last executing test programs:

7m2.257197617s ago: executing program 3 (id=2274):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x6)
r1 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001080)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'syzkaller0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040000}, 0x100)

7m2.180231537s ago: executing program 3 (id=2276):
r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=ANY=[], 0xc4}}, 0x0)
sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r0, @ANYBLOB="0100000000000000000011"], 0x14}}, 0x0)

7m2.023193359s ago: executing program 3 (id=2277):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000000, 0x0, 0x20, 0x0, 0x20000000, 0x2004c9, 0x7000, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x4000000000000004, 0x2], 0xffff1000})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000100)={0x0, &(0x7f00000002c0)=ANY=[], 0x29})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"])
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000001c0)={[0xfffffffffffffffb, 0x6, 0x0, 0x4, 0x10003, 0x0, 0x400200cc4, 0x5, 0x7d, 0x0, 0x0, 0x0, 0x2, 0x1, 0xb9, 0x8d], 0xeeee8000, 0x2011c0})
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0xa10000, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000080)={0xdc})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

7m1.76250255s ago: executing program 3 (id=2283):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_GET_SE(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x4040001)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x109202)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file1\x00', 0x0, 0x824000, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000340)='\x00', 0x9801)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000080)='./file0/../file0/../file0/../file0\x00', &(0x7f00000000c0)='./file0\x00')

7m1.614813952s ago: executing program 3 (id=2287):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r1 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)={0x24, 0x14, 0x1, 0x70bd2b, 0x25dfdbfc, {0x10, 0x40}, [@INET_DIAG_REQ_BYTECODE={0xd, 0x1, "819e054727e720b0c3"}]}, 0x24}, 0x1, 0x0, 0x0, 0x20020000}, 0x40880)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x101840, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r3, 0x4b72, &(0x7f0000000100)={0x0, 0x0, 0x9, 0x10, 0x200, &(0x7f0000000180)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000000000000000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413fcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949e496f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff4175b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a2b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6d07002ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7963e43b7f9c03bebfb889c02f484f63520cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"})
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
close(0x3)
recvmmsg(r0, &(0x7f0000000240)=[{{&(0x7f0000000040)=@isdn, 0x80, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/37, 0x25}], 0x1, &(0x7f0000000140)=""/193, 0xc1}, 0x9}], 0x1, 0x2020, &(0x7f0000000280)={0x0, 0x3938700})
bind$802154_raw(r0, &(0x7f0000000000)={0x24, @long={0x3, 0x2, {0xaaaaaaaaaaaa0002}}}, 0x14)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000640)={{0x1, 0x1, 0x18, <r5=>r4, {0x9}}, './file0\x00'})
r6 = syz_genetlink_get_family_id$wireguard(&(0x7f00000006c0), r2)
sendmsg$WG_CMD_GET_DEVICE(r5, &(0x7f0000000880)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000840)={&(0x7f0000000700)={0x114, r6, 0x9fe85027416f3785, 0x70bd25, 0x25dfdbfc, {}, [@WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @b}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x8}, @WGDEVICE_A_FLAGS={0x8}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a}, @WGDEVICE_A_PEERS={0x44, 0x8, 0x0, 0x1, [{0x40, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "78e3aeb73dc70f71ff4647d909f7a0a1efaa5d5bce8eeb066a5a99bb58cce167"}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x7}]}]}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a}]}, 0x114}, 0x1, 0x0, 0x0, 0x41}, 0x40)
listen(r0, 0x5)
r7 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TCSETA(r7, 0x8924, &(0x7f0000000100)={0x0, 0x0, 0x4, 0x0, 0x2, "4feda26323b172e0"})
readv(r7, &(0x7f0000000a40)=[{&(0x7f0000000900)=""/153, 0x99}, {&(0x7f00000009c0)=""/106, 0x6a}], 0x2)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r8, 0x0)
accept(r4, &(0x7f0000000580)=@nfc_llcp, &(0x7f0000000600)=0x80)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$SIOCSIFHWADDR(r8, 0x8924, &(0x7f00000008c0)={'vlan1\x00', @local})
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000300)={'wlan0\x00'})
sendmsg$NL80211_CMD_JOIN_MESH(r9, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x11)

7m0.118778826s ago: executing program 3 (id=2306):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
r0 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd)
quotactl_fd$Q_GETNEXTQUOTA(r0, 0xffffffff80000900, 0x0, 0x0)

6m59.845148519s ago: executing program 32 (id=2306):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
r0 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd)
quotactl_fd$Q_GETNEXTQUOTA(r0, 0xffffffff80000900, 0x0, 0x0)

5m53.513811049s ago: executing program 0 (id=3035):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000680)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01022bbd7000ffdbdf2507000000080001"], 0x3c}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000)

5m53.42868034s ago: executing program 0 (id=3038):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d3750820c80a2103be6f000000010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000540)={0x1c, &(0x7f0000000380)={0x40, 0xc}, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
write$P9_RCREATE(0xffffffffffffffff, 0x0, 0x0)

5m50.312678466s ago: executing program 0 (id=3066):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r0, &(0x7f0000002ec0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000d40)="a92b94d1e11830", 0x7}], 0x1}}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)='}', 0x1}], 0x1}}], 0x2, 0x400c0d4)
sendmsg$inet(r0, 0x0, 0x40)
shutdown(r0, 0x1)

5m50.158186566s ago: executing program 0 (id=3068):
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = dup(r1)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000040), 0x0)
sendmsg$inet6(r1, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x9, @loopback, 0x4}, 0x1c, &(0x7f0000000180)=[{&(0x7f00000004c0)="99", 0x1}], 0x1}, 0x4048043)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10)
shutdown(r2, 0x1)
close_range(r0, 0xffffffffffffffff, 0x0)

5m49.90922822s ago: executing program 0 (id=3071):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x800000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mkdir(&(0x7f0000000140)='./control\x00', 0x0)
chroot(&(0x7f00000001c0)='./file0/../file0/../file0\x00')
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)

5m48.952981148s ago: executing program 0 (id=3081):
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = dup(r1)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000040), 0x0)
sendmsg$inet6(r1, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x9, @loopback, 0x4}, 0x1c, &(0x7f0000000180)=[{&(0x7f00000004c0)="99", 0x1}], 0x1}, 0x4048043)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10)
shutdown(r2, 0x1)
close_range(r0, 0xffffffffffffffff, 0x0)

5m33.886268067s ago: executing program 33 (id=3081):
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = dup(r1)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000040), 0x0)
sendmsg$inet6(r1, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x9, @loopback, 0x4}, 0x1c, &(0x7f0000000180)=[{&(0x7f00000004c0)="99", 0x1}], 0x1}, 0x4048043)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10)
shutdown(r2, 0x1)
close_range(r0, 0xffffffffffffffff, 0x0)

2m39.535529333s ago: executing program 4 (id=4564):
creat(&(0x7f0000001380)='./file0\x00', 0x12c)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r0 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r0, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@cache_fscache}], [], 0x6b}})
umount2(&(0x7f0000000040)='./file0\x00', 0xa)

2m38.094591073s ago: executing program 4 (id=4571):
socket$inet6_tcp(0xa, 0x1, 0x0) (async, rerun: 64)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) (async, rerun: 64)
finit_module(0xffffffffffffffff, &(0x7f0000000300)='#\x00', 0x2)
fchmod(0xffffffffffffffff, 0x108) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async, rerun: 64)
r0 = socket$inet_smc(0x2b, 0x1, 0x0) (rerun: 64)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 64)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x1ff, 0x0) (rerun: 64)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) (async, rerun: 32)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (rerun: 32)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x27, 0x22, 0x0, &(0x7f0000000440)="f802040b0000001300007f53080002f916d9ec8ce12596d9f8e5d448f6e4b40b990a", 0x0, 0x401, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50) (async, rerun: 32)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000240)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x8000000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x94) (rerun: 32)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='ext4_ext_show_extent\x00', r3}, 0x18) (async)
socket$kcm(0x10, 0x2, 0x0) (async)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000"], 0x48) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r2, 0x0, 0xd}, 0x18)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x33, 0x0}, 0x0) (async, rerun: 32)
connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10) (rerun: 32)
close(r0)
syz_emit_vhci(&(0x7f0000000240)=ANY=[], 0x4d) (async)
recvmmsg(0xffffffffffffffff, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000440)=""/176, 0xb0}], 0x1}, 0x8}], 0x1, 0x2, 0x0) (async)
r5 = socket(0x11, 0xa, 0x0)
write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000)=@unlock_all, 0x7)
sendmsg$can_bcm(r5, &(0x7f0000000140)={&(0x7f0000000000), 0x10, &(0x7f0000000080)={0x0}, 0x8}, 0x0)

2m37.751660497s ago: executing program 4 (id=4572):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x100}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='contention_end\x00', r0}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x8932, 0x0)

2m35.076729547s ago: executing program 4 (id=4575):
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0xc82480, 0x2, 0x0, 0xd, 0x0, 0x0, 0x0, 0x10, 0x5}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r0, &(0x7f0000004200)="793ee8124cae238514b8c25ae999ed25fc14bf8b7b98a25a245fcba38072b1fedc29513a368f3753c8cd311777db79f9a772985bc9efa1243c41f1eeb4e1a07e2b57a390d4913acd4034182074ab783d616673714d72e8a273101c78ddc61411334318894a156cd2cc34f3f42052dd7e79c5c9c1ca3f59ee651bd294bf4d262b31cbe8f8f23a5504a804a083084d5519637e97e94880f549394676c0edec1af036823ea8c423a7792330b8491a5a4a01deb4660d6b420b1e394fb1cb9cde473f2000fe3c4acd591851c258cf231df8c46dd18cc78dbb72189af635ce08b35374c567aebce0303b716c9cacffb6f60e102f9172e0e1a91760c558b580a3c56b5682ade32ad42e7df55faa4e056f3568abf5dea4415018c211637c362ec3c40afa47a2960a2bb4b6936a83223898564e2667bbc1fb774199c99701a726073070c0e19f57a63f4a38d1b03a0c98f8fd20666abd5e66768182c4df12343bce3e617f62d29f2faa1d5fa831a0a582f4708b547aac5129985fa32b345a82aa89958370c1d331935b304a8ad2eeff24f520e667a37b7c0d8f93d35546b8300ec3dfebb32933938e32bfa54d563ef22bfeb6aa8f16765a3f4788e03477fe9236e3d5869335ec18058779c5e63ff5877369898fab14e58cd0608f6f4d423eb1bf09a6eff87d999fc9e7be28390d471acde8543d571246138da540956867a32f3bb1d2d91931dbcfb8ade5cc313dc54f64ad96b7ada7ff63ba1702576d2bc48a1c6cc4cec815e0b8aee9c31d5c5cb119952b8d321181c1a14793266df2cab56d161111caf86d4a7eafd42c2622a63862533d1ddbec5fdaa888d0a03240bb08476198ba789aa552d0ab149a07977da16d1ed4bc635d94225d1ac84c788407fd4425f5a56f687dcbe688b9d0b26cf86671f985028e2ae3592ffb82fd5587ccc3dcb406969e11be470b519eca6114895fd8a4b93b1c4d1a9ca4e0001a62185e72b6cff213c7ded22effa555b45aad686bf2b388c0530058feade244e0672b02128946c190b4c076fcde7e0bb6941852e2c2b90d5ebf53771583e749dc07627f840808ba034474da51eed8b04cbab8981fed4a96fbd4b7ce98e93afab9040581ee91eb42f5d5d8ada63cae87711aa82f8493ae3a64883b99a1a8466a5bdcb753927f22487f01f7782f7e8278ce98da8e76b5230d1f21fa89e02a5f59ec8ceb7b5bb90518a8745d9a43047cb74e9591ea0a0db79601656e784a9321c3d7ab6a14b3d030e3deb7aaff2a2c89cf7ee0e2072936dc7b43ccd6233fc75eca52994a6e9f8c7929f6c370c93aff6f46bbcf05c1d85cd5b126fc08cf1cad82d3218f4127be9aa6e21bba7f1fb9cc4ffe5fc293b903f5ab407d67418a24579704f9df8e08ea157c480b3115d48a9109138f6b391901367e66a7f7573bf20a6d12de0bdad082f08599f912e8860aa4b6a6ef2a5ea071af07be64925bea34913660918032b72b55d01f1d8e09a4e79d70b4bf9f43fa0862fa75d1a0eabe3a769d3df7bf5ce7e0449d54295c06d5396a8f049294e9ff6d60687786d7143e8cbd23c30e36ff7dbeb266f6e63952d65998d844251dcab1cac0669bd0561b5dfefd1c7e0ebbc1567526797b64c97a4f31f87de4e034071b2d48fcbd15ef386ca172c0af3d71aa98744047ee463b3a20a1ef9b8bf1753f83d0f3ca9604e2234a71c3d00f78fb8a0d093af48f2ac0a15ba0c7c21ddab80ce394dc6e6245784ea17dd3949b76e3ca91fd29ea51afe5e50d71ac1067b665d8f57ae49a7fd635146e04861406681637fcf6b53c1404b9b69f4743a93874f2953aa827aac1b5462c852beba5d1080889d05741a11b86436589e9d9e6ebbb3fe89da9dede91731ee70851c9e1501beaa155844f238b299216e69cb88153d20f113faa9a51fc147dd31c5820b46c0cf5136d08761a6cbbfab1652c656d6f7dc7ce1e6a084962ca9e07ebbf949392482b9fb942b6025b71a903c199ac858d99b7eb46e92360de03a0631bf77763d8c098879a9b50907bbf0d6868ea23eb8e471700214d984d661040c51a4b01488718dcf09b3cd50c720b627d664fee7a1ea50ae6951bc0d0f6f59839ebefc18b99c844ccbfb3c4c04d19f07879ce06a3137b59ebf4c7daa52e1d850924d4cf76630101d37881f30e914346ff4f6e73cdcfd56dd81058cb6763110d88d34cca16cbc7b51953d44e09c57b3565e6527aea04949cc28dc502811e82c8cd8ae181dedfca4a47d3b22626eac388f272995add71bb5504a38c03b5ca8381ce09f10acb5f5fade0942f30334a0ffd03dec00fc7a4976a95851d0f347fff16e5e6f663c5feefaf7efa743b2766f1d442ef882f4852318c25a81b3d2bd4fb5b683e3837ea7d4df69fcb8a87788a3a0a759c86877cf56caa98f5fa04c71652d44bf5250ee6f9c54794bed3b48e33a063161eb324456da5e28ebb5ba271dcc826bf7b646b6c89da67605cbb953c35c070e76be46ca66ccdd060fa07af82d53c525c19eb8eb6e08426f160340ec8ec6a57a5aa146f5b67d84184a46b4b8a1373669070123f8346cb607be14a4d5b9124b369289b0ee7f184d498ae3043b14f3ecad6e2b9e71661e85e2dc0b6b053300468d53e36f1e99545a33fc1b84da6fc20d8f7f7f9ae614588f351fa59c818ba833920164d9b434052f4e788bbdaf1e9913c822fca65e0cfad203bedc6be2abac264a0cec0dd4e813dd84d28d853cd9b85d9dc94b96a80643dd3e2aaf73ec85566124204f7b98abc8c5e354a66dc838c080d26cebd3bf388eb8018a06b15708311043a785a937e63c09465ffc71d1658d2a84ed6b346b68e98459cd0725efde386cce85928eaf90641c5ad4a7f1c733fd5238bdfe348456704546afc4a982b42e3a5bb473cd71dfef785473ff88175d92d2f72f1ac5cf77344c8dcc07a78be9575f1cde05e8c5e2950b1f597a21b4351295e9f59e926a8b03551934c73f090ca3fb644a4e95dfa91bad452f59a5cde71b50e8da90ead55ea96181cc1b5c6deea431f27666bc67d36b26004aac6c02c29c80c0d6de163660bf56c48bbd7c5a06d1ef622d5aab46a746b6fad00ef47ddad8290ee81509ebc19cb85acff4ffe3d9123774b76ef96db3cb942776eadad084bd7351c340fc219ea696df3657a992792890bece7dd84e08af3800535b0a0946f9af6ea30dc20916e133f8eda3aef83082c1497d606fb99e81bbeedb70d9d32f93fee0a2090136746fde09038d1f8a7ae494ac012665f3db1119c49650012ae7e172f9be15622d0e2458c431bf386b5163c444e2515f1c99d56d2843863eb5487bb346d324bcb163891b10db02cde5003c111c984c690927580964b9afcf6c6cd1d9ccf30339f3d7fb8ac348604634848c85bb9a11969152d2b1bbd870c3fd95251d38f39a5ee0d48962e414ef7225150dd3134a87cc954eadf8e1a78ff8914de38f4d9dbbcc01553d2992f64b14377e21658cf2573393301bd0a46654cf5fb5d6a1a6f452450db63300b3dd037c5678c85f84b69cf52036bde51f6af406b82b8ce0c3bb64dbd538dab2e6ecbf4da5a57d43ac5aa0e2aa1cf466167662d088a09e109a95040865fd6bcfd68e5f6d6f3990c82f201da1bd0f4a5332bf6155584afbb70197d4e59e829312a3db47a7095c08251a7f574d4869177ab8c0a380adf87be8a1a016bcb8061e3f2a3f69661cfdb54a48e951c45d257fd3efb8dcda01d25274df0adcc0bf797caeb9296322738a972d8e40b07509e3505ffeb2c08793c75783a4c65fd11dc5af607dc3700cbd44f431eb4eec603185dfa8cc5e4693b737bae7c8b1ecf24798a3c72da8d688f5454947c99c339b752d027248ec9c08fb42df0a302ddd3c823ca1ad9cbfc2b2bdf3e7c9181da0ba1878ec434b5049163ef309892652ccd365df8d8260dce74e0d9a0aff0e1e56ab831bffc582f5d13d288dde7c3bc1548cb446d54f360b6656b99ad812d7f98e71cc21918336b1592ff22cacf28b602c4f3053a619899a5903ce80dbba757f6012ee4dbaa375fed540fe02fb66c82841606429ad00685c6fabc130b9b556020fd04b39b1fd0aab194c85a0fc95fc51ea8838ccf388e77cc85744e6770e75f570c0abd0834135192a9e1a54fd90db93b2ed733e3c2491adfb3bd9078b9c75f6157c7af332d7a3f3f2354539083b05100b9dd3ca90e073df2c2ba3f348c780151ae629afa20870dd7842f5c71f163accc6376370a7c5cab922d09d87d89aa451c47e8f54ee5d761d83b057d31120ccb26c818ea1ebc0683ad26e3b3cc62cd3be1f622203c87f39f0c5789be119589cc9ea57f0b04592bbde0a18bb59e36b6e92f4f7ccd01789b58adac60c803c8f072a4e9c280f3245604a2dbfa8ba7c21a918654c75fe48b5748d91112f5b61af65da4b355bb8f0a180254c7af66b56a7b1790afb8d589fb386db3cf84c5f41545a6a1a65ddb6f9888b5a08787626792bc609f397978310263858c2209230ad88965aeb1f533ee3271c8cc033ea128a181032e0fb469ab8e4e5453ea92444e02d4c8cb2dd7289225d070d6a0f22fa73512466d458b343ae80a950a92e0df66817d25ce5ca5fa64e5b31e3ffebdd8ce49d66fb31d01ac3d096889b30c6a7f50b7d50f422d2442ec56c10e61a41054c150c6fa922ae176e4aa82eaede99a5e6249edec0b066fac5caf6280079babdd528d2f4c0556f74f3329e7f57e6f56b8a5423894bcf87246e7db449784d88c9e459549ca7e4670504427d95a9505ca2a243a28475ebcb2c0380b9825bcb9eab3a4a7fbdcc85ce514b8e839761526508d4d782691605bf326297d5ceed21e6832462194dd8dbe6976f4a3049e48a0aa52318f49be25933eb3d9ca9b0916c90a17dfb22f8066dc95d0dd25925e1ddbe46e589523051a34514f3ab114154e0ffd9ee0a463f4c6d0e0734863d081049ffb02f906fa30eef1d15b6dc95fd71a7fe148504ee1d532d81aae2e783746c821a40db2dc03119d8b51e56e8624473c709ce339171737660add577066960031b6f7a1d871a1c6b46f678a85ece774aca728ceebdb4a3f9b6ea169cde4bc390536f71ccfb63afcaf7c8e02cc90d47a238747d341508754dba5eec12cbf3c1dd38a56bdb15161709297308f0d4aaa878078b9978cf1760a3d81ddef482baaa47d4578fb492d749a824868ea6de3a51a17a0dbefc4046156e0dd28f59ec4d5099b33e66cfa369438c7503e5c9a4aa7a779422c51154c21cf12ecf3233e3112751a29bec131d50fd434bc9825dbf528e725cd4299d9d3adb3b4d20adb4a721ec7e4d2d4f1b3254a059b24ac500cd11871098c016394b5679a696869035dd14fecf924a2eb20dab48f86270c08e19f41034a07c3cdae33e0322052f5fc74bcda7731ceb5eae50de0e3643e326f7d40d76ca124e59fd6eab80e0c40a4a1729081f2078c878f506800189b4068064f8003fc38c20fc666a525ee19b128cb0b341988868d07988b175fca82ffe8da18edce9dc1e3df170d774cf39b740d153a903497701bd71be079dd8211ad2d3a9eaaabb2402823cb8979797af079979c1355d923896e598132fc991e4e532310d0e25c5ae227d22c014400127f37a1828474a53dac446c508c3e94808cc5ad2b2ed756cf2f04dd62692db1d83019d1500d146c3e0d765b8f12ff650d0fa8f83358a761f1e54c041b134703d8c3059aa1f3106f6011b4df33f2dd738c2da81b43cdf9da65b5033c829d4f5a1a6c1cf8ea2e74fd5fdf2e751b62d138fa6672a12fad88d128872e6c958f4902a6b444b17bd24dc2dc0b9d27dfa5d11ba700de9b116ad2679c71e8d4d7de323e33f1b5ef967e87c7cb1ddccfc1a36ab7c27a6b969751307b55f9237040afa34ec6d45f575841afee0053b985b889ae3e016202fe93012104e13e99e9c2f62bb978f0b217fb1f5ae4b1e93845f381c47529f77f7b642ce8cffdabd1429bd1b95174c33c144fd00cff2fe538e5837d62b593a9afc7aecd2efc25b565dbf9420348d20169b4f556d87cd415a7002690ddc8332099043f34b32e83dfe9651f94745645ea379d97f82eb1fc24ccb9ff51a880ca28016235ec9ab7e9a23d05f48013ad867920cb5974e06ef48e73c46e57ad248ed70442d3e0575b232c21c84eef0f84edcc714deca1cc4fb6fb5b201fbbd94e9dcb6094bd4cebbecc690d00bb940c6c840f69e1f9e2babe60c014d3f5b292c2c45bfdbed136c08a11d2e1aa7df5839cd7156f670a542ca8ad23ae0e564e8f87b30407cfd498191b902539585ca241bd4a4106a4712383140c6ec6283a2bf74454b959b8677c23561c73f9feac98a7b28fda204a87984570558ab269cdb23184d374ab172d3d9faac113c450f2faca565007b7c5013f02c66c408c81bc731f8559802fa452a0028bbcfc387389a00958b9adb83517940dd6b8f1386b971b2d92a4980e486d7954889323f6f8ba4452ba0002c984e6aa91d7642e0f8e92321494394b264cfa30cbaf9df96bd62d9b098554a8a8554fe84c95699a87b0da4e541d9395c5a4a69302bd3503ff763467beb111a3650287cebc4cd0804841f3990899992d2aacaff2bc1f7464fd9670450cad2ee153e8ed45331f694048fc0c4e2e7d034ab69e159226542fdb90449da050363bf7b683a2215bf5272d4c18fd2ebee8bd29dc180f448b1f85f4429d066c692a350aa9f036ee43ee74f942bba2164f692cfa70b79cb8149a6a79fbf3197101f75933cb0458dc2b9ffd7a987cd9a139cbb853064bc62343e305052a4f77e72c98760b972ac3ac84b374f4422bf44d15334f38291c61ff630a818a34d33d516da256e1ad5e187a79846dcc087a761df9e664afc9785115a6b78dca0908d0957be795a3001ca2d3ad9fc544f992660b643da5edade7890217d07452ffa7454fa59907cb325c9dd445fee201bcffc8dce888da13059bee2286a5ef0e863dc107478f12baf983209060b1aee7286bee1e699b84332327c845a1574b8a0897eb1cd31b4a7498a33fe1e2dc4f8afcafff76eeee019c8c73cf8de0285e342e08ad0a9a43f7260bd5fbc903ebe099c73850982e2e8533c97a26f67855c155a3bfb025b2277e9b627a0bc860c1be18875241a9f8b4fc61039f9d71f7bbc537d2f51f1a5e840dbff7786f4a374f51cb2e657a6f2c8052cfc3ffa7e603a1266df3eec49c00a40d6f82b1b4a670b99534f401866ed6401602f8da9bb7243a97321cfb7540734aee1b75cab753db13f81a4bc67bf01bd467c44852bca45e699bfeb783326f631deb5d22c47b97d9d0c2adbe97c373e149321613a0d6f25dd822d8fa76431b97e88aa397eb467ffaead4fe9c196fd69b81db3906f3b4eb40fdaa19bd5607f7a3bd442c88731014da0af1d33be3e63f3967b00f193e37419f18df4f013017bd280091679e14428cdab0a8a77522a2b6a3337021d3bbc8b7e8774fdd2f387d5d455d10d91bb7c05a15e2950a51b00edea2b5723539770d321c8f9d4e5d24f291e033acb2e4a5c1f8671fe91150d023dd031cadead806bcfa69bc44946935d1e49a628bfcbffaedebd5789a6828950414052d9f7d261e69c841da3291270d7387662f74e20651b6c75722b530aef69cae0c2c9ef5663bedfa37e0192369c3aea78991e0ffef0bff4157d25edd29acd148a3b255157a84c4dfa25b5af681fbe93015382bdf742c1a5076caa52b5370943d02fb98531be900ed3687b4dd076daeebbd3025db56a8c7628a0542a4ac23626b3549abf114127627e44f5df17a81328bd84132e36cb6127c4081199b4fca0dff46021396038c37c832c9bf2fe43729ea45b6ee6aa5f34b2869965f78481d56e6f8ca913301e4fc61b2616c9ea23dcce1f9ec2a0ad97959f00e6c1a99fe5c9be180e1d03826b433a120c654171afedabd20fa42b8bfd3d0bfe64a560cccb9cd001220965576e6f1664097cd3e28d9bbb63c84c801f832e7ca8afff3bae368b66b3b62907881a3c3ae821d5a8725cd11fb3219eb956dd586254a88ab4788e432da28db60a4fe97f203e27d4052cbee48d2edb022d8c72e2a3499378f4ef7076abf712c3a24ba10e43f8b0efdc226c8b10788f0160d1ed23ddc002ea200a4825dc9bf25f56d2d134d25cb2603fa28df93c58820a7ceb690a950f7a6fd1b893ef414d50b57468343a96f55625a141293e6a4e8d0a6aa824a0c31b206c75b48540dc46b20f0f55e5adf8c2514b01ccf4f15faa43df71aa711f8d76ba335a881887c0648aafc434810bbf808eebc1cc9161ac4e111496e4d68400d52c96dc93abdb47ef1901b1674888bb836362786444916135e22f9b10d37400748d6a11fee36b75e6caeba02790665045a274e50ded6fa969fe715751d429c2ace6c2faa5848ab1417e003c49c29d0efe18f1d157c5ac8cd3db4d7209fec82c77b7de669e8d0034eff8c2e49f731f76b0fccc9b65b6a8ed1efe50e407570d73c61403eabb8c376bd3326e57d490bcd74bc1a520cc4522ae65aa025e4782d54a4f82a042da6f9273678de3621527a6f4bab529c7e17726e094d00eacb739e931f3afa8dad84a6d1e89f8024c194833742b967e4cfc8f63fcbf591fb469e25bc6a9267b85d4031bb4b434f2f0b2c1e38dd27c894b029b41455477b8d69f95b8dfb7a22890ce7d71660c6f4a84dfb843172d711f9520063a7f935dffbc10abfb0f44f95af6fa49b2f0fdeef56fa960a98f369b574435cbb18b14b96b8937cd2f6737075c04dad79b77b786f203b2951e4bdf1228449a83306cb0e5a98c3976ce8b63a389be9ce4a5adaedd30a4e069152c35e49bb0e42a3873fd3c88e277cdefb816b0286ad1f12d6ca33805e90e4391f5a59bbc86479c9bea9d71fbc5253cf3017fd6862daf0f72d52c2bb44247b6a303722387cd01cefcb14e79bb6fd507daf09833aa094868132df358725a4db57dd1e2e37bcb37536ad59d8b68e4293d15f38715c68885126c0fff1eafe295aeb4a88919561e03cd4f7436cea1ee69bd66e308425e41eee1dc9e9609ec211aca2cae25ed4369c9fcd7bfe316c9f2b9707b6e3789f6c41a70e28121a26d5591ce94cd60900b27ebfb995d34cd509fd0c8fe204969e5ef6ccd9c1605c47da01a437cbfe612d928a63c83d998dc2de6ea4695f36865febbe065db2f75c2a700c4b23251fec61bedf33e45eb8fde785178647999b9a0069aa45fa01f4ed8ecb072de1e256a8b95365831aa975b249f57bd38064edc6886620ad24ddd589dbe3587c23bf12a71a7edf34b8c46a079adbe410fe32abb408a264a01f3ecaa115e4ad2e47e9bed54df1fcff145222c544c89b15b2943e5e6ce37477ecf4e17fbe33d74e60461c52c3682cdb7b0d1ba016cf7756ae9042b296c308da630b7021a20c71600b21198221a3fb905c2716ea4b6a35af3fc204dceb81bb4270b51a7f552e33aecf4a704b5c6e3538e7d91da4166d747ed854de3dc15ef3b07a04d9237ce0351b446c09cd2b4e87aae02e08dceab1d35c31334520eb3979617928048d3510d9f3d5db36477fb1ec21ad57e7d757eb7accfb1875b59bd1627b62f33ca853e11b211f3a02500e43c5655dac4c8ba62247da245453cb690700de3b9521e5d2841fcdb73d550f4ad20f53b3f0ec2f229e7bc564daf94a42044c2a8f93b13d11e9e27562c290f47017e507275f12932f3c608b2ac955c15cfa100fd5df86a223d4acd4350dedfa26d15c3e3595cb003b1187a77f784385b59e582308cecfd6e53a4be286e6b27b2e66dff8a578f30bd89f5cee1014a55423b5297dc23c5d9e0fef458d8c5df03c989ff7f1f0ca8ed10e97c1040e07bcccb3e4bf5cf8e6ca08a23fc75fc861e6749fa29ac8a8be70c341627b0b8a75f02eb1493ca574c98fa69efb5d76261391195687d947dc785a712d61a7e1a9b954d5b4c159fb4ac0710eacb0086419d12176681a911c10364011b151edaa0323d1a1ae040f9f26be099465a8c67fa522b6805df36ac81cd422e4c34028882ceec4b4fb08d86c05aa4c16a02fe99eea84c75a0821373188489198c2296f290efd5c905e1a5ce0091b4da05e376a416d80720e14c17d2bb84b91cf989fa72c3822d37661467e811b0b1fa6e4948dab66911f5e0394d211e773d66ab2c94a4a14329abb1e9307ff36701908ef85cea4d8ceeaf24520b53ed0e401a166aa05f821cbbc5d1f0d16e4e5d14a4d04e5e5224a2b5a7f34dfc03b691487e1d7199675f00b137c37a87cfed418e013d0b3c3862da3f812d2adda99cc8ab4da10d3ab9d392bef7c9b11ca49fcf7f7af9f6010772b1a04b143eaf940d56865887b202fe0b8f70fe2d45bcb0c20e95abdf2e76d32160df1fcef36aff0ce2e9af3453904f7b2eb43a1bad754e3f1216258f49d34fe6462354366e82a86c4ed81a4021afce5b66039622c6b9c9a24c5f0e57ade4b8e64104e6bd4237fb98c55a6f3c2a5128e96c14bdb1615a0b9c0da306454b76d5f698e321d48719a3171083b41455f59f28560dc616250be61a598b1e753943ead0ca5270bd2039b2f5e480349455011f86d2d8f46ec562f8b1e57872576127f3a050fc6e32e7c4c4c7ab1d2855e8c8d649b8eb00f1d8d02c80a39eb6c1b23fb1d5ba28742e217a02276c724b8b32ca2d39bd3f71cc7fc2a9dd52a28c4ca566038fa2967881c9303ba138bc8054761651e7ee7e6b8960346f227a07007c74280f8419e6baf856e2473cb91ad9c206df2f7a8073ca3462cdb23ba5dd538efa2af2b0b43049a29931e315c4c9290b99c7edeb7b938ea05bfe3744735fb2e550a7e15b7d7d6a17dbd87add165d7a13668884fb235b1fd70e4c3a67895ea0c9b8824b8b14d41a9ce80debc8ee3bef4a57d40994d2d422e2621dd9fdcbe1edb712ffe43774cbbe5839a8146a936317310c3be4daa693685262ee3a44aabe86281b0927e78df3ca4086a81e8d7af261fc51d3eb75cd8852729adfd68579958b61aec37f4f6bbecb4a3f09eea3ce0a49d35666d1050f65da5d5e917d79390d0133e81d07aa285c53d3c7d3bfb82d7cb8e6ecf4f8203b78787963277e98c5dd8cdeb2d83b049d9671b98563eb006ae8148215eb87004551aa357016cf88caba47d4fe3f4209ba0190f5020c5a8ae6e37e60c9a3fe856fbbfa0acf3dd1a2953fb31f0c913a9f8bc6a7bd4feffb8dcacbd764f84eb370cc7baaafd48c9a8972b22c989a49b9f5ca332a1331fd591d412892f45a080d6a3f5effc802364d0ddf03cb391d97ba4fc8371a91650a8a28c5e6221f66d15b4a4b0afe7502034a60c9a1bab525b51225ef9d40ba9a5e870faf19fab07933f2840c4ba52b9a82442c207147bd7327da8468ff6ce98c3de6f7092db9e1673dfbd54d31c4f0462524483edc8f73274137ab5770230a87118751f97d915644f793da732cbb2936c08595209fc42a1ee095591ca9ab503e27ff19b5ee3375a79921f3ffae984a89b1e49eaf21a9d6c1d7c14138b97fdbbf824e3bfb06457aaf1b78ff393bde10b7bbd9bd2d632013d6dd33a12be84dc33afaef1a6f259439356e89290de74007e1bf127594db485b9d07c2dd67876401922bc943a45c743377c", 0x2000, &(0x7f0000000c80)={&(0x7f00000000c0)={0x50, 0x0, 0x1, {0x7, 0x29, 0x9, 0x800, 0xbe2, 0x200, 0xfffb, 0x12800, 0x0, 0x0, 0x1, 0x7f}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
syz_clone3(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

2m32.263124832s ago: executing program 4 (id=4580):
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002700)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000fc0)={0x1188, 0x33, 0x100, 0x70bd26, 0x25dfdbfd, "", [@nested={0x1030, 0xfb, 0x0, 0x1, [@nested={0x101d, 0x13, 0x0, 0x1, [@generic="783cabcf3de8f3c211caac293bfba1f6c66248e2705bfdeaf3e518701e75b6870e949c9efe541264de467766dfe253da80bc4601fddfb29d68a356ca39cba5bb876bdee1d1f6640bb64e313f030da7715e4e5f282235c21405e318614f33083a4b615d83fbc2757362a21e81598dd1c94f416f7fe0291ee066acb78990917d93450dc091617b2b9b856b762e98782567c7ae32d25d68ac22ba4415ab4e9411b60459b5fe04a16c83cb50e70b539e77b39213d9c96b5f0eaa04346eb659528defaefebc201f6fd8a70ef275ffc1ccaf61d56015c4bb63039c3b5db172b76ef8c834ae9df36f8764c27785f4098f8bbe8190e92a2f53d0e17cbd0e3150c8839cfd779a96807dfb84d6d424978b1060dc0fe13a00d526681c018bd90b954e1dd4f36787f6cf693c4a428c8cc5a6c0c77a940f5911f6191babbb44ddb0874a2e573d9a4c41cc89134dc1498259ae3da6f5e2bb40631050a2b28b86f43fa397c8cb73698f2625d966e2695db75c2d719077e59f4278644ce09c0b5cd873f4ce68a6d88819c0caf1c3b58612897c74636701d99260c2ed0e29392f96e6b46a5d8e4797d49f7db2400f81bbdfe7fedab277d090a977eb6d3143e34ab570975d403d9d5975d8a1b373d0322e954d8921cca83c962e55959bb2b82ab789e617a67200d503f89c88d6e8f04deb2773349669e22cdc62f0d6037bc11334f3b7f3c203866d39f6f2f15215fa9a707960c2f6d5229ee00a879a842724c9f633dcb55114d5b4ae228f59001fdea972a1e2893ca0f1855a3918dda375af22d6531cf30c28f84ab3f45d7893f65a9ac09cca966c896c79172b1f8b8da2af3c82ad641eb3db53966e1f670fa1f94465c356331e7a9e39be91d6b2719780d650d54e75277ba22818857a3ce176b85f447a52d43e52d621422695ce1bbeaaa3611d296953b63f08238844704293e37334ef7dc826b87704ffa5e634c89fe70223869ef8484d0dbab21bf206fae62fa6b645ecd4f1f0ea1107ec9ae55882dd92b099da4cd71ab2493b81a3eee6f617dd53af22ff15b01e97689db12b6fe53f941207303d1e822a7b98303617efdaa4e844df85dac246617b3aff4cd0bb5db224a59fa4e7161c4862114cdec7a7b9f4ffcbd7e8a9dc761dc3368a0f37541463227ae5cf525441ab99b9ba09d70b4c2ad9719a5c48258398e77adb9d1f8dcc64d8d658cfcd1b5fef2669f1b2c19f0988268611a644f02f13b86377a9203c36091545f09d62c96c98732c2619cc81dbd4ca19dd62141ce8421dbc28de8b32fa91631b8957025c89812d5fdd72d79aa5d1f765aaa08317915d35ebdfc8a880923596ffbbe4bc6bbd81427869350d59a206c96c813efb25bade849f515e6b6a47c6ccb2131e60c8c05891ea8f065baf49459218c32257c13a82b423cee266dbf51f500ce996d76a723e662f3c3d2fddaff5c050f2ef2e17d0fafb0c42a82184201d8732fa4f1c370384fed4b0d8ee842f2de5523aed2e09e2c484f940a1736359711eb655bd00504e76f3c72f26970d3c05b00ea25803e8be24d7751baadfda870d3e0e64514f0b290a052071cd8f71a2c6ff4850b891c3f1818e0774794c46c62d511db9ee5b960404c866850602205b15b287e6d3279e6a5d1dce653ef770f68af6a16dfa552145e18dd0b185571f29542c24b753ee6ee5f5fb448afcfe643d540e7a120ebf36f2e4f3a30b46d8497ad69b5a55ee023709f640d44e1ba6a4da79579fbaf66676c8e2f60a1a8e3fe123a70b4604e75db29ee19bb8805e22195aeda6b0412c750e0043a53c673e24f9bf68544089b1bc8fe1763e0b157106cec5b21847eeea377c258bac16ff48a208b4c7d3cd1fcf410d22148beb6f95317061c1de7e2d87c448bc2c00069d2e886a7a37c4ced954d2b06ee6de91785a967d4dd117b83fdf7786133abd08ac3399ba7e6f521d933e14966ca444056c4289ec24c76b9eed38ceae0c5493dbe53c20063ac6f9290663cad2b4c73b5276bc5a17847e9098563928694a0316d7d73c4a439bd0fb91fdb520d9b92c5c686ed1122383012b84f4846f4d5e0c5fedf74c9c07ec64da1f2157feee49aa476a4d2b830f528f1c8bf8b7b76ecf7d2266ed1b9d8278a5923501cf134fb9e59f1ee9a5c1397387c2959e0743e634cc41782b57f8c7ea51525150c443066b352f84050fbfb72f55680f24461c791024efa74022caa8d58f1e9985e910f25aa92bfe756ab3eacf8079e7eb7f970165b3ff1bf1ca457ab5f4d9a1a08448ffca704fcee8030a7d8aca43ae64b0be45efd5151bcea83845720d210aa76ef748810e46ffb0cdb7bad706a24d6cb076171a6b79f5de5ac6b8190919a68b1b41b173914dd37d599f7a78587c4ee606b31949a88e6a790eca971c348d32f05a22e68d22793282b716d151d9de60e24cc049e3bf4cce36fe43b5ea824a7b3c854860ceed13d466439263353e81940e7ded03f31211cc714f4cdf240516025f1f5621cced4b88a4e48c940d6f46ff2f57f0583046b650a440c4ea8e9fab79e98d7529db2f11cc7529bb361cf8cb65600ffb36eb5fd93acbdd58398ecbb0befd277e267051f93dc3e7c6a5212c2ed990eb60d9d451b4458cb44cd691dac77ece483236e3006b7f7913e39f685ca41bcd1692494370acb70d0cfdc9e6de0bcd602040a0bc2de02a8cd477fef88b5410f5dfea1cd32d25464853d56c82abd3c11caebd992ca656e88a10ca2779f887472d5064fddd7397eb0205c419b23c2756a3b9b722ff273907c50f8b176834edcc1268e036214a2a25651c719541a4f7729ef7e32dee27c5b910bfea677c562138b30b3355b462c8f910874acc292f6787f8d94fa1cb2e648789cc67d05eb49d6d3c8788a024e3c523c4ee282764090044b44f30a9848daf2522b76448ecb9249ffe58dad4363b1d08181131a89af718ecbd5ffe44e032ca26664eecabc9aa57a875b5964ea492b7e759606a3f4ab36130a8a43a19be74709dea4eeebf5e53706685122e6603247996d672dacdf1bbadf5df111cfe7e72f5b2c6cdc32c1e4eed30147c9a51c5abd4214c577c4c8d1725daf906d145c6ff2c9ab0fc3da4edfb92be40b4af234c2bc147b2d08a801b539928cb754f2f6d2d4280ee0c834ee4f5eb8b0662ffa6f7154307b0fe55fe248a3f953a09b06244674adbf31dd7489be3f26423140ffe98671ca413d678047096fcad53f5bca7e602354553af02c225a67e4e8eabf298495a99de9653638405ebe78dc75e6d16c39e1547dadbc07a014369e39175991368d05be623656c4ecb3735612546b9a9c1490f834cab7567e61c8b2669aa62f156f2ff3b76b32e11b0e0acb6c7ccd6623bef1a5ccbe5f477ae90b3918899fc6b6075c514deaf387d5f09cd59f3fb3c0a9614f1eec092a8f7c6bd200e04da47085d58adc08f1f0651f7ce0cea5792a30aa2bee9970913fc9e79bcf0b5c55adfa6967a44b84ffcd3ce7fb47a610773eb9323b8ab3b5b9670f3ddc06e673e5ebe929f1ae4508decd56a2cefc34bab4703bbd3d83fcfdc27fc4e8a799a34742526848f6aae932ec98959f46ea50f12e0ad3ba4ef50a7b4defdf2fcf8dd2afdb8f29a1b7eed384b17c8b4ff4cfc220745cef2c083615eee226bccb8f2b7faf5a8948e60edc37a644b70011ff8b608da74a3873b2d8a6ba50dcce8a5ed6fe96c599c6d0b8a431f0b96789e974ea48400b94c2d1fbb7a8908de838cc64d4de93d506dfb450012df4af40d5980aed567e0b94281f8109ae7cb42f8253783a9ccb1cdd07245b31c0a00f13b42eedea9dd6d031f283a277f140f7ccacffc4e76829fede0479d59a542f873524651dbed995a00749e1b06182f073ebc3122ef1b007436d9eeb89d4f82ad366361ae8bb54e795b5c3d0594ccab1d5019f4b9191fd7c84598c866a8f98b2759738a65af53943b466aec83bb055e8f6c6e7755862de6c4c203fa67663702783f5f19459620a99f4de75fc85efedc44cf65adaaead7038406ebc507048b115c44209057f887f204a60ad9f6abc9b7983b930be5115cd91de9723bef58d29e421e123c7fa19ac3de2900827041d096ce0d589d45159c322ff3529687b89a10dd6c628977aedb1547ab6630995b48edba0a6f0e9ce99166dd7acdab5253f6bd4c3891c45d6ce4cf136a7791bc553769b57559215f79051388cff4761a3a63f6c73d8d7aafa8053e4f764f1c37b8b57128ecea00d7046c7532576bd413e01bf6df40bb1c3bf0480efbb1407003a98b1014552d2a1ecf99ba29c063ba96b3555cca24a211c2c604766a6b503a875040039f23f7ed46566519ee1aed0167c774555b623bee2bcfe83459af5527b312a19298e8323cd9b3fe5e075ee0867aadae8bc81939919d6d36834a87c1bf9e47d467395892aa09f12cfc172a2a9a44a43ff880219487798a206fbaca25172b3f00867d3f100f355ccb987bd0c41c015d791bae97c258ea4138a377fee51219e917893248391b7b2fa8d1bedc3ac71e5dd6ac382a0c8e0753f16bda800108d9dcbf9ccb192136b1cc555129afd8821b007543ff2d14f07003fe05cdd5fd133295c36bd44aca53c8fd91428fbd72951d4a97006636456baeac6c4d2f75d864e5aec7e738d865f2a0e5bdfadccc2486241fb38c024f981b08c8ad06bd48e99ee116c764d894f39e603949a4644ab2ed942d933876f16949c833f0bf1962b908087ff77b9318945edd47cf5c6b329e0dc403944fc9fc49e0c88f0177ba649ce61b4758ccdce20df2abbc45fec9e350286898d3fbc0ace3f75a5d8667438217ad564903ce64ee98e90ea770e431bec58c7d624278c5dc5955a555056be562308c7a003abdeb13456d43c245bcaa63c4ed17a4fb73cd53d890130322ad78c9b53073e7146ee8cc36f29f632c0e554dbcf161ab7a01badd56a0d84c8f337a2a3248c4ec96445158cb59060c352df81f6b85cccda5a0d737d44101a413d9edf5ed0bf16537520bd544e25540124ac7fc202bb8db6b141fca9cc25e85b4d064535de0dc5b8868025b71f8950ddc35d6b1bf04d8440c8ea2660fa3476578981bb467e9a54a9ebb2561f1414d34a922168537cde92375d6bb4e35cf4e2655cb0daca2a1b75013a9a5f72768b061492a381d1e339970a322f07ff3d0b9af33af6a191ed778a99b721eb89a294ebf76748230837f75cb9f5f31a0dcc4b9f6dcc99487e5799e1ff5db60f7193308a4b40dcac5e9aa3a288c03d724a5e2da794590446c236234eb0b34cc60fde282400039d7a263fad5b2df94907c54b07cc0d3e6d97a64e7306131f741caec8bfca4e40b033f4633a63d0845db13b0b59b3eb0ad2cde32856ee356d8e910524f71aa75d1b527bd0c69c7126f7d18644c3547acedcac805f9077778362d40004e8fb4d6de7f3dd679e1519f8896174be1fb9313a90bd3c5f2999cb0e1d96cbad7a1d9a708558d4984343d4b05f16acda0edba81d898efea1d7bb10baeaf2141d5b40b2131983132c6c16add15f83d122f305d67067321bc004960d47cb7e41e530a025498fa1d07b3040be112638801625d3e7e90d73b398bfe6d473278c5feba0b895347fc3395aa7c336ebed7aad8e1c2091b6e7167ab04f292f469e5e517509f1f780f7394958bfa07e6cce1af58573f08a743bbef50ba44d980448329666357eda505a49f06e24a73daf6d49b1f92e00210c96d34ccc033e0fbf3582180f477e0fa5a10f0cc49296a57242bc1a065539357ed9a6b5830f37d35fa3cb30a03b06256013a87ba66a582", @typed={0x14, 0x122, 0x0, 0x0, @ipv6=@private0}, @typed={0x8, 0x10, 0x0, 0x0, @u32=0x7}]}, @typed={0xc, 0x123, 0x0, 0x0, @u64}]}, @generic="d90a58cde601d565cdddcc6aa3fcc8c25583297245b4d7973d0df9b022c59bb26343d8fac6abbe023d9e0640355e0034d2aca4a49132b88c8660af242102d45a28332c4b796cc5268b9a5ec5b61042577e3e5ea90f21384e8c5852110520bfd976705ca7e25e8a5ac6dd7bdadeb451f164c86cdb89561b05f0b9e143b1917e3dd99ee920f46511a803ab9cf9dd2d6aaf8aee259d1476cd960ce44acbc6a970c4fdd6f99aeee46de8efec7151b1e4cc13cd723e9cfa7ba2f69b60189d7aff553101c449174d1e18b6c5b148275100a3f8bd0c4c96296c43028aa284f8f626392a21d31e5e06fe98065e0246d46b7fe927a881c18c044e5c139e", @typed={0x14, 0xbe, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0xa}}, @typed={0x8, 0x63, 0x0, 0x0, @u32=0x1}, @typed={0x8, 0x18, 0x0, 0x0, @u32=0x4}, @nested={0x26, 0xee, 0x0, 0x1, [@typed={0x8, 0x39, 0x0, 0x0, @fd}, @typed={0x8, 0xc0, 0x0, 0x0, @ipv4=@empty}, @nested={0x4, 0x4f}, @typed={0x8, 0x9e, 0x0, 0x0, @ipv4=@rand_addr=0x64010102}, @generic="a5fa1bc096f7"]}]}, 0x1188}], 0x1, 0x0, 0x0, 0x10004800}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2m27.073002323s ago: executing program 4 (id=4601):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @loopback}, 0x10, 0x0}, 0x34004000)
sendmsg$kcm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000280)}], 0x1}, 0x400c004)
ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x894b, 0x0)

2m25.653873972s ago: executing program 34 (id=4601):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @loopback}, 0x10, 0x0}, 0x34004000)
sendmsg$kcm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000280)}], 0x1}, 0x400c004)
ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x894b, 0x0)

8.628084304s ago: executing program 6 (id=5055):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd/3\x00')
shutdown(0xffffffffffffffff, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000280))
ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000080)=0x200000000)
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000040)=0x1)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
ptrace$setregs(0x2, r4, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r5 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040), 0x711202, 0x0)
fchdir(r5)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0xe41, 0x0)
mount(&(0x7f0000000000), &(0x7f0000000280)='./cgroup\x00', 0x0, 0x75809, 0x0)
mount(0x0, &(0x7f0000000140)='./cgroup\x00', 0x0, 0x21a8f5, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r8=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r8, 0x1, 0x32, &(0x7f0000000180)=r7, 0x4)

6.73322507s ago: executing program 6 (id=5058):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001080)={0x14, 0x38, 0x301, 0x70bd2b, 0x25dfdbfa, {0x5}}, 0x14}}, 0x40800)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r2 = socket(0x2, 0x80805, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
dup(r5)
r6 = syz_usb_connect(0x2, 0x24, &(0x7f0000000700)={{0x12, 0x1, 0x0, 0x69, 0xf7, 0x4a, 0x20, 0x10b8, 0x1bb4, 0x3465, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x5d, 0x0, 0x0, 0x1c, 0x53, 0xc2}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r6, 0x0, &(0x7f0000000200)={0x1c, &(0x7f0000000080)=ANY=[@ANYBLOB="2017cc"], 0x0, 0x0})
r7 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r7, 0x707, &(0x7f0000002480)={&(0x7f0000002440)=[{0x4, 0x2800, 0xfe, &(0x7f00000059c0)="40bda32247968c6139126ec0900855252430ae872defa11473d63346447419885614679af1b21c19f78f62a564a68869c5a8b86f15c9c8165cf8f5cd6c0f5e96258cca71b0defac3b59a3d541d2b4e7a5a8dd8d41264c7d031820d68c2d913a53f12e4ff4c3dd42f29dc12237e3323c0574a81733302ea0708d315785b02dd492ccc5234efbc206c58ed6d57f63304584af4515b49ee44dfb7336259377e65bbe957133e4e6f3289c86bf33b14df8385477c66e9676052bcf06536fb29d93248223bc9e60d9503b1a553159e32f2e677346f77c2f64115b4d97581eff5eb223ed74fbd9e0e52862287180aabd1c81f7613cd651c7e67a686dcc712c63a45"}], 0x1})
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000080)=0x8)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r8, 0x6, 0x18, &(0x7f0000000380)=0x1, 0x4)
mount$fuse(0x0, &(0x7f0000002880)='.\x00', &(0x7f00000028c0), 0x2, &(0x7f0000000180)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x1000}})
mount$fuse(0x0, &(0x7f0000002880)='.\x00', &(0x7f00000028c0), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})

6.026526997s ago: executing program 7 (id=5060):
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='blkio.bfq.io_queued\x00', 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r0, 0x0, 0x80)
syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00')
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x84)
bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5)\x00'}, 0x58)
add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a98", 0x3, 0xfffffffffffffffe)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x3, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

5.357836262s ago: executing program 2 (id=5061):
mknod(&(0x7f00000048c0)='./file0\x00', 0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="38010000fe0000"], 0x138)
landlock_restrict_self(r2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r3=>0x0, <r4=>0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000280)={0x50, 0x0, r3, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008380)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008df76a250000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea21056000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000131a5d9400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r0, &(0x7f0000004200)="2e749e8cc85e6b0ee5df5723d688df544b556c55827971aac8755cf20fb368f051592f0f11cded477b6e2cccf88f63b6b9a785545c9ad2e3f802634ea9be5a9422a3e3a4fb5a31f9f1370b9b2ed84de8ed3434130a8e4a2a43da16c9ccb794ef54d69b6bbbc22f760968086c5015f2ea4a3c2b3ffb6c6f496728caf07383f8c92c266b5fd8737820d4109bb0d222215bba6ff978da9da26b0e58e3ebc39d3e4240585581b5ef46c07d31f59fddc66bcac21c633bf2d4a2035b29a8a7b5e88007827579c3abb9db30a25cd264de86a793d03c9e3fdfd8f30342d07764a52991a8280925eee8c387df8b3e0bb1d19110937271822237540ac0a56c940e966a21059bed07f4f72e2d39a9d660ec5825a14da750cbeee159dbef9449abdcc021df8e64785e78b41eb0ab9d7498cb2d5fa800d9fc0f44a6fe0be3a024d48cda95fddbcee3e5f6289cc2b184cf80b714a13922545dd9c14fc771f6ce08557b9ca99a4de6193155cda1164752707b78fa0e241dcdc7a70debb7ef136279e5e5aff42ed8eac8c46ac4471a056508b6bbe70d05530c906206780901bf45aa23d128956397d35329370cd248693285f86ffa28495721c1bfc49916c6e8daf36c18307f1997e71c1e9763b79115f433bab381a84bf99031dca8d3f6354cbb6ef7de9609f36a0500000000000000aa53a1a75727005e1004f21cf6fce6f36821a10dc53fafb17a8be2d7f856b3bf746c8f3d0807c3f526f533fc5ccb7632f77e5652153477c120b2b93fef9b387a6bcd13f8805ffdb4112820a864188dfcbe67028caf8d267dae2c479ffd0415ce9756d268902c8f41c23734cdce58fbabcbefd7673f678c6796f2eaa21fbad557d5262b2b037cfde6a3536eb3cf3f4bdebcae638a2c63fe7677fcd7b8dbd9fe6b828f46dd7513abe880701c2005972b1208c8575f7a42a227f7ef355e61aa03f2f6514552aa767e50cb086633c556fd8c43494fc5278e179d2ebc2d7a86c88dd051e360bc2e226a64d412451904d301f93ebf232e367972781ffc91b51b4b160a5c571fca00b764add93a67d227ef5359a38d3e6444956940b66586a80b3dbd63255dc07ed3300a71cedec6d5ab9a5a0fe81c134426890f456a9fb9deb638fc188ec9e235d8bdc848febff19817e29f7a4be331b822110725bd3617096becf7193bc918d31dc02198ef314e7ff408c5bb3a2c6469d2b2312b2eca2b2bfbfc92a5822bdb308de0b533b762e1ccfcfbaa69a08102eb4de20b625f01cb22d27febe953547990ead464d87286407db7e7bc9e8f561c217273ee7acc656645bdc749afe289806c01b365f685d1b18425d3a0d1fa4ccce2fb44c46469fd5d34d4db9d4ffdbfc249d34cabe564d5ca193276dcf04a36c90fb15dfa552c987c0a611ed96602f47a0b3c3bcd7e0981020abf1c0b5cb48029485f644f3801037173a46f5886de9cfd388c8dec8a02762a1fbfd22698579176f1feecc8f177ed762a8d3daf4f43a3cf94ec7282a07747478cd5eb84b88786a8793fcc270937f6483e80612d4acdec8a88df226f172aaf530d0552df5f3adcd6dd13cc719c24d20847d6a7c73927c9696c7095a7582062c688f7712e8924d97df16405a2d5e571a1d06734761537b479824b4b961c8a7fa92f3a5f7ca95155e1291e10521204ba253e82ccb553f562bead4d02b5b1b10132349eb973149eb9f0bfd48d1bfce86f73d13ffa2b76f72677cf5ef92b67b8d8b02d7320ba5afe6049eeacd2c223e13c8ea5f231e25e8090143e235c457bc549b981a18c30e12f5954f54ede63c56e3edf63b4c20f01aefad3d3bfddb41b40673636caa2fc9ccf2e6124c7a32a1b472ff1b0e74da2777bb84ea51468519d03bd077afd8e36ed0e67d1060e5feba19c09fc63d8ecf5e10fa650a931a47a00439fc96f2ed4bad1d70c50cf1d4963267db0585e4ac3b605bdfa5aa90e1d3e407beba7b4e131b6af563b0e90f57fdb11f7da417cc0f38abd53060f56ae2d4da094d709b9b207aec1f9686c9c9352705453a189151c3278b7736929ffe93fa94143533919464888f08059cb915f7f2ee37bdc2c2d30305ef6407aea7d9f89c0d35ec93c6fcce964cbf7f912c5b2695b8a6983fa83ac5e0a0eaf78f134c211aa34a922b9458cafd072b49cb187b211d612e02b8f7749eb3b136bafc655a8b3d4e9961fc3043754930a4e7bdcce1883421e189e9c0b1268f1f95b9177347073898ff011482427c43decad44c8ff020fbe7d3680c76898d7f538e189720d42dbdef4229e13bb7fe448aa6238eeaf0d81dc7b03b5136edf865a996ed545dc5c0ad4659da7d01731705b0d9733ec5996d70eb62ef11534f19080f95226d0fa02771f53583f67166845ab1143fc804e23d6368597dd168a1ae0517cad84f04bbf036a9a04a7af8f67fb91b2934a473ccc5bdcce134c9a10c10d81afbaeac63c2706d74e464164249f5fba82d0be6b4e82415ea644009aa4a443fe9b80717b5d104986e60a13b335e228085b6390a110451523aeefcf603b124202c5d47349ff8a67c3871312602e30bd00dacd5b6e9ae2c4afbd590af002ff62cb8a30c64a3bc843ebfaf6c9cb102ccdc2f05aa57f240632966bcc7fb73b550922bd7dc183eb5b488a83c7ef0269f4c9b92592357ec0eca5a14c330202c87d8fe6f7a4350bad8dc29d1de33aecdd10dc2329c7cff90c8087251b948f58b864d4e7d6c5e5d800c2e7741273356b13c3277e8f60242cde5aee19bc5c55a240025e26bbb893a5b2f39dd77a24604d445ed5b22988fe530e952229e84b5c05f9521e014eadeef4565a0a9c57b9bb007b4177bdd8ebc87abcbc0317cf2988be2518291c0d89e0141a7cd0e2f37e4db94cab5204f804ec0d0fb0819dda879328cf675be07cc58d8f8b50ee56670229e8a7839a33831ea005a87eb84b3e644040915e8eb44055b7d90e23a3970e87957abceb632ec284438bfda423cd547ef14d786f36db71684cda4235b067408d85c544ea257bd75a2e4935fd325a6aaf57664c5430dd24d4588b2774c08f376bf606391d1199347281042431d0e1b6bb7f46fe4502d67ebb3f0469800a17162dddb37f7ca2c1951b8de5da108065aa933a9e04eab95f6018d3326fba38e33b5a701022244b0888f4a643b333cf18db2f37cf2dcbb86f20fecddbaf186987c7901b74376aad2b99829a478a2d68c0ca48cfeff10cc27110febbc37d33db56700f909e266ac33b60090a2f38f0b3557ad094d7d42dfdcfb27cf538cc121b1ca181362290cbf90e73c60cca5ce62cbd6ab49c39aab5054aee6de4dc2caf56079180c964dff0191185fec1065c508249db0e21391e00eaffae3300a19c462b09d76831262fa177923f02095c1f57595f560feec1d786edea504ba32dd39dc0b96d7d0f859709540baa8043f26deb237ee8425bf8069be89bcafabdbccc671ccad77f878f73cc08f230243a640a9c1675e395e41908899e5f3e579f7940239a042d9a95a392cea4def19696941e155b84163e5d398eb10a43adbd0054d175d0ecfc151c15df09eee236f0f8da5c373e851c56e8d3d80b5284f17f5a9b0a72a27a3400b4e2b3188a51d2352b991d6b4d97b3c6b2d0a184907ff3f4afbc22d5c72d79db1dd936a9df2757b1cf03cdef3c0367fe873074aecd48bc62ba63246682837625b4187b2273de35b6e7a0982fc62630193eee7c090d279b6513db822c3375c829c86ee57104e2049a410f521de405916b90018e8b81f457cd9294ac0eaec1627ff8954572ba7009f0504cac8be8fe1eaebda0e426be956061595216108332067ebc18e46ac9aa200d85ba60f0357148c9cdfffea9a7795a7dfe7d99bb045602685a28032e0475b96da0d576737e05b38401e1f8c3abc8b34a21bd08dfa492ef0d4496569f4a3eb52fc12486a15786a87b5c1b5ae2df6d9d75f4615a664e54b2fa0968507acde7a07f6435ab8bd84d0e6e9eb8cd6c78ea69a6679a53564f88f224d7d4f4ec8d19739a3863f0f1eea35db1aa4ba4ef180025258c7f1c377603948372be9a22da66ca56a945908c274dcc4515a6253d9383dcf17a65d474863735c1b8655840446d31a5954bcc3581ad465d019c9ce240b75ff9d20e226d398687c78d21cc8899f5ba6397ee7bd8cb1875feb9a24b4abca8ddeecc7dfb03927a7fe7129d91fd3743932167b5a2995a5e4128b7db18cf6978de20af22018cfa0dd97af0fca0763be77b64d91dd5f31b5a65f12a32aef11954c05d9a7372362cec82c30a98eb4dce5548f73d8fa92c5e8dd44b054b323e3b153872eb8e8ba36c2f062f0bcfe762d41091d8dafffe71db31e9961312f1eeda0c3f3ff8a558468f05e8a3123086714b6980003a85afaeda65c6505d6586fe2f3ad773ef09d8c0deeab879c6895492d14ff01dffe8b65abc935a7c574acaeda6cbe624f1b4b733075b4d8028c9bfaf8f66b8078b98d1210c3afee89159e9e9c03861e062b7219462fb88643637467c0998682ffca0fd5f71a1840ef802d09ad0555774c7bb54fe5c413e2a1734c4be29f25fc58f65adc22ac294bed58fa69e24d3a9a6fce9e2d60f238809979d4c1db26d121f2f013fe5918b786a7b7f88226b92b40df9852b83b47dda5e876fa46961224511a947ff5b354a9a4064eebea9e22eb7a24953a02c5f640b9163eab5fce85b23be2d4c7ec014b5f8d32e0a798fdc2f8e905673bb02c7dd9a44be1741f6649379df146f18d64b428ae9840bf3323afeb3a2be43645341ca720be7b305d13de56a999875ab304786661594216c34ff6fc5e47f5a4e05ae6f8d64e5a7c598d4464b4a5a9d3f908015caeb390300379af90c20a2dfee20aaff5ed5bc8646770b33d29a4352a90f37c0ad33afda265f7c2fbdf4ae19d774620525f6cd9324aa009aac01ba58487c4b298753d03c72584205e3d92b64d933fa5f844d242ed0eb0b55793ef2c91e6483558089a533808dd41167e52e526f786b1953068c4807211725f64bfc745ef79c2a7c9400d2ba61113f10118fa54a91d6b531adddf5ecf6ec764f1e58ecedfa8ba08dc36c7cb91f74c77bd2e02ed878cdee30e8d0cf81b476589367ae2b67d65d2dcec5776d095a4b25f1145387a545c2ce0694827058c18783f6f0316770c2e01615785719f140e6765855272318175f4eb572e47c83404591489fe37ecb29379805a176d7969fa4148644f0b3e3ce9669b9dd1cc06881a11bf947a5518dc985714fbb3b428576b2daa7c1a31c1388faf03a73bd046df8ae6c4dbddd65739407bd827c419880cb76e7bf9db5718b50d899a9b01c8fec01befb0d6e72fc86e56df84716a70e1790246d36dbf6135d815f0cbab6c1ecaf89253d4063852cb1e11aef274b085ce2d7776e9abe075072bb39da5494c8c490e3547005a0763c6774546a73073d849310ca961c4c083ac2fc1e13a92460b8996b8d87e6abd420146a044658ac6859f2ec472b668dedd9af1b54388b55341bd66b7c90379a5b52e2db905d0e6a8341193af03f254044d194cf27eca879630c16da9c093586a1a6e42dcd5722e47c5e0c6070d3229e139e809307d2ddc4b9b7cdfb331df49ab3098a2e1121523ee810f2a28055beb88b0aa5cf93f87d366f4013c35c1c743f374e4c5b0e6005cf9429386d687450cd172b6a22049521682407315511c1311a3af4020c66a385e3a652c787fbcb1baf4e611d31e4cccd049cee851ac4f6077a2e9f2395420c3f6991e84b2cb9e331ef7d5da014e73fe6f5de2d07e372236f541650cdbee4c02d25d03b1cd3e9384a3004507061d4d8b897350d709f6643d40f16279e46529e9d4f58e0466e7df46c15fd43997f83574ce4f46f7a09123e7762014bd14b45d1cc8b28ef7de8aa8da2c63fa6e4b990c10aec5f6f3806b03f5e7d2c32cc206fb4af14f61c2b8ba117db15b57a1fb21bfd40f3b4fe1383b8043bd0ca7a75ddc0d6975432c211192024314722584e4dfd17b5d5ae40d27a257646ef20fbcd86e6a970d4506181f939b4719c634f66aba9c4d3ea4b18697dffb113344be354a1ba0a37973fbba6d569980522cd1dc398751f80a1a30ed368a2f513c101dc2aa3a233880847226437f56bb8ab9642281d867c80fc6dffe1f99807a00e55f0f2a8d16abb288e5ff87dca32c024c6a1a0a5588e704ab4bc3ddbcef6a7bc2d8a35de5a1cee5fa64d9e940d9c1fca2273a9fe520c555e3b076a6bacbe58f241ae24b36faba35541d747f277acfc7fb374070a259a659550b9d2d158b02d1902a71b382304c94771f380029ccd8c66b8ef2eea3319d810cd9088b81288c2af36c9e423f974a9a84ca6ea5aae1e9128aa7996ca154c2bcb70082d06aa57bf8d9a0534deaa0b823916c87bc2b94bb68bc1b4cbf4728e23d4e1663c1d036e3a1342477d3303cba94f495778da51214f26d3cb765c7398cef04f0db6daf25d33b92b574cd4b9c85d69b296b153be60ad9ecba6abbd9b206af7495be5c1536aabeffae39d377e8b4c1425a66c496de9d4b83abf12f63ef2d2e02fbfb40a3ffc4cfb19c8ae0649dd71179c7c4338a6eaa6f51d4abb1aaa27218b4d2b68638b15174e6a4509eb0b9275e7468633244fddaed550e1c20cf256a0828348bbb915e70113cf8033ebca53bf35d06c8cbb09a3e1326a7209f011dc9cff55e192e64670dca28e57358089d06830f113fe06ac7f9dc0f3cf49687b45599d18c6affd99268192747bc4dc9be2d854baedf0d81b4d1eff347fbec4a0b4f8e2a94ece2c0217c9e3bd8dd43ba922a219f00cf2de35de84ef8e62fa983044bf5d4e5cdb31de8cf11aa148a936320bec00b26127d7ff24a555117aa449ec6f9d0ba98410d7ca0450cd99992d92670cf5ba59cb551f76c5060e3f618f46fb5176982d8f246cfa811d209b8f61cd00758a129bd6941da2451f1a19dd612425c97f152570e4e62db9aba7d148ed5e4e333068aeb2625ecf43c0ad9092638f688b8ee3e62780cc2befec03c5428a9376ae7e2ee17bc585ecd60cc8b46f268b793b9d74f20d475ab1b05f0ebda051630d003b424cf376a083663bff163756888dde2fa3385c7faac40472de6e1882b9131f9b9a755fb827a996a534077b85ea760077280d8dbf4988496720a64fb8e2c96afb69d529516bfa8f7e81d2eb780854823370a979c50566f88ebab97385f30ddaed0b0438b689506fb49c943713bf835ed75d09dfefd12ebeb2405a46594f556fa8b3d32547c922808f1182658ea0208ae0d62095e9588db1d94956bc959212a5a1bff0a669758d4aa8f1eb11877bd6fe4b7266b21bec833331abd7c4a347da57774e7c05897fb82b7ac39473b6c87a33bb912dc9e11bb5a0b4895371eeb500a827c3d839c885488faeee9586058238d2259163756f69eb533af03646ee4558a67d5978bafb8b2e8c896db55601b59ab4a5451f23611a02c6752a6c80ce8872dac2c03024750fb4a11ee23018ce0faba974b43a67503d353647959948c9ec697cd193b040c9be6569514b681097dcd6310dd9086c01d9bcb22483a880728504b8818902db0139667805d1b43550afd10229175813aea15bb2924afab70b1e4dbde6bf180bf9034e515102a25149e1eb634c9e56a037c2c3a3d1e213731e3611a167ab5155c6d7d103ef1ccbd748017f65493a95481de052d0183a4728b0ac202b10c517b09e8a8a8fdcb6bbae8fa797a8f1107b0f6d957472844518b3ea7cce89731c2074c533924dce44adbf6b6fd32044b624a63a3e0f5b2a8482b3294aa153eb03f2879b39e80078abd51d73a7f0ff77c546d7092ebb973a3bd013254576484538a8af8ceda9e6ac9daa38acbd7576a0054bc49a248ee2839aa8b604a41b735ee3dbc6e08cdaa92955dcf4fa7a4c783971e4134dcaf9a8b644c20894fd17d648452f90f9e00860eb8102534477f7e3279a0cbcee20d500ed648adcdfe6540509a49d438aaf1884bf1f0a434055866e643577fad463ffb8267b530d4bd8606d3638165ff4b9f6334c4ba818da17c5cc5ada304462a0c4dc0728d25428b7b61bf9804d54cc7bb7b0daf82a19576e5e6085561e66050e333e6302fd85d00f36a82a569e1b2ff7764a931a2e70409b5517df2fb1b3876ad4523d74ae224db617c40c55a2fa0c0aa3e97b7c350a2eff49ecc551b50d741f6c1aac4f6f78644eff674df4cbcf56c259355bceaf87dca07931d973018aca418e5e6f000e98eead669c39783e144ae3b43cd01920ad383d774105c1594a2fccdf159a5f9bcb395220cad1b22ce09e7c5683166b9bc4bd2fb2bd1b676890abfca67d8a5702d0dcb751b9a457be82cba2c2f3e31e7d59eb8b8fc8ba440bed80bfe560195968d430a9d15701147541b83acd50038f8beae9220a6e473ea41838b16c1bb6f5cb1a9dded046565db6327ec818c9aebc5e2304f9bae0325294fbf6282e49fad4af3538a52c44209e611869535f854005534767bc73834780f6d6ddf29b472da78d4ca7523cbcc33085778a596dc46e084cf624cc1b61fea19ebfdb5fdabc24c3a5e6b64f2a59b1dc015398feae49d167fdfe1ffcf6f078c8033965ca34de7a74819903aa29ec4efae8c7bd5d8e5da21cc07a08c1cdaa535e1f79525a3fdfc153cc4af8d9906244f749f58418cd58c06f7d0f722a52978f1889350f5a1390bee67ec1093377f7f5c417f47e54e2531a3590ae8e512df1beef1c58a75985468e8cd481fe07ffeeac960bec795a690eb6f64d634e7c220ac8e628c30bb2e28395c69720e801f952b376cf9ef84011589cb9480f9194c2f7e06319a45253c9052e39983e0a59ffc484d0951eaa0eaced690518f08abe1390799799367c690c860193139f20c82aaabb5ee0eb8fd426e792d5bf68646c1e9697f375e7184f3675ec415d74aedbe814e24bf66a3b930fb4b44edcfd5414afb0b0d0420762cc3c124bceedce0e56a5204717e33230db15c8f8a9e5c23458c2091bffad6f3292afccd1513f0d302086da00f5582c83f643ba5bf75dfb4941c656b4f905be14f13379a830e7e15e71919f8b5be8e0f769906e5f6e6e5a618365516af74ee2360db3525329cd7e5cf4ee666afd04667c5b96565fae390cbf754804af05e03bb9596f036e52c187b66e46f3bcf4c7c73f6135f8ee308a544f9abe14ba1b077a9b9ebe9cb09e8924c7e24e664f9fe5e5471546ad23ab9384c99921ba0990bd15de906fc647d1d9489a5c1515a5efd8517049b910158c7efdc22a3671e86076189cfcefdddd5def5c4634b374f34d25f3b03018e5324b64626e69bb1b667647ec926add0a89648414a28058d04f12e9ac5bc2527d189f16558a82daeca13eedc125cb23436f86f68c147015853aa07738c99f571dd51e486401dd134a749b7832b64d9ebcc33a04e1a62f07de55620a688e944daa2c480be3e00871058a6fb34b52bf0c3fc46a556f13a3d6402a9f42c48a7756c07b3a58aa2cf932e650d88dfcf9fa655386b13073eb6134b10806d60b4529d72153f2f4df6df19488c792b4d8d11086cf7ef2d9d1404d1876f4d30d566bf88d3fcd5bd439f82d918bc988cd50147d3770489e25bd953428c5bc66ddfbcdb2e40452cd4fd6adac67febb7de9e8b8ff6f59ad548b96256d80f1092c94d70df278477a36461fca896ebb6d2d40ebfb95f2fb3f584610a1540fd2b511d267e8486615674853112b3f371db52d954b81297d954bb3b5182fee5af93307ad79af888f87ff15445e3292f640c26063d17209f1c79c1267b55afe3228fa254c4875beaf6bf9d586d3ce743d5e8376aa214bc1c529c0f440b4c8a33dcac8938bb2f8c2f19fee903ba7af21d3f6c7049f371db6fa4d0436964f07274274ada68c8601b70f56860059605bcdc0a643a79132f3252141b2c151634dc85217ed18fdac27b3479382d045029fbfa90d655b3e0b5ad134e8d524ba837304ec07d3cd37d3314f3690e04c0c777f1cea960baf23d2c394f245394bbb7f6101fc02bdcf3705ef329a0e1749042a204a3463406f7b34bdf23a8d8e2759f1b24f5308dc2736d1a81173826b059f18eae9ee6be8cab6c24039b8afcf775ee08f290161532715f6c19ac57985299013088c358fada7fbfb9fa339bf9fe5478fc394005ffcddc7da185f9c5ba4a79bcb3a6fa1b280ca745e32211971bd76ed26e923ffc0387017e80e0de6904c0364c7aa54b7aee04ece2c2a318b91f60c6559ef13fb1f774c803fed514358ff6bb4972d1b71b71025d943d4a074d2918be1008f63ab15094d1020c641d04d89bda5326bbfcedd86a064506b33f20bfdd83f59a57500d4aca720c882b192b0232ecee67da5eb3cdf61c931ce96a3bd4210bff8d9b3cef39de2bb68fc9bb645382e2a2971f58ac39471a8091676011900f01a457838c129374dc6e72c4a3107e96361511e44da1c90aa784b4ee081bc2090c3344d12aeabd1c6c68475243e0b7c1e4e0b8df728bcdf3d0fcef630f372ce11bfb680897d3ebb427f08ee18ebb3f5e604121831506e8d3cc9c3700a5bdcb3ebb73d1f494257c353325ca7983781ba108819652041b5edcebb99118ba33244011c93b5044eeab58ec77eb4b9b88ba63a6b98ece554be80db1df349de18df6b66210e965f436cdc5c6e4e01840b6da8175eb074cdc22f8bb36f5ce18c6a9142ca726dd5a889967112535d125cd2e19c397fee7a786cc7d84cdf3d7e7cfe96e6b97ed50ec01a98e36ce7cbe8dded29bd9b701bc59a5a119b2f14af8e1ddc6907899178f1c40d78db921ed0bc5d0984e945f2ba0422452685755820b86133072ba4e6d4560b4baee9c87ea99a857061082d08425038a8ba5bf4988a19676a7757389eaf0d89f9e58c1642ff00913f0abcd23cdf01b5ecbdae37763dfb28a679db4fd8b7616b3a2d96c30e71d4e48dc6e25203a1260eb42a217a157296604806f919f11842668294dc03c57c33d605285bd5142420eb94fc92b1896722ee795871eec92e2dec45509c47b63653e539bc8607325b7d3712c43651bba0701bf6c8e4963d48d4748dfa9fa39c7d69c81cb794a7911cc18d576ae43f3e7d8e9eedc9ed02936e027698e413598bcc8ec1d5fd029b51abf080772abebdafbc6b5db07fb49e9bff7e71af635fab4fdbf15f6a6526acbcfc37bfa294183fe28903af69075c299f972f05f6f2cea53ddad14b115635fa8a637a42482b0fb3fa4c403d43b272c726e1f51f2b469c165d9525d0ada2a582610fa4974c8e57351f587502aa3ffad717b418c2de230b741ea3872d308fdc3ca1f7fb3c87cbd70e0e5d5255a0ae56a58650b3d5b986f0e8fe8b97d46bc52447247e0f6a2361d1ebd1bbad2649d33a1b8c95ad9d294f3e12ba777f0da16f3e7501e2607d5ad28d650b2641aec2eca83e4452a4bf8ed51768ad6238a79cb0d96dafa36915297bc95a3cad090dfb61b8b13b462110780df8acbdf337462a9403599b7f54563418bf314dd4aaa7a1406423a9e70b34ec54872c0cb14077cb5996134f10cd40a13b17cf0731675cf0ad2f981992a5c15613a66c9cf5e6d6910540dc1700", 0x2000, &(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x78, 0x0, 0xff, {0x0, 0x0, 0x0, {0x4, 0x0, 0x10000000000, 0xa5, 0x6bf5, 0xfffffffffffffffe, 0x6, 0x10, 0x4, 0x6000, 0x8, r4, r5, 0x9}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
lseek(r6, 0x0, 0x2)

5.299307788s ago: executing program 5 (id=5062):
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002700)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000fc0)={0x180, 0x33, 0x100, 0x70bd26, 0x25dfdbfd, "", [@nested={0x10, 0xfb, 0x0, 0x1, [@typed={0xc, 0x123, 0x0, 0x0, @u64}]}, @generic="d90a58cde601d565cdddcc6aa3fcc8c25583297245b4d7973d0df9b022c59bb26343d8fac6abbe023d9e0640355e0034d2aca4a49132b88c8660af242102d45a28332c4b796cc5268b9a5ec5b61042577e3e5ea90f21384e8c5852110520bfd976705ca7e25e8a5ac6dd7bdadeb451f164c86cdb89561b05f0b9e143b1917e3dd99ee920f46511a803ab9cf9dd2d6aaf8aee259d1476cd960ce44acbc6a970c4fdd6f99aeee46de8efec7151b1e4cc13cd723e9cfa7ba2f69b60189d7aff553101c449174d1e18b6c5b148275100a3f8bd0c4c96296c43028aa284f8f626392a21d31e5e06fe98065e0246d46b7fe927a881c18c044e5c139e", @typed={0x14, 0xbe, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0xa}}, @typed={0x8, 0x63, 0x0, 0x0, @u32=0x1}, @typed={0x8, 0x18, 0x0, 0x0, @u32=0x4}, @nested={0x3d, 0xee, 0x0, 0x1, [@typed={0x8, 0x39, 0x0, 0x0, @fd}, @typed={0x8, 0xc0, 0x0, 0x0, @ipv4=@empty}, @nested={0x4, 0x4f}, @generic="f01254c8a325874b7a364f60eb18eb3e374838d32bfdcf", @typed={0x8, 0x9e, 0x0, 0x0, @ipv4=@rand_addr=0x64010102}, @generic="a5fa1bc096f7"]}]}, 0x180}], 0x1, 0x0, 0x0, 0x10004800}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

5.205138556s ago: executing program 7 (id=5063):
creat(&(0x7f0000001380)='./file0\x00', 0x12c)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_fscache}], [], 0x6b}})
umount2(&(0x7f0000000040)='./file0\x00', 0xa)

5.107118733s ago: executing program 1 (id=5064):
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x0, 0x0)
close(r0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380)={r2, <r3=>r2}, 0x4)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000001080)={0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffe, 0x3, r3}, 0x38)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'netpci0\x00', 0x400})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000280)={'veth1_to_bridge\x00', 0x400})
close(r0)
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f00000cd000/0x400000)=nil)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
r5 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000013c0)=ANY=[], 0x1c}}, 0x8000)
recvmmsg$unix(r5, &(0x7f0000002380)=[{{0x0, 0x4000000, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0xecc}], 0x1}}], 0x8, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r7 = userfaultfd(0x801)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0xdc})
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000383000/0x3000)=nil, 0x3000}, 0x3})
r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x4000)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x24, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffe, 0x200, 0x2}, 0x0)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f00000012c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x34, 0x0, 0x1, 0x70bd27, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x44e, 0x3a}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x240000c4}, 0x4004000)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})

4.992641198s ago: executing program 2 (id=5065):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = syz_open_dev$sg(0x0, 0x8000000000000000, 0x8005)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001aa40)=""/102400, 0x19000)
r2 = syz_open_dev$dri(0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r2, 0xc0106407, 0x0)
ioctl$SG_IO(r0, 0x2285, 0x0)
r3 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0xc7ec}, 0x1c)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
sendmmsg$inet(r4, &(0x7f0000005b40)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000040)="f37481d90eeaead391345b4da9d27e24c9c670da3afc5c00"/50, 0x32}, {&(0x7f0000000140)="ead5e96719a44591801f33", 0xb}, {&(0x7f0000000180)="f3f97053495b072215aee864193557c0dabdd253711d5ed9b131c5abd8796e5759ab1f639211e68e24bf4471b6ab1429b165c7248cded82bfb4a3f48e8d0", 0x3e}], 0x3, &(0x7f0000000240)=[@ip_retopts={{0x2c, 0x0, 0x7, {[@timestamp_addr={0x44, 0x1c, 0x93, 0x1, 0x0, [{@broadcast}, {}, {@private}]}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @multicast2}}}], 0x50}}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000380)="c1ad061c5d914eadd95de7fb63eb7b0306d91c25f3fba6c97eda8ade2420dfe1fe0f5c7a01d724be33a44f1cd52028110d8f7dd4b3421a3fe4b2066d179f938ba15c3956e1aaad35035bcde7b90ed59ee2de06c8a4af3de95bda", 0x5a}], 0x1}}, {{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000480)="f41fa963edcd5e2a5d", 0x9}, {&(0x7f00000004c0)="0c71e8d7705b19c24e8c3ec98b4243ae0be48cd79f024361b8082d328363e63e360e122e7ec929c89aea0b338987609655fb5f5f91cd457584f30946f63e00fd0e8c536ae0106beb7d02fb4eb35db10c37c4bf3f2c6df9254d540598ae9b7098b74908c7da448e8891bc1b46f58553776f43370d090df693f3a4e4a724dbb498e51860bd766e36c41c0a0ee41019a0b05b519107c1fbb944f26f16f9fc127f3cd86c3fdbcf169912fc1c42a4a7051d3e85591ccd24b19681da775dc34c98ad24ab07c6feab583ba1f5efb430a06d66c039dbf40a84f04cfdfca240676e96579502925e57864815d3fe17edaf5cdbc3a4b48843c22372f9f1cf363d8428fe6341fb474ba53db6be689703ce5f7b6639b3493a5aca4c9316df8b4600d73533021932eb359ce7c1f00a54cb1318076ccb00e27ba0934db1867e078ee47b86d3e367b96ba948c3aa029c365eb0dc99685c5fd7bfbd1916b889da42d6ad1ab2466e989b5c8304b1e2190d4efeb9ccbd3a7a48c3b393470fc215e164cb91e238c5a28c4f40b4b99ee8f9481fe62e0bcf0a9831e491dc1150ad9c023217df6432487219a3083b310958cdbc217f99d02a19414987ff1bc176e3267c205827f466ea1912cbc0e304faf034602b85db010d8796d2ab18c2c4badf39db5312ad908d8555c30d0cc7d3bce8b4fcfc5764ed6e8bf4e8e4af6bbb3f82ac014f021dc6cb81cebe4b7d071e4d019719d1b0354ce0a2ff3b66ba7bf0f4598bde90a9115ddc4f197bcd881e0cd0baabb57316e75d108b14acc668ee906acf7bffdff3aef11ecf107b3eccd67a56c6b26e0a9a72d404a7a2dd3da8759e676c0eef6a95890d4f647269d1bf972d75307bd867819f385df6f57a7c28332307f444d1157c303c30a478b056d6e11111398aafcb6fff1b6a985cf888afa04586e35e7d3b292d254acf08a6bd38fbbd22bc9919052e6693c1e454aade6348679e027d1b102618476c9ab1f9928fc7f505046cb8383b9e1d79b961895502cded12f1842705102dffddc11f7bea0bd53833f1a455e661f6bda92d35b1159e1489cf762da76c125060ffedc7cc54238b3bd2d894a91d92a6c5cce9bf5417674a2bd0e38271912f7481e58ec7ab422db826482ffb80ce45dab2cb43105356c292a2fd1db8a758b37d56f46721163f24c075d980a37917cca20acce274c404828efaed50b881a5481f9ad268e99e25884db25426d5a5f338f405748817bba32b89e4c18b0f061e6758d46b5f0f2865b1c41be4f7ff999d289538a8fca45b2cf76a2fc398b7913db0ea85ee4d00156432f764ef888094dceb05c68da62fdf667b511276ac97dcf0b34819d9307cf0066267f94ab80fcc19c9f3d682e6e375ac25d7d6b71ae6d084ca1ed7e21b46b1ca0abc6cd50b3aa40e341cfc0a75f2040cc71c26e6cff3d76cc6c629051c47d8b950d01de19d324f2705e37a7a41364ecc70e5021ef955b50144860dafe6fc8b14fb6c451c0444aef66c3081097b6072c304f17206810b4e937bd5673720071d5f1d964f8bb21ab4ffbda1ece1e95005c6abdf00f78681f37c34936e8c9ba1bf420ba0dbfb84698931da95003dd2a34f59a179420ce004664f04", 0x47a}], 0x2}}, {{0x0, 0x0, &(0x7f0000004240)=[{&(0x7f0000003140)="01", 0x1}], 0x1}}], 0x4, 0xc080)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x806000)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000380)={0x3, 0x936e, 0x5, 0x2efc, 0x1})
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmsg(r3, &(0x7f00000000c0)={0x0, 0x9521, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xffd8}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

4.92921797s ago: executing program 7 (id=5066):
syz_usb_connect(0x5, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="f25cbd226d215e0fe4f9168487124c197d4a0d557da3f3f208b84369665af339debc35742c1ffb25dc834beff0afd6e3666e9956f51b1234d9800495b3989986b37b94a025301f52a0cbea5dd1a14ccfd946483e8cad180ee7964a269a8b61de5b"], 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)

4.787351565s ago: executing program 5 (id=5067):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a40)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x11, &(0x7f0000000080)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xe}, @snprintf={{}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x6a}}]}, &(0x7f0000000600)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000140)={'sit0\x00', <r5=>0x0, 0x7, 0x20, 0x6, 0x7fffffff, {{0x1e, 0x4, 0x0, 0x2, 0x78, 0x68, 0x0, 0x1, 0x2f, 0x0, @empty, @local, {[@timestamp_addr={0x44, 0xc, 0x24, 0x1, 0x2, [{@loopback, 0x401}]}, @timestamp={0x44, 0x28, 0x1a, 0x0, 0x9, [0x1, 0x6, 0x4, 0x1, 0x2, 0x4, 0x2, 0x9c1, 0x8]}, @ra={0x94, 0x4, 0x1}, @rr={0x7, 0xf, 0x34, [@rand_addr=0x64010100, @loopback, @dev={0xac, 0x14, 0x14, 0x33}]}, @timestamp_addr={0x44, 0xc, 0xd9, 0x1, 0xa, [{@dev={0xac, 0x14, 0x14, 0x27}, 0xb2}]}, @end, @end, @cipso={0x86, 0xf, 0x3, [{0x7, 0x9, "6d1bc5ae1e1c93"}]}]}}}}})
setsockopt$inet6_mreq(r3, 0x29, 0x14, &(0x7f0000000200)={@empty, r5}, 0x14)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x6, 0x4, 0x3, 0x7}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007baaf8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x4030582b, &(0x7f0000000600)={'tunl0\x00', @local})
ioctl$KVM_GET_XSAVE2(0xffffffffffffffff, 0x9000aecf, &(0x7f000051c000/0x2000)=nil)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
r7 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mq_getsetattr(r7, 0x0, 0x0)
recvmsg$kcm(r7, &(0x7f00000003c0)={&(0x7f0000000240)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, &(0x7f0000000380)=[{&(0x7f00000002c0)=""/133, 0x85}, {&(0x7f00000007c0)=""/208, 0xd0}, {&(0x7f0000000680)=""/129, 0x81}], 0x3}, 0x2020)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
ftruncate(r9, 0x80000001)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r8, 0x84, 0x83, 0x0, &(0x7f00000004c0))
listen(r4, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000740)={@local, @random="a6dde6557137", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x20, 0x6, 0x0, @local, @local, {[], {{0x1, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0xc2, 0x0, 0x0, 0x0, {[@mptcp=@mp_fclose={0x1e, 0xc, 0x7f, 0x0, 0xa}]}}}}}}}}, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r2}, 0xc)
write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[], 0x119)
r10 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r10, 0x0, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x8, 0x3, 0x200, 0x90, 0xb, 0xd0e0011, 0x90, 0xc6, 0x168, 0x1d8, 0x190, 0x90, 0x1d8, 0x3, 0x0, {[{{@ip={@rand_addr, @multicast1, 0x0, 0xffffffff, 'nr0\x00', 'vlan0\x00', {}, {}, 0x29}, 0x0, 0x70, 0x90, 0x2000000}, @unspec=@TRACE={0x20}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0xffffff00, 0xffffffff, 'veth0_to_bond\x00', 'macvlan0\x00', {}, {0xff}, 0x11, 0x2, 0x72}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x260)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x70f9a000)
r11 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81)
ioctl$HIDIOCSFEATURE(r11, 0xc0404806, 0x0)

4.179595539s ago: executing program 2 (id=5068):
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='blkio.bfq.io_queued\x00', 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x80)
syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00')
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1044}, 0x84)
bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5)\x00'}, 0x58)
r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a98", 0x3, 0xfffffffffffffffe)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x3, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

4.011318345s ago: executing program 1 (id=5069):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e20, @rand_addr=0x64010102}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(r2, 0x1, 0x8, 0x0, 0x0)
bind$inet(r2, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40)
sendmsg$IPSET_CMD_RENAME(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, 0x5, 0x6, 0x201, 0x0, 0x0, {0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x200400b4}, 0x800)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="18010000", @ANYRES16=r1, @ANYBLOB="010027bd7000fcdbdf250100000014000180080003000300000008000400", @ANYRES32, @ANYBLOB="04000300ac00028054000180080001000300000008000100060000000800010000000000080001000700000008000100080000000800010007000000080001000200000008000100020000000800010002000000080001000800000024000180080001000300000008000100020000000800010000000000080001000000000014000180080001000200000008000100030000001c000180080001000000000008000100140000000800010001000000040003003800028034000180080001000500000008000100050000000800010006000000080001000800000008000100080000000800010002000000040003"], 0x118}, 0x1, 0x0, 0x0, 0x804}, 0x4050)

3.882104158s ago: executing program 1 (id=5070):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000004000000000000000000008500000050000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='ext4_ext_remove_space_done\x00', r5}, 0x10)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='ext4_ext_remove_space_done\x00', r7}, 0x10)
close(r6)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)

3.714840991s ago: executing program 2 (id=5071):
mkdir(&(0x7f0000000180)='./file1\x00', 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
setpgid(0x0, 0xffffffffffffffff)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(r1, 0x4068aea3, &(0x7f0000000000)={0x80, 0x0, 0x3})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r3=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r7 = socket(0x11, 0x3, 0x1)
ioctl$sock_inet_SIOCSIFADDR(r7, 0x891c, &(0x7f0000000540)={'ipvlan0\x00', {0x2, 0x0, @private}})
bind$can_j1939(r2, &(0x7f0000000040)={0x1d, r3, 0x0, {0x0, 0x0, 0x1}}, 0x18)
connect$can_j1939(r2, &(0x7f0000000140)={0x1d, r3, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18)
sendmmsg(r2, 0x0, 0x0, 0xf5)
r8 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r8, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
r9 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r9, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'veth0_virt_wifi\x00'}}, 0x1e)

3.665201136s ago: executing program 1 (id=5072):
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000003c0)=ANY=[@ANYRESDEC, @ANYRES16=0x0, @ANYRES64, @ANYRES32, @ANYBLOB, @ANYRESHEX, @ANYRESOCT, @ANYRESOCT], 0x20)
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x502, 0x0)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x2f126000)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0xb, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='svc_unregister\x00', r3, 0x0, 0x10}, 0x18)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/custom0\x00', 0x0, 0x0)
setrlimit(0xd, &(0x7f0000000280)={0xc800, 0x10001})
setpriority(0x1, 0x0, 0x10001)
socket$nl_route(0x10, 0x3, 0x0)
dup3(r4, 0xffffffffffffffff, 0x80000)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0x50, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"})
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x10, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b400000000000000791048000000000079003000000000009500000000000000db74589d4b38cc306ac390649f8edea0e50e2317db042855d6c74ff3493c7e31e3f6c643155a8e2e01d50bc3347475be393b1f1e4aba75a0750472719cc516eec8b02df8ef39db6e67fa14b769e7f385ba72c64242263c05ddab05e37efe81b8bffc35cdf2ac0d93263ff755d611c4cca1684b1470af6a83366aa430ad2d700b186da622d6fba7000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xad, &(0x7f000000cf3d)=""/173, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r2, 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x8)
cachestat(r1, &(0x7f0000000180)={0x100}, &(0x7f0000002280), 0x0)
r6 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0a00000016000000b30000005c00000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/14], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="180300000001000000e8e187f63af5cbc371c494e9d809ff070000", @ANYRESHEX=r6, @ANYBLOB="000000000000000066000000000000001800000000000000000000000000000095000000000000009703"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r1}, 0x94)
syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x89a0, 0x0)

3.297154262s ago: executing program 6 (id=5073):
r0 = open_tree(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x80100)
sendto$llc(r0, &(0x7f0000000180)="1df96eef3be298aca8e0a42163f2d2a0a8244826d5492e1146810af94c844d7d796b8ef19af289c6df8a0ff617c514731fc687b40f5e91a62d090530202fc10fb252e6cf78953c", 0x47, 0x200c010, &(0x7f0000000200)={0x1a, 0x305, 0x12, 0x6, 0x40, 0x8, @broadcast}, 0x10)
sendmsg$AUDIT_TRIM(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x10, 0x3f6, 0x20, 0x70bd2d, 0x25dfdbfd, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x4000}, 0x44)
r1 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r1, &(0x7f00000005c0)={0xa, 0x4e23, 0x8, @loopback, 0x1}, 0x1c)
ioctl$sock_TIOCOUTQ(r1, 0x5411, &(0x7f0000000280))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x200, 0x0)

3.031344752s ago: executing program 6 (id=5074):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x103, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000080))
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0x29, 0x0, 0x0)
sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x80080c0}, 0x80800)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x189)
openat$comedi(0xffffffffffffff9c, 0x0, 0x8c482, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r5 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x936, &(0x7f0000000600)=[{&(0x7f0000000340)=""/216, 0xd8}], 0x1})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_TIOCOUTQ(r4, 0x5411, &(0x7f0000000000))
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r8 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r8, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
io_uring_enter(r5, 0x847ba, 0x0, 0xe, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.763070297s ago: executing program 5 (id=5075):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="0e000000000000000000"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x100}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='contention_end\x00', r0}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x8932, &(0x7f0000000000)={'netdevsim0\x00'})

1.762678355s ago: executing program 7 (id=5076):
creat(&(0x7f0000001380)='./file0\x00', 0x12c)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_fscache}], [], 0x6b}})
umount2(&(0x7f0000000040)='./file0\x00', 0xa)

1.689163704s ago: executing program 2 (id=5077):
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffff0000, 0x0, 0x0, 0x0, 0xfffffffe}, [@call={0x85, 0x0, 0x0, 0xae}]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={0xffffffffffffffff, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000002c0)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0], 0x0, 0x50, &(0x7f0000000400)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000440), &(0x7f00000004c0), 0x8, 0x9b, 0x8, 0x8, &(0x7f0000000500)}}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_IFNAME={0x14, 0x3, 'geneve1\x00'}]}, 0x48}}, 0x2004051)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xd)
ioctl$TCFLSH(r2, 0x540b, 0x2)
ioctl$TIOCL_BLANKSCREEN(r2, 0x541c, &(0x7f0000000000))
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(r1, 0x3b87, &(0x7f00000003c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x1})
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r3=>0x0})
capset(&(0x7f0000000480)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x7e, 0xffffffff})
ioctl$IOMMU_IOAS_MAP(r1, 0x3b85, &(0x7f0000000100)={0x28, 0x4, r3, 0x0, &(0x7f0000000180)="f1", 0x1, 0xfffffffffffffffd})

1.647717961s ago: executing program 5 (id=5078):
syz_open_dev$usbfs(0x0, 0x205, 0x8401)
syz_emit_ethernet(0x6a, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e04070620"], 0x7)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x4000001)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@newae={0x40, 0x1e, 0x400, 0x70bd27, 0x25dfdbfd, {{@in6=@local, 0x4d3, 0x2, 0xff}, @in=@rand_addr=0x64010100, 0x800}}, 0x40}}, 0x4)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r1, @ANYBLOB="01000000000000000000170000000c00060001000000010000000c01308014000400976f1044852bca665354bd217b6b9037200001800c0005000c0000020000020008000100030000000500020003000000050002000800000024"], 0x12c}, 0x1, 0x0, 0x0, 0x24004821}, 0x0)

1.579107264s ago: executing program 1 (id=5079):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa6181, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x12d102, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000640)={r1, 0x10001, {0x0, 0x0, 0x0, 0x9f8, 0x3, 0x0, 0x12, 0x5, 0xd, "544651ff8211d17905e6afbfbd65a5216933c6e818953e7f00dd6f5786591f0cfad73797fa2ea0ec533ef6b6fc1ef923ec04024bd1c64beed575a0775f8a890e", "205d57c9be6404860aaf25042588c5b4987c955533483c8efcb1b68d164cdefe137bba8c0b295bd1d1e805b145dc3ae338dbc87575c2cae1f7822bd626294288", "959b16e20c8ca1b2deea650376e1bfd3020ce6682f25923c5e066b08989fdcbe", [0xf6f, 0x1]}})
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='freezer.self_freezing\x00', 0x0, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x3ce, 0xc, 0x9, 0xd, 0x89, 0xffffffff80000001, 0x30, 0x3, 0x5, 0x8393, 0x1, 0x3, 0x3, 0x10000, 0x8, 0x4], 0xeeef0000, 0x40000})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0b0000000700000001000100090000009a039c5823000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000004000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000e967c540b1134200f48c0102030109021b0001000000000904571ccc49f9710009050235bc"], 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @local}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000280)={'bridge0\x00', &(0x7f0000000100)=@ethtool_rxnfc={0x4b, 0x3, 0xff, {0xc, @esp_ip6_spec={@private0={0xfc, 0x0, '\x00', 0x1}, @local, 0x0, 0x1}, {0x0, @multicast, 0x56bd, 0xf8d, [0x3, 0x4]}, @tcp_ip4_spec={@multicast1, @remote, 0x4e23, 0x4e21, 0x3}, {0x0, @multicast, 0x3, 0x3524, [0x3, 0x2]}, 0x0, 0x2}}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='tlb_flush\x00', r4}, 0x18)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000440), r2)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_CONNECT(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000e80)={0x40, r8, 0x5, 0x4, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_CIPHER_SUITE_GROUP={0x8, 0x4a, 0xfac09}, @NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x10, 0x49, [0xfac0c, 0xfac08, 0xfac0a]}]]}, 0x40}, 0x1, 0x0, 0x0, 0x4800}, 0x8060040)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000500)={'ip6tnl0\x00', &(0x7f0000000480)={'ip6_vti0\x00', <r10=>0x0, 0x29, 0x96, 0x4, 0x6, 0x0, @empty, @empty, 0x8000, 0x80, 0x1486, 0x8}})
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r2, &(0x7f0000000600)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x58, r6, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x8}, @MPTCP_PM_ATTR_ADDR={0x34, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x8}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r10}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @broadcast}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x28}]}, @MPTCP_PM_ATTR_TOKEN={0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0x40005}, 0x1)
ioctl$FS_IOC_SETFLAGS(r0, 0x125f, 0x0)

1.572846292s ago: executing program 7 (id=5080):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xc3490000)
syz_open_procfs$namespace(0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth1_macvtap\x00'}]}]}, @NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x2000}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0xbc}}, 0x0)

1.563534993s ago: executing program 6 (id=5081):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmmsg(r0, &(0x7f0000000140)=[{{&(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x8, @loopback, 0x8, 0x3}, 0x80, &(0x7f0000000080)=[{&(0x7f00000005c0)="91", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[{0x30, 0x84, 0x1, "1d050000003db9f104fdc5c40000951a017a499c38d7355e00"}], 0x30}}], 0x2, 0x40000050)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x2002)
r2 = dup(r1)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x80001, 0x0)
mount$9p_fd(0x0, &(0x7f0000000840)='.\x00', &(0x7f0000000880), 0x8000, &(0x7f0000000ac0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETLINK(r4, 0x400454cd, 0x6)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_user\x00', 0x26e1, 0x0)
r6 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r6, 0x1, 0x3e, &(0x7f00000002c0)=r5, 0x161)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r5, 0x7b2, &(0x7f0000000100)={&(0x7f0000001240)=[0x6, 0xb5d, 0xfff, 0x9, 0x3ff, 0x0, 0x7, 0x2, 0x400, 0x24, 0x1ff, 0xdb24, 0xc, 0x9, 0xff, 0x80000001, 0x0, 0xfffff1d5, 0x8ef, 0x3, 0x78e, 0x3a, 0xbf3, 0xffff, 0x4, 0x2, 0xffff, 0x3, 0x8, 0x8001, 0x7ff, 0x8, 0xffffffff, 0x0, 0x8, 0x1, 0x9, 0x9, 0x1, 0x7, 0x5c, 0xec, 0xffffff04, 0x484, 0x6, 0xbf1e0de, 0x7, 0x8, 0x5, 0x2f, 0x100, 0x3, 0xe, 0x64, 0xa, 0x5, 0x9, 0xc, 0x2, 0x5, 0xd, 0xc, 0xe78, 0x8, 0x1, 0x9b6a, 0xc, 0x6, 0x3, 0x6, 0x9, 0x315, 0x5, 0x6, 0x8, 0x200, 0x3, 0xfffffff7, 0x4, 0x3, 0x0, 0xfffffffb, 0x81, 0x7, 0xfffffffc, 0x3, 0x2, 0x5, 0x7, 0x10001, 0x3, 0x3, 0x659, 0x9, 0x6, 0xa, 0x2, 0xffff, 0x5, 0x6, 0x4, 0x3, 0x7, 0x101, 0xa, 0x8001, 0xfffffffc, 0x7, 0x80, 0x8, 0x1, 0x80000001, 0xf, 0x1ff, 0x68, 0xb71, 0x56d, 0x0, 0x3, 0x2, 0x7, 0x116, 0xdf, 0x4, 0x0, 0x2, 0x10, 0x200, 0x8, 0x4, 0x0, 0xb, 0x3, 0x4, 0x0, 0x5, 0x3e48, 0x2, 0x3, 0x3997, 0xcf, 0x4, 0xfffffffd, 0x0, 0x4, 0x5, 0x4, 0x7f, 0x3, 0x8, 0x2, 0xffff, 0x7, 0x8fed, 0x6, 0x4, 0x956, 0x4, 0x4, 0xf, 0xfffffffa, 0x8, 0x7, 0x1, 0x800, 0x3, 0x2529, 0xffffffff, 0xd35, 0x80, 0x8001, 0x9, 0x1, 0x6ac, 0x2ba, 0xfffffff7, 0x2, 0x2, 0x4, 0x6, 0x0, 0x800, 0x2, 0x100, 0x2, 0x2423fc35, 0x8, 0xa2be, 0x8000, 0x8001, 0x7, 0xd0000000, 0x2, 0x0, 0x5, 0x10001, 0x3, 0xffff, 0x1ff, 0x2, 0x1, 0x1, 0xfffffeff, 0x9, 0x5, 0x6d, 0x404000, 0x957f, 0xfffffffb, 0x9, 0x8, 0x4e, 0x2, 0x5, 0x3, 0x3, 0x1, 0x9, 0x3, 0xc0, 0x3b9, 0x4800000, 0xf7d, 0xa, 0x8, 0x1, 0x7fff, 0x10, 0x4, 0x3, 0xa, 0xb0, 0x4d7e0b96, 0x7, 0xe2, 0xff, 0x1, 0xffff, 0x9, 0xcb, 0xffff9979, 0x2, 0x5, 0x5, 0x68, 0xffffffff, 0xfffffc00, 0x4ab, 0x88, 0x2, 0x200, 0xc0000000, 0x7, 0x7, 0x0, 0x7, 0x0, 0x7, 0x80, 0xa2a, 0xff, 0x5756, 0x3b, 0x10, 0x2, 0x6, 0x40, 0x3, 0x6, 0x1000, 0xd8, 0x5, 0x2, 0x9, 0x8, 0x7, 0x632e, 0x2, 0x6, 0x4, 0x40, 0x401, 0xfffffffe, 0x100, 0x3, 0x8000, 0x713, 0x3, 0x5, 0x0, 0x9, 0x5, 0xffffffff, 0x24, 0x62f, 0x80000000, 0x4, 0x5, 0x0, 0x6, 0x9, 0x400, 0x2, 0x2, 0x5, 0x7, 0x5, 0x7fffffff, 0xe3, 0x0, 0xff, 0xe, 0x1, 0xffffffff, 0x4, 0xfffffff7, 0xa, 0xa3, 0x2, 0x4c, 0x7ff, 0x8000, 0x3, 0x5, 0x9, 0x7f, 0x80, 0x7, 0x7ff, 0x2, 0x7b7, 0x3, 0xbb35, 0x9, 0x0, 0x4, 0xd, 0x7, 0x80000000, 0x4, 0x0, 0x3ff, 0xfffffffc, 0xa, 0x6, 0xe, 0x4, 0x0, 0x3, 0xd, 0x800000, 0x100, 0x6, 0xc, 0x5, 0x4, 0x1, 0x1000, 0x0, 0xd, 0xcc4, 0x7, 0xfffffffc, 0x82, 0x5, 0x1000, 0xe5, 0x9, 0x2, 0x7, 0xb, 0x2, 0x0, 0x8, 0x0, 0x7, 0x3, 0x0, 0x32b, 0x0, 0x1, 0x81, 0x1ff, 0x7fff, 0xfffffffd, 0x10000, 0x9, 0x3, 0xc51, 0xfff, 0xc, 0xfffffff8, 0x3, 0x3, 0x2, 0xa31, 0x1, 0xffffffb9, 0xff, 0xfffffffc, 0x1, 0x5, 0x6, 0x0, 0x40, 0x2, 0xffffd0ff, 0x400, 0x81, 0x1, 0x800, 0x1, 0x8, 0x5, 0x9, 0xffffffff, 0x6, 0xd6e, 0x2, 0x5, 0x7, 0x5, 0x92, 0x5, 0x7, 0x4, 0x7, 0x3f80, 0x6b9, 0x1, 0xfffffc00, 0x2, 0x62, 0xd1, 0xfff, 0x9, 0xa6b, 0xfffffff8, 0x180, 0x6, 0xfffffffc, 0x401, 0x569f77f2, 0x7f, 0x4, 0xc, 0x7, 0x8, 0x80000001, 0xa7c, 0x0, 0x1000, 0x5, 0x0, 0x6, 0x0, 0x40, 0x0, 0x3, 0x7, 0x5, 0x3, 0xfffffffa, 0x5, 0x1004, 0x8, 0x1, 0x5, 0x12ee8ccf, 0x7, 0x4fcf, 0x2, 0x7, 0x9, 0x8, 0xc, 0x80, 0x5, 0x9, 0x100, 0xcaa5, 0x3, 0x2, 0x3c500, 0x101, 0x93b, 0x2, 0x3, 0x7, 0x1, 0x0, 0x9, 0x7c175411, 0x7fffffff, 0x80000000, 0x800, 0x2, 0xfffffffc, 0x7, 0x4, 0x5, 0x1, 0xfffffff8, 0xb93c, 0x3, 0x1, 0xf6, 0x1, 0x3, 0x5, 0x2, 0x5c0, 0x1c0000, 0x5, 0x0, 0x0, 0x9, 0x3bae, 0xfffffffe, 0x7, 0x7, 0xffff7fff, 0xf, 0x10001, 0x996, 0xffffffff, 0x6, 0x3, 0x6, 0x7, 0x6, 0x14f154e4, 0x2, 0x80, 0x4, 0x3ff, 0x2, 0x9, 0x15a6, 0x6c3, 0x2, 0x2, 0x84b, 0x44fa6658, 0xffffffff, 0x800, 0x400, 0x200, 0x86, 0x31, 0xc6ab, 0xc60, 0x2, 0x7, 0x5, 0x2, 0x6, 0x39, 0x7, 0x7, 0x5, 0x6, 0x6, 0x7, 0x6, 0x200, 0x7, 0x4, 0x0, 0x8, 0x2, 0x5, 0x1, 0x6, 0x0, 0x6, 0xa, 0x9, 0x90, 0xffffffff, 0x7, 0xa3, 0xfffffffb, 0x7, 0xfffffa13, 0x1, 0x24, 0xc8, 0x100, 0x8000, 0x3ff, 0x8, 0x0, 0x5, 0x10001, 0x7f, 0x3, 0x7, 0xffff, 0x2, 0x23c, 0xf, 0x0, 0x3, 0x5, 0x5, 0x101, 0x5, 0xb, 0x8, 0x4, 0x9, 0xf01b, 0x3, 0x4, 0x3, 0x6, 0x0, 0x6, 0x100, 0x8ab, 0x4, 0x6, 0x8, 0x9, 0x7f, 0x400, 0x7b5c, 0x4, 0x800, 0x9, 0x7c, 0x80000001, 0x4f7f, 0xa, 0x3ff, 0x100, 0x9, 0x10, 0x9, 0x9, 0x3d38, 0x5, 0x7, 0x3, 0x40, 0x8001, 0x81, 0x80000000, 0x7, 0x8, 0xd, 0x8, 0x17, 0x0, 0x7ff, 0x4, 0x7, 0x7, 0xfe, 0x8, 0xc9, 0x4, 0x797, 0x2, 0x4, 0x0, 0x5, 0xe, 0x1, 0x1, 0x0, 0x9, 0x8, 0x3, 0x4, 0xd, 0x2, 0x1, 0x9a, 0x200000, 0xdf0d, 0x0, 0x6a, 0x7fffffff, 0x1, 0x3, 0xf153, 0xc8, 0x1, 0x0, 0x800, 0xffffffff, 0x4, 0x2, 0x6f6, 0xa15, 0xffff0000, 0x1, 0x800, 0x6, 0x6, 0x3, 0x9, 0x7, 0x7136acf6, 0xc2a3, 0x3ea1, 0x8, 0x3000, 0x200, 0x800, 0x5, 0x8, 0x46, 0x81, 0x4712, 0x64df, 0x10001, 0xfffffff9, 0x2, 0x3, 0xc, 0x5, 0x9, 0xf, 0xd275, 0x80, 0x7f, 0x0, 0x0, 0x7, 0x8, 0x4, 0x393ad91d, 0x7, 0x2e, 0x1, 0x3, 0xb91a, 0xb8cc, 0x4, 0x8, 0x9, 0xd, 0x0, 0x4, 0x7fffffff, 0x400, 0xfffffe01, 0x4, 0xfffffff3, 0x7, 0x21f3, 0x7, 0x0, 0x1, 0x1, 0x79c00000, 0x2, 0x7, 0x5, 0x8000, 0xb56c, 0x3, 0x7, 0x8000, 0xccf6, 0x60, 0x8, 0x8001, 0x9dca, 0xb, 0x0, 0x5, 0x8, 0x9, 0x1, 0xb, 0x1, 0x3, 0x1, 0x3f, 0x1753, 0xfb8b, 0x7, 0x3, 0x8, 0x80, 0x9, 0x7, 0x8, 0x5, 0x3, 0x5, 0x50ff, 0x6, 0x8634, 0x9, 0x7, 0x401, 0x9, 0x4, 0x0, 0xa9d, 0x2, 0x6, 0x5, 0x7, 0x40, 0x6, 0x1, 0xbb, 0x401, 0x10000, 0x9, 0x5, 0x10000, 0x0, 0x577a9dbd, 0x1, 0x2, 0x1, 0x2, 0x9, 0x100, 0x5, 0x0, 0xd3, 0x929, 0x6, 0x8963, 0x3, 0x9, 0xe, 0x4, 0x3, 0xf7, 0x3, 0x700a19c2, 0x1, 0x10, 0xffffff01, 0x1, 0x101, 0x4, 0x9f, 0x9, 0x3, 0x9c, 0xffffff63, 0x26a, 0x3ff, 0x9, 0x80000001, 0x0, 0x1, 0x9, 0x93, 0x9, 0x40, 0x1, 0x5, 0x7, 0x8001, 0x3ff, 0xa480, 0x3, 0x1000, 0x8001, 0xa, 0x100, 0x2, 0x8, 0x1, 0x8, 0x9, 0x7fffffff, 0x0, 0x10000, 0xc674, 0x5, 0xc, 0x7, 0x8, 0x5, 0x7c, 0x8, 0x0, 0x1600, 0x4, 0x7, 0x9, 0x5f, 0x9, 0x0, 0x0, 0x9, 0xfe, 0x7fffffff, 0x0, 0x7f, 0x2, 0xfef, 0x478fffa7, 0x99, 0x7fff, 0x7, 0xffff, 0x0, 0x10, 0x4e4, 0xfffffffb, 0x0, 0x2, 0x8, 0x1, 0x3ff, 0x2, 0xb2, 0x6, 0x200000, 0x2, 0x2, 0x9, 0x20000000, 0x3ff, 0x7fffffff, 0x4, 0x0, 0x0, 0x8, 0x1, 0x40f4, 0x7, 0x0, 0x6, 0x3, 0xb3, 0x5, 0x10000, 0x7fff, 0x1, 0x7ba, 0xfffffffd, 0x6, 0x9, 0x3, 0x436, 0x3, 0x97dc, 0x0, 0x8, 0x3, 0x76, 0x1, 0x9, 0x3, 0x3, 0x0, 0x81, 0xb0, 0x0, 0x9, 0x2, 0x0, 0x5799, 0x4, 0x921, 0x3, 0xeb, 0x5, 0x3, 0x8, 0x3, 0x6, 0x0, 0x2, 0x8, 0x7, 0x2, 0x8, 0x3, 0x8, 0x4, 0x6, 0x4, 0xaaf8, 0x1ff, 0x47, 0x5, 0x80000001, 0xb, 0x8, 0x1ff, 0x7f, 0x10001, 0x8, 0x7, 0x8, 0x401, 0x1, 0x1, 0x5, 0x101, 0xb4, 0x7fff, 0x0, 0x12000, 0x1ff, 0xad, 0x4, 0xffff, 0x9, 0x10001, 0x9, 0x9, 0xb65, 0x0, 0xfffffffc, 0x7, 0x80000001, 0x7ff, 0x5b], 0x4, 0x400, 0x7fff})
r7 = socket$netlink(0x10, 0x3, 0x14)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00, 0x21}, 0x94)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4080, 0x30204}, [@IFLA_CARRIER_CHANGES={0x8, 0x23, 0x35}, @IFLA_GROUP={0x8, 0x1b, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x280, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001080)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'syzkaller0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040000}, 0x100)

1.363074047s ago: executing program 2 (id=5082):
r0 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r0, 0x84, 0x9, &(0x7f0000000380), 0x98)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$IPSET_CMD_DEL(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000010100000000000000000100000a0900020073797a32000000001800070002220040000000000000000706001d4000040000"], 0x38}, 0x1, 0x0, 0x0, 0x48080}, 0x20000801)
capset(&(0x7f0000000300)={0x20080522}, &(0x7f0000000340)={0x1, 0x4229, 0x3, 0x0, 0x20000, 0x9})
getdents(0xffffffffffffff9c, &(0x7f0000000000)=""/117, 0x75)
sendmsg$L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="01452d929a273d57debffccf802d820132bd7400fddbdf250376f8b1"], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x8000)
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000100))
r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="12010000b1bd2f087d0403508c2f010203010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r4, &(0x7f00000000c0)={0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="0000f50000000341"], 0x0}, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000005c0)=0xf)
writev(r6, &(0x7f0000000100)=[{&(0x7f00000008c0)="ac", 0x1}], 0x1)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x4)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x800448d3, &(0x7f00000000c0)="a2e3ef")
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0xfffffffffffffffc)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
iopl(0x3)
syz_clone3(&(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000740)=[0xffffffffffffffff], 0x1}, 0x58)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x200)
ioctl$KVM_SET_LAPIC(r8, 0x4400ae8f, &(0x7f00000009c0)={"73cce1a2b9fbcb97694043ebfb82442d7f428290538e75ff029908cebee95ac2b1febd018ae4703d3263c5b30d4db3243275dd57287ef3c41695e828a0e03b5098370515dc8c9b278addefde0e6ea6ef65a74a3e66e51ee0a646e634cd9cf3ceb03dcf88a235bd6d7a5e64ea39db4636dc9b79c3fc4b6c82b54a6bea17ebf522d474b39c4f6fee3ae29caeec81652b33e49426ec6481fe2262eebd869b7a14a8646751f0b15e94a6bb853e3b3443d254af5852a59766fd5aa457c444e713dbbd7699a8d887ab77e97cf1fd6dd2fe80662726aa9efd1d9c535c161a6b413a473c37876cf8be6867395fe6513e10f14d5c677d301612987f4b25a719961e7bc1d10de8eb93960e40c99b502d401556250d52c53d05eb471d675802ccbbc3de9366ccb6e096b235ae2b81c4f9168f4ce4e741d7e8b381daae4674eacd719870f1f113568e647f04109efd349cb74234c3a469d48e857b3e33ac6a7d7d332a72854c980b550af5a90d997c3c40fbc5fb22492f83675786435181dc40777c05c77ddf9432d2fd86cb3d56393e08f2d9b94b1cb579be8d4110c6a34689fa5972e6879e5c3a7ef48caf8cf42ca467d135665ce259b1dc5ea6c4b07a47260fd8661c29367a99f26a415bea9b5ed5e69d42b8f58ee3f245d4475b05def5960100ef1658d586e1066e24baa59543545c2cca981c6e100a966b52314a8d00863eb35faff0418b5285534298b7d677641b4a5aba2958e1ca74639cd17cf72972aaf8235354157b65f3f06e4e6036c81c33b0464bc6b2d3b9a76323930b1c4c7bf88aad05e2e5332719685c2968ebef1e26f2652bc37b5e4f53617e0bdf41059d7ccf00468537714b77478147d69decae6979b56fa0048f1a9ca8986ba81033850bffe420bed347ec85f23cf78084e5a2f384c9b8ebaf547289fa7b798f53ec2266a9d2150ae353bb8f9a1adc385081366708c819d6ed45a778e5d9ab90333b12d9346d28340d20293a7e9364312bd9ac1048b3ad5306d2f35defb6addea0e6cac0fd8937dbca03968f94433696e77aa48282661b4a3c6aacce6bf023dc078401daf8a7df4081d561fb48c9e6d706123fc273f63203a09addf81dba40f25c2e3ba9035d3678a0f289a3fb0f13baf9e827df7cf7a3b97c3b2504f00e0aa2bc4de28874eb8d88fe393fb165cb8acc6b029eba087bfb614962633e2b00db758e9309b5446e26fcd0634ae2ea70bfd47b9132dd91262554d8fcae51638e9faf2f9fb86a2d5749d56dbb6fb04fde46962ad52d9b9a4bc907ffaa30a007cdeb3df46fb2138bf5baa9ff06e3d708ff8b188d8889d9a8dd95ba74b8e2410bd94e88a3cdfe69927b4d656ff89ab16e8fe7440c707b0e9f308f7164908780c0c1e5e60e6b51281510318de838a4f1e3baf40418deefbc9ab7d4549044c124d0a509d9dc7175fdf469edb9a6"})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x53ba01, 0x0)
ioctl$TUNGETDEVNETNS(r9, 0x54e3, 0x0)
ioctl$KVM_SET_IRQCHIP(r7, 0x8208ae63, &(0x7f0000000780)={0x2, 0x0, @ioapic={0x6000, 0x8, 0x0, 0xeffffdff, 0x0, [{0x2, 0x0, 0xfc, '\x00', 0xfb}, {0x3, 0x9, 0x82, '\x00', 0x7c}, {0xfc, 0x2, 0x4, '\x00', 0xb9}, {0x11, 0xb, 0x0, '\x00', 0x7d}, {0xfe, 0x9, 0x4}, {0x0, 0x0, 0xfe, '\x00', 0x2}, {0xfd, 0x0, 0x7, '\x00', 0x7f}, {0x0, 0xfa}, {0x1, 0x8f, 0x40, '\x00', 0x4}, {0x39, 0x6, 0x1, '\x00', 0x1}, {0xb}, {0x5, 0x99, 0x0, '\x00', 0xff}, {0x0, 0x0, 0x2, '\x00', 0x3}, {0x2, 0x2, 0x6}, {0xc3, 0x0, 0x0, '\x00', 0x49}, {0x4, 0x21, 0x80, '\x00', 0x5}, {0x3, 0x1}, {0x0, 0x2, 0x5, '\x00', 0x10}, {0x48, 0x0, 0x9, '\x00', 0xd9}, {0x0, 0x80}, {0x0, 0x2, 0x0, '\x00', 0x37}, {0xfe, 0x8, 0x0, '\x00', 0x5}, {0x0, 0x1, 0x9}, {0x7f, 0xff, 0x6, '\x00', 0x7}]}})
syz_usb_control_io$uac1(r4, 0x0, 0x0)

1.352405539s ago: executing program 5 (id=5083):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000100)={0xc, 0x0, <r1=>0x0})
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
setrlimit(0x40000000000008, &(0x7f0000000000))
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0, 0x1})
ioctl$IOMMU_VFIO_IOAS$GET(r0, 0x3b88, &(0x7f00000001c0)={0xc, <r2=>0x0})
mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3, &(0x7f0000000000)=0x5, 0x6, 0x2)
mbind(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x3, &(0x7f0000000080)=0x7fff, 0x1000, 0x1)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000000c0)={0x28, 0x2, r2, 0x0, &(0x7f0000fff000/0x1000)=nil, 0x1000})

1.126903581s ago: executing program 5 (id=5084):
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x8031, 0xffffffffffffffff, 0x1000)
syz_open_dev$vbi(0x0, 0x0, 0x2)
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='00::/', 0x0)
sendto$inet6(r1, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)

411.00903ms ago: executing program 6 (id=5085):
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x44, 0x1, 0x2, 0x5, 0x0, 0x0, {0x2, 0x0, 0xa}, [@CTA_EXPECT_TUPLE={0x30, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x1a}}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x488c0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = dup(r1)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r4 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
ftruncate(r5, 0x5)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x54, r10, 0x1, 0x70bd29, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0xa}, {0x8}, {0x5, 0x14, 0x1}}]}, 0x54}, 0x1, 0x0, 0x0, 0x81}, 0x80)
sendfile(r4, r5, 0x0, 0x7ffff000)

218.514953ms ago: executing program 7 (id=5086):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETLINK(r0, 0x400454cd, 0x6)
r1 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f00000002c0)={0x0, 0x700, &(0x7f0000001200)={&(0x7f0000001080)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'syzkaller0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040000}, 0x100)

0s ago: executing program 1 (id=5087):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000280)=0x80000001, 0x4) (async)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000080)=[@in6={0xa, 0x4e23, 0xecf9, @private1={0xfc, 0x1, '\x00', 0x1}, 0x2}, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x2c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r4 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x20040, 0x0)
sendmsg$AUDIT_SET(r4, &(0x7f0000000180)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x3e9, 0x10, 0x70bd25, 0x25dfdbfe, {0x10, 0xfff, 0x1, r1, 0xffffc59f, 0xa9, 0x9, 0x80000000, 0x0, 0x8, 0x2}, ["", "", "", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x20024810}, 0x24000800) (async)
r5 = socket$kcm(0x29, 0x5, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
write$cgroup_pressure(r5, &(0x7f0000000140)={'full'}, 0xfffffdef)

kernel console output (not intermixed with test programs):

ed USB device number 106 using dummy_hcd
[ 1031.134580][ T7893] usb 3-1: device descriptor read/8, error -71
[ 1031.276660][ T7893] usb usb3-port1: unable to enumerate USB device
[ 1031.332993][T20285] 8021q: adding VLAN 0 to HW filter on device team0
[ 1031.631695][ T8883] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1031.639168][ T8883] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1031.738319][ T8879] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1031.745581][ T8879] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1031.760957][ T7888] usb 7-1: USB disconnect, device number 20
[ 1032.629596][T20435] 9pnet_fd: Insufficient options for proto=fd
[ 1033.891886][  T977] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[ 1033.965097][T20285] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1034.072131][  T977] usb 7-1: device descriptor read/64, error -71
[ 1034.331900][  T977] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[ 1034.492254][  T977] usb 7-1: device descriptor read/64, error -71
[ 1034.534245][T20472] 9pnet_fd: Insufficient options for proto=fd
[ 1034.622395][  T977] usb usb7-port1: attempt power cycle
[ 1034.767479][T20476] loop6: detected capacity change from 0 to 7
[ 1034.782883][    C1] blk_print_req_error: 6 callbacks suppressed
[ 1034.782907][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1034.798337][    C1] buffer_io_error: 6 callbacks suppressed
[ 1034.798356][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1034.814895][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1034.824182][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1034.831107][T20285] veth0_vlan: entered promiscuous mode
[ 1034.839372][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1034.848649][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1034.860171][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1034.869571][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1034.877817][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1034.887080][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1034.896502][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1034.905772][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1034.914283][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1034.923569][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1034.938050][T20476] ldm_validate_partition_table(): Disk read failed.
[ 1034.946372][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1034.955718][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1034.964933][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1034.974246][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1034.982815][  T977] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[ 1034.991322][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1035.000582][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1035.014834][  T977] usb 7-1: device descriptor read/8, error -71
[ 1035.032204][T20476] Dev loop6: unable to read RDB block 0
[ 1035.039066][T20476]  loop6: unable to read partition table
[ 1035.053497][T20476] loop6: partition table beyond EOD, truncated
[ 1035.070578][T20476] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà–() failed (rc=-5)
[ 1035.092727][T20285] veth1_vlan: entered promiscuous mode
[ 1035.212352][T20285] veth0_macvtap: entered promiscuous mode
[ 1035.251874][  T977] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[ 1035.273139][  T977] usb 7-1: device descriptor read/8, error -71
[ 1035.383485][  T977] usb usb7-port1: unable to enumerate USB device
[ 1035.570355][T20285] veth1_macvtap: entered promiscuous mode
[ 1035.871090][T20285] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1035.938461][T20285] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1035.987557][T20285] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1036.025166][T20285] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1036.040802][T20285] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1036.061715][T20285] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1036.083207][ T7893] usb 2-1: new high-speed USB device number 113 using dummy_hcd
[ 1036.258585][ T7893] usb 2-1: Using ep0 maxpacket: 8
[ 1036.300954][ T7893] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[ 1036.336018][ T7893] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1036.417795][ T7893] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1036.562382][ T7893] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1036.574063][ T7893] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1036.587299][ T7893] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1036.598633][ T7893] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1036.711997][ T7888] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[ 1036.882688][ T7893] usb 2-1: usb_control_msg returned -32
[ 1036.888359][ T7893] usbtmc 2-1:16.0: can't read capabilities
[ 1036.901866][ T7888] usb 7-1: Using ep0 maxpacket: 8
[ 1036.909251][ T7888] usb 7-1: config index 0 descriptor too short (expected 6427, got 27)
[ 1036.926524][ T7888] usb 7-1: config 0 has an invalid interface number: 21 but max is 0
[ 1036.935632][ T7888] usb 7-1: config 0 has no interface number 0
[ 1036.941882][ T7888] usb 7-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid maxpacket 17933, setting to 1024
[ 1036.953869][ T7888] usb 7-1: config 0 interface 21 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[ 1036.967319][ T7888] usb 7-1: New USB device found, idVendor=8ecd, idProduct=0202, bcdDevice=92.d4
[ 1036.976577][ T7888] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1036.992132][ T8884] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1037.001474][ T7888] usb 7-1: config 0 descriptor??
[ 1037.009910][ T8884] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1037.038085][T20498] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1037.080048][ T1167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1037.099039][ T1167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1038.705456][T20532] netlink: 144 bytes leftover after parsing attributes in process `syz.7.4684'.
[ 1039.340040][ T7868] usb 2-1: USB disconnect, device number 113
[ 1039.547691][ T7893] usb 7-1: USB disconnect, device number 25
[ 1039.652715][   T24] usb 3-1: new high-speed USB device number 107 using dummy_hcd
[ 1039.851909][   T24] usb 3-1: device descriptor read/64, error -71
[ 1040.132176][   T24] usb 3-1: new high-speed USB device number 108 using dummy_hcd
[ 1040.291990][   T24] usb 3-1: device descriptor read/64, error -71
[ 1040.412953][   T24] usb usb3-port1: attempt power cycle
[ 1040.871912][   T24] usb 3-1: new high-speed USB device number 109 using dummy_hcd
[ 1041.092671][   T24] usb 3-1: device descriptor read/8, error -71
[ 1041.323583][T20553] sch_tbf: burst 0 is lower than device lo mtu (11337746) !
[ 1041.352153][   T24] usb 3-1: new high-speed USB device number 110 using dummy_hcd
[ 1041.422891][   T24] usb 3-1: device descriptor read/8, error -71
[ 1041.550204][   T24] usb usb3-port1: unable to enumerate USB device
[ 1045.424209][T20563] FAULT_INJECTION: forcing a failure.
[ 1045.424209][T20563] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1045.448496][T20563] CPU: 0 UID: 0 PID: 20563 Comm: syz.6.4696 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1045.448528][T20563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1045.448540][T20563] Call Trace:
[ 1045.448547][T20563]  <TASK>
[ 1045.448554][T20563]  dump_stack_lvl+0x189/0x250
[ 1045.448578][T20563]  ? __pfx____ratelimit+0x10/0x10
[ 1045.448595][T20563]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1045.448613][T20563]  ? __pfx__printk+0x10/0x10
[ 1045.448634][T20563]  ? __might_fault+0xb0/0x130
[ 1045.448658][T20563]  should_fail_ex+0x414/0x560
[ 1045.448678][T20563]  _copy_from_user+0x2d/0xb0
[ 1045.448702][T20563]  copy_clone_args_from_user+0x1d5/0x6d0
[ 1045.448733][T20563]  ? __pfx_copy_clone_args_from_user+0x10/0x10
[ 1045.448755][T20563]  ? rcu_read_lock_any_held+0xb3/0x120
[ 1045.448791][T20563]  __se_sys_clone3+0xf1/0x2d0
[ 1045.448814][T20563]  ? __pfx___se_sys_clone3+0x10/0x10
[ 1045.448834][T20563]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1045.448862][T20563]  ? __fget_files+0x3a0/0x420
[ 1045.448892][T20563]  ? __pfx_ksys_write+0x10/0x10
[ 1045.448906][T20563]  ? rcu_is_watching+0x15/0xb0
[ 1045.448926][T20563]  ? do_syscall_64+0xbe/0x3b0
[ 1045.448947][T20563]  do_syscall_64+0xfa/0x3b0
[ 1045.448964][T20563]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1045.448980][T20563]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1045.448996][T20563]  ? clear_bhb_loop+0x60/0xb0
[ 1045.449016][T20563]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1045.449031][T20563] RIP: 0033:0x7feaaaf8e9a9
[ 1045.449045][T20563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1045.449059][T20563] RSP: 002b:00007feaabdf2f08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 1045.449082][T20563] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007feaaaf8e9a9
[ 1045.449094][T20563] RDX: 00007feaabdf2f20 RSI: 0000000000000058 RDI: 00007feaabdf2f20
[ 1045.449105][T20563] RBP: 00007feaabdf3090 R08: 0000000000000000 R09: 0000000000000058
[ 1045.449115][T20563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1045.449125][T20563] R13: 0000000000000000 R14: 00007feaab1b5fa0 R15: 00007ffd518444c8
[ 1045.449148][T20563]  </TASK>
[ 1045.666392][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1045.728269][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1045.740690][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1045.752158][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1045.781152][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1045.802790][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1045.860842][T20569] FAULT_INJECTION: forcing a failure.
[ 1045.860842][T20569] name failslab, interval 1, probability 0, space 0, times 0
[ 1045.874560][T20569] CPU: 0 UID: 0 PID: 20569 Comm: syz.7.4698 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1045.874588][T20569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1045.874602][T20569] Call Trace:
[ 1045.874612][T20569]  <TASK>
[ 1045.874622][T20569]  dump_stack_lvl+0x189/0x250
[ 1045.874654][T20569]  ? __pfx____ratelimit+0x10/0x10
[ 1045.874678][T20569]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1045.874704][T20569]  ? __pfx__printk+0x10/0x10
[ 1045.874740][T20569]  ? __pfx___might_resched+0x10/0x10
[ 1045.874770][T20569]  should_fail_ex+0x414/0x560
[ 1045.874799][T20569]  should_failslab+0xa8/0x100
[ 1045.874826][T20569]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1045.874850][T20569]  ? __alloc_skb+0x112/0x2d0
[ 1045.874886][T20569]  __alloc_skb+0x112/0x2d0
[ 1045.874922][T20569]  tcp_stream_alloc_skb+0x3d/0x340
[ 1045.874954][T20569]  tcp_sendmsg_locked+0xf3c/0x5650
[ 1045.874980][T20569]  ? __lock_acquire+0xab9/0xd20
[ 1045.875045][T20569]  ? register_lock_class+0x51/0x320
[ 1045.875107][T20569]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[ 1045.875132][T20569]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1045.875161][T20569]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1045.875200][T20569]  tcp_sendmsg+0x2f/0x50
[ 1045.875227][T20569]  __sock_sendmsg+0x19c/0x270
[ 1045.875257][T20569]  sock_sendmsg+0x158/0x230
[ 1045.875286][T20569]  ? __pfx_sock_sendmsg+0x10/0x10
[ 1045.875328][T20569]  ? __asan_memset+0x22/0x50
[ 1045.875360][T20569]  ? iov_iter_bvec+0xb8/0x180
[ 1045.875392][T20569]  splice_to_socket+0x8ff/0xf10
[ 1045.875442][T20569]  ? __pfx_splice_to_socket+0x10/0x10
[ 1045.875463][T20569]  ? current_time+0x222/0x370
[ 1045.875521][T20569]  ? touch_atime+0xf1/0x6d0
[ 1045.875576][T20569]  ? __pfx_splice_to_socket+0x10/0x10
[ 1045.875602][T20569]  direct_splice_actor+0x101/0x160
[ 1045.875630][T20569]  splice_direct_to_actor+0x5a5/0xcc0
[ 1045.875676][T20569]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1045.875700][T20569]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1045.875737][T20569]  do_splice_direct+0x181/0x270
[ 1045.875762][T20569]  ? __pfx_do_splice_direct+0x10/0x10
[ 1045.875786][T20569]  ? __pfx_direct_file_splice_eof+0x10/0x10
[ 1045.875813][T20569]  ? bpf_lsm_file_permission+0x9/0x20
[ 1045.875838][T20569]  ? security_file_permission+0x75/0x290
[ 1045.875872][T20569]  ? rw_verify_area+0x258/0x650
[ 1045.875911][T20569]  do_sendfile+0x4da/0x7e0
[ 1045.875938][T20569]  ? __pfx_vfs_write+0x10/0x10
[ 1045.875966][T20569]  ? __pfx_do_sendfile+0x10/0x10
[ 1045.876000][T20569]  ? __fget_files+0x3a0/0x420
[ 1045.876037][T20569]  __se_sys_sendfile64+0x13e/0x190
[ 1045.876067][T20569]  ? __pfx___se_sys_sendfile64+0x10/0x10
[ 1045.876091][T20569]  ? rcu_is_watching+0x15/0xb0
[ 1045.876121][T20569]  ? do_syscall_64+0xbe/0x3b0
[ 1045.876151][T20569]  do_syscall_64+0xfa/0x3b0
[ 1045.876175][T20569]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1045.876199][T20569]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1045.876222][T20569]  ? clear_bhb_loop+0x60/0xb0
[ 1045.876249][T20569]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1045.876270][T20569] RIP: 0033:0x7fe01658e9a9
[ 1045.876291][T20569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1045.876315][T20569] RSP: 002b:00007fe0143f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1045.876339][T20569] RAX: ffffffffffffffda RBX: 00007fe0167b5fa0 RCX: 00007fe01658e9a9
[ 1045.876356][T20569] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1045.876370][T20569] RBP: 00007fe0143f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1045.876384][T20569] R10: 000000007ffff004 R11: 0000000000000246 R12: 0000000000000001
[ 1045.876398][T20569] R13: 0000000000000000 R14: 00007fe0167b5fa0 R15: 00007ffe47d6f8f8
[ 1045.876433][T20569]  </TASK>
[ 1046.241536][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1046.453860][T20566] chnl_net:caif_netlink_parms(): no params data found
[ 1046.699552][   T30] audit: type=1400 audit(1753921245.343:2663): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="%{" requested=w pid=20570 comm="syz.1.4697"
[ 1046.731626][   T30] audit: type=1400 audit(1753921245.343:2664): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="%{" requested=w pid=20570 comm="syz.1.4697"
[ 1047.041670][T20566] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1047.163015][T20566] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1047.195815][T20566] bridge_slave_0: entered allmulticast mode
[ 1047.254960][T20566] bridge_slave_0: entered promiscuous mode
[ 1047.293264][T20566] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1047.329699][T20566] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1047.373752][T20566] bridge_slave_1: entered allmulticast mode
[ 1047.386531][T20566] bridge_slave_1: entered promiscuous mode
[ 1047.402735][T12362] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[ 1047.499369][T20566] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1047.525110][T20566] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1047.562027][T12362] usb 7-1: Using ep0 maxpacket: 8
[ 1047.577782][T12362] usb 7-1: too many configurations: 120, using maximum allowed: 8
[ 1047.609945][T12362] usb 7-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[ 1047.619290][T12362] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=24
[ 1047.638414][T12362] usb 7-1: Product: syz
[ 1047.646088][T12362] usb 7-1: Manufacturer: syz
[ 1047.666927][T20566] team0: Port device team_slave_0 added
[ 1047.673298][T12362] usb 7-1: SerialNumber: syz
[ 1047.681025][T12362] usb 7-1: config 0 descriptor??
[ 1047.690120][T20566] team0: Port device team_slave_1 added
[ 1047.705291][T12362] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[ 1047.723084][T12362] usb 7-1: setting power ON
[ 1047.732120][T12362] dvb-usb: bulk message failed: -22 (2/0)
[ 1047.763528][T12362] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1047.774995][T12362] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[ 1047.793363][T12362] usb 7-1: media controller created
[ 1047.813255][T20566] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1047.820282][T20566] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1047.846248][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1047.892424][ T5839] Bluetooth: hci3: command tx timeout
[ 1047.911315][T12362] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1047.948552][T12362] usb 7-1: selecting invalid altsetting 6
[ 1047.951938][T20566] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1047.954616][T12362] usb 7-1: digital interface selection failed (-22)
[ 1047.973276][T12362] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[ 1047.980908][T20566] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1047.989851][T12362] usb 7-1: setting power OFF
[ 1047.990428][ T7888] usb 2-1: new high-speed USB device number 114 using dummy_hcd
[ 1047.994623][T12362] dvb-usb: bulk message failed: -22 (2/0)
[ 1047.994666][T12362] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[ 1047.994682][T12362] (NULL device *): no alternate interface
[ 1048.019143][T20566] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1048.055458][T20566] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1048.113147][T12362] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[ 1048.134505][T12362] usb 7-1: USB disconnect, device number 26
[ 1048.214346][T20566] hsr_slave_0: entered promiscuous mode
[ 1048.216235][ T7888] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1048.230864][ T7888] usb 2-1: config 66 has an invalid descriptor of length 0, skipping remainder of the config
[ 1048.245783][ T7888] usb 2-1: config 66 has 1 interface, different from the descriptor's value: 2
[ 1048.246538][T20566] hsr_slave_1: entered promiscuous mode
[ 1048.275084][T20566] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1048.278304][ T7888] usb 2-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=a5.95
[ 1048.283191][T20566] Cannot create hsr debugfs directory
[ 1048.331101][ T7888] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1048.360000][ T7888] usb 2-1: Product: syz
[ 1048.371148][ T7888] usb 2-1: Manufacturer: syz
[ 1048.378286][ T7888] usb 2-1: SerialNumber: syz
[ 1048.592205][   T30] audit: type=1400 audit(1753921247.193:2665): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="%{" requested=w pid=20605 comm="syz.2.4707" dest=20000
[ 1049.063337][ T7888] ati_remote2 2-1:66.0: ati_remote2_probe(): interface 0 must have an endpoint
[ 1049.113517][ T7888] usb 2-1: USB disconnect, device number 114
[ 1049.658404][T20566] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1049.975765][ T5839] Bluetooth: hci3: command tx timeout
[ 1050.067328][T20566] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1050.250493][T20566] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1050.316814][   T30] audit: type=1804 audit(1753921248.943:2666): pid=20629 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.4713" name="/newroot/433/bus/file0" dev="overlay" ino=2358 res=1 errno=0
[ 1050.553780][T20566] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1050.781081][T12362] usb 3-1: new high-speed USB device number 111 using dummy_hcd
[ 1050.966892][T12362] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1050.978172][T20566] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1051.002016][T12362] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1051.019655][T20566] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1051.045896][T12362] usb 3-1: config 0 descriptor??
[ 1051.056379][T12362] cp210x 3-1:0.0: cp210x converter detected
[ 1051.069253][T20566] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1051.104837][T20566] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1051.491238][T20629] tipc: Started in network mode
[ 1051.496450][T20629] tipc: Node identity d6dd4f7924bd, cluster identity 4711
[ 1051.504187][T20629] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1051.523928][T20629] syzkaller0: entered promiscuous mode
[ 1051.550346][T20629] syzkaller0: entered allmulticast mode
[ 1051.676733][T20566] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1051.714861][T20628] tipc: Resetting bearer <eth:syzkaller0>
[ 1051.787415][T20628] tipc: Disabling bearer <eth:syzkaller0>
[ 1051.884366][T12362] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -71
[ 1051.896490][T20566] 8021q: adding VLAN 0 to HW filter on device team0
[ 1051.907091][T12362] cp210x 3-1:0.0: failed to get vendor val 0x370c size 73: -71
[ 1051.923385][T12362] cp210x 3-1:0.0: GPIO initialisation failed: -71
[ 1051.932904][T12362] usb 3-1: cp210x converter now attached to ttyUSB0
[ 1051.947833][ T8878] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1051.951122][T12362] usb 3-1: USB disconnect, device number 111
[ 1051.955060][ T8878] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1051.985187][ T8878] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1051.992526][ T8878] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1052.000117][ T7885] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[ 1052.004890][T12362] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1052.027779][T12362] cp210x 3-1:0.0: device disconnected
[ 1052.042531][ T5839] Bluetooth: hci3: command tx timeout
[ 1052.167469][ T7885] usb 7-1: Using ep0 maxpacket: 8
[ 1052.189396][ T7885] usb 7-1: too many configurations: 120, using maximum allowed: 8
[ 1052.216523][ T7885] usb 7-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[ 1052.237015][ T7885] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=24
[ 1052.255687][ T7885] usb 7-1: Product: syz
[ 1052.268621][ T7885] usb 7-1: Manufacturer: syz
[ 1052.281184][ T7885] usb 7-1: SerialNumber: syz
[ 1052.290967][T20656] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[ 1052.308770][ T7885] usb 7-1: config 0 descriptor??
[ 1052.309267][T20656] Cannot find set identified by id 0 to match
[ 1052.330214][ T7885] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[ 1052.348929][ T7885] usb 7-1: setting power ON
[ 1052.359071][ T7885] dvb-usb: bulk message failed: -22 (2/0)
[ 1052.397057][ T7885] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1052.437333][ T7885] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[ 1052.457359][ T7885] usb 7-1: media controller created
[ 1052.527001][ T7885] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1052.587608][ T7885] usb 7-1: selecting invalid altsetting 6
[ 1052.593356][T20662] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1052.601809][ T7885] usb 7-1: digital interface selection failed (-22)
[ 1052.629133][ T7885] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[ 1052.651124][ T7885] usb 7-1: setting power OFF
[ 1052.658959][T20566] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1052.679045][ T7885] dvb-usb: bulk message failed: -22 (2/0)
[ 1052.717664][ T7885] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[ 1052.728956][ T7885] (NULL device *): no alternate interface
[ 1052.873726][ T7885] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[ 1052.941545][ T7885] usb 7-1: USB disconnect, device number 27
[ 1053.306732][T20677] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1053.842760][  T977] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[ 1053.862768][T20566] veth0_vlan: entered promiscuous mode
[ 1053.924718][T20689] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1053.948882][T20566] veth1_vlan: entered promiscuous mode
[ 1053.971885][  T977] usb 7-1: device descriptor read/64, error -71
[ 1054.114547][T20566] veth0_macvtap: entered promiscuous mode
[ 1054.123236][ T5839] Bluetooth: hci3: command tx timeout
[ 1054.155250][T20566] veth1_macvtap: entered promiscuous mode
[ 1054.211924][  T977] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[ 1054.243296][T20566] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1054.280098][T20566] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1054.392103][  T977] usb 7-1: device descriptor read/64, error -71
[ 1054.393227][T20692] FAULT_INJECTION: forcing a failure.
[ 1054.393227][T20692] name failslab, interval 1, probability 0, space 0, times 0
[ 1054.462281][T20692] CPU: 0 UID: 0 PID: 20692 Comm: syz.7.4729 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1054.462315][T20692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1054.462329][T20692] Call Trace:
[ 1054.462339][T20692]  <TASK>
[ 1054.462349][T20692]  dump_stack_lvl+0x189/0x250
[ 1054.462380][T20692]  ? __pfx____ratelimit+0x10/0x10
[ 1054.462409][T20692]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1054.462434][T20692]  ? __pfx__printk+0x10/0x10
[ 1054.462470][T20692]  ? __pfx___might_resched+0x10/0x10
[ 1054.462502][T20692]  ? fs_reclaim_acquire+0x7d/0x100
[ 1054.462535][T20692]  should_fail_ex+0x414/0x560
[ 1054.462564][T20692]  should_failslab+0xa8/0x100
[ 1054.462590][T20692]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[ 1054.462612][T20692]  ? __d_alloc+0x31/0x6f0
[ 1054.462645][T20692]  __d_alloc+0x31/0x6f0
[ 1054.462681][T20692]  d_alloc_parallel+0xe0/0x14e0
[ 1054.462713][T20692]  ? smack_log+0xef/0x3f0
[ 1054.462747][T20692]  ? __pfx_smack_log+0x10/0x10
[ 1054.462777][T20692]  ? smk_access+0x14c/0x4e0
[ 1054.462813][T20692]  ? __lock_acquire+0xab9/0xd20
[ 1054.462836][T20692]  ? __pfx_d_alloc_parallel+0x10/0x10
[ 1054.462864][T20692]  ? look_up_lock_class+0x74/0x170
[ 1054.462892][T20692]  ? __raw_spin_lock_init+0x45/0x100
[ 1054.462923][T20692]  ? __init_waitqueue_head+0xa9/0x150
[ 1054.462959][T20692]  __lookup_slow+0x116/0x3d0
[ 1054.462992][T20692]  ? __pfx___lookup_slow+0x10/0x10
[ 1054.463030][T20692]  ? bpf_lsm_inode_permission+0x9/0x20
[ 1054.463053][T20692]  ? security_inode_permission+0xb7/0x310
[ 1054.463083][T20692]  ? down_read+0x1ad/0x2e0
[ 1054.463114][T20692]  lookup_slow+0x53/0x70
[ 1054.463145][T20692]  walk_component+0x2d2/0x400
[ 1054.463172][T20692]  ? path_lookupat+0x156/0x430
[ 1054.463204][T20692]  path_lookupat+0x163/0x430
[ 1054.463240][T20692]  filename_lookup+0x212/0x570
[ 1054.463276][T20692]  ? __pfx_filename_lookup+0x10/0x10
[ 1054.463333][T20692]  ? strncpy_from_user+0x150/0x290
[ 1054.463373][T20692]  ? getname_flags+0x1e5/0x540
[ 1054.463405][T20692]  user_path_at+0x3a/0x60
[ 1054.463438][T20692]  do_sys_truncate+0xa3/0x190
[ 1054.463461][T20692]  ? __pfx_do_sys_truncate+0x10/0x10
[ 1054.463492][T20692]  ? __pfx_ksys_write+0x10/0x10
[ 1054.463524][T20692]  __x64_sys_truncate+0x5b/0x70
[ 1054.463548][T20692]  do_syscall_64+0xfa/0x3b0
[ 1054.463572][T20692]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1054.463595][T20692]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1054.463618][T20692]  ? clear_bhb_loop+0x60/0xb0
[ 1054.463645][T20692]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1054.463687][T20692] RIP: 0033:0x7fe01658e9a9
[ 1054.463707][T20692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1054.463727][T20692] RSP: 002b:00007fe0143f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[ 1054.463751][T20692] RAX: ffffffffffffffda RBX: 00007fe0167b5fa0 RCX: 00007fe01658e9a9
[ 1054.463768][T20692] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000200000000040
[ 1054.463782][T20692] RBP: 00007fe0143f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1054.463795][T20692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1054.463808][T20692] R13: 0000000000000000 R14: 00007fe0167b5fa0 R15: 00007ffe47d6f8f8
[ 1054.463840][T20692]  </TASK>
[ 1054.624029][T20566] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1054.809554][  T977] usb usb7-port1: attempt power cycle
[ 1054.822421][T20566] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1054.831208][T20566] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1054.966598][   T30] audit: type=1400 audit(1753921253.593:2667): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="%{" requested=w pid=20693 comm="syz.2.4730" dest=20000
[ 1055.028458][T20566] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1055.202928][  T977] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[ 1055.451353][  T977] usb 7-1: device descriptor read/8, error -71
[ 1055.723636][  T977] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[ 1055.963336][  T977] usb 7-1: device descriptor read/8, error -71
[ 1056.034400][T13130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1056.043390][ T1146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1056.058318][T13130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1056.095711][  T977] usb usb7-port1: unable to enumerate USB device
[ 1056.105123][ T1146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1056.492570][   T30] audit: type=1400 audit(1753921255.133:2668): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="%{" requested=w pid=20719 comm="syz.2.4738" dest=20000
[ 1058.014604][T20717] netlink: 'syz.5.4737': attribute type 4 has an invalid length.
[ 1058.036857][T12362] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[ 1058.201881][T12362] usb 7-1: Using ep0 maxpacket: 8
[ 1058.222869][T12362] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[ 1058.249188][T12362] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1058.282491][T12362] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1058.316207][T12362] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1058.331558][T20733] netlink: 'syz.2.4742': attribute type 4 has an invalid length.
[ 1058.347566][T12362] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1058.367628][T12362] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1058.377594][T12362] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1058.660213][T12362] usb 7-1: usb_control_msg returned -32
[ 1058.674645][T12362] usbtmc 7-1:16.0: can't read capabilities
[ 1059.472347][T20751] netlink: 144 bytes leftover after parsing attributes in process `syz.2.4745'.
[ 1059.576365][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1059.595149][T20752] FAULT_INJECTION: forcing a failure.
[ 1059.595149][T20752] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1059.609593][T20752] CPU: 1 UID: 0 PID: 20752 Comm: syz.6.4744 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1059.609623][T20752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1059.609637][T20752] Call Trace:
[ 1059.609647][T20752]  <TASK>
[ 1059.609657][T20752]  dump_stack_lvl+0x189/0x250
[ 1059.609687][T20752]  ? __pfx____ratelimit+0x10/0x10
[ 1059.609711][T20752]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1059.609735][T20752]  ? __pfx__printk+0x10/0x10
[ 1059.609791][T20752]  should_fail_ex+0x414/0x560
[ 1059.609821][T20752]  _copy_to_user+0x31/0xb0
[ 1059.609853][T20752]  simple_read_from_buffer+0xe1/0x170
[ 1059.609881][T20752]  proc_fail_nth_read+0x1df/0x250
[ 1059.609911][T20752]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1059.609941][T20752]  ? rw_verify_area+0x258/0x650
[ 1059.609976][T20752]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1059.610003][T20752]  vfs_read+0x200/0x980
[ 1059.610042][T20752]  ? __pfx___mutex_lock+0x10/0x10
[ 1059.610068][T20752]  ? __pfx_vfs_read+0x10/0x10
[ 1059.610104][T20752]  ? __fget_files+0x2a/0x420
[ 1059.610136][T20752]  ? __fget_files+0x3a0/0x420
[ 1059.610161][T20752]  ? __fget_files+0x2a/0x420
[ 1059.610199][T20752]  ksys_read+0x145/0x250
[ 1059.610218][T20752]  ? __fget_files+0x3a0/0x420
[ 1059.610246][T20752]  ? __pfx_ksys_read+0x10/0x10
[ 1059.610272][T20752]  ? do_syscall_64+0xbe/0x3b0
[ 1059.610303][T20752]  do_syscall_64+0xfa/0x3b0
[ 1059.610326][T20752]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1059.610350][T20752]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1059.610372][T20752]  ? clear_bhb_loop+0x60/0xb0
[ 1059.610400][T20752]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1059.610422][T20752] RIP: 0033:0x7feaaaf8d3bc
[ 1059.610442][T20752] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1059.610463][T20752] RSP: 002b:00007feaabdb1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1059.610488][T20752] RAX: ffffffffffffffda RBX: 00007feaab1b6160 RCX: 00007feaaaf8d3bc
[ 1059.610505][T20752] RDX: 000000000000000f RSI: 00007feaabdb10a0 RDI: 0000000000000005
[ 1059.610519][T20752] RBP: 00007feaabdb1090 R08: 0000000000000000 R09: 0000000000000000
[ 1059.610534][T20752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1059.610548][T20752] R13: 0000000000000000 R14: 00007feaab1b6160 R15: 00007ffd518444c8
[ 1059.610583][T20752]  </TASK>
[ 1059.908321][ T7885] usb 7-1: USB disconnect, device number 32
[ 1060.277690][T20763] xt_policy: input policy not valid in POSTROUTING and OUTPUT
[ 1060.310330][T20763] overlay: ./file0 is not a directory
[ 1061.241998][  T977] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[ 1061.278607][ T7885] hid-generic 0000:0000:0000.0029: unknown main item tag 0x0
[ 1061.304879][ T7885] hid-generic 0000:0000:0000.0029: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1061.382731][T20775] loop2: detected capacity change from 0 to 7
[ 1061.398845][T20775] Dev loop2: unable to read RDB block 7
[ 1061.402814][  T977] usb 6-1: device descriptor read/64, error -71
[ 1061.414111][T20775]  loop2: unable to read partition table
[ 1061.427847][T20775] loop2: partition table beyond EOD, truncated
[ 1061.441889][T20775] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1061.665079][  T977] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[ 1061.812031][  T977] usb 6-1: device descriptor read/64, error -71
[ 1061.833204][T20785] FAULT_INJECTION: forcing a failure.
[ 1061.833204][T20785] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1061.861160][T20785] CPU: 1 UID: 0 PID: 20785 Comm: syz.1.4760 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1061.861192][T20785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1061.861207][T20785] Call Trace:
[ 1061.861216][T20785]  <TASK>
[ 1061.861227][T20785]  dump_stack_lvl+0x189/0x250
[ 1061.861258][T20785]  ? __pfx____ratelimit+0x10/0x10
[ 1061.861283][T20785]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1061.861309][T20785]  ? __pfx__printk+0x10/0x10
[ 1061.861335][T20785]  ? __might_fault+0xb0/0x130
[ 1061.861367][T20785]  should_fail_ex+0x414/0x560
[ 1061.861396][T20785]  _copy_from_user+0x2d/0xb0
[ 1061.861429][T20785]  video_usercopy+0x354/0x14f0
[ 1061.861469][T20785]  ? smk_tskacc+0x2fc/0x370
[ 1061.861503][T20785]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1061.861537][T20785]  ? __pfx_video_usercopy+0x10/0x10
[ 1061.861568][T20785]  ? smack_file_ioctl+0x2a9/0x340
[ 1061.861606][T20785]  ? __fget_files+0x2a/0x420
[ 1061.861631][T20785]  ? __fget_files+0x3a0/0x420
[ 1061.861660][T20785]  v4l2_ioctl+0x18a/0x1e0
[ 1061.861692][T20785]  ? __pfx_v4l2_ioctl+0x10/0x10
[ 1061.861724][T20785]  __se_sys_ioctl+0xfc/0x170
[ 1061.861763][T20785]  do_syscall_64+0xfa/0x3b0
[ 1061.861786][T20785]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1061.861810][T20785]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1061.861831][T20785]  ? clear_bhb_loop+0x60/0xb0
[ 1061.861868][T20785]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1061.861890][T20785] RIP: 0033:0x7f2fabf8e9a9
[ 1061.861910][T20785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1061.861927][T20785] RSP: 002b:00007f2facd13038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1061.861950][T20785] RAX: ffffffffffffffda RBX: 00007f2fac1b5fa0 RCX: 00007f2fabf8e9a9
[ 1061.861966][T20785] RDX: 0000200000000040 RSI: 00000000c0845657 RDI: 0000000000000003
[ 1061.861981][T20785] RBP: 00007f2facd13090 R08: 0000000000000000 R09: 0000000000000000
[ 1061.861995][T20785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1061.862009][T20785] R13: 0000000000000000 R14: 00007f2fac1b5fa0 R15: 00007ffddf06d328
[ 1061.862043][T20785]  </TASK>
[ 1062.089017][  T977] usb usb6-port1: attempt power cycle
[ 1062.454149][  T977] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[ 1062.615790][  T977] usb 6-1: device descriptor read/8, error -71
[ 1062.982273][  T977] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[ 1063.083387][  T977] usb 6-1: device descriptor read/8, error -71
[ 1063.213738][  T977] usb usb6-port1: unable to enumerate USB device
[ 1063.475568][   T30] audit: type=1400 audit(1753921261.973:2669): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="%{" requested=w pid=20794 comm="syz.1.4764" dest=20000
[ 1064.256031][T20813] FAULT_INJECTION: forcing a failure.
[ 1064.256031][T20813] name failslab, interval 1, probability 0, space 0, times 0
[ 1064.279695][T20813] CPU: 1 UID: 0 PID: 20813 Comm: syz.1.4770 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1064.279729][T20813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1064.279744][T20813] Call Trace:
[ 1064.279755][T20813]  <TASK>
[ 1064.279764][T20813]  dump_stack_lvl+0x189/0x250
[ 1064.279787][T20813]  ? __pfx____ratelimit+0x10/0x10
[ 1064.279804][T20813]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1064.279823][T20813]  ? __pfx__printk+0x10/0x10
[ 1064.279847][T20813]  ? __pfx___might_resched+0x10/0x10
[ 1064.279865][T20813]  ? fs_reclaim_acquire+0x7d/0x100
[ 1064.279888][T20813]  should_fail_ex+0x414/0x560
[ 1064.279909][T20813]  should_failslab+0xa8/0x100
[ 1064.279928][T20813]  __kmalloc_noprof+0xcb/0x4f0
[ 1064.279942][T20813]  ? kfree+0x4d/0x440
[ 1064.279964][T20813]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1064.279989][T20813]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1064.280012][T20813]  ? tomoyo_domain+0xda/0x130
[ 1064.280038][T20813]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1064.280055][T20813]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1064.280074][T20813]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1064.280105][T20813]  ? __lock_acquire+0xab9/0xd20
[ 1064.280135][T20813]  ? __fget_files+0x2a/0x420
[ 1064.280156][T20813]  ? __fget_files+0x2a/0x420
[ 1064.280172][T20813]  ? __fget_files+0x3a0/0x420
[ 1064.280190][T20813]  ? __fget_files+0x2a/0x420
[ 1064.280210][T20813]  security_file_ioctl+0xcb/0x2d0
[ 1064.280230][T20813]  __se_sys_ioctl+0x47/0x170
[ 1064.280257][T20813]  do_syscall_64+0xfa/0x3b0
[ 1064.280274][T20813]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1064.280291][T20813]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1064.280307][T20813]  ? clear_bhb_loop+0x60/0xb0
[ 1064.280326][T20813]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1064.280342][T20813] RIP: 0033:0x7f2fabf8e9a9
[ 1064.280356][T20813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1064.280370][T20813] RSP: 002b:00007f2facd13038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1064.280389][T20813] RAX: ffffffffffffffda RBX: 00007f2fac1b5fa0 RCX: 00007f2fabf8e9a9
[ 1064.280401][T20813] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1064.280411][T20813] RBP: 00007f2facd13090 R08: 0000000000000000 R09: 0000000000000000
[ 1064.280422][T20813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1064.280431][T20813] R13: 0000000000000000 R14: 00007f2fac1b5fa0 R15: 00007ffddf06d328
[ 1064.280455][T20813]  </TASK>
[ 1064.733257][T20813] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1064.842036][ T7868] usb 3-1: new high-speed USB device number 112 using dummy_hcd
[ 1065.014347][ T7868] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1065.035047][ T7868] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1065.104001][ T7868] usb 3-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53
[ 1065.154609][ T7868] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1065.184920][ T7868] usb 3-1: config 0 descriptor??
[ 1065.385758][T20830] FAULT_INJECTION: forcing a failure.
[ 1065.385758][T20830] name failslab, interval 1, probability 0, space 0, times 0
[ 1065.436399][T20830] CPU: 0 UID: 0 PID: 20830 Comm: syz.6.4775 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1065.436429][T20830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1065.436444][T20830] Call Trace:
[ 1065.436453][T20830]  <TASK>
[ 1065.436462][T20830]  dump_stack_lvl+0x189/0x250
[ 1065.436492][T20830]  ? __pfx____ratelimit+0x10/0x10
[ 1065.436514][T20830]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1065.436539][T20830]  ? __pfx__printk+0x10/0x10
[ 1065.436572][T20830]  ? __pfx___might_resched+0x10/0x10
[ 1065.436594][T20830]  ? fs_reclaim_acquire+0x7d/0x100
[ 1065.436625][T20830]  should_fail_ex+0x414/0x560
[ 1065.436653][T20830]  should_failslab+0xa8/0x100
[ 1065.436679][T20830]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1065.436700][T20830]  ? sctp_auth_asoc_copy_shkeys+0x14e/0x5a0
[ 1065.436732][T20830]  sctp_auth_asoc_copy_shkeys+0x14e/0x5a0
[ 1065.436770][T20830]  sctp_association_new+0x15d3/0x25f0
[ 1065.436821][T20830]  sctp_connect_new_asoc+0x2c5/0x690
[ 1065.436857][T20830]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 1065.436890][T20830]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1065.436922][T20830]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1065.436950][T20830]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1065.436981][T20830]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 1065.437004][T20830]  ? security_sctp_bind_connect+0x7e/0x2e0
[ 1065.437032][T20830]  sctp_sendmsg+0x155c/0x2810
[ 1065.437075][T20830]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1065.437105][T20830]  ? __lock_acquire+0xab9/0xd20
[ 1065.437144][T20830]  ? sock_rps_record_flow+0x19/0x410
[ 1065.437173][T20830]  ? inet_sendmsg+0x2f4/0x370
[ 1065.437195][T20830]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1065.437220][T20830]  __sock_sendmsg+0x19c/0x270
[ 1065.437276][T20830]  __sys_sendto+0x3bd/0x520
[ 1065.437339][T20830]  ? __pfx___sys_sendto+0x10/0x10
[ 1065.437368][T20830]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1065.437409][T20830]  ? __fget_files+0x3a0/0x420
[ 1065.437447][T20830]  ? ksys_write+0x22a/0x250
[ 1065.437471][T20830]  ? __pfx_ksys_write+0x10/0x10
[ 1065.437490][T20830]  ? rcu_is_watching+0x15/0xb0
[ 1065.437520][T20830]  __x64_sys_sendto+0xde/0x100
[ 1065.437556][T20830]  do_syscall_64+0xfa/0x3b0
[ 1065.437579][T20830]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1065.437603][T20830]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1065.437625][T20830]  ? clear_bhb_loop+0x60/0xb0
[ 1065.437653][T20830]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1065.437674][T20830] RIP: 0033:0x7feaaaf8e9a9
[ 1065.437695][T20830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1065.437714][T20830] RSP: 002b:00007feaabdf3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1065.437738][T20830] RAX: ffffffffffffffda RBX: 00007feaab1b5fa0 RCX: 00007feaaaf8e9a9
[ 1065.437755][T20830] RDX: 0000000000000001 RSI: 00002000000002c0 RDI: 0000000000000003
[ 1065.437769][T20830] RBP: 00007feaabdf3090 R08: 0000200000000000 R09: 0000000000000010
[ 1065.437784][T20830] R10: e61e2840a554b0d0 R11: 0000000000000246 R12: 0000000000000001
[ 1065.437799][T20830] R13: 0000000000000000 R14: 00007feaab1b5fa0 R15: 00007ffd518444c8
[ 1065.437833][T20830]  </TASK>
[ 1065.453673][ T7868] usb 3-1: USB disconnect, device number 112
[ 1066.429176][   T30] audit: type=1400 audit(1753921265.073:2670): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="%{" requested=w pid=20841 comm="syz.2.4778" dest=20000
[ 1067.373780][T20856] FAULT_INJECTION: forcing a failure.
[ 1067.373780][T20856] name failslab, interval 1, probability 0, space 0, times 0
[ 1067.431990][T20856] CPU: 1 UID: 0 PID: 20856 Comm: syz.2.4781 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1067.432023][T20856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1067.432043][T20856] Call Trace:
[ 1067.432052][T20856]  <TASK>
[ 1067.432062][T20856]  dump_stack_lvl+0x189/0x250
[ 1067.432092][T20856]  ? __pfx____ratelimit+0x10/0x10
[ 1067.432115][T20856]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1067.432138][T20856]  ? __pfx__printk+0x10/0x10
[ 1067.432168][T20856]  ? __pfx___might_resched+0x10/0x10
[ 1067.432190][T20856]  ? fs_reclaim_acquire+0x7d/0x100
[ 1067.432218][T20856]  should_fail_ex+0x414/0x560
[ 1067.432244][T20856]  should_failslab+0xa8/0x100
[ 1067.432266][T20856]  __kmalloc_noprof+0xcb/0x4f0
[ 1067.432284][T20856]  ? kfree+0x4d/0x440
[ 1067.432309][T20856]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1067.432340][T20856]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1067.432374][T20856]  ? tomoyo_domain+0xda/0x130
[ 1067.432406][T20856]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1067.432426][T20856]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1067.432451][T20856]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1067.432490][T20856]  ? __lock_acquire+0xab9/0xd20
[ 1067.432530][T20856]  ? __fget_files+0x2a/0x420
[ 1067.432555][T20856]  ? __fget_files+0x2a/0x420
[ 1067.432575][T20856]  ? __fget_files+0x3a0/0x420
[ 1067.432595][T20856]  ? __fget_files+0x2a/0x420
[ 1067.432620][T20856]  security_file_ioctl+0xcb/0x2d0
[ 1067.432645][T20856]  __se_sys_ioctl+0x47/0x170
[ 1067.432677][T20856]  do_syscall_64+0xfa/0x3b0
[ 1067.432698][T20856]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1067.432718][T20856]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1067.432737][T20856]  ? clear_bhb_loop+0x60/0xb0
[ 1067.432760][T20856]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1067.432779][T20856] RIP: 0033:0x7f336dd8e9a9
[ 1067.432797][T20856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1067.432816][T20856] RSP: 002b:00007f336eb5e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1067.432838][T20856] RAX: ffffffffffffffda RBX: 00007f336dfb6080 RCX: 00007f336dd8e9a9
[ 1067.432853][T20856] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[ 1067.432865][T20856] RBP: 00007f336eb5e090 R08: 0000000000000000 R09: 0000000000000000
[ 1067.432878][T20856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1067.432889][T20856] R13: 0000000000000001 R14: 00007f336dfb6080 R15: 00007ffdc249bfa8
[ 1067.432919][T20856]  </TASK>
[ 1067.432929][T20856] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1068.334558][T20872] fuse: Bad value for 'fd'
[ 1068.817684][T20884] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4792'.
[ 1070.578608][T20901] FAULT_INJECTION: forcing a failure.
[ 1070.578608][T20901] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1070.611922][T20901] CPU: 1 UID: 0 PID: 20901 Comm: syz.1.4797 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1070.611956][T20901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1070.611971][T20901] Call Trace:
[ 1070.611983][T20901]  <TASK>
[ 1070.611994][T20901]  dump_stack_lvl+0x189/0x250
[ 1070.612025][T20901]  ? __pfx____ratelimit+0x10/0x10
[ 1070.612049][T20901]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1070.612082][T20901]  ? __pfx__printk+0x10/0x10
[ 1070.612115][T20901]  ? __might_fault+0xb0/0x130
[ 1070.612149][T20901]  should_fail_ex+0x414/0x560
[ 1070.612178][T20901]  _copy_from_iter+0x1db/0x16f0
[ 1070.612211][T20901]  ? rcu_is_watching+0x15/0xb0
[ 1070.612238][T20901]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[ 1070.612262][T20901]  ? __pfx__copy_from_iter+0x10/0x10
[ 1070.612291][T20901]  ? __build_skb_around+0x257/0x3e0
[ 1070.612327][T20901]  ? netlink_sendmsg+0x642/0xb30
[ 1070.612375][T20901]  ? skb_put+0x11b/0x210
[ 1070.612411][T20901]  netlink_sendmsg+0x6b2/0xb30
[ 1070.612456][T20901]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1070.612499][T20901]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1070.612521][T20901]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1070.612555][T20901]  __sock_sendmsg+0x21c/0x270
[ 1070.612586][T20901]  ____sys_sendmsg+0x505/0x830
[ 1070.612628][T20901]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1070.612674][T20901]  ? import_iovec+0x74/0xa0
[ 1070.612711][T20901]  ___sys_sendmsg+0x21f/0x2a0
[ 1070.612749][T20901]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1070.612825][T20901]  ? __fget_files+0x2a/0x420
[ 1070.612851][T20901]  ? __fget_files+0x3a0/0x420
[ 1070.612889][T20901]  __x64_sys_sendmsg+0x19b/0x260
[ 1070.612927][T20901]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1070.612974][T20901]  ? __pfx_ksys_write+0x10/0x10
[ 1070.612994][T20901]  ? rcu_is_watching+0x15/0xb0
[ 1070.613025][T20901]  ? do_syscall_64+0xbe/0x3b0
[ 1070.613055][T20901]  do_syscall_64+0xfa/0x3b0
[ 1070.613085][T20901]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1070.613109][T20901]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1070.613132][T20901]  ? clear_bhb_loop+0x60/0xb0
[ 1070.613160][T20901]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1070.613182][T20901] RIP: 0033:0x7f2fabf8e9a9
[ 1070.613203][T20901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1070.613224][T20901] RSP: 002b:00007f2facd13038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1070.613248][T20901] RAX: ffffffffffffffda RBX: 00007f2fac1b5fa0 RCX: 00007f2fabf8e9a9
[ 1070.613265][T20901] RDX: 0000000000000000 RSI: 00002000000010c0 RDI: 0000000000000004
[ 1070.613280][T20901] RBP: 00007f2facd13090 R08: 0000000000000000 R09: 0000000000000000
[ 1070.613295][T20901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1070.613308][T20901] R13: 0000000000000000 R14: 00007f2fac1b5fa0 R15: 00007ffddf06d328
[ 1070.613343][T20901]  </TASK>
[ 1072.393726][T20918] FAULT_INJECTION: forcing a failure.
[ 1072.393726][T20918] name failslab, interval 1, probability 0, space 0, times 0
[ 1072.485889][T20918] CPU: 0 UID: 0 PID: 20918 Comm: syz.1.4801 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1072.485930][T20918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1072.485945][T20918] Call Trace:
[ 1072.485955][T20918]  <TASK>
[ 1072.485965][T20918]  dump_stack_lvl+0x189/0x250
[ 1072.485996][T20918]  ? __pfx____ratelimit+0x10/0x10
[ 1072.486019][T20918]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1072.486043][T20918]  ? __pfx__printk+0x10/0x10
[ 1072.486078][T20918]  ? __ip_dev_find+0x444/0x4e0
[ 1072.486117][T20918]  should_fail_ex+0x414/0x560
[ 1072.486141][T20918]  should_failslab+0xa8/0x100
[ 1072.486167][T20918]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1072.486188][T20918]  ? dst_alloc+0x105/0x170
[ 1072.486215][T20918]  dst_alloc+0x105/0x170
[ 1072.486234][T20918]  ? ip_check_mc_rcu+0x443/0x680
[ 1072.486270][T20918]  ip_route_output_key_hash_rcu+0x1482/0x23a0
[ 1072.486307][T20918]  ? ip_route_output_key_hash+0xde/0x2e0
[ 1072.486334][T20918]  ip_route_output_key_hash+0x1b9/0x2e0
[ 1072.486357][T20918]  ? __lock_acquire+0xab9/0xd20
[ 1072.486380][T20918]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[ 1072.486424][T20918]  ip_route_output_flow+0x2a/0x150
[ 1072.486458][T20918]  ? security_sk_classify_flow+0x70/0x180
[ 1072.486485][T20918]  raw_sendmsg+0x1038/0x18b0
[ 1072.486526][T20918]  ? __pfx_raw_sendmsg+0x10/0x10
[ 1072.486551][T20918]  ? smack_socket_sendmsg+0x438/0x520
[ 1072.486582][T20918]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[ 1072.486635][T20918]  ? tomoyo_socket_sendmsg_permission+0x216/0x300
[ 1072.486671][T20918]  ? sock_rps_record_flow+0x19/0x410
[ 1072.486700][T20918]  ? inet_sendmsg+0x2f4/0x370
[ 1072.486724][T20918]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1072.486751][T20918]  __sock_sendmsg+0x19c/0x270
[ 1072.486781][T20918]  ____sys_sendmsg+0x505/0x830
[ 1072.486822][T20918]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1072.486867][T20918]  ? import_iovec+0x74/0xa0
[ 1072.486911][T20918]  ___sys_sendmsg+0x21f/0x2a0
[ 1072.486948][T20918]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1072.487024][T20918]  ? __fget_files+0x2a/0x420
[ 1072.487049][T20918]  ? __fget_files+0x3a0/0x420
[ 1072.487086][T20918]  __x64_sys_sendmsg+0x19b/0x260
[ 1072.487123][T20918]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1072.487170][T20918]  ? __pfx_ksys_write+0x10/0x10
[ 1072.487188][T20918]  ? rcu_is_watching+0x15/0xb0
[ 1072.487219][T20918]  ? do_syscall_64+0xbe/0x3b0
[ 1072.487249][T20918]  do_syscall_64+0xfa/0x3b0
[ 1072.487272][T20918]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1072.487296][T20918]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1072.487318][T20918]  ? clear_bhb_loop+0x60/0xb0
[ 1072.487346][T20918]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1072.487386][T20918] RIP: 0033:0x7f2fabf8e9a9
[ 1072.487407][T20918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1072.487427][T20918] RSP: 002b:00007f2facd13038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1072.487452][T20918] RAX: ffffffffffffffda RBX: 00007f2fac1b5fa0 RCX: 00007f2fabf8e9a9
[ 1072.487469][T20918] RDX: 0000000000000000 RSI: 0000200000001640 RDI: 0000000000000003
[ 1072.487483][T20918] RBP: 00007f2facd13090 R08: 0000000000000000 R09: 0000000000000000
[ 1072.487498][T20918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1072.487511][T20918] R13: 0000000000000000 R14: 00007f2fac1b5fa0 R15: 00007ffddf06d328
[ 1072.487546][T20918]  </TASK>
[ 1072.817795][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1073.401169][T20932] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1073.413871][T20932] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1074.315941][   T30] audit: type=1326 audit(1753921272.953:2671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20944 comm="syz.7.4810" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe01658e9a9 code=0x0
[ 1076.485260][T20934] netlink: 'syz.1.4806': attribute type 4 has an invalid length.
[ 1076.652438][ T7885] usb 7-1: new high-speed USB device number 33 using dummy_hcd
[ 1077.152281][T12362] usb 3-1: new high-speed USB device number 113 using dummy_hcd
[ 1077.260244][ T7885] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1077.392033][T12362] usb 3-1: Using ep0 maxpacket: 8
[ 1077.532305][T12362] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1077.643120][T12362] usb 3-1: no configurations
[ 1077.735322][T12362] usb 3-1: can't read configurations, error -22
[ 1078.135345][T12362] usb 3-1: new high-speed USB device number 114 using dummy_hcd
[ 1078.452399][T12362] usb 3-1: Using ep0 maxpacket: 8
[ 1079.480343][ T7885] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1079.491037][ T7885] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[ 1079.506706][ T7885] usb 7-1: New USB device found, idVendor=12ba, idProduct=0100, bcdDevice= 0.00
[ 1079.516370][ T7885] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1079.527604][ T7885] usb 7-1: config 0 descriptor??
[ 1079.553084][T12362] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1079.560859][T12362] usb 3-1: no configurations
[ 1079.632521][T12362] usb 3-1: can't read configurations, error -22
[ 1079.665884][T12362] usb usb3-port1: attempt power cycle
[ 1079.691955][ T7885] usb 7-1: can't set config #0, error -71
[ 1080.017999][ T7885] usb 7-1: USB disconnect, device number 33
[ 1080.894805][T20989] FAULT_INJECTION: forcing a failure.
[ 1080.894805][T20989] name failslab, interval 1, probability 0, space 0, times 0
[ 1080.908004][T20989] CPU: 0 UID: 0 PID: 20989 Comm: syz.1.4823 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1080.908036][T20989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1080.908050][T20989] Call Trace:
[ 1080.908060][T20989]  <TASK>
[ 1080.908070][T20989]  dump_stack_lvl+0x189/0x250
[ 1080.908101][T20989]  ? __pfx____ratelimit+0x10/0x10
[ 1080.908126][T20989]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1080.908153][T20989]  ? __pfx__printk+0x10/0x10
[ 1080.908193][T20989]  ? __pfx___might_resched+0x10/0x10
[ 1080.908218][T20989]  ? fs_reclaim_acquire+0x7d/0x100
[ 1080.908251][T20989]  should_fail_ex+0x414/0x560
[ 1080.908281][T20989]  should_failslab+0xa8/0x100
[ 1080.908309][T20989]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1080.908332][T20989]  ? dup_task_struct+0x52/0x860
[ 1080.908363][T20989]  dup_task_struct+0x52/0x860
[ 1080.908389][T20989]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1080.908418][T20989]  copy_process+0x544/0x3b80
[ 1080.908443][T20989]  ? __lock_acquire+0xab9/0xd20
[ 1080.908477][T20989]  ? __might_fault+0xb0/0x130
[ 1080.908512][T20989]  ? __pfx_copy_process+0x10/0x10
[ 1080.908543][T20989]  ? _copy_from_user+0x94/0xb0
[ 1080.908582][T20989]  kernel_clone+0x224/0x7f0
[ 1080.908613][T20989]  ? __pfx_kernel_clone+0x10/0x10
[ 1080.908639][T20989]  ? rcu_read_lock_any_held+0xb3/0x120
[ 1080.908689][T20989]  __se_sys_clone3+0x256/0x2d0
[ 1080.908722][T20989]  ? __pfx___se_sys_clone3+0x10/0x10
[ 1080.908750][T20989]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1080.908790][T20989]  ? __fget_files+0x3a0/0x420
[ 1080.908835][T20989]  ? __pfx_ksys_write+0x10/0x10
[ 1080.908854][T20989]  ? rcu_is_watching+0x15/0xb0
[ 1080.908885][T20989]  ? do_syscall_64+0xbe/0x3b0
[ 1080.908915][T20989]  do_syscall_64+0xfa/0x3b0
[ 1080.908939][T20989]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1080.908962][T20989]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1080.908985][T20989]  ? clear_bhb_loop+0x60/0xb0
[ 1080.909013][T20989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1080.909036][T20989] RIP: 0033:0x7f2fabf8e9a9
[ 1080.909056][T20989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1080.909076][T20989] RSP: 002b:00007f2facd12f08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 1080.909101][T20989] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f2fabf8e9a9
[ 1080.909118][T20989] RDX: 00007f2facd12f20 RSI: 0000000000000058 RDI: 00007f2facd12f20
[ 1080.909133][T20989] RBP: 00007f2facd13090 R08: 0000000000000000 R09: 0000000000000058
[ 1080.909148][T20989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1080.909169][T20989] R13: 0000000000000000 R14: 00007f2fac1b5fa0 R15: 00007ffddf06d328
[ 1080.909204][T20989]  </TASK>
[ 1084.026243][T21024] FAULT_INJECTION: forcing a failure.
[ 1084.026243][T21024] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1084.053724][T21024] CPU: 1 UID: 0 PID: 21024 Comm: syz.1.4833 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1084.053757][T21024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1084.053772][T21024] Call Trace:
[ 1084.053781][T21024]  <TASK>
[ 1084.053792][T21024]  dump_stack_lvl+0x189/0x250
[ 1084.053823][T21024]  ? __pfx____ratelimit+0x10/0x10
[ 1084.053848][T21024]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1084.053875][T21024]  ? __pfx__printk+0x10/0x10
[ 1084.053926][T21024]  should_fail_ex+0x414/0x560
[ 1084.053957][T21024]  _copy_to_user+0x31/0xb0
[ 1084.053989][T21024]  simple_read_from_buffer+0xe1/0x170
[ 1084.054020][T21024]  proc_fail_nth_read+0x1df/0x250
[ 1084.054053][T21024]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1084.054085][T21024]  ? rw_verify_area+0x258/0x650
[ 1084.054120][T21024]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1084.054149][T21024]  vfs_read+0x200/0x980
[ 1084.054190][T21024]  ? __pfx___mutex_lock+0x10/0x10
[ 1084.054217][T21024]  ? __pfx_vfs_read+0x10/0x10
[ 1084.054253][T21024]  ? __fget_files+0x2a/0x420
[ 1084.054285][T21024]  ? __fget_files+0x3a0/0x420
[ 1084.054309][T21024]  ? __fget_files+0x2a/0x420
[ 1084.054344][T21024]  ksys_read+0x145/0x250
[ 1084.054365][T21024]  ? __fget_files+0x3a0/0x420
[ 1084.054391][T21024]  ? __pfx_ksys_read+0x10/0x10
[ 1084.054419][T21024]  ? do_syscall_64+0xbe/0x3b0
[ 1084.054448][T21024]  do_syscall_64+0xfa/0x3b0
[ 1084.054472][T21024]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1084.054496][T21024]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1084.054519][T21024]  ? clear_bhb_loop+0x60/0xb0
[ 1084.054546][T21024]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1084.054569][T21024] RIP: 0033:0x7f2fabf8d3bc
[ 1084.054589][T21024] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1084.054609][T21024] RSP: 002b:00007f2facd13030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1084.054633][T21024] RAX: ffffffffffffffda RBX: 00007f2fac1b5fa0 RCX: 00007f2fabf8d3bc
[ 1084.054649][T21024] RDX: 000000000000000f RSI: 00007f2facd130a0 RDI: 0000000000000004
[ 1084.054663][T21024] RBP: 00007f2facd13090 R08: 0000000000000000 R09: 0000000000000000
[ 1084.054677][T21024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1084.054691][T21024] R13: 0000000000000000 R14: 00007f2fac1b5fa0 R15: 00007ffddf06d328
[ 1084.054726][T21024]  </TASK>
[ 1084.612425][T21053] FAULT_INJECTION: forcing a failure.
[ 1084.612425][T21053] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1084.629046][T21053] CPU: 1 UID: 0 PID: 21053 Comm: syz.5.4840 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1084.629080][T21053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1084.629095][T21053] Call Trace:
[ 1084.629105][T21053]  <TASK>
[ 1084.629115][T21053]  dump_stack_lvl+0x189/0x250
[ 1084.629145][T21053]  ? __pfx____ratelimit+0x10/0x10
[ 1084.629171][T21053]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1084.629195][T21053]  ? __pfx__printk+0x10/0x10
[ 1084.629224][T21053]  ? __might_fault+0xb0/0x130
[ 1084.629258][T21053]  should_fail_ex+0x414/0x560
[ 1084.629287][T21053]  _copy_from_user+0x2d/0xb0
[ 1084.629319][T21053]  copy_clone_args_from_user+0x1d5/0x6d0
[ 1084.629363][T21053]  ? __pfx_copy_clone_args_from_user+0x10/0x10
[ 1084.629394][T21053]  ? rcu_read_lock_any_held+0xb3/0x120
[ 1084.629443][T21053]  __se_sys_clone3+0xf1/0x2d0
[ 1084.629474][T21053]  ? __pfx___se_sys_clone3+0x10/0x10
[ 1084.629501][T21053]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1084.629542][T21053]  ? __fget_files+0x3a0/0x420
[ 1084.629585][T21053]  ? __pfx_ksys_write+0x10/0x10
[ 1084.629612][T21053]  ? do_syscall_64+0xbe/0x3b0
[ 1084.629642][T21053]  do_syscall_64+0xfa/0x3b0
[ 1084.629666][T21053]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1084.629689][T21053]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1084.629712][T21053]  ? clear_bhb_loop+0x60/0xb0
[ 1084.629739][T21053]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1084.629762][T21053] RIP: 0033:0x7fa818f8e9a9
[ 1084.629781][T21053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1084.629800][T21053] RSP: 002b:00007fa819d56f08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 1084.629824][T21053] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fa818f8e9a9
[ 1084.629840][T21053] RDX: 00007fa819d56f20 RSI: 0000000000000058 RDI: 00007fa819d56f20
[ 1084.629864][T21053] RBP: 00007fa819d57090 R08: 0000000000000000 R09: 0000000000000058
[ 1084.629879][T21053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1084.629891][T21053] R13: 0000000000000000 R14: 00007fa8191b6160 R15: 00007ffe1032c558
[ 1084.629926][T21053]  </TASK>
[ 1084.884455][T21054] fuse: Bad value for 'max_read'
[ 1085.278726][T12362] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0
[ 1085.330978][T12362] hid-generic 0000:0000:0000.002A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1085.631649][T21085] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4851'.
[ 1087.964126][T21093] FAULT_INJECTION: forcing a failure.
[ 1087.964126][T21093] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1087.992043][T21093] CPU: 0 UID: 0 PID: 21093 Comm: syz.5.4853 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1087.992078][T21093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1087.992094][T21093] Call Trace:
[ 1087.992104][T21093]  <TASK>
[ 1087.992115][T21093]  dump_stack_lvl+0x189/0x250
[ 1087.992148][T21093]  ? __pfx____ratelimit+0x10/0x10
[ 1087.992174][T21093]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1087.992202][T21093]  ? __pfx__printk+0x10/0x10
[ 1087.992250][T21093]  should_fail_ex+0x414/0x560
[ 1087.992281][T21093]  __kvm_read_guest_page+0x18d/0x240
[ 1087.992314][T21093]  kvm_fetch_guest_virt+0x12b/0x170
[ 1087.992362][T21093]  ? __pfx_kvm_fetch_guest_virt+0x10/0x10
[ 1087.992396][T21093]  __do_insn_fetch_bytes+0x2f9/0x6d0
[ 1087.992428][T21093]  ? __pfx___do_insn_fetch_bytes+0x10/0x10
[ 1087.992470][T21093]  x86_decode_insn+0x33c/0x5310
[ 1087.992531][T21093]  ? __pfx_x86_decode_insn+0x10/0x10
[ 1087.992572][T21093]  ? __asan_memset+0x22/0x50
[ 1087.992605][T21093]  ? init_decode_cache+0x78/0x90
[ 1087.992629][T21093]  ? init_emulate_ctxt+0x4d6/0x660
[ 1087.992656][T21093]  ? __pfx_init_emulate_ctxt+0x10/0x10
[ 1087.992681][T21093]  ? __phys_addr+0xd3/0x180
[ 1087.992707][T21093]  ? __pfx_rcu_note_context_switch+0x10/0x10
[ 1087.992738][T21093]  ? __get_current_cr3_fast+0x90/0x150
[ 1087.992772][T21093]  x86_emulate_instruction+0x60a/0x1ef0
[ 1087.992806][T21093]  ? vmx_vcpu_run+0x162e/0x25d0
[ 1087.992836][T21093]  ? __pfx_x86_emulate_instruction+0x10/0x10
[ 1087.992863][T21093]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[ 1087.992886][T21093]  ? __pfx_current_save_fsgs+0x10/0x10
[ 1087.992924][T21093]  ? __lock_acquire+0xab9/0xd20
[ 1087.992946][T21093]  ? handle_io+0x1e3/0x270
[ 1087.992973][T21093]  ? __pfx_handle_io+0x10/0x10
[ 1087.992999][T21093]  vmx_handle_exit+0x1090/0x18a0
[ 1087.993024][T21093]  ? vcpu_run+0x361c/0x6f70
[ 1087.993067][T21093]  vcpu_run+0x432e/0x6f70
[ 1087.993117][T21093]  ? vcpu_run+0x361c/0x6f70
[ 1087.993200][T21093]  ? __pfx_vcpu_run+0x10/0x10
[ 1087.993235][T21093]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[ 1087.993272][T21093]  ? rcu_is_watching+0x15/0xb0
[ 1087.993301][T21093]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[ 1087.993350][T21093]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[ 1087.993378][T21093]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1087.993412][T21093]  ? rcu_is_watching+0x15/0xb0
[ 1087.993437][T21093]  ? trace_contention_end+0x39/0x120
[ 1087.993464][T21093]  ? __mutex_lock+0x330/0xe80
[ 1087.993492][T21093]  ? kasan_quarantine_put+0xdd/0x220
[ 1087.993530][T21093]  ? kvm_vcpu_ioctl+0x22e/0xe90
[ 1087.993561][T21093]  ? __pfx___mutex_lock+0x10/0x10
[ 1087.993587][T21093]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1087.993614][T21093]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1087.993639][T21093]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1087.993671][T21093]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1087.993706][T21093]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1087.993730][T21093]  ? __lock_acquire+0xab9/0xd20
[ 1087.993755][T21093]  ? __asan_memset+0x22/0x50
[ 1087.993785][T21093]  ? smack_file_ioctl+0x302/0x340
[ 1087.993810][T21093]  ? __pfx_smack_file_ioctl+0x10/0x10
[ 1087.993843][T21093]  ? __fget_files+0x2a/0x420
[ 1087.993867][T21093]  ? __fget_files+0x3a0/0x420
[ 1087.993890][T21093]  ? __fget_files+0x2a/0x420
[ 1087.993919][T21093]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1087.993944][T21093]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1087.993989][T21093]  __se_sys_ioctl+0xfc/0x170
[ 1087.994027][T21093]  do_syscall_64+0xfa/0x3b0
[ 1087.994051][T21093]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1087.994075][T21093]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1087.994098][T21093]  ? clear_bhb_loop+0x60/0xb0
[ 1087.994126][T21093]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1087.994148][T21093] RIP: 0033:0x7fa818f8e9a9
[ 1087.994169][T21093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1087.994188][T21093] RSP: 002b:00007fa819d99038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1087.994226][T21093] RAX: ffffffffffffffda RBX: 00007fa8191b5fa0 RCX: 00007fa818f8e9a9
[ 1087.994242][T21093] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1087.994256][T21093] RBP: 00007fa819d99090 R08: 0000000000000000 R09: 0000000000000000
[ 1087.994270][T21093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1087.994284][T21093] R13: 0000000000000000 R14: 00007fa8191b5fa0 R15: 00007ffe1032c558
[ 1087.994343][T21093]  </TASK>
[ 1088.424884][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1091.278691][T21146] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4863'.
[ 1091.306208][   T30] audit: type=1400 audit(1753921289.953:2672): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="%{" requested=w pid=21140 comm="syz.6.4865" daddr=::ffff:172.20.20.0
[ 1091.381927][  T977] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[ 1091.715593][  T977] usb 6-1: Using ep0 maxpacket: 8
[ 1091.968476][  T977] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1092.030626][  T977] usb 6-1: config 16 interface 0 has no altsetting 0
[ 1092.051395][  T977] usb 6-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=1a.35
[ 1092.084027][  T977] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1093.613529][  T977] usb 6-1: Product: syz
[ 1093.672286][  T977] usb 6-1: Manufacturer: syz
[ 1094.120548][  T977] usb 6-1: SerialNumber: syz
[ 1094.349184][  T977] usb 6-1: can't set config #16, error -71
[ 1094.933302][  T977] usb 6-1: USB disconnect, device number 18
[ 1095.207226][T21169] veth1_to_bond: entered allmulticast mode
[ 1095.252409][T21169] veth1_to_bond: entered promiscuous mode
[ 1095.563740][ T7868] usb 3-1: new high-speed USB device number 116 using dummy_hcd
[ 1095.734010][ T7868] usb 3-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1095.743738][ T7868] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 12336, setting to 64
[ 1095.758343][ T7868] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1095.768000][ T7868] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1095.776202][ T7868] usb 3-1: Manufacturer: syz
[ 1095.786376][ T7868] usb 3-1: config 0 descriptor??
[ 1096.351456][T21168] veth1_to_bond: left promiscuous mode
[ 1096.477846][T21168] veth1_to_bond: left allmulticast mode
[ 1097.002259][ T7868] rc_core: IR keymap rc-hauppauge not found
[ 1097.008244][ T7868] Registered IR keymap rc-empty
[ 1097.046384][ T7868] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[ 1097.069597][ T7868] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input51
[ 1097.129637][ T7868] usb 3-1: USB disconnect, device number 116
[ 1097.301565][T21194] netlink: 144 bytes leftover after parsing attributes in process `syz.1.4879'.
[ 1097.462238][ T7888] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[ 1097.622172][ T7888] usb 6-1: Using ep0 maxpacket: 32
[ 1097.636974][ T7888] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1097.647537][ T7888] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1097.664040][ T7888] usb 6-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[ 1097.673480][ T7888] usb 6-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[ 1097.682700][ T7888] usb 6-1: Product: syz
[ 1097.687015][ T7888] usb 6-1: Manufacturer: syz
[ 1097.691655][ T7888] usb 6-1: SerialNumber: syz
[ 1097.702879][ T7888] appletouch 6-1:1.0: Could not find int-in endpoint
[ 1097.709805][ T7888] appletouch 6-1:1.0: probe with driver appletouch failed with error -5
[ 1097.719650][ T7888] usbhid 6-1:1.0: couldn't find an input interrupt endpoint
[ 1097.943907][ T5846] usb 6-1: USB disconnect, device number 19
[ 1099.024234][   T30] audit: type=1326 audit(1753921297.663:2673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21220 comm="syz.1.4888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fabf8e9a9 code=0x7ffc0000
[ 1099.103175][   T30] audit: type=1326 audit(1753921297.673:2674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21220 comm="syz.1.4888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f2fabf8e9a9 code=0x7ffc0000
[ 1099.186187][   T30] audit: type=1326 audit(1753921297.673:2675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21220 comm="syz.1.4888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fabf8e9a9 code=0x7ffc0000
[ 1099.365239][   T30] audit: type=1326 audit(1753921297.673:2676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21220 comm="syz.1.4888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f2fabf8e9a9 code=0x7ffc0000
[ 1099.821092][   T30] audit: type=1326 audit(1753921297.673:2677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21220 comm="syz.1.4888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fabf8e9a9 code=0x7ffc0000
[ 1099.927356][   T30] audit: type=1326 audit(1753921297.673:2678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21220 comm="syz.1.4888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2fabf8e9a9 code=0x7ffc0000
[ 1100.062926][   T30] audit: type=1326 audit(1753921297.673:2679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21220 comm="syz.1.4888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fabf8e9a9 code=0x7ffc0000
[ 1100.110839][T21231] FAULT_INJECTION: forcing a failure.
[ 1100.110839][T21231] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1100.116549][   T30] audit: type=1326 audit(1753921297.673:2680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21220 comm="syz.1.4888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2fabf8e9a9 code=0x7ffc0000
[ 1100.181167][T21231] CPU: 0 UID: 0 PID: 21231 Comm: syz.6.4891 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1100.181207][T21231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1100.181223][T21231] Call Trace:
[ 1100.181233][T21231]  <TASK>
[ 1100.181243][T21231]  dump_stack_lvl+0x189/0x250
[ 1100.181276][T21231]  ? __pfx____ratelimit+0x10/0x10
[ 1100.181301][T21231]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1100.181327][T21231]  ? __pfx__printk+0x10/0x10
[ 1100.181370][T21231]  should_fail_ex+0x414/0x560
[ 1100.181399][T21231]  __kvm_read_guest_page+0x18d/0x240
[ 1100.181433][T21231]  kvm_vcpu_read_guest+0x75/0x150
[ 1100.181465][T21231]  read_emulate+0x2c/0x50
[ 1100.181493][T21231]  emulator_read_write_onepage+0x6a3/0xa10
[ 1100.181531][T21231]  emulator_read_write+0x1c9/0x560
[ 1100.181562][T21231]  ? __pfx_emulator_read_emulated+0x10/0x10
[ 1100.181596][T21231]  segmented_read+0x1b7/0x3f0
[ 1100.181633][T21231]  x86_emulate_insn+0x315/0x3bf0
[ 1100.181669][T21231]  ? rcu_is_watching+0x15/0xb0
[ 1100.181699][T21231]  x86_emulate_instruction+0xd1a/0x1ef0
[ 1100.181744][T21231]  ? __pfx_x86_emulate_instruction+0x10/0x10
[ 1100.181771][T21231]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[ 1100.181794][T21231]  ? __pfx_current_save_fsgs+0x10/0x10
[ 1100.181831][T21231]  ? __lock_acquire+0xab9/0xd20
[ 1100.181852][T21231]  ? handle_io+0x1e3/0x270
[ 1100.181879][T21231]  ? __pfx_handle_io+0x10/0x10
[ 1100.181905][T21231]  vmx_handle_exit+0x1090/0x18a0
[ 1100.181931][T21231]  ? vcpu_run+0x361c/0x6f70
[ 1100.181975][T21231]  vcpu_run+0x432e/0x6f70
[ 1100.182026][T21231]  ? vcpu_run+0x361c/0x6f70
[ 1100.182108][T21231]  ? __pfx_vcpu_run+0x10/0x10
[ 1100.182143][T21231]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[ 1100.182187][T21231]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[ 1100.182225][T21231]  ? __bpf_trace_contention_end+0xdc/0x130
[ 1100.182251][T21231]  ? __pfx___bpf_trace_contention_end+0x10/0x10
[ 1100.182281][T21231]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[ 1100.182309][T21231]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1100.182344][T21231]  ? rcu_is_watching+0x15/0xb0
[ 1100.182368][T21231]  ? trace_contention_end+0x39/0x120
[ 1100.182396][T21231]  ? __mutex_lock+0x330/0xe80
[ 1100.182424][T21231]  ? kasan_quarantine_put+0xdd/0x220
[ 1100.182463][T21231]  ? kvm_vcpu_ioctl+0x22e/0xe90
[ 1100.182494][T21231]  ? __pfx___mutex_lock+0x10/0x10
[ 1100.182520][T21231]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1100.182547][T21231]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1100.182573][T21231]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1100.182606][T21231]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1100.182642][T21231]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1100.182666][T21231]  ? __lock_acquire+0xab9/0xd20
[ 1100.182691][T21231]  ? __asan_memset+0x22/0x50
[ 1100.182722][T21231]  ? smack_file_ioctl+0x302/0x340
[ 1100.182745][T21231]  ? __pfx_smack_file_ioctl+0x10/0x10
[ 1100.182778][T21231]  ? __fget_files+0x2a/0x420
[ 1100.182801][T21231]  ? __fget_files+0x3a0/0x420
[ 1100.182825][T21231]  ? __fget_files+0x2a/0x420
[ 1100.182853][T21231]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1100.182879][T21231]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1100.182907][T21231]  __se_sys_ioctl+0xfc/0x170
[ 1100.182944][T21231]  do_syscall_64+0xfa/0x3b0
[ 1100.182968][T21231]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1100.182991][T21231]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1100.183014][T21231]  ? clear_bhb_loop+0x60/0xb0
[ 1100.183041][T21231]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1100.183064][T21231] RIP: 0033:0x7feaaaf8e9a9
[ 1100.183084][T21231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1100.183105][T21231] RSP: 002b:00007feaabdf3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1100.183129][T21231] RAX: ffffffffffffffda RBX: 00007feaab1b5fa0 RCX: 00007feaaaf8e9a9
[ 1100.183146][T21231] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1100.183160][T21231] RBP: 00007feaabdf3090 R08: 0000000000000000 R09: 0000000000000000
[ 1100.183174][T21231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1100.183197][T21231] R13: 0000000000000000 R14: 00007feaab1b5fa0 R15: 00007ffd518444c8
[ 1100.183245][T21231]  </TASK>
[ 1100.626902][   T30] audit: type=1326 audit(1753921297.673:2681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21220 comm="syz.1.4888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fabf8e9a9 code=0x7ffc0000
[ 1100.663853][   T30] audit: type=1400 audit(1753921299.313:2682): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="%{" requested=w pid=21243 comm="syz.7.4896" daddr=::ffff:172.20.20.20 dest=20003
[ 1100.881903][T12362] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[ 1101.091864][T12362] usb 6-1: Using ep0 maxpacket: 8
[ 1101.668210][T12362] usb 6-1: config 1 interface 0 altsetting 175 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1101.695210][T12362] usb 6-1: config 1 interface 0 has no altsetting 0
[ 1101.707456][T12362] usb 6-1: New USB device found, idVendor=056a, idProduct=00d4, bcdDevice= 0.40
[ 1101.798035][T12362] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1101.836679][T12362] usb 6-1: Product: syz
[ 1101.840923][T12362] usb 6-1: Manufacturer: й
[ 1101.865359][T12362] usb 6-1: SerialNumber: syz
[ 1102.030421][T21257] netlink: 32 bytes leftover after parsing attributes in process `syz.6.4899'.
[ 1102.048936][T21260] FAULT_INJECTION: forcing a failure.
[ 1102.048936][T21260] name failslab, interval 1, probability 0, space 0, times 0
[ 1102.091952][T21260] CPU: 1 UID: 0 PID: 21260 Comm: syz.7.4902 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1102.091987][T21260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1102.092001][T21260] Call Trace:
[ 1102.092011][T21260]  <TASK>
[ 1102.092022][T21260]  dump_stack_lvl+0x189/0x250
[ 1102.092062][T21260]  ? __pfx____ratelimit+0x10/0x10
[ 1102.092087][T21260]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1102.092114][T21260]  ? __pfx__printk+0x10/0x10
[ 1102.092150][T21260]  ? __pfx___might_resched+0x10/0x10
[ 1102.092174][T21260]  ? fs_reclaim_acquire+0x7d/0x100
[ 1102.092208][T21260]  should_fail_ex+0x414/0x560
[ 1102.092238][T21260]  should_failslab+0xa8/0x100
[ 1102.092266][T21260]  __kmalloc_noprof+0xcb/0x4f0
[ 1102.092289][T21260]  ? alloc_port_data+0xfb/0x360
[ 1102.092313][T21260]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1102.092341][T21260]  alloc_port_data+0xfb/0x360
[ 1102.092376][T21260]  ib_device_set_netdev+0xd3/0x6d0
[ 1102.092403][T21260]  ? ib_set_device_ops+0x3cc6/0x3e10
[ 1102.092437][T21260]  siw_newlink+0x405/0xd70
[ 1102.092464][T21260]  nldev_newlink+0x4a5/0x5a0
[ 1102.092501][T21260]  ? __pfx_nldev_newlink+0x10/0x10
[ 1102.092637][T21260]  ? __lock_acquire+0xab9/0xd20
[ 1102.092678][T21260]  ? cap_capable+0x11f/0x460
[ 1102.092703][T21260]  ? safesetid_security_capable+0xa9/0x1a0
[ 1102.092731][T21260]  ? bpf_lsm_capable+0x9/0x20
[ 1102.092759][T21260]  ? security_capable+0x7e/0x2e0
[ 1102.092791][T21260]  ? __pfx_nldev_newlink+0x10/0x10
[ 1102.092826][T21260]  rdma_nl_rcv+0x6ae/0x980
[ 1102.092877][T21260]  ? __pfx_rdma_nl_rcv+0x10/0x10
[ 1102.092913][T21260]  ? __lock_acquire+0xab9/0xd20
[ 1102.092958][T21260]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1102.092991][T21260]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1102.093029][T21260]  netlink_unicast+0x75c/0x8e0
[ 1102.093080][T21260]  netlink_sendmsg+0x805/0xb30
[ 1102.093124][T21260]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1102.093167][T21260]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1102.093188][T21260]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1102.093223][T21260]  __sock_sendmsg+0x21c/0x270
[ 1102.093254][T21260]  ____sys_sendmsg+0x505/0x830
[ 1102.093297][T21260]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1102.093343][T21260]  ? import_iovec+0x74/0xa0
[ 1102.093379][T21260]  ___sys_sendmsg+0x21f/0x2a0
[ 1102.093418][T21260]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1102.093496][T21260]  ? __fget_files+0x2a/0x420
[ 1102.093522][T21260]  ? __fget_files+0x3a0/0x420
[ 1102.093560][T21260]  __x64_sys_sendmsg+0x19b/0x260
[ 1102.093599][T21260]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1102.093646][T21260]  ? __pfx_ksys_write+0x10/0x10
[ 1102.093666][T21260]  ? rcu_is_watching+0x15/0xb0
[ 1102.093697][T21260]  ? do_syscall_64+0xbe/0x3b0
[ 1102.093727][T21260]  do_syscall_64+0xfa/0x3b0
[ 1102.093752][T21260]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1102.093775][T21260]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1102.093799][T21260]  ? clear_bhb_loop+0x60/0xb0
[ 1102.093827][T21260]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1102.093850][T21260] RIP: 0033:0x7fe01658e9a9
[ 1102.093871][T21260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1102.093892][T21260] RSP: 002b:00007fe0143f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1102.093916][T21260] RAX: ffffffffffffffda RBX: 00007fe0167b5fa0 RCX: 00007fe01658e9a9
[ 1102.093934][T21260] RDX: 0000000000000100 RSI: 00002000000002c0 RDI: 0000000000000004
[ 1102.093950][T21260] RBP: 00007fe0143f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1102.093964][T21260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1102.093978][T21260] R13: 0000000000000000 R14: 00007fe0167b5fa0 R15: 00007ffe47d6f8f8
[ 1102.094027][T21260]  </TASK>
[ 1102.192331][ T5846] usb 3-1: new high-speed USB device number 117 using dummy_hcd
[ 1102.230717][T21242] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1102.232649][T21242] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1102.235873][T21242] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1102.802445][ T5846] usb 3-1: Using ep0 maxpacket: 32
[ 1102.824607][T21242] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1102.826637][ T5846] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1102.875074][T21242] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1102.884712][T21242] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1102.905187][ T5846] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1102.941018][T12362] usbhid 6-1:1.0: can't add hid device: -71
[ 1103.058048][T12362] usbhid 6-1:1.0: probe with driver usbhid failed with error -71
[ 1103.076722][T12362] usb 6-1: USB disconnect, device number 20
[ 1103.095099][ T5846] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[ 1103.106446][ T5846] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[ 1103.125148][ T5846] usb 3-1: Product: syz
[ 1103.129396][ T5846] usb 3-1: Manufacturer: syz
[ 1103.134913][ T5846] usb 3-1: SerialNumber: syz
[ 1103.152101][ T5846] appletouch 3-1:1.0: Could not find int-in endpoint
[ 1103.161068][ T5846] appletouch 3-1:1.0: probe with driver appletouch failed with error -5
[ 1103.178621][ T5846] usbhid 3-1:1.0: couldn't find an input interrupt endpoint
[ 1103.202804][T21271] bond1 (unregistering): Released all slaves
[ 1104.280405][ T5846] usb 3-1: USB disconnect, device number 117
[ 1105.999644][T21295] tmpfs: Bad value for 'mpol'
[ 1107.010997][T21302] fuse: Bad value for 'fd'
[ 1109.810040][T12362] hid-generic 0000:0000:0000.002B: unknown main item tag 0x0
[ 1110.104538][T12362] hid-generic 0000:0000:0000.002B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1111.027160][T21349] netlink: 'syz.7.4926': attribute type 10 has an invalid length.
[ 1111.076772][T21352] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3)
[ 1111.083378][T21352] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1111.094442][T21349] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1111.106798][T21348] netlink: 'syz.7.4926': attribute type 10 has an invalid length.
[ 1111.115339][T21349] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 1111.134322][T21348] netlink: 40 bytes leftover after parsing attributes in process `syz.7.4926'.
[ 1111.152688][T21362] FAULT_INJECTION: forcing a failure.
[ 1111.152688][T21362] name failslab, interval 1, probability 0, space 0, times 0
[ 1111.164383][T21352] vhci_hcd vhci_hcd.0: Device attached
[ 1111.186855][T21353] vhci_hcd: connection closed
[ 1111.189483][T21362] CPU: 0 UID: 0 PID: 21362 Comm: syz.1.4928 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1111.189516][T21362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1111.189531][T21362] Call Trace:
[ 1111.189540][T21362]  <TASK>
[ 1111.189550][T21362]  dump_stack_lvl+0x189/0x250
[ 1111.189581][T21362]  ? __pfx____ratelimit+0x10/0x10
[ 1111.189606][T21362]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1111.189631][T21362]  ? __pfx__printk+0x10/0x10
[ 1111.189674][T21362]  should_fail_ex+0x414/0x560
[ 1111.189705][T21362]  should_failslab+0xa8/0x100
[ 1111.189732][T21362]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1111.189755][T21362]  ? sctp_add_bind_addr+0x8c/0x370
[ 1111.189787][T21362]  sctp_add_bind_addr+0x8c/0x370
[ 1111.189820][T21362]  sctp_copy_local_addr_list+0x30b/0x4e0
[ 1111.189852][T21362]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[ 1111.189880][T21362]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[ 1111.189913][T21362]  ? sctp_v4_is_any+0x35/0x60
[ 1111.189940][T21362]  ? sctp_copy_one_addr+0x93/0x360
[ 1111.189972][T21362]  sctp_bind_addr_copy+0xb3/0x3c0
[ 1111.190000][T21362]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[ 1111.190041][T21362]  sctp_connect_new_asoc+0x2e0/0x690
[ 1111.190078][T21362]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 1111.190112][T21362]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1111.190145][T21362]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1111.190175][T21362]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1111.190208][T21362]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 1111.190233][T21362]  ? security_sctp_bind_connect+0x7e/0x2e0
[ 1111.190263][T21362]  sctp_sendmsg+0x155c/0x2810
[ 1111.190307][T21362]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1111.190338][T21362]  ? __lock_acquire+0xab9/0xd20
[ 1111.190378][T21362]  ? sock_rps_record_flow+0x19/0x410
[ 1111.190408][T21362]  ? inet_sendmsg+0x2f4/0x370
[ 1111.190435][T21362]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1111.190468][T21362]  __sock_sendmsg+0x19c/0x270
[ 1111.190499][T21362]  __sys_sendto+0x3bd/0x520
[ 1111.190534][T21362]  ? __pfx___sys_sendto+0x10/0x10
[ 1111.190562][T21362]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1111.190602][T21362]  ? __fget_files+0x3a0/0x420
[ 1111.190639][T21362]  ? ksys_write+0x22a/0x250
[ 1111.190663][T21362]  ? __pfx_ksys_write+0x10/0x10
[ 1111.190681][T21362]  ? rcu_is_watching+0x15/0xb0
[ 1111.190711][T21362]  __x64_sys_sendto+0xde/0x100
[ 1111.190747][T21362]  do_syscall_64+0xfa/0x3b0
[ 1111.190772][T21362]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1111.190793][T21362]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1111.190814][T21362]  ? clear_bhb_loop+0x60/0xb0
[ 1111.190840][T21362]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1111.190860][T21362] RIP: 0033:0x7f2fabf8e9a9
[ 1111.190879][T21362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1111.190898][T21362] RSP: 002b:00007f2facd13038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1111.190922][T21362] RAX: ffffffffffffffda RBX: 00007f2fac1b5fa0 RCX: 00007f2fabf8e9a9
[ 1111.190937][T21362] RDX: 0000000000000001 RSI: 00002000000002c0 RDI: 0000000000000003
[ 1111.190950][T21362] RBP: 00007f2facd13090 R08: 0000200000000000 R09: 0000000000000010
[ 1111.190964][T21362] R10: e61e2840a554b0d0 R11: 0000000000000246 R12: 0000000000000001
[ 1111.190978][T21362] R13: 0000000000000000 R14: 00007f2fac1b5fa0 R15: 00007ffddf06d328
[ 1111.191009][T21362]  </TASK>
[ 1111.547771][ T8878] vhci_hcd: stop threads
[ 1111.560691][ T8878] vhci_hcd: release socket
[ 1111.566091][ T8878] vhci_hcd: disconnect device
[ 1111.597059][T21348] batadv0: entered promiscuous mode
[ 1111.603292][T21348] batadv0: entered allmulticast mode
[ 1111.614745][ T7888] vhci_hcd: vhci_device speed not set
[ 1111.637468][T21348] bond0: (slave batadv0): Releasing backup interface
[ 1111.666326][T21348] bridge0: port 3(batadv0) entered blocking state
[ 1111.680357][T21348] bridge0: port 3(batadv0) entered disabled state
[ 1112.680163][ T8883] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[ 1112.690823][ T8883] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[ 1113.025205][T21386] netlink: 112 bytes leftover after parsing attributes in process `syz.1.4934'.
[ 1113.100772][T21386] openvswitch: netlink: Flow key attr not present in new flow.
[ 1113.314495][T21395] overlayfs: missing 'lowerdir'
[ 1114.600514][T21407] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4941'.
[ 1116.559560][T21426] netlink: 5128 bytes leftover after parsing attributes in process `syz.5.4946'.
[ 1117.346333][T21426] netlink: 5128 bytes leftover after parsing attributes in process `syz.5.4946'.
[ 1117.355931][T21426] netlink: 584 bytes leftover after parsing attributes in process `syz.5.4946'.
[ 1117.456160][T21425] netlink: 5128 bytes leftover after parsing attributes in process `syz.5.4946'.
[ 1117.482045][T21425] netlink: 5128 bytes leftover after parsing attributes in process `syz.5.4946'.
[ 1117.521480][T21425] netlink: 584 bytes leftover after parsing attributes in process `syz.5.4946'.
[ 1117.958440][ T7888] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[ 1118.128751][T21437] netlink: 212376 bytes leftover after parsing attributes in process `syz.6.4949'.
[ 1118.194863][ T7888] usb 6-1: config 1 has an invalid descriptor of length 99, skipping remainder of the config
[ 1118.234762][ T7888] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1118.294577][T21444] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4950'.
[ 1118.315938][ T7888] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1118.342637][ T7888] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1118.350731][ T7888] usb 6-1: SerialNumber: syz
[ 1118.422538][T21444] x_tables: ip_tables: ah match: only valid for protocol 51
[ 1118.660844][ T7888] usb 6-1: 0:2 : does not exist
[ 1118.677875][ T7888] usb 6-1: unit 255 not found!
[ 1118.706944][ T7888] usb 6-1: USB disconnect, device number 21
[ 1119.765581][T21447] FAULT_INJECTION: forcing a failure.
[ 1119.765581][T21447] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1119.779213][T21447] CPU: 0 UID: 0 PID: 21447 Comm: syz.6.4951 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1119.779243][T21447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1119.779258][T21447] Call Trace:
[ 1119.779268][T21447]  <TASK>
[ 1119.779278][T21447]  dump_stack_lvl+0x189/0x250
[ 1119.779309][T21447]  ? __pfx____ratelimit+0x10/0x10
[ 1119.779334][T21447]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1119.779360][T21447]  ? __pfx__printk+0x10/0x10
[ 1119.779390][T21447]  ? __might_fault+0xb0/0x130
[ 1119.779425][T21447]  should_fail_ex+0x414/0x560
[ 1119.779453][T21447]  _copy_from_iter+0x1db/0x16f0
[ 1119.779485][T21447]  ? rcu_is_watching+0x15/0xb0
[ 1119.779512][T21447]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[ 1119.779537][T21447]  ? __pfx__copy_from_iter+0x10/0x10
[ 1119.779567][T21447]  ? __build_skb_around+0x257/0x3e0
[ 1119.779603][T21447]  ? netlink_sendmsg+0x642/0xb30
[ 1119.779633][T21447]  ? skb_put+0x11b/0x210
[ 1119.779670][T21447]  netlink_sendmsg+0x6b2/0xb30
[ 1119.779720][T21447]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1119.779761][T21447]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1119.779784][T21447]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1119.779817][T21447]  __sock_sendmsg+0x21c/0x270
[ 1119.779847][T21447]  ____sys_sendmsg+0x505/0x830
[ 1119.779888][T21447]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1119.779932][T21447]  ? import_iovec+0x74/0xa0
[ 1119.779968][T21447]  ___sys_sendmsg+0x21f/0x2a0
[ 1119.780005][T21447]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1119.780091][T21447]  ? __fget_files+0x2a/0x420
[ 1119.780115][T21447]  ? __fget_files+0x3a0/0x420
[ 1119.780150][T21447]  __x64_sys_sendmsg+0x19b/0x260
[ 1119.780188][T21447]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1119.780232][T21447]  ? __pfx_ksys_write+0x10/0x10
[ 1119.780251][T21447]  ? rcu_is_watching+0x15/0xb0
[ 1119.780279][T21447]  ? do_syscall_64+0xbe/0x3b0
[ 1119.780308][T21447]  do_syscall_64+0xfa/0x3b0
[ 1119.780330][T21447]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1119.780353][T21447]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1119.780375][T21447]  ? clear_bhb_loop+0x60/0xb0
[ 1119.780402][T21447]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1119.780424][T21447] RIP: 0033:0x7feaaaf8e9a9
[ 1119.780443][T21447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1119.780462][T21447] RSP: 002b:00007feaabdf3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1119.780485][T21447] RAX: ffffffffffffffda RBX: 00007feaab1b5fa0 RCX: 00007feaaaf8e9a9
[ 1119.780501][T21447] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[ 1119.780516][T21447] RBP: 00007feaabdf3090 R08: 0000000000000000 R09: 0000000000000000
[ 1119.780530][T21447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1119.780543][T21447] R13: 0000000000000000 R14: 00007feaab1b5fa0 R15: 00007ffd518444c8
[ 1119.780575][T21447]  </TASK>
[ 1120.221060][T21468] netlink: 'syz.5.4956': attribute type 2 has an invalid length.
[ 1120.229189][T21468] netlink: 136 bytes leftover after parsing attributes in process `syz.5.4956'.
[ 1120.944447][T21474] netlink: 'syz.1.4955': attribute type 14 has an invalid length.
[ 1121.016137][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1121.241854][   T30] audit: type=1326 audit(1753921319.873:2683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21478 comm="syz.5.4958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa818f8e9a9 code=0x7ffc0000
[ 1121.263547][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1121.287839][   T30] audit: type=1326 audit(1753921319.873:2684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21478 comm="syz.5.4958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa818f8e9a9 code=0x7ffc0000
[ 1121.314787][   T30] audit: type=1326 audit(1753921319.873:2685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21478 comm="syz.5.4958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=297 compat=0 ip=0x7fa818f8e9a9 code=0x7ffc0000
[ 1121.386885][T21480] netlink: 14 bytes leftover after parsing attributes in process `syz.1.4955'.
[ 1122.015605][   T30] audit: type=1326 audit(1753921319.873:2686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21478 comm="syz.5.4958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa818f8e9a9 code=0x7ffc0000
[ 1122.689705][   T30] audit: type=1326 audit(1753921319.873:2687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21478 comm="syz.5.4958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa818f8e9a9 code=0x7ffc0000
[ 1122.807326][   T30] audit: type=1326 audit(1753921319.923:2688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21478 comm="syz.5.4958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa818f8e9a9 code=0x7ffc0000
[ 1122.882065][   T30] audit: type=1326 audit(1753921319.923:2689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21478 comm="syz.5.4958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa818f8e9a9 code=0x7ffc0000
[ 1123.012124][   T30] audit: type=1326 audit(1753921319.923:2690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21478 comm="syz.5.4958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa818f8e9a9 code=0x7ffc0000
[ 1123.126498][   T30] audit: type=1326 audit(1753921319.923:2691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21478 comm="syz.5.4958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa818f8e9a9 code=0x7ffc0000
[ 1123.462713][T21499] genirq: Flags mismatch irq 4. 00200000 (das16m1) vs. 00200080 (ttyS0)
[ 1123.469411][   T30] audit: type=1326 audit(1753921319.923:2692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21478 comm="syz.5.4958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa818f8e9a9 code=0x7ffc0000
[ 1123.877079][T21504] netlink: 134820 bytes leftover after parsing attributes in process `syz.6.4965'.
[ 1124.678993][T21480] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1125.297075][T21480] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1125.312130][T21480] bond0 (unregistering): Released all slaves
[ 1126.139958][T21532] netlink: 'syz.5.4970': attribute type 1 has an invalid length.
[ 1126.147952][T21532] netlink: 224 bytes leftover after parsing attributes in process `syz.5.4970'.
[ 1127.461078][T21541] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[ 1128.643734][T21556] TCP: tcp_parse_options: Illegal window scaling value 254 > 14 received
[ 1128.684541][T21556] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1129.039484][T21569] FAULT_INJECTION: forcing a failure.
[ 1129.039484][T21569] name failslab, interval 1, probability 0, space 0, times 0
[ 1129.081360][T21569] CPU: 0 UID: 0 PID: 21569 Comm: syz.6.4982 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1129.081394][T21569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1129.081410][T21569] Call Trace:
[ 1129.081419][T21569]  <TASK>
[ 1129.081429][T21569]  dump_stack_lvl+0x189/0x250
[ 1129.081467][T21569]  ? __pfx____ratelimit+0x10/0x10
[ 1129.081492][T21569]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1129.081518][T21569]  ? __pfx__printk+0x10/0x10
[ 1129.081562][T21569]  should_fail_ex+0x414/0x560
[ 1129.081604][T21569]  should_failslab+0xa8/0x100
[ 1129.081630][T21569]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1129.081652][T21569]  ? sctp_add_bind_addr+0x8c/0x370
[ 1129.081765][T21569]  sctp_add_bind_addr+0x8c/0x370
[ 1129.081803][T21569]  sctp_copy_local_addr_list+0x30b/0x4e0
[ 1129.081835][T21569]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[ 1129.081861][T21569]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[ 1129.081924][T21569]  ? sctp_v4_is_any+0x35/0x60
[ 1129.081951][T21569]  ? sctp_copy_one_addr+0x93/0x360
[ 1129.081983][T21569]  sctp_bind_addr_copy+0xb3/0x3c0
[ 1129.082012][T21569]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[ 1129.082040][T21569]  sctp_connect_new_asoc+0x2e0/0x690
[ 1129.082078][T21569]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 1129.082114][T21569]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1129.082145][T21569]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1129.082176][T21569]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1129.082210][T21569]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 1129.082236][T21569]  ? security_sctp_bind_connect+0x7e/0x2e0
[ 1129.082266][T21569]  sctp_sendmsg+0x155c/0x2810
[ 1129.082309][T21569]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1129.082340][T21569]  ? __lock_acquire+0xab9/0xd20
[ 1129.082382][T21569]  ? sock_rps_record_flow+0x19/0x410
[ 1129.082411][T21569]  ? inet_sendmsg+0x2f4/0x370
[ 1129.082435][T21569]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1129.082461][T21569]  __sock_sendmsg+0x19c/0x270
[ 1129.082491][T21569]  __sys_sendto+0x3bd/0x520
[ 1129.082525][T21569]  ? __pfx___sys_sendto+0x10/0x10
[ 1129.082553][T21569]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1129.082593][T21569]  ? __fget_files+0x3a0/0x420
[ 1129.082627][T21569]  ? ksys_write+0x22a/0x250
[ 1129.082649][T21569]  ? __pfx_ksys_write+0x10/0x10
[ 1129.082664][T21569]  ? rcu_is_watching+0x15/0xb0
[ 1129.082695][T21569]  __x64_sys_sendto+0xde/0x100
[ 1129.082731][T21569]  do_syscall_64+0xfa/0x3b0
[ 1129.082756][T21569]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1129.082779][T21569]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1129.082800][T21569]  ? clear_bhb_loop+0x60/0xb0
[ 1129.082826][T21569]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1129.082847][T21569] RIP: 0033:0x7feaaaf8e9a9
[ 1129.082923][T21569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1129.082949][T21569] RSP: 002b:00007feaabdf3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1129.082972][T21569] RAX: ffffffffffffffda RBX: 00007feaab1b5fa0 RCX: 00007feaaaf8e9a9
[ 1129.082989][T21569] RDX: 0000000000000001 RSI: 00002000000002c0 RDI: 0000000000000003
[ 1129.083003][T21569] RBP: 00007feaabdf3090 R08: 0000200000000000 R09: 0000000000000010
[ 1129.083019][T21569] R10: e61e2840a554b0d0 R11: 0000000000000246 R12: 0000000000000002
[ 1129.083034][T21569] R13: 0000000000000000 R14: 00007feaab1b5fa0 R15: 00007ffd518444c8
[ 1129.083070][T21569]  </TASK>
[ 1129.406942][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1131.738408][T21605] netlink: 16402 bytes leftover after parsing attributes in process `syz.7.4988'.
[ 1132.033775][   T30] kauditd_printk_skb: 5 callbacks suppressed
[ 1132.033796][   T30] audit: type=1326 audit(1753921330.673:2698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21586 comm="syz.7.4988" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe01658e9a9 code=0x0
[ 1132.540684][T21615] GUP no longer grows the stack in syz.6.4994 (21615): 200000005000-200000008000 (200000004000)
[ 1132.556335][T21615] CPU: 0 UID: 0 PID: 21615 Comm: syz.6.4994 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1132.556368][T21615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1132.556384][T21615] Call Trace:
[ 1132.556393][T21615]  <TASK>
[ 1132.556403][T21615]  dump_stack_lvl+0x189/0x250
[ 1132.556440][T21615]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1132.556467][T21615]  ? __pfx__printk+0x10/0x10
[ 1132.556513][T21615]  fixup_user_fault+0x661/0x720
[ 1132.556554][T21615]  fault_in_user_writeable+0x72/0xe0
[ 1132.556592][T21615]  futex_lock_pi+0x283/0xa60
[ 1132.556636][T21615]  ? __pfx_futex_lock_pi+0x10/0x10
[ 1132.556703][T21615]  ? __pfx_futex_wake_mark+0x10/0x10
[ 1132.556755][T21615]  ? do_futex+0xea/0x420
[ 1132.556785][T21615]  ? __sanitizer_cov_trace_switch+0x8f/0x130
[ 1132.556827][T21615]  do_futex+0x292/0x420
[ 1132.556863][T21615]  ? __pfx_do_futex+0x10/0x10
[ 1132.556894][T21615]  ? preempt_schedule_irq+0xde/0x150
[ 1132.556927][T21615]  __se_sys_futex+0x36f/0x400
[ 1132.556965][T21615]  ? __pfx___se_sys_futex+0x10/0x10
[ 1132.557005][T21615]  ? __x64_sys_futex+0x21/0xf0
[ 1132.557038][T21615]  do_syscall_64+0xfa/0x3b0
[ 1132.557065][T21615]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1132.557089][T21615]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1132.557113][T21615]  ? clear_bhb_loop+0x60/0xb0
[ 1132.557143][T21615]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1132.557167][T21615] RIP: 0033:0x7feaaaf8e9a9
[ 1132.557189][T21615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1132.557211][T21615] RSP: 002b:00007feaabdd2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1132.557237][T21615] RAX: ffffffffffffffda RBX: 00007feaab1b6080 RCX: 00007feaaaf8e9a9
[ 1132.557255][T21615] RDX: 00000000fffffffd RSI: 000000000000008d RDI: 0000200000004000
[ 1132.557271][T21615] RBP: 00007feaab010d69 R08: 0000000000000000 R09: 0000000000000000
[ 1132.557286][T21615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1132.557301][T21615] R13: 0000000000000000 R14: 00007feaab1b6080 R15: 00007ffd518444c8
[ 1132.557337][T21615]  </TASK>
[ 1132.994949][T21618] overlayfs: failed to resolve './file1': -2
[ 1133.015649][T21615] Invalid source name
[ 1133.019860][T21615] UBIFS error (pid: 21615): cannot open "usrquota", error -22
[ 1133.391868][T21624] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4996'.
[ 1133.960036][T21626] netlink: 'syz.7.4997': attribute type 2 has an invalid length.
[ 1133.998127][T21626] netlink: 136 bytes leftover after parsing attributes in process `syz.7.4997'.
[ 1134.383632][T21634] hub 6-0:1.0: USB hub found
[ 1134.393700][T21634] hub 6-0:1.0: 1 port detected
[ 1138.736846][   T30] audit: type=1400 audit(1753921337.383:2699): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="%{" requested=w pid=21632 comm="syz.5.5000" dest=20000
[ 1139.663047][ T8881] bridge_slave_1: left allmulticast mode
[ 1139.668776][ T8881] bridge_slave_1: left promiscuous mode
[ 1139.784668][ T8881] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1139.824286][ T8881] bridge_slave_0: left allmulticast mode
[ 1139.844401][ T8881] bridge_slave_0: left promiscuous mode
[ 1139.851011][ T8881] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1139.993022][T21652] netlink: 20 bytes leftover after parsing attributes in process `syz.7.5006'.
[ 1140.168284][T21656] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5007'.
[ 1140.521133][ T7888] usb 3-1: new high-speed USB device number 118 using dummy_hcd
[ 1140.659179][T21653] netlink: 'syz.5.5005': attribute type 4 has an invalid length.
[ 1140.841959][ T7888] usb 3-1: Using ep0 maxpacket: 32
[ 1140.904964][ T7888] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[ 1140.914476][ T7888] usb 3-1: config 0 has no interface number 0
[ 1140.920646][ T7888] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1140.955940][ T7888] usb 3-1: config 0 interface 85 has no altsetting 0
[ 1140.994200][ T7888] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1141.015387][ T7888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1141.043673][ T7888] usb 3-1: Product: syz
[ 1141.052087][ T7888] usb 3-1: Manufacturer: syz
[ 1141.056756][ T7888] usb 3-1: SerialNumber: syz
[ 1141.076131][ T7888] usb 3-1: config 0 descriptor??
[ 1141.196075][ T8881] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1141.215069][ T8881] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1141.237842][ T8881] bond0 (unregistering): (slave wlan1): Releasing backup interface
[ 1141.296891][ T8881] bond0 (unregistering): Released all slaves
[ 1141.483312][ T8881] bond1 (unregistering): (slave vlan2): Releasing active interface
[ 1141.495345][ T8881] bond1 (unregistering): Released all slaves
[ 1141.554994][ T5846] usb 7-1: new high-speed USB device number 34 using dummy_hcd
[ 1141.676519][ T8881] bond2 (unregistering): (slave dummy0): Releasing active interface
[ 1141.685071][ T8881] dummy0: left promiscuous mode
[ 1141.698671][ T8881] bond2 (unregistering): Released all slaves
[ 1141.734136][ T5846] usb 7-1: Using ep0 maxpacket: 32
[ 1141.742424][ T7888] appletouch 3-1:0.85: Geyser mode initialized.
[ 1141.750116][ T5846] usb 7-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1141.751037][ T7888] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input53
[ 1141.788442][ T5846] usb 7-1: config 0 interface 0 altsetting 16 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1141.841362][ T5846] usb 7-1: config 0 interface 0 altsetting 16 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1141.879224][ T5846] usb 7-1: config 0 interface 0 altsetting 16 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1141.920226][ T5846] usb 7-1: config 0 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[ 1141.943845][ T5846] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1141.960777][ T5846] usb 7-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[ 1141.982006][ T5846] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1142.003719][ T5846] usb 7-1: config 0 descriptor??
[ 1142.843661][ T5839] Bluetooth: hci3: command tx timeout
[ 1143.182125][T21658] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1143.206236][T21658] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1144.157459][ T5846] usbhid 7-1:0.0: can't add hid device: -71
[ 1144.173914][T21658] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[ 1144.182000][ T5846] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[ 1144.239606][ T5846] usb 7-1: USB disconnect, device number 34
[ 1144.507994][ T8881] hsr_slave_0: left promiscuous mode
[ 1144.541460][ T8881] hsr_slave_1: left promiscuous mode
[ 1144.560643][ T8881] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1144.581066][ T8881] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1144.595795][ T8881] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1144.610954][ T8881] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1145.333517][ T8881] veth1_macvtap: left promiscuous mode
[ 1145.356677][ T8881] veth1_vlan: left promiscuous mode
[ 1145.368659][ T8881] veth0_vlan: left promiscuous mode
[ 1145.438243][T21709] program syz.5.5018 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1145.513773][T12362] usb 3-1: USB disconnect, device number 118
[ 1145.538623][T12362] appletouch 3-1:0.85: input: appletouch disconnected
[ 1145.739149][T21720] netlink: 27 bytes leftover after parsing attributes in process `syz.1.5022'.
[ 1148.536304][ T8881] team0 (unregistering): Port device team_slave_1 removed
[ 1148.616786][ T8881] team0 (unregistering): Port device team_slave_0 removed
[ 1148.691693][T21727] Bluetooth: hci0: command 0x0406 tx timeout
[ 1149.644306][ T7893] usb 3-1: new high-speed USB device number 119 using dummy_hcd
[ 1149.821945][T21755] netlink: 'syz.1.5030': attribute type 1 has an invalid length.
[ 1150.497949][ T7893] usb 3-1: device descriptor read/64, error -71
[ 1150.619780][T21755] netlink: 'syz.1.5030': attribute type 1 has an invalid length.
[ 1150.791799][ T7893] usb 3-1: new high-speed USB device number 120 using dummy_hcd
[ 1151.222077][ T7893] usb 3-1: device descriptor read/64, error -71
[ 1151.352358][ T7893] usb usb3-port1: attempt power cycle
[ 1151.685045][T21770] FAULT_INJECTION: forcing a failure.
[ 1151.685045][T21770] name failslab, interval 1, probability 0, space 0, times 0
[ 1151.699576][T21770] CPU: 0 UID: 0 PID: 21770 Comm: syz.6.5034 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1151.699607][T21770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1151.699623][T21770] Call Trace:
[ 1151.699641][T21770]  <TASK>
[ 1151.699652][T21770]  dump_stack_lvl+0x189/0x250
[ 1151.699684][T21770]  ? __pfx____ratelimit+0x10/0x10
[ 1151.699708][T21770]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1151.699734][T21770]  ? __pfx__printk+0x10/0x10
[ 1151.699780][T21770]  should_fail_ex+0x414/0x560
[ 1151.699809][T21770]  should_failslab+0xa8/0x100
[ 1151.699836][T21770]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1151.699859][T21770]  ? sctp_add_bind_addr+0x8c/0x370
[ 1151.699892][T21770]  sctp_add_bind_addr+0x8c/0x370
[ 1151.699925][T21770]  sctp_copy_local_addr_list+0x30b/0x4e0
[ 1151.699956][T21770]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[ 1151.699983][T21770]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[ 1151.700015][T21770]  ? sctp_v4_is_any+0x35/0x60
[ 1151.700053][T21770]  ? sctp_copy_one_addr+0x93/0x360
[ 1151.700083][T21770]  sctp_bind_addr_copy+0xb3/0x3c0
[ 1151.700110][T21770]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[ 1151.700137][T21770]  sctp_connect_new_asoc+0x2e0/0x690
[ 1151.700173][T21770]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 1151.700206][T21770]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1151.700238][T21770]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1151.700268][T21770]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1151.700300][T21770]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 1151.700324][T21770]  ? security_sctp_bind_connect+0x7e/0x2e0
[ 1151.700352][T21770]  sctp_sendmsg+0x155c/0x2810
[ 1151.700395][T21770]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1151.700425][T21770]  ? __lock_acquire+0xab9/0xd20
[ 1151.700465][T21770]  ? sock_rps_record_flow+0x19/0x410
[ 1151.700493][T21770]  ? inet_sendmsg+0x2f4/0x370
[ 1151.700516][T21770]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1151.700541][T21770]  __sock_sendmsg+0x19c/0x270
[ 1151.700570][T21770]  __sys_sendto+0x3bd/0x520
[ 1151.700604][T21770]  ? __pfx___sys_sendto+0x10/0x10
[ 1151.700638][T21770]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1151.700678][T21770]  ? __fget_files+0x3a0/0x420
[ 1151.700732][T21770]  ? ksys_write+0x22a/0x250
[ 1151.700756][T21770]  ? __pfx_ksys_write+0x10/0x10
[ 1151.700774][T21770]  ? rcu_is_watching+0x15/0xb0
[ 1151.700804][T21770]  __x64_sys_sendto+0xde/0x100
[ 1151.700840][T21770]  do_syscall_64+0xfa/0x3b0
[ 1151.700863][T21770]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1151.700886][T21770]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1151.700909][T21770]  ? clear_bhb_loop+0x60/0xb0
[ 1151.700936][T21770]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1151.700958][T21770] RIP: 0033:0x7feaaaf8e9a9
[ 1151.700979][T21770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1151.700999][T21770] RSP: 002b:00007feaabdf3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1151.701023][T21770] RAX: ffffffffffffffda RBX: 00007feaab1b5fa0 RCX: 00007feaaaf8e9a9
[ 1151.701040][T21770] RDX: 0000000000000001 RSI: 00002000000002c0 RDI: 0000000000000003
[ 1151.701055][T21770] RBP: 00007feaabdf3090 R08: 0000200000000000 R09: 0000000000000010
[ 1151.701070][T21770] R10: e61e2840a554b0d0 R11: 0000000000000246 R12: 0000000000000002
[ 1151.701092][T21770] R13: 0000000000000000 R14: 00007feaab1b5fa0 R15: 00007ffd518444c8
[ 1151.701134][T21770]  </TASK>
[ 1152.030453][ T7893] usb 3-1: new high-speed USB device number 121 using dummy_hcd
[ 1152.084149][T21759] FAULT_INJECTION: forcing a failure.
[ 1152.084149][T21759] name failslab, interval 1, probability 0, space 0, times 0
[ 1152.096991][T21759] CPU: 0 UID: 0 PID: 21759 Comm: syz.5.5031 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1152.097023][T21759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1152.097036][T21759] Call Trace:
[ 1152.097045][T21759]  <TASK>
[ 1152.097054][T21759]  dump_stack_lvl+0x189/0x250
[ 1152.097082][T21759]  ? __pfx____ratelimit+0x10/0x10
[ 1152.097104][T21759]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1152.097126][T21759]  ? __pfx__printk+0x10/0x10
[ 1152.097156][T21759]  ? __pfx___might_resched+0x10/0x10
[ 1152.097183][T21759]  should_fail_ex+0x414/0x560
[ 1152.097209][T21759]  should_failslab+0xa8/0x100
[ 1152.097232][T21759]  __kmalloc_noprof+0xcb/0x4f0
[ 1152.097249][T21759]  ? __kasan_kmalloc+0x93/0xb0
[ 1152.097266][T21759]  ? nla_strdup+0x9d/0x140
[ 1152.097293][T21759]  nla_strdup+0x9d/0x140
[ 1152.097318][T21759]  nf_tables_newtable+0x491/0x1890
[ 1152.097346][T21759]  ? nfnl_pernet+0x12/0x240
[ 1152.097385][T21759]  nfnetlink_rcv+0x112f/0x2520
[ 1152.097437][T21759]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1152.097470][T21759]  ? __lock_acquire+0xab9/0xd20
[ 1152.097536][T21759]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1152.097562][T21759]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1152.097594][T21759]  netlink_unicast+0x75c/0x8e0
[ 1152.097631][T21759]  netlink_sendmsg+0x805/0xb30
[ 1152.097666][T21759]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1152.097702][T21759]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1152.097722][T21759]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1152.097750][T21759]  __sock_sendmsg+0x21c/0x270
[ 1152.097776][T21759]  ____sys_sendmsg+0x505/0x830
[ 1152.097810][T21759]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1152.097849][T21759]  ? import_iovec+0x74/0xa0
[ 1152.097886][T21759]  ___sys_sendmsg+0x21f/0x2a0
[ 1152.097917][T21759]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1152.097982][T21759]  ? __fget_files+0x2a/0x420
[ 1152.098004][T21759]  ? __fget_files+0x3a0/0x420
[ 1152.098036][T21759]  __x64_sys_sendmsg+0x19b/0x260
[ 1152.098069][T21759]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1152.098108][T21759]  ? __pfx_ksys_write+0x10/0x10
[ 1152.098133][T21759]  ? do_syscall_64+0xbe/0x3b0
[ 1152.098159][T21759]  do_syscall_64+0xfa/0x3b0
[ 1152.098181][T21759]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1152.098198][T21759]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1152.098218][T21759]  ? clear_bhb_loop+0x60/0xb0
[ 1152.098242][T21759]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1152.098260][T21759] RIP: 0033:0x7fa818f8e9a9
[ 1152.098278][T21759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1152.098296][T21759] RSP: 002b:00007fa819d99038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1152.098317][T21759] RAX: ffffffffffffffda RBX: 00007fa8191b5fa0 RCX: 00007fa818f8e9a9
[ 1152.098332][T21759] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[ 1152.098345][T21759] RBP: 00007fa819d99090 R08: 0000000000000000 R09: 0000000000000000
[ 1152.098357][T21759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1152.098369][T21759] R13: 0000000000000000 R14: 00007fa8191b5fa0 R15: 00007ffe1032c558
[ 1152.098399][T21759]  </TASK>
[ 1152.402406][ T7893] usb 3-1: device descriptor read/8, error -71
[ 1152.625828][T21780] overlayfs: workdir and upperdir must reside under the same mount
[ 1153.798130][T21791] netlink: 144 bytes leftover after parsing attributes in process `syz.1.5039'.
[ 1154.005098][T21796] netlink: 'syz.6.5040': attribute type 1 has an invalid length.
[ 1154.097591][T21796] netlink: 244 bytes leftover after parsing attributes in process `syz.6.5040'.
[ 1156.089031][T21826] netlink: 'syz.7.5050': attribute type 83 has an invalid length.
[ 1156.392533][T21830] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5052'.
[ 1156.682030][T21835] hsr0: entered promiscuous mode
[ 1156.794503][T21830] hsr_slave_0: left promiscuous mode
[ 1156.995046][T21830] hsr_slave_1: left promiscuous mode
[ 1159.038829][T21828] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1160.365469][T12362] usb 7-1: new full-speed USB device number 35 using dummy_hcd
[ 1160.534450][T12362] usb 7-1: config 0 has an invalid interface number: 93 but max is 0
[ 1160.551854][T12362] usb 7-1: config 0 has no interface number 0
[ 1160.578884][T12362] usb 7-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[ 1160.611210][T12362] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1160.667243][T12362] usb 7-1: Product: syz
[ 1160.672532][T12362] usb 7-1: Manufacturer: syz
[ 1160.677190][T12362] usb 7-1: SerialNumber: syz
[ 1160.719235][T12362] usb 7-1: config 0 descriptor??
[ 1161.253210][   T30] audit: type=1400 audit(1753921359.703:2700): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="%{" requested=w pid=21885 comm="syz.2.5065" dest=20000
[ 1161.317338][T12362] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[ 1161.463941][T12362] dvb-usb: will use the device's hardware PID filter (table count: 32).
[ 1161.473758][T12362] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[ 1161.492117][T12362] usb 7-1: media controller created
[ 1161.528590][T12362] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1161.693023][T12362] DVB: Unable to find symbol dib7000p_attach()
[ 1161.721532][T12362] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[ 1161.767185][T12362] dvb-usb: will use the device's hardware PID filter (table count: 32).
[ 1161.776966][T12362] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[ 1161.795065][T12362] usb 7-1: media controller created
[ 1161.817457][T12362] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1161.862093][T12362] dib0700: the master dib7090 has to be initialized first
[ 1161.869281][T12362] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[ 1162.042008][T12362] rc_core: IR keymap rc-dib0700-rc5 not found
[ 1162.052177][T12362] Registered IR keymap rc-empty
[ 1162.057484][T12362] dvb-usb: could not initialize remote control.
[ 1162.081783][T12362] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[ 1162.146739][T12362] usb 7-1: USB disconnect, device number 35
[ 1163.883482][T12362] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected.
[ 1164.250167][T21928] netlink: 136 bytes leftover after parsing attributes in process `syz.5.5078'.
[ 1164.436422][T12362] usb 2-1: new high-speed USB device number 115 using dummy_hcd
[ 1164.462612][T21934] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[ 1164.524246][T21939] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1164.623715][T12362] usb 2-1: config 0 has an invalid interface number: 87 but max is 0
[ 1164.636955][T12362] usb 2-1: config 0 has no interface number 0
[ 1164.643302][T12362] usb 2-1: too many endpoints for config 0 interface 87 altsetting 28: 204, using maximum allowed: 30
[ 1164.672105][ T7889] usb 3-1: new high-speed USB device number 123 using dummy_hcd
[ 1164.685278][T12362] usb 2-1: config 0 interface 87 altsetting 28 endpoint 0x2 has an invalid bInterval 0, changing to 7
[ 1164.707834][T12362] usb 2-1: config 0 interface 87 altsetting 28 has 1 endpoint descriptor, different from the interface descriptor's value: 204
[ 1164.741403][T12362] usb 2-1: config 0 interface 87 has no altsetting 0
[ 1164.761854][T12362] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=8c.f4
[ 1164.775515][T12362] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1164.795796][T12362] usb 2-1: Product: syz
[ 1164.803656][T12362] usb 2-1: Manufacturer: syz
[ 1164.818514][T12362] usb 2-1: SerialNumber: syz
[ 1164.831709][T12362] usb 2-1: config 0 descriptor??
[ 1164.832590][ T7889] usb 3-1: Using ep0 maxpacket: 8
[ 1164.863726][ T7889] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[ 1164.873010][ T7889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1164.878629][T12362] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[ 1164.887753][ T7889] usb 3-1: Product: syz
[ 1164.904525][ T7889] usb 3-1: Manufacturer: syz
[ 1164.914925][ T7889] usb 3-1: SerialNumber: syz
[ 1164.939544][ T7889] usb 3-1: config 0 descriptor??
[ 1164.969121][ T7889] gspca_main: se401-2.14.0 probing 047d:5003
[ 1165.091433][ T1167] usb 2-1: Failed to submit usb control message: -71
[ 1165.092562][ T7888] usb 2-1: USB disconnect, device number 115
[ 1165.111809][ T1167] usb 2-1: unable to send the bmi data to the device: -71
[ 1165.119074][ T1167] usb 2-1: unable to get target info from device
[ 1165.132189][ T1167] usb 2-1: could not get target info (-71)
[ 1165.144494][ T1167] usb 2-1: could not probe fw (-71)
[ 1165.348794][T21942] netlink: 'syz.5.5084': attribute type 4 has an invalid length.
[ 1165.405200][T21943] libceph: resolve '00' (ret=-3): failed
[ 1165.459051][ T7889] gspca_se401: ExtraFeatures: 79
[ 1165.472893][ T7889] gspca_se401: Frame size: 0x0 1/16th janggu
[ 1165.731058][ T7889] input: se401 as /devices/platform/dummy_hcd.2/usb3/3-1/input/input55
[ 1165.751908][ T7889] usb 3-1: USB disconnect, device number 123
[ 1165.820118][T21956] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN PTI
[ 1165.832112][T21956] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[ 1165.840559][T21956] CPU: 1 UID: 0 PID: 21956 Comm: syz.6.5085 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1165.850567][T21956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1165.860653][T21956] RIP: 0010:iter_file_splice_write+0xa9b/0x1000
[ 1165.866935][T21956] Code: 00 74 08 4c 89 f7 e8 14 5b e0 ff 49 8b 1e 49 c7 06 00 00 00 00 48 83 c3 08 48 89 d8 48 c1 e8 03 49 be 00 00 00 00 00 fc ff df <42> 80 3c 30 00 44 8b 64 24 04 74 08 48 89 df e8 e1 5a e0 ff 4c 8b
[ 1165.886584][T21956] RSP: 0018:ffffc90010847820 EFLAGS: 00010202
[ 1165.892689][T21956] RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888076d2da00
[ 1165.900696][T21956] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 7ffffffffffffffa
[ 1165.908700][T21956] RBP: ffffc90010847a30 R08: ffff888057a7ce1f R09: 1ffff1100af4f9c3
[ 1165.916699][T21956] R10: dffffc0000000000 R11: ffffffff81fe9d40 R12: dffffc0000000000
[ 1165.924743][T21956] R13: 7ffffffffffffffa R14: dffffc0000000000 R15: ffff8880217de028
[ 1165.932751][T21956] FS:  00007feaabdb16c0(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[ 1165.941713][T21956] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1165.948318][T21956] CR2: 00007feaaaf74460 CR3: 00000000757a8000 CR4: 00000000003526f0
[ 1165.956337][T21956] Call Trace:
[ 1165.959646][T21956]  <TASK>
[ 1165.962615][T21956]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 1165.968567][T21956]  ? rcu_read_lock_any_held+0xb3/0x120
[ 1165.974072][T21956]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 1165.980003][T21956]  direct_splice_actor+0x101/0x160
[ 1165.985148][T21956]  splice_direct_to_actor+0x5a5/0xcc0
[ 1165.990559][T21956]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1165.996220][T21956]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1166.002145][T21956]  do_splice_direct+0x181/0x270
[ 1166.007027][T21956]  ? __pfx_do_splice_direct+0x10/0x10
[ 1166.012425][T21956]  ? __pfx_direct_file_splice_eof+0x10/0x10
[ 1166.018350][T21956]  ? rw_verify_area+0x258/0x650
[ 1166.023295][T21956]  do_sendfile+0x4da/0x7e0
[ 1166.027774][T21956]  ? __pfx_do_sendfile+0x10/0x10
[ 1166.032755][T21956]  ? __se_sys_sendfile64+0x82/0x190
[ 1166.037983][T21956]  __se_sys_sendfile64+0x13e/0x190
[ 1166.043144][T21956]  ? __pfx___se_sys_sendfile64+0x10/0x10
[ 1166.048798][T21956]  ? rcu_is_watching+0x15/0xb0
[ 1166.053581][T21956]  ? do_syscall_64+0xbe/0x3b0
[ 1166.058280][T21956]  do_syscall_64+0xfa/0x3b0
[ 1166.062802][T21956]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1166.068879][T21956]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1166.074521][T21956]  ? clear_bhb_loop+0x60/0xb0
[ 1166.079211][T21956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1166.085147][T21956] RIP: 0033:0x7feaaaf8e9a9
[ 1166.089578][T21956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1166.109203][T21956] RSP: 002b:00007feaabdb1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1166.117635][T21956] RAX: ffffffffffffffda RBX: 00007feaab1b6160 RCX: 00007feaaaf8e9a9
[ 1166.125619][T21956] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000008
[ 1166.133607][T21956] RBP: 00007feaab010d69 R08: 0000000000000000 R09: 0000000000000000
[ 1166.141592][T21956] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000000
[ 1166.149575][T21956] R13: 0000000000000000 R14: 00007feaab1b6160 R15: 00007ffd518444c8
[ 1166.157572][T21956]  </TASK>
[ 1166.160608][T21956] Modules linked in:
[ 1166.166459][T21956] ---[ end trace 0000000000000000 ]---
[ 1166.172900][T21956] RIP: 0010:iter_file_splice_write+0xa9b/0x1000
[ 1166.179269][T21956] Code: 00 74 08 4c 89 f7 e8 14 5b e0 ff 49 8b 1e 49 c7 06 00 00 00 00 48 83 c3 08 48 89 d8 48 c1 e8 03 49 be 00 00 00 00 00 fc ff df <42> 80 3c 30 00 44 8b 64 24 04 74 08 48 89 df e8 e1 5a e0 ff 4c 8b
[ 1166.199046][T21956] RSP: 0018:ffffc90010847820 EFLAGS: 00010202
[ 1166.203609][T21954] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[ 1166.205239][T21956] RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888076d2da00
[ 1166.220352][T21956] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 7ffffffffffffffa
[ 1166.228464][T21956] RBP: ffffc90010847a30 R08: ffff888057a7ce1f R09: 1ffff1100af4f9c3
[ 1166.237174][T21956] R10: dffffc0000000000 R11: ffffffff81fe9d40 R12: dffffc0000000000
[ 1166.245245][T21956] R13: 7ffffffffffffffa R14: dffffc0000000000 R15: ffff8880217de028
[ 1166.253312][T21956] FS:  00007feaabdb16c0(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000
[ 1166.262330][T21956] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1166.268953][T21956] CR2: 000000110c3da3ee CR3: 00000000757a8000 CR4: 00000000003526f0
[ 1166.277008][T21956] DR0: 000000000000c4d1 DR1: 0000000000000000 DR2: 0000000000000000
[ 1166.286786][T21956] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1166.295234][T21956] Kernel panic - not syncing: Fatal exception
[ 1166.301670][T21956] Kernel Offset: disabled
[ 1166.306015][T21956] Rebooting in 86400 seconds..