000000028000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000111f01f9a8122209a8bb5da1a4d9b4bd4c7adcc5604510e03a361ccc991a1e7197422d76fba5495a521b91387dc87aa06a034c974e3ef9f5b09b10335d927b03d782536a0f6663794676a0c940db7a70500f254eca4a49158f1c75d9c8b7f8d5d4891e248fcf683c72529a73f9758cea1a13bef6d74b226c13d3e0f057dd61a63db141c1827a812cee2006ba0ca0c2655918ea85842fb08dbe27fa411e0f95fcdd631605000000111ed4d03e7abe88ac687267b9e04764c95a68b83f33668f379ca6df17c8e42e29e7d94db1b2e87bfe7ff1339f122a27c30ad718ee0f3099d16d3dc25331e584715e01148cff91d980f5f631b974cb59d6f70b4469b88f66e754a0a949f69b031bcaedf0147651ffe5e5ccaa6896f3c55e335cbb332740945ca070391f75f8266f444f3444998a8e04b6db554679d2a3b7a3f75fca"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

2.961027521s ago: executing program 0 (id=82):
pipe2(&(0x7f0000001cc0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@uname={'uname', 0x3d, '\xd0\xae\xde\xc1\xaa \xff\xd8\x1d\x1b\xf8\x93)!|\xb0X\xa3\x96\xed\xa2\xab@\xa2m\x93\xdd\b<\x00t\xdc\xabl\xab!\xae\x16\xc4\xcd\xf9{\xdc5_;A\xd2{eC\x014\\\xb3\xc4\xce\xc3yS2-\x01\xbe\xaarW\x96O\xd3\x0f\xe2\xd7/\x17\x1d\xa7.8\x9f8-\xea<\x8d\x91\x90j\xea\xd5\xd5\xae\xcc\xc0\x97\xef\x10\x92\xea\x98|+\x00\x00\x00\x00\x00\x00\x00\x00'}}]}})

2.117379161s ago: executing program 3 (id=83):
mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0)
r0 = syz_open_dev$evdev(&(0x7f000001fa80), 0x0, 0x101440)
ioctl$EVIOCSCLOCKID(r0, 0x40084504, &(0x7f0000ffcffc)=0x2ff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5})
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
r3 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x4, 0x22ed42)
ioctl$SNDRV_PCM_IOCTL_INFO(r3, 0x81204101, &(0x7f0000000280))
r4 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r5, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000440)={r6, 0x0, 0x0, 0x0, 0x0, [], [0x7, 0x0, 0x0, 0x80], [0x2000000]})
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000200)={r6})
close_range(r2, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
syz_usb_connect$uac1(0x0, 0xb1, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029f0003010000000904000000010100000a24010000000201020d24060000030800000031ce21c798329740594c137d0000000c24020201010608000010000c2402000000030000000000092406000601000000092403000000000500092406050001", @ANYBLOB="8528c6"], 0x0)
close(r1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0))

2.038235611s ago: executing program 0 (id=84):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x2009)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xf, &(0x7f0000000040), 0x4}, 0x4000000)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.current\x00', 0x26e1, 0x0)
close(r2)
socket$kcm(0x10, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8b32, &(0x7f0000000000)={'wlan0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b0f, &(0x7f0000000000)={'wlan1\x00'})
r3 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
sendmsg$inet(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002a80)=[{&(0x7f00000001c0)='{', 0x1}], 0x1}, 0x8000)
r4 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000180)={<r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000200)='R', 0x1}], 0x1}, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000300)="b8", 0x1}], 0x1, 0x0, 0x0, 0x10000000}, 0x0)
syz_usb_connect(0x5, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0})
connect$phonet_pipe(0xffffffffffffffff, &(0x7f0000000200)={0x23, 0x20, 0x8, 0x9}, 0x10)
pipe(&(0x7f00000000c0)={<r6=>0xffffffffffffffff})
sendto$inet(r6, &(0x7f0000000140)="8ed4e1", 0x3, 0x8000000, &(0x7f0000000180)={0x2, 0x4e24, @broadcast}, 0x10)
r7 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
sendmsg$AUDIT_USER_TTY(0xffffffffffffffff, 0x0, 0x20040841)
ioctl$I2C_RDWR(r7, 0x707, &(0x7f0000000080)={&(0x7f00000001c0)=[{0x1, 0xb210, 0x0, 0x0}, {0x9, 0xa200, 0x0, 0x0}], 0x2})
setsockopt$kcm_KCM_RECV_DISABLE(r4, 0x119, 0x1, &(0x7f0000000240)=0x3ffc0000, 0x4)

1.885691625s ago: executing program 2 (id=85):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10, 0x0}, 0x300060c1)
sendmsg(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000500)='%', 0x1}], 0x1}, 0x10000000)

1.80515901s ago: executing program 2 (id=86):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f0000000080)=0x1, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r1=>0x0})
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2}}, 0x2e)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
r5 = inotify_init1(0x800)
r6 = fcntl$dupfd(r4, 0x406, r5)
connect$pppl2tp(r6, &(0x7f0000000340)=@pppol2tpv3in6={0x18, 0x1, {0x0, r6, 0x2, 0x2, 0x4, 0x3, {0xa, 0x4e22, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}, 0x2b9d}}}, 0x3a)
setsockopt$inet_mtu(r6, 0x111, 0xa, &(0x7f0000000000)=0x3, 0x4)
socket$packet(0x11, 0x3, 0x300)
bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1, 0x0, {0x0, 0x1}}, 0x18)
connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1, 0x0, {0x1, 0x0, 0x1}, 0x1}, 0x18)
sendmmsg(r0, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180))
fdatasync(r7)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000040)={'vxcan1\x00', @remote})
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_DELETE(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="500000000202010400000000000000000a0000003c0002800c00028005000100000000002c0001"], 0x50}}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8a, 0x61, 0x6a, 0x8, 0xc98, 0x1140, 0xf021, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x4e, 0x0, 0x0, 0x3, 0x9a, 0x3e, 0xc}}]}}]}}, 0x0)

1.390076329s ago: executing program 0 (id=87):
pipe2(&(0x7f0000001cc0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
r2 = socket$inet(0x2, 0x3, 0x4)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=@migrate={0xbc, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in=@loopback, @in=@private=0xa010100, @in=@private=0xa010100, @in=@rand_addr=0x64010100, 0x3c, 0x0, 0x0, 0x0, 0xa, 0x2}]}, @encap={0x1c, 0x4, {0xfffffffffffffffe, 0x4e24, 0x4e23, @in6=@private1}}]}, 0xbc}}, 0x0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000080)='ip6_vti0\x00', 0x10)
sendmmsg$inet(r2, &(0x7f0000000600)=[{{&(0x7f0000000380)={0x2, 0x4e01, @local}, 0x10, 0x0, 0x0, &(0x7f0000000040)=[@ip_retopts={{0x20, 0x0, 0x7, {[@rr={0x7, 0xf, 0x4, [@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @broadcast]}]}}}], 0x20}}], 0x1, 0x46000)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="24776664f81b233b2d6e04aaa880fbe2702328831a98b79dac807af7bf0cb81de23215470959d6db2533ea32b6846b7ac25ce4bbb5ec7246a19f287521c7f852d6b82b141c2d609b2fcc17355cb63b6fc139b6b2badd7acbbd20fd1b69abc59b9c9f44856e2969d68493b2784ebfbad4d489cfb4ec7564bbe023c49956752bfe9df98aed0a53bebcb5", @ANYRESHEX=r1, @ANYBLOB="2c756e616d653dd0aedec1aa20ffd81d1bf89329217cb058a396eda2ab40a26d93dd083c0074dcab6cab21ae16c4cdf97bdc355f3b41d27b654301345cb3c4cec37953322d01beaa7257964fd30fe2d72f171da72e389f382dea3c8d91906aead5d5aeccc097ef1092ea987c2b00000000000000002c00"])

1.372796063s ago: executing program 0 (id=88):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10)
sendmmsg$inet(r1, &(0x7f0000002300)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x31}}, 0x10, 0x0}}], 0x1, 0x2000c000)
setsockopt$inet_tcp_TLS_TX(r1, 0x6, 0x25, &(0x7f0000000140)=@gcm_128={{0xcf05a145b37f58f3}, "2034b251822b3a46", "fa6b72def4acb1a6c86918c638857983", "34b3adec", "6745ac421772258f"}, 0x28)
sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10, 0x0}, 0x300060c1)
sendmsg(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000500)='%', 0x1}], 0x1}, 0x10000000)

1.240985531s ago: executing program 0 (id=89):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0x19, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000100)={0x28, 0x7, r1, 0x0, &(0x7f0000ff0000/0x10000)=nil, 0x10000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x5, r1, 0x0, <r2=>0xffffffffffffffff})
ioctl$IOMMU_TEST_OP_ACCESS_RW(r0, 0x3ba0, &(0x7f0000000400)={0x48, 0x8, r2, 0x0, 0x0, 0xffca, &(0x7f0000000040)='?', 0x5})

983.11616ms ago: executing program 0 (id=90):
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000680), 0x2, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000100)={0x2, 0xe})
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r0, 0x4020565b, &(0x7f00000000c0)={0x2})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xf2, 0x30, 0x39, 0x20, 0x2c42, 0x1202, 0x8540, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xc, 0x2, 0x2, 0xc1, 0x7f, 0xc, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
r2 = open$dir(&(0x7f0000000000)='./file0\x00', 0x300c0, 0x46)
open_tree(r2, &(0x7f0000000040)='./file0\x00', 0x0)

536.487992ms ago: executing program 1 (id=91):
r0 = socket$netlink(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
sendmsg$netlink(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000120021030000000000bc61682a00968008001d001d"], 0x1c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f00000077c0)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000002040)=""/4096, 0x1000}], 0x0, 0x0, 0xfffffe2a}}, {{0x0, 0x0, 0x0}}], 0x400000000000059, 0x2040, 0x0) (fail_nth: 10)

106.085ms ago: executing program 2 (id=92):
r0 = syz_open_procfs$userns(0x0, &(0x7f00000001c0))
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000100)={0x3, &(0x7f00000000c0)=[{0xc00, 0x56, 0x9, 0x800000}, {0x7c5, 0xff, 0x0, 0x9}, {0x7, 0x93, 0x10, 0x2}]})
open_by_handle_at(r0, &(0x7f0000000000)=@ceph_nfs_confh={0x10, 0xf1, {0x5, 0x10000000}}, 0x400040)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x12, r2, 0x0)
ioctl$SG_BLKTRACESTOP(r2, 0x1275, 0x0)
r3 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x80044941, 0x0)
ioctl$F2FS_IOC_COMPRESS_FILE(r0, 0xf518, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000040)={0x5, <r4=>r1, 0x2})
ioctl$EVIOCGLED(r4, 0x80404519, &(0x7f0000000200)=""/98)

105.862489ms ago: executing program 1 (id=93):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = socket(0xa, 0x5, 0x0)
setsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x83, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

24.268109ms ago: executing program 3 (id=94):
r0 = syz_open_procfs$userns(0x0, &(0x7f00000001c0))
open_by_handle_at(r0, &(0x7f0000000000)=@ceph_nfs_confh={0x10, 0xf1, {0x1002, 0x10000000}}, 0x400040)

0s ago: executing program 2 (id=95):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000001440)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0xa}})
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r2, 0x1000)
getsockopt$inet6_mptcp_buf(r2, 0x11c, 0x2, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x61637876)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff000000000000000458000b480400945f64009400050038925a01000000000000008004000000ff", 0x3d}], 0x1)
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r3, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000240)={'gre0\x00', <r6=>0x0})
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000140)=0x8, 0x4)
sendto$packet(r5, &(0x7f0000000340)="05030006e8fe091c6202a0ffffffff006003000000007f141434e3177f43055762cb80948864113b022543424aa608", 0xfef2, 0x0, &(0x7f0000000a80)={0x11, 0x88a8, r6, 0x1, 0x0, 0x6, @multicast}, 0x14)
sendto$packet(r4, &(0x7f0000000440)="1df1b43c99c11d021b4b0233302df5d3e3babdd02abc52a1bb65d50484e516f8529c11c7b7eadd4c66ed54a772fae6ee6b60db7043b3cff3d1080f9494b06cd3b2425cd96acad4ed347f6619f1c14c71fdc7035b5b9e554eac80a6b66cc5bdcdfefd6c796ec9327e5f905647405a6d9bcdc81e6a03861838e2483acacaaf74be0fc33fba2935ebf00066a6f98dac5876c7ec2e6d74419a5b4febb3f30a3c9ab2520613ad3796ddb020f23d54d8b3037031242757d39ea9dc9e287393b6fc990693c52332970e12b4a7e26d2377932a52cb1ff09c69fa1e1d249d78376ee97816a31d834fa2c5a8b432bdce6e5576ad7f0dff33a2c7513e18d930cb5afc6ae2ee9ea0b9711af65353e39092a1c748ea73ad4f5df985fa24a3af6577f283662c633f20e0de1987a31773db91a7986a6db630ec2ebe1623d2287d883e6d76eafb04efb0bed270230e8f6463e60f6967720af2e43209d777636de33548e7c7c7b3fd93d0e990bc350652cc677691901dfcf5e7dc99e5e3cabda41b8bacd9fa8404decc31c3908e42908d92b6d947ff329866face99b4daa8e524c9d909b0de54038a54852d9ccd4f1b8a3d86957f222621dbf76074291517dba8d4e4bce89f42dea6c63fdc638e7a57cdaff25cc4acb30e02ddc96b25195da544ce508f3d47a024a6dc301f888caeb2da391bf6c7e6a4bc84bf57aaaadf8a2905cebb447f183c61bc6efb9eefb36148db88971012f0c77c9ba4e9c198077a6a78f18b88ea80f043b730f5be95245a7308d72f793df349e403641f8509f47950f538ddd9f803f9e5d9ccb8021f6d478195f94cafb4280762d55012caa3d17ee5fb53fc7ddfac2c6d90fca621cccbf47a7eb9e5697814bd9a97b850a0144d0fd7c1b7a26cfa76a7154e92f9a450cfc11624926f321fd3e172703fa7a106445d356195a14a6df76c054ba956a8037fae9519a330f2fa712bc5005157e0893a229dc80ae43c0144dff420d863dae3f347953b382b2bfc430dddac6fe5a9dfeaa6b23a16e9bc267421721dc61c83945a054ea6ab744a1ceaa017eb920a9e93c9260902c6ec0f010381570e8ad204e241bd3a4af70b101d331bac92e19653718d5c3de603fb2ac60f89cd1060c71b58a61a2e115a5faf007eaa430ed62191278f427798a55067e8276b608820e76e28ce9d2d83b3064b2e6fb079f3d9005aca71ac605bc6c4a7ac1f0af600760a83e49924d2c98be59d4528979f1bdf5a9fa6c7ef9829e431d8eddf4021dab7982fb99cf0264a9d49490464e45d453bc0b8ba73a1ea94add1dca90acee66220fd7a112952ed9ac57cb1b4d46a76f72fdb607f7be21c794fec17bac1252959d03be89dbf41756a308075cd1e41d5dbfd7148beaeb1ecb1c6e504258147eba9dd327537217a3445f0f030bc590d886dec5fd15d3d4029177fb4242970ed2a6b70c0a76be3e5b047895b6c3227255c4e6ffffc1afa1c650f2eb4f3af5f11c273d1bdf9e1ece42aecd85fc0d67a1e8baad9ccec35b64c5ffc62e99cf7a0a2501f3ff5aa1dd6421cb1b39c174d8ce3ef1fdfcb924eb2f8a2fb3ef886646ad06de7ef77ef0e2bb987e8f2d6d797739ba69aea37a28b5f039dc45414d01d366b4ed0109eefc3013af76f585e6ecc36c34386f93ca12432ece65e2876414cfd4abd2afe3ee02502f537e3e15c8605b06da33674eba04b900f4d4197435c5ee042fa739e51a72b73f561d65eb9642c785bbce1a9715035ac96022c0c9c7bec74349067d4a2c2187fc5d57f20f905d807f3b72b517f38ba9557dccae63b5d28285e5831c49463500cd359cc4872ae965536ee7cc25049e18e80adbb2bc55db1121b4635b24ae3ef6290579e3a59b136bc3cbe31587b9de4889f1e41d6958634f7ec3c51c75d60473a04f20a70ac068797b78ee32add897444df44e39ec39e1bcee3f27af2e4aed30bed439a064e15b98017634e7d42e97d6b69a08be31d9de72041ac0761068f49a68d14f72304144ec8797a24f2a2c67f0679d29dbfc0469637964c646e676470c1606f9a6573a5b0fd763d972b590851d16250fda88808a50fa66d1a41f8d0397063d8d926348884f57f5ddacd3ef86f1a0b1e450737a6446c9935747ad92aec26d2e1a07655a0dfd0d27acc288c5c35b9695a8250fda210a6ed56d828cb91620d83f2a14698ef32929f56880c2414de32294ca9b8602c6fbc7e8fbfb7aaee092303eade3ca1937cf3e7f744a6fa0892a04f411e843f7f327ea8e69c63ceb2be5ebce40f310751df41805928b198bb9e87631c72be95d67774c123fea3d1496d59f527cd3f0af5c5402a31617aefffa8f071fc714efafd75cb428a340c7724d562965679eba3f41705aceb86d34e3b4595058a76e1c0fbb5f11899ba1a9cc09cc1232b863ad70dd37a27b62b3000b61769645cae92ebd710816a5d2d0e1b67340b594a43d3801f7c41b6415851e3832f3d0d272deef652bef044506e78bc01f9a9127b77a37603dd08af1f2eb11cfd5dd90d310917b8a29e2a8efd780b09b25e2bf04d3bdfd702527d4a24cac4c91722715ac489e4a3f6cf758c12f5d9b44f87d394ffab621d8ca5cb795f393008e09a9f2630f77ab78d07b0844fcbe66813885776cf62178917862636d3381c9c8848163b86cb4a8f2f7a3e9ab11ebd14e8c771e13064e46c2c2bad633ee64fedb3d8ed07b053939cbc07e1875fe4ac5edf6139470f36caff31bab28974e2b0a95bad7580d72c0e71d8ec0441feb3e33495754a880ffb23e747926d7ffcc398a410057c0606c949d8f2dbb66ca2a910ded4c104acfe62fca8a55727e4b9db6ff798d39eabe52d61706740bdedbda35ee12c29bd51054b3102451a386b6942113f3c07737cb03b37e90c3a7454148d96168cbfbe49a7977dbc689f14682528d1135b84c07cedf5c3e77c12f9eb6565c2950288854a34ebbe6d28ec4fd267e033d1236a93f2d906e20862f83e00eeda125bf4066d81c6a74d1a975eda2a517858429eccf2b2f9205fb99abe737c0ffc04adfe95cb09dccd6339c1c1199523bd42d1f31bf0be8ae9c511dce9a93d22f5913df6d6dcd8e5ecf42719afefd8cb06deb4f080b17a6694754932af639926d8b06268ba695990093360511a6c5e6aaf4b9ed21cd966face90f95fbc54907e9f95e21169faa4d445d43f9e3306e8ce1c980f87c433001d4d5dfa1e709ab119c55293cdfa69f525d0d155886deca97490f19927c22e47c8e60b2cb83732d12583dfd2dcfd2a9e02ea1245bc86622a80448e4c2df6231af73a8255ccea0a72953344394866dd0bc0c175e264bec83b43b64945c54095ad7722e2102b19309f41df9d35cbcd7d0e6a7d7ce5e56aa85e2f9ff610b8ce139f8add5fefb8c1ecd7a35c810aa1c9bd3fedd8f7620c17099846d4c51ccf6ff09093c1715909364e2c8afc729259c7aff069ed0751b6a862097652fe71d896fc0dd05fa4822ec9343fa4b16ff23d48f680dc7d1e8dd058e636d1427439ab7ef5f024da9863da8fb41d7c27c4346644fe0acbdf3abd240d1f9277cd8d49baff71abf768e190477fbb66cc7a7b7871c00c4337e84d8eb5d0fa0f93c96eae41427b40223341aa428cafea5c57c4860f714a3e42ecce52bf26b62e95bd28efd7580431674cc3052173f304d49122620e31a2227df3e327acf3cec34e042bdd0ce712c3392132dd2221ac85dea197766f82919bf8a925282b648499e2521fd93d3f492d49a26789205abfbcecc6b683cf7717bb36079ac88fcd2a12007470dc8f6146aa35b1bf747405026efd0869c8a455ba247b512e99465809b50cbdce96fdedba89f64cf66a4af5a951e389adf2784617c3b41d7a3be109f485b7fcf40dbe2ffaefa03c37b84b43d4f533d6f073cf7688d2be88145925f425d7dbbef9b750570389f491f017a6ce4b4188080b842097d85697eb8ffb403658866dab2f6bf8223b72d7ad327f3e186920e7442cd668aa9c0b4a559393c4aeea199aa8f697a3e8d8450cd3e52e0e13b735ce2a9f3a59d1fcd8763b8b6139285cc1216da0a9264132c070daee019847a5e789a198f9d875dc37930a77ba4a0fcb2015cf3bbe389eca5a8203d5dd5f5e35aa1dc125fbd768dd4b185ce7231083843f017a12e479f2910ef5b95c67b29940bf4545aeb8436d6d066cab9424323d414524464e2e083a0231465e625ab376f74a95aaf29a637afb24067332dcd4f354d8f1da9966c18be5a1a1130c33fdcde097e1380795d77b6ee8c7989e43cf54db1bc9f8f2bfe3bf071b9330e11d907321b0d44e51537eff476c76fbe2a7c009d8c293867ae41a1ca5a8b63c6ebec57476fd38dc9d6cb4eea318eff53a02d7244e3a635c7ed7555e9bc0e6e2b96e2379cc66415edc5ddca2f3a42447900a3b2da52e025c745a39ca7cf34158ccd2e1f48f283c9ce5126a32846aa9bd69a3d1925639b0f74fd93c54b6fe6bd5b4b947f9f92778da564a2f83dc0c4650559504168dca6845b0fc53db994598dc610997038859d023dd21151c150e02d8e1095a805d8ec47122bb9f5630a6279e88b745dec21fe7bbbcbdb19ad5fada6c868ebe3710da9db48330d9ada845c76dfd533693b0409ea75d68ddd8471ca93bdb9b0028dfe10c511596f71d26a49a870c1349d2c2d92333c096159de4826dc2c9277699292e6ea3e44e4038893eb96d662d9d695abc4b4179f22a31e059c530784fc7b9f92dfa2dea5c9cafde445427ae8545ac1a821053d04d4ede305a49fa3cde634851a7253b162cb5df2be735155f37d9866f2d360ee094f2112114dfd0530c093a7bfcd46b08de34a5a55c17db3da7bb3ab33e7ddcceb884d8600054ff687968311394cf6f72fa3208c9e9e02c7f64a8bb4b5cf5077f09ce50b40f81233d9a31f3c4a9c671cd046248dd85e9f0d97951ff67e62f5d6bfb317b8ec3b09f59d3c610fed8ee227af55c7bf557fdb049e5ecf3e12e9bc2b05a98b7f9c0a2af910dd6bbd3b1bbb18bd75b6fe63cd606a28d3541e72526bb0a59046423934f2eab3e508a18e6207262c9d017cf2be0d01c7c9e6ee4bfd8603e48c83c5d8fb2eb493a21f1424c96e5a73a7e10d3816dd263761da851db6601c2c1d70a98a6dcf26a7dd921c7e47a0313b30d55f9c38a2a18cc5284f825f5768e952cfc4ca2e318bd1f40b14803b3b0f2fab197b9d7514e8e18817f37b3d972d8bccdd8be945252dd14cc0a75169bfcb42416209946e30d6d8cf2349855f3accc4e9c26aced307037ba924de94eb86962b9d44a44f5674df61f8fc01c0146ac833836e7b286425293ab0ca83918de7f37a84fe77af9986558a0cdc03877b3456da97938883ba853454efc79be49744bbf043631fd919d04b829105e14a4d598d2a1f4707de815b810fd0e93cfac974976aab0340a4b32d7e6f11d12a9ffa2dd301363a611a997675edab4af4881745b9018f5708224fdaf3e7fced131e1f3f44e8512c52d7cbd486d649efd895e2c7c98badffeae322ee805b3509cfbeb183b992850f1d7668554528e657cb266c9d9c4cfcdb53b050f49455a889b6d94442ca31c2b91f07f07c99e56d27bad31e0c3ce746bab1c12bc00d723c1e78c86696b490202467be2411febd0d443dbbd9009d8812ec80de1038fa81141017a205d98fe54caf55f24c5bb5a00590abdf16c4e8ab8dedc43ca617ffa4fe5bfe6b6f5ac37bc80afe8cef801dec0d2e05408e6253fa0b24221686827b8ee0948d5b451f4558d54ea407eb5db9fea1dd508db15a29d35ead1f567d8ee3261fd7679ff0a03", 0x1000, 0x80, &(0x7f0000000200)={0x11, 0xe9, r6, 0x1, 0x1, 0x6, @multicast}, 0x14)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0)
ioctl$KVM_SET_FPU(r3, 0x41a0ae8d, &(0x7f0000000240)={'\x00', 0x4, 0xd, 0x99, 0x0, 0x0, 0x10000, 0x2, '\x00', 0x8c94})
ioctl$KVM_RUN(r7, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.71' (ED25519) to the list of known hosts.
[   67.157178][ T5851] cgroup: Unknown subsys name 'net'
[   67.292102][ T5851] cgroup: Unknown subsys name 'cpuset'
[   67.300701][ T5851] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   68.678073][ T5851] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   71.413110][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[   71.419583][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[   72.850647][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   72.860805][   T52] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   72.869487][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   72.877390][   T52] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   72.885392][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   72.894067][   T52] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   72.902695][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   72.910929][   T52] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   72.913327][ T5876] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   72.925741][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   72.948393][   T52] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   72.948393][ T5876] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   72.955143][ T5878] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   72.956196][   T52] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   72.978393][   T52] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   72.986580][   T52] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   72.995265][   T52] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   73.004169][ T5866] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   73.016955][ T5866] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   73.026558][ T5866] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   73.456210][ T5860] chnl_net:caif_netlink_parms(): no params data found
[   73.495626][ T5861] chnl_net:caif_netlink_parms(): no params data found
[   73.649875][ T5864] chnl_net:caif_netlink_parms(): no params data found
[   73.753863][ T5860] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.761273][ T5860] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.769237][ T5860] bridge_slave_0: entered allmulticast mode
[   73.776405][ T5860] bridge_slave_0: entered promiscuous mode
[   73.807109][ T5860] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.814418][ T5860] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.821765][ T5860] bridge_slave_1: entered allmulticast mode
[   73.828878][ T5860] bridge_slave_1: entered promiscuous mode
[   73.840538][ T5861] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.847706][ T5861] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.855116][ T5861] bridge_slave_0: entered allmulticast mode
[   73.862363][ T5861] bridge_slave_0: entered promiscuous mode
[   73.886112][ T5862] chnl_net:caif_netlink_parms(): no params data found
[   73.896616][ T5861] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.903854][ T5861] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.911227][ T5861] bridge_slave_1: entered allmulticast mode
[   73.918493][ T5861] bridge_slave_1: entered promiscuous mode
[   73.967726][ T5860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.013860][ T5860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.037610][ T5861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.049764][ T5861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.100849][ T5864] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.108008][ T5864] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.115587][ T5864] bridge_slave_0: entered allmulticast mode
[   74.122956][ T5864] bridge_slave_0: entered promiscuous mode
[   74.158733][ T5864] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.165948][ T5864] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.173396][ T5864] bridge_slave_1: entered allmulticast mode
[   74.180597][ T5864] bridge_slave_1: entered promiscuous mode
[   74.190681][ T5860] team0: Port device team_slave_0 added
[   74.227269][ T5861] team0: Port device team_slave_0 added
[   74.235284][ T5861] team0: Port device team_slave_1 added
[   74.243440][ T5860] team0: Port device team_slave_1 added
[   74.263537][ T5864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.312054][ T5864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.344483][ T5862] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.352108][ T5862] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.359656][ T5862] bridge_slave_0: entered allmulticast mode
[   74.366669][ T5862] bridge_slave_0: entered promiscuous mode
[   74.386788][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.394274][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   74.420431][ T5861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.432800][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.440056][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   74.466448][ T5860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.484313][ T5862] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.491687][ T5862] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.499021][ T5862] bridge_slave_1: entered allmulticast mode
[   74.506127][ T5862] bridge_slave_1: entered promiscuous mode
[   74.525161][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.532493][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   74.558886][ T5861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.570694][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.577638][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   74.604222][ T5860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.632997][ T5864] team0: Port device team_slave_0 added
[   74.664903][ T5864] team0: Port device team_slave_1 added
[   74.699461][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.706420][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   74.732767][ T5864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.747116][ T5862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.760781][ T5862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.771731][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.778907][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   74.805727][ T5864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.901363][ T5860] hsr_slave_0: entered promiscuous mode
[   74.908025][ T5860] hsr_slave_1: entered promiscuous mode
[   74.937338][ T5861] hsr_slave_0: entered promiscuous mode
[   74.944726][ T5861] hsr_slave_1: entered promiscuous mode
[   74.951256][ T5861] debugfs: 'hsr0' already exists in 'hsr'
[   74.957148][ T5861] Cannot create hsr debugfs directory
[   74.965202][ T5862] team0: Port device team_slave_0 added
[   75.002472][ T5864] hsr_slave_0: entered promiscuous mode
[   75.009493][ T5864] hsr_slave_1: entered promiscuous mode
[   75.009855][   T52] Bluetooth: hci0: command tx timeout
[   75.015958][ T5864] debugfs: 'hsr0' already exists in 'hsr'
[   75.026327][ T5864] Cannot create hsr debugfs directory
[   75.034055][ T5862] team0: Port device team_slave_1 added
[   75.088528][ T5874] Bluetooth: hci2: command tx timeout
[   75.094285][ T5874] Bluetooth: hci1: command tx timeout
[   75.100264][   T52] Bluetooth: hci3: command tx timeout
[   75.152180][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_0
[   75.159402][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   75.185579][ T5862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   75.216906][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_1
[   75.224306][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   75.250378][ T5862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   75.414473][ T5862] hsr_slave_0: entered promiscuous mode
[   75.421437][ T5862] hsr_slave_1: entered promiscuous mode
[   75.427959][ T5862] debugfs: 'hsr0' already exists in 'hsr'
[   75.433749][ T5862] Cannot create hsr debugfs directory
[   75.628742][ T5860] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   75.642199][ T5860] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   75.680301][ T5860] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   75.691914][ T5860] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   75.766511][ T5861] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   75.777741][ T5861] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   75.791905][ T5861] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   75.810993][ T5861] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   75.876078][ T5864] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   75.886059][ T5864] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   75.901129][ T5864] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   75.913122][ T5864] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   75.997185][ T5862] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   76.007355][ T5862] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   76.023338][ T5862] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   76.046451][ T5862] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   76.174387][ T5861] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.193062][ T5860] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.252299][ T5861] 8021q: adding VLAN 0 to HW filter on device team0
[   76.263676][ T5860] 8021q: adding VLAN 0 to HW filter on device team0
[   76.289911][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.297219][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.308116][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.315496][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.334341][ T5864] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.362966][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.370118][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.381420][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.388554][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.447569][ T5862] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.466890][ T5864] 8021q: adding VLAN 0 to HW filter on device team0
[   76.513376][ T3471] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.520608][ T3471] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.555411][ T3471] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.562634][ T3471] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.605916][ T5862] 8021q: adding VLAN 0 to HW filter on device team0
[   76.633040][ T5861] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   76.695893][  T754] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.703122][  T754] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.756220][ T3471] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.763463][ T3471] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.847865][ T5860] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.003217][ T5860] veth0_vlan: entered promiscuous mode
[   77.014244][ T5861] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.040537][ T5860] veth1_vlan: entered promiscuous mode
[   77.094136][ T5874] Bluetooth: hci0: command tx timeout
[   77.142520][ T5860] veth0_macvtap: entered promiscuous mode
[   77.170897][ T5860] veth1_macvtap: entered promiscuous mode
[   77.179861][ T5874] Bluetooth: hci1: command tx timeout
[   77.185293][ T5874] Bluetooth: hci3: command tx timeout
[   77.191181][   T52] Bluetooth: hci2: command tx timeout
[   77.199382][ T5861] veth0_vlan: entered promiscuous mode
[   77.221579][ T5864] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.236643][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.266355][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.291069][ T5861] veth1_vlan: entered promiscuous mode
[   77.323297][   T44] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.333667][   T44] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.355115][   T44] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.375142][   T44] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.450975][ T5862] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.462303][ T5861] veth0_macvtap: entered promiscuous mode
[   77.480649][ T5864] veth0_vlan: entered promiscuous mode
[   77.492536][ T5861] veth1_macvtap: entered promiscuous mode
[   77.513540][ T3497] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.515589][ T5864] veth1_vlan: entered promiscuous mode
[   77.544607][ T3497] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.572714][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.620957][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.635580][ T3497] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.654324][ T3497] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.664568][ T3497] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.674816][   T44] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.683554][   T44] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.692838][ T3497] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.731338][ T5864] veth0_macvtap: entered promiscuous mode
[   77.770502][ T5864] veth1_macvtap: entered promiscuous mode
[   77.801626][ T5860] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   77.811112][ T5862] veth0_vlan: entered promiscuous mode
[   77.853332][ T5862] veth1_vlan: entered promiscuous mode
[   77.923434][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.947667][   T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.953894][ T5862] veth0_macvtap: entered promiscuous mode
[   77.967402][   T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.982563][ T5862] veth1_macvtap: entered promiscuous mode
[   78.001281][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_1
[   78.034877][ T3497] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.045605][   T44] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   78.055942][ T3497] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.073422][   T44] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   78.083552][   T44] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   78.097425][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_0
[   78.117049][   T44] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   78.135252][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_1
[   78.157710][ T3497] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   78.215079][ T3497] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   78.224601][ T3497] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   78.237190][ T3497] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   78.838043][ T3497] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.856764][ T3497] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.906087][ T5963] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5'.
[   78.958913][ T3471] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.966759][ T3471] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.036067][ T3497] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.050334][ T3497] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.062131][ T3471] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.065804][ T5968] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   79.072249][ T3471] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.151276][ T5968] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7'.
[   79.169781][   T52] Bluetooth: hci0: command tx timeout
[   79.178118][ T5968] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7'.
[   79.223681][ T5968] tipc: Started in network mode
[   79.236848][ T5968] tipc: Node identity 8, cluster identity 5
[   79.244006][ T5968] tipc: Node number set to 8
[   79.249367][   T52] Bluetooth: hci2: command tx timeout
[   79.252354][ T5968] tipc: Cannot configure node identity twice
[   79.254809][ T5874] Bluetooth: hci3: command tx timeout
[   79.266936][   T52] Bluetooth: hci1: command tx timeout
[   79.651060][ T5917] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   79.679307][  T117] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   79.749100][ T5904] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[   79.828364][ T5917] usb 1-1: Using ep0 maxpacket: 16
[   79.834573][ T5987] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   79.842187][  T117] usb 4-1: Using ep0 maxpacket: 8
[   79.850139][ T5917] usb 1-1: config 0 has no interfaces?
[   79.860927][ T5917] usb 1-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[   79.870049][ T5917] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   79.878211][ T5917] usb 1-1: Product: syz
[   79.883248][ T5917] usb 1-1: Manufacturer: syz
[   79.887870][ T5917] usb 1-1: SerialNumber: syz
[   79.894721][  T117] usb 4-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77
[   79.907861][ T5917] usb 1-1: config 0 descriptor??
[   79.913969][  T117] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=239
[   79.920518][ T5904] usb 3-1: unable to get BOS descriptor or descriptor too short
[   79.924310][  T117] usb 4-1: Product: syz
[   79.934520][  T117] usb 4-1: Manufacturer: syz
[   79.937560][ T5904] usb 3-1: not running at top speed; connect to a high speed hub
[   79.947902][  T117] usb 4-1: SerialNumber: syz
[   79.950069][ T5904] usb 3-1: config 9 has an invalid interface number: 233 but max is 0
[   79.961853][ T5904] usb 3-1: config 9 has no interface number 0
[   79.962025][  T117] usb 4-1: config 0 descriptor??
[   79.967951][ T5904] usb 3-1: config 9 interface 233 has no altsetting 0
[   79.983834][ T5904] usb 3-1: New USB device found, idVendor=187f, idProduct=0010, bcdDevice=5a.a7
[   79.992630][  T117] gspca_main: sq905-2.14.0 probing 2770:9120
[   79.993612][ T5904] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   79.999515][ T5987] usb 2-1: Using ep0 maxpacket: 32
[   80.007847][ T5904] usb 3-1: Product: syz
[   80.019654][ T5904] usb 3-1: Manufacturer: syz
[   80.022040][ T5987] usb 2-1: config 0 has an invalid interface number: 196 but max is 0
[   80.024292][ T5904] usb 3-1: SerialNumber: syz
[   80.033030][ T5987] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   80.047636][ T5987] usb 2-1: config 0 has no interface number 0
[   80.054692][ T5987] usb 2-1: config 0 interface 196 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   80.068754][ T5987] usb 2-1: config 0 interface 196 has no altsetting 0
[   80.078420][ T5987] usb 2-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[   80.087514][ T5987] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   80.095769][ T5987] usb 2-1: Product: syz
[   80.100114][ T5987] usb 2-1: Manufacturer: syz
[   80.104811][ T5987] usb 2-1: SerialNumber: syz
[   80.112394][ T5987] usb 2-1: config 0 descriptor??
[   80.127390][ T5987] ipheth 2-1:0.196: Unable to find endpoints
[   80.169236][ T5978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   80.179042][ T5978] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   80.191221][ T5874] Bluetooth: hci3: adv larger than maximum supported
[   80.191272][ T5874] Bluetooth: hci3: Malformed LE Event: 0x0d
[   80.195473][   T43] usb 1-1: USB disconnect, device number 2
[   80.284853][ T5904] smsusb:smsusb_probe: board id=13, interface number 233
[   80.302040][ T5904] usb 3-1: USB disconnect, device number 2
[   80.607216][ T5979] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   80.616323][ T5979] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   80.630695][  T117] gspca_sq905: sq905_command: usb_control_msg failed (-71)
[   80.638845][  T117] sq905 4-1:0.0: probe with driver sq905 failed with error -71
[   80.650925][  T117] usb 4-1: USB disconnect, device number 2
[   81.086725][ T5997] netlink: 16 bytes leftover after parsing attributes in process `syz.2.12'.
[   81.197891][ T5996] netlink: 830 bytes leftover after parsing attributes in process `syz.0.13'.
[   81.248689][ T5874] Bluetooth: hci0: command tx timeout
[   81.331533][ T5874] Bluetooth: hci3: command tx timeout
[   81.337010][   T52] Bluetooth: hci1: command tx timeout
[   81.342521][ T5866] Bluetooth: hci2: command tx timeout
[   81.448517][   T89] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   81.466073][ T6007] netlink: 'syz.3.17': attribute type 6 has an invalid length.
[   81.557969][ T6009] netlink: 'syz.3.18': attribute type 6 has an invalid length.
[   81.571953][ T6009] FAULT_INJECTION: forcing a failure.
[   81.571953][ T6009] name failslab, interval 1, probability 0, space 0, times 1
[   81.584727][ T6009] CPU: 0 UID: 0 PID: 6009 Comm: syz.3.18 Not tainted syzkaller #0 PREEMPT(full) 
[   81.584749][ T6009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   81.584766][ T6009] Call Trace:
[   81.584773][ T6009]  <TASK>
[   81.584781][ T6009]  dump_stack_lvl+0x189/0x250
[   81.584811][ T6009]  ? __pfx____ratelimit+0x10/0x10
[   81.584834][ T6009]  ? __pfx_dump_stack_lvl+0x10/0x10
[   81.584851][ T6009]  ? __pfx__printk+0x10/0x10
[   81.584880][ T6009]  ? __pfx___might_resched+0x10/0x10
[   81.584905][ T6009]  should_fail_ex+0x414/0x560
[   81.584933][ T6009]  should_failslab+0xa8/0x100
[   81.584959][ T6009]  __kmalloc_noprof+0xcb/0x7f0
[   81.584977][ T6009]  ? kfree+0x4d/0x6d0
[   81.584993][ T6009]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[   81.585021][ T6009]  tomoyo_realpath_from_path+0xe3/0x5d0
[   81.585045][ T6009]  ? tomoyo_domain+0xd9/0x130
[   81.585070][ T6009]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   81.585088][ T6009]  tomoyo_path_number_perm+0x1e8/0x5a0
[   81.585109][ T6009]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   81.585166][ T6009]  ? __fget_files+0x2a/0x420
[   81.585194][ T6009]  ? __fget_files+0x3a0/0x420
[   81.585209][ T6009]  ? __fget_files+0x2a/0x420
[   81.585230][ T6009]  security_file_ioctl+0xcb/0x2d0
[   81.585250][ T6009]  __se_sys_ioctl+0x47/0x170
[   81.585274][ T6009]  do_syscall_64+0xfa/0xfa0
[   81.585289][ T6009]  ? lockdep_hardirqs_on+0x9c/0x150
[   81.585312][ T6009]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.585328][ T6009]  ? clear_bhb_loop+0x60/0xb0
[   81.585348][ T6009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.585364][ T6009] RIP: 0033:0x7fd457b8ec29
[   81.585383][ T6009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   81.585397][ T6009] RSP: 002b:00007fd458af6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   81.585415][ T6009] RAX: ffffffffffffffda RBX: 00007fd457dd5fa0 RCX: 00007fd457b8ec29
[   81.585427][ T6009] RDX: 0000200000001040 RSI: 00000000000089f1 RDI: 0000000000000003
[   81.585438][ T6009] RBP: 00007fd458af6090 R08: 0000000000000000 R09: 0000000000000000
[   81.585448][ T6009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   81.585458][ T6009] R13: 00007fd457dd6038 R14: 00007fd457dd5fa0 R15: 00007ffdcdf99d28
[   81.585490][ T6009]  </TASK>
[   81.585498][ T6009] ERROR: Out of memory at tomoyo_realpath_from_path.
[   81.859869][   T89] usb 1-1: too many configurations: 151, using maximum allowed: 8
[   81.890284][   T89] usb 1-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7
[   81.899547][   T89] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130
[   81.907828][   T89] usb 1-1: Product: syz
[   81.928998][   T89] usb 1-1: Manufacturer: syz
[   81.933634][   T89] usb 1-1: SerialNumber: syz
[   81.961273][   T89] usb 1-1: config 0 descriptor??
[   81.973828][   T89] ims_pcu 1-1:0.0: Zero length descriptor
[   81.988344][   T89] ims_pcu 1-1:0.0: probe with driver ims_pcu failed with error -22
[   82.181065][   T89] usb 1-1: USB disconnect, device number 3
[   82.388304][   T24] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   82.415024][ T6015] FAULT_INJECTION: forcing a failure.
[   82.415024][ T6015] name failslab, interval 1, probability 0, space 0, times 0
[   82.419001][  T117] usb 2-1: USB disconnect, device number 2
[   82.427966][ T6015] CPU: 0 UID: 0 PID: 6015 Comm: syz.2.21 Not tainted syzkaller #0 PREEMPT(full) 
[   82.427988][ T6015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   82.427997][ T6015] Call Trace:
[   82.428007][ T6015]  <TASK>
[   82.428015][ T6015]  dump_stack_lvl+0x189/0x250
[   82.428037][ T6015]  ? __pfx____ratelimit+0x10/0x10
[   82.428058][ T6015]  ? __pfx_dump_stack_lvl+0x10/0x10
[   82.428072][ T6015]  ? __pfx__printk+0x10/0x10
[   82.428098][ T6015]  ? __pfx___might_resched+0x10/0x10
[   82.428122][ T6015]  should_fail_ex+0x414/0x560
[   82.428148][ T6015]  should_failslab+0xa8/0x100
[   82.428171][ T6015]  __kmalloc_noprof+0xcb/0x7f0
[   82.428189][ T6015]  ? kfree+0x4d/0x6d0
[   82.428203][ T6015]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[   82.428235][ T6015]  tomoyo_realpath_from_path+0xe3/0x5d0
[   82.428257][ T6015]  ? tomoyo_domain+0xd9/0x130
[   82.428282][ T6015]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   82.428299][ T6015]  tomoyo_path_number_perm+0x1e8/0x5a0
[   82.428327][ T6015]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   82.428380][ T6015]  ? __fget_files+0x2a/0x420
[   82.428400][ T6015]  ? __fget_files+0x3a0/0x420
[   82.428414][ T6015]  ? __fget_files+0x2a/0x420
[   82.428433][ T6015]  security_file_ioctl+0xcb/0x2d0
[   82.428451][ T6015]  __se_sys_ioctl+0x47/0x170
[   82.428474][ T6015]  do_syscall_64+0xfa/0xfa0
[   82.428490][ T6015]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.428505][ T6015]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   82.428520][ T6015]  ? clear_bhb_loop+0x60/0xb0
[   82.428539][ T6015]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.428554][ T6015] RIP: 0033:0x7fd95338ec29
[   82.428569][ T6015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   82.428582][ T6015] RSP: 002b:00007fd95416d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   82.428599][ T6015] RAX: ffffffffffffffda RBX: 00007fd9535d5fa0 RCX: 00007fd95338ec29
[   82.428610][ T6015] RDX: 0000200000000400 RSI: 00000000c008561c RDI: 0000000000000003
[   82.428620][ T6015] RBP: 00007fd95416d090 R08: 0000000000000000 R09: 0000000000000000
[   82.428630][ T6015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   82.428639][ T6015] R13: 00007fd9535d6038 R14: 00007fd9535d5fa0 R15: 00007ffe12d9cc08
[   82.428666][ T6015]  </TASK>
[   82.434343][ T6015] ERROR: Out of memory at tomoyo_realpath_from_path.
[   82.760977][   T24] usb 4-1: Using ep0 maxpacket: 16
[   82.773273][   T24] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[   82.796164][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   82.821382][   T24] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[   82.830871][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   82.851300][   T24] usb 4-1: Product: syz
[   82.855511][   T24] usb 4-1: Manufacturer: syz
[   82.870467][   T24] usb 4-1: SerialNumber: syz
[   82.889240][   T24] usb 4-1: config 0 descriptor??
[   82.908201][   T24] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[   82.917545][   T24] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[   83.158410][ T5904] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[   83.238333][  T117] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   83.268354][ T5924] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   83.288473][ T5904] usb 2-1: device descriptor read/64, error -71
[   83.389786][  T117] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   83.401557][  T117] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   83.411676][  T117] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   83.418916][   T52] Bluetooth: hci1: command tx timeout
[   83.423384][  T117] usb 3-1: config 0 descriptor??
[   83.434374][ T5924] usb 1-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64
[   83.444930][ T5924] usb 1-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32
[   83.455175][ T5924] usb 1-1: config 1 interface 0 has no altsetting 0
[   83.463938][ T5924] usb 1-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40
[   83.474213][ T5924] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   83.482262][ T5924] usb 1-1: Product: syz
[   83.486539][ T5924] usb 1-1: Manufacturer: syz
[   83.492692][ T5924] usb 1-1: SerialNumber: syz
[   83.502464][   T24] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[   83.507797][ T6029] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22
[   83.509738][   T24] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[   83.515911][ T6029] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22
[   83.529773][ T5904] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[   83.668433][ T5904] usb 2-1: device descriptor read/64, error -71
[   83.778654][ T5904] usb usb2-port1: attempt power cycle
[   84.118352][ T5904] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[   84.139999][ T5904] usb 2-1: device descriptor read/8, error -71
[   84.158334][   T24] em28xx 4-1:0.0: AC97 command still being executed: not handled properly!
[   84.167352][   T24] em28xx 4-1:0.0: Unknown AC97 audio processor detected!
[   84.358336][   T24] em28xx 4-1:0.0: AC97 command still being executed: not handled properly!
[   84.367207][   T24] em28xx 4-1:0.0: couldn't setup AC97 register 2
[   84.378414][ T5904] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[   84.399085][ T5904] usb 2-1: device descriptor read/8, error -71
[   84.509338][ T5904] usb usb2-port1: unable to enumerate USB device
[   84.542344][   T24] em28xx 4-1:0.0: couldn't setup AC97 register 4
[   84.550285][   T24] em28xx 4-1:0.0: couldn't setup AC97 register 6
[   84.552795][ T6029] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   84.557159][   T24] em28xx 4-1:0.0: couldn't setup AC97 register 54
[   84.570798][ T6029] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   84.574815][   T24] em28xx 4-1:0.0: couldn't setup AC97 register 56
[   84.586010][ T5924] (unnamed net_device) (uninitialized): Assigned a random MAC address: ee:64:15:36:4f:45
[   84.607667][   T24] usb 4-1: USB disconnect, device number 3
[   84.614865][ T5924] rtl8150 1-1:1.0: eth1: rtl8150 is detected
[   84.638632][ T5924] usb 1-1: USB disconnect, device number 4
[   85.679631][ T6049] random: crng reseeded on system resumption
[   85.751367][ T5924] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   85.908307][ T5924] usb 1-1: Using ep0 maxpacket: 8
[   85.921949][ T5924] usb 1-1: New USB device found, idVendor=15c2, idProduct=0043, bcdDevice= 2.c9
[   85.941227][ T5924] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.960523][ T5924] usb 1-1: Product: syz
[   85.965367][ T5924] usb 1-1: Manufacturer: syz
[   85.971450][ T5924] usb 1-1: SerialNumber: syz
[   85.979663][   T24] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   85.987044][ T5924] usb 1-1: config 0 descriptor??
[   86.010654][  T117] usbhid 3-1:0.0: can't add hid device: -71
[   86.013786][ T5924] imon:imon_find_endpoints: no valid input (IR) endpoint found
[   86.016820][  T117] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[   86.026352][ T5924] imon 1-1:0.0: unable to initialize intf0, err -19
[   86.043770][  T117] usb 3-1: USB disconnect, device number 3
[   86.060164][ T5924] imon:imon_probe: failed to initialize context!
[   86.084007][ T5924] imon 1-1:0.0: unable to register, err -19
[   86.118086][ T6055] process 'syz.2.39' launched '/dev/fd/5' with NULL argv: empty string added
[   86.148590][   T24] usb 4-1: Using ep0 maxpacket: 16
[   86.160440][   T24] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[   86.179265][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   86.200512][   T24] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[   86.219292][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.230521][   T24] usb 4-1: Product: syz
[   86.234714][   T24] usb 4-1: Manufacturer: syz
[   86.239814][   T24] usb 4-1: SerialNumber: syz
[   86.250225][   T24] usb 4-1: config 0 descriptor??
[   86.254265][ T6045] capability: warning: `syz.0.34' uses 32-bit capabilities (legacy support in use)
[   86.273885][ T6058] netlink: 'syz.2.40': attribute type 1 has an invalid length.
[   86.282708][   T24] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[   86.295502][ T5924] usb 1-1: USB disconnect, device number 5
[   86.298286][   T24] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[   86.320445][ T6058] netlink: 'syz.2.40': attribute type 101 has an invalid length.
[   86.328192][ T6058] netlink: 480 bytes leftover after parsing attributes in process `syz.2.40'.
[   86.328443][ T5917] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[   86.509604][ T5917] usb 2-1: device descriptor read/64, error -71
[   86.796606][    T9] cfg80211: failed to load regulatory.db
[   87.210837][   T24] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[   87.217513][   T24] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[   87.228325][ T5917] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[   87.383257][ T5917] usb 2-1: device descriptor read/64, error -71
[   87.498845][ T5917] usb usb2-port1: attempt power cycle
[   87.638354][   T43] usb 3-1: new low-speed USB device number 4 using dummy_hcd
[   87.820450][   T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   87.831916][   T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   87.841771][   T43] usb 3-1: New USB device found, idVendor=046d, idProduct=c52f, bcdDevice= 0.00
[   87.850963][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   87.859168][ T5917] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[   87.869762][   T43] usb 3-1: config 0 descriptor??
[   87.892321][   T43] usbhid 3-1:0.0: can't add hid device: -22
[   87.899869][ T5917] usb 2-1: device descriptor read/8, error -71
[   87.910473][   T43] usbhid 3-1:0.0: probe with driver usbhid failed with error -22
[   87.948339][   T24] em28xx 4-1:0.0: AC97 command still being executed: not handled properly!
[   87.957258][   T24] em28xx 4-1:0.0: Unknown AC97 audio processor detected!
[   88.158446][ T5917] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[   88.169003][   T24] em28xx 4-1:0.0: AC97 command still being executed: not handled properly!
[   88.188502][   T24] em28xx 4-1:0.0: couldn't setup AC97 register 2
[   88.195418][ T5917] usb 2-1: device descriptor read/8, error -71
[   88.200878][ T6073] IPVS: set_ctl: invalid protocol: 44 0.0.0.0:20003
[   88.258736][    T9] usb 3-1: USB disconnect, device number 4
[   88.301593][ T6075] =======================================================
[   88.301593][ T6075] WARNING: The mand mount option has been deprecated and
[   88.301593][ T6075]          and is ignored by this kernel. Remove the mand
[   88.301593][ T6075]          option from the mount to silence this warning.
[   88.301593][ T6075] =======================================================
[   88.343894][   T24] em28xx 4-1:0.0: couldn't setup AC97 register 4
[   88.365179][ T5917] usb usb2-port1: unable to enumerate USB device
[   88.373333][   T24] em28xx 4-1:0.0: couldn't setup AC97 register 6
[   88.383351][   T24] em28xx 4-1:0.0: couldn't setup AC97 register 54
[   88.398690][   T24] em28xx 4-1:0.0: couldn't setup AC97 register 56
[   88.418686][   T24] usb 4-1: USB disconnect, device number 4
[   89.268371][ T5980] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[   89.281400][ T6105] netlink: 12 bytes leftover after parsing attributes in process `syz.1.56'.
[   89.448485][ T5924] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[   89.460206][ T5980] usb 3-1: config 1 has an invalid interface number: 105 but max is 0
[   89.478537][ T5980] usb 3-1: config 1 has no interface number 0
[   89.488602][ T5980] usb 3-1: config 1 interface 105 has no altsetting 0
[   89.507093][ T5980] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[   89.516399][ T5980] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.524584][ T5980] usb 3-1: Product: syz
[   89.528962][ T5980] usb 3-1: Manufacturer: syz
[   89.533604][ T5980] usb 3-1: SerialNumber: syz
[   89.588334][ T5904] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[   89.619978][ T5924] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   89.631348][ T5924] usb 1-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00
[   89.645297][ T5924] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   89.662131][ T5924] usb 1-1: config 0 descriptor??
[   89.689432][ T6112] netlink: 'syz.3.59': attribute type 4 has an invalid length.
[   89.742912][ T5904] usb 2-1: Using ep0 maxpacket: 16
[   89.755277][ T5904] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[   89.769067][ T5904] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   89.783941][ T5904] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[   89.793360][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.803529][ T5904] usb 2-1: Product: syz
[   89.819383][ T5904] usb 2-1: Manufacturer: syz
[   89.824051][ T5904] usb 2-1: SerialNumber: syz
[   89.837173][ T5904] usb 2-1: config 0 descriptor??
[   89.851221][ T5904] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[   89.861852][ T5904] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[   89.997496][ T6118] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   90.022321][ T6118] sp0: Synchronizing with TNC
[   90.095479][ T5924] acrux 0003:1A34:F705.0001: unexpected long global item
[   90.106829][ T5924] acrux 0003:1A34:F705.0001: parse failed
[   90.114046][ T5924] acrux 0003:1A34:F705.0001: probe with driver acrux failed with error -22
[   90.212230][ T6121] netlink: 4 bytes leftover after parsing attributes in process `syz.3.63'.
[   90.295809][ T5924] usb 1-1: USB disconnect, device number 6
[   90.376958][ T5980] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[   90.388625][ T5980] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[   90.408660][ T5980] aqc111 3-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.2-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 62:07:ef:48:4a:b2
[   90.451042][ T5904] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[   90.467231][   T24] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   90.468511][ T5904] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[   90.624372][   T43] usb 3-1: USB disconnect, device number 5
[   90.638336][   T24] usb 4-1: Using ep0 maxpacket: 16
[   90.644400][   T43] aqc111 3-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.2-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[   90.659827][   T24] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[   90.673866][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.699932][   T24] usb 4-1: config 0 descriptor??
[   90.705308][   T43] aqc111 3-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[   90.727183][   T24] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[   90.738916][   T43] aqc111 3-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[   90.755310][   T43] aqc111 3-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[   90.961435][ T6121] netlink: 36 bytes leftover after parsing attributes in process `syz.3.63'.
[   91.361916][ T6155] program syz.2.66 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   91.503369][ T5904] em28xx 2-1:0.0: Unknown AC97 audio processor detected!
[   91.512908][ T5904] em28xx 2-1:0.0: couldn't setup AC97 register 2
[   91.521906][ T5904] em28xx 2-1:0.0: couldn't setup AC97 register 4
[   91.529408][ T5904] em28xx 2-1:0.0: couldn't setup AC97 register 6
[   91.536344][ T5904] em28xx 2-1:0.0: couldn't setup AC97 register 54
[   91.543857][ T5904] em28xx 2-1:0.0: couldn't setup AC97 register 56
[   91.548559][ T5980] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   91.555203][ T5904] usb 2-1: USB disconnect, device number 11
[   91.718328][ T5980] usb 1-1: Using ep0 maxpacket: 16
[   91.727246][ T5980] usb 1-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[   91.736676][ T5980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.744835][ T5980] usb 1-1: Product: syz
[   91.749242][ T5980] usb 1-1: Manufacturer: syz
[   91.753885][ T5980] usb 1-1: SerialNumber: syz
[   91.761483][ T5980] usb 1-1: config 0 descriptor??
[   91.769213][ T5980] visor 1-1:0.0: Sony Clie 3.5 converter detected
[   92.175546][ T6152] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   92.184650][ T6152] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   92.197737][ T5980] usb 1-1: clie_3_5_startup: get interface number failed: -71
[   92.198643][ T6166] tls_set_device_offload_rx: netdev not found
[   92.224896][ T5980] visor 1-1:0.0: probe with driver visor failed with error -71
[   92.262110][ T5980] usb 1-1: USB disconnect, device number 7
[   92.335341][ T6170] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   92.789283][ T6186] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   92.949814][ T5980] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[   93.114237][ T6189] FAULT_INJECTION: forcing a failure.
[   93.114237][ T6189] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   93.125125][ T5980] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30
[   93.133035][ T6189] CPU: 0 UID: 0 PID: 6189 Comm: syz.1.76 Not tainted syzkaller #0 PREEMPT(full) 
[   93.133056][ T6189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   93.133062][ T6189] Call Trace:
[   93.133068][ T6189]  <TASK>
[   93.133074][ T6189]  dump_stack_lvl+0x189/0x250
[   93.133096][ T6189]  ? __pfx____ratelimit+0x10/0x10
[   93.133119][ T6189]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.133134][ T6189]  ? __pfx__printk+0x10/0x10
[   93.133155][ T6189]  ? __might_fault+0xb0/0x130
[   93.133184][ T6189]  should_fail_ex+0x414/0x560
[   93.133210][ T6189]  _copy_from_user+0x2d/0xb0
[   93.133229][ T6189]  memdup_user+0x5e/0xd0
[   93.133244][ T6189]  strndup_user+0x68/0xd0
[   93.133258][ T6189]  __se_sys_mount+0x9d/0x410
[   93.133275][ T6189]  ? ksys_write+0x22a/0x250
[   93.133298][ T6189]  ? __pfx___se_sys_mount+0x10/0x10
[   93.133317][ T6189]  ? do_syscall_64+0xbe/0xfa0
[   93.133330][ T6189]  ? __x64_sys_mount+0x20/0xc0
[   93.133346][ T6189]  do_syscall_64+0xfa/0xfa0
[   93.133359][ T6189]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.133381][ T6189]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.133406][ T6189]  ? clear_bhb_loop+0x60/0xb0
[   93.133426][ T6189]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.133440][ T6189] RIP: 0033:0x7f59bf98ec29
[   93.133453][ T6189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.133466][ T6189] RSP: 002b:00007f59c0814038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   93.133484][ T6189] RAX: ffffffffffffffda RBX: 00007f59bfbd5fa0 RCX: 00007f59bf98ec29
[   93.133495][ T6189] RDX: 0000200000000080 RSI: 0000200000000000 RDI: 0000000000000000
[   93.133505][ T6189] RBP: 00007f59c0814090 R08: 0000200000000300 R09: 0000000000000000
[   93.133515][ T6189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   93.133524][ T6189] R13: 00007f59bfbd6038 R14: 00007f59bfbd5fa0 R15: 00007fff54d47de8
[   93.133551][ T6189]  </TASK>
[   93.338446][   T24] usb 4-1: Detected FT232A
[   93.369389][   T24] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[   93.381376][   T24] usb 4-1: USB disconnect, device number 5
[   93.401698][ T5980] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[   93.420568][ T5980] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129
[   93.420620][ T5980] usb 3-1: New USB device found, idVendor=056a, idProduct=00de, bcdDevice= 0.00
[   93.420642][ T5980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.454107][   T24] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[   93.454697][   T24] ftdi_sio 4-1:0.0: device disconnected
[   93.457026][ T5980] usb 3-1: config 0 descriptor??
[   93.457723][ T6184] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   93.465082][ T6195] warning: `syz.0.79' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   93.660385][    T9] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[   93.697388][ T5980] usbhid 3-1:0.0: can't add hid device: -71
[   93.708533][ T5980] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[   93.737064][ T5980] usb 3-1: USB disconnect, device number 6
[   93.839221][    T9] usb 2-1: Using ep0 maxpacket: 16
[   93.855534][    T9] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[   93.869768][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   93.870212][ T6201] FAULT_INJECTION: forcing a failure.
[   93.870212][ T6201] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   93.891920][    T9] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[   93.904340][ T6201] CPU: 1 UID: 0 PID: 6201 Comm: syz.2.80 Not tainted syzkaller #0 PREEMPT(full) 
[   93.904361][ T6201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   93.904371][ T6201] Call Trace:
[   93.904379][ T6201]  <TASK>
[   93.904386][ T6201]  dump_stack_lvl+0x189/0x250
[   93.904409][ T6201]  ? __pfx____ratelimit+0x10/0x10
[   93.904431][ T6201]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.904448][ T6201]  ? __pfx__printk+0x10/0x10
[   93.904471][ T6201]  ? fs_reclaim_acquire+0x7d/0x100
[   93.904502][ T6201]  should_fail_ex+0x414/0x560
[   93.904529][ T6201]  prepare_alloc_pages+0x213/0x610
[   93.904559][ T6201]  __alloc_frozen_pages_noprof+0x123/0x370
[   93.904586][ T6201]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   93.904617][ T6201]  ? policy_nodemask+0x27c/0x720
[   93.904638][ T6201]  ? __lock_acquire+0xab9/0xd20
[   93.904660][ T6201]  alloc_pages_mpol+0x232/0x4a0
[   93.904688][ T6201]  alloc_pages_noprof+0xa9/0x190
[   93.904713][ T6201]  get_free_pages_noprof+0xf/0x80
[   93.904735][ T6201]  kasan_populate_vmalloc+0x38/0x270
[   93.904756][ T6201]  ? do_raw_spin_unlock+0x122/0x240
[   93.904784][ T6201]  alloc_vmap_area+0xd62/0x14a0
[   93.904822][ T6201]  ? __pfx_alloc_vmap_area+0x10/0x10
[   93.904838][ T6201]  ? __kasan_kmalloc+0x93/0xb0
[   93.904862][ T6201]  ? __get_vm_area_node+0x13f/0x300
[   93.904883][ T6201]  ? copy_process+0x54b/0x3c00
[   93.904903][ T6201]  __get_vm_area_node+0x1f8/0x300
[   93.904941][ T6201]  __vmalloc_node_range_noprof+0x301/0x12f0
[   93.904962][ T6201]  ? copy_process+0x54b/0x3c00
[   93.904980][ T6201]  ? percpu_ref_get_many+0x19/0x140
[   93.905010][ T6201]  ? percpu_ref_get_many+0x19/0x140
[   93.905040][ T6201]  ? __memcg_slab_post_alloc_hook+0x517/0x7d0
[   93.905067][ T6201]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   93.905091][ T6201]  ? memcpy_and_pad+0x48/0x80
[   93.905117][ T6201]  __vmalloc_node_noprof+0xc2/0x110
[   93.905137][ T6201]  ? copy_process+0x54b/0x3c00
[   93.905155][ T6201]  ? copy_process+0x54b/0x3c00
[   93.905176][ T6201]  dup_task_struct+0x3d4/0x830
[   93.905196][ T6201]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.905222][ T6201]  copy_process+0x54b/0x3c00
[   93.905273][ T6201]  ? __pfx_copy_process+0x10/0x10
[   93.905307][ T6201]  vhost_task_create+0x1ce/0x320
[   93.905330][ T6201]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[   93.905358][ T6201]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[   93.905382][ T6201]  ? __pfx_vhost_task_create+0x10/0x10
[   93.905413][ T6201]  ? __pfx_vhost_task_fn+0x10/0x10
[   93.905455][ T6201]  kvm_mmu_post_init_vm+0x14c/0x300
[   93.905476][ T6201]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[   93.905500][ T6201]  ? __mutex_trylock_common+0x153/0x260
[   93.905524][ T6201]  ? __pfx___mutex_trylock_common+0x10/0x10
[   93.905546][ T6201]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[   93.905566][ T6201]  ? rcu_is_watching+0x15/0xb0
[   93.905587][ T6201]  ? trace_contention_end+0x39/0x120
[   93.905607][ T6201]  ? look_up_lock_class+0x74/0x170
[   93.905632][ T6201]  ? register_lock_class+0x51/0x320
[   93.905657][ T6201]  ? __lock_acquire+0xab9/0xd20
[   93.905705][ T6201]  kvm_vcpu_ioctl+0x95c/0xe90
[   93.905730][ T6201]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[   93.905771][ T6201]  ? __fget_files+0x2a/0x420
[   93.905792][ T6201]  ? __fget_files+0x3a0/0x420
[   93.905807][ T6201]  ? __fget_files+0x2a/0x420
[   93.905826][ T6201]  ? bpf_lsm_file_ioctl+0x9/0x20
[   93.905843][ T6201]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[   93.905860][ T6201]  __se_sys_ioctl+0xfc/0x170
[   93.905883][ T6201]  do_syscall_64+0xfa/0xfa0
[   93.905898][ T6201]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.905920][ T6201]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.905947][ T6201]  ? clear_bhb_loop+0x60/0xb0
[   93.905967][ T6201]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.905983][ T6201] RIP: 0033:0x7fd95338ec29
[   93.905998][ T6201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.906012][ T6201] RSP: 002b:00007fd95416d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   93.906030][ T6201] RAX: ffffffffffffffda RBX: 00007fd9535d5fa0 RCX: 00007fd95338ec29
[   93.906042][ T6201] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[   93.906052][ T6201] RBP: 00007fd95416d090 R08: 0000000000000000 R09: 0000000000000000
[   93.906062][ T6201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   93.906072][ T6201] R13: 00007fd9535d6038 R14: 00007fd9535d5fa0 R15: 00007ffe12d9cc08
[   93.906103][ T6201]  </TASK>
[   93.906391][ T6201] syz.2.80: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
[   93.918835][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   93.934596][ T6201] ,cpuset=
[   93.952213][    T9] usb 2-1: Product: syz
[   93.956005][ T6201] /
[   93.968079][    T9] usb 2-1: Manufacturer: syz
[   93.973908][ T6201] ,mems_allowed=0-1
[   93.988306][    T9] usb 2-1: SerialNumber: syz
[   93.991684][ T6201] 
[   94.007826][    T9] usb 2-1: config 0 descriptor??
[   94.031159][ T6201] CPU: 1 UID: 0 PID: 6201 Comm: syz.2.80 Not tainted syzkaller #0 PREEMPT(full) 
[   94.031182][ T6201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   94.031192][ T6201] Call Trace:
[   94.031199][ T6201]  <TASK>
[   94.031206][ T6201]  dump_stack_lvl+0x189/0x250
[   94.031228][ T6201]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[   94.031246][ T6201]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.031263][ T6201]  ? __pfx__printk+0x10/0x10
[   94.031285][ T6201]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[   94.031308][ T6201]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[   94.031338][ T6201]  warn_alloc+0x214/0x310
[   94.031358][ T6201]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.031383][ T6201]  ? __pfx_warn_alloc+0x10/0x10
[   94.031410][ T6201]  ? copy_process+0x54b/0x3c00
[   94.031429][ T6201]  ? __get_vm_area_node+0x211/0x300
[   94.031455][ T6201]  __vmalloc_node_range_noprof+0x326/0x12f0
[   94.031474][ T6201]  ? percpu_ref_get_many+0x19/0x140
[   94.031503][ T6201]  ? percpu_ref_get_many+0x19/0x140
[   94.031532][ T6201]  ? __memcg_slab_post_alloc_hook+0x517/0x7d0
[   94.031557][ T6201]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   94.031579][ T6201]  ? memcpy_and_pad+0x48/0x80
[   94.031604][ T6201]  __vmalloc_node_noprof+0xc2/0x110
[   94.031623][ T6201]  ? copy_process+0x54b/0x3c00
[   94.031639][ T6201]  ? copy_process+0x54b/0x3c00
[   94.031661][ T6201]  dup_task_struct+0x3d4/0x830
[   94.031680][ T6201]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.031704][ T6201]  copy_process+0x54b/0x3c00
[   94.031751][ T6201]  ? __pfx_copy_process+0x10/0x10
[   94.031784][ T6201]  vhost_task_create+0x1ce/0x320
[   94.031806][ T6201]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[   94.031828][ T6201]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[   94.031850][ T6201]  ? __pfx_vhost_task_create+0x10/0x10
[   94.031889][ T6201]  ? __pfx_vhost_task_fn+0x10/0x10
[   94.031928][ T6201]  kvm_mmu_post_init_vm+0x14c/0x300
[   94.031948][ T6201]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[   94.031971][ T6201]  ? __mutex_trylock_common+0x153/0x260
[   94.031995][ T6201]  ? __pfx___mutex_trylock_common+0x10/0x10
[   94.032015][ T6201]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[   94.032034][ T6201]  ? rcu_is_watching+0x15/0xb0
[   94.032054][ T6201]  ? trace_contention_end+0x39/0x120
[   94.032074][ T6201]  ? look_up_lock_class+0x74/0x170
[   94.032097][ T6201]  ? register_lock_class+0x51/0x320
[   94.032120][ T6201]  ? __lock_acquire+0xab9/0xd20
[   94.032166][ T6201]  kvm_vcpu_ioctl+0x95c/0xe90
[   94.032192][ T6201]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[   94.032230][ T6201]  ? __fget_files+0x2a/0x420
[   94.032250][ T6201]  ? __fget_files+0x3a0/0x420
[   94.032264][ T6201]  ? __fget_files+0x2a/0x420
[   94.032282][ T6201]  ? bpf_lsm_file_ioctl+0x9/0x20
[   94.032298][ T6201]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[   94.032314][ T6201]  __se_sys_ioctl+0xfc/0x170
[   94.032336][ T6201]  do_syscall_64+0xfa/0xfa0
[   94.032350][ T6201]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.032371][ T6201]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.032386][ T6201]  ? clear_bhb_loop+0x60/0xb0
[   94.032405][ T6201]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.032420][ T6201] RIP: 0033:0x7fd95338ec29
[   94.032435][ T6201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.032447][ T6201] RSP: 002b:00007fd95416d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   94.032464][ T6201] RAX: ffffffffffffffda RBX: 00007fd9535d5fa0 RCX: 00007fd95338ec29
[   94.032476][ T6201] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[   94.032485][ T6201] RBP: 00007fd95416d090 R08: 0000000000000000 R09: 0000000000000000
[   94.032495][ T6201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   94.032504][ T6201] R13: 00007fd9535d6038 R14: 00007fd9535d5fa0 R15: 00007ffe12d9cc08
[   94.032541][ T6201]  </TASK>
[   94.032625][ T6201] Mem-Info:
[   94.110230][    T9] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[   94.166348][ T6201] active_anon:18765 inactive_anon:0 isolated_anon:0
[   94.166348][ T6201]  active_file:14093 inactive_file:39858 isolated_file:0
[   94.166348][ T6201]  unevictable:768 dirty:814 writeback:0
[   94.166348][ T6201]  slab_reclaimable:10338 slab_unreclaimable:90990
[   94.166348][ T6201]  mapped:24839 shmem:14502 pagetables:1109
[   94.166348][ T6201]  sec_pagetables:0 bounce:0
[   94.166348][ T6201]  kernel_misc_reclaimable:0
[   94.166348][ T6201]  free:1314049 free_pcp:21331 free_cma:0
[   94.209416][    T9] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[   94.231987][ T6203] mmap: syz.3.81 (6203) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   94.235007][ T6201] Node 0 active_anon:68860kB inactive_anon:0kB active_file:56372kB inactive_file:159232kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:99456kB dirty:3244kB writeback:0kB shmem:50272kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11428kB pagetables:4408kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   94.905581][ T6201] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:12kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   94.935534][    C1] vkms_vblank_simulate: vblank timer overrun
[   94.944877][ T6201] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   94.977611][ T6201] lowmem_reserve[]: 0 2489 2489 2489 2489
[   94.983630][ T6201] Node 0 DMA32 free:1369312kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB free_highatomic:0KB active_anon:24708kB inactive_anon:0kB active_file:56372kB inactive_file:159232kB unevictable:1536kB writepending:3244kB zspages:0kB present:3129332kB managed:2549100kB mlocked:0kB bounce:0kB free_pcp:95604kB local_pcp:49932kB free_cma:0kB
[   95.017777][ T6201] lowmem_reserve[]: 0 0 0 0 0
[   95.022769][ T6201] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   95.053648][ T6201] lowmem_reserve[]: 0 0 0 0 0
[   95.058733][ T6201] Node 1 Normal free:3890600kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:12kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:19880kB local_pcp:11936kB free_cma:0kB
[   95.093660][ T6201] lowmem_reserve[]: 0 0 0 0 0
[   95.099624][ T6201] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   95.113216][ T6201] Node 0 DMA32: 961*4kB (UM) 
[   95.113420][    T9] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[   95.124666][ T6201] 336*8kB (UME) 178*16kB (UM) 153*32kB (UME) 92*64kB (UME) 27*128kB (ME) 16*256kB (UM) 10*512kB (UM) 12*1024kB (UM) 11*2048kB (UME) 319*4096kB (UM) = 1374276kB
[   95.146662][ T6201] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 
[   95.147430][    T9] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[   95.163400][ T6201] 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[   95.175376][ T6201] Node 1 Normal: 206*4kB (UE) 60*8kB (UME) 47*16kB (UME) 51*32kB (UME) 19*64kB (UME) 9*128kB (UME) 4*256kB (UME) 3*512kB (UM) 3*1024kB (UM) 2*2048kB (UE) 946*4096kB (M) = 3890600kB
[   95.193952][ T6201] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[   95.203644][ T6201] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   95.224473][ T6201] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[   95.235363][ T6201] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   95.245269][ T6201] 55627 total pagecache pages
[   95.250355][ T6201] 0 pages in swap cache
[   95.260359][ T6201] Free swap  = 124996kB
[   95.265037][ T6201] Total swap = 124996kB
[   95.278310][ T6201] 2097051 pages RAM
[   95.284574][ T6201] 0 pages HighMem/MovableOnly
[   95.292143][ T6201] 428070 pages reserved
[   95.296644][ T6201] 0 pages cma reserved
[   95.521225][ T6217] vxcan1: entered allmulticast mode
[   95.530456][ T6217] netlink: 40 bytes leftover after parsing attributes in process `syz.2.86'.
[   95.748391][   T24] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[   95.798339][   T89] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[   95.876458][ T6219] 9pnet_fd: Insufficient options for proto=fd
[   95.898324][   T24] usb 4-1: Using ep0 maxpacket: 16
[   95.907628][   T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   95.930006][   T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[   95.946571][ T6221] TCP: TCP_TX_DELAY enabled
[   95.950437][   T24] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   95.961545][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.969912][   T24] usb 4-1: Product: syz
[   95.974072][   T24] usb 4-1: Manufacturer: syz
[   95.976317][   T89] usb 3-1: Using ep0 maxpacket: 8
[   95.980291][   T24] usb 4-1: SerialNumber: syz
[   95.989641][   T89] usb 3-1: config 0 has an invalid interface number: 78 but max is 0
[   96.009254][   T89] usb 3-1: config 0 has no interface number 0
[   96.020216][   T89] usb 3-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice=f0.21
[   96.030034][   T89] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.039667][   T89] usb 3-1: Product: syz
[   96.043970][   T89] usb 3-1: Manufacturer: syz
[   96.068844][   T89] usb 3-1: SerialNumber: syz
[   96.083042][   T89] usb 3-1: config 0 descriptor??
[   96.210066][    T9] em28xx 2-1:0.0: Unknown AC97 audio processor detected!
[   96.225663][    T9] em28xx 2-1:0.0: couldn't setup AC97 register 2
[   96.234625][    T9] em28xx 2-1:0.0: couldn't setup AC97 register 4
[   96.241708][    T9] em28xx 2-1:0.0: couldn't setup AC97 register 6
[   96.251375][    T9] em28xx 2-1:0.0: couldn't setup AC97 register 54
[   96.258540][    T9] em28xx 2-1:0.0: couldn't setup AC97 register 56
[   96.283675][   T24] usb 4-1: 0:2 : does not exist
[   96.293757][    T9] usb 2-1: USB disconnect, device number 12
[   96.297915][   T24] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[   96.309664][   T89] usbhid 3-1:0.78: couldn't find an input interrupt endpoint
[   96.336285][   T89] usb 3-1: USB disconnect, device number 7
[   96.339925][   T24] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5)
[   96.357000][   T24] usb 4-1: 5:0: cannot get min/max values for control 4 (id 5)
[   96.369561][   T24] usb 4-1: 5:0: cannot get min/max values for control 8 (id 5)
[   96.389834][ T5980] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[   96.399879][   T24] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5)
[   96.414533][   T24] usb 4-1: USB disconnect, device number 6
[   96.558329][ T5980] usb 1-1: Using ep0 maxpacket: 32
[   96.564983][ T5980] usb 1-1: config 0 has an invalid interface number: 12 but max is 0
[   96.573385][ T5980] usb 1-1: config 0 has no interface number 0
[   96.579512][ T5980] usb 1-1: config 0 interface 12 has no altsetting 0
[   96.588078][ T5980] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[   96.597344][ T5980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.606008][ T5980] usb 1-1: Product: syz
[   96.611047][ T5980] usb 1-1: Manufacturer: syz
[   96.615746][ T5980] usb 1-1: SerialNumber: syz
[   96.622679][ T5980] usb 1-1: config 0 descriptor??
[   96.767234][ T6227] FAULT_INJECTION: forcing a failure.
[   96.767234][ T6227] name failslab, interval 1, probability 0, space 0, times 0
[   96.780184][ T6227] CPU: 1 UID: 0 PID: 6227 Comm: syz.1.91 Not tainted syzkaller #0 PREEMPT(full) 
[   96.780210][ T6227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   96.780218][ T6227] Call Trace:
[   96.780225][ T6227]  <TASK>
[   96.780231][ T6227]  dump_stack_lvl+0x189/0x250
[   96.780253][ T6227]  ? __pfx____ratelimit+0x10/0x10
[   96.780275][ T6227]  ? __pfx_dump_stack_lvl+0x10/0x10
[   96.780290][ T6227]  ? __pfx__printk+0x10/0x10
[   96.780312][ T6227]  ? save_netdev_trace_buffer+0x4cd/0x5e0
[   96.780343][ T6227]  should_fail_ex+0x414/0x560
[   96.780370][ T6227]  should_failslab+0xa8/0x100
[   96.780394][ T6227]  kmem_cache_alloc_noprof+0x74/0x6e0
[   96.780414][ T6227]  ? skb_clone+0x212/0x3a0
[   96.780436][ T6227]  skb_clone+0x212/0x3a0
[   96.780456][ T6227]  __netlink_deliver_tap+0x424/0x8b0
[   96.780490][ T6227]  ? netlink_deliver_tap+0x2e/0x1b0
[   96.780514][ T6227]  netlink_deliver_tap+0x19c/0x1b0
[   96.780536][ T6227]  netlink_dump+0x92b/0xe90
[   96.780566][ T6227]  ? __pfx_netlink_dump+0x10/0x10
[   96.780598][ T6227]  ? netlink_recvmsg+0x5b2/0xa30
[   96.780614][ T6227]  ? kmem_cache_free+0x19b/0x690
[   96.780634][ T6227]  netlink_recvmsg+0x676/0xa30
[   96.780659][ T6227]  ? __pfx_netlink_recvmsg+0x10/0x10
[   96.780675][ T6227]  ? __lock_acquire+0xab9/0xd20
[   96.780699][ T6227]  ? aa_sock_msg_perm+0xf1/0x1d0
[   96.780722][ T6227]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[   96.780744][ T6227]  ? __pfx_netlink_recvmsg+0x10/0x10
[   96.780767][ T6227]  sock_recvmsg_nosec+0x186/0x1c0
[   96.780791][ T6227]  ____sys_recvmsg+0x3aa/0x460
[   96.780817][ T6227]  ? __pfx_____sys_recvmsg+0x10/0x10
[   96.780858][ T6227]  ? import_iovec+0x74/0xa0
[   96.780880][ T6227]  ___sys_recvmsg+0x1b5/0x510
[   96.780902][ T6227]  ? __pfx____sys_recvmsg+0x10/0x10
[   96.780951][ T6227]  ? __might_fault+0xb0/0x130
[   96.780974][ T6227]  do_recvmmsg+0x307/0x770
[   96.780999][ T6227]  ? __pfx_do_recvmmsg+0x10/0x10
[   96.781029][ T6227]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   96.781063][ T6227]  __x64_sys_recvmmsg+0x190/0x240
[   96.781083][ T6227]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[   96.781103][ T6227]  ? do_syscall_64+0xbe/0xfa0
[   96.781122][ T6227]  do_syscall_64+0xfa/0xfa0
[   96.781136][ T6227]  ? lockdep_hardirqs_on+0x9c/0x150
[   96.781158][ T6227]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.781174][ T6227]  ? clear_bhb_loop+0x60/0xb0
[   96.781194][ T6227]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.781208][ T6227] RIP: 0033:0x7f59bf98ec29
[   96.781231][ T6227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.781244][ T6227] RSP: 002b:00007f59c0814038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   96.781262][ T6227] RAX: ffffffffffffffda RBX: 00007f59bfbd5fa0 RCX: 00007f59bf98ec29
[   96.781274][ T6227] RDX: 0400000000000059 RSI: 00002000000077c0 RDI: 0000000000000003
[   96.781285][ T6227] RBP: 00007f59c0814090 R08: 0000000000000000 R09: 0000000000000000
[   96.781295][ T6227] R10: 0000000000002040 R11: 0000000000000246 R12: 0000000000000002
[   96.781305][ T6227] R13: 00007f59bfbd6038 R14: 00007f59bfbd5fa0 R15: 00007fff54d47de8
[   96.781337][ T6227]  </TASK>
[   97.094053][    C1] vkms_vblank_simulate: vblank timer overrun
[   97.164798][ T5980] f81534 1-1:0.12: f81534_set_register: reg: 1002 data: 3 failed: -71
[   97.178924][ T5980] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71
[   97.186341][ T5980] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71
[   97.196142][ T5980] f81534 1-1:0.12: probe with driver f81534 failed with error -71
[   97.208727][ T5980] usb 1-1: USB disconnect, device number 8
[   97.347386][ T6235] ------------[ cut here ]------------
[   97.353040][ T6235] WARNING: fs/nsfs.c:493 at nsfs_fh_to_dentry+0xcc5/0xdc0, CPU#1: syz.3.94/6235
[   97.362205][ T6235] Modules linked in:
[   97.366326][ T6235] CPU: 1 UID: 0 PID: 6235 Comm: syz.3.94 Not tainted syzkaller #0 PREEMPT(full) 
[   97.375745][ T6235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   97.386397][ T6235] RIP: 0010:nsfs_fh_to_dentry+0xcc5/0xdc0
[   97.392664][ T6235] Code: 7c 24 60 e9 10 f8 ff ff e8 48 01 79 ff 90 0f 0b 90 e9 09 f6 ff ff e8 3a 01 79 ff 90 0f 0b 90 e9 81 f6 ff ff e8 2c 01 79 ff 90 <0f> 0b 90 e9 d0 f6 ff ff e8 1e 01 79 ff 45 31 ff e9 d9 f7 ff ff e8
[   97.412888][ T6235] RSP: 0018:ffffc900030a7a20 EFLAGS: 00010287
[   97.419207][ T6235] RAX: ffffffff824717f4 RBX: 00000000effffffd RCX: 0000000000080000
[   97.427574][ T6235] RDX: ffffc9000c623000 RSI: 0000000000000035 RDI: 0000000000000036
[   97.436002][ T6235] RBP: ffffc900030a7b10 R08: ffffffff8fe4db77 R09: 1ffffffff1fc9b6e
[   97.444096][ T6235] R10: dffffc0000000000 R11: fffffbfff1fc9b6f R12: 1ffff92000614f4c
[   97.452276][ T6235] R13: ffff888077be9554 R14: dffffc0000000000 R15: 0000000000000000
[   97.460307][ T6235] FS:  00007fd458af66c0(0000) GS:ffff8881258a2000(0000) knlGS:0000000000000000
[   97.469462][ T6235] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   97.476061][ T6235] CR2: 00002000000001c0 CR3: 0000000075156000 CR4: 00000000003526f0
[   97.484328][ T6235] Call Trace:
[   97.487623][ T6235]  <TASK>
[   97.490629][ T6235]  ? __pfx_stack_trace_save+0x10/0x10
[   97.496025][ T6235]  ? nsfs_fh_to_dentry+0x13c/0xdc0
[   97.501385][ T6235]  ? __pfx_nsfs_fh_to_dentry+0x10/0x10
[   97.506880][ T6235]  exportfs_decode_fh_raw+0x178/0x6e0
[   97.512325][ T6235]  ? __pfx_vfs_dentry_acceptable+0x10/0x10
[   97.518181][ T6235]  ? __pfx_exportfs_decode_fh_raw+0x10/0x10
[   97.524594][ T6235]  do_handle_to_path+0xa4/0x1a0
[   97.529883][ T6235]  do_handle_open+0x6b4/0x8f0
[   97.534599][ T6235]  ? __pfx_do_handle_open+0x10/0x10
[   97.539869][ T6235]  ? rcu_is_watching+0x15/0xb0
[   97.544646][ T6235]  ? do_syscall_64+0xbe/0xfa0
[   97.549395][ T6235]  do_syscall_64+0xfa/0xfa0
[   97.553931][ T6235]  ? lockdep_hardirqs_on+0x9c/0x150
[   97.559236][ T6235]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.565337][ T6235]  ? clear_bhb_loop+0x60/0xb0
[   97.570327][ T6235]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.576237][ T6235] RIP: 0033:0x7fd457b8ec29
[   97.580778][ T6235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.600465][ T6235] RSP: 002b:00007fd458af6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[   97.608989][ T6235] RAX: ffffffffffffffda RBX: 00007fd457dd5fa0 RCX: 00007fd457b8ec29
[   97.617003][ T6235] RDX: 0000000000400040 RSI: 0000200000000000 RDI: 0000000000000003
[   97.625076][ T6235] RBP: 00007fd457c11e41 R08: 0000000000000000 R09: 0000000000000000
[   97.633484][ T6235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   97.641880][ T6235] R13: 00007fd457dd6038 R14: 00007fd457dd5fa0 R15: 00007ffdcdf99d28
[   97.649958][ T6235]  </TASK>
[   97.652995][ T6235] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   97.660287][ T6235] CPU: 1 UID: 0 PID: 6235 Comm: syz.3.94 Not tainted syzkaller #0 PREEMPT(full) 
[   97.669414][ T6235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   97.679482][ T6235] Call Trace:
[   97.682787][ T6235]  <TASK>
[   97.685723][ T6235]  dump_stack_lvl+0x99/0x250
[   97.690325][ T6235]  ? __asan_memcpy+0x40/0x70
[   97.694921][ T6235]  ? __pfx_dump_stack_lvl+0x10/0x10
[   97.700104][ T6235]  ? __pfx__printk+0x10/0x10
[   97.704708][ T6235]  vpanic+0x237/0x6d0
[   97.708705][ T6235]  ? __pfx_vpanic+0x10/0x10
[   97.713223][ T6235]  ? is_bpf_text_address+0x292/0x2b0
[   97.718524][ T6235]  ? is_bpf_text_address+0x26/0x2b0
[   97.723775][ T6235]  panic+0xb9/0xc0
[   97.727592][ T6235]  ? __pfx_panic+0x10/0x10
[   97.732015][ T6235]  __warn+0x334/0x4c0
[   97.735988][ T6235]  ? nsfs_fh_to_dentry+0xcc5/0xdc0
[   97.741088][ T6235]  ? nsfs_fh_to_dentry+0xcc5/0xdc0
[   97.746253][ T6235]  report_bug+0x2be/0x4f0
[   97.750609][ T6235]  ? nsfs_fh_to_dentry+0xcc5/0xdc0
[   97.755710][ T6235]  ? nsfs_fh_to_dentry+0xcc5/0xdc0
[   97.760818][ T6235]  ? nsfs_fh_to_dentry+0xcc7/0xdc0
[   97.765929][ T6235]  handle_bug+0x84/0x160
[   97.770174][ T6235]  exc_invalid_op+0x1a/0x50
[   97.774668][ T6235]  asm_exc_invalid_op+0x1a/0x20
[   97.779525][ T6235] RIP: 0010:nsfs_fh_to_dentry+0xcc5/0xdc0
[   97.785250][ T6235] Code: 7c 24 60 e9 10 f8 ff ff e8 48 01 79 ff 90 0f 0b 90 e9 09 f6 ff ff e8 3a 01 79 ff 90 0f 0b 90 e9 81 f6 ff ff e8 2c 01 79 ff 90 <0f> 0b 90 e9 d0 f6 ff ff e8 1e 01 79 ff 45 31 ff e9 d9 f7 ff ff e8
[   97.805031][ T6235] RSP: 0018:ffffc900030a7a20 EFLAGS: 00010287
[   97.811103][ T6235] RAX: ffffffff824717f4 RBX: 00000000effffffd RCX: 0000000000080000
[   97.819155][ T6235] RDX: ffffc9000c623000 RSI: 0000000000000035 RDI: 0000000000000036
[   97.827114][ T6235] RBP: ffffc900030a7b10 R08: ffffffff8fe4db77 R09: 1ffffffff1fc9b6e
[   97.835081][ T6235] R10: dffffc0000000000 R11: fffffbfff1fc9b6f R12: 1ffff92000614f4c
[   97.843046][ T6235] R13: ffff888077be9554 R14: dffffc0000000000 R15: 0000000000000000
[   97.851033][ T6235]  ? nsfs_fh_to_dentry+0xcc4/0xdc0
[   97.856142][ T6235]  ? __pfx_stack_trace_save+0x10/0x10
[   97.861507][ T6235]  ? nsfs_fh_to_dentry+0x13c/0xdc0
[   97.866605][ T6235]  ? __pfx_nsfs_fh_to_dentry+0x10/0x10
[   97.872058][ T6235]  exportfs_decode_fh_raw+0x178/0x6e0
[   97.877426][ T6235]  ? __pfx_vfs_dentry_acceptable+0x10/0x10
[   97.883232][ T6235]  ? __pfx_exportfs_decode_fh_raw+0x10/0x10
[   97.889153][ T6235]  do_handle_to_path+0xa4/0x1a0
[   97.894016][ T6235]  do_handle_open+0x6b4/0x8f0
[   97.898694][ T6235]  ? __pfx_do_handle_open+0x10/0x10
[   97.903891][ T6235]  ? rcu_is_watching+0x15/0xb0
[   97.908654][ T6235]  ? do_syscall_64+0xbe/0xfa0
[   97.913319][ T6235]  do_syscall_64+0xfa/0xfa0
[   97.917813][ T6235]  ? lockdep_hardirqs_on+0x9c/0x150
[   97.923003][ T6235]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.929092][ T6235]  ? clear_bhb_loop+0x60/0xb0
[   97.933777][ T6235]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.939673][ T6235] RIP: 0033:0x7fd457b8ec29
[   97.944117][ T6235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.963722][ T6235] RSP: 002b:00007fd458af6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[   97.972154][ T6235] RAX: ffffffffffffffda RBX: 00007fd457dd5fa0 RCX: 00007fd457b8ec29
[   97.980140][ T6235] RDX: 0000000000400040 RSI: 0000200000000000 RDI: 0000000000000003
[   97.988319][ T6235] RBP: 00007fd457c11e41 R08: 0000000000000000 R09: 0000000000000000
[   97.996296][ T6235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   98.004372][ T6235] R13: 00007fd457dd6038 R14: 00007fd457dd5fa0 R15: 00007ffdcdf99d28
[   98.012659][ T6235]  </TASK>
[   98.015953][ T6235] Kernel Offset: disabled
[   98.020283][ T6235] Rebooting in 86400 seconds..