last executing test programs:

5.598985739s ago: executing program 3 (id=566):
io_uring_setup(0x46d8, &(0x7f0000000180)={0x0, 0x1e8a, 0x1, 0x3, 0x3f})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000027c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000003b80)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000680)="efed04867be2c50d099cc784c723da6857316e137d47a04f65e1632429d3e23b5894d89831b778bc3a523ad34bd0aaa6ea87eab9b8d4652f247bae7c840dc288f042ceb90165547ecdc5efe837dda67b94e8035684088c833f7958682990ab4414283c3ca538c110bf59a4348855b548e89178f9694429c753e74e96a967af6909d2bf7124f7145a17f4d8cf694926a2b1d3f55b28544dc2583da4d4584a517f029611e3110d4f9225e1f7e83ccce089ec4c040e618e85b9a1d6e86aa7a1d7bf9ead6dec5e4d8489873114974bdcb608f50142", 0xd3}, {&(0x7f0000000780)="6e0a57da14d4571798176a96435f5da9d32ecfae0cd8f04f9daaaf73a341c1f71a", 0x21}, {&(0x7f0000000880)="e740ff3c6c26e5731294c5db17388a5fb767a047e70cd8a3bcdb49360f360e6564267a982ffe4ce2e5fc1f11123dab8f55339a14dd47928dad8b148825e065aaf5716ec74af5d1d7997ef0feed7244838b7bdf84ac22324adc47ad66ba750903a39f67ed95c49f975717b6793a2fcf6a27723e2c0e7648fa3304d538d3e6b6b06fb04f48a35882d48aac6c685caf46daf3f265f89b73cb1b52abe267cbbf7ffdcfeac9427a5ed6dbe04b596aa57e7f94fb3ea02a9716472c079cc61bfb87812b6b2e1e85", 0xc4}], 0x3, 0x0, 0x0, 0x4000000}}], 0x1, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0xffff, r1, 0x0}])
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x80100, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1100000004000000040000000a00000000000000", @ANYRES32, @ANYBLOB="0000000000000007000000eaff000000000004008b97b9fd731af2686fb2640ef45bf5834c", @ANYRES32=0x0, @ANYRES32], 0x50)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000002100)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000002180)={&(0x7f0000002140)={0x1c, r3, 0x1, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x2800}, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001500add427323b472545b4560a117fff0b0082001b5980000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffff62fa86b3c67992f7d4f78c24", 0x45}, {&(0x7f00000000c0)}, {&(0x7f0000000180)="3346252f5a393a2808d91260734f8244", 0x10}], 0x3)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f0000000300)}}, {{&(0x7f0000000600)=@can, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000b40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}}], 0x2, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f80)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x80000000, @remote, 0x7}, 0x1c, &(0x7f0000000f00)=[{0x0}, {&(0x7f0000000540)}, {0x0}], 0x3}}], 0x1, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r8 = accept4(r7, 0x0, 0x0, 0x800)
sendmmsg$alg(r8, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r8, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r9 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)

5.598436639s ago: executing program 2 (id=567):
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]})
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x10000000, 0x10000, 0x3, 0x4002004c2, 0x1000, 0x9, 0x0, 0x400, 0x80, 0x3, 0x0, 0x1, 0x8d], 0xffff1000, 0x80})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5.42653245s ago: executing program 4 (id=568):
io_uring_setup(0x46d8, &(0x7f0000000180)={0x0, 0x1e8a, 0x1, 0x3, 0x3f})
connect$unix(0xffffffffffffffff, &(0x7f00000027c0)=@file={0x0, './file0\x00'}, 0x6e)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x80100, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1100000004000000040000000a00000000000000", @ANYRES32, @ANYBLOB="0000000000000007000000eaff000000000004008b97b9fd731af2686fb2640ef45bf5834c", @ANYRES32=0x0, @ANYRES32], 0x50)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000002100)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000002180)={&(0x7f0000002140)={0x1c, 0x0, 0x1, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x2800}, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001500add427323b472545b4560a117fff0b0082001b5980000efffeffe809000000ff0000f03ac7100003ffffffffffffff", 0x35}, {&(0x7f00000000c0)}, {&(0x7f0000000180)="3346252f5a393a2808d91260734f8244", 0x10}], 0x3)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f80)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x80000000, @remote, 0x7}, 0x1c, &(0x7f0000000f00)=[{0x0}, {&(0x7f0000000540)}, {0x0}], 0x3}}], 0x1, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

5.105204532s ago: executing program 2 (id=570):
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'team0\x00', <r0=>0x0})
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001140)=[{{0x0, 0x0, &(0x7f0000001780)}}, {{&(0x7f0000000500)=@ll={0x11, 0x16, r0, 0x1, 0x7, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3f}}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000600)="ea19a6cd956cec436c74787246d13ca11081dbabebcb76c1d2e8b7d0c8c1aabdd95fc51096c8d57e818ce768ccceed4d115abed88468be323c820ade265a87419a77736785f202fe11a5dd77773ba9a4c83087f956929503b1e1ff5b37da9fe53fb758af2d89f01e0df78efd88cf4a01c0b8766c480a0394b6c8fc9fc12099c5bb81de2cb7a9f7cda5c9b265453e575767fb58b840bfe5d709889eea7579a18472fdd1630e7fbbe9d68f", 0xaa}, {&(0x7f0000000740)="efded85c2c542acacf9d79eea389735832330080b0afe68599b4b850531e65e89deb1e", 0x23}], 0x2}}, {{&(0x7f0000000880)=@pptp={0x18, 0x2, {0x3, @private=0xa010100}}, 0x80, &(0x7f00000010c0)=[{&(0x7f0000001200)}, {0x0}, {&(0x7f0000001000)="18a8583924039aadf86313c609284663d89bbf4926f433da348624e066f55a2241069c638f862039561bc732", 0x2c}], 0x3}}], 0x3, 0x200000c0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

4.568384239s ago: executing program 3 (id=571):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040))
mremap(&(0x7f0000000000/0x9000)=nil, 0x600a00, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
write$ppp(r0, &(0x7f00000000c0)="91ff", 0x2)

4.333753185s ago: executing program 4 (id=573):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x101000, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x4, 0x4, 0x2, 0x4, {0xa, 0x4e23, 0x13, @private2={0xfc, 0x2, '\x00', 0x1}, 0x3}}}, 0x80, 0x0}, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x1fd, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x0, 0x0, @pic={0x3, 0x7, 0xe1, 0x81, 0x9, 0xf9, 0x40, 0x47, 0xa, 0x0, 0xc, 0xfd, 0xfb, 0x4, 0xfc, 0x38}})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x200000000000006e, 0x0, 0x100000000005, 0x20, 0x3, 0x2, 0x106c, 0x100, 0x8000000000000, 0x80000004000080, 0x8000000, 0x8, 0x0, 0x4, 0x0, 0x8000], 0x1, 0x3c4210})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4.117221909s ago: executing program 3 (id=574):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x624400, 0x0)
r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000200), 0x20a00, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000480)=0x1)
close_range(r0, 0xffffffffffffffff, 0x0)

4.017521576s ago: executing program 2 (id=576):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000003f00)='/dev/comedi3\x00', 0x101000, 0x0)
ioctl$COMEDI_CHANINFO(r0, 0x80306403, &(0x7f000002a500)={0x0, 0x0, 0x0, &(0x7f0000025d80)})

3.801571871s ago: executing program 2 (id=578):
io_uring_setup(0x46d8, &(0x7f0000000180)={0x0, 0x1e8a, 0x1, 0x3, 0x3f})
connect$unix(0xffffffffffffffff, &(0x7f00000027c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003b80)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000680)="efed04867be2c50d099cc784c723da6857316e137d47a04f65e1632429d3e23b5894d89831b778bc3a523ad34bd0aaa6ea87eab9b8d4652f247bae7c840dc288f042ceb90165547ecdc5efe837dda67b94e8035684088c833f7958682990ab4414283c3ca538c110bf59a4348855b548e89178f9694429c753e74e96a967af6909d2bf7124f7145a17f4d8cf694926a2b1d3f55b28544dc2583da4d4584a517f029611e3110d4f9225e1f7e83ccce089ec4c040e618e85b9a1d6e86aa7a1d7bf9ead6dec5e4d8489873114974bdcb608f501421c5a01a0d269", 0xd9}, {&(0x7f0000000780)="6e0a57da14d4571798176a96435f5da9d32ecfae0cd8f04f9daaaf73a341c1f71a", 0x21}, {&(0x7f0000000880)="e740ff3c6c26e5731294c5db17388a5fb767a047e70cd8a3bcdb49360f360e6564267a982ffe4ce2e5fc1f11123dab8f55339a14dd47928dad8b148825e065aaf5716ec74af5d1d7997ef0feed7244838b7bdf84ac22324adc47ad66ba750903a39f67ed95c49f975717b6793a2fcf6a27723e2c0e7648fa3304d538d3e6b6b06fb04f48a35882d48aac6c685caf46daf3f265f89b73cb1b52abe267cbbf7ffdcfeac9427a5ed6dbe04b596aa57e7f94fb3ea02a9716472c07", 0xb9}], 0x3, 0x0, 0x0, 0x4000000}}], 0x1, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0xffff, 0xffffffffffffffff, 0x0}])
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x80100, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYRES32, @ANYBLOB="0000000000000007000000eaff000000000004008b97b9fd731af2686fb2640ef45bf5834c", @ANYRES32=0x0, @ANYRES32], 0x50)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000002100)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000002180)={&(0x7f0000002140)={0x1c, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x2800}, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001500add427323b472545b4560a117fff0b0082001b5980000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffff62fa86b3c67992f7d4f78c24f9", 0x46}, {&(0x7f00000000c0)}, {&(0x7f0000000180)="3346252f5a393a2808d91260734f8244", 0x10}], 0x3)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f0000000300)}}, {{&(0x7f0000000600)=@can, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000b40)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}], 0x18}}], 0x2, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f80)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x80000000, @remote, 0x7}, 0x1c, &(0x7f0000000f00)=[{0x0}, {&(0x7f0000000540)}, {0x0}], 0x3}}], 0x1, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r6 = accept4(r5, 0x0, 0x0, 0x800)
sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

3.173713184s ago: executing program 4 (id=581):
socket(0xa, 0x4, 0x3a)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e110b", @ANYRES64=r0], 0xfc)

3.144280426s ago: executing program 2 (id=582):
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000140)='{:\'@-\x00', 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000fc0)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3800000048001101"], 0x38}, 0x1, 0x0, 0x0, 0x20000040}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x4040001}, 0xc4c4)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
ioctl$KVM_SET_DEBUGREGS(0xffffffffffffffff, 0x4080aea2, &(0x7f0000000080)={[0xeeee0000, 0xa000, 0xddddf000, 0xb000], 0x2000000db, 0xc})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8000000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.858081585s ago: executing program 4 (id=583):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000001340)='./file0\x00', 0x80101, 0x8c)
ioctl$SNDCTL_DSP_POST(r2, 0x5008, 0x0)

2.750505003s ago: executing program 2 (id=584):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f00000002c0)={0x0, 'syzkaller0\x00', {0x1}, 0xb5})
r2 = socket$netlink(0x10, 0x3, 0x0)
preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/32, 0x20}], 0x1, 0xe, 0x6)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})

1.480382999s ago: executing program 1 (id=588):
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04ff0f02"], 0x12)

1.370928726s ago: executing program 1 (id=589):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x109040, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000000)={@local})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$COMEDI_INSNLIST(r0, 0x8010640b, &(0x7f0000000000)={0x0, 0x0})

1.228019106s ago: executing program 0 (id=590):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)

1.217957797s ago: executing program 1 (id=591):
mkdir(&(0x7f00000003c0)='./file0\x00', 0x169)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000021c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chroot(&(0x7f0000000000)='./bus\x00')
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)

951.936145ms ago: executing program 1 (id=592):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_io_uring_setup(0x4bb9, 0x0, 0x0, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x4000844)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0xc0189436, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x1, 0x109402)
writev(r0, &(0x7f0000000c40)=[{0x0}, {&(0x7f00000005c0)="c21cfb", 0x3}, {&(0x7f00000007c0), 0x300}, {&(0x7f0000000900), 0x4000}], 0xe)
sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, 0x0, 0x840)

934.701726ms ago: executing program 0 (id=593):
symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x24)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file7\x00', 0x1c0)
renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file7/file0\x00', 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file7/file0\x00', 0x101000, 0x108)
lseek(r0, 0x1, 0x3)

704.776802ms ago: executing program 4 (id=594):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r2, &(0x7f0000000200)="134aa918ebf973fb6f12453f21ff679a92956dac71fa92db", 0x18)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

658.213315ms ago: executing program 1 (id=595):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r0, &(0x7f0000002780)=[{{0x0, 0x0, &(0x7f0000001a00)=[{&(0x7f0000000740)="ab24d443059991344bcf718f98515c1a28a39a5580654ef922a9669590ca191e54285e618efba7fad45297a641414cf199c66e8af3ee7ec823c254c191192b7f15c75df066578f0346f47423e3d1796bce784f060f094a8f1150f2b7fcfa2296bbeb29da983bcb51c53f83222c5ce5433244c2b79b5d4acb24039d65c0bccea8c380a0888ce651f033503cee4ce8dc464f4083d0d2f3e7e57fd1d807797e94de53927756b10bacd92dea57d1dfa4fa18fad3e7e3a557d8dbec5cde0329c0179ec7386928f795d02436e55a463471e3870cfb55e7d1c5969aa66ee9b991cacfb68e8b0dec5c3fcc646d92ef9ed8b3e8e2be0f81b9a78c29b3e9cb79c3b1daa2c7a8fcd3d9a3b1fcfff41782c80e20c2be287cf82f4718dfd2f88bfb3b0af22bc38e74cf997c9b47293e4b383c38676b087441599d07c8f618072f1440b0f745dbc33330d1b0e2915a07b605f2001aed20f8dffa977d0fdd2a2c13bb608839aed516c094d86bba88be6eba206b0aaa420e60c313542bed7292bc74971312941256f71a0fd0acadd68f7d0ba527c0374d0f77bfef9909b4be7ef71d387c65c5e1095cd7af7846e3b84f87bbd4f0005a99452c697e80881769f431db0856c5df27605e17f46250ec711e2406c4db20a776b521dafbf32ece25a562bd4d377ef8eb6da4850e5f4e0ea607ffdd8bf421c30e63b3d58425267265e54d0e324fa53e5b1bf897ad7b922553879c7961d77c045d2866a066374677142b5e3b0fd8330a2421489cc3ab362da94afafd613dcdab3e05bec3d9898e5445096b16b38349827ad8f3660ec7a640eb4241ac0ded7d04404e0a3ec940010138d9cdcc1101d976579944cd23ff310f4429fa9da353b2e554d778b016143db9b4ab68d450b13623c89737be25a24fd3e847e5541bd9555e85ab1c65a502bf2b76fa51d2cd3640ecb662d7d4b055f198b704736c401c4ede30b081acddbf829173c99f7973d0eb22f05530554417bb53682e34b5fd34b3aa2259a521cf8fc09ab89522c16b8597ef503935c26388d97fbe59f59eab991f5b3e3bae2855e15235f326d9d8e40573b5a262f52a2b3631d24c92d0a4df11f49f5656efe07a53d26a013fe37b7c8a9793a22461d0c95ecc179c4b11b98243491791311d9e849471cdc74fb8e3b6f2089d62cc91ccb036c95bb8b29c5bb58c36326439e87520b653d0f4d50ebb70bfc71fcbe94bde186df2fe012cf0509420229b3480163cfc6b1810e13cb4f5d9ad45dda8e24b474993b085e2f2f7a1118818a22c3dd9915c2d6a46ecef76fa95cbd09b3a48df4c3755e450857eb057c4cd512e0cae42d16c2d65cfc2e3182eccc956fcb346711684497a0b4fe184c0e57d7b2d31511944aa70042de624a2cbc90fc8c5011974b4f17b3d972936a1c7e82cbce5ffc8f9255c6c3c97feb6762e1b115f01649b125ea09cc40a857be2aec8e55f0dfacecb74aab44d9ac77e6dd9fba4f01c00b56ee343ca3f44892545a8569d320d49c4ff5cc3f72df2bcfe085ef1013b358436b62bfdd2a218d5c72d43d8d7b6170015a115f2d6a82e4105c0cfab5bcb924d5dd095f0b2dba657914e6f92ecc325483289b2165fe5062960680028c82b47bc7d1dd9e83398c25adc391632a75983e367a525d1d8e7f58e4e08ab245b0a937b1fa3e758036d56892e9c84e812d011e94587a88d38571c29524ac2589d43a9c8517c65d19d3ca9f8bd81bb817faeaad32cf7872bc2032eb6b7b6d4711ba144c569103ee6f944ec74cb79bda51e6e4e701d7f19b7b1a6b4917b086efe29187247d79ca97a4d04f39b7123b74a69ef8fb1e647f01d232d38d424f4557fb4084f632b24108b6507b5c9fb336b0dae4f1375a5d73d730364f8daabe7b12dee8d83477e8662e49c77eb4cb19db4f8115c7a70335e0b0d5007963fae9f12484c8c5879f640cd4b24a8f4c112aaa0e09ffb21e93d3d4ae8c21ddde63b0ccafa2a80654aa9025210e27681523a19eb4371dfbc78da1ca16e5a00601213c0f0083a44bb507434555b9a33a0a72baabe375b8d6fcc6395c49dacd3622b97e90c43af329bfb35239f16803759491aa2dfe37b397829df8e79d0eaad1ee6adb25b69c75c568c1f73401adb47e620ae59c85c8abecd819efa6c6b504030dcebc60e8975b9a896506ab66f9b012c3241d3cc3c4f57252189a808d6e01cc7d7b4a0f080a065a3d622fdcc39972e7c1958e5dad3fae23aa07c6fce808f93edda6bc7fc7ad674502cea59c9b9b19b8e2e7b73d0ddead38d4b40a3e3ce203475a2c3e0b8c55712c1158291ffa7d25b8c12215c68f8a8598727446aea8198be70722feba544d1bbfbd7572180152807a6022ce362682c37c92a4905c64a3dd532805a990bec7fa764f32f061a741173d5283f5798c7be5145d1f18a262b03c975a567fa551902eddbcd9df9857679532bf379067cf807d57ace84e739fefb8760b9b21acba80ec2f6f547b876ac69ac08fb20c3e502c24b3fbd3144451801d0d53429597d23671d39ed2585536fd9a7c95e7870ae215987a3ed1ef9f8efc7b82b7f7d042c6a80f81f769eef7aa5138a1584596f226f2e4a39", 0x72e}], 0x1}}], 0x1, 0x4002090)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

642.960866ms ago: executing program 0 (id=596):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_HEADER(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0xc, 0x6, 0x301, 0x0, 0x0, {0x7, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x3c}}, 0x800)

501.326816ms ago: executing program 1 (id=597):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48)
socket$netlink(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3000001, 0x11, r1, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x6040850}, 0x20000040)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffbfffff5]}, 0x8, 0x0)
readv(r3, &(0x7f0000002940)=[{0x0}], 0x1)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000102c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24040010}, 0x80)
recvmmsg(r0, 0x0, 0x0, 0x40, &(0x7f0000005ec0))

450.717149ms ago: executing program 0 (id=598):
timer_delete(0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
setrlimit(0x7, &(0x7f0000000400))
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4})

349.157116ms ago: executing program 3 (id=599):
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
ioctl$VIDIOC_SUBDEV_S_FMT(0xffffffffffffffff, 0xc0305602, &(0x7f0000000000)={0x1, 0x0, {0x4}})
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={r0, &(0x7f0000000000), 0x0}, 0x20)

284.04968ms ago: executing program 0 (id=600):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x40100001, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000002c0)={r2, <r3=>0x0, <r4=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000240)={0x0, 0x0, r3, r4, 0x3, 0x5, 0x2, 0x1, {0xac7c, 0x1, 0x7, 0x43, 0xf4b, 0x2, 0x1, 0x45, 0x3ff, 0xe154, 0x20, 0x7, 0xb2bf, 0x3, "fe1d00003413000000000000000caa000000090000000000000004b427180010"}})

233.846334ms ago: executing program 3 (id=601):
syz_open_dev$sg(0x0, 0x100000a, 0x20101)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000))
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00001c9000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x2000000, 0x0, 0x0, 0x237, 0x0, 0x2, 0x12, 0x2})
listen(r0, 0x2)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5", 0x4)
seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000000300)=0x1da)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000600)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "00fcff", 0x18, 0x6, 0x1, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x2}]}}}}}}}}, 0x0)

47.852256ms ago: executing program 0 (id=602):
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x48000)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x3, 0x0, @vifc_lcl_addr=@local, @local}, 0x10)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$igmp(0x2, 0x3, 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, 0x0)
setuid(0x0)
bind$l2tp(0xffffffffffffffff, 0x0, 0x0)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000040)={0x6, 0x0, 0x0, 0xfffff000, @vifc_lcl_addr=@local, @dev={0xac, 0x14, 0x14, 0x37}}, 0x10)
setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x2a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0xfb, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c)

47.646667ms ago: executing program 4 (id=603):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_HYPERV_SYNIC2(r2, 0x4068aea3, &(0x7f0000000140))
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x40000099, 0x0, 0x560f}]})

0s ago: executing program 3 (id=604):
r0 = socket$inet6(0xa, 0x5, 0x0)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e22, 0x1, @private1, 0x5}, 0x1c)
r1 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='veth0_macvtap\x00', 0x10)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x41}}}, 0x1c)
connect$inet6(r1, &(0x7f0000000300)={0xa, 0x4e22, 0x2, @private1, 0x5}, 0x1c)

kernel console output (not intermixed with test programs):

420] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   82.316400][ T4420] BTRFS info (device loop0): setting nodatasum
[   82.335069][ T4420] BTRFS info (device loop0): force zlib compression, level 3
[   82.343675][ T4443] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   82.370835][ T4420] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8)
[   82.388485][ T4420] BTRFS info (device loop0): use lzo compression, level 0
[   82.396347][ T4420] BTRFS info (device loop0): turning on flush-on-commit
[   82.403834][ T4420] BTRFS info (device loop0): enabling auto defrag
[   82.438474][ T4420] BTRFS info (device loop0): max_inline at 4096
[   82.459114][ T4420] BTRFS info (device loop0): using free space tree
[   82.479128][ T4420] BTRFS info (device loop0): has skinny extents
[   82.489936][ T4426] loop1: detected capacity change from 0 to 32768
[   82.623438][ T4426] XFS (loop1): Mounting V5 Filesystem
[   82.660188][ T4225] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   82.701798][ T4420] BTRFS info (device loop0): enabling ssd optimizations
[   82.762234][ T4426] XFS (loop1): Ending clean mount
[   82.910392][ T4225] usb 3-1: Using ep0 maxpacket: 32
[   82.965521][ T4184] XFS (loop1): Unmounting Filesystem
[   82.998807][ T4230] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   83.102133][ T1111] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[   83.190389][ T4225] usb 3-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f
[   83.209826][ T4225] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   83.218904][ T4225] usb 3-1: Product: syz
[   83.228308][ T4225] usb 3-1: Manufacturer: syz
[   83.234477][ T4225] usb 3-1: SerialNumber: syz
[   83.249104][ T4225] usb 3-1: config 0 descriptor??
[   83.289479][ T4477] loop1: detected capacity change from 0 to 4096
[   83.292884][ T4225] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state.
[   83.305685][ T4225] dvb-usb: bulk message failed: -22 (4/0)
[   83.317669][ T4225] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[   83.328432][ T4225] dvb-usb: bulk message failed: -22 (5/0)
[   83.334624][ T4225] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[   83.347856][ T4478] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   83.356773][ T4225] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   83.391751][ T4230] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[   83.400739][ T4225] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0)
[   83.409823][ T4230] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   83.409873][ T4225] usb 3-1: media controller created
[   83.427147][ T4230] usb 5-1: config 0 descriptor??
[   83.446491][ T4225] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   83.460875][ T1111] usb 1-1: not running at top speed; connect to a high speed hub
[   83.471618][ T4225] usb 3-1: selecting invalid altsetting 3
[   83.477643][ T4225] ttusb2: set interface to alts=3 failed
[   83.499787][ T4230] cp210x 5-1:0.0: cp210x converter detected
[   83.561682][ T4225] DVB: Unable to find symbol tda10086_attach()
[   83.570519][ T1111] usb 1-1: config 1 has an invalid descriptor of length 203, skipping remainder of the config
[   83.570547][ T4225] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0'
[   83.588407][ T1111] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[   83.624413][ T4483] netlink: 'syz.1.59': attribute type 10 has an invalid length.
[   83.640685][ T4225] dvb-usb: bulk message failed: -22 (4/0)
[   83.646471][ T4225] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[   83.656413][ T4483] team0: Port device dummy0 added
[   83.657697][ T4225] dvb-usb: bulk message failed: -22 (5/0)
[   83.668746][ T4225] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[   83.671757][ T4483] netlink: 'syz.1.59': attribute type 10 has an invalid length.
[   83.679423][ T4225] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected.
[   83.728965][ T4225] usb 3-1: USB disconnect, device number 2
[   83.756904][ T4483] team0: Port device dummy0 removed
[   83.769445][ T4483] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   83.781616][ T1111] usb 1-1: New USB device found, idVendor=1784, idProduct=0004, bcdDevice= 0.40
[   83.793520][ T4225] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected.
[   83.799137][ T1111] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   83.827415][ T1111] usb 1-1: Product: syz
[   83.848607][ T1111] usb 1-1: Manufacturer: syz
[   83.854373][ T1111] usb 1-1: SerialNumber: syz
[   83.920389][ T1111] usb 1-1: can't set config #1, error -71
[   83.951140][ T1111] usb 1-1: USB disconnect, device number 2
[   83.998413][ T4490] loop1: detected capacity change from 0 to 2048
[   84.037595][ T4490] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=2242, location=2242
[   84.054119][ T4490] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[   84.104303][ T4490] UDF-fs: Scanning with blocksize 512 failed
[   84.116063][ T4490] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=1986, location=1986
[   84.129954][ T4490] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=2242, location=2242
[   84.130728][ T4230] cp210x 5-1:0.0: failed to get vendor val 0x000e size 678: -32
[   84.145884][ T4490] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[   84.158101][ T4230] cp210x 5-1:0.0: GPIO initialisation failed: -32
[   84.159440][ T4490] UDF-fs: Scanning with blocksize 1024 failed
[   84.179928][ T4490] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=1986, location=1986
[   84.183002][ T4230] usb 5-1: cp210x converter now attached to ttyUSB0
[   84.196774][ T4490] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=2242, location=2242
[   84.196802][ T4490] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[   84.196815][ T4490] UDF-fs: Scanning with blocksize 2048 failed
[   84.197109][ T4490] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=1986, location=1986
[   84.236198][ T4490] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=2242, location=2242
[   84.267304][ T4490] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[   84.275861][ T4490] UDF-fs: Scanning with blocksize 4096 failed
[   84.289092][ T4490] UDF-fs: warning (device loop1): udf_fill_super: No partition found (1)
[   85.432020][ T4503] loop1: detected capacity change from 0 to 32768
[   85.500465][ T4503] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop1 scanned by syz.1.64 (4503)
[   85.689507][ T4503] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[   85.714914][ T4503] BTRFS info (device loop1): setting nodatacow, compression disabled
[   85.744643][ T4503] BTRFS info (device loop1): turning on flush-on-commit
[   85.764181][ T4503] BTRFS info (device loop1): using free space tree
[   85.782228][ T4503] BTRFS info (device loop1): has skinny extents
[   85.889747][ T4535] x_tables: duplicate underflow at hook 2
[   86.001332][ T1345] usb 5-1: USB disconnect, device number 2
[   86.024742][ T4510] XFS (loop0): Mounting V5 Filesystem
[   86.025301][ T1345] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[   86.037924][ T4543] netlink: 256 bytes leftover after parsing attributes in process `syz.4.74'.
[   86.045838][ T1345] cp210x 5-1:0.0: device disconnected
[   86.206975][ T4543] overlayfs: missing 'workdir'
[   86.297224][ T4510] XFS (loop0): Ending clean mount
[   86.329054][ T4559] netlink: 24 bytes leftover after parsing attributes in process `syz.4.75'.
[   86.416571][ T4510] XFS (loop0): Quotacheck needed: Please wait.
[   86.494943][ T4503] BTRFS info (device loop1): enabling ssd optimizations
[   86.520429][ T4565] set_capacity_and_notify: 1 callbacks suppressed
[   86.520444][ T4565] loop4: detected capacity change from 0 to 512
[   86.565698][ T4566] loop3: detected capacity change from 0 to 4096
[   86.608390][   T26] audit: type=1800 audit(1775298312.847:2): pid=4503 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.64" name="file2" dev="loop1" ino=261 res=0 errno=0
[   86.630844][ T4510] XFS (loop0): Quotacheck: Done.
[   86.733765][   T13] cfg80211: failed to load regulatory.db
[   86.858044][ T4565] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodioread_nolock,sb=0x0000000000000001,,errors=continue. Quota mode: writeback.
[   86.899468][ T4189] XFS (loop0): Unmounting Filesystem
[   87.010329][ T4565] ext4 filesystem being mounted at /12/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   87.040193][   T13] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[   87.240183][   T13] usb 4-1: device descriptor read/64, error -71
[   87.705497][ T4579] loop2: detected capacity change from 0 to 512
[   87.874370][ T4579] EXT4-fs (loop2): Invalid want_extra_isize 11
[   88.294980][   T13] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[   88.490214][   T13] usb 4-1: device descriptor read/64, error -71
[   88.530726][ T4588] FAULT_INJECTION: forcing a failure.
[   88.530726][ T4588] name failslab, interval 1, probability 0, space 0, times 0
[   88.610316][ T4588] CPU: 1 PID: 4588 Comm: syz.2.83 Not tainted syzkaller #0
[   88.617575][ T4588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   88.620923][   T13] usb usb4-port1: attempt power cycle
[   88.627764][ T4588] Call Trace:
[   88.627817][ T4588]  <TASK>
[   88.627826][ T4588]  dump_stack_lvl+0x188/0x250
[   88.627856][ T4588]  ? show_regs_print_info+0x20/0x20
[   88.649745][ T4588]  ? load_image+0x400/0x400
[   88.654391][ T4588]  ? __might_sleep+0xf0/0xf0
[   88.659019][ T4588]  ? __lock_acquire+0x7d10/0x7d10
[   88.665163][ T4588]  should_fail+0x38c/0x4c0
[   88.669626][ T4588]  should_failslab+0x5/0x20
[   88.674158][ T4588]  slab_pre_alloc_hook+0x51/0xc0
[   88.679127][ T4588]  __kmalloc+0x6b/0x330
[   88.683389][ T4588]  ? nla_strdup+0x94/0x130
[   88.688021][ T4588]  nla_strdup+0x94/0x130
[   88.692382][ T4588]  ? nft_rbtree_estimate+0xaf/0x160
[   88.697600][ T4588]  nf_tables_newset+0x1351/0x2430
[   88.702666][ T4588]  ? nf_tables_delrule+0x1110/0x1110
[   88.708173][ T4588]  ? __lock_acquire+0x7d10/0x7d10
[   88.713443][ T4588]  ? __nla_parse+0x3c/0x50
[   88.717985][ T4588]  nfnetlink_rcv+0x1122/0x2460
[   88.722939][ T4588]  ? nfnetlink_net_exit_batch+0xa0/0xa0
[   88.728559][ T4588]  ? rcu_lock_release+0x5/0x20
[   88.733436][ T4588]  ? __lock_acquire+0x7d10/0x7d10
[   88.738527][ T4588]  netlink_unicast+0x774/0x920
[   88.743686][ T4588]  netlink_sendmsg+0x8ba/0xbe0
[   88.748501][ T4588]  ? netlink_getsockopt+0x570/0x570
[   88.753907][ T4588]  ? aa_sock_msg_perm+0x94/0x150
[   88.758879][ T4588]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[   88.764392][ T4588]  ? security_socket_sendmsg+0x7c/0xa0
[   88.769934][ T4588]  ? netlink_getsockopt+0x570/0x570
[   88.775162][ T4588]  ____sys_sendmsg+0x5b7/0x8f0
[   88.779975][ T4588]  ? __sys_sendmsg_sock+0x30/0x30
[   88.785139][ T4588]  ? import_iovec+0x6f/0xa0
[   88.789818][ T4588]  ___sys_sendmsg+0x236/0x2e0
[   88.794619][ T4588]  ? __sys_sendmsg+0x2a0/0x2a0
[   88.799418][ T4588]  ? vfs_write+0x8b2/0xd60
[   88.803972][ T4588]  __se_sys_sendmsg+0x1af/0x290
[   88.809039][ T4588]  ? __x64_sys_sendmsg+0x80/0x80
[   88.814084][ T4588]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[   88.820187][ T4588]  ? lockdep_hardirqs_on+0x94/0x140
[   88.825407][ T4588]  do_syscall_64+0x4c/0xa0
[   88.829845][ T4588]  ? clear_bhb_loop+0x30/0x80
[   88.834549][ T4588]  ? clear_bhb_loop+0x30/0x80
[   88.839263][ T4588]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   88.845259][ T4588] RIP: 0033:0x7fcd84458819
[   88.849705][ T4588] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   88.869420][ T4588] RSP: 002b:00007fcd826b2028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   88.877879][ T4588] RAX: ffffffffffffffda RBX: 00007fcd846d1fa0 RCX: 00007fcd84458819
[   88.886062][ T4588] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000003
[   88.894225][ T4588] RBP: 00007fcd826b2090 R08: 0000000000000000 R09: 0000000000000000
[   88.902505][ T4588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   88.910626][ T4588] R13: 00007fcd846d2038 R14: 00007fcd846d1fa0 R15: 00007ffd8b450eb8
[   88.918642][ T4588]  </TASK>
[   88.967314][ T4592] device syzkaller1 entered promiscuous mode
[   89.050374][   T13] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[   89.150379][   T13] usb 4-1: device descriptor read/8, error -71
[   89.509951][   T13] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[   90.256344][ T4614] loop1: detected capacity change from 0 to 512
[   90.688081][ T4614] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   90.701452][ T4614] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   90.711398][ T4614] EXT4-fs (loop1): VFS: Can't find ext4 filesystem
[   90.752523][ T4619] loop3: detected capacity change from 0 to 4096
[   90.771093][ T4620] netlink: 100 bytes leftover after parsing attributes in process `syz.2.94'.
[   90.890252][   T13] usb 4-1: device not accepting address 6, error -71
[   90.937111][   T13] usb usb4-port1: unable to enumerate USB device
[   90.955266][ T4629] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   91.026547][ T4619] NILFS (loop3): nilfs_sufile_do_free: segment 9 is already clean
[   91.060399][ T4638] FAULT_INJECTION: forcing a failure.
[   91.060399][ T4638] name failslab, interval 1, probability 0, space 0, times 0
[   91.095589][ T4638] CPU: 0 PID: 4638 Comm: syz.4.100 Not tainted syzkaller #0
[   91.100306][ T4493] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[   91.102928][ T4638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   91.102944][ T4638] Call Trace:
[   91.123973][ T4638]  <TASK>
[   91.126937][ T4638]  dump_stack_lvl+0x188/0x250
[   91.131654][ T4638]  ? show_regs_print_info+0x20/0x20
[   91.136882][ T4638]  ? load_image+0x400/0x400
[   91.141420][ T4638]  ? __might_sleep+0xf0/0xf0
[   91.146038][ T4638]  ? __lock_acquire+0x7d10/0x7d10
[   91.151090][ T4638]  ? aa_get_newest_label+0xf5/0x5a0
[   91.156321][ T4638]  should_fail+0x38c/0x4c0
[   91.160899][ T4638]  should_failslab+0x5/0x20
[   91.165527][ T4638]  slab_pre_alloc_hook+0x51/0xc0
[   91.170498][ T4638]  ? skb_clone+0x1bd/0x350
[   91.175045][ T4638]  kmem_cache_alloc+0x3d/0x290
[   91.179929][ T4638]  skb_clone+0x1bd/0x350
[   91.184204][ T4638]  ? nfnetlink_rcv+0x4a7/0x2460
[   91.189088][ T4638]  nfnetlink_rcv+0x4e0/0x2460
[   91.193801][ T4638]  ? __local_bh_enable_ip+0x136/0x1c0
[   91.199201][ T4638]  ? lockdep_hardirqs_on+0x94/0x140
[   91.204524][ T4638]  ? __local_bh_enable_ip+0x136/0x1c0
[   91.209934][ T4638]  ? __dev_queue_xmit+0x1cbf/0x2f80
[   91.215578][ T4638]  ? nfnetlink_net_exit_batch+0xa0/0xa0
[   91.221167][ T4638]  ? dev_queue_xmit+0x20/0x20
[   91.225873][ T4638]  ? memcpy+0x3c/0x60
[   91.229891][ T4638]  ? __copy_skb_header+0x3ba/0x4f0
[   91.235139][ T4638]  ? __skb_clone+0x480/0x790
[   91.239769][ T4638]  ? rcu_lock_release+0x5/0x20
[   91.244562][ T4638]  ? __lock_acquire+0x7d10/0x7d10
[   91.249727][ T4638]  netlink_unicast+0x774/0x920
[   91.254640][ T4638]  netlink_sendmsg+0x8ba/0xbe0
[   91.259439][ T4638]  ? netlink_getsockopt+0x570/0x570
[   91.264762][ T4638]  ? aa_sock_msg_perm+0x94/0x150
[   91.269729][ T4638]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[   91.275126][ T4638]  ? security_socket_sendmsg+0x7c/0xa0
[   91.280713][ T4638]  ? netlink_getsockopt+0x570/0x570
[   91.285938][ T4638]  ____sys_sendmsg+0x5b7/0x8f0
[   91.290835][ T4638]  ? __sys_sendmsg_sock+0x30/0x30
[   91.295898][ T4638]  ? import_iovec+0x6f/0xa0
[   91.300452][ T4638]  ___sys_sendmsg+0x236/0x2e0
[   91.305170][ T4638]  ? __sys_sendmsg+0x2a0/0x2a0
[   91.309982][ T4638]  ? vfs_write+0x8b2/0xd60
[   91.314715][ T4638]  __se_sys_sendmsg+0x1af/0x290
[   91.319601][ T4638]  ? __x64_sys_sendmsg+0x80/0x80
[   91.324567][ T4638]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[   91.330678][ T4638]  ? lockdep_hardirqs_on+0x94/0x140
[   91.336086][ T4638]  do_syscall_64+0x4c/0xa0
[   91.340517][ T4638]  ? clear_bhb_loop+0x30/0x80
[   91.345305][ T4638]  ? clear_bhb_loop+0x30/0x80
[   91.350021][ T4638]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   91.356021][ T4638] RIP: 0033:0x7f1dd2496819
[   91.360549][ T4638] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   91.380595][ T4638] RSP: 002b:00007f1dd06f0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   91.389262][ T4638] RAX: ffffffffffffffda RBX: 00007f1dd270ffa0 RCX: 00007f1dd2496819
[   91.397269][ T4638] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000003
[   91.405286][ T4638] RBP: 00007f1dd06f0090 R08: 0000000000000000 R09: 0000000000000000
[   91.413497][ T4638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   91.421503][ T4638] R13: 00007f1dd2710038 R14: 00007f1dd270ffa0 R15: 00007fff7dba10a8
[   91.429517][ T4638]  </TASK>
[   91.906012][ T4662] netlink: 'syz.4.110': attribute type 10 has an invalid length.
[   91.936522][ T4662] netlink: 40 bytes leftover after parsing attributes in process `syz.4.110'.
[   91.945937][ T4493] usb 3-1: unable to get BOS descriptor or descriptor too short
[   91.977118][ T4668] fuse: Bad value for 'rootmode'
[   91.992571][ T4662] netlink: 'syz.4.110': attribute type 10 has an invalid length.
[   92.006764][ T4493] usb 3-1: not running at top speed; connect to a high speed hub
[   92.049317][ T4662] netlink: 40 bytes leftover after parsing attributes in process `syz.4.110'.
[   92.132643][ T4666] loop3: detected capacity change from 0 to 512
[   92.133922][ T4493] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 248, changing to 4
[   92.247290][ T4670] capability: warning: `syz.1.114' uses deprecated v2 capabilities in a way that may be insecure
[   92.269452][ T4666] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback.
[   92.370487][ T4666] ext4 filesystem being mounted at /19/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   92.401143][ T4493] usb 3-1: New USB device found, idVendor=0582, idProduct=0582, bcdDevice= 0.40
[   92.458665][ T4493] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   92.505852][ T4493] usb 3-1: Product: syz
[   92.514196][ T4493] usb 3-1: Manufacturer: syz
[   92.518838][ T4493] usb 3-1: SerialNumber: syz
[   92.666512][   T13] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   92.840740][ T4620] loop2: detected capacity change from 0 to 512
[   93.031314][   T13] usb 2-1: config 0 has an invalid interface number: 120 but max is 0
[   93.047998][ T4674] loop4: detected capacity change from 0 to 32768
[   93.054828][   T13] usb 2-1: config 0 has no interface number 0
[   93.067799][   T13] usb 2-1: config 0 interface 120 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[   93.079961][   T13] usb 2-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58
[   93.096134][   T13] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.106915][   T13] usb 2-1: config 0 descriptor??
[   93.123797][ T4674] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.113 (4674)
[   93.185278][   T13] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.120/input/input6
[   93.245857][ T4674] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[   93.261039][ T4674] BTRFS info (device loop4): ignoring bad roots
[   93.276570][ T4674] BTRFS error (device loop4): support for check_integrity* not compiled in!
[   93.331655][ T4674] BTRFS error (device loop4): open_ctree failed: -22
[   93.402673][ T4670] udc-core: couldn't find an available UDC or it's busy
[   93.430400][ T4670] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[   93.467740][ T1345] usb 2-1: USB disconnect, device number 3
[   93.652003][ T4276] tipc: Subscription rejected, illegal request
[   94.369466][ T4693] loop1: detected capacity change from 0 to 4096
[   94.395387][ T4493] usb 3-1: BAAD SPEAKERPHONE c_chmask mismatch
[   94.517175][ T4493] snd-usb-audio: probe of 3-1:1.0 failed with error -22
[   94.533021][ T4693] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[   94.577483][ T4493] usb 3-1: USB disconnect, device number 3
[   94.876121][ T4693] ntfs: volume version 3.1.
[   94.945556][ T4702] udevd[4702]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   95.379496][ T4689] loop3: detected capacity change from 0 to 32768
[   95.451818][ T4689] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.118 (4689)
[   95.566391][ T4689] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[   95.596935][ T4711] FAULT_INJECTION: forcing a failure.
[   95.596935][ T4711] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   95.616998][ T4689] BTRFS info (device loop3): setting nodatasum
[   95.636728][ T4689] BTRFS info (device loop3): force zlib compression, level 3
[   95.649426][ T4711] CPU: 1 PID: 4711 Comm: syz.2.127 Not tainted syzkaller #0
[   95.656768][ T4711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   95.666860][ T4711] Call Trace:
[   95.670367][ T4711]  <TASK>
[   95.673333][ T4711]  dump_stack_lvl+0x188/0x250
[   95.678046][ T4711]  ? show_regs_print_info+0x20/0x20
[   95.683281][ T4711]  ? load_image+0x400/0x400
[   95.687819][ T4711]  ? __lock_acquire+0x7d10/0x7d10
[   95.692873][ T4689] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8)
[   95.692873][ T4711]  ? __lock_acquire+0x12e8/0x7d10
[   95.707224][ T4711]  should_fail+0x38c/0x4c0
[   95.711684][ T4711]  prepare_alloc_pages+0x1e4/0x5f0
[   95.716911][ T4711]  __alloc_pages+0x11b/0x480
[   95.721785][ T4711]  ? zone_statistics+0x170/0x170
[   95.726842][ T4711]  ? count_memcg_event_mm+0x324/0x370
[   95.732237][ T4711]  ? remove_device_exclusive_entry+0xa90/0xa90
[   95.738523][ T4711]  alloc_pages_vma+0x393/0x7c0
[   95.743327][ T4711]  handle_mm_fault+0x23be/0x4410
[   95.748311][ T4711]  ? get_page+0xe0/0xe0
[   95.750531][ T4689] BTRFS info (device loop3): use lzo compression, level 0
[   95.752495][ T4711]  ? vmacache_find+0x4e3/0x590
[   95.752520][ T4711]  ? vmacache_update+0xa0/0x100
[   95.763858][ T4689] BTRFS info (device loop3): turning on flush-on-commit
[   95.764449][ T4711]  ? find_vma+0x1df/0x230
[   95.769298][ T4689] BTRFS info (device loop3): enabling auto defrag
[   95.776221][ T4711]  do_user_addr_fault+0x489/0xc80
[   95.776262][ T4711]  exc_page_fault+0x60/0x100
[   95.776285][ T4711]  ? __might_fault+0xb7/0x110
[   95.776307][ T4711]  asm_exc_page_fault+0x22/0x30
[   95.776328][ T4711] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x40
[   95.776352][ T4711] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 01 ca c3 90 90 90 90 90 90 90 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 <f3> a4 31 c0 0f 01 ca c3 90 90 90 90 90 90 90 90 90 90 89 d1 83 f8
[   95.776367][ T4711] RSP: 0018:ffffc9000337f518 EFLAGS: 00050202
[   95.776388][ T4711] RAX: ffffffff83e1a301 RBX: 00007ffffffff000 RCX: 0000000000000157
[   95.776403][ T4711] RDX: 0000000000000197 RSI: ffff888075c6a421 RDI: 0000200000001000
[   95.776416][ T4711] RBP: ffffc9000337f680 R08: ffff888075c6a577 R09: 1ffff1100eb8d4ae
[   95.776429][ T4711] R10: dffffc0000000000 R11: ffffed100eb8d4af R12: 0000200000000fff
[   95.776444][ T4711] R13: ffff888075c6a3e1 R14: 1ffff1100ae2c605 R15: 0000000000000197
[   95.776465][ T4711]  ? _copy_to_iter+0x4b1/0x1180
[   95.776494][ T4711]  _copy_to_iter+0x513/0x1180
[   95.776527][ T4711]  ? iov_iter_init+0x170/0x170
[   95.776553][ T4711]  ? __virt_addr_valid+0x3c6/0x470
[   95.776574][ T4711]  ? __phys_addr_symbol+0x2b/0x70
[   95.776592][ T4711]  ? __check_object_size+0x30c/0x410
[   95.776620][ T4711]  __skb_datagram_iter+0xde/0x740
[   95.776645][ T4711]  ? skb_copy_datagram_iter+0x1f0/0x1f0
[   95.776680][ T4711]  skb_copy_datagram_iter+0xad/0x1f0
[   95.776705][ T4711]  netlink_recvmsg+0x2d6/0xe20
[   95.776725][ T4711]  ? import_iovec+0x6f/0xa0
[   95.776745][ T4711]  ? ___sys_recvmsg+0x4e9/0x5c0
[   95.776776][ T4711]  ? netlink_sendmsg+0xbe0/0xbe0
[   95.776793][ T4711]  ? aa_sk_perm+0x7dc/0x910
[   95.776818][ T4711]  ? aa_af_perm+0x340/0x340
[   95.776846][ T4711]  ? bpf_lsm_socket_recvmsg+0x5/0x10
[   95.776867][ T4711]  ? security_socket_recvmsg+0x85/0xb0
[   95.776889][ T4711]  ? netlink_sendmsg+0xbe0/0xbe0
[   95.776908][ T4711]  ____sys_recvmsg+0x2cd/0x5e0
[   95.776931][ T4711]  ? __might_fault+0xb3/0x110
[   95.776958][ T4711]  ? __sys_recvmsg_sock+0x40/0x40
[   95.792670][ T4689] BTRFS info (device loop3): max_inline at 4096
[   95.792809][ T4711]  ? import_iovec+0x6f/0xa0
[   95.797474][ T4689] BTRFS info (device loop3): using free space tree
[   95.802138][ T4711]  ___sys_recvmsg+0x21a/0x5c0
[   95.802170][ T4711]  ? __sys_recvmsg+0x280/0x280
[   95.802221][ T4711]  ? __fdget+0x18b/0x210
[   95.827934][ T4689] BTRFS info (device loop3): has skinny extents
[   95.833934][ T4711]  ? do_recvmmsg+0x1a1/0x850
[   95.833972][ T4711]  do_recvmmsg+0x382/0x850
[   95.834004][ T4711]  ? __sys_recvmmsg+0x290/0x290
[   96.037783][ T4711]  ? get_timespec64+0x116/0x1b0
[   96.042677][ T4711]  ? timespec64_add_safe+0x1f0/0x1f0
[   96.048014][ T4711]  __x64_sys_recvmmsg+0x1b4/0x250
[   96.053074][ T4711]  ? do_recvmmsg+0x850/0x850
[   96.057708][ T4711]  ? lockdep_hardirqs_on+0x94/0x140
[   96.062942][ T4711]  do_syscall_64+0x4c/0xa0
[   96.067491][ T4711]  ? clear_bhb_loop+0x30/0x80
[   96.072195][ T4711]  ? clear_bhb_loop+0x30/0x80
[   96.076906][ T4711]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   96.082830][ T4711] RIP: 0033:0x7fcd84458819
[   96.087276][ T4711] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   96.088829][ T4689] BTRFS info (device loop3): enabling ssd optimizations
[   96.106916][ T4711] RSP: 002b:00007fcd826b2028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   96.106948][ T4711] RAX: ffffffffffffffda RBX: 00007fcd846d1fa0 RCX: 00007fcd84458819
[   96.106963][ T4711] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[   96.106977][ T4711] RBP: 00007fcd826b2090 R08: 0000200000003700 R09: 0000000000000000
[   96.106991][ T4711] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000001
[   96.107004][ T4711] R13: 00007fcd846d2038 R14: 00007fcd846d1fa0 R15: 00007ffd8b450eb8
[   96.107033][ T4711]  </TASK>
[   96.129674][ T4719] loop1: detected capacity change from 0 to 512
[   96.354897][ T4738] overlayfs: missing 'workdir'
[   97.738493][ T4760] loop2: detected capacity change from 0 to 128
[   97.756278][ T4744] loop4: detected capacity change from 0 to 32768
[   97.861043][ T4719] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodioread_nolock,sb=0x0000000000000001,,errors=continue. Quota mode: writeback.
[   97.898492][ T4719] ext4 filesystem being mounted at /27/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   97.970346][ T4759] device syzkaller0 entered promiscuous mode
[   98.290454][    T7] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   98.560383][    T7] usb 1-1: Using ep0 maxpacket: 8
[   98.680794][    T7] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 7
[   98.860353][    T7] usb 1-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[   98.889676][    T7] usb 1-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[   98.915517][    T7] usb 1-1: Product: syz
[   98.919846][    T7] usb 1-1: Manufacturer: syz
[   98.945934][    T7] usb 1-1: SerialNumber: syz
[   99.206417][ T4768] loop3: detected capacity change from 0 to 32768
[   99.218891][    T7] usb 1-1: Invalid connection information received from device
[   99.412138][ T4780] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[   99.412883][ T4768] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop3 scanned by syz.3.131 (4768)
[   99.464339][ T4781] dccp_invalid_packet: P.Data Offset(0) too small
[   99.497010][ T4783] binder: 4782:4783 ioctl c0306201 2000000003c0 returned -14
[   99.528951][ T4784] loop0: detected capacity change from 0 to 1024
[   99.546739][ T4768] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[   99.575466][ T4768] BTRFS info (device loop3): setting nodatacow, compression disabled
[   99.607282][ T4768] BTRFS info (device loop3): turning on flush-on-commit
[   99.629196][ T4768] BTRFS info (device loop3): using free space tree
[   99.638604][ T4768] BTRFS info (device loop3): has skinny extents
[  100.734351][ T4768] BTRFS info (device loop3): enabling ssd optimizations
[  100.776791][   T26] audit: type=1800 audit(1775298327.017:3): pid=4768 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.131" name="file2" dev="loop3" ino=261 res=0 errno=0
[  101.389330][ T4493] usb 1-1: USB disconnect, device number 3
[  101.563751][ T4824] loop2: detected capacity change from 0 to 4096
[  101.577569][ T4822] loop4: detected capacity change from 0 to 4096
[  101.648015][ T4822] ntfs3: Unknown parameter ''
[  101.708012][ T4831] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  101.814493][ T4834] FAULT_INJECTION: forcing a failure.
[  101.814493][ T4834] name failslab, interval 1, probability 0, space 0, times 0
[  101.852768][ T4834] CPU: 1 PID: 4834 Comm: syz.0.153 Not tainted syzkaller #0
[  101.860109][ T4834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  101.870189][ T4834] Call Trace:
[  101.873491][ T4834]  <TASK>
[  101.876453][ T4834]  dump_stack_lvl+0x188/0x250
[  101.881256][ T4834]  ? show_regs_print_info+0x20/0x20
[  101.886484][ T4834]  ? load_image+0x400/0x400
[  101.891021][ T4834]  ? __might_sleep+0xf0/0xf0
[  101.895644][ T4834]  ? __lock_acquire+0x7d10/0x7d10
[  101.900782][ T4834]  should_fail+0x38c/0x4c0
[  101.905417][ T4834]  should_failslab+0x5/0x20
[  101.909944][ T4834]  slab_pre_alloc_hook+0x51/0xc0
[  101.915168][ T4834]  __kmalloc_node+0x6e/0x3b0
[  101.919785][ T4834]  ? kvmalloc_node+0x84/0x130
[  101.924492][ T4834]  ? nla_strcmp+0xf8/0x140
[  101.928945][ T4834]  kvmalloc_node+0x84/0x130
[  101.933572][ T4834]  ? nft_rbtree_estimate+0xaf/0x160
[  101.938927][ T4834]  nf_tables_newset+0x1312/0x2430
[  101.944078][ T4834]  ? nf_tables_delrule+0x1110/0x1110
[  101.949403][ T4834]  ? __lock_acquire+0x7d10/0x7d10
[  101.954564][ T4834]  ? __nla_parse+0x3c/0x50
[  101.959016][ T4834]  nfnetlink_rcv+0x1122/0x2460
[  101.963840][ T4834]  ? nfnetlink_net_exit_batch+0xa0/0xa0
[  101.969453][ T4834]  ? rcu_lock_release+0x5/0x20
[  101.974265][ T4834]  ? __lock_acquire+0x7d10/0x7d10
[  101.979332][ T4834]  netlink_unicast+0x774/0x920
[  101.984144][ T4834]  netlink_sendmsg+0x8ba/0xbe0
[  101.988947][ T4834]  ? netlink_getsockopt+0x570/0x570
[  101.994182][ T4834]  ? aa_sock_msg_perm+0x94/0x150
[  101.999155][ T4834]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  102.004472][ T4834]  ? security_socket_sendmsg+0x7c/0xa0
[  102.009967][ T4834]  ? netlink_getsockopt+0x570/0x570
[  102.015227][ T4834]  ____sys_sendmsg+0x5b7/0x8f0
[  102.020033][ T4834]  ? __sys_sendmsg_sock+0x30/0x30
[  102.025095][ T4834]  ? import_iovec+0x6f/0xa0
[  102.029645][ T4834]  ___sys_sendmsg+0x236/0x2e0
[  102.034432][ T4834]  ? __sys_sendmsg+0x2a0/0x2a0
[  102.039238][ T4834]  ? vfs_write+0x8b2/0xd60
[  102.043704][ T4834]  __se_sys_sendmsg+0x1af/0x290
[  102.048710][ T4834]  ? __x64_sys_sendmsg+0x80/0x80
[  102.053670][ T4834]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  102.059984][ T4834]  ? lockdep_hardirqs_on+0x94/0x140
[  102.065315][ T4834]  do_syscall_64+0x4c/0xa0
[  102.069761][ T4834]  ? clear_bhb_loop+0x30/0x80
[  102.074466][ T4834]  ? clear_bhb_loop+0x30/0x80
[  102.079270][ T4834]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  102.085368][ T4834] RIP: 0033:0x7f0e31571819
[  102.089818][ T4834] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  102.109456][ T4834] RSP: 002b:00007f0e2f7cb028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  102.117910][ T4834] RAX: ffffffffffffffda RBX: 00007f0e317eafa0 RCX: 00007f0e31571819
[  102.125910][ T4834] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000003
[  102.133910][ T4834] RBP: 00007f0e2f7cb090 R08: 0000000000000000 R09: 0000000000000000
[  102.141945][ T4834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  102.149948][ T4834] R13: 00007f0e317eb038 R14: 00007f0e317eafa0 R15: 00007fff0bc10c58
[  102.157966][ T4834]  </TASK>
[  103.115659][ T4847] loop2: detected capacity change from 0 to 32768
[  103.183667][ T4845] loop4: detected capacity change from 0 to 32768
[  103.315308][ T4845] JBD2: Ignoring recovery information on journal
[  103.393653][ T4864] loop0: detected capacity change from 0 to 4096
[  103.453274][ T4864] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  103.474475][ T4845] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  103.506835][ T4864] EXT4-fs (loop0): mounted filesystem without journal. Opts: init_itable=0x0000000000000101,stripe=0x0000000000000061,journal_ioprio=0x0000000000000006,minixdf,nodiscard,nomblk_io_submit,acl,nojournal_checksum,resuid=0x0000000000000000,,errors=continue. Quota mode: writeback.
[  103.769048][ T4197] ocfs2: Unmounting device (7,4) on (node local)
[  103.781390][ T4856] loop1: detected capacity change from 0 to 32768
[  104.173597][ T4876] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  104.228953][ T4879] loop4: detected capacity change from 0 to 128
[  104.244560][ T4880] loop3: detected capacity change from 0 to 4096
[  104.367111][ T4884] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  104.573413][ T4847] comedi comedi3: das16m1: I/O port conflict (0x20,16)
[  104.923333][ T4882] loop0: detected capacity change from 0 to 32768
[  104.955350][ T4882] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.168 (4882)
[  105.004969][ T4856] jfs: Unrecognized mount option "xœìݽ�gðß¾Þ‹‰sJ¡‹^Bˆ_ƒ1HR@A“¹¡@¶.—ÈÂ
däD¾è
[  105.004969][ T4856] *j
[  105.004969][ T4856] %B”ˆ‚? -–l$�+ÍÝóøæ6»Þsη³wÏç#�gûÌì>sß�ÛYÏÌ>
" or missing value
[  105.602605][ T4898] loop3: detected capacity change from 0 to 512
[  105.678204][ T4879] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  105.702588][ T4879] hpfs: filesystem error: improperly stopped
[  105.708680][ T4879] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  105.722325][ T4879] hpfs: You really don't want any checks? You are crazy...
[  105.730471][ T4898] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  105.744961][ T4879] hpfs: Code page index out of array
[  105.769469][ T4879] hpfs: code page support is disabled
[  105.780862][ T4879] hpfs: hpfs_map_4sectors(): unaligned read
[  105.788675][ T4879] hpfs: hpfs_map_4sectors(): unaligned read
[  105.819712][ T4879] hpfs: filesystem error: unable to find root dir
[  106.298914][ T4882] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  106.319172][ T4882] BTRFS info (device loop0): setting nodatasum
[  106.440246][ T4882] BTRFS info (device loop0): force zlib compression, level 3
[  106.459796][ T4882] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8)
[  106.518470][ T4882] BTRFS info (device loop0): use lzo compression, level 0
[  106.579605][ T4882] BTRFS info (device loop0): turning on flush-on-commit
[  106.628942][ T4882] BTRFS info (device loop0): enabling auto defrag
[  106.640711][ T4882] BTRFS info (device loop0): max_inline at 4096
[  106.647284][ T4882] BTRFS info (device loop0): using free space tree
[  106.669404][ T4882] BTRFS info (device loop0): has skinny extents
[  106.701409][ T4907] FAULT_INJECTION: forcing a failure.
[  106.701409][ T4907] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  106.761678][ T4907] CPU: 1 PID: 4907 Comm: syz.1.176 Not tainted syzkaller #0
[  106.769141][ T4907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  106.779234][ T4907] Call Trace:
[  106.782537][ T4907]  <TASK>
[  106.785490][ T4907]  dump_stack_lvl+0x188/0x250
[  106.790293][ T4907]  ? show_regs_print_info+0x20/0x20
[  106.795611][ T4907]  ? load_image+0x400/0x400
[  106.800150][ T4907]  should_fail+0x38c/0x4c0
[  106.804666][ T4907]  _copy_to_iter+0x40d/0x1180
[  106.809477][ T4907]  ? iov_iter_init+0x170/0x170
[  106.814514][ T4907]  ? __virt_addr_valid+0x3c6/0x470
[  106.819733][ T4907]  ? __phys_addr_symbol+0x2b/0x70
[  106.824754][ T4907]  ? __check_object_size+0x30c/0x410
[  106.830052][ T4907]  __skb_datagram_iter+0xde/0x740
[  106.835096][ T4907]  ? skb_copy_datagram_iter+0x1f0/0x1f0
[  106.840659][ T4907]  skb_copy_datagram_iter+0xad/0x1f0
[  106.845942][ T4907]  netlink_recvmsg+0x2d6/0xe20
[  106.850715][ T4907]  ? import_iovec+0x6f/0xa0
[  106.855232][ T4907]  ? ___sys_recvmsg+0x4e9/0x5c0
[  106.860081][ T4907]  ? netlink_sendmsg+0xbe0/0xbe0
[  106.865235][ T4907]  ? aa_sk_perm+0x7dc/0x910
[  106.869743][ T4907]  ? aa_af_perm+0x340/0x340
[  106.874325][ T4907]  ? bpf_lsm_socket_recvmsg+0x5/0x10
[  106.879727][ T4907]  ? security_socket_recvmsg+0x85/0xb0
[  106.885179][ T4907]  ? netlink_sendmsg+0xbe0/0xbe0
[  106.890115][ T4907]  ____sys_recvmsg+0x2cd/0x5e0
[  106.894890][ T4907]  ? __might_fault+0xb3/0x110
[  106.899560][ T4907]  ? __sys_recvmsg_sock+0x40/0x40
[  106.904816][ T4907]  ? import_iovec+0x6f/0xa0
[  106.909441][ T4907]  ___sys_recvmsg+0x21a/0x5c0
[  106.914125][ T4907]  ? __sys_recvmsg+0x280/0x280
[  106.918901][ T4907]  ? __fdget+0x18b/0x210
[  106.923134][ T4907]  ? do_recvmmsg+0x1a1/0x850
[  106.927728][ T4907]  do_recvmmsg+0x382/0x850
[  106.932159][ T4907]  ? __sys_recvmmsg+0x290/0x290
[  106.937136][ T4907]  ? get_timespec64+0x116/0x1b0
[  106.942153][ T4907]  ? timespec64_add_safe+0x1f0/0x1f0
[  106.947555][ T4907]  __x64_sys_recvmmsg+0x1b4/0x250
[  106.952674][ T4907]  ? do_recvmmsg+0x850/0x850
[  106.957260][ T4907]  ? lockdep_hardirqs_on+0x94/0x140
[  106.962455][ T4907]  do_syscall_64+0x4c/0xa0
[  106.966867][ T4907]  ? clear_bhb_loop+0x30/0x80
[  106.971547][ T4907]  ? clear_bhb_loop+0x30/0x80
[  106.978621][ T4907]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  106.984552][ T4907] RIP: 0033:0x7faaeb63f819
[  106.989055][ T4907] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  107.008864][ T4907] RSP: 002b:00007faae9899028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  107.017279][ T4907] RAX: ffffffffffffffda RBX: 00007faaeb8b8fa0 RCX: 00007faaeb63f819
[  107.025279][ T4907] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  107.033340][ T4907] RBP: 00007faae9899090 R08: 0000200000003700 R09: 0000000000000000
[  107.041397][ T4907] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000001
[  107.049508][ T4907] R13: 00007faaeb8b9038 R14: 00007faaeb8b8fa0 R15: 00007ffd183146c8
[  107.057573][ T4907]  </TASK>
[  107.060611][    C1] vkms_vblank_simulate: vblank timer overrun
[  107.432614][ T4882] BTRFS error (device loop0): open_ctree failed: -12
[  107.463226][ T4931] loop1: detected capacity change from 0 to 256
[  107.560783][ T4931] exfat: Deprecated parameter 'utf8'
[  107.572643][ T4931] exfat: Deprecated parameter 'utf8'
[  107.836192][ T4931] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[  108.420625][ T4942] loop3: detected capacity change from 0 to 128
[  108.650885][ T4944] netlink: 8 bytes leftover after parsing attributes in process `syz.4.182'.
[  108.659798][ T4944] netlink: 12 bytes leftover after parsing attributes in process `syz.4.182'.
[  108.733155][   T26] audit: type=1800 audit(1775298334.977:4): pid=4942 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.181" name="bus" dev="loop3" ino=1048594 res=0 errno=0
[  108.785637][ T4942] netlink: 8 bytes leftover after parsing attributes in process `syz.3.181'.
[  108.961410][ T4952] loop4: detected capacity change from 0 to 2048
[  109.208594][ T4952] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  110.590195][ T4584] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  110.871300][ T4969] loop1: detected capacity change from 0 to 256
[  110.895846][ T4963] loop2: detected capacity change from 0 to 32768
[  110.929040][ T4969] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  110.946909][ T4963] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop2 scanned by syz.2.189 (4963)
[  110.992033][ T4963] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  111.002912][ T4963] BTRFS info (device loop2): setting nodatacow, compression disabled
[  111.020425][ T4963] BTRFS info (device loop2): turning on flush-on-commit
[  111.027719][ T4963] BTRFS info (device loop2): using free space tree
[  111.040538][ T4584] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 67, changing to 7
[  111.058169][ T4963] BTRFS info (device loop2): has skinny extents
[  111.065377][ T4584] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 250, changing to 7
[  111.270440][ T4584] usb 5-1: New USB device found, idVendor=041e, idProduct=3040, bcdDevice= 0.40
[  111.298281][ T4584] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  111.317845][ T4584] usb 5-1: Product: syz
[  111.322850][ T4584] usb 5-1: Manufacturer: syz
[  111.329543][ T4584] usb 5-1: SerialNumber: syz
[  111.376144][ T4963] BTRFS info (device loop2): enabling ssd optimizations
[  111.427477][ T4995] netlink: 8 bytes leftover after parsing attributes in process `syz.0.195'.
[  111.427666][   T26] audit: type=1800 audit(1775298337.667:5): pid=4963 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.189" name="file2" dev="loop2" ino=261 res=0 errno=0
[  111.476408][ T4995] netlink: 12 bytes leftover after parsing attributes in process `syz.0.195'.
[  111.760271][ T4584] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  111.881406][ T4584] usb 5-1: USB disconnect, device number 3
[  111.958136][ T5000] netlink: 8 bytes leftover after parsing attributes in process `syz.0.198'.
[  112.579197][ T5012] loop0: detected capacity change from 0 to 4096
[  112.618972][ T5016] device syzkaller1 entered promiscuous mode
[  112.649796][ T5020] input: syz0 as /devices/virtual/input/input7
[  112.688885][ T5020] input: failed to attach handler leds to device input7, error: -6
[  112.707878][ T5023] FAULT_INJECTION: forcing a failure.
[  112.707878][ T5023] name failslab, interval 1, probability 0, space 0, times 0
[  112.726772][ T5023] CPU: 0 PID: 5023 Comm: syz.1.204 Not tainted syzkaller #0
[  112.734110][ T5023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  112.744559][ T5023] Call Trace:
[  112.748036][ T5023]  <TASK>
[  112.750990][ T5023]  dump_stack_lvl+0x188/0x250
[  112.755781][ T5023]  ? show_regs_print_info+0x20/0x20
[  112.761110][ T5023]  ? load_image+0x400/0x400
[  112.765650][ T5023]  ? __might_sleep+0xf0/0xf0
[  112.770272][ T5023]  ? __lock_acquire+0x7d10/0x7d10
[  112.775342][ T5023]  should_fail+0x38c/0x4c0
[  112.779794][ T5023]  should_failslab+0x5/0x20
[  112.784332][ T5023]  slab_pre_alloc_hook+0x51/0xc0
[  112.789305][ T5023]  __kmalloc+0x6b/0x330
[  112.793484][ T5023]  ? nla_strdup+0x94/0x130
[  112.797943][ T5023]  nla_strdup+0x94/0x130
[  112.802314][ T5023]  ? nft_rbtree_estimate+0xaf/0x160
[  112.807559][ T5023]  nf_tables_newset+0x1351/0x2430
[  112.812648][ T5023]  ? nf_tables_delrule+0x1110/0x1110
[  112.817974][ T5023]  ? __lock_acquire+0x7d10/0x7d10
[  112.823138][ T5023]  ? __nla_parse+0x3c/0x50
[  112.827604][ T5023]  nfnetlink_rcv+0x1122/0x2460
[  112.832572][ T5023]  ? nfnetlink_net_exit_batch+0xa0/0xa0
[  112.838217][ T5023]  ? rcu_lock_release+0x5/0x20
[  112.843009][ T5023]  ? __lock_acquire+0x7d10/0x7d10
[  112.848075][ T5023]  netlink_unicast+0x774/0x920
[  112.852881][ T5023]  netlink_sendmsg+0x8ba/0xbe0
[  112.857686][ T5023]  ? netlink_getsockopt+0x570/0x570
[  112.863105][ T5023]  ? aa_sock_msg_perm+0x94/0x150
[  112.868081][ T5023]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  112.873390][ T5023]  ? security_socket_sendmsg+0x7c/0xa0
[  112.878871][ T5023]  ? netlink_getsockopt+0x570/0x570
[  112.884287][ T5023]  ____sys_sendmsg+0x5b7/0x8f0
[  112.889195][ T5023]  ? __sys_sendmsg_sock+0x30/0x30
[  112.894519][ T5023]  ? import_iovec+0x6f/0xa0
[  112.899060][ T5023]  ___sys_sendmsg+0x236/0x2e0
[  112.903996][ T5023]  ? __sys_sendmsg+0x2a0/0x2a0
[  112.908993][ T5023]  ? vfs_write+0x8b2/0xd60
[  112.913756][ T5023]  __se_sys_sendmsg+0x1af/0x290
[  112.918637][ T5023]  ? __x64_sys_sendmsg+0x80/0x80
[  112.923706][ T5023]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  112.930220][ T5023]  ? lockdep_hardirqs_on+0x94/0x140
[  112.935546][ T5023]  do_syscall_64+0x4c/0xa0
[  112.939991][ T5023]  ? clear_bhb_loop+0x30/0x80
[  112.944697][ T5023]  ? clear_bhb_loop+0x30/0x80
[  112.949411][ T5023]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  112.955325][ T5023] RIP: 0033:0x7faaeb63f819
[  112.959845][ T5023] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  112.979627][ T5023] RSP: 002b:00007faae9899028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  112.988234][ T5023] RAX: ffffffffffffffda RBX: 00007faaeb8b8fa0 RCX: 00007faaeb63f819
[  112.996299][ T5023] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000003
[  113.004340][ T5023] RBP: 00007faae9899090 R08: 0000000000000000 R09: 0000000000000000
[  113.012396][ T5023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  113.020630][ T5023] R13: 00007faaeb8b9038 R14: 00007faaeb8b8fa0 R15: 00007ffd183146c8
[  113.028617][ T5023]  </TASK>
[  113.169199][ T5028] netlink: 8 bytes leftover after parsing attributes in process `syz.3.207'.
[  113.200648][ T5028] netlink: 8 bytes leftover after parsing attributes in process `syz.3.207'.
[  113.642533][ T5040] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  113.798723][ T5012] NILFS (loop0): nilfs_sufile_do_free: segment 9 is already clean
[  114.421027][ T5051] loop2: detected capacity change from 0 to 1024
[  114.456844][ T5051] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  114.495113][ T5051] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  114.982315][ T5062] loop2: detected capacity change from 0 to 256
[  115.042389][ T5062] FAT-fs (loop2): Directory bread(block 64) failed
[  115.049343][ T5062] FAT-fs (loop2): Directory bread(block 65) failed
[  115.056582][ T5062] FAT-fs (loop2): Directory bread(block 66) failed
[  115.063715][ T5062] FAT-fs (loop2): Directory bread(block 67) failed
[  115.072344][ T5062] FAT-fs (loop2): Directory bread(block 68) failed
[  115.079440][ T5062] FAT-fs (loop2): Directory bread(block 69) failed
[  115.087703][ T5062] FAT-fs (loop2): Directory bread(block 70) failed
[  115.094966][ T5062] FAT-fs (loop2): Directory bread(block 71) failed
[  115.102051][ T5062] FAT-fs (loop2): Directory bread(block 72) failed
[  115.108893][ T5062] FAT-fs (loop2): Directory bread(block 73) failed
[  115.232716][ T5045] loop0: detected capacity change from 0 to 4096
[  115.462017][ T5066] netlink: 8 bytes leftover after parsing attributes in process `syz.2.219'.
[  115.637799][ T5065] netlink: 8 bytes leftover after parsing attributes in process `syz.3.220'.
[  116.111479][ T5065] netlink: 8 bytes leftover after parsing attributes in process `syz.3.220'.
[  116.167812][ T5074] loop3: detected capacity change from 0 to 128
[  116.228341][ T5074] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  116.255488][ T5074] hpfs: filesystem error: improperly stopped
[  116.278755][ T5074] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  116.297193][ T5074] hpfs: You really don't want any checks? You are crazy...
[  116.315616][ T5074] hpfs: Code page index out of array
[  116.338247][ T5074] hpfs: code page support is disabled
[  116.348750][ T5074] hpfs: hpfs_map_4sectors(): unaligned read
[  116.365822][ T5074] hpfs: hpfs_map_4sectors(): unaligned read
[  116.380448][ T5074] hpfs: filesystem error: unable to find root dir
[  116.640957][ T5082] sch_fq: defrate 53322 ignored.
[  117.056260][ T5076] loop1: detected capacity change from 0 to 32768
[  117.108862][ T5080] loop4: detected capacity change from 0 to 32768
[  117.267562][ T5080] XFS (loop4): Mounting V5 Filesystem
[  117.273352][ T5076] XFS (loop1): Mounting V5 Filesystem
[  117.322958][ T5080] XFS (loop4): Ending clean mount
[  117.343641][ T5080] XFS (loop4): Quotacheck needed: Please wait.
[  117.399447][ T5080] XFS (loop4): Quotacheck: Done.
[  117.476480][ T4197] XFS (loop4): Unmounting Filesystem
[  117.715773][ T5076] XFS (loop1): Ending clean mount
[  117.729239][ T5076] XFS (loop1): Quotacheck needed: Please wait.
[  117.784962][ T5076] XFS (loop1): Quotacheck: Done.
[  118.191816][ T4184] XFS (loop1): Unmounting Filesystem
[  118.503942][ T4494] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  118.574157][ T5112] netlink: 8 bytes leftover after parsing attributes in process `syz.1.234'.
[  118.584821][ T5112] netlink: 8 bytes leftover after parsing attributes in process `syz.1.234'.
[  119.051849][ T4494] usb 4-1: config 0 has an invalid interface number: 64 but max is 0
[  119.060275][ T4494] usb 4-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  119.085843][ T4494] usb 4-1: config 0 has no interface number 0
[  119.100263][ T5007] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[  119.203319][ T5128] loop2: detected capacity change from 0 to 512
[  119.305281][ T4494] usb 4-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  119.314583][ T4494] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.349388][ T4494] usb 4-1: Product: syz
[  119.353917][ T4494] usb 4-1: Manufacturer: syz
[  119.358542][ T4494] usb 4-1: SerialNumber: syz
[  119.387911][ T4494] usb 4-1: config 0 descriptor??
[  119.507813][ T5128] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodioread_nolock,sb=0x0000000000000001,,errors=continue. Quota mode: writeback.
[  119.543662][ T5128] ext4 filesystem being mounted at /58/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  119.591125][ T5007] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  119.623646][ T5007] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  119.703616][ T5007] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  119.837539][ T5007] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  120.768015][ T4494] usb 4-1: Found UVC 0.00 device syz (046d:0823)
[  120.868692][ T4494] usb 4-1: No valid video chain found.
[  120.908997][ T5119] udc-core: couldn't find an available UDC or it's busy
[  120.926353][ T5007] usb 1-1: GET_CAPABILITIES returned 0
[  120.932017][ T5007] usbtmc 1-1:16.0: can't read capabilities
[  120.970248][ T5119] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  121.034780][ T4494] usb 4-1: USB disconnect, device number 7
[  121.135292][ T5122] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  121.253814][ T5007] usb 1-1: USB disconnect, device number 4
[  121.356894][ T5143] nftables ruleset with unbound chain
[  121.427647][ T5142] loop0: detected capacity change from 0 to 128
[  123.162130][ T5163] netlink: 12 bytes leftover after parsing attributes in process `syz.2.243'.
[  123.180629][ T5163] loop2: detected capacity change from 0 to 16
[  123.290279][ T4749] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  123.397906][ T5166] netlink: 8 bytes leftover after parsing attributes in process `syz.4.246'.
[  123.580217][ T4749] usb 4-1: Using ep0 maxpacket: 8
[  123.606131][ T5170] netlink: 36 bytes leftover after parsing attributes in process `syz.4.248'.
[  123.812636][ T4749] usb 4-1: config 1 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  123.830851][ T4749] usb 4-1: config 1 interface 0 altsetting 8 bulk endpoint 0x82 has invalid maxpacket 1023
[  123.851407][ T4749] usb 4-1: config 1 interface 0 altsetting 8 bulk endpoint 0x3 has invalid maxpacket 32
[  123.877313][ T4749] usb 4-1: config 1 interface 0 has no altsetting 0
[  123.941840][ T5177] loop4: detected capacity change from 0 to 4096
[  124.061290][ T4749] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  124.088437][ T4749] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.107183][ T4749] usb 4-1: Product: �ᭋࠬ膂煞텭췶�絎와⢵៨䢪驇ÿ周翄蛥쒤兩⧺Ჭ풴�댎眶벙ώ拒撽텭䅡짚헺肫⊩퇀㣾⃤㿸�뒸鷢章䯦蘓웒
[  124.179499][ T4749] usb 4-1: Manufacturer: 탾ⶸ�䅂㖤๗휅맂�䄡艨㞣਄ᘵ��꒵겺鴣�欗ꉳ朴僙譺炢蒅쨑ࣅ옵煻価㋪笢ꌜ⸺ቑ瀞봎钣꽨癎헣雨ꈎ엮霕䔢褽ⳅ䜛腕꽬�괜쳂춗蒢焑�蚴�龠ᙖ从俳밄穮県䑆숾��쌴�ꞃଈ㲳ﻗᰙ濔텖ꛪ㜟㻿뚧埦�ћ
[  124.263659][ T5163] erofs: (device loop2): mounted with root inode @ nid 36.
[  124.269479][ T5181] loop1: detected capacity change from 0 to 4096
[  124.288122][ T4749] usb 4-1: SerialNumber: ь
[  124.336923][ T5158] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  124.346619][ T5175] loop0: detected capacity change from 0 to 32768
[  124.357372][ T5158] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  124.423007][ T5175] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.249 (5175)
[  124.438337][ T5183] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  124.485906][ T5175] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  124.503179][ T5175] BTRFS info (device loop0): setting nodatasum
[  124.509961][ T5175] BTRFS info (device loop0): force zlib compression, level 3
[  124.521982][ T5175] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8)
[  124.539279][ T5175] BTRFS info (device loop0): use lzo compression, level 0
[  124.550873][ T5175] BTRFS info (device loop0): turning on flush-on-commit
[  124.558098][ T5175] BTRFS info (device loop0): turning on sync discard
[  124.574033][ T5175] BTRFS info (device loop0): max_inline at 4096
[  124.595118][ T5175] BTRFS info (device loop0): turning off discard
[  124.616235][ T5175] BTRFS info (device loop0): enabling ssd optimizations
[  124.629836][ T5175] BTRFS info (device loop0): using spread ssd allocation scheme
[  124.638724][ T5175] BTRFS error (device loop0): unrecognized mount option 'max_inline='
[  124.680390][ T5175] BTRFS error (device loop0): open_ctree failed: -22
[  124.718623][ T5188] loop2: detected capacity change from 0 to 4096
[  124.838142][ T5189] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  124.862428][ T4749] cdc_ether: probe of 4-1:1.0 failed with error -71
[  124.883722][ T4749] usb 4-1: USB disconnect, device number 8
[  124.913716][ T5188] usb usb8: usbfs: process 5188 (syz.2.255) did not claim interface 0 before use
[  125.008811][ T5175] loop0: detected capacity change from 0 to 512
[  125.052588][ T5177] ntfs3: Bad value for 'dmask'
[  125.071892][ T5175] UDF-fs: bad mount option "™ÌW" or missing value
[  125.416584][ T5194] netlink: 8 bytes leftover after parsing attributes in process `syz.3.257'.
[  125.514850][ T5199] loop3: detected capacity change from 0 to 512
[  125.604736][ T5199] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  125.646042][ T5199] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  125.666706][ T5203] loop0: detected capacity change from 0 to 128
[  125.771485][ T5199] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:476: comm syz.3.259: Invalid block bitmap block 0 in block_group 0
[  125.789719][ T5188] NILFS (loop2): nilfs_sufile_do_free: segment 9 is already clean
[  125.803845][ T5203] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  125.816560][ T5199] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6192: Corrupt filesystem
[  125.831534][ T5203] hpfs: filesystem error: improperly stopped
[  125.837662][ T5203] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  125.846289][ T5199] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #11: comm syz.3.259: attempt to clear invalid blocks 983261 len 1
[  125.866593][ T5203] hpfs: You really don't want any checks? You are crazy...
[  125.867771][ T5199] EXT4-fs error (device loop3): __ext4_get_inode_loc:4327: comm syz.3.259: Invalid inode table block 0 in block_group 0
[  125.893873][ T5203] hpfs: Code page index out of array
[  125.896637][ T5199] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5854: Corrupt filesystem
[  125.899267][ T5203] hpfs: code page support is disabled
[  125.909593][ T5199] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem
[  125.957314][ T5203] hpfs: hpfs_map_4sectors(): unaligned read
[  125.963482][ T5203] hpfs: hpfs_map_4sectors(): unaligned read
[  125.974440][ T5207] loop2: detected capacity change from 0 to 512
[  125.982029][ T5203] hpfs: filesystem error: unable to find root dir
[  125.987703][ T5199] EXT4-fs error (device loop3): __ext4_get_inode_loc:4327: comm syz.3.259: Invalid inode table block 0 in block_group 0
[  126.014255][ T5199] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5854: Corrupt filesystem
[  126.030624][ T5199] EXT4-fs error (device loop3): ext4_truncate:4279: inode #11: comm syz.3.259: mark_inode_dirty error
[  126.047642][ T5199] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem
[  126.061788][ T5207] EXT4-fs (loop2): Ignoring removed oldalloc option
[  126.076806][ T5207] EXT4-fs (loop2): 1 truncate cleaned up
[  126.084612][ T5199] EXT4-fs error (device loop3): __ext4_get_inode_loc:4327: comm syz.3.259: Invalid inode table block 0 in block_group 0
[  126.087134][ T5203] hpfs: hpfs_map_4sectors(): unaligned read
[  126.097703][ T5207] EXT4-fs (loop2): mounted filesystem without journal. Opts: quota,bsdgroups,nouid32,errors=remount-ro,jqfmt=vfsv1,oldalloc,stripe=0x0000000000000005,. Quota mode: writeback.
[  126.130371][ T5199] EXT4-fs (loop3): 1 truncate cleaned up
[  126.138624][ T5199] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,resuid=0x0000000000000000,journal_dev=0x0000000000000002,noblock_validity,,errors=continue. Quota mode: none.
[  126.740493][ T4584] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  126.777787][ T5216] FAULT_INJECTION: forcing a failure.
[  126.777787][ T5216] name failslab, interval 1, probability 0, space 0, times 0
[  126.822358][ T5216] CPU: 0 PID: 5216 Comm: syz.4.267 Not tainted syzkaller #0
[  126.830073][ T5216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  126.840254][ T5216] Call Trace:
[  126.843628][ T5216]  <TASK>
[  126.846578][ T5216]  dump_stack_lvl+0x188/0x250
[  126.851291][ T5216]  ? show_regs_print_info+0x20/0x20
[  126.856804][ T5216]  ? load_image+0x400/0x400
[  126.861352][ T5216]  should_fail+0x38c/0x4c0
[  126.865976][ T5216]  should_failslab+0x5/0x20
[  126.870593][ T5216]  slab_pre_alloc_hook+0x51/0xc0
[  126.875561][ T5216]  __kmalloc_node_track_caller+0x68/0x3a0
[  126.881309][ T5216]  ? netlink_dump+0x19f/0xcf0
[  126.886002][ T5216]  ? kmem_cache_alloc_node+0x162/0x2d0
[  126.891607][ T5216]  ? __alloc_skb+0xf4/0x750
[  126.896140][ T5216]  ? netlink_dump+0x19f/0xcf0
[  126.900843][ T5216]  __alloc_skb+0x22c/0x750
[  126.905475][ T5216]  netlink_dump+0x19f/0xcf0
[  126.910008][ T5216]  ? lockdep_hardirqs_on+0x94/0x140
[  126.915246][ T5216]  ? slab_free_freelist_hook+0xea/0x170
[  126.920929][ T5216]  ? netlink_lookup+0x1d0/0x1d0
[  126.925831][ T5216]  netlink_recvmsg+0x672/0xe20
[  126.930644][ T5216]  ? import_iovec+0x6f/0xa0
[  126.935192][ T5216]  ? ___sys_recvmsg+0x4e9/0x5c0
[  126.940252][ T5216]  ? netlink_sendmsg+0xbe0/0xbe0
[  126.945234][ T5216]  ? aa_sk_perm+0x7dc/0x910
[  126.949856][ T5216]  ? aa_af_perm+0x340/0x340
[  126.954572][ T5216]  ? bpf_lsm_socket_recvmsg+0x5/0x10
[  126.959971][ T5216]  ? security_socket_recvmsg+0x85/0xb0
[  126.965553][ T5216]  ? netlink_sendmsg+0xbe0/0xbe0
[  126.970598][ T5216]  ____sys_recvmsg+0x2cd/0x5e0
[  126.975389][ T5216]  ? __might_fault+0xb3/0x110
[  126.980236][ T5216]  ? __sys_recvmsg_sock+0x40/0x40
[  126.985301][ T5216]  ? import_iovec+0x6f/0xa0
[  126.989836][ T5216]  ___sys_recvmsg+0x21a/0x5c0
[  126.994723][ T5216]  ? __sys_recvmsg+0x280/0x280
[  127.000376][ T5216]  ? __fdget+0x18b/0x210
[  127.004655][ T5216]  ? do_recvmmsg+0x1a1/0x850
[  127.009381][ T5216]  do_recvmmsg+0x382/0x850
[  127.013839][ T5216]  ? __sys_recvmmsg+0x290/0x290
[  127.018753][ T5216]  ? get_timespec64+0x116/0x1b0
[  127.023638][ T5216]  ? timespec64_add_safe+0x1f0/0x1f0
[  127.028968][ T5216]  __x64_sys_recvmmsg+0x1b4/0x250
[  127.034027][ T5216]  ? do_recvmmsg+0x850/0x850
[  127.038828][ T5216]  ? lockdep_hardirqs_on+0x94/0x140
[  127.044089][ T5216]  do_syscall_64+0x4c/0xa0
[  127.048527][ T5216]  ? clear_bhb_loop+0x30/0x80
[  127.053234][ T5216]  ? clear_bhb_loop+0x30/0x80
[  127.057943][ T5216]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  127.063947][ T5216] RIP: 0033:0x7f1dd2496819
[  127.068388][ T5216] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  127.088035][ T5216] RSP: 002b:00007f1dd06f0028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  127.096578][ T5216] RAX: ffffffffffffffda RBX: 00007f1dd270ffa0 RCX: 00007f1dd2496819
[  127.104574][ T5216] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  127.112620][ T5216] RBP: 00007f1dd06f0090 R08: 0000200000003700 R09: 0000000000000000
[  127.120718][ T5216] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000002
[  127.128913][ T5216] R13: 00007f1dd2710038 R14: 00007f1dd270ffa0 R15: 00007fff7dba10a8
[  127.136958][ T5216]  </TASK>
[  127.287126][ T4584] usb 3-1: Using ep0 maxpacket: 8
[  127.318763][ T5223] netlink: 8 bytes leftover after parsing attributes in process `syz.4.269'.
[  127.450470][ T4584] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  127.458864][ T4584] usb 3-1: config 179 has no interface number 0
[  127.489454][ T4584] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  127.522984][ T5199] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.259: Invalid inode bitmap blk 0 in block_group 0
[  127.546404][ T4584] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  127.575170][ T4584] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  127.594470][ T5232] netlink: 28 bytes leftover after parsing attributes in process `syz.4.270'.
[  127.608149][ T5231] EXT4-fs error (device loop3): __ext4_get_inode_loc:4327: comm syz.3.259: Invalid inode table block 0 in block_group 0
[  127.637882][ T4584] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  127.644471][ T5234] overlayfs: missing 'workdir'
[  127.686436][ T4584] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  127.744302][ T4584] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  127.764257][ T4584] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.835261][ T5210] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  127.986291][ T5239] loop1: detected capacity change from 0 to 4096
[  128.046239][ T5242] loop4: detected capacity change from 0 to 1024
[  128.087606][ T4746] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input8
[  128.274579][ T5210] udc-core: couldn't find an available UDC or it's busy
[  128.292691][ T5210] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  128.467132][ T5243] loop3: detected capacity change from 0 to 32768
[  128.519511][ T5243] XFS (loop3): Mounting V5 Filesystem
[  128.568399][ T5243] XFS (loop3): Ending clean mount
[  128.587993][ T5243] XFS (loop3): Quotacheck needed: Please wait.
[  128.646601][ T5243] XFS (loop3): Quotacheck: Done.
[  128.696849][ T4185] XFS (loop3): Unmounting Filesystem
[  129.036708][ T5255] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  129.106416][ T5242] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[  129.124480][ T4584] usb 3-1: USB disconnect, device number 4
[  129.146639][ T5242] EXT4-fs (loop4): can't mount with journal_checksum, fs mounted w/o journal
[  129.150107][    C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  129.164678][    C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  129.179193][ T4584] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  129.257990][ T5258] netlink: 4 bytes leftover after parsing attributes in process `syz.3.280'.
[  129.590762][ T5253] loop0: detected capacity change from 0 to 32768
[  129.692203][ T5253] XFS (loop0): Mounting V5 Filesystem
[  129.803319][ T5253] XFS (loop0): Ending clean mount
[  129.818775][ T5253] XFS (loop0): Quotacheck needed: Please wait.
[  129.924155][ T5253] XFS (loop0): Quotacheck: Done.
[  130.058820][ T4189] XFS (loop0): Unmounting Filesystem
[  131.293582][ T5278] loop2: detected capacity change from 0 to 32768
[  131.412666][ T5276] loop1: detected capacity change from 0 to 32768
[  131.483041][ T5276] XFS: noattr2 mount option is deprecated.
[  131.488920][ T5276] xfs: Unknown parameter 'nobarrier'
[  132.082313][   T26] audit: type=1326 audit(1775298358.327:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5291 comm="syz.0.282" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0e31571819 code=0x0
[  132.569002][ T5274] loop1: detected capacity change from 0 to 32768
[  132.642208][ T5274] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.278 (5274)
[  132.785919][ T5274] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  132.786577][ T5278] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by syz.2.283 (5278)
[  132.804916][ T5274] BTRFS info (device loop1): setting nodatasum
[  132.821208][ T1432] ieee802154 phy0 wpan0: encryption failed: -22
[  132.827592][ T1432] ieee802154 phy1 wpan1: encryption failed: -22
[  132.883814][ T5274] BTRFS info (device loop1): force zlib compression, level 3
[  132.883847][ T5278] IPVS: set_ctl: invalid protocol: 0 172.20.20.187:20003
[  132.949516][ T5274] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_LZO (0x8)
[  133.035923][ T5274] BTRFS info (device loop1): use lzo compression, level 0
[  133.043989][ T5274] BTRFS info (device loop1): turning on flush-on-commit
[  133.076622][ T5274] BTRFS info (device loop1): enabling auto defrag
[  133.121145][ T5274] BTRFS info (device loop1): max_inline at 57
[  133.170112][ T5274] BTRFS info (device loop1): using free space tree
[  133.178488][ T4702] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by udevd (4702)
[  133.223518][ T5274] BTRFS info (device loop1): has skinny extents
[  134.027470][ T5274] BTRFS error (device loop1): open_ctree failed: -12
[  134.027819][ T4701] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by udevd (4701)
[  134.424947][ T5324] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.503394][ T5324] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.690798][ T5338] netlink: 4 bytes leftover after parsing attributes in process `syz.4.291'.
[  134.851866][ T5341] tipc: Started in network mode
[  134.857203][ T5341] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  134.890914][ T5341] tipc: New replicast peer: fc02:0000:0000:0000:0000:0000:0000:0000
[  134.917920][ T5341] tipc: Enabled bearer <udp:syz0>, priority 10
[  136.075804][ T5263] Set syz1 is full, maxelem 65536 reached
[  136.244155][ T4494] tipc: Node number set to 1
[  136.488482][ T5353] loop3: detected capacity change from 0 to 2048
[  136.554790][ T5346] loop4: detected capacity change from 0 to 32768
[  136.624407][ T5353] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  136.696705][ T5353] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  136.914647][ T4174] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop4 scanned by udevd (4174)
[  136.966150][ T5360] FAULT_INJECTION: forcing a failure.
[  136.966150][ T5360] name failslab, interval 1, probability 0, space 0, times 0
[  137.070238][ T5360] CPU: 0 PID: 5360 Comm: syz.2.299 Not tainted syzkaller #0
[  137.077681][ T5360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  137.087760][ T5360] Call Trace:
[  137.091251][ T5360]  <TASK>
[  137.094289][ T5360]  dump_stack_lvl+0x188/0x250
[  137.099007][ T5360]  ? show_regs_print_info+0x20/0x20
[  137.104248][ T5360]  ? load_image+0x400/0x400
[  137.108794][ T5360]  ? __lock_acquire+0x7d10/0x7d10
[  137.113843][ T5360]  ? memset+0x1e/0x40
[  137.117862][ T5360]  ? lockdep_init_map_type+0x98/0x900
[  137.119508][ T4260] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  137.123271][ T5360]  should_fail+0x38c/0x4c0
[  137.123304][ T5360]  should_failslab+0x5/0x20
[  137.123324][ T5360]  slab_pre_alloc_hook+0x51/0xc0
[  137.144867][ T5360]  kmem_cache_alloc_trace+0x47/0x2a0
[  137.150186][ T5360]  ? __nft_trans_set_add+0x5b/0x480
[  137.155421][ T5360]  ? init_timer_key+0x15d/0x2a0
[  137.160436][ T5360]  __nft_trans_set_add+0x5b/0x480
[  137.165514][ T5360]  nf_tables_newset+0x1c77/0x2430
[  137.170586][ T5360]  ? nf_tables_delrule+0x1110/0x1110
[  137.175913][ T5360]  ? __lock_acquire+0x7d10/0x7d10
[  137.180997][ T5360]  ? __nla_parse+0x3c/0x50
[  137.185453][ T5360]  nfnetlink_rcv+0x1122/0x2460
[  137.190389][ T5360]  ? nfnetlink_net_exit_batch+0xa0/0xa0
[  137.196013][ T5360]  ? rcu_lock_release+0x5/0x20
[  137.200814][ T5360]  ? __lock_acquire+0x7d10/0x7d10
[  137.205891][ T5360]  netlink_unicast+0x774/0x920
[  137.210691][ T5360]  netlink_sendmsg+0x8ba/0xbe0
[  137.215505][ T5360]  ? netlink_getsockopt+0x570/0x570
[  137.220922][ T5360]  ? aa_sock_msg_perm+0x94/0x150
[  137.225896][ T5360]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  137.231205][ T5360]  ? security_socket_sendmsg+0x7c/0xa0
[  137.236733][ T5360]  ? netlink_getsockopt+0x570/0x570
[  137.242096][ T5360]  ____sys_sendmsg+0x5b7/0x8f0
[  137.246901][ T5360]  ? __sys_sendmsg_sock+0x30/0x30
[  137.252093][ T5360]  ? import_iovec+0x6f/0xa0
[  137.256983][ T5360]  ___sys_sendmsg+0x236/0x2e0
[  137.261811][ T5360]  ? __sys_sendmsg+0x2a0/0x2a0
[  137.266647][ T5360]  ? vfs_write+0x8b2/0xd60
[  137.271385][ T5360]  __se_sys_sendmsg+0x1af/0x290
[  137.276279][ T5360]  ? __x64_sys_sendmsg+0x80/0x80
[  137.281236][ T5360]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  137.287261][ T5360]  ? lockdep_hardirqs_on+0x94/0x140
[  137.292483][ T5360]  do_syscall_64+0x4c/0xa0
[  137.296966][ T5360]  ? clear_bhb_loop+0x30/0x80
[  137.301654][ T5360]  ? clear_bhb_loop+0x30/0x80
[  137.306338][ T5360]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  137.312240][ T5360] RIP: 0033:0x7fcd84458819
[  137.316674][ T5360] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  137.336452][ T5360] RSP: 002b:00007fcd826b2028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  137.344873][ T5360] RAX: ffffffffffffffda RBX: 00007fcd846d1fa0 RCX: 00007fcd84458819
[  137.353022][ T5360] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000003
[  137.360997][ T5360] RBP: 00007fcd826b2090 R08: 0000000000000000 R09: 0000000000000000
[  137.369003][ T5360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  137.376991][ T5360] R13: 00007fcd846d2038 R14: 00007fcd846d1fa0 R15: 00007ffd8b450eb8
[  137.385003][ T5360]  </TASK>
[  137.686764][ T4260] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  137.700190][ T4260] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  137.837122][ T4260] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  137.856604][ T4260] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  137.872416][ T4260] usb 2-1: SerialNumber: syz
[  137.911920][ T5368] netlink: 4 bytes leftover after parsing attributes in process `syz.0.303'.
[  138.048545][ T5370] loop0: detected capacity change from 0 to 2048
[  138.203225][ T4260] usb 2-1: 0:2 : does not exist
[  138.209295][ T5371] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  138.245876][ T4260] usb 2-1: USB disconnect, device number 5
[  138.667166][ T4702] udevd[4702]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  138.982926][ T5381] loop0: detected capacity change from 0 to 4096
[  139.078727][ T5384] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  139.634373][ T5376] loop3: detected capacity change from 0 to 32768
[  139.635205][ T5391] loop1: detected capacity change from 0 to 128
[  139.797134][ T5376] XFS (loop3): Mounting V5 Filesystem
[  139.980328][ T5376] XFS (loop3): Ending clean mount
[  139.999377][ T5376] XFS (loop3): Quotacheck needed: Please wait.
[  140.086016][ T5376] XFS (loop3): Quotacheck: Done.
[  140.121518][ T5376] 9pnet: Insufficient options for proto=fd
[  140.138118][ T5376] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.301'.
[  140.147962][ T5376] bridge_slave_1: default FDB implementation only supports local addresses
[  140.207024][ T4185] XFS (loop3): Unmounting Filesystem
[  140.571338][ T5405] overlayfs: missing 'workdir'
[  141.034905][   T26] audit: type=1326 audit(1775298367.277:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5420 comm="syz.2.319" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcd84458819 code=0x0
[  141.521420][ T4585] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  141.655930][ T5418] loop4: detected capacity change from 0 to 32768
[  141.709766][ T5430] loop0: detected capacity change from 0 to 4096
[  141.810232][ T4585] usb 2-1: Using ep0 maxpacket: 8
[  141.879592][ T5436] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  141.960307][ T4585] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  141.968672][ T4585] usb 2-1: config 179 has no interface number 0
[  142.027085][ T4585] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  142.079459][ T4585] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  142.122840][ T4585] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  142.158493][ T4585] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  142.190408][ T5424] loop3: detected capacity change from 0 to 32768
[  142.197068][ T4585] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  142.220892][ T4585] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  142.237241][ T4585] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.287913][ T5418] XFS (loop4): Mounting V5 Filesystem
[  142.310597][ T5426] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  142.398389][ T5424] ERROR: (device loop3): dbAllocBits: leaf page corrupt
[  142.398389][ T5424] 
[  142.503825][ T5424] ERROR: (device loop3): remounting filesystem as read-only
[  142.561893][ T5424] attempt to access beyond end of device
[  142.561893][ T5424] loop3: rw=16812033, want=4681672, limit=32768
[  142.579725][ T5426] netlink: 12 bytes leftover after parsing attributes in process `syz.1.313'.
[  142.599357][ T5424] blkno = 8ed80, nblocks = 79
[  142.606667][ T5424] ERROR: (device loop3): dbFree: block to be freed is outside the map
[  142.606667][ T5424] 
[  142.675346][ T5444] loop0: detected capacity change from 0 to 256
[  142.737661][ T5418] XFS (loop4): Ending clean mount
[  142.752905][ T5444] MINIX-fs: bad superblock
[  142.808445][ T5426] udc-core: couldn't find an available UDC or it's busy
[  142.820454][ T5418] XFS (loop4): Quotacheck needed: Please wait.
[  142.847206][ T5426] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  142.929898][ T4585] usb 2-1: USB disconnect, device number 6
[  142.950133][    C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  143.013859][ T5418] XFS (loop4): Quotacheck: Done.
[  143.104543][ T4197] XFS (loop4): Unmounting Filesystem
[  143.595256][ T5451] loop4: detected capacity change from 0 to 512
[  143.742365][ T5451] netlink: 12 bytes leftover after parsing attributes in process `syz.4.324'.
[  145.225127][ T5475] loop2: detected capacity change from 0 to 512
[  145.397990][ T5475] EXT4-fs (loop2): Ignoring removed bh option
[  145.699570][ T5482] loop3: detected capacity change from 0 to 256
[  145.764416][ T5482] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  145.797670][ T5482] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[  145.814030][ T5482] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  145.825111][ T5482] UDF-fs: Scanning with blocksize 512 failed
[  145.838913][ T5483] netlink: 32 bytes leftover after parsing attributes in process `syz.2.335'.
[  145.855108][ T5482] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  145.885518][ T5482] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  146.305087][ T5493] loop3: detected capacity change from 0 to 512
[  147.877353][ T5500] sched: RT throttling activated
[  148.149294][ T5505] loop0: detected capacity change from 0 to 1024
[  148.295664][ T5491] loop4: detected capacity change from 0 to 32768
[  148.830432][ T5511] netlink: 'syz.2.348': attribute type 10 has an invalid length.
[  148.860147][ T5511] netlink: 40 bytes leftover after parsing attributes in process `syz.2.348'.
[  148.869524][ T5511] device team0 entered promiscuous mode
[  148.909850][ T5511] device team_slave_0 entered promiscuous mode
[  148.966988][ T5511] device team_slave_1 entered promiscuous mode
[  148.996913][ T5511] bridge0: port 3(team0) entered blocking state
[  149.040213][ T5511] bridge0: port 3(team0) entered disabled state
[  149.091670][ T5511] bridge0: port 3(team0) entered blocking state
[  149.098230][ T5511] bridge0: port 3(team0) entered forwarding state
[  149.119722][ T5493] EXT4-fs (loop3): Mount option "nodioread_nolock" incompatible with ext2
[  149.128027][ T5507] loop1: detected capacity change from 0 to 32768
[  149.395026][ T5507] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop1 scanned by syz.1.347 (5507)
[  150.103902][ T5516] loop2: detected capacity change from 0 to 128
[  150.208233][ T5505] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  150.294222][ T5505] EXT4-fs (loop0): Test dummy encryption mode enabled
[  150.308257][ T5505] EXT4-fs (loop0): Ignoring removed orlov option
[  150.314934][ T5505] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  150.344865][ T5505] EXT4-fs error (device loop0): ext4_ext_check_inode:501: inode #3: comm syz.0.346: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  150.374108][ T5505] EXT4-fs error (device loop0): ext4_quota_enable:6445: comm syz.0.346: Bad quota inode: 3, type: 0
[  150.391375][ T5505] EXT4-fs warning (device loop0): ext4_enable_quotas:6486: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[  150.419262][ T5505] EXT4-fs (loop0): mount failed
[  150.568079][ T5505] input: syz0 as /devices/virtual/input/input9
[  151.003973][ T5507] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  151.026140][ T5507] BTRFS info (device loop1): setting nodatacow, compression disabled
[  151.042659][ T5507] BTRFS info (device loop1): turning on flush-on-commit
[  151.049730][ T5507] BTRFS info (device loop1): using free space tree
[  151.108249][ T5507] BTRFS info (device loop1): has skinny extents
[  151.238238][ T4500] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  151.256106][ T5516] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  151.307891][ T5535] FAULT_INJECTION: forcing a failure.
[  151.307891][ T5535] name failslab, interval 1, probability 0, space 0, times 0
[  151.358406][ T5535] CPU: 0 PID: 5535 Comm: syz.3.354 Not tainted syzkaller #0
[  151.365858][ T5535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  151.376011][ T5535] Call Trace:
[  151.379317][ T5535]  <TASK>
[  151.382272][ T5535]  dump_stack_lvl+0x188/0x250
[  151.387092][ T5535]  ? show_regs_print_info+0x20/0x20
[  151.392421][ T5535]  ? load_image+0x400/0x400
[  151.397157][ T5535]  ? __might_sleep+0xf0/0xf0
[  151.401776][ T5535]  ? __lock_acquire+0x7d10/0x7d10
[  151.406826][ T5535]  ? __lock_acquire+0x12e8/0x7d10
[  151.411883][ T5535]  should_fail+0x38c/0x4c0
[  151.416421][ T5535]  should_failslab+0x5/0x20
[  151.420953][ T5535]  slab_pre_alloc_hook+0x51/0xc0
[  151.425926][ T5535]  __kmalloc+0x6b/0x330
[  151.430105][ T5535]  ? iovec_from_user+0x83/0x370
[  151.435007][ T5535]  iovec_from_user+0x83/0x370
[  151.440168][ T5535]  __import_iovec+0x70/0x490
[  151.444900][ T5535]  import_iovec+0x6f/0xa0
[  151.449274][ T5535]  ___sys_recvmsg+0x4e9/0x5c0
[  151.454084][ T5535]  ? __sys_recvmsg+0x280/0x280
[  151.459035][ T5535]  ? __fdget+0x18b/0x210
[  151.463561][ T5535]  ? do_recvmmsg+0x1a1/0x850
[  151.468509][ T5535]  do_recvmmsg+0x382/0x850
[  151.473058][ T5535]  ? __sys_recvmmsg+0x290/0x290
[  151.478093][ T5535]  ? get_timespec64+0x116/0x1b0
[  151.483065][ T5535]  ? timespec64_add_safe+0x1f0/0x1f0
[  151.488401][ T5535]  __x64_sys_recvmmsg+0x1b4/0x250
[  151.493650][ T5535]  ? do_recvmmsg+0x850/0x850
[  151.498287][ T5535]  ? lockdep_hardirqs_on+0x94/0x140
[  151.503614][ T5535]  do_syscall_64+0x4c/0xa0
[  151.508158][ T5535]  ? clear_bhb_loop+0x30/0x80
[  151.512877][ T5535]  ? clear_bhb_loop+0x30/0x80
[  151.517591][ T5535]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  151.523691][ T5535] RIP: 0033:0x7eff8cd08819
[  151.528316][ T5535] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  151.549246][ T5535] RSP: 002b:00007eff8af62028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  151.558041][ T5535] RAX: ffffffffffffffda RBX: 00007eff8cf81fa0 RCX: 00007eff8cd08819
[  151.566137][ T5535] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  151.574500][ T5535] RBP: 00007eff8af62090 R08: 0000200000003700 R09: 0000000000000000
[  151.582515][ T5535] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000001
[  151.590696][ T5535] R13: 00007eff8cf82038 R14: 00007eff8cf81fa0 R15: 00007ffc2c3b1748
[  151.598840][ T5535]  </TASK>
[  151.750688][ T5516] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  151.883269][ T4500] usb 1-1: unable to get BOS descriptor or descriptor too short
[  151.954905][   T26] audit: type=1800 audit(1775298378.197:8): pid=5516 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.349" name="file1" dev="loop2" ino=104 res=0 errno=0
[  151.991214][ T4500] usb 1-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping
[  152.005218][ T4500] usb 1-1: config 1 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  152.057762][ T5507] BTRFS error (device loop1): open_ctree failed: -12
[  152.108755][   T26] audit: type=1800 audit(1775298378.347:9): pid=5516 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.349" name="file1" dev="loop2" ino=104 res=0 errno=0
[  152.165113][ T4701] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop1 scanned by udevd (4701)
[  152.346191][ T4500] usb 1-1: New USB device found, idVendor=0a4e, idProduct=2040, bcdDevice= 0.40
[  152.370093][ T4500] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.412269][ T4500] usb 1-1: Product: syz
[  152.416483][ T4500] usb 1-1: Manufacturer: syz
[  152.434973][ T4500] usb 1-1: SerialNumber: syz
[  153.363378][ T5529] udc-core: couldn't find an available UDC or it's busy
[  153.461520][ T5529] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  153.636832][ T4746] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  154.058462][ T4500] usb 1-1: unit 9 not found!
[  154.069748][ T4500] usb 1-1: unit 5 not found!
[  154.137315][ T4500] usb 1-1: USB disconnect, device number 5
[  154.281537][ T4746] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  154.324762][ T4746] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  154.375712][ T4746] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  154.453239][ T4746] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.472498][ T4702] udevd[4702]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  154.709822][ T5573] netlink: 'syz.3.361': attribute type 11 has an invalid length.
[  154.905896][ T5578] netlink: 64 bytes leftover after parsing attributes in process `syz.2.363'.
[  155.020551][ T5586] program syz.3.361 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  155.036522][ T5585] loop4: detected capacity change from 0 to 128
[  155.100181][ T5585] hpfs: bad mount options.
[  155.113987][ T5580] loop0: detected capacity change from 0 to 4096
[  155.607200][ T4746] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[  155.622873][ T4746] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input10
[  155.655984][ T4746] input: failed to attach handler kbd to device input10, error: -5
[  156.019825][ T5594] binder_alloc: 5593: binder_alloc_buf, no vma
[  156.527785][ T5317] usb 2-1: USB disconnect, device number 7
[  156.833475][ T5592] loop2: detected capacity change from 0 to 32768
[  156.907536][ T5599] netlink: 12 bytes leftover after parsing attributes in process `syz.3.370'.
[  156.957161][ T5599] loop3: detected capacity change from 0 to 16
[  157.350793][ T5601] loop4: detected capacity change from 0 to 128
[  157.395078][ T5602] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  157.942765][ T5606] netlink: 32 bytes leftover after parsing attributes in process `syz.1.372'.
[  158.479179][ T5599] erofs: (device loop3): mounted with root inode @ nid 36.
[  158.789303][ T5601] hpfs: bad mount options.
[  159.107838][ T5604] loop0: detected capacity change from 0 to 32768
[  159.143156][ T5610] loop1: detected capacity change from 0 to 32768
[  159.170692][ T4584] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[  159.670218][ T4584] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  159.695780][ T4584] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  159.719175][ T4584] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  159.746081][ T4584] usb 5-1: New USB device found, idVendor=04b4, idProduct=0001, bcdDevice= 0.00
[  159.762391][ T4584] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.794464][ T4584] usb 5-1: config 0 descriptor??
[  160.878297][ T4584] usbhid 5-1:0.0: can't add hid device: -71
[  160.896945][ T4584] usbhid: probe of 5-1:0.0 failed with error -71
[  160.937287][ T4584] usb 5-1: USB disconnect, device number 4
[  161.216802][ T5634] loop3: detected capacity change from 0 to 512
[  161.581551][ T4584] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  161.888659][ T5640] loop2: detected capacity change from 0 to 128
[  162.128899][ T4584] usb 5-1: config 0 has an invalid interface number: 64 but max is 0
[  162.137193][ T4584] usb 5-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  162.166349][ T4584] usb 5-1: config 0 has no interface number 0
[  162.407018][ T4584] usb 5-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  162.433657][ T4584] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.478367][ T4584] usb 5-1: Product: syz
[  162.482887][ T4584] usb 5-1: Manufacturer: syz
[  162.487515][ T4584] usb 5-1: SerialNumber: syz
[  162.505325][ T4584] usb 5-1: config 0 descriptor??
[  162.794781][ T5634] EXT4-fs (loop3): Invalid want_extra_isize 11
[  163.137732][ T4584] usb 5-1: Found UVC 0.00 device syz (046d:0823)
[  163.145339][ T4584] usb 5-1: No valid video chain found.
[  163.457201][ T5317] usb 5-1: USB disconnect, device number 5
[  163.624989][ T5640] omfs: sysblock number (f784317bf884317b) is out of range
[  163.648860][ T5649] device ip6tnl1 entered promiscuous mode
[  164.321412][ T5655] netlink: 32 bytes leftover after parsing attributes in process `syz.0.383'.
[  164.539638][ T5657] loop0: detected capacity change from 0 to 1024
[  165.016913][ T5669] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  165.073525][ T5669] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  165.134912][ T5669] device batadv_slave_0 entered promiscuous mode
[  165.192326][ T5007] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[  165.495193][ T5007] usb 1-1: device descriptor read/64, error -71
[  165.531153][ T5678] FAULT_INJECTION: forcing a failure.
[  165.531153][ T5678] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  165.554035][ T5653] loop4: detected capacity change from 0 to 32768
[  165.595858][ T5678] CPU: 0 PID: 5678 Comm: syz.1.398 Not tainted syzkaller #0
[  165.603695][ T5678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  165.613789][ T5678] Call Trace:
[  165.617186][ T5678]  <TASK>
[  165.620241][ T5678]  dump_stack_lvl+0x188/0x250
[  165.624950][ T5678]  ? show_regs_print_info+0x20/0x20
[  165.630410][ T5678]  ? load_image+0x400/0x400
[  165.635028][ T5678]  ? __lock_acquire+0x7d10/0x7d10
[  165.640183][ T5678]  should_fail+0x38c/0x4c0
[  165.644630][ T5678]  _copy_from_user+0x2e/0x170
[  165.649602][ T5678]  iovec_from_user+0x142/0x370
[  165.654486][ T5678]  __import_iovec+0x70/0x490
[  165.659108][ T5678]  import_iovec+0x6f/0xa0
[  165.663679][ T5678]  ___sys_recvmsg+0x4e9/0x5c0
[  165.668389][ T5678]  ? __sys_recvmsg+0x280/0x280
[  165.673222][ T5678]  ? __fdget+0x18b/0x210
[  165.677495][ T5678]  ? do_recvmmsg+0x1a1/0x850
[  165.682111][ T5678]  do_recvmmsg+0x382/0x850
[  165.686668][ T5678]  ? __sys_recvmmsg+0x290/0x290
[  165.691877][ T5678]  ? get_timespec64+0x116/0x1b0
[  165.696763][ T5678]  ? timespec64_add_safe+0x1f0/0x1f0
[  165.702095][ T5678]  __x64_sys_recvmmsg+0x1b4/0x250
[  165.707240][ T5678]  ? do_recvmmsg+0x850/0x850
[  165.712062][ T5678]  ? lockdep_hardirqs_on+0x94/0x140
[  165.718070][ T5678]  do_syscall_64+0x4c/0xa0
[  165.722633][ T5678]  ? clear_bhb_loop+0x30/0x80
[  165.727431][ T5678]  ? clear_bhb_loop+0x30/0x80
[  165.732225][ T5678]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  165.738146][ T5678] RIP: 0033:0x7faaeb63f819
[  165.742681][ T5678] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  165.759434][ T5317] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  165.762570][ T5678] RSP: 002b:00007faae9899028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  165.762601][ T5678] RAX: ffffffffffffffda RBX: 00007faaeb8b8fa0 RCX: 00007faaeb63f819
[  165.762618][ T5678] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  165.794628][ T5678] RBP: 00007faae9899090 R08: 0000200000003700 R09: 0000000000000000
[  165.802902][ T5678] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000001
[  165.810901][ T5678] R13: 00007faaeb8b9038 R14: 00007faaeb8b8fa0 R15: 00007ffd183146c8
[  165.819027][ T5678]  </TASK>
[  166.051186][ T5007] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  166.218254][ T5317] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30
[  166.252742][ T5317] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  166.288270][ T5317] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  166.293469][ T5007] usb 1-1: device descriptor read/64, error -71
[  166.310932][ T5317] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 196
[  166.392362][ T5317] usb 3-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.05
[  166.419510][ T5317] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.447659][ T5317] usb 3-1: config 0 descriptor??
[  166.479324][ T5007] usb usb1-port1: attempt power cycle
[  166.946127][ T5317] usbhid 3-1:0.0: can't add hid device: -32
[  166.960252][ T5317] usbhid: probe of 3-1:0.0 failed with error -32
[  166.995592][ T4500] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  167.042043][ T5317] usb 3-1: USB disconnect, device number 5
[  167.106689][ T5007] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[  167.258432][ T5007] usb 1-1: device descriptor read/8, error -71
[  167.549462][ T4500] usb 2-1: config 0 has an invalid interface number: 64 but max is 0
[  167.561139][ T4500] usb 2-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  167.597695][ T4500] usb 2-1: config 0 has no interface number 0
[  167.699653][ T5007] usb 1-1: new full-speed USB device number 9 using dummy_hcd
[  167.837399][ T5007] usb 1-1: device descriptor read/8, error -71
[  167.848069][ T4500] usb 2-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  167.860205][ T4500] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.919681][ T4500] usb 2-1: Product: syz
[  167.930150][ T5687] loop3: detected capacity change from 0 to 32768
[  167.937715][ T4500] usb 2-1: Manufacturer: syz
[  167.950078][ T4500] usb 2-1: SerialNumber: syz
[  167.985045][ T4500] usb 2-1: config 0 descriptor??
[  168.032551][ T5007] usb usb1-port1: unable to enumerate USB device
[  168.058307][ T5687] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  168.107198][ T5687] BTRFS info (device loop3): setting nodatacow, compression disabled
[  168.121563][ T5687] BTRFS info (device loop3): turning on flush-on-commit
[  168.146325][ T5687] BTRFS info (device loop3): using free space tree
[  168.173274][ T5687] BTRFS info (device loop3): has skinny extents
[  168.505535][ T4500] usb 2-1: Found UVC 0.00 device syz (046d:0823)
[  168.512996][ T4500] usb 2-1: No valid video chain found.
[  168.764099][ T5687] BTRFS info (device loop3): enabling ssd optimizations
[  168.886127][   T26] audit: type=1800 audit(1775298395.127:10): pid=5687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.401" name="file2" dev="loop3" ino=261 res=0 errno=0
[  168.886978][ T4230] usb 2-1: USB disconnect, device number 8
[  168.923265][ T5717] netlink: 32 bytes leftover after parsing attributes in process `syz.4.399'.
[  169.712476][ T5730] overlayfs: missing 'workdir'
[  170.555605][ T5746] loop1: detected capacity change from 0 to 32768
[  171.753497][ T5755] netlink: 32 bytes leftover after parsing attributes in process `syz.0.416'.
[  171.957482][ T5761] loop2: detected capacity change from 0 to 1024
[  173.462210][ T5746] (syz.1.414,5746,0):ocfs2_initialize_super:2313 ERROR: status = -12
[  173.470791][ T5746] (syz.1.414,5746,0):ocfs2_fill_super:1177 ERROR: status = -12
[  173.579959][ T5771] loop3: detected capacity change from 0 to 4096
[  173.595186][ T5775] netlink: 12 bytes leftover after parsing attributes in process `syz.1.422'.
[  173.941959][ T5761] EXT4-fs (loop2): Ignoring removed nobh option
[  174.148737][ T5761] EXT4-fs error (device loop2): ext4_map_blocks:739: inode #3: block 3: comm syz.2.418: lblock 3 mapped to illegal pblock 3 (length 1)
[  174.200559][ T5761] Quota error (device loop2): write_blk: dquota write failed
[  174.208645][ T5761] Quota error (device loop2): find_free_dqentry: Can't write quota data block 3
[  174.263539][ T5761] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  174.295452][ T5761] EXT4-fs error (device loop2): ext4_acquire_dquot:6234: comm syz.2.418: Failed to acquire dquot type 0
[  174.357903][ T5761] EXT4-fs error (device loop2): ext4_map_blocks:629: inode #3: block 3: comm syz.2.418: lblock 3 mapped to illegal pblock 3 (length 1)
[  174.417105][ T5761] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  174.450177][ T5761] EXT4-fs error (device loop2): ext4_acquire_dquot:6234: comm syz.2.418: Failed to acquire dquot type 0
[  174.519286][ T5761] EXT4-fs error (device loop2): ext4_free_blocks:6232: comm syz.2.418: Freeing blocks not in datazone - block = 0, count = 4096
[  174.591144][ T5761] EXT4-fs error (device loop2): ext4_map_blocks:629: inode #3: block 3: comm syz.2.418: lblock 3 mapped to illegal pblock 3 (length 1)
[  174.632588][ T5761] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  174.694526][ T5761] EXT4-fs error (device loop2): ext4_acquire_dquot:6234: comm syz.2.418: Failed to acquire dquot type 0
[  174.745010][ T5761] EXT4-fs (loop2): 1 orphan inode deleted
[  174.755309][ T5761] EXT4-fs (loop2): mounted filesystem without journal. Opts: minixdf,abort,bsddf,nombcache,init_itable,inode_readahead_blks=0x0000000000000010,nobh,,errors=continue. Quota mode: writeback.
[  175.536467][ T5783] loop1: detected capacity change from 0 to 40427
[  176.616997][ T5771] NILFS (loop3): error -4 creating segctord thread
[  176.647450][ T5317] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  176.772168][ T5795] netlink: 32 bytes leftover after parsing attributes in process `syz.3.429'.
[  176.924984][ T5793] loop0: detected capacity change from 0 to 4096
[  177.120583][ T5317] usb 3-1: config 0 has too many interfaces: 129, using maximum allowed: 32
[  177.129416][ T5317] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 129
[  177.788273][ T5317] usb 3-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e
[  177.797666][ T5317] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.820431][ T5317] usb 3-1: Product: syz
[  177.831406][ T5317] usb 3-1: Manufacturer: syz
[  177.844056][ T5317] usb 3-1: SerialNumber: syz
[  177.865831][ T5317] usb 3-1: config 0 descriptor??
[  178.348927][ T5800] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  178.911270][ T5317] mos7840 3-1:0.0: required endpoints missing
[  178.990667][ T5317] usb 3-1: USB disconnect, device number 6
[  179.047809][ T4499] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  179.581266][ T4499] usb 1-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  179.590992][ T4499] usb 1-1: New USB device strings: Mfr=14, Product=0, SerialNumber=0
[  179.613089][ T4499] usb 1-1: Manufacturer: syz
[  179.642970][ T4499] usb 1-1: config 0 descriptor??
[  179.689185][ T4499] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[  179.698335][ T4499] usb 1-1: Detected FT-X
[  180.050864][ T5807] netlink: 'syz.3.433': attribute type 10 has an invalid length.
[  180.096466][ T5807] netlink: 40 bytes leftover after parsing attributes in process `syz.3.433'.
[  180.121594][ T5807] device team0 entered promiscuous mode
[  180.127198][ T5807] device team_slave_0 entered promiscuous mode
[  180.172124][ T5807] device team_slave_1 entered promiscuous mode
[  180.202132][ T5804] loop0: detected capacity change from 0 to 256
[  180.208386][ T5807] bridge0: port 3(team0) entered blocking state
[  180.236692][ T5807] bridge0: port 3(team0) entered disabled state
[  180.249669][ T5807] bridge0: port 3(team0) entered blocking state
[  180.256187][ T5807] bridge0: port 3(team0) entered forwarding state
[  180.398805][ T5817] IPVS: fo: FWM 3 0x00000003 - no destination available
[  181.765023][ T5827] netlink: 32 bytes leftover after parsing attributes in process `syz.2.440'.
[  182.818722][ T5829] ODEBUG: Out of memory. ODEBUG disabled
[  183.043767][ T5823] loop3: detected capacity change from 0 to 32768
[  183.235421][ T5836] loop4: detected capacity change from 0 to 131072
[  183.738916][ T4499] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  183.780255][ T4499] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  183.815444][ T4499] ftdi_sio 1-1:0.0: GPIO initialisation failed: -71
[  183.830324][ T4499] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  183.876202][ T4499] usb 1-1: USB disconnect, device number 10
[  183.893896][ T4499] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  183.927144][ T4499] ftdi_sio 1-1:0.0: device disconnected
[  184.441768][ T5841] loop2: detected capacity change from 0 to 32768
[  184.646126][ T5836] F2FS-fs (loop4): Invalid log sectorsize (67108873)
[  184.653326][ T5836] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  184.670773][ T5836] F2FS-fs (loop4): Unrecognized mount option "" or missing value
[  186.101551][ T1111] Bluetooth: hci3: command 0x0406 tx timeout
[  186.107652][ T1111] Bluetooth: hci1: command 0x0406 tx timeout
[  186.123952][ T1111] Bluetooth: hci2: command 0x0406 tx timeout
[  186.143002][ T1111] Bluetooth: hci0: command 0x0406 tx timeout
[  186.288668][ T5843] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  186.354277][ T5843] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  186.629962][ T5847] loop0: detected capacity change from 0 to 8192
[  186.984676][ T5841] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.446 (5841)
[  187.977485][ T5847] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  188.006153][ T5847] REISERFS (device loop0): using ordered data mode
[  188.016890][ T5847] reiserfs: using flush barriers
[  188.030708][ T5862] netlink: 32 bytes leftover after parsing attributes in process `syz.3.453'.
[  188.086245][ T5847] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  188.143589][ T5847] REISERFS (device loop0): checking transaction log (loop0)
[  188.294856][ T5847] REISERFS (device loop0): Using rupasov hash to sort names
[  188.310416][ T5847] REISERFS (device loop0): using 3.5.x disk format
[  188.342189][ T5847] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP
[  188.410950][ T5847] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP
[  188.490216][ T5847] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP
[  188.546714][ T5847] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 UNKNOWN] (nlink == 1) not found (pos 2)
[  188.610385][ T5866] binder: BINDER_SET_CONTEXT_MGR already set
[  188.616930][ T5866] binder: 5863:5866 ioctl 4018620d 200000004a80 returned -16
[  189.108751][ T5830] Set syz1 is full, maxelem 65536 reached
[  189.229998][ T5847] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  189.317743][ T5868] loop1: detected capacity change from 0 to 256
[  189.674734][ T5872] netlink: 'syz.4.448': attribute type 10 has an invalid length.
[  189.692908][ T5872] netlink: 40 bytes leftover after parsing attributes in process `syz.4.448'.
[  189.756155][ T5872] device team0 entered promiscuous mode
[  189.771830][ T5872] bridge0: port 1(team0) entered blocking state
[  189.816012][ T5872] bridge0: port 1(team0) entered disabled state
[  190.164614][ T5870] loop3: detected capacity change from 0 to 32768
[  190.730863][ T5841] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  190.739894][ T5841] BTRFS info (device loop2): setting nodatasum
[  190.767378][ T5841] BTRFS info (device loop2): force zlib compression, level 3
[  190.776368][ T5841] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_LZO (0x8)
[  190.810131][ T5841] BTRFS info (device loop2): use lzo compression, level 0
[  190.830284][ T5841] BTRFS info (device loop2): turning on flush-on-commit
[  190.837401][ T5841] BTRFS info (device loop2): enabling auto defrag
[  190.861629][ T5841] BTRFS info (device loop2): max_inline at 4096
[  190.868270][ T5841] BTRFS info (device loop2): using free space tree
[  190.900075][ T5841] BTRFS info (device loop2): has skinny extents
[  191.248616][ T5868] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  191.438633][ T5896] netlink: 12 bytes leftover after parsing attributes in process `syz.0.460'.
[  191.473346][ T5896] x_tables: duplicate underflow at hook 4
[  191.516187][ T5896] loop0: detected capacity change from 0 to 1024
[  193.662535][ T5841] BTRFS error (device loop2): open_ctree failed: -12
[  194.079008][ T5896] hfsplus: unable to change nls mapping
[  194.090127][ T5896] hfsplus: unable to parse mount options
[  194.120732][ T4499] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  194.257834][ T1432] ieee802154 phy0 wpan0: encryption failed: -22
[  194.264219][ T1432] ieee802154 phy1 wpan1: encryption failed: -22
[  194.272452][ T5870] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.456 (5870)
[  194.465394][ T5914] loop1: detected capacity change from 0 to 4096
[  194.468363][ T4499] usb 5-1: Using ep0 maxpacket: 32
[  194.750920][ T4499] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x8C has invalid maxpacket 1536, setting to 1024
[  194.762503][ T4499] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 1024
[  194.979699][ T4499] usb 5-1: New USB device found, idVendor=1430, idProduct=474b, bcdDevice= 0.40
[  195.021369][ T4499] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.040599][ T4499] usb 5-1: Product: syz
[  195.044889][ T4499] usb 5-1: Manufacturer: syz
[  195.067296][ T4499] usb 5-1: SerialNumber: syz
[  195.112849][ T5905] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  195.373468][ T5916] netlink: 32 bytes leftover after parsing attributes in process `syz.2.465'.
[  195.755125][ T4499] usb 5-1: MIDIStreaming interface descriptor not found
[  195.874095][ T5921] binder: BINDER_SET_CONTEXT_MGR already set
[  195.880251][ T5921] binder: 5918:5921 ioctl 4018620d 200000004a80 returned -16
[  196.524102][ T5922] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  196.532936][ T4499] usb 5-1: USB disconnect, device number 6
[  196.602467][ T5870] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  196.615823][ T5870] BTRFS info (device loop3): setting nodatasum
[  196.640071][ T5870] BTRFS info (device loop3): force zlib compression, level 3
[  196.647826][ T5870] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8)
[  196.699844][ T5870] BTRFS info (device loop3): use lzo compression, level 0
[  196.707153][ T5870] BTRFS info (device loop3): turning on flush-on-commit
[  196.722628][ T5870] BTRFS info (device loop3): enabling auto defrag
[  196.740240][ T5870] BTRFS info (device loop3): max_inline at 4096
[  196.768954][ T5870] BTRFS info (device loop3): using free space tree
[  196.782113][ T5870] BTRFS info (device loop3): has skinny extents
[  197.106420][ T4499] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  197.548187][ T5926] loop2: detected capacity change from 0 to 32768
[  197.617380][ T4499] usb 5-1: unable to get BOS descriptor or descriptor too short
[  197.690205][ T4499] usb 5-1: not running at top speed; connect to a high speed hub
[  197.698275][ T4499] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  197.854056][ T4499] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  197.870064][ T4499] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  197.978519][ T4499] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  198.020089][ T4499] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  198.187105][ T4499] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  198.205010][ T4499] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  198.358718][ T4499] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  198.379415][ T4499] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  198.430200][ T5870] BTRFS error (device loop3): open_ctree failed: -12
[  198.501223][ T4499] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  198.527675][ T4499] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  198.650917][ T4499] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  198.661319][ T4499] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  198.791450][ T4499] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  198.801970][ T4499] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  198.911657][ T4499] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  198.922115][ T4499] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  199.024545][ T5926] resize option for remount only
[  199.208889][ T4499] usb 5-1: string descriptor 0 read error: -22
[  199.217569][ T4499] usb 5-1: New USB device found, idVendor=04d8, idProduct=0000, bcdDevice= 0.00
[  199.239213][ T4499] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.575394][ T4584] usb 5-1: USB disconnect, device number 7
[  200.569657][ T4228] hid-generic 0005:9C43:0006.0001: item fetching failed at offset 0/3
[  201.042091][ T4228] hid-generic: probe of 0005:9C43:0006.0001 failed with error -22
[  201.100811][ T5964] netlink: 32 bytes leftover after parsing attributes in process `syz.1.477'.
[  201.400598][ T5976] Illegal XDP return value 4294967294, expect packet loss!
[  201.697359][ T5982] binder: BINDER_SET_CONTEXT_MGR already set
[  201.703653][ T5982] binder: 5973:5982 ioctl 4018620d 200000004a80 returned -16
[  202.284303][ T5986] loop3: detected capacity change from 0 to 16
[  202.607074][ T5990] loop1: detected capacity change from 0 to 4096
[  203.590916][ T5986] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  203.614335][ T5995] loop4: detected capacity change from 0 to 32768
[  204.271016][ T5997] netlink: 'syz.2.476': attribute type 10 has an invalid length.
[  204.316047][ T5997] netlink: 40 bytes leftover after parsing attributes in process `syz.2.476'.
[  204.610667][ T5946] Set syz1 is full, maxelem 65536 reached
[  204.643390][ T6002] netlink: 8 bytes leftover after parsing attributes in process `syz.2.488'.
[  205.060324][ T6008] loop0: detected capacity change from 0 to 4096
[  205.424814][ T5995] JBD2: Ignoring recovery information on journal
[  205.598159][ T5995] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  205.814562][ T4197] ocfs2: Unmounting device (7,4) on (node local)
[  206.120358][ T6008] NILFS (loop0): unrecognized mount option ""
[  206.572653][ T6012] netlink: 32 bytes leftover after parsing attributes in process `syz.3.490'.
[  206.672552][ T5990] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[  207.615218][ T6002] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  208.070716][ T6027] netlink: 'syz.2.497': attribute type 10 has an invalid length.
[  208.078601][ T6027] netlink: 40 bytes leftover after parsing attributes in process `syz.2.497'.
[  208.809354][ T6025] loop3: detected capacity change from 0 to 32768
[  209.160206][ T6037] netlink: 4768 bytes leftover after parsing attributes in process `syz.4.502'.
[  209.214323][ T6031] loop2: detected capacity change from 0 to 32768
[  209.305281][ T6039] hsr0: VLAN not yet supported
[  209.420115][ T6041] binder: 6040:6041 ioctl c0306201 2000000003c0 returned -14
[  209.561545][ T6045] netlink: 4 bytes leftover after parsing attributes in process `syz.4.505'.
[  209.814905][ T6050] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  209.867212][ T6050] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  210.035839][ T6054] loop1: detected capacity change from 0 to 128
[  210.646502][ T6025] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop3 scanned by syz.3.496 (6025)
[  211.028911][ T4584] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  211.058893][ T6031] xfs: Unknown parameter 'nobarrier'
[  211.322236][ T1111] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  211.373810][ T4584] usb 1-1: Using ep0 maxpacket: 8
[  211.552897][ T4584] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[  211.561218][ T4584] usb 1-1: config 0 has no interface number 0
[  211.574222][ T4584] usb 1-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping
[  211.598291][ T4584] usb 1-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping
[  211.630179][ T4584] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  211.639574][ T1111] usb 5-1: Using ep0 maxpacket: 8
[  211.662811][ T4584] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  211.705420][ T4584] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.727460][ T4584] usb 1-1: config 0 descriptor??
[  211.789096][ T4584] ldusb 1-1:0.55: Interrupt in endpoint not found
[  211.798648][ T1111] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  211.838600][ T1111] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  211.884281][ T1111] usb 5-1: config 0 interface 0 has no altsetting 0
[  211.892424][ T1111] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  211.929738][ T1111] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.962381][ T1111] usb 5-1: config 0 descriptor??
[  212.022423][ T4584] usb 1-1: USB disconnect, device number 11
[  212.152297][ T6025] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  212.161225][ T6025] BTRFS info (device loop3): setting nodatacow, compression disabled
[  212.188566][ T6025] BTRFS info (device loop3): turning on flush-on-commit
[  212.225517][ T6025] BTRFS info (device loop3): using free space tree
[  212.245887][ T6025] BTRFS info (device loop3): has skinny extents
[  212.491876][ T1111] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0
[  212.501844][ T1111] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0
[  212.508936][ T1111] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0
[  212.556050][ T1111] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0
[  212.590087][ T1111] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0
[  212.609109][ T1111] mcp2221 0003:04D8:00DD.0002: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[  212.772872][ T6096] netlink: 16 bytes leftover after parsing attributes in process `syz.0.521'.
[  212.856964][ T6096] device gtp0 entered promiscuous mode
[  212.913677][ T1111] usb 5-1: USB disconnect, device number 8
[  213.886339][ T6123] 0xfffffffffffffffd-0x00000001fffd : ""
[  213.913350][ T6123] mtd: partition "" is out of reach -- disabled
[  213.962333][ T6123] ftl_cs: FTL header not found.
[  214.293733][ T6134] 9pnet_virtio: no channels available for device syz
[  214.315058][ T6134] overlayfs: missing 'workdir'
[  214.541544][ T6138] tmpfs: Unknown parameter 'usrquota'
[  214.560484][ T6025] BTRFS error (device loop3): open_ctree failed: -12
[  214.891006][ T6142] kvm [6141]: vcpu0, guest rIP: 0x18e ignored wrmsr: 0x11e data 0xc880
[  214.926119][ T6142] kvm [6141]: vcpu0, guest rIP: 0x1b8 ignored wrmsr: 0x11e data 0xbe702111
[  214.949863][ T6142] kvm [6141]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x187 data 0xa088
[  215.011467][ T6142] kvm [6141]: vcpu0, guest rIP: 0x18e ignored wrmsr: 0x11e data 0xd1a8
[  215.024442][ T6142] kvm [6141]: vcpu0, guest rIP: 0x1b8 ignored wrmsr: 0x11e data 0xbe702111
[  215.240751][ T4321] nci: nci_rsp_packet: unknown rsp opcode 0x3f
[  216.114467][ T6161] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  216.170061][ T6161] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  217.064665][ T6177] sctp: failed to load transform for md5: -4
[  217.336777][ T4584] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[  217.895346][ T4584] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid maxpacket 64989, setting to 64
[  217.920111][ T4584] usb 2-1: config 0 interface 0 has no altsetting 0
[  218.109189][ T6153] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  218.205972][ T4584] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  218.234791][ T4584] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  218.295117][ T4584] usb 2-1: Product: syz
[  218.299338][ T4584] usb 2-1: Manufacturer: syz
[  218.326718][ T4584] usb 2-1: SerialNumber: syz
[  218.354038][ T4584] usb 2-1: config 0 descriptor??
[  218.422433][ T4584] usb 2-1: selecting invalid altsetting 0
[  218.784729][ T6186] usb 2-1: selecting invalid altsetting 0
[  218.833315][ T4225] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  218.842701][ T6186] usb 2-1: 0:0: usb_set_interface failed (-22)
[  218.880143][ T6186] usb 2-1: selecting invalid altsetting 0
[  218.896273][ T6186] usb 2-1: 0:0: usb_set_interface failed (-22)
[  218.935212][ T6186] usb 2-1: selecting invalid altsetting 0
[  218.979642][ T6186] usb 2-1: 0:0: usb_set_interface failed (-22)
[  218.997618][ T6217] 9pnet_virtio: no channels available for device syz
[  219.040220][ T4584] usb 2-1: USB disconnect, device number 9
[  219.268756][ T4225] usb 1-1: Using ep0 maxpacket: 8
[  219.491337][ T4225] usb 1-1: config index 0 descriptor too short (expected 74, got 45)
[  219.499611][ T4225] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[  219.557786][ T4225] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  219.624379][ T6233] udevd[6233]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  219.666460][ T4225] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[  219.770745][ T4225] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  219.870882][ T4225] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  219.984787][ T4225] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  220.040060][ T4225] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.430502][ T4225] usb 1-1: usb_control_msg returned -32
[  220.468256][ T4225] usbtmc 1-1:16.0: can't read capabilities
[  220.804014][ T4178] udevd[4178]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  220.889880][ T6262] block device autoloading is deprecated and will be removed.
[  221.474926][ T6271] kvm: pic: level sensitive irq not supported
[  221.484867][ T6271] kvm: pic: level sensitive irq not supported
[  221.516348][ T6271] kvm: pic: single mode not supported
[  221.572081][ T6271] kvm: pic: single mode not supported
[  221.604382][ T6271] kvm: pic: level sensitive irq not supported
[  221.632277][ T6271] kvm: pic: single mode not supported
[  221.638555][ T6271] kvm: pic: level sensitive irq not supported
[  221.691329][ T6271] kvm: pic: single mode not supported
[  221.716633][ T6271] kvm: pic: single mode not supported
[  221.773585][ T6271] kvm: pic: level sensitive irq not supported
[  221.825365][ T6271] kvm: pic: single mode not supported
[  221.840852][ T6271] kvm: pic: level sensitive irq not supported
[  221.868123][ T4225] usb 1-1: USB disconnect, device number 12
[  221.908682][ T6271] kvm: pic: single mode not supported
[  221.908703][ T6271] kvm: pic: level sensitive irq not supported
[  221.915397][ T6271] kvm: pic: single mode not supported
[  221.939339][ T6271] kvm: pic: single mode not supported
[  222.019159][ T6271] kvm: pic: level sensitive irq not supported
[  222.076129][ T6271] kvm: pic: level sensitive irq not supported
[  222.116467][ T6271] kvm: pic: single mode not supported
[  222.122662][ T6271] kvm: pic: level sensitive irq not supported
[  223.201250][ T4191] Bluetooth: hci2: hcon ffff8880743b2000 sent 1 < count 2
[  223.217857][ T4191] Bluetooth: hci2: hcon ffff8880743b2000 sent 0 < count 13
[  223.225673][ T4191] Bluetooth: hci2: hcon ffff888076c8e000 sent 1 < count 9
[  223.233321][ T4191] Bluetooth: hci2: hcon ffff8880743b2000 sent 0 < count 9
[  223.240745][ T4191] Bluetooth: hci2: hcon ffff8880743b2000 sent 0 < count 121
[  223.248208][ T4191] Bluetooth: hci2: hcon ffff888076c8e000 sent 0 < count 2824
[  223.278710][   T26] audit: type=1326 audit(1775298449.506:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6285 comm="syz.1.577" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faaeb63f819 code=0x0
[  223.448591][ T6326] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  223.903619][   T26] audit: type=1326 audit(1775298450.146:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6332 comm="syz.1.587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaeb63f819 code=0x7ffc0000
[  223.962884][   T26] audit: type=1326 audit(1775298450.166:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6332 comm="syz.1.587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaeb63f819 code=0x7ffc0000
[  224.027215][   T26] audit: type=1326 audit(1775298450.166:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6332 comm="syz.1.587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaeb63f819 code=0x7ffc0000
[  224.145452][   T26] audit: type=1326 audit(1775298450.166:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6332 comm="syz.1.587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaeb63f819 code=0x7ffc0000
[  224.280098][   T26] audit: type=1326 audit(1775298450.166:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6332 comm="syz.1.587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7faaeb63f819 code=0x7ffc0000
[  224.392952][   T26] audit: type=1326 audit(1775298450.166:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6332 comm="syz.1.587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaeb63f819 code=0x7ffc0000
[  224.439173][ T6350] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  224.462872][   T26] audit: type=1326 audit(1775298450.166:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6332 comm="syz.1.587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaeb63f819 code=0x7ffc0000
[  224.524498][   T26] audit: type=1326 audit(1775298450.166:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6332 comm="syz.1.587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaeb63f819 code=0x7ffc0000
[  224.613433][   T26] audit: type=1326 audit(1775298450.166:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6332 comm="syz.1.587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faaeb63f819 code=0x7ffc0000
[  225.581762][ T6378] 
[  225.584185][ T6378] =============================
[  225.613283][ T6378] WARNING: suspicious RCU usage
[  225.653505][ T6378] syzkaller #0 Not tainted
[  225.665177][ T6378] -----------------------------
[  225.686095][ T6378] include/linux/rhashtable.h:594 suspicious rcu_dereference_check() usage!
[  225.722749][ T6378] 
[  225.722749][ T6378] other info that might help us debug this:
[  225.722749][ T6378] 
[  225.790117][ T6378] 
[  225.790117][ T6378] rcu_scheduler_active = 2, debug_locks = 1
[  225.835843][ T6378] 1 lock held by syz.0.602/6378:
[  225.852023][ T6378]  #0: ffffffff8d43cb48 (rtnl_mutex){+.+.}-{3:3}, at: ip_mroute_setsockopt+0x136/0x1250
[  225.896140][ T6378] 
[  225.896140][ T6378] stack backtrace:
[  225.922736][ T6378] CPU: 0 PID: 6378 Comm: syz.0.602 Not tainted syzkaller #0
[  225.930081][ T6378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  225.940297][ T6378] Call Trace:
[  225.943617][ T6378]  <TASK>
[  225.946568][ T6378]  dump_stack_lvl+0x188/0x250
[  225.951367][ T6378]  ? load_image+0x400/0x400
[  225.955995][ T6378]  ? show_regs_print_info+0x20/0x20
[  225.961327][ T6378]  ? lockdep_rcu_suspicious+0x110/0x180
[  225.967017][ T6378]  ? local_bh_enable+0x20/0x20
[  225.971812][ T6378]  rhltable_lookup+0x7a9/0x7c0
[  225.976704][ T6378]  ? local_bh_enable+0x20/0x20
[  225.981506][ T6378]  ? mr_mfc_find_parent+0x190/0x190
[  225.986730][ T6378]  ? mark_lock+0x94/0x320
[  225.991082][ T6378]  ? local_bh_enable+0x20/0x20
[  225.995955][ T6378]  ? mark_lock+0x94/0x320
[  226.000406][ T6378]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  226.006455][ T6378]  ? lock_chain_count+0x20/0x20
[  226.011419][ T6378]  mr_mfc_find_any_parent+0xb6/0x1e0
[  226.016913][ T6378]  ? local_bh_enable+0x20/0x20
[  226.021708][ T6378]  ip_mr_forward+0x24c/0xf90
[  226.026413][ T6378]  ipmr_mfc_add+0x23cc/0x2d40
[  226.031135][ T6378]  ? ipmr_mfc_delete+0x5f0/0x5f0
[  226.036098][ T6378]  ? __lock_acquire+0x7d10/0x7d10
[  226.041282][ T6378]  ip_mroute_setsockopt+0xeaf/0x1250
[  226.046613][ T6378]  ? ipmr_rule_default+0x70/0x70
[  226.051686][ T6378]  ? __might_sleep+0xf0/0xf0
[  226.056501][ T6378]  ip_setsockopt+0x568/0x3130
[  226.061227][ T6378]  ? ipv4_pktinfo_prepare+0x6f0/0x6f0
[  226.066626][ T6378]  ? aa_sk_perm+0x7dc/0x910
[  226.071162][ T6378]  ? aa_af_perm+0x340/0x340
[  226.075686][ T6378]  ? __fget_files+0x40f/0x480
[  226.080390][ T6378]  ? aa_sock_opt_perm+0x74/0x100
[  226.085408][ T6378]  ? sock_common_setsockopt+0x32/0xb0
[  226.090801][ T6378]  ? raw_setsockopt+0xc5/0x180
[  226.095604][ T6378]  ? sock_common_recvmsg+0x1c0/0x1c0
[  226.100983][ T6378]  __sys_setsockopt+0x2bf/0x3d0
[  226.106020][ T6378]  __x64_sys_setsockopt+0xb1/0xc0
[  226.111048][ T6378]  do_syscall_64+0x4c/0xa0
[  226.115552][ T6378]  ? clear_bhb_loop+0x30/0x80
[  226.120315][ T6378]  ? clear_bhb_loop+0x30/0x80
[  226.125099][ T6378]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  226.131008][ T6378] RIP: 0033:0x7f0e31571819
[  226.135536][ T6378] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  226.155327][ T6378] RSP: 002b:00007f0e2f7cb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  226.163952][ T6378] RAX: ffffffffffffffda RBX: 00007f0e317eafa0 RCX: 00007f0e31571819
[  226.172017][ T6378] RDX: 00000000000000d2 RSI: 0000000000000000 RDI: 0000000000000005
[  226.180520][ T6378] RBP: 00007f0e31607c91 R08: 000000000000003c R09: 0000000000000000
[  226.188774][ T6378] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000000
[  226.196752][ T6378] R13: 00007f0e317eb038 R14: 00007f0e317eafa0 R15: 00007fff0bc10c58
[  226.204825][ T6378]  </TASK>
[  226.208025][    C0] vkms_vblank_simulate: vblank timer overrun
[  226.311130][ T6378] 
[  226.318885][ T6378] =============================
[  226.327291][ T6378] WARNING: suspicious RCU usage
[  226.357721][ T6378] syzkaller #0 Not tainted
[  226.370786][ T6378] -----------------------------
[  226.398622][ T6378] include/linux/rhashtable.h:369 suspicious rcu_dereference_check() usage!
[  226.729041][ T6378] 
[  226.729041][ T6378] other info that might help us debug this:
[  226.729041][ T6378] 
[  226.743951][ T6378] 
[  226.743951][ T6378] rcu_scheduler_active = 2, debug_locks = 1
[  226.787320][ T6378] 1 lock held by syz.0.602/6378:
[  226.816664][ T6378]  #0: ffffffff8d43cb48 (rtnl_mutex){+.+.}-{3:3}, at: ip_mroute_setsockopt+0x136/0x1250
[  226.844715][ T6378] 
[  226.844715][ T6378] stack backtrace:
[  226.905865][ T6378] CPU: 1 PID: 6378 Comm: syz.0.602 Not tainted syzkaller #0
[  226.913329][ T6378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  226.923416][ T6378] Call Trace:
[  226.926723][ T6378]  <TASK>
[  226.929780][ T6378]  dump_stack_lvl+0x188/0x250
[  226.934489][ T6378]  ? load_image+0x400/0x400
[  226.939028][ T6378]  ? show_regs_print_info+0x20/0x20
[  226.944273][ T6378]  ? lockdep_rcu_suspicious+0x110/0x180
[  226.949846][ T6378]  ? local_bh_enable+0x20/0x20
[  226.954643][ T6378]  rhltable_lookup+0x52a/0x7c0
[  226.959459][ T6378]  ? local_bh_enable+0x20/0x20
[  226.964317][ T6378]  ? mr_mfc_find_parent+0x190/0x190
[  226.969563][ T6378]  ? mark_lock+0x94/0x320
[  226.973921][ T6378]  ? local_bh_enable+0x20/0x20
[  226.978719][ T6378]  ? mark_lock+0x94/0x320
[  226.983078][ T6378]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  226.989187][ T6378]  ? lock_chain_count+0x20/0x20
[  226.994096][ T6378]  mr_mfc_find_any_parent+0xb6/0x1e0
[  226.999419][ T6378]  ? local_bh_enable+0x20/0x20
[  227.004216][ T6378]  ip_mr_forward+0x24c/0xf90
[  227.008856][ T6378]  ipmr_mfc_add+0x23cc/0x2d40
[  227.013582][ T6378]  ? ipmr_mfc_delete+0x5f0/0x5f0
[  227.018558][ T6378]  ? __lock_acquire+0x7d10/0x7d10
[  227.023641][ T6378]  ip_mroute_setsockopt+0xeaf/0x1250
[  227.028963][ T6378]  ? ipmr_rule_default+0x70/0x70
[  227.033945][ T6378]  ? __might_sleep+0xf0/0xf0
[  227.038562][ T6378]  ip_setsockopt+0x568/0x3130
[  227.043266][ T6378]  ? ipv4_pktinfo_prepare+0x6f0/0x6f0
[  227.048675][ T6378]  ? aa_sk_perm+0x7dc/0x910
[  227.053297][ T6378]  ? aa_af_perm+0x340/0x340
[  227.057817][ T6378]  ? __fget_files+0x40f/0x480
[  227.062608][ T6378]  ? aa_sock_opt_perm+0x74/0x100
[  227.067582][ T6378]  ? sock_common_setsockopt+0x32/0xb0
[  227.073082][ T6378]  ? raw_setsockopt+0xc5/0x180
[  227.077869][ T6378]  ? sock_common_recvmsg+0x1c0/0x1c0
[  227.083416][ T6378]  __sys_setsockopt+0x2bf/0x3d0
[  227.088476][ T6378]  __x64_sys_setsockopt+0xb1/0xc0
[  227.093559][ T6378]  do_syscall_64+0x4c/0xa0
[  227.098108][ T6378]  ? clear_bhb_loop+0x30/0x80
[  227.102807][ T6378]  ? clear_bhb_loop+0x30/0x80
[  227.107506][ T6378]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  227.113535][ T6378] RIP: 0033:0x7f0e31571819
[  227.117999][ T6378] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  227.137997][ T6378] RSP: 002b:00007f0e2f7cb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  227.146546][ T6378] RAX: ffffffffffffffda RBX: 00007f0e317eafa0 RCX: 00007f0e31571819
[  227.154603][ T6378] RDX: 00000000000000d2 RSI: 0000000000000000 RDI: 0000000000000005
[  227.162810][ T6378] RBP: 00007f0e31607c91 R08: 000000000000003c R09: 0000000000000000
[  227.170827][ T6378] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000000
[  227.179019][ T6378] R13: 00007f0e317eb038 R14: 00007f0e317eafa0 R15: 00007fff0bc10c58
[  227.187166][ T6378]  </TASK>
[  227.678394][ T6378] 
[  227.680811][ T6378] =============================
[  227.685704][ T6378] WARNING: suspicious RCU usage
[  227.691434][ T6378] syzkaller #0 Not tainted
[  227.701827][ T6378] -----------------------------
[  227.712783][ T6378] include/linux/rhashtable.h:614 suspicious rcu_dereference_check() usage!
[  227.740330][ T6378] 
[  227.740330][ T6378] other info that might help us debug this:
[  227.740330][ T6378] 
[  227.762670][ T6378] 
[  227.762670][ T6378] rcu_scheduler_active = 2, debug_locks = 1
[  227.794525][ T6378] 1 lock held by syz.0.602/6378:
[  227.805889][ T6378]  #0: ffffffff8d43cb48 (rtnl_mutex){+.+.}-{3:3}, at: ip_mroute_setsockopt+0x136/0x1250
[  227.834773][ T6378] 
[  227.834773][ T6378] stack backtrace:
[  227.847473][ T6378] CPU: 0 PID: 6378 Comm: syz.0.602 Not tainted syzkaller #0
[  227.854798][ T6378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  227.864872][ T6378] Call Trace:
[  227.868167][ T6378]  <TASK>
[  227.871116][ T6378]  dump_stack_lvl+0x188/0x250
[  227.875834][ T6378]  ? load_image+0x400/0x400
[  227.880356][ T6378]  ? show_regs_print_info+0x20/0x20
[  227.885591][ T6378]  ? lockdep_rcu_suspicious+0x110/0x180
[  227.891166][ T6378]  ? local_bh_enable+0x20/0x20
[  227.896058][ T6378]  rhltable_lookup+0x61e/0x7c0
[  227.900867][ T6378]  ? local_bh_enable+0x20/0x20
[  227.905660][ T6378]  ? mr_mfc_find_parent+0x190/0x190
[  227.910881][ T6378]  ? mark_lock+0x94/0x320
[  227.915408][ T6378]  ? local_bh_enable+0x20/0x20
[  227.920193][ T6378]  ? mark_lock+0x94/0x320
[  227.924628][ T6378]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  227.930994][ T6378]  ? lock_chain_count+0x20/0x20
[  227.935867][ T6378]  mr_mfc_find_any_parent+0xb6/0x1e0
[  227.941179][ T6378]  ? local_bh_enable+0x20/0x20
[  227.946150][ T6378]  ip_mr_forward+0x24c/0xf90
[  227.950863][ T6378]  ipmr_mfc_add+0x23cc/0x2d40
[  227.955571][ T6378]  ? ipmr_mfc_delete+0x5f0/0x5f0
[  227.960535][ T6378]  ? __lock_acquire+0x7d10/0x7d10
[  227.965702][ T6378]  ip_mroute_setsockopt+0xeaf/0x1250
[  227.971106][ T6378]  ? ipmr_rule_default+0x70/0x70
[  227.976191][ T6378]  ? __might_sleep+0xf0/0xf0
[  227.981002][ T6378]  ip_setsockopt+0x568/0x3130
[  227.985715][ T6378]  ? ipv4_pktinfo_prepare+0x6f0/0x6f0
[  227.991116][ T6378]  ? aa_sk_perm+0x7dc/0x910
[  227.995651][ T6378]  ? aa_af_perm+0x340/0x340
[  228.000167][ T6378]  ? __fget_files+0x40f/0x480
[  228.004879][ T6378]  ? aa_sock_opt_perm+0x74/0x100
[  228.009849][ T6378]  ? sock_common_setsockopt+0x32/0xb0
[  228.015333][ T6378]  ? raw_setsockopt+0xc5/0x180
[  228.020987][ T6378]  ? sock_common_recvmsg+0x1c0/0x1c0
[  228.026406][ T6378]  __sys_setsockopt+0x2bf/0x3d0
[  228.031294][ T6378]  __x64_sys_setsockopt+0xb1/0xc0
[  228.036345][ T6378]  do_syscall_64+0x4c/0xa0
[  228.040778][ T6378]  ? clear_bhb_loop+0x30/0x80
[  228.045478][ T6378]  ? clear_bhb_loop+0x30/0x80
[  228.050184][ T6378]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  228.056096][ T6378] RIP: 0033:0x7f0e31571819
[  228.060556][ T6378] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  228.080284][ T6378] RSP: 002b:00007f0e2f7cb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  228.088729][ T6378] RAX: ffffffffffffffda RBX: 00007f0e317eafa0 RCX: 00007f0e31571819
[  228.096814][ T6378] RDX: 00000000000000d2 RSI: 0000000000000000 RDI: 0000000000000005
[  228.104983][ T6378] RBP: 00007f0e31607c91 R08: 000000000000003c R09: 0000000000000000
[  228.113009][ T6378] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000000
[  228.121611][ T6378] R13: 00007f0e317eb038 R14: 00007f0e317eafa0 R15: 00007fff0bc10c58
[  228.129803][ T6378]  </TASK>
[  228.132948][    C0] vkms_vblank_simulate: vblank timer overrun