last executing test programs:

18m13.244267454s ago: executing program 0 (id=99):
r0 = io_uring_setup(0x5197, &(0x7f0000000300)={0x0, 0x417c, 0x40, 0x8001002, 0x3a8})
r1 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r4, 0x4048aecb, &(0x7f0000000180)={0x3, 0x0, [{0xc0000000, 0x0, 0x0, 0x6}, {0x0, 0x6}, {0x5e2796afef1a2f31, 0xffffffff, 0x0, 0x9, 0x80, 0x7ffffffe, 0x8}]})
r5 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000000)="0900bf65653f47f4020000008bd458d1e7cbdaf300000f34e7e4165f081ae36850f6d15c3e681411f7a496c0da04003c242f5bedaf6bec340dee49474362b24cb800edc500", 0x0, 0x48)
ioctl$UFFDIO_WAKE(r5, 0x8010aa02, &(0x7f0000000100)={&(0x7f0000ffb000/0x1000)=nil, 0x1000})
close_range(r0, 0xffffffffffffffff, 0x0)

18m12.591695366s ago: executing program 0 (id=101):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/igmp6\x00')
read$FUSE(r1, &(0x7f0000000580)={0x2020}, 0x2020)
pread64(r1, &(0x7f0000000480)=""/209, 0xd1, 0x2)
read$FUSE(r1, &(0x7f0000002c40)={0x2020}, 0x2020)
r2 = socket(0x200000000000011, 0x2, 0xccd3)
ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x5, 0x4a, 0x8, 0x1ff, "2178d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", '\x00\x00\x00\b', "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "f6380000000000000000a93c"]})
ioctl$CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, &(0x7f0000000d40)={0xc, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x4063, "5700ed00", 0x0, 0x0, 0x0, 0x0, 0x5, 0x2})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
write$vga_arbiter(r4, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xd)
socket$packet(0x11, 0x2, 0x300)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000180)=@x86={0x40, 0x1, 0xc, 0x0, 0xfffffffc, 0x0, 0x10, 0x0, 0x7, 0x83, 0x9, 0x1, 0x0, 0x0, 0xfffffff8, 0x1, 0x8, 0xff, 0x0, '\x00', 0x0, 0x1})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000380)={0x2, 0x0, @ioapic={0x0, 0x9, 0x0, 0xfffffffe, 0x0, [{0x2, 0x4, 0x87, '\x00', 0x8}, {0x9, 0x8, 0x2, '\x00', 0xb}, {0xff, 0x7f, 0xd3, '\x00', 0x67}, {0x0, 0x5, 0xf5, '\x00', 0xf}, {0x7, 0x9, 0x8, '\x00', 0xb4}, {0x0, 0x4, 0x54, '\x00', 0xff}, {0x75, 0xd5, 0xf1, '\x00', 0x7f}, {0x3, 0x5, 0xc}, {0x7f, 0x5, 0xb, '\x00', 0x8}, {0xd7, 0xe, 0x8, '\x00', 0x6}, {0x0, 0x28, 0x80, '\x00', 0xdc}, {0xff, 0x1, 0xfe, '\x00', 0x1}, {0xfc, 0x7, 0x26}, {0xcf, 0x5, 0x8, '\x00', 0x6}, {0xf, 0xee, 0x7, '\x00', 0x3}, {0x39, 0x2, 0x6, '\x00', 0xb}, {0x9, 0x6, 0x2, '\x00', 0x1}, {0x4, 0x4c, 0x5, '\x00', 0xc}, {0x7, 0x1, 0x7, '\x00', 0xc2}, {0x0, 0x80, 0xe, '\x00', 0x2}, {0x1, 0xc, 0x80, '\x00', 0x7f}, {0x10, 0x6, 0x12, '\x00', 0x10}, {0x1, 0x3, 0xf3, '\x00', 0x4}, {0x7, 0x6, 0x4}]}})
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r8, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r9=>0x0})
bind$packet(r2, &(0x7f0000000d00)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1)
writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1)

18m12.101736821s ago: executing program 0 (id=102):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$xdp(0x2c, 0x3, 0x0)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r3, 0x0)
ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f0000000000)={0x14, 0xa13ca8e5839881af, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
getsockopt$XDP_MMAP_OFFSETS(r1, 0x11b, 0x1, &(0x7f0000000040), &(0x7f0000000000)=0x80)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000600)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x8010}, 0x20008000)

18m11.997921377s ago: executing program 0 (id=103):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0) (async)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002240), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
bpf$ITER_CREATE(0x21, 0x0, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x41) (async)
chroot(&(0x7f0000002940)='./file0\x00') (async)
getsockname$packet(r2, &(0x7f0000000680)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000006c0)=0x14) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{r2, <r4=>0xffffffffffffffff}, &(0x7f0000000740), &(0x7f0000000780)=r2}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0x3, &(0x7f00000004c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8}}, &(0x7f0000000500)='syzkaller\x00', 0x5, 0x47, &(0x7f0000000580)=""/71, 0x41100, 0x48, '\x00', r3, @sk_reuseport=0x28, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000700)={0x1, 0xa, 0x8, 0x1}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000800)=[r4, r2, r2, r2], 0x0, 0x10, 0x8}, 0x94) (async)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x100000, 0x0) (async)
pivot_root(&(0x7f0000000040)='./file0/../file0/../file0/../file0/../file0\x00', &(0x7f0000000600)='./file0/../file0/../file0/../file0\x00') (async)
syz_usb_control_io$printer(r0, 0x0, 0x0) (async)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r5 = syz_open_pts(0xffffffffffffffff, 0x600000)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0xa) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) (async)
syz_usb_control_io$uac1(r0, 0x0, 0x0) (async)
syz_usb_connect$printer(0x5, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x860}}]})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(0xffffffffffffffff, &(0x7f00000001c0)={0x14, &(0x7f00000000c0)={0x0, 0x3, 0x15, {0x15, 0x10, "365a471708df1d5f2c6cd9b4739c686245f45a"}}, &(0x7f0000000180)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x2809}}}, &(0x7f0000000480)={0x34, &(0x7f0000000240)={0x20, 0x8, 0x5, "1cea1fdf18"}, &(0x7f0000000280)={0x0, 0xa, 0x1, 0x5}, &(0x7f00000002c0)={0x0, 0x8, 0x1, 0x10}, &(0x7f0000000340)={0x20, 0x0, 0x54, {0x52, "552f606be49395039abc07671adab6072a992a3e3243ed938c6f1a7f138b8d953c82142bc40e7099680f147727f72acd1bf786e62e40b7b9adda6dd3b8943f4ebe8eaab3c931f85e9745e79327c47273ab3b"}}, &(0x7f00000003c0)={0x20, 0x1, 0x1, 0x3}, &(0x7f0000000400)={0x20, 0x0, 0x1, 0x5}}) (async)
syz_usb_control_io(r0, 0x0, &(0x7f0000003980)={0x84, &(0x7f0000000440)={0x40, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)

18m11.403307852s ago: executing program 0 (id=105):
r0 = socket$inet(0x2, 0x3, 0x6)
r1 = socket(0x2, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000280)={'ip_vti0\x00', &(0x7f00000000c0)=@ethtool_dump={0x3e, 0x8, 0x7, 0xea, "6f87157763ae9138a645a1a15cbd69a3afc982207edf6446c921d5dacf4aa690f5a2fd1ce4d04f120ebb70fea3c782b0a200947f4851e9dcf61da1ac33c73cbfa9f849d001cb637b956152ddc3f96a8e8bde99e955ecd26df980b388fc3a7c7cdf6687e9c677ef95b69b413fde7760c9f5d186875c31b509814d02abdf45906f3b5babc2cabe0b58d70e4f39498ffed0735dc4d8c934c476804357a12dbe6ecc47c5cb33f06981839c3d9053f9937e57681c31168afcb94352f17aa5c20d20457ca24e6e0aaeafcbe52d6660ec2fbeba64f37478ddb047abe08b631b10194a174176b0249d16c33b9d91"}})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
getsockopt$sock_timeval(r2, 0x1, 0x43, &(0x7f00000001c0), &(0x7f0000000200)=0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), r3)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r3, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000340)={&(0x7f0000000400)={0x248, r5, 0x800, 0x70bd2a, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x5}, {0x6}, {0x8, 0x13, 0x5}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x5044}, {0x6, 0x11, 0x7}, {0x8, 0x13, 0x1}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xfff}, {0x6, 0x11, 0x100}, {0x8, 0x13, 0x7}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x5}, {0x6, 0x11, 0xdf8c}, {0x8, 0x13, 0x3}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xfff}, {0x6}, {0x8, 0x13, 0x1}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x4d}, {0x6, 0x11, 0x2}, {0x8, 0x13, 0x8}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xfffffffc}, {0x6, 0x11, 0xc}, {0x8, 0x13, 0x949d}, {0x5, 0x14, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x10}, {0x6, 0x11, 0x5}, {0x8, 0x13, 0x2}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xfffffff8}, {0x6, 0x11, 0x3}, {0x8, 0x13, 0x2}, {0x5}}]}, 0x248}, 0x1, 0x0, 0x0, 0x44851}, 0x4008804)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x14, r4, 0x309, 0x0, 0x0, {0x1d}}, 0x14}}, 0x0)
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x306, @local}, 0x48, {0x2, 0x0, @dev}})

18m10.914845091s ago: executing program 0 (id=107):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0xc0a85320, &(0x7f0000001400)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x4058534c, &(0x7f0000000000)={0x80, 0x9, 0x5, 0xe09, 0x20000, 0x28e7})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
read(r1, 0x0, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c00000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000ffc3140012800900010076657468000000000400028008000a00", @ANYRES32=r3], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000006c0)=@newlink={0x44, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r6, 0x90646}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_ALL_TARGETS={0x8, 0xa, 0x1}, @IFLA_BOND_PRIMARY={0x8, 0xb, r6}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x600}, 0x8080)

18m10.550218711s ago: executing program 32 (id=107):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0xc0a85320, &(0x7f0000001400)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x4058534c, &(0x7f0000000000)={0x80, 0x9, 0x5, 0xe09, 0x20000, 0x28e7})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
read(r1, 0x0, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c00000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000ffc3140012800900010076657468000000000400028008000a00", @ANYRES32=r3], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000006c0)=@newlink={0x44, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r6, 0x90646}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_ALL_TARGETS={0x8, 0xa, 0x1}, @IFLA_BOND_PRIMARY={0x8, 0xb, r6}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x600}, 0x8080)

13m47.888539258s ago: executing program 5 (id=987):
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
sendmmsg$inet(r0, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
connect$tipc(r0, 0x0, 0x0)

13m46.834951698s ago: executing program 5 (id=993):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, 0x0, 0x20000040)
syz_io_uring_setup(0x22d8, &(0x7f0000000180)={0x0, 0x3c2a, 0x8000, 0x0, 0x135}, &(0x7f0000000340), &(0x7f0000000280))
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r1, 0x28, 0x8001, 0x0, &(0x7f0000000000))
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000004c0), 0x800, 0x0)
ioctl$EVIOCGPROP(r3, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$PPPIOCSMRU1(r3, 0x80047453, &(0x7f0000000380)=0x5)

13m45.026911562s ago: executing program 5 (id=1001):
r0 = getpgrp(0xffffffffffffffff)
ptrace$ARCH_GET_GS(0x1e, r0, &(0x7f0000000000), 0x1004)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x1c, 0x25, 0x109, 0x70bd29, 0xfffffffc, {0x11}, [@typed={0x5, 0x14e, 0x0, 0x0, @str='\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0)

13m44.874841515s ago: executing program 5 (id=1003):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$gtp(&(0x7f0000001080), r0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = dup(r1)
write$UHID_INPUT(r2, &(0x7f0000000000)={0xf, {"6852ad21e0fd02661b37090987f70e06d038e7ff7fc6e5539b0d650e8b089b3f360068090890e0878f0efcc5e7049b3b612c416b23240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d077202b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d020000001c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b4a5f3090000000000000075271b060029d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841040014f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f33491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c24ffffffffffffff7fb70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bed0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f643577590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4ed134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146784078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34a1c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e2bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9b05000bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48ca2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889bce3076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b7da2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a35595f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e205ef4a7c43b42aae501b20f7694a035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d558ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427bf6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd6700800000082ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39dd2ea9762639ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769777c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd133d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359deea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e150600d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b2c2fc5d5f0da42c0456ec015f08e5247d33ae2d35623ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e938ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a893664ac70297dc8d62700000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d902952b72c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dc2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec0300068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8075ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b67804cfa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000f700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000044dd0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x1000}}, 0x1006)
r3 = getpid()
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r6 = syz_pidfd_open(r3, 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
setns(r6, 0x24020000)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x8100, &(0x7f0000000200)={0x87, 0x1, 0x80000}, 0x20)
setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000001040)=@req={0x7dabb495, 0x5f, 0x3, 0x1}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$gtp(&(0x7f0000001080), r0) (async)
syz_open_dev$tty1(0xc, 0x4, 0x1) (async)
dup(r1) (async)
write$UHID_INPUT(r2, &(0x7f0000000000)={0xf, {"6852ad21e0fd02661b37090987f70e06d038e7ff7fc6e5539b0d650e8b089b3f360068090890e0878f0efcc5e7049b3b612c416b23240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d077202b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d020000001c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b4a5f3090000000000000075271b060029d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841040014f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f33491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c24ffffffffffffff7fb70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bed0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f643577590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4ed134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146784078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34a1c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e2bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9b05000bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48ca2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889bce3076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b7da2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a35595f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e205ef4a7c43b42aae501b20f7694a035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d558ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427bf6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd6700800000082ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39dd2ea9762639ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769777c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd133d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359deea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e150600d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b2c2fc5d5f0da42c0456ec015f08e5247d33ae2d35623ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e938ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a893664ac70297dc8d62700000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d902952b72c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dc2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec0300068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8075ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b67804cfa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000f700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000044dd0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x1000}}, 0x1006) (async)
getpid() (async)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) (async)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) (async)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
syz_pidfd_open(r3, 0x0) (async)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0) (async)
mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) (async)
setns(r6, 0x24020000) (async)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x8100, &(0x7f0000000200)={0x87, 0x1, 0x80000}, 0x20) (async)
setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000001040)=@req={0x7dabb495, 0x5f, 0x3, 0x1}, 0x10) (async)

13m43.381181907s ago: executing program 5 (id=1005):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x349})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
r1 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0xa3d, 0x3180, 0x8000, 0x40024b}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000480)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x400d, @fd_index=0x3, 0x400006, &(0x7f0000000580)=""/207, 0xcf, 0xe})
io_uring_enter(r1, 0x74d1, 0x4c3, 0x43, 0x0, 0xfffffffffffffd1d)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r4 = getpgid(0x0)
syz_pidfd_open(r4, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r5, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f00000002c0)='dctcp', 0x5)

13m42.90151935s ago: executing program 5 (id=1008):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x34, 0x874fd42a7836ef68, 0x4})
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000100)=@req={0x3fc, 0x0, 0x0, 0x6}, 0x10)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x0, 0x1}, 0x10)
close(r1)
recvmsg$unix(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000240)=""/25, 0x19}], 0x1}, 0x4003)

13m42.54605143s ago: executing program 33 (id=1008):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x34, 0x874fd42a7836ef68, 0x4})
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000100)=@req={0x3fc, 0x0, 0x0, 0x6}, 0x10)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x0, 0x1}, 0x10)
close(r1)
recvmsg$unix(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000240)=""/25, 0x19}], 0x1}, 0x4003)

7m7.849385469s ago: executing program 4 (id=2320):
r0 = syz_usb_connect$sierra_net(0x0, 0x3f, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x1199, 0x68a3, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x80, 0xfa, {{0x9, 0x4, 0x7, 0x0, 0x3, 0xff, 0x0, 0x0, 0x0, "", {{0x9, 0x5, 0x43978451d8f6fedb, 0x2, 0x40, 0x2, 0x1f, 0xfe}, {0x9, 0x5, 0x7, 0x2, 0x200, 0x8c, 0x77, 0x3}, {0x9, 0x5, 0x81, 0x3, 0x3ff, 0x3, 0xfd, 0x32}}}}}}]}}, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)

7m6.139122729s ago: executing program 4 (id=2324):
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup(r0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="083c86dd0001110004600000a60c6eec00be00442cfffe8000000000000000002f00000000aaff020000000000000000000000000001"], 0xfdef)

7m5.416584172s ago: executing program 4 (id=2325):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
pipe(0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000000340)={0x385d, 0x0, "41c0537f19690cd7945060f524cdb875af5413d65b5f6f342a71406b0f796cc1191e1ecd916f54350f5cbfd5896a119fd1d5137dcdbb6a497f35099c1dd374e82b44205929de6f5a3d34c6a4de4d7fc1ed8475df44d91b190113bb920c0bf5c89c13e219ab37ae309b0100dc743f0f72109379dedc37a8bfa1b3c9c71bf823d8a5b7cca690b1d8e57080dfc1add8e83dbe05186101ff8ff3be2931f2b34c53942890c18707702679f77ed8a45f24646f47cfd378c215093d708a8c53f656993df90974147953df95bf23c9cb2caa4a5e30f10a0fffc410151f15fbcffb19002c635a7539de507c89478209e870201702c9e56ef23457a96269196f5cdd404b76"})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = memfd_secret(0x0)
r4 = fsopen(&(0x7f0000000140)='f2fs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000240)='test^\xb1Yq\x84\xfd\xd8Umy_encrype\r\x00\x00\x00\x00\x00\x00\x00{\x96\x00@\x007\xea\xbe\x00<\xf0o\xfb;R\xe05\x1a\xcc\xad\x1d\xaao', &(0x7f00000004c0)='v2\x00ul\x00\x00\x00\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xeb.\xc7]\xa67\x97 \xc9\xfc|\x85o7Z\xdc}U\x8c\xdd\n\xaa?4\xafq\x1d\xf6(\xe6\x9em_\x1a\xbfDi\x15\x81\xd47\x8e\x86\xa2u~FC\x9c\xe3\x98\x87\x98\xf7\xa2\xb5\x12\x8cv\xe4_\x91\xa8G!mm\f\xcf\xfb[\xd5Qf\x15\xfe\xc80\xad\xaa\xe9', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='test_dummy_encryption', &(0x7f0000000080)='v2\x00ul\x00\x00\x00\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xeb.\xc7]\xa67\x97 \xc9\xfc|\x85o7Z\xdc}U\x8c\xdd\n\xaa?4\xafq\x1d\xf6(\xe6\x9em_\x1a\xbfDi\x15\x81\xd47\x8e\x86\xa2u~FC\x9c\xe3\x98\x87\x98\xf7\xa2\xb5\x12\x8cv\xe4_\x91\xa8G!mm\f\xcf\xfb[\xd5Qf\x15\xfe\xc80\xad\xaa\xe9', 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
syz_clone(0x22000211, 0x0, 0x0, 0x0, 0x0, 0x0)
io_setup(0x9, &(0x7f0000002500)=<r5=>0x0)
io_submit(r5, 0x2, &(0x7f00000011c0)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x5, 0xffffffffffffffff, &(0x7f0000000380)="a3", 0x1, 0xe3}, &(0x7f0000001000)={0x0, 0x0, 0x0, 0x1, 0x453, 0xffffffffffffffff, 0x0, 0x0, 0x1}])
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000300)={'veth0_virt_wifi\x00', 0x1000})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="44000000010101030000000000000000020000000c00198008000100ad040000240001801400018008000100e000000208000300ac1414bb0c0002800500010001000000"], 0x44}, 0x1, 0x0, 0x0, 0x801}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a300000000040000000030a01080000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d657461000000001400028008000140000000120800024000000019"], 0xd8}}, 0x80)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r3, 0xc0189377, &(0x7f00000002c0)={{0x1, 0x1, 0x18, <r8=>r4, {0x1bc, 0xffff7fff}}, './file0\x00'})
sendmsg$NL80211_CMD_START_AP(r8, &(0x7f0000000480)={0x0, 0xfffffffffffffe10, 0x0, 0x1, 0x0, 0x0, 0x40800}, 0x5ac1582292028e06)

7m3.71964378s ago: executing program 4 (id=2329):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
shmdt(0x0)
shmdt(0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000180)={0x5})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0xfffffffffffffe1b}], 0x0, 0x4498bda7e2139f37, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x5, 0x13, 0x1, 0x0, 0x5f, 0x3, 0x0, 0xa6, 0x2, 0x5, 0x6}, {0xfffffff9, 0x4004, 0x0, 0x0, 0x0, 0xf6, 0x1, 0x8, 0x4, 0xff, 0x4, 0x0, 0x800000000000000}, {0xffffff01, 0x35, 0x0, 0x0, 0x4, 0x5, 0x7, 0xfe, 0x5, 0x2, 0x0, 0x4}]})
r6 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0)
syz_usb_disconnect(r6)
syz_usb_connect$cdc_ecm(0x5, 0x56, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000102505a1a4400000000101090244000101000000090400001202060000052406000005240000000d240f00e50000008700060000090581030002c0b9ff09058202080000fd00090503020002"], 0x0)
ioctl$EVIOCRMFF(r6, 0x550c, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x3, 0x4, 0x200004, 0x0, 0x2, 0x0, 0x1], 0x80a0000})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_REINJECT_CONTROL(r4, 0xae71, &(0x7f00000001c0)={0x17})
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c8013f720ea"])
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000004b3cf47f5"], 0x7c}}, 0x24000000)
r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r9 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r9, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
move_mount(r8, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

7m1.148361495s ago: executing program 4 (id=2337):
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0x64}}, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x8)
close(0x3)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/keys\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000180)={0x2020}, 0x2024)
lseek(r1, 0x1, 0x1)
syz_genetlink_get_family_id$SEG6(&(0x7f00000000c0), r1)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreqsrc(r3, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @local}, 0xc)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x88040, 0x0)
gettid()
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001000)=@base={0xb, 0x5, 0x4, 0xa932, 0x9, 0xffffffffffffffff, 0x800008}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000021c0)=ANY=[@ANYBLOB="180000000000b61c000000000000000018130000da269a24a0aa7413ac6f8eb8f2be2b82bbb8c3bf81e6b1fdc82d910296cca4e316d8aadb4030b1b6173a9113571d558cdf4dd0d7b333e694220901709ff9ae48daada5bf55d64c38904c444fbcdd2549b96937e93cd215bad284a13701cafae07bfa20bc41c705000000f8a4a41ce10a10c474057d33433690eead25a2bef2140bc5f91c4e2ddc8f5ae1df2bca965c20ab0efbf469ed83f3ccc5e92f839bbeb980e50282f63df29f3d4446a7af6b10f0cf8f20937b63d86cfbaefb799f46", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000f9ffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r5}, 0x10)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x15f, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
ioctl$BTRFS_IOC_DEFRAG(r6, 0x50009402, 0x0)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000000)=0x2010, 0x26)

7m0.758695892s ago: executing program 4 (id=2339):
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="7800000002010300000000000000000000000003140005800f0001006e657462696f732d6e73000008000c4000000004480001801400018008000100e0000001080002000a0101000600034000010000140001800800010000000000080002007f000001140001"], 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r1=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000071000100000000000000000007000000", @ANYRES32=r1, @ANYBLOB="0c000180080001000300010020"], 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x50}}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x400000000000235, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2842, 0x0)
close(0x3)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_MESH_CONFIG(r4, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x28006100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0xb4, r5, 0x4, 0x70bd2c, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0xfff, 0x30}}}}, [@NL80211_ATTR_MESH_CONFIG={0x4c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL={0x6, 0xc, 0x8}, @NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL={0x6, 0x19, 0x400}, @NL80211_MESHCONF_PATH_REFRESH_TIME={0x8, 0x9, 0x9}, @NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT={0x8, 0xb, 0x2}, @NL80211_MESHCONF_CONNECTED_TO_GATE={0x5, 0x1d, 0x1}, @NL80211_MESHCONF_PLINK_TIMEOUT={0x8, 0x1c, 0x9eb}, @NL80211_MESHCONF_CONNECTED_TO_AS={0x5}, @NL80211_MESHCONF_RSSI_THRESHOLD={0x8, 0x14, 0xffffffffffffff02}, @NL80211_MESHCONF_HT_OPMODE={0x6, 0x16, 0x8}]}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x2b}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x4, 0x75}}, @NL80211_ATTR_MESH_CONFIG={0x24, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME={0x6, 0xd, 0x1}, @NL80211_MESHCONF_PATH_REFRESH_TIME={0x8, 0x9, 0x6}, @NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0x7}, @NL80211_MESHCONF_GATE_ANNOUNCEMENTS={0x5, 0x11, 0x1}]}, @NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL={0x6, 0x12, 0xa}]}, @NL80211_ATTR_MESH_CONFIG={0x4}]}, 0xb4}, 0x1, 0x0, 0x0, 0x5e040}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r6=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x70bd2c, 0xfffffffd, {0x2, 0x18, 0x0, 0x0, r6}, [@IFA_ADDRESS={0x8, 0x1, @empty}, @IFA_LOCAL={0x8, 0x2, @multicast2}, @IFA_FLAGS={0x8, 0x8, 0x128}, @IFA_BROADCAST={0x8, 0x4, @multicast1}, @IFA_TARGET_NETNSID={0x8}, @IFA_LOCAL={0x8, 0x2, @broadcast}]}, 0x48}, 0x1, 0x0, 0x0, 0x871ac4b30833d133}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
sendmsg$nl_route(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}}, 0x20008084)

7m0.001389793s ago: executing program 34 (id=2339):
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="7800000002010300000000000000000000000003140005800f0001006e657462696f732d6e73000008000c4000000004480001801400018008000100e0000001080002000a0101000600034000010000140001800800010000000000080002007f000001140001"], 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r1=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000071000100000000000000000007000000", @ANYRES32=r1, @ANYBLOB="0c000180080001000300010020"], 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x50}}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x400000000000235, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2842, 0x0)
close(0x3)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_MESH_CONFIG(r4, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x28006100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0xb4, r5, 0x4, 0x70bd2c, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0xfff, 0x30}}}}, [@NL80211_ATTR_MESH_CONFIG={0x4c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL={0x6, 0xc, 0x8}, @NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL={0x6, 0x19, 0x400}, @NL80211_MESHCONF_PATH_REFRESH_TIME={0x8, 0x9, 0x9}, @NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT={0x8, 0xb, 0x2}, @NL80211_MESHCONF_CONNECTED_TO_GATE={0x5, 0x1d, 0x1}, @NL80211_MESHCONF_PLINK_TIMEOUT={0x8, 0x1c, 0x9eb}, @NL80211_MESHCONF_CONNECTED_TO_AS={0x5}, @NL80211_MESHCONF_RSSI_THRESHOLD={0x8, 0x14, 0xffffffffffffff02}, @NL80211_MESHCONF_HT_OPMODE={0x6, 0x16, 0x8}]}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x2b}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x4, 0x75}}, @NL80211_ATTR_MESH_CONFIG={0x24, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME={0x6, 0xd, 0x1}, @NL80211_MESHCONF_PATH_REFRESH_TIME={0x8, 0x9, 0x6}, @NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0x7}, @NL80211_MESHCONF_GATE_ANNOUNCEMENTS={0x5, 0x11, 0x1}]}, @NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL={0x6, 0x12, 0xa}]}, @NL80211_ATTR_MESH_CONFIG={0x4}]}, 0xb4}, 0x1, 0x0, 0x0, 0x5e040}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r6=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x70bd2c, 0xfffffffd, {0x2, 0x18, 0x0, 0x0, r6}, [@IFA_ADDRESS={0x8, 0x1, @empty}, @IFA_LOCAL={0x8, 0x2, @multicast2}, @IFA_FLAGS={0x8, 0x8, 0x128}, @IFA_BROADCAST={0x8, 0x4, @multicast1}, @IFA_TARGET_NETNSID={0x8}, @IFA_LOCAL={0x8, 0x2, @broadcast}]}, 0x48}, 0x1, 0x0, 0x0, 0x871ac4b30833d133}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
sendmsg$nl_route(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}}, 0x20008084)

12.045963498s ago: executing program 6 (id=3861):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x20002, 0x0)
ioctl$VT_SETMODE(r2, 0x5602, &(0x7f0000000100)={0x40, 0x7, 0x6be, 0x9, 0x4})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'dummy0\x00', <r3=>0x0})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r4, &(0x7f0000000380)="a6e2976b", 0x4, 0x80, 0x0, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f0000000340)={&(0x7f0000fff000/0x1000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd80}, &(0x7f0000000300)=0x40)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="9c0000001000ffff26bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="973401002120000008000500", @ANYRES32=r3, @ANYBLOB="7400128009000100766c616e000000006400028006000100010000004c0004"], 0x9c}, 0x1, 0x0, 0x0, 0x1}, 0x8000802)

11.802995895s ago: executing program 6 (id=3862):
syz_usb_connect(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x94, 0xde, 0xaa, 0x40, 0x54c, 0x6c1, 0x673e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, [{{0x9, 0x4, 0xe8, 0x0, 0x2, 0xad, 0x9d, 0xd0, 0x83, [], [{{0x9, 0x5, 0xb, 0x4, 0x400, 0x94, 0xd, 0x3}}, {{0x9, 0x5, 0x8, 0x0, 0x400, 0x8, 0xf9}}]}}]}}]}}, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0xfe, "0062ba7d82000000160000000000f738096304"})
r1 = syz_open_pts(r0, 0x900)
r2 = dup3(r1, r0, 0x80000)
read(r2, &(0x7f00000000c0)=""/226, 0xe2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000280), 0x4000, 0x0)
ioctl$HIDIOCAPPLICATION(r6, 0x4802, 0xfffffffffffffff8)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000200)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r10, {0x4, 0xa}, {}, {0xb}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x1, 0xb}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8858}, 0x20004804)
r11 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000001c0))
close_range(r11, 0xffffffffffffffff, 0x0)
read$watch_queue(r2, 0x0, 0x0)

11.376329508s ago: executing program 7 (id=3865):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
r2 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee200090582"], 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0) (async)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) (async)
r3 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0xc8080) (async, rerun: 32)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x9, 0xa750, &(0x7f0000000b40)) (async, rerun: 32)
setpgid(0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000008000120000000800060002000000080009000000000018000180140002007665746830"], 0x3c}}, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r3, 0xc0045516, &(0x7f0000000000)=0x639) (async, rerun: 32)
r6 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0xc2d3, 0x10100, 0x2, 0x26f}, &(0x7f0000000180)=<r7=>0x0, &(0x7f00000001c0)=<r8=>0x0) (rerun: 32)
syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r6, 0x79a5, 0x2, 0x46, 0x0, 0x0) (async)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f00000000c0)=0x80000000) (async, rerun: 64)
readv(r3, &(0x7f0000000180)=[{&(0x7f0000000200)=""/147, 0x93}], 0x1) (rerun: 64)

9.166418582s ago: executing program 6 (id=3874):
openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000340)={0x1d, r4, 0x0, {0x1, 0xf0, 0x4}, 0xfe}, 0x18)
sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000540)="81b641f1", 0x4}], 0x1}, 0x4048081)
setsockopt$SO_J1939_FILTER(r3, 0x6b, 0x1, &(0x7f0000000180)=[{0x2, 0x1, {0x0, 0x0, 0x3}, {0x0, 0x0, 0x4}, 0x2, 0x99f499b4b67a323b}, {0x3, 0x3, {0x2, 0xff}, {0x0, 0x0, 0x3}, 0xfe, 0x2}], 0x40)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x4206, r5)
waitid(0x1, r5, 0x0, 0x8000000a, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x74, r4, {0xfff3, 0x10}, {0xfff1, 0x9}, {0x2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x48040}, 0x20000050)
r6 = syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
ioctl$BTRFS_IOC_SET_FEATURES(r6, 0x40309439, 0x0)
write$binfmt_misc(r7, &(0x7f0000000000)="180c4552", 0x4)
write$binfmt_misc(r7, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000000400)={r7, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x800000000000208, 0x0, 0x0, 0x2, 0xc, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100000000020000ffffffffff000000ffffaa5500", "2809e8dbe108598948224ad54afac11d875397bd3c5240f45f819e01177d2d458dd4992861ac00", "90be8b1c55080000000c547d03d8a0f4bd00", [0x0, 0x6]}})
shmget$private(0x0, 0x1000, 0x40, &(0x7f0000ffc000/0x1000)=nil)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000c80)={'syz1\x00', {0x4, 0x6e2f, 0x11f9, 0xfff8}, 0x4c, [0x8, 0x8, 0xfffffff7, 0x7f, 0x5, 0x9, 0x7fffffff, 0x0, 0x46, 0x838, 0xffffff0c, 0x3, 0x101, 0x9, 0x2, 0x4, 0x3, 0x4, 0x7ff, 0x2, 0x0, 0x800, 0x6, 0x6, 0x5, 0x10001, 0x7, 0x4, 0x77, 0x8000, 0x7, 0xd, 0x401, 0x7, 0x8, 0xc68b, 0x200, 0xff, 0x1, 0x0, 0x7fffffff, 0x0, 0x59e6, 0x101, 0x2, 0xdb, 0x1, 0xe, 0x9, 0xf, 0x4, 0x1, 0xffffffff, 0x800, 0x7f, 0x9, 0x6, 0x23c2, 0x0, 0xc10d, 0x7, 0x8, 0x2, 0x3], [0x2, 0xc, 0xff, 0x7, 0xa, 0x9, 0x1000, 0x100, 0x3, 0x6, 0x8009, 0x2, 0x4, 0x7, 0x2c85, 0xf77, 0x60, 0xb, 0x1, 0x8, 0x71e4, 0x1, 0x10000, 0x3, 0x9f3, 0x800, 0x0, 0xe842, 0xff6, 0xca, 0x9, 0x7, 0x7, 0x6, 0xa, 0x6, 0xc7, 0x2ff, 0xf, 0x1, 0x550, 0x2, 0x3, 0xb, 0x80000001, 0x0, 0x3d, 0x13d, 0x101, 0x9, 0x10001, 0x9f, 0xe2d9, 0x783, 0x5, 0x0, 0x4, 0x8, 0x3460, 0xffff, 0x8a42, 0x4000, 0x100, 0x1], [0x62e2adfb, 0x9f57, 0x4, 0x3, 0x9e, 0x8, 0x1, 0xfffffff7, 0x1, 0x2, 0x4, 0x4, 0x6, 0x4800000, 0x0, 0x9, 0x7, 0x9, 0x5, 0x5, 0x80000001, 0x7, 0xffff8000, 0x8, 0x3, 0x6, 0x10001, 0xfff, 0x0, 0x8, 0xffff2f9e, 0x9, 0x6, 0x3, 0x8, 0x3ff, 0x3, 0x5, 0x3, 0x690bd85f, 0x7, 0x3, 0x9, 0x200, 0xb3, 0xcf, 0x2, 0x6, 0x0, 0x7fff, 0xc8, 0x8, 0x2, 0x5, 0x100, 0x7ff, 0x2, 0x5, 0x6, 0x4, 0x5, 0xa0, 0x1, 0x7825], [0x3, 0x0, 0x4, 0x6, 0x2, 0xf, 0x5, 0xfffffffd, 0x10001, 0x2, 0x2, 0x2, 0x2, 0x7, 0x7fffffff, 0x3, 0x2, 0x7, 0x9, 0x5, 0x5, 0x2, 0xffffff7f, 0x0, 0x1, 0x5, 0x8, 0xc6d9, 0x631, 0x3ff, 0x4, 0x1, 0x4, 0x5, 0xe, 0xffff, 0x2, 0x7ff, 0x6, 0x10, 0x6, 0x1, 0x6, 0x80000000, 0x3, 0x3, 0x10000, 0x9, 0x2, 0x2, 0x6, 0x2004, 0x3, 0x2, 0x8001, 0x0, 0x5, 0xb9, 0x101, 0x400, 0x22, 0x2, 0x75, 0x9]}, 0x45c)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)

8.225634442s ago: executing program 7 (id=3876):
r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x1a1300)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r1, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
read$FUSE(r0, 0x0, 0x0)

8.019063782s ago: executing program 7 (id=3878):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$swradio(0x0, 0x0, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r3, 0x4144, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="30000000190001000000000000000000021800000000ff000000000008000100ac141400"], 0x30}}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={0xffffffffffffffff, 0x58, &(0x7f00000004c0)}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0xb, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000fdffffff000000000200000018050000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000500d0000850000000600000095"], &(0x7f0000000180)='syzkaller\x00', 0x6, 0x2d, &(0x7f00000000c0)=""/45, 0x41000, 0x4f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000005340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x2000c880)
syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000082505a3a440000102030109023b000101000000090400000302060000052406000005240000000d240f0100000000000000000009058202400000000009050302"], 0x0)
syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
socket(0x40000000015, 0x5, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f00000002c0)={0x5, &(0x7f0000000280)=[{0x8, 0x5, 0x10, 0x10000}, {0x2, 0xff, 0xa, 0x3}, {0xfff8, 0x9, 0x2, 0x6}, {0x520b, 0xff, 0x1, 0xfff}, {0x7, 0x4, 0xa, 0x4}]}, 0x10)
write$binfmt_misc(r4, &(0x7f0000000040), 0xe09)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x109301)
ioctl$USBDEVFS_RESET(r5, 0x5514)
close_range(r0, 0xffffffffffffffff, 0x0)

7.899957564s ago: executing program 1 (id=3880):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030003110000002cbd7000fcdbdd2503000900800000001cdc0dca1d9f68846960e56de42944af05000600002000000a000000000000000000000000000000000000000000000102000000000000"], 0x88}, 0x1, 0x7}, 0x0)

7.798610345s ago: executing program 1 (id=3881):
syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000f00)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0xa8e81)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x4e02)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000003c0)={0x9, 0x3, 0x0, 'queue0\x00', 0x6})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r3, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x0, 0x7}})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r5, 0xc0045005, &(0x7f0000001180)=0x2000000)
r6 = socket(0x840000000002, 0x3, 0xff)
sendmmsg$inet(r6, &(0x7f0000000c00)=[{{&(0x7f0000000080)={0x2, 0x0, @local}, 0x10, &(0x7f0000001980)=[{&(0x7f00000000c0)="a9050000000074640006000000003552bde5c064c6", 0x15}, {&(0x7f0000000040)="174640b6d80fb2eedc81ba60cc0800", 0xf}], 0x2}}, {{&(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x10}}, 0x10, 0x0}}], 0x2, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r5, 0x5008, 0x0)
r7 = syz_io_uring_setup(0x65e4, &(0x7f00000000c0)={0x0, 0xce24, 0x2000, 0x1, 0x261}, &(0x7f0000000340)=<r8=>0x0, &(0x7f0000000480))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
io_uring_enter(r7, 0x6f4d, 0xb29d, 0x43, 0x0, 0x0)
ioctl$SNDCTL_DSP_SYNC(r5, 0x5001, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000e80)={&(0x7f0000000e40)=ANY=[@ANYBLOB="1c0000001a0001365941334642adcbd65e000000000000000000810000ff0000000000000000"], 0x1c}}, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, &(0x7f0000000140)={0x3, 0xffff, 0x46, 0x0, 0xd})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2)

7.442888802s ago: executing program 6 (id=3882):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0xc040)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000240)={0x0, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2f}}, 0x10)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000180)=@x86={0x40, 0x1, 0xc, 0x0, 0xfffffffc, 0x0, 0x10, 0xfc, 0x7, 0x83, 0x9, 0x1, 0x0, 0x0, 0xfffffff8, 0x1, 0x8, 0x3, 0x0, '\x00', 0x0, 0x1})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x2, 0x0, @ioapic={0x0, 0x9, 0x0, 0xfffffffe, 0x0, [{0x2, 0x4, 0xa7, '\x00', 0x80}, {0x9, 0x8, 0x2, '\x00', 0xb}, {0xff, 0x7f, 0xd3, '\x00', 0x67}, {0x0, 0x5, 0xf5, '\x00', 0xf}, {0x7, 0x9, 0x8, '\x00', 0xb4}, {0x0, 0x4, 0x54}, {0x7, 0xd5, 0xf1, '\x00', 0x7f}, {0x3, 0x1, 0xc}, {0x7f, 0x5, 0xb, '\x00', 0x8}, {0xd7, 0xe, 0x8, '\x00', 0x6}, {0x0, 0x28, 0x80, '\x00', 0xdc}, {0xff, 0x1, 0x80, '\x00', 0x1}, {0xfc, 0x7, 0x26}, {0xcf, 0x5, 0x8, '\x00', 0x6}, {0xf, 0xee, 0x7, '\x00', 0x3}, {0x39, 0x2, 0x6, '\x00', 0xb}, {0x9, 0x6, 0x2, '\x00', 0x1}, {0x4, 0x4c, 0x5, '\x00', 0xc}, {0x7, 0x1, 0x7, '\x00', 0xc2}, {0x0, 0x80, 0xe, '\x00', 0x2}, {0x1, 0xc, 0x80, '\x00', 0x7f}, {0x10, 0x6, 0x12, '\x00', 0x10}, {0x1, 0x3, 0xf3, '\x00', 0x4}, {0x7, 0x6, 0x4}]}})

7.168196988s ago: executing program 6 (id=3883):
ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000380)={[{0x0, 0x6, 0x7, 0x9, 0x7, 0x8, 0x4, 0xfb, 0xf4, 0xff, 0x0, 0x36, 0xfffffffffffffffc}, {0x31, 0x4, 0x7, 0x9, 0x6, 0xb, 0x4, 0x6, 0x9, 0x4, 0xe3, 0x10, 0xfffffffffffffffa}, {0x1, 0x8, 0x5a, 0x0, 0x2, 0x3, 0xaf, 0x7, 0xff, 0x6, 0x2, 0x5, 0xe}], 0x3})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000040)="bf", 0x1}], 0x1, 0xd)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, &(0x7f0000000340)={0x80, 0x40000094, 0x0, 0x0})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r4 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000280)={[0x8000000000000038, 0xfff, 0x10000000215b9037, 0x40180, 0x400000000001, 0x11, 0x8000000000f1, 0x0, 0x5, 0x80005, 0x40, 0x101, 0x2, 0x7fff, 0x5, 0x7], 0x4000, 0x1d1293})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000013c0)="d0", 0x1}], 0x1}, 0x20000801)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

6.920029395s ago: executing program 3 (id=3885):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)=ANY=[@ANYBLOB="78000000070a010200000000000000000a000006090002007379063d00000000889269060a129b305800040008000180090001006d657461000000004400028008000140000056d6080003400000000008000140000000010800014000000009080001400000000b080002400000001e080001"], 0x78}, 0x1, 0x0, 0x0, 0x20048055}, 0x1000c080)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r2)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x8904, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'veth1_to_batadv\x00', 0x7101})
r4 = socket$alg(0x26, 0x5, 0x0)
syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0x21c, &(0x7f0000001140)=ANY=[@ANYBLOB="d200004e82fc1a4c6e2d1a562ef844a2463456adc7a9750e2507994c67971731f264af19f77d719a4f2b89b98bebd08556f58de6c6767cefccbef0e1c502f2c0e6cdd9d6bff86668d861fcea37a2d89bed9952ff056a360f3bf9f199c75b14808cacb6d4fae8661aad6d24a15a0ab2c3bda7af6993159f9423007407e89166d60a3835c8fa948fa7dc20c35c8cc8283023c109994aacdee5efe6e277230e108d9d294fbfaf0f1ba5f49b200f62dce04435158b99fce572c3bd79b5085b6c59def7923ccf0d13d63f92836359fc85d11628cdbfb3277a00009400004e6900c098aa0fb6e80137846e32b6af5258726cf70953055c782bfe39bf56c1b0af76f5c67bc26f8c92ca835461a229a95e1daf40f23714f4208bc713dd7d47678b826a4c9f61e890e7c8131d0ffbddf977206de384623dd73dfdf8530bccbc71b90b78485e3b9638ee24f2582e7da570ac0a0480df9cd68cad7787a81ab3ec46e612f4143982e19489e2a6ffedcc37ce3867614da800004ed19a9a2e22193dade5fdc784869e79f161cf22a255e52480814f4579604118d4e04e457db29d55a5ce93aba4ca183e0527ef687d9d181fc6434b420b01d01537e758065ce519bdf736a216333443cf36eddc8d5f2755309b7c24f176e8388ebe37c3959b92feae7f7049164cd80e97a82d2b893a8d550d273f8dbd5a7c4ff064c33a34046f28788400d5dbc23bafad10c1c8be1840ab84f319c5ca52aadcecd3a5807a4e35a7ba06"])
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000006fc0)=[{{0x0, 0x0, &(0x7f0000001f80)=[{&(0x7f0000000d40)=""/13, 0xd}], 0x1}, 0x3}], 0x1, 0x1, 0x0)
r5 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000030c0)=[{&(0x7f0000000340)="1400000016001963d25a80648c56915a19aa2bfe", 0x14}], 0x1}, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000640)="5d2c53fbef80181fae0c3c362425a3dc9c29ab06095c301a247a05663dd0339e33f937723c0e747e4b692263874b83110b47a6464cf43728c8f87a5de29499a43ba740851fece0e2073dfeeced3bb6060d5f60cd20e5e9f30ebb98ab5c138e5dc4eb010e92484619372fcdbb86e4d0d4755120dec9df1876bd842878129f92ebd35a08aa9e00000000000000000027a1d7dc28c595c7d6c318bf301dfbaa5b3da6eb8aaa9fd28ecfb419a4e04cca27ce7553e970a97929556eea89afb4274912cd693e5f9159b9f6f2b750cf30f13920fa253b9b244994b53efa1f7977970bcf27656beccbe10b62ed97566b39a772b3fe08bc264cc0942e57af568ae26941c8f66769dfffa859ebd8d427c1c7cfe8b7ad11363f178cfbf39f0f137fc695b0ee05b7a23f68327fe14a98438a96042eb55397f57f066ce823e33cceeb807bca0fb89e2014", 0x144, 0x20000000, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x0, 0x2ce9}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000200)={0x0, 0x9, 0x2ce8}, 0x8)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000180)={0x8, 0x7, 0x20a, 0x3, 0x7, 0xfffffffd, 0xffffffff, 0x7f}, 0x20)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="b4000000", @ANYRES16=r7, @ANYBLOB="010028bd70000000000001000000840008808000008024000100d1732899f611cd8994034d7f513dc957630e5493c285aca40065cb6311be696b5800098028000080060001000a0000001400020000000000000000000000000000000000050003000200000028000080060001000a000000140002000000000000000000000000000000000005000300010000000400008014000200776730000000000000000000000000000800050001000000"], 0xb4}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)
recvmsg(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000001580)=""/4090, 0xffa}, {&(0x7f0000000580)=""/163, 0xa3}], 0x2}, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
setxattr$security_capability(&(0x7f0000000d00)='./file0\x00', &(0x7f00000010c0), &(0x7f0000001100)=@v2={0x2000000, [{0xed, 0x10001}, {0x37d1, 0x4a}]}, 0x14, 0x1)
sendmsg$tipc(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000200)=@name={0x1e, 0x2, 0x0, {{0x43, 0x3}}}, 0x10, 0x0, 0x0, 0x0, 0x7, 0x26040885}, 0x4810)

5.946975591s ago: executing program 1 (id=3887):
r0 = memfd_create(&(0x7f0000000100)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'e\xe5\x8f\xf8\xd2\x1c\xc0\xfb\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6&\xd0\x9daA\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\xfe@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xf2\xde\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\x91\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7yn\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xefCGa\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xca', 0x2)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x4000, 0x0, 0x940a, 0x1000007}) (async)
openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000000)='cpu.pressure\x00', 0x2, 0x0) (async)
fcntl$addseals(r0, 0x409, 0xa)

5.492890327s ago: executing program 1 (id=3889):
syz_open_dev$I2C(0x0, 0x1, 0x2003)
r0 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0xe7, 0x2, 0x7, 0x1, 0x1, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x8, 0xd2, 0x3, 0x47}}}}}]}}]}}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000800)={0xfdb8, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x1, 0x13}})

5.177079775s ago: executing program 3 (id=3890):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
fsconfig$FSCONFIG_SET_PATH(r2, 0x3, 0x0, 0x0, 0xffffffffffffffff)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x84)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
chroot(&(0x7f0000000040)='./file0\x00')
syz_fuse_handle_req(r3, &(0x7f0000000900)="a1af56567af19ce4706948d30f35abf6494690656d554e6190797369db23a30bf328aa47a2e54509379ba2e477e6e0461d2e45920d509fa49de04732cd2f4a4e34d73eb464d09605a698ad2219a2175ebcc560f740fe531ba46ded4232d273d1865282844f5a3b54d7f154c21a8a82228e27b2c1af662a92e53d81cae3ea68707ce43f89c3321797039a0a39e24b83035dbfb1ac9668b5f87c4ae50250e92c8b113ed58f60015d9c1990253e6646c02901b08a2ec0acceb7ac1e28f59b1e22663432bd5435083b604934bda5f4897467677ac5609bb6e1d1f938a1a8238d2df6db69fcffa48a08ef9231830ceb045a999a9ba43b4d605ce7bb4736ee8bdaac3399576ad3d434c12f1ae8fc5e06dbbfac985d7105c3b7f431854465b6f732e1397e4647e88a86b0a3b01c1ef689a4bd3963deb3b06190576c690ab257b9845b4d412f248184e124b5228f4236d020d4b80ff0772d9515685918c41cad06498a6833d591c191916067759bfeceec176d582621bf23b8d827e2c8977822d64ca19c168fa8a4ea90a60ed60854342e7c42ce11f414dcff1fff715d10ed263d305e5c563ee13a1527795b012e01b8442026032a761cf5104f00dc28a761596d8393e3750be1a8788fa7152a3cd8e051a963120417af9bd3e659bbaac6406a70ba347641aeffac9436fc2352bf7822dabd7a4911a5b947f9c07f805e67ec8c7d787ff358b426494b87aaac46c2d4061cddf2b257cacbba656cda626b0d3fa11881e99799b92f0a07813eac359a64a61a03d6527a24a4fee8e6cbd74932adba5ad3a865788e874b796cc8555522b19f76676646f21f31fad8c360982ce2b23fd4aec43bff16e0f3f1e1e804daf28f236081d0686108fde25f7e6a7bef08b793beca5b21b5f4893543ef1e3a216378cb76a54fa879ad9624a60a0b3306c8548e1a22b735213969421dc9ef70338bb780ad55adfb6b4f4ca3d8ce7c697ce3f0a6210a27cc900ea2218c52ac06bbcbb91adff643f1a3b93db67d7902f23eb89ab2f892970551127b39e7bb9f37c62adb8abed20c8c84531d143c6be2b8b05766e248a94aae400b36a3399ba174ffe14ffd354f508ce30ea991f57018a3534e0eac9cb49d0e6085f93b367d817ee83b24c11f9d38044a9739f4fd41b6a8129fda808bb930beba6223dfe154b23d7c39ac4fb6656169275c31e15d37d3d96b0aaa13637f1c28178f5fc4ebbe1af6acc985c783a30dffde8d7eb0c8863e3481caf2606a4b6930c234736404d4eeefdda697193f57d332540a423831db671d7d3e8e15ef3d6a26b83a5053bdc2f0b378c6b39ad0b8b9c7bd5c4bf81018ce15d0b344772f6c6f469e40c9848cbcb1b3ccb721b4b1f895a6e034380d882bd30a20f1c2b8ae138e6728306e16f6093774d21b798cd73a16bc577be751deb434ef019dd454fa3ce3cc3b2634ea4957548bf226d0b24bce757382c639dae891e55dcb24ffc9dc2c08acfafabd4565dbcad34e1a8e781c56e9144f0e85a5cf6c79a5d1a8b3479cdc178215f05081eebdc03607798c66fd043824756e896c2b69fe5e843e0eb26c86a37a8944e93a7f3b2a863136d56579d0377f9424cf00dd6da7b19066f990ce05e1b93479f125cbcc5c91aea56ef04950164079f5e22ebfd77d54676b2de392ab20298876bce1ae9941ae109d7088edb29d02539aec8f276b862bb28fa6a68bb1a0bda1b0ec6e5891e93777d9b126d6add7eb36a7f75c435618d368c04156f8a116d0c843ad04842d7b7c84cd87e75fb81ec16ef184fd3119c16c950b84bca9a12a86f0e333d9fe34130a0000e9772dc8b94c491e16db0c537e211b01c9f13f9e7a7b2f4d8053baded5d6018561b547562efbeab2946f3ef872d0256196c75fd7f520da7aea0f63a278052925c6c88307bed0336c5632ca98086e7712af309f99a6adb3ec4417eaa9aefe3fd43c4402bc13868832d6dfaa97de7ed43fe3711917de97058d60067d5eeb90ecb428182d07092c516e6eef6781756e308926faa9796dd1a29dd4c3827115fa8e14bbe449f4144785b9581a198273adb8bab0d4080adbb592b25fd74d426233f537562a4a98b07f4b2060b4f496c66a0169391b713fdd991fa90cfc313245f57900d980adcbd46ada0a7bdfdfec4bf8ba12e37724c9dfd7fbbe4541bf21cc393249a555746268e7e33bdb43f2cd4932e39fc818e49d0e588d12a3a297be074ad83db57be9d4455ab0685b087e8ee9f5c7c33e10c9d6be572b58c88b79756c45eb9eed6d0275944d9cc1cbc8c498917aa2fd79c00567d4f9f768579f891e23fa9548c5fbff150d2873ecc72da8d0077a223f9d18700b690d8046783bba756a2c9863b7ffc7022b2da68a332f72f704bc38a0fcc4f445891f1ca1ef5dad28b87ce8bdef23ffe29ee23f2c0a002c80cf99399dc7276aec6f9d8b6ff3d7554409a4e38d2029a43f8a70da62b33c44f5f4f299eec825302c52e5f83d462b81512775107059826c8880578f01d8cb53af86ad61a7e36c2ccdf55ce197ec2a78219a5b952a9bd12ac2cc3271e84e6dad464c7ec9d9f0310614200a98cfa933d5db05c00c95c59fc5bb8844ff856ee7f9b091700b1a93ae1c00a40d9e5e6ce036f90a6dc34faa9dc8e8972c49b055f9a43ae10251705a960f2cfc8430cf9bcafc26c8eccc8b75a788beb41d180d4364f3083f3ffb5e39049979903c76f440810b7ea608ff84f5e56f9e0653bf15b6b6332d458f8d2e2b17d7bd2305a8909996d2ebfc2ee2ff697fccb215bd8c73d4b9f5b597308f98ed8fbda58f52cf8443f5a9db7f0f6e75e1c9e47d73f8d0624e9e6f33c2dee3c6ff394082d78ffd3a68309b3085e1a7c106f62c3959a353672cadadf6c058fe366b03fcd95a23f564c55a3ce9a914c11c8b2d6040147a1539b106adecce531646fea4db06775fe5d1bf9cb0107941b620043ac9b7936b2af9849eca9c46062945b137dfa355a7ee0c81a0193fa60a70e59b407af06a7f181a3e4ccc81f2c580a6c6cf67a8bf93eb8ff2151b7074144bf7c5cff97814e0c00c138d984559ac8b95a45a4497174130bbb0db22fa53187db1d923d9ded441a4d2fcbe0ff5736ecc3d94bfbb2df632ac88a02f2c9f73312e7a9c2d8d6c0bbfc774595e2e63669f2b5bbf6ee6a1ab0c25e313d819b02c785494eda4cace033e96b1ecc5b155a14e0c8d51d54d8bf33e499d0913d9605a419bc6c73c6bb07d1a306adb27dfedbe81a386fb3bb659764442c4d9d66673a916ee5a6ae59abc994fff64f2db0c83e2b18944f619cfdea0ea0911064ab690b2e03670a3e3667651c1980d0491a40312307e4534671c9c8ca8712506eff211577783c81dc05ffae4a9c6d7554f9fec07b25451c70e6f4d4b160544b66d66dd88ef1c77f09133db317c39fca05b68ef3eee3c28cbe31982adb0693fe9699d06654150346915ccdb17c69ea3aa8bb36b5f321060f6237dec73a011b233b81a6337bd77da5da753593fe30282456a0da2c4a18911ab5a8af13c8f623e5684f74f322ba103482d9abec31a684707671759ac8bb2592d66350745f77f18bd6a6cba542644f1fdf0dca14a08f4ffd1365969ee896cb39e845f71590eb4c73cc624cdcfbdea2352ad5173e5e919fcb98f6d960341047d181075ec8b1e92f40ecd5a1bf157925329748cc7af0239a7803a0c947479e070b026baf6738c29c9a8351685abd43775726ec0bfeff4d51fd3fcb04b108de286c5f61a82ef496e20133ef8b4ae243e81b20822ea6285c70bf1a33cb9f4ceeec053f60992c0023bd5acb0d4a9a55ef377f2837784ada634070a85b0a42fabf288130d6b74ca23473fbce932bedb44cd51dae78efd058dde5d7eb4aadfe3dd8346420567e745ced5189db6df22edbc66580a236f6ab148a3efd69bdea3dac7cffb47df44dbef7fcb436902bb30d65d65d5320c3b76ac17f43d27b2deda8692ba03ac2ae60e4ed2a9232c71a98b9869259a410b901f38cd6712f69f2dc3f92b7c5909f3595e99c9fc77d4d33f9a0e57d5f121e2de782b22cf7fb9bf22fc6afde5e42876ff8005f8a042bb5a9b67d60f40a7ad1cd73810a4f704f14823d4074e5a32b028c8360432b8aff539705961fee84d6c60b2b4d2efad60fb20c1da653869349b81e6c3d56c96ce56a833ee9a2b3e92a4b96c5a545910406751b4e7da24a328de0e20042d1ecc3bf7fd97071bb2740f497307501d90fa9c8e5cd63a703096955f4934d9140ad295cae59232cf005574d875e098637ecb757305a51d102ae5323b23a61c1a1b888c5974a243e42bfc391114ba5ba28e2375cf1d6d1a63e6bd5cf9aff9af16bdc927f642151597fe6d18ab008426f25054ee8e39136e2c217ad1f4cbfccdaf9a0cbd97edef5fef9b2ec486a4b21d79021103deec2ceb26c0b0035856ea2370aa3a8de925797722aeeee2d504184988f9f8727915c389f043c3de2b0d8e3046c46b33cb1615f291f272ade0029cad1f1d2e723e62cf739b667b005de14c3ed265e3bc2d553bb232f88b92a8284996c50e141608623ca7677a9cefb85fb0e0e77e23b9767dd65fbc119a15969ecd10f8033d9f37a748a895fd39390563f5f7998bb10eda8610855eaeb2499d8234975edb16c438069e8701bec0a86ae108a19b9f54782648af4b7b04a1d7b6b3a853c24f2393120918d1eed7b40f467c88857ee9cddf5f01db495f3138984387adfe3cf51a47dca021f9f31b44af1d12e7c9f4c768f2a46d5c012a937985f56436ae15528ae3597590c927be9676a4ca80a19d44457b06991c02488c96e31094cd963b64e8623fc7000009ddb29b0dbb13671c321d24e322a05cf215dd04eabc2cc6fdaed762d3f9da0f1e0e4b7ba13a6036771c9403457dfddecb71579de33c597860a2e49d7b5052a6b018ddb409a7a84f8f6651d070a4c913b7a721490c8f97c085de8315019952deae16434a3e5fd5d242b1b333d8a801aaa67e4aa599b818c8e747ecac2e9c6176bec7e34ecb84450903f5aa6c6c6bf539b240506562d73c5dfbacdfbcc9db3089701f2c7fe6d6b8d6728f8a1b90a911338463e6fd824ecda51578865b3c363b4b79f6c698e27760c1090f8ae52d6fd3f0f9488f1c25feab4b48c03ddcf74a8b6d2b0fc6b5a89b8051c99edee357fcb875f523f7a88a5f25222fc0ba159873b47fe906e88f920943e453048cdea455dd98fe77f55d9c92e205b87120ac5ef791cd7d6ce7d2cfe689db61096c6e4fc359c9aa4dd3d1205358da38882073ef7268239f7c74b0f3cd60ca239b2fcdc3f5c774559ffbb2b821f1314987d8cbe5342db9567a864d569abfde85f1124e2b178be4d020c4244ddb0cf4ef7124f295a81b9c10227ea886e6f6ea2dca031a026a4f946f49598b76141a0b18170bb3cfa9136c49c69d71732aa223db1e65553aa03bec9b0a35c31eb4e6b0dab02ec2c2d851a731be9cec6078456631c68761e14dbc9afa2c3f631a160ebf9d1fd3c2ecccf6d4aebaf0fafe2e9f47ea9d386425a7950671cde77c6951ef43a1ed32f0ed6fcda74ca9333d2513e4a40cfca01a17bfbc13b0229e2b16400880d96e4c687fc54ed0b34326126f845bd7cd2063c51abbf8bb61f6f1dc3606959f2dececc6e3e08d808841c4779ca0f5f51e7e03260d0b75b1b0355f8544c1639b2f0bfd6f95c4f6d151073a086ecc890d6366acbcee869020cf347e700a8361bd8d5c53e6480526aaf31c9c655eae11831184746a709387e60d68c062e5e05e578d11687f6a5411ffac4cfd62331f63a9726ae77c5799bcca05d6983c985cd23d025e3367ef8c7ee903de557322f38629628ee3076ac483f8257c6335a478412cad1d73b6fd43c37a62dd7a0ae7601f12b4478c3f2ee105a915ff0552d23a8b9af3ca59013f553006259d4cce52212862d22c08c29affa3520b33a6b68cf2b9f91d9258dc5052bf360977ba81a37701118f635379d852b6481843604c111bcfa4970afd5a0fa52824cb27ac9a77b7575e3e0cd043c29c5682a47fe94fd6c2c225b6d9939b99c18b5fb898c5f28e87a5b6a0bbeaa2c4725cf5494765d79a50d2417e84130bb37f540e8db7064e57935ec3c6f9caa2a9a1ced0f8c6eebcb9b688490b31f864dcd9b726628218b42f45aa82f2bcdf2c7532c9669ea7ffb6842451ac314a35cdb0855312448c24efd6583a582e15ad5e7f7b714f0ac703a24e2ee8769a868079af8660931ba325ea1c9b636ef7b13776204dd733c3bc69f11e026c382ac0fa5ce8413fb9f84408e4648a5e66b8592093a17a42cb105b616b8239d2031200eecb9beca6d411a71f072fd159eac0a4f4392a0cedb96248dad497b2379f3162254045ce276503093e5e7ab062b942cf6f2302a5ab9af1b3a315ec67faf84b70fdbdb39044a22cd7bd0f62ba66ce2257f3aa0f56d53c8157c4db3297087e25ec24696813430f386f5ad55bf6289f62e1492dc6ac3bb5047e933d54ec338cafb3bfae8336215611bc3e8a5cafaca7c70f580570518a675cc2075c7593e1d98ef02b74f06b041b6ed9b06e820d32b413de06235441a52346c3fd2e723816c7b481fbf564a525646ba62c615060b2f9fb0ff0f00c376c6dfcdb060aca7af2f07f6030a2ca324c8380c11f9c1182acdea2123c52f5a40b44909180a14037c760c4ecc10f20206445aa65cf835f09633491f608598f1fe5cb5175ddc48070fe0608335af27ded864f97dd52c235b7c4ece6bda153224b773c64235c1099054a55849cd1af7832abd1383e82f63715c9cc24543397bd56e34fd5d28e49021bb483617a3444fdcf8cdeb33bd8675334a897e17966fcbc1e5c5c5399bb6bf02a9bbfaa5f3c58d2efd007dcb1190af4ab4b71987ff7824bd9b9c6d6fb0b144c1fd462805aabf2c7fbb043ff22b496e41a4a81957892efe74d614d62d4b04bbf544fb03826e9baa2a84f32da4d1154c1d0fbdcc17f24a49633761d2b5962e618d8a9be2bf373cdc9c45ecff0148f355075fde5ad5e8da5d59498eb2b7f77a4c0622edd29d7dfedd748b750d0b48057fa7b8ff575714a408a926f6e0cad081eb24780fdbb116fb8dfefb2006f765ff95fe4def6b83fa97b3f54204a0c00cf71c4a1efeface1198a94610570816d08c19af76b03afa42f722abbfebb2c99a905300918dbcd131fce84632bf4f7f5dabd1b5b05742755b45e50eb89ee278e0f6f1a8ad3d9f907b9accbe4845f6591f8361b52e4dd8f19823efd7e89c2ba80c70671eea397e1953daa12907ce59d940a6dcfb3eef7ba7405bb489c38319ac4fee62dec986f4f0975dc1b9f576ebdbca90c42e7f3b1928154af66de5e54b16d8b6541f55daa90812ea7dab78a87d969e4bf95c47f70ce84f9e41e542bbb91f77105c8314e8bd5d8d37e11d9af07c5dcedfab1f21642bb30fb332f7c6bfe13cde2f28f104344777066afe5b0f6db14390f587e64417b0dab027cef4c5daedc75812a7452d45e57e8e274ad8cd8a10b2b9ce0f371809101e9340f2fa0a59501020e48f862572fef70b350938e00a921fb1c080e933eaad2d56daeed692e7d69d4b95a2d1a620da88247314bd73a20cc7a504427df77ba969b5adbf74321e982c2a1913b66a8687960c8fb71a850c1003c76fe1c3bbbc8eb142dfa01f5df52b72bde0c8884374f72eeb8038ad57beb6c732c511bd5847ae8d4b69e195f87b03379279936dda69e11cfda279f37e53a05cb787f118d66f62a87037981937d6083e47e31de6a2700cb7976c0dfcf972bdd458e561f13b3e30368c8bacb722611db7627ad4e00a34f69a5eb9edc7eae464b2422a4c38bed04c49b15fce25ccd22347720273127236d6e8178cb414d1b4dc36cabd19f713782bde48db7094577042083cf5d42224eaa69e0d70b57e6f1764a825909c48858cda13ab13ee203fd0d57291acf508f91f9bc428d4c9ea06a9df3c9ce183e0c101a4d52fd87866c2146219beb15e616ce239cb025ef3dfdb3a2568a833c88a66a580ca9d3f2b770647d5baa42a707351688dc0be3b15d2cead64792e9e9688ef95ea5274c08ee13c4a3797ce346dceeaf7d81a18181839ebeed412baf43ec1abb35b7930ed7a528f9a0bbccd1ea6eb525488c6731150afe791bf58e524de4cc62e174d134bf5d170132efdb2cbb42b882219de563cbe6280ce4cd8482699442b236d1bd54517c3ad25fb3d68a649920357d85f343f0b46ce4a78b1836b6ecb198f1f1686597206c09ad4534717402eefc0d5a90639f91b84d3de00e7d815059640ada64140687c3e404432c74e91907cdcf3e07e997eed9de114767829833920a9fa5bebf7d99fc4f461375f3426b136b680230c7aa135f0d2d72be7bdf8667a8cf0dd0bf5490e393b5a465d37b9ee0d659c8c0f96681b71a867978b3503a45dfe95e49b9d11b8ca953ab01ec1714ca9ca1e1ed5998e02934901dcac10a2553a94618db7d79c4a48741afe3bceaa994833595808f8080f6eafadd31caee252a7d115db962320be9503147d39a8f3f1b1cd4cf2cd4bf94d9036ea61b2d4791c6326af653847d2b6dd83f5df51eb9473ae0c305abe5f3896175d82a2b569bf100166004886dc58432cd678c0a4a152013b2646a68284567b898e6f3d38a9187b6d10075234b2e11b7c929b308bbcb82f4a8ceafc503f18536092f2965d13875060c926b5404ccf3bcfb1389688fb4bf57ff79201d8a00cbb54a12b3be4693b4a295284c90e7d0f08b632eb0411bbd01d51112afe5db173a8159dd38fe6e9804f6ae779479ffdc697ec572b0934704dfcc3e9b2bec95587285299d1d79192b2324e4eaf4de74df050170562c08e0a821f47745f63ecbbb767846ddcc331f459013ec90de697346f1e57345a51fd9d2233cb3591c406bc25ff5c098c331cd026aca7ac1fb1c35c3d3597c7deb89620a364044b30c77d5071bea5b196a0c380ad40370985713838b1c830130a5fc15c5501748a2c8369e77c3fd4ec2f5de572ee183f526359f28865d68eb87c21f8fcd4a09d76ee6d9ef31561d9c97ae3672500e342a798b04177f2c5896bd06b4c96a58aa839185ae44b838d763872bbf1e7b665848f1e186b5ab6cd4628f4725324981b0aff0b9af2f78883dc8433d2dc26c1766e0ec77c4eb63da1f859c09ace8889fd2c5ec7f7e11eeb547900dd9332b7b96ea6be35aea692e54c1cc3d1211bc843f8e8ce71abb88873e132fe214a7e7670fcac38516b6935b9e0a2eeb43a0aebd25676db551d8cff4fe0b6cecbd59701317022511a2d612864c09496c99af48e1cd066c5bae55b415ec08e99947ac94885ddf875d8f8af199aba32c0bfc27f6e19e57380618e7940481077edf6270ea3befce28a55c2a68a961142e959690ba294afd57c5530a5fbd5f60d791a3f06720947c74cec26a571a9f2e5cf98cccefba8beff72f2570f8a0e1a130c0e85d4fbb6a6f0b881af274c9eb063ef09176d43f8f18bdb35a0acb1c6305ba5563d1b6baff53b1251305de413052667c4cf9f94460bf348fb27ab5719ae44faf02dae55d8eab643040834b04aab15a197568e8ebd296638b01e5ea34e39ed47ffb58a47027d4b7d978028b7812a141df233065e93c20dc736af1cdcedcf7e766eab238b3b4d3df022f50b43973c47d1c80055e4fdf569e50fd382e840b76a6db6c06b1f0603a2234b9175c5e15a22855b57cd5257d9b5a456712f281f83e1c6c87f58be8166f8b2e85e9f54d24fe3b420d77a22745dfc7ebc89e21acf1c6649324f4c5bf53e188ce3216dbdec21a06fa9e61d830814697727305fb48c705c4d6c4bdfb874e43a8fb1423e2d2d6bdfe22a0d2b211d3beb86937c639c934cfe9a4b6c2853ff353829028854e8d7d75f29f01c4d7c297fe0236345ecce914b3be4907788a39c093c9f9e2c930a15563cc453d08123deadf853c83db0e3986d993e44e441a874411b7905708462e1ba42ea22521d7c57089a77b14b6dbe57f0ce69c7c4f1c0d53385655a8ed6294f113d33ad8867ac05e80403e6a8103d1574fab80f43a4a3af93a67678346d7b3b977a1381afb93990b1cc3aa73cc463f72bd898f647f3f5a3b342fb5e37140ddc499edda92ee624039ef3f802c9055e20b7d6e4f5a109cb4ca1bf84d37d1e78d45a10f45602b61216ea8969eba3a0075256faf8e577de835bf0b37311d16310645effca6751cf502a035d7ac7d1ca2c23547a739116efb586dfe2762ca4bf5ce5fc48913efb41a4a93fdb240f0895cdf306ddd13337d38a58402561dd663bbc675e1a378d4f770ba5e308c6ada84faf18ab2b387b0ac139a57dc534e278a1afecafcaed3746701cee14edcd3f35cc39c91ed5be8a178d2fcd97567e8ab661d573278062bfc3c83acbfcdeec7f08d3c1197ccf830c883eaaa01e2cc44e91cdc1c47c03797528a9dd63cde259b4b211b57af121b125fefb26c110da83bbc150e2663a22273cc855cb3c52d02fd92db59a7c876d1a18e66cd64708aa478f3f10e726210dbbe2fb1afedb2034a7d59ad774e73f97d7b4b121cc25b90dd4fb5179816174dc4650b2da366d11a519f4310972944625c839b01040c712c635d967269c6c07189b5b1b496403e35e9ef01ecf7e795c357ae08b4736d2c1bcbe556cc671ffa37677b740baebaeb1b74c922d1ac83cb3ab86735d07ebffe072ca08ebd56d0ae89d5535a63bee75810468b1560534ecdb4a16495f9a7f42164df055942e94011848c5dac783a69fbdcac9c477850320af0c10da48775434088c7d090202f927463123639dbc1d48a871e4f20f75563f6dba586db6d12e2e7f36e7da4915037fcddb4413336b423f6b888bcf297fb8d33493e9fc2e992afeb1b83aaeaf46f4aba9bb0aa2708272ce5b0c90ef9f6c366c20e90d0f87aeba828196acdc4306131c515319776dfab27de1e3a501cfc560bd3a1dd29e54b87de9a01d0351184ed5cc3323cef72fd423dfbb0ac90eeec5474432ec1e4c64d68605c378320c0e97a3d77a409b7d969d6e116c2ba861f57418d8eaac5bff85c416ec5224d92df53d8f272c7e02e832bd21ef4d6b4a9bd307f8c1756c3e6c155bb2ce5807311d60b2fb31357c89119af443af2d3a4d08fb6221aaeee97bfdae51ebf6c51f98300033ec513ad6996041441d474ccf3a2548a11b94527ebc2e24d7519b1ded645da3af62060a4ae19eddc3bf331c4c762d9672de22558c655ba05338d985da134230fef2d0639743bdb4695517dd9e3733827050617b3cc792d12b3280e0000b22ad5130b27f9a5e25b965028874db5b5efdf881043e1279187294bbc35865af7662b23b9adf614a9af41fe4d0c9cfe62106a2bb6d294d3ca554062b2c7a0299f82fd37ee36062055c9f52b3272f411709db86d59db530fd1ed9cc2138817c290a2777d1d54cf4b7b2f8737444b58334a1c26f63ffda10b749b5796fa61ce6f74fecef2c4766a05d0468c1d7056beb8fa9cf7d51d5115690bcb889f09dbe01b1c55ac860a00cc159f6683d33fdca16d815fab5bbf00", 0x2000, &(0x7f0000000440)={&(0x7f0000000340)={0x50, 0x0, 0x3, {0x7, 0x28, 0x4, 0x42800}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r3, &(0x7f0000006140)="e0332f8f5747b9f778142cc174a9b5f0244b78bb6346cb5fc9135b8220090ee698fddc241870359d32327f299718466d88c89e68097036bb35abfe03e3c02234dcdb2c7d1209c657485ca1aa3f2fb80e71397b80fca6f3cf2367fb19eb95e5b4a0170063374645d9e020099ffd7def3d94cd29412b3d7b7a47bc70121be848cfcecea78d41a93622b134bd06e84dec07a9e5abc29cb02d5b9091e748cffacf48352628822bab7b24a17bdf4b3f3bd9fb17793496aa6490da3f58039ce5b40745dd63f82d93bed80b50ca5742d67d39029a98db95c9392e2d5fd9a35bad30cfe98682b5a069738a12c3cfd25949106cfc839202fd21c2b28e44be73280d5037351ead2dd1c277d9cc9088c6b14365eb0937ea9685f6b26232293803260f2c8cfe176b55df304bc2865b8f52581afc4beed445ae8cc405cb7bcc51103aef812c41437c5b070a3591ad0964677f4f9017bb300727dfab009056bee3671a9694be2e2f2173fcc06ceba5aed0d93a3d7cd88365c5c354788efcc705e90d572e34e9e566fc206a8167970ecb9cbc43f4d9de4d43688582b6600dfcfc7379c831e756a45835647bd87879a3e3942c61b9ea2c2af35d49a4caa9a109b0beb972996ff8924ea371e15dc48efd12b1203a7f1fe354977fcf9e4ee2c8f210387e551ddb55e5f67ee6bb9bc8772649693b0adf24606e8ccc59f020834d8cbfcadfa1770549fe464dfc412308fbaee8d30bd20c002794bfb923bac6b490841248d12ad9a0e54d1d96e3aff5dc4930a6c8b7c75264a46af7a6339725fb84e0363463ebaaaf58d6b9309ae7c87a8df8c68d2487d684011de1fa7645f3f48cf3bb61bee8bcace2f8ef5f967f2765f8086aeaa5dcc34c84e379a7ddd6438cccb5b8098dfbffffffffffffeadbc4ad2b2ef98412a46f74a171ad056429dbb723cdb9ca9f9f03170dba2870e5988b7cb755599d1eb8f7eaf5c8ded4b56022cb479d0bdfae18f69f9ecc42f4c181ea10838229ba5db7f088ad8d5f77e49c1fd93ed6b983c43b23c7eeb1233f0c114885057a27cd3f67a309e3fecba241836bc92308b830b10b04af6c9595b44e859b9ca7ef079e151fdd500060787be3a7a5b3e23b06ec70f087134504f8b8e7b6799ebfe14f698ba7a813a380e6f92cace9230aa8094a2465f7224e2becad469d0aaf0e48b0098eacfb17abdb69bb2ebba97a09d2b739b532d70db91fcb0fcb38bccdc01d7c8113024ea8b619e385e58d31899721416e10b408504a9c4fcf870d21051227440a616cf62f6637b62eceaee09029f88009be02269cb5e5ed090c6f5e6c652c31214aef301bd23ec2504f90991cd27539c1b8b54db51825e951d076cd0e70f56de4b91894ce22049205483a0fe7d7886b36118bebd96d138980e26604b6e70a7275c6b81501143119a8c2c271558202eda196704ef9ae3c33301e1afbe56d069ce4926bf531d960f3df58192f3da558adc169d48d39e24e04e95c406b34b1f4ed2726ef0f6a67dd84c75636984191d019cebfa883fdf99affcdb4c874614a5312455403895891daf7469d6721583ccd1290ab05b14516f22965fc52c4a528f1a5c20cc133fea279d9efc991ec4d51d2654daceda234f6d3b0c635db697aba3eeaf8356319adba42428266ac09a6e6495ca8f60c1c4e052068511696296e88ef86a591948627ba97df634e0063eb5f208df00a069b1213c29e58cf76f591253d60de9d7c01d29992ccc728140299c429fec0df9d90f83fa2467ce00de83b16d1b07edb80ff8d4b1b19eea9bd1e2783a0d41215c9cf23bc3ca1ff414e3f29aadba00c5a8d5b44c28c10e99140e5428278e54bfd880a93fd1b54b560422ab2bfcf120a7902373b6442c6e9867b19aa0a6b77b1634ab6fd1c8a1d90d99ebb9ebcb89d593562b266fbc53c40501f9298690283c45059b3f6ee278e46cb3904c947446c28af8855b2a68e6e0c0da205a6e12fdd15b393d579039b31c1a54230ac2ea13cf1f5540046b4dcccdd731fff7323c4880e5d2d8668d8a7f08920715c17ef9652eb55f224c82a6fdb970dbf1032403f283bd868a23f4785a6ab9c0bcd2308dba1a1f258ae512cf64784e501008db366ab7093a6cc4b6ee86154d44a1a15c10834602dd5ccf730f6d1142ac19d113496dbcb80021cb5733924265d082a8453b5c21e0245e4a2627e8df090da6a129ee49c58c1a7437369acdee15f5e4e5638f05d9f6391572d9890219def702a013a2b05239664dba44feec2a9508a3200b47de03e6a784bca2f3633df534af33da0a95a34ca845b61a22ff55a5a4c04ff9e06e7162f458a8c56e106e75ffb76a921f4057dd73d5f3801aa78ca4c78d6b79bce560404c2fe3d57876287f73e84c27c486ffb997951f9e0b3aa81a5e7804ac7360add11e7851842d0ed8df041c999e50226fef006373bbb53d5d8e9d1653924e60234fd0b6645b821746f3d88591ff66e294e8e958ca425ddbc7d604f7cbbcb9d5fe0d4ad53878eb16bc801def1005e1eb12a6d4924d2179948e7aa542f2600ba3c6c600629d64c529c7326c1f38aa4e1a6cc259e58f86400d65d67856c8f4fffc33ad4c279dc05367307f562f8127f37b03c3cf38a97cfde0c02aad8ac40d347a9e0a496f227c068dc6c666fb2b6a18990f607399b0707f135752d93739e1840b5b4c125c81eeeb318869b408f87778451e49f3ad988a8aa97672989ad367833ff7e7f0e79c37ac794fe466623e122127fb94ebbc01bc775183b26b2dc407b1aa1a55d4ce04dbe1df4fba0377fea4c4bfa5a37c4dd733fd116b9c7f50b11dd512ad68646b9ddca295fe27bee78476901fbb5c8d2856ae0e9e21ab26e3587c1325f1fa28edb4081f2ba309d5fc39f7f54abbd0d5a152c2f7e3a8b3a5ef6e097b109061c91124f41f33055a7bb86706629f614d40346715cf2fe387ef4e4fc6646839824d3ef85eeac85bc5e681320f6fa7057e0a10de8c4678b48510f77b91bb397dd1209eaba8ea1f237c348e9e0d7af1229e2c04b6560e48e3a7491f3066b63a8923becdcfd8594c1c55098a51283b599765b049831cacd9478e5e996c778d524b476f6677218c94886d7548be7617e5796e35bb3c9b13d70e4897867d85f0350e9329985f051fb556b861aef7dead54e6b29b9ad837cb4774f47a5371ef034612aa0c151345546b876b53e9f2c06e3ce0113e67eba8842f4ac5b51a61315bf050078c710dcf14371d9593730b1d0302ef999f488bbf42b7360171da98ad68932bda4937358fd1d0c2bcd04f7dbe2beaffa0d53cccda316cb19270cf4aa56695ef3203b49fe92d1623cc1d714da6b8f94112db1781562ab2ae50bda23debd55da440434299c992f2f8c264310d6d8ccdd042737db0253d6889d8bf36fe99a131b73300c9798b8fd58b5fc681b97e71230cd3094e441fe5cf1294bbc28f41146f06e39d5e19e673dd489dbddfc16fe281160a8008e375025cbf25e84945f2f0a5ffb2cd58273328ea9d7533b2f0861eff95823cea18dc1877183fefab808bda0890f91f1d79b36953b138fd62caea3411900647a4afadfecade2ff6274175f06614d108daaf9821c413a137e33c826957953bb39e2d852097f978c3577abcb71d68b45794247d8e82614979708f6d6d0e469828206b22913d6d320d815d42c0d943640c63196f703f946089f535eac511e26c6a5a529e875eb15aaf65fd50dcbaf37a009f2f9081cdbc744cf7aa2336913e89f1961581ad4bb6aeb1d23a787e2d3f99639871df5842c30581263d5139128f0a3f37ef48bb636d7aae06581de6baa55a12019d3ed831950915fdc1eee819dd01047bda606f2852699529718c99606246a92bb1dd9435d8f3a48646c0e423441bc783be358c0c91e6846419b6c0a81354500cb2721834dc11ba40c3bbe5717e5142922a168ca0e20fc269ea584c7f68ff7cced62c4277385368b4ad596b79c45a9c4575c37f300cab37a5693cb777fabed412934d3a77505b17cb2628119ddff45f3fcbffb50386eb9cfb6f82b37fa852ad4b65bf8e2898b11bf051cb7fb0fa81cbf81b9ceebb05498aeb2691eb15297edd682976d5a4f444cdaa82f063bc4482c28c4e6257c7cf3e5ee5a502c6527b77b12725e7526ff896ee2f8066536dce04d63072a34c19d533d4dbdb93e7185482cbf7510c5eef2f8aebebad011727cd8061a367b7e1868252bb43d9a74c9c6a10539e357d5367fac69a9296fe5a79a2e5b45950ff462e0e882aa32ff7f29b5644e5311f3e0b076c58683de29ad9dd8b2c92a41ca8313ac997e44981e82aec550bbf6c88adf3d54e9fdf93d9dce95289e9086043d888f19d209cbea79f8f5b2c81b2c3889eae1cb5305e282b883c4cfa3798eceeabb442a74ff6a8470020a296ef01d8e32553663c844e67e5a3a44375f0074ce9547a6c489ee86d7652219491f35c6b904d51a26c3d2cc77d8ff97050dd0d0aed4a1ecf1db7ac48673a1dcc70ac16f709dcf4b90148aede5302111ceaa3a81c49b724cfa206283b62513f96c1da77efafe2d2d08a5f391ab690b5d974ceed2e95e85b1039def0e94c79cc0aa1de1f8133e985adfadf4a657710487b265bb6692fd2b91a06ac98d50b052b8a13168e2638b93209238fbe67f4590a81a2cdbcc479ca9178720a6ec05bc9457f27ad2e2fd2f4e9c643ef85b6287a01f7fd597799cce7d6464ed3c95110733d4ba92314ba3dd81e51f541a6e37f8bb14376e41560f9049b4ff349a467defc205f915a345b5f06d090645180ca642c719f03e9813bff7fd635660efe38b022130d42f2cedd792bcba2bfb14385c6d1cbe5ff2e38c22f1f8d5e4d93d296042507e43f24ff904827b16f2a3572d26078d7fdb0cfdbe2e6bee07b94ae441e510681c96f97ef0ddbd7efbd80ce0689f6e2022a189dd2937d3eadd82a154a5fac91b5ef48523706957b8d5f55077973e9a036009d745a6df39ba154dc59c4ef784d62b3f2d782dc508242a1b0e4cc294b6e62e98ef946f0d984c3174cf86b8a0beb615f046ec50dd0c8a9c0f36df60bd162f1130f894085e7c47b6c28ff336f5d75166c1840e7ad07204fc10ce976505f6aece0316d8c65b973f61cea2fe4c6db722717985c25249f041c07a86b878702a8c9ab7c33fe41039041aa38489b02a28f18d69ab34619e9e35514c54592c8059984ace64b5302b5f22d68c35c7ffb23c63ce877a1e1b160dd2c329eabcc0e1e3072021bd811de3c0c7a68af20dfb9e2912b7eecc2a8cf083a252d0fe31629b20559f7b976e4d8625644385c692b8cdc2886a42d750962d0dee10a1546ecb7ef961216cc456d2450a44aab07014fe0be076ca6bcb46b644af844b2ad8b3817f1895a5d579af3dc937541f4b7e9203e7a7af534b406d8f6e3bc555d767603122ab1c4e62de19d6af63be8e39fe45732859d6d92e11f1a847f7d62764b6364aa7f95f03cc7deba467da5be71657ae50ff6bf93c51efb7d19ac9887e92fe5f3c9d545209eff307c9e02073bd3404827e148aa63c135ed668589bdfec38cb47716201a9d02f1b03993f89e96b33b32e52ddffb0580dac45422ba7a3fef76e519a3dc8d12eac60c2d2f8c4303aafa3e80135c403360d51c9cdeba3ffb31e664302f587e0e983ede7f9b2bfe2bc64bd5029cfa88445e043e08f3e9affee25e980e75d2664738726e3d2eade7dce0ece78a514bbbe5a54c121374d079e3b05996052d66889742232b73e950e1a9892e7352c9e546a8cfb48332d2b2be6327208ca51dc2869a562581947f62b0d5bfb3e0911d4854f822d6738b4deb195840d2bbae0b074b8d1e1010c24ec00052dce7d259e3044aab1a99d261fb3b49cf09dfc85473f94db06d49e202ca12182283d48144f8389a5301679901600bf8130d36315b277a99204b85a1598f84bd2d4c4893108f6717bf44234181467d6eeee61e1823268b5c60bf04d0e13e429f411b51adfca20ff1a1b1eee203d59b03da1643c3e9fc474a91470116c6c5275542adb10f3adae2ae87e88b93f334e0ceb6216fc081e8d84d8b0a503196dc50599b22b89b807627b427a815aea0dbca69e5fb215ee996395d8a21a1c67ac295be33c6517504e1f00f579f8c484873cc670b5b9e787b1c30ca1f0b25f8bb8f4bde3b3f4fa730c292cbf97b25068ba9c65f78c555d5f75d52a57958d7111e824f3afa16484f625abf62afc80654c36fd9f8284466422fb18e08274e8febc719d45b784974d50d187ad2349429af3f7930252a4d45997762e9d5f5493d408ca144532aa89aa3d43c46951dafb8f81794e2e9679ce238cfe86e112f4f046d87feec3be04461032819d62f217faa71fa9dc6da8861015567d1f7309090e25b7015dcc6d72a5e7ba53296ab1bc72467ac50831628cf5238155aed3fb189a8b527ebd38771e16454fe51e3edde55cea454414690491207c23f6cf33aaeeda432de2d1ede04e039a16245e66cce6f4e4ea534f290f02a2a81a46d6ffea7967dfbe37461f83d472091156594852823392efc953f4ac099d74e2d0328d9f47bd952352981a34055acd0273309484ab56afa85ff0c22fb53ac5d7cc8e346b4c2f38a4e2451738146b7b90c14f826c7dbc1b2be79d83772a8d629f2dfaf15286a15be1ea22a05d4ee3de6a6bfb7e208dbbcc88e77baac940d6438aeeb77c3a32db08b46e79545b65f7f3c1bd433092bc9116668c338ab35c01cb5871167868c6b61bd4c0ca5f96e5ce2465da06c4a320839f3bb7c0dffd40d5bb9a32fcbc6f691787de7211da062616272c77c62ac83e4cb29fb954ab27d9009877b79be54acd336bfe2a6e087abaab004743f5ea4ec8ddfb8086920e8e458a413adb98077a3cf860513cc8a453eb129556c871be7e7232a6130c4332819ad17b289fdb31f8f8854dffb4cfeca6d792567b444c750820a2a8a2e0f93779e61a4966650909369fc8bd5bd2bad4ff95cc8a14f6cd83ae6411b4bfe1a9b5cdf1fcf32c54cef1731edc47d41fa581376b25006fc859b98805d70a157e501a2cb2ab425340965213adfecdb5addb2b4b2ec5cc6935e4e279bb98283fb20dfcd8a2c91aefda9dc5a57bba4d8803d1eb0f4ba9529de01e39c2aa60a91267c31d036a3f669b9377661837f58c6950fdf38986ea13ff5e9c4d966bf999002da1a854d54aa225b259d91eb88425328e7d13b06dea321a151a8dfc44755214da97168e8acf027d66b7fff45ded94fcde53ff80342d4595644549c4ed827225596e2b30480e94eb049b6cd718fe8424d044bb5098e0206047ddb81755e3cb92131dd47ec754b64c4b78f663e364cf8a74cdd9857c81316dc4ccd5f02a84b310abfbc9d6a23ee6d1eaf6b8fc1544cfeb06002c8a40fb0e49859d2073a7b1cb112713518ad5e007d0a256f901469bfa5cae98841f877faeb584d41bfe695da72ca5700ae085f39c99f769502ea9f43c0b84ca4611441d5adb3e5d0a426297e535258748169cad487f97d171c0630642943508206ce648aad2971297f3d4037d73e5fbc73460ca7401b7dbd7807273ae077a81fd0d4bc90b6068e3ec95afcfeab16619306fb23942a4308e8264b35f4912df392dfc5daf35dd842a5a1f78fc294cbdbd504056f0c7779121b5b3db7461e437347452476f3b0bb22e63aa23cb9d3e797c6c95513058d8fb2c27864ac0e1f5001c988e29c79bfa4236c7be41dee5561d825c1f0fbebc0c06cc4712e88ad5efd94f4eb4e93794af42a9752a2ebc57dc2f3881c75bbb23ad25b696194e0bbcdce114ba291d2b5b4c1c175e1aa3ee3eda55e6126b3ad1e613bf8e0bbac727b879e7796fa0ad100893677a18b53f5eb31db43a97370d3749afa92fd0291fa96b05daa6beb43b9c1c11d9515976976d1cc1e44f35d317299ceb68ea2545f2a2b92b4e1046f6f92c33aae6995593189bb2611576599fd765b8e6fe2e88674ffd57ee8252287b1904d622c36a502db45c72b0d5fc3d983cc44bc955eb43911404667a4ab147d72b69ff2514dfb820ad75758e85df88499cea94ed658b4c1c2f49fe2bbb8d2dd97f844a6df289296cfb9cd5bc8d17aa235e2c4501b1422b25acd6dbc3a91d03904c545320524f9034955ab02f5d058097c37d23984baf808d28b3e12821eb8919a77c1b6a8bdeceecfcc487c39db592817dd378a7c5127b427e7279b2a82f6b8eec6b3fabe0947e353e7a386475b15011de93e2f2891f772ef90f4aba1ee1c4d7321c81ce4dcaa378daeabb93182c319494436dbe67d252a01291cacb59686ebd53c6df21c083e98fa299cf5e9b59f1ccea95c62b1437c8ff8754a6372b5b879ebc3241f6430871eafe35337d75cb68c42862846df4342ab434f7f0a7b9f66824e1e696e3dbecde179592774b7511e5a7a1a06ba601eb5f2a935c7cef0f83ecd412a84afdd05120fceb1afb6445ebfcdff8fffffffb75dddccc45afb4f5bb1308d39309c92c0b61a322d5229881fa5d598113cce54107036ca9f63fe863d257c706fe89d5c7ae59a459c6f15ba48d80da4aff541797b26418acddb987df3544bc4918cdbbdd8dd1bc2163c89635044e7b4da878457727a667c0146a12b4c46639497243259bfe4aa5ea50eb79f39fa9209256c9a685e3e39d6d8b6a9ca7d3554fbff0908ad6c6ecf68e506c20b16cd4a98e3ada9eb0cb3eb0b75b13b6d80bf99eddf2282da52cec085d3a725b71c29395d605e1eb26143290946a3a0d24347fa46145735dbf4eabc12150b8d5f7eeca804d7ed1fecd0132d1b94ebec65cbc07dfd4d54a5140567e77c646bd92666922c43aca8e482c59b970fa43087eb76d6715e4e8e5ebe54ca391383ef685b133534fcc1e5c5eb56f9d76a888506c4ac8d289c37039e0c4f927b0e11e85c5c7ec1cf4b19bebee6014cb89ee57f2ade8d166005e956d46a0c01f60b58299479e8a59a2e88f1a7ffd08b27d92fc2772b338959bd0a1c9cb95075c3cc17043c818345b29b76c0b8ed41c8c7259cc780c657cb9509daec1558453cfe061f54e08523a55d3223897559d51096b680802140800000000000000322e007c2af0c08867291dd732bfe4b24d1d5ae517a7f5903c369ac6b157d42eb6ca8c0d7b50fd533a56c814e7cf04db3012eebd53ec1b123d65ab1e462dc191749b005e88085505cc6d7de8eeee08def67bc1d1519d44b7a62dc07e491f328f786956d9200f00d78829e6af7c1a5835366201374b9487330920d4c57e2f7073292e173acc2424bb0d5e0e9448b4c02f9cfc99bc408110b6a3e9bc3799e4b178c2871069bc7d9ceba564378f02b2932c36f159478b5facd452b595a86d119216af9d860bd3997305320159a69a70fc62284141d23d2dc1e5394b271d99e5570450f1c55807e96c7cbe1b7c2e3e96f69fecf0f375e36e0d2acf319e37199e98486a8d145ce2d996c1909402744cce63664a75e480b197c345360321e830e5912d1d7bfe5a129a67fa98e6eda5268fa588047859daa11d087d0dbf0ccc7e120e3a5820cb4f5dc06748317e3f866518eb66e39dc8a68a7411b3403fc8eeab8283dee4d767e8e5842ed922e03ae5b3c9c494d5ebc61527ccd1222740fedd9e469ba6b30761cf387d654081c7e63182860e4548748058914a9cea01caf074fe6a78fafa2b45c516f9f20af9ac6773a400fa9661a872f6b55f0ed52a9be9e9c35502604b924f0eb628d6545da322e0713f9a5587e87e4b04fa495423b7c72093b764adfd1430a2e608b7af3d2bf80fef00e5b69abe386618274921ff57621bb99739de2e066ff17e95eba027f6a35170af3a69e93359a9643e155832d45c1aa9a8f71ad35504b99d3d0a1c11ae108664ea36f4dcded083aee17ac9efe7ee3fdf7b63c7c09bcef62caa88708510d45cea79d323083ddbfe7e5d3d9138f206a7af82ef1d26c85015c3e55a285a35d0052546493536b9061db27291a9292033753b7bddac63dac6f6271689240e43523c434a65e1d35299e386c953d0c92f21057e0b7883e049d20961e75069587eb3df6206496f76bbfd96635bb19837ba2ab193d79072ffb8829306b63697ff104a65031b8a38c24cca9ba23d5cdf753169a00fe2b2c3849f234a7029b657b3324c10d553e601aa97d17024f7bf5a99f96392f4a079a83daa27f4e3b512ee8536e764ce4dc36fd0874dfa502a693e55bd9f116202c5e906703e2c43d84448598b7af78aa60a205c152841e75e23436738ccaa6bbcef87e6a237d86d1a5e38e56c162cd6d61a4fb8b410b1643ad557a22348edfa82c23db11c9abdd8141fce263a66537512e93a930a4801ad862a902c7c1e00eb7c7466b1351318b7196c2a9016c55a05e104e124bdb568132f9397e31b10d04e5284bd029ea2f6a3ed11854e09b5871d6a725c21a9ef5d7e729a90a8206d5f61e6e42e47dda3e31b9134d47872a0dd7a576b665ec6ceaa5fd7d85ed7feede9ac9fc23e40241c0318077edda75b62eb271e28fb3705f7b4950c14b721a3a74a7a4e4de02cef5de76a1602b906016c0892ef37db51b0a1dd53f28b3d896f20abbad1ad0e0220960423267fc6e1779d1150fd584dd184bb43278d2d68ff21ac0daeef5408348cb80f4a9e0e606f6048bbaa517289451f084fffb63c5d904788cfc310b5495528a58f4650dafc4e4675b99d35ebab710ac6fefcee6c51a2835510fb6d2dbd8f97c3e53fb7a23c3f3c0283eb2271504581b9c1fa31e35c117e56a5d668a9c57df3b4e1129ca019a8b877fa4a22768dfbdd9d2154e17f4a7755b065090d88982471bfb242d89af5c6782693a6ab1b1be74dfa5655ac3b5ef4ace8dc595803cf4025bdf5c0e9fbe7a12a3a313311809591da08a2cc6cd8480dc960e1f79fa208440a0e589be5756c36d5830a51c4bdc39c2a85c0431bae3a7331b2ffdf23623693d343a7938a8a8a4dd4d523c6450a705bccbb38427f06f4f84a18adf303c0ddecf4ce2b6cdde4e09a4c31816195f0fe9f05fcdc0609f8a75ad2f23d5c24faaf346c13ec0512a5c29477ac561c878085d1a323f6bab08e2fb9ee57d7bb621ef21caf3609d74036c6dc1d7be0b6058d89dcb8d9aa4462fa0a740be66e3fdaa957f27c5a26dc586ac8c927ab2d7cf1b761798ea4191be8f4423cf1a6727d0c5f27a9969a753573afa584dea82678f3471ba36d726c396d68c671e579120f1a11cd50fa66b26fc2d6cb74ba07edbd5d3a288cf58ed1255381df02b2fb8983b7cf833433d1ab8fdef12651c3507e4b69fbc4b234678cca36761e8da434e5f036f204a1400da15277ef27ac140e2d574b89c0fd617da27e6ce862883bbe81c288834b9477d0d440c15dad505b363fcc1cfef8e2e3a96438809505844196acd0af751dedfced67f209c2ffa9c6da842c93ff4b5fd54a67df904f2f31b4236728c99582a667a8461d397770a657ffa7d514b0f076d7f35e9704a836e7882a2acf0a0ec2158ac7234953c3696abdc791c0b163ee76fbcc5adc18b6fa0f51f76f3d313a0d891f1deb69f6e44289b1aa43a768b8d13270959763a2c45129daeea493a5b0d7b36753b223dca9a8037368653400", 0x2000, &(0x7f0000000700)={&(0x7f00000002c0)={0x50, 0xffffffffffffff8c, 0x0, {0x7, 0x28, 0x7, 0x180002, 0x81, 0x0, 0x0, 0xfffffffc}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
umount2(&(0x7f0000002b80)='./file0\x00', 0x3)
ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000800)={{0x1, 0x1, 0x18, <r4=>r1}, './file0\x00'})
ioctl$SIOCGETNODEID(r4, 0x89e1, &(0x7f0000000840)={0x4})
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r7, 0x29, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB='\f\x00\x00\x00\x00\x00\x00\x00'], 0x8)
r8 = openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0), 0x200601, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f00000007c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000006c0)={&(0x7f0000002900)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWTABLE={0x58, 0x0, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0xa}, [@NFTA_TABLE_USERDATA={0x18, 0x6, "d31c15545edb99bac889c147bf0f738f7dba0efb"}, @NFTA_TABLE_USERDATA={0x2c, 0x6, "b8ba8c245765eb093d327fe203d485f1bf5bde92e2ac8177e031fef4288160a79769107b4aa6bb5b"}]}, @NFT_MSG_NEWSET={0x114, 0x9, 0xa, 0x301, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x3}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x31}, @NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x8}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x3}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x6}, @NFTA_SET_EXPRESSIONS={0xac, 0x12, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @fib={{0x8}, @void}}, {0x38, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_OSF_FLAGS={0x8}, @NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x10, 0x1, 0x0, 0x1, @inner={{0xa}, @void}}, {0x14, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x4}}}, {0x40, 0x1, 0x0, 0x1, @fwd={{0x8}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_FWD_SREG_ADDR={0x8, 0x2, 0x1, 0x0, 0x15}, @NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_FWD_SREG_ADDR={0x8, 0x2, 0x1, 0x0, 0x9}]}}}]}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x3}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x160}]}, @NFT_MSG_DELCHAIN={0x44, 0x5, 0xa, 0x401, 0x0, 0x0, {0x3, 0x0, 0x7}, [@NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_COUNTERS={0x1c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x9}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x6}]}, @NFTA_CHAIN_TYPE={0xa, 0x7, 'route\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x1d8}, 0x1, 0x0, 0x0, 0x48840}, 0x14)
connect$inet6(r7, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x28}, 0x1c)
connect$pppl2tp(r6, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r7, 0x4, 0x0, 0x2, 0x0, {0xa, 0x4e21, 0x8000, @empty}}}, 0x32)
writev(r6, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r5, 0x28, 0x2, 0x0, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYRESHEX=r5, @ANYRESOCT=r5], &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x3c01}}]})
syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x8, 0x4b8, 0x202, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x47, 0xe0, 0x5, [{{0x9, 0x4, 0x0, 0x3, 0x1, 0x7, 0x1, 0x1, 0x2, "", {{{0x9, 0x5, 0x1, 0x2, 0x3ff, 0xfc, 0xf, 0x4}}, [{{0x9, 0x5, 0x82, 0x2, 0x10, 0xe, 0x5e, 0x4}}]}}}]}}]}}, &(0x7f0000000140)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x201, 0x9, 0x21, 0x0, 0x8, 0x5c}, 0x1d, &(0x7f0000000080)={0x5, 0xf, 0x1d, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0x16, 0x1, 0x8, 0xf}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x6, 0x2, 0x93, 0x7}, @ext_cap={0x7, 0x10, 0x2, 0xa, 0x8, 0x3, 0x8}]}, 0x3, [{0xfc, &(0x7f00000001c0)=@string={0xfc, 0x3, "d2202436924377c75cd1a7f705a3ce4ad8dcf671046fff1c72c5b36e06f619b04c049c3ba659805af1967f491ca303af36257defa76d2caf2444ea5df724fc124d8da9c763dd2276b0354bc9f1583f79309517e7bb5c06dea5d9ee246be79d2d51392a565a34c16dbce899fec705e9dcba155c726295cc3e2636bf4daa7c39d10c36bc23010720ed829a484245323bae216cbeb9b442fe019325c2e5e6c5ee8d4f8d5cec97536d3107f963c1a8d10622aff51832c795b615430c1639393867101a79ef71b003ac24dfac50c0768a3208a728743b3af3081a1c5d076957a2d6c3840358f82b6177dbde855d3a747593a9fec33f5b46183d17da2a"}}, {0x4, &(0x7f00000000c0)=@lang_id={0x4, 0x3, 0x843}}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x40d}}]})

4.880122108s ago: executing program 2 (id=3892):
openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000340)={0x1d, r4, 0x0, {0x1, 0xf0, 0x4}, 0xfe}, 0x18)
sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000540)="81b641f1", 0x4}], 0x1}, 0x4048081)
setsockopt$SO_J1939_FILTER(r3, 0x6b, 0x1, &(0x7f0000000180)=[{0x2, 0x1, {0x0, 0x0, 0x3}, {0x0, 0x0, 0x4}, 0x2, 0x99f499b4b67a323b}, {0x3, 0x3, {0x2, 0xff}, {0x0, 0x0, 0x3}, 0xfe, 0x2}], 0x40)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x4206, r5)
waitid(0x1, r5, 0x0, 0x8000000a, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x74, r4, {0xfff3, 0x10}, {0xfff1, 0x9}, {0x2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x48040}, 0x20000050)
r6 = syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
ioctl$BTRFS_IOC_SET_FEATURES(r6, 0x40309439, 0x0)
write$binfmt_misc(r7, &(0x7f0000000000)="180c4552", 0x4)
write$binfmt_misc(r7, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000000400)={r7, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x800000000000208, 0x0, 0x0, 0x2, 0xc, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100000000020000ffffffffff000000ffffab5600", "2809e8dbe108598948224ad54afac11d875397bd3c5240f45f819e01177d2d458dd4992861ac00", "90be8b1c55080000000c547d03d8a0f4bd00", [0x0, 0x6]}})
shmget$private(0x0, 0x1000, 0x40, &(0x7f0000ffc000/0x1000)=nil)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000c80)={'syz1\x00', {0x4, 0x6e2f, 0x11f9, 0xfff8}, 0x4c, [0x8, 0x8, 0xfffffff7, 0x7f, 0x5, 0x9, 0x7fffffff, 0x0, 0x46, 0x838, 0xffffff0c, 0x3, 0x101, 0x9, 0x2, 0x4, 0x3, 0x4, 0x7ff, 0x2, 0x0, 0x800, 0x6, 0x6, 0x5, 0x10001, 0x7, 0x4, 0x77, 0x8000, 0x7, 0xd, 0x401, 0x7, 0x8, 0xc68b, 0x200, 0xff, 0x1, 0x0, 0x7fffffff, 0x0, 0x59e6, 0x101, 0x2, 0xdb, 0x1, 0xe, 0x9, 0xf, 0x4, 0x1, 0xffffffff, 0x800, 0x7f, 0x9, 0x6, 0x23c2, 0x0, 0xc10d, 0x7, 0x8, 0x2, 0x3], [0x2, 0xc, 0xff, 0x7, 0xa, 0x9, 0x1000, 0x100, 0x3, 0x6, 0x8009, 0x2, 0x4, 0x7, 0x2c85, 0xf77, 0x60, 0xb, 0x1, 0x8, 0x71e4, 0x1, 0x10000, 0x3, 0x9f3, 0x800, 0x0, 0xe842, 0xff6, 0xca, 0x9, 0x7, 0x7, 0x6, 0xa, 0x6, 0xc7, 0x2ff, 0xf, 0x1, 0x550, 0x2, 0x3, 0xb, 0x80000001, 0x0, 0x3d, 0x13d, 0x101, 0x9, 0x10001, 0x9f, 0xe2d9, 0x783, 0x5, 0x0, 0x4, 0x8, 0x3460, 0xffff, 0x8a42, 0x4000, 0x100, 0x1], [0x62e2adfb, 0x9f57, 0x4, 0x3, 0x9e, 0x8, 0x1, 0xfffffff7, 0x1, 0x2, 0x4, 0x4, 0x6, 0x4800000, 0x0, 0x9, 0x7, 0x9, 0x5, 0x5, 0x80000001, 0x7, 0xffff8000, 0x8, 0x3, 0x6, 0x10001, 0xfff, 0x0, 0x8, 0xffff2f9e, 0x9, 0x6, 0x3, 0x8, 0x3ff, 0x3, 0x5, 0x3, 0x690bd85f, 0x7, 0x3, 0x9, 0x200, 0xb3, 0xcf, 0x2, 0x6, 0x0, 0x7fff, 0xc8, 0x8, 0x2, 0x5, 0x100, 0x7ff, 0x2, 0x5, 0x6, 0x4, 0x5, 0xa0, 0x1, 0x7825], [0x3, 0x0, 0x4, 0x6, 0x2, 0xf, 0x5, 0xfffffffd, 0x10001, 0x2, 0x2, 0x2, 0x2, 0x7, 0x7fffffff, 0x3, 0x2, 0x7, 0x9, 0x5, 0x5, 0x2, 0xffffff7f, 0x0, 0x1, 0x5, 0x8, 0xc6d9, 0x631, 0x3ff, 0x4, 0x1, 0x4, 0x5, 0xe, 0xffff, 0x2, 0x7ff, 0x6, 0x10, 0x6, 0x1, 0x6, 0x80000000, 0x3, 0x3, 0x10000, 0x9, 0x2, 0x2, 0x6, 0x2004, 0x3, 0x2, 0x8001, 0x0, 0x5, 0xb9, 0x101, 0x400, 0x22, 0x2, 0x75, 0x9]}, 0x45c)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)

4.869056424s ago: executing program 1 (id=3893):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x4800, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, 0x0)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000080)=0x10000)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
socket$inet6(0xa, 0x3, 0x5)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000000000000ff00000b0082f001000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000200), 0x2, r5}, 0x38)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000200), 0x1, r5}, 0x38)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00')
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r9, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=ANY=[@ANYBLOB="020300092000000000000000000000000400030000000000000000000000000000000000000000000000000000000000050006003c0000000a0000000000fffffc010000000000000000000040000000000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000ff01000000000000000000000000000100000000000000000200130003000000000000000000000007001900000000000a004e2100000006fc0200000000000000000000000000010080000002004e24e0000001000000000000000000000000010016004e240000"], 0x100}}, 0x0)
getdents(r8, &(0x7f0000000380)=""/200, 0x1d)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00'})
sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, 0x0}, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x541b, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x4a243)

4.727138228s ago: executing program 7 (id=3894):
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0xfffffff5)
syz_usb_connect(0x0, 0x81, 0x0, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r4, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0xb, 0x0, 0x2}, 0x1c)

3.921743116s ago: executing program 6 (id=3895):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) (async)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x7cb641, 0x0)
close(r3)
r4 = socket$netlink(0x10, 0x3, 0x0) (async)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0}) (async)
timer_create(0x2, 0x0, &(0x7f00000003c0)=<r7=>0x0)
timer_settime(r7, 0x0, &(0x7f0000000080)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) (async)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
timer_gettime(r7, 0x0)
rt_sigaction(0xe, &(0x7f00000000c0)={&(0x7f0000000040)="f30f1efc66450f2832c482adbcaf07000000c4e1fd5aa13c9c43713ef2400f1ed3c4c2e93be7f2262e669f8f88a4a2e100430f12957b280000653ed9fa", 0x8000000, 0x0, {[0x8000]}}, 0x0, 0x8, &(0x7f0000000200)) (async)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, r6, {0x1, 0xd}, {0x7}, {0x10, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x40085}, 0x40000)
recvmmsg(r9, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000040)=""/55, 0x37}, {&(0x7f0000000540)=""/180, 0xb4}, {&(0x7f0000001ac0)=""/4088, 0xff8}, {&(0x7f0000000940)=""/74, 0x4a}], 0x4}, 0x5d}], 0x1, 0x10022, 0x0) (async)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0xff, 0x5543, 0x3, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x2, 0xa0, 0x1b, [{{0x9, 0x4, 0x0, 0xc, 0x1, 0x3, 0x1, 0x1, 0x7, {0x9, 0x21, 0x8, 0x1, 0x1, {0x22, 0xd3a}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0xb, 0x5a, 0xb}}}}}]}}]}}, &(0x7f00000002c0)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x310, 0xff, 0x8, 0xd, 0x10, 0x3}, 0x2a, &(0x7f0000000300)=ANY=[@ANYBLOB="050f2a000507100202c979f503100b0710020863060058dbfbba88e9eb051c69b60a10030202006a05ff030a1003021b0103070700"], 0x3, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x413}}, {0xd7, &(0x7f0000000180)=@string={0xd7, 0x3, "2271f5410a0ec165c30bb5ba2b51ceca2706c05b0e1351f881be9a239a9ee90cf5d00fab41a13ef9c2ce45b35bfcdd2216f19778b91fdc60d053c5026aa9c5402020e7b28ed5d2b7405f27fd811026617332cf1cb75bdc752d9b14cc7fa7319ad41a57f4a4086b86710b19a282c05314c3211031fd80138eef7554e0eab29b89abeb7706d5a1c4bacbe9169b38706c623f5f9df79220c67365b9b2a8c4be4f301d637f4518748e87413e11811fdec39bfea3a908db2380f9fd8f5d51a9eedb3cf1be7818aa13c3050bd4fd6e20ae8622f6ad724e43"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x426}}]}) (async)
close(r4) (async)
syz_usb_control_io(r0, 0x0, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r11 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r10, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, r11, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x8}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x3}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x80) (async)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) (async)
syz_usb_control_io$printer(r0, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000000)={0x44, &(0x7f0000000700)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

3.00599018s ago: executing program 2 (id=3896):
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00'})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x43, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000000c0)=@x86={0x60, 0x4, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x1, 0x0, 0x0, 0x8, 0x0, 0xff, 0xff, 0x0, '\x00', 0x0, 0x1})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x2, 0x0, @ioapic={0x8000000, 0x9, 0x10001, 0xfffffffe, 0x0, [{0x2, 0x4, 0x87, '\x00', 0x8}, {0x9, 0x8, 0x2, '\x00', 0xb}, {0xff, 0x7f, 0xd3, '\x00', 0x67}, {0x0, 0x5, 0xf5, '\x00', 0xf}, {0x7, 0x9, 0xc, '\x00', 0xfb}, {0x0, 0x4, 0x54, '\x00', 0xff}, {0x71, 0xd5, 0xf1, '\x00', 0x7f}, {0x3, 0x4, 0xc}, {0x7f, 0x5, 0xb, '\x00', 0x8}, {0xd7, 0xd, 0x8, '\x00', 0x6}, {0x0, 0x28, 0x80, '\x00', 0xdc}, {0xff, 0x1, 0xfe, '\x00', 0x1}, {0xfe, 0x7, 0x26}, {0xcf, 0x3, 0x1, '\x00', 0x6}, {0xf, 0xee, 0x7, '\x00', 0x3}, {0x39, 0x2, 0x6, '\x00', 0xb}, {0x9, 0x6, 0x2, '\x00', 0x8}, {0x5, 0xc, 0x5, '\x00', 0xc}, {0x7, 0x1, 0x7, '\x00', 0xc2}, {0x0, 0x80, 0xe, '\x00', 0x7f}, {0x1, 0xc, 0x80, '\x00', 0x7f}, {0x10, 0x6, 0x3, '\x00', 0x10}, {0x1, 0x23, 0xf3, '\x00', 0x4}, {0x7, 0x6, 0x4}]}})

2.381261242s ago: executing program 2 (id=3897):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, 0x0, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, 0x0, 0x0, <r1=>0xffffffffffffffff, 0x1})
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x101400, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(r2, 0x3ba0, &(0x7f0000000200)={0x48, 0x8, r1, 0x0, 0x4, 0x21d251, 0x3, &(0x7f00000002c0)="7be35a", 0x10005})

2.055838132s ago: executing program 2 (id=3898):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007292bd404020305582a80000000109021b0001000000000904000001df7fa9000905", @ANYBLOB="868f54"], 0x0)
r0 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ipvlan0\x00', <r1=>0x0})
syz_usb_connect(0x6, 0x4bc, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000845dcf0886124620b705010203010902aa04010003f00109047a0008ff04010009050100100000ff0909050a1000020101070905080e0800030180c71004f2a7471c03c0f3f4ca2fea06ed21c2893b526ca2ae4c6320285e61c7047008590b991f436e3dcb5e0a1e180c381883c8206e6823e6d13fb81f0050a160ee9c434d7599cdd5f1ebcb129c56aadf40ff9bd4e08e2e2701d1a2325e6eecf743f153034002ed1ce648aa24f2420f7b00c7b1e15245f9fd34231e7349ca6e3d5d096a7fde77e474be9a5fa5e69845a9474d4c35559576f4b2f6f38feb66df28fe237e3c05936389a7fd1b7f94c6166a50b5957cba11c6de922bf99efc5f9fb10dd55721f362d7a05dd1802888b38b87c9ee4af756a664452ebf8f33878a667fa70cd73e11f24ab5bc75b40399afd783816f9447829638089e3508af95b7518d3369f3e264ae5e1e37dfd396b24f3c1d8654dfc3bd03c9109a2c01c382233fe4a536bc434780ae1a3a8a450aa1e8b7e48b490fcaf7d95fd259f7fa80a98b86a310f6d183650ffbdf9b83111d568afa3f988d5433f48409ba6c29d1781393b73e2ecf4fe109d9dff94bf88e30b1171af709058802ff0304050dad31acefaed5b641901b1c4d7b5176e5cc2f8d203332b1100f032e3fc80240633efa3ac939d0c1d872abca10e570ce483c22e630fa116c3166d89fa7da46df77c25176b877e1457f009ce68ef7958f1171eaeaf497acde2252e0282e17f95f311b20ea6c4e4b4d23cc24f51c5c9916e7565464a44f0ad85053b6280b80d6b3d6a122fac3f5901d079843f43494874faf5cc03665fc5358892cc520165b2fc3f9ccc1f9896c9d563b778736917409058004000204090a072501010380000725010102100009050f", @ANYRESHEX=r1, @ANYRES8=r0, @ANYRESDEC=r0, @ANYRES64=r0, @ANYRES64=r0], 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007292bd404020305582a80000000109021b0001000000000904000001df7fa9000905", @ANYBLOB="868f54"], 0x0) (async)
socket$igmp(0x2, 0x3, 0x2) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ipvlan0\x00'}) (async)
syz_usb_connect(0x6, 0x4bc, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000845dcf0886124620b705010203010902aa04010003f00109047a0008ff04010009050100100000ff0909050a1000020101070905080e0800030180c71004f2a7471c03c0f3f4ca2fea06ed21c2893b526ca2ae4c6320285e61c7047008590b991f436e3dcb5e0a1e180c381883c8206e6823e6d13fb81f0050a160ee9c434d7599cdd5f1ebcb129c56aadf40ff9bd4e08e2e2701d1a2325e6eecf743f153034002ed1ce648aa24f2420f7b00c7b1e15245f9fd34231e7349ca6e3d5d096a7fde77e474be9a5fa5e69845a9474d4c35559576f4b2f6f38feb66df28fe237e3c05936389a7fd1b7f94c6166a50b5957cba11c6de922bf99efc5f9fb10dd55721f362d7a05dd1802888b38b87c9ee4af756a664452ebf8f33878a667fa70cd73e11f24ab5bc75b40399afd783816f9447829638089e3508af95b7518d3369f3e264ae5e1e37dfd396b24f3c1d8654dfc3bd03c9109a2c01c382233fe4a536bc434780ae1a3a8a450aa1e8b7e48b490fcaf7d95fd259f7fa80a98b86a310f6d183650ffbdf9b83111d568afa3f988d5433f48409ba6c29d1781393b73e2ecf4fe109d9dff94bf88e30b1171af709058802ff0304050dad31acefaed5b641901b1c4d7b5176e5cc2f8d203332b1100f032e3fc80240633efa3ac939d0c1d872abca10e570ce483c22e630fa116c3166d89fa7da46df77c25176b877e1457f009ce68ef7958f1171eaeaf497acde2252e0282e17f95f311b20ea6c4e4b4d23cc24f51c5c9916e7565464a44f0ad85053b6280b80d6b3d6a122fac3f5901d079843f43494874faf5cc03665fc5358892cc520165b2fc3f9ccc1f9896c9d563b778736917409058004000204090a072501010380000725010102100009050f", @ANYRESHEX=r1, @ANYRES8=r0, @ANYRESDEC=r0, @ANYRES64=r0, @ANYRES64=r0], 0x0) (async)

1.654729955s ago: executing program 3 (id=3899):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2800000000"], 0x7c}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2180, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x2, 0x0, @ioapic={0x0, 0x9, 0x0, 0xfffffffe, 0x0, [{0x2, 0x4, 0x87, '\x00', 0x8}, {0x9, 0x8, 0x2, '\x00', 0xb}, {0xff, 0x7f, 0xd3, '\x00', 0x67}, {0x0, 0x5, 0xf5, '\x00', 0xf}, {0x7, 0x9, 0x8, '\x00', 0x2}, {0x0, 0x4, 0x54, '\x00', 0xff}, {0x74, 0xd4, 0xf1, '\x00', 0x7f}, {0x3, 0x5, 0xc}, {0x7f, 0x5, 0xb, '\x00', 0x8}, {0xd7, 0xe, 0x8, '\x00', 0x6}, {0x0, 0x28, 0x80, '\x00', 0xdc}, {0xff, 0x1, 0xfe, '\x00', 0x1}, {0xfc, 0x7, 0x26}, {0xcf, 0x5, 0x8, '\x00', 0x6}, {0xf, 0xee, 0x7, '\x00', 0x3}, {0x3a, 0x2, 0x6, '\x00', 0xb}, {0x9, 0x6, 0x2, '\x00', 0x1}, {0x4, 0x4c, 0x5, '\x00', 0xc}, {0x7, 0x1, 0x7, '\x00', 0xc2}, {0x0, 0x80, 0xe, '\x00', 0x2}, {0x1, 0xc, 0x80, '\x00', 0x7f}, {0x10, 0x6, 0x12, '\x00', 0x10}, {0x1, 0x3, 0xf5, '\x00', 0x4}, {0x7, 0x6, 0x4}]}})

1.654368499s ago: executing program 1 (id=3900):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0xfffffffe}, 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1, 0x4, 0x404, 0x9}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=@base={0xd, 0x3, 0x4, 0x7, 0x1, r0, 0x15b4}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r1}, &(0x7f0000000840), &(0x7f0000000880)=r0}, 0x20)
close(r0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYBLOB="4400000010000304fdffffff0000000000000400", @ANYRES32=0x0, @ANYBLOB="00a30000000000001c0012800b0001006d616373656300000c00028005000a000000000008000500", @ANYRES32=r3], 0x44}, 0x1, 0x0, 0x0, 0x24008000}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1, 0x17, &(0x7f0000000000)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', r3, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xffffffffffffffdd)

1.132026249s ago: executing program 2 (id=3901):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000980)={0x802}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c00001f520001008f193703000000000a00010008000200", @ANYRES32, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000004a80)={0x34, r2, 0x105, 0x70bd25, 0x25dfdbfb, {0x1c}, [@ETHTOOL_A_LINKMODES_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x40006)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = fsopen(&(0x7f0000000080)='ext3\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000280)='auto_da_alloc', &(0x7f0000000780)='0\xa4\xfa\x1aa\xcc\xbc\xedI\xe7\x0eb\xce.3\xdf\x12Y\xca&\x03F&j\x14$\xe5m\xc3\xc0\xae\xcb\xf9\xc4K\xab\xc3\xb6Ki_Vz\xff\a\x87e\xcc\xb5-\xcd\xee\xc6\xcd\xc8\xc8\x19LQ\xe8\xe9\x93\x8a\xfd^\xe6\xc7\xfd\xa9\xf9\n7\xd0\xa2\xdeF\x104O\xa3n\r\xe6\xf6\xe9\x01\xff3\xc8T\xb5\xb9C~\xb8\'p\xb1\xb3\xb1\xa4\x16\x0e\xc6\xb7\xacK\x7f\xe9A\xcd\xa9s\x8b\xa1\xcf\xec\xab\xbf\x94\xde\x12\xc4\xe0\xdb\x11k\xedIwO\xa2\x1a\xd0\x9a\rH%\x95A\xbcs\x9f\xba9)F\xbca}\xc3\xd0x]\xae\xa2\xd8\xc4\xee[\xf1S\x80Hm\x1e\xf7\x8f\n\xaeco?d\nJ\xeb\xb5P\xa3uX\x83\xae\xcf9\xc5\xbf`\xae)\xc2v\x02\xda\xca(]\xb7#\xddB%^\xcb\x17L\xa0\xefM\xbb\x13\xb8fe\x9e$!\xacl\x19\xd5\x9c\xc4\xa3\xe9\x8f\x1d{\xb8B\x10\xff&\xa4\x87q@\xb9\xc5\x96^\xc2\xbaLm\xae\xe3\x1cb\xe5%S:_\x02\t\x9al\b\xb6\xf1T{a\x98\xee\xe0\x03\xeb\xcf\xea\xa9F\xc7um\x89E0o}\xa03\xb5\x89\\\xa5Ur+\x0f\xdcd\x0e\x9e7\xf1d\x9fw\x93B', 0x0)
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r8 = syz_open_dev$radio(&(0x7f0000002100), 0x2, 0x2)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$VIDIOC_S_FREQUENCY(r8, 0x402c5639, &(0x7f0000002280)={0x10000, 0x1, 0x43})
socket$inet6_sctp(0xa, 0x801, 0x84)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-aes-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc36e961ed00fe41b0cd695", 0x20)
r10 = accept4$alg(r9, 0x0, 0x0, 0x0)
sendmmsg$alg(r10, &(0x7f0000000180)=[{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000100)="a92e81d0991808e33c2323df00000000", 0x10}, {&(0x7f00000000c0)="200d354ec1cb1eea", 0x8}], 0x2, 0x0, 0x0, 0x880}], 0x1, 0x20084005)
recvmmsg(r10, &(0x7f0000000980)=[{{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000200)=""/23, 0x17}], 0x1}, 0x10000}], 0x1, 0x102, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)}, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
socket$kcm(0x29, 0x5, 0x0)
setregid(0x0, 0xffffffffffffffff)

1.007980628s ago: executing program 7 (id=3902):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030003110000002cbd7000fcdbdd2503000900800000001cdc0dca1d9f68846960e56de42944af05000600002000000a00000000000000000000000000000000000000000000010200000000000000020001000000000000000718"], 0x88}, 0x1, 0x7}, 0x0)

859.518174ms ago: executing program 7 (id=3903):
pipe(&(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
r2 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000001000"], 0x3}}, 0x0)
splice(r0, 0x0, r2, 0x0, 0x10d00, 0xf)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r3, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0xfe, "0062ba7d82000000160000000000f738096304"})
r4 = syz_open_pts(r3, 0x900)
r5 = dup3(r4, r3, 0x80000)
read(r4, &(0x7f00000001c0)=""/262, 0x106)
read$watch_queue(r5, 0x0, 0x0)

668.900272ms ago: executing program 3 (id=3904):
r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x1a1300)
read$FUSE(r0, 0x0, 0x0)

545.530926ms ago: executing program 3 (id=3905):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8042, 0x0)
write$P9_RSTATu(r0, &(0x7f0000000840)=ANY=[@ANYBLOB="340200000200000005f300ffff02e8000020fdffffff020004000000000000000000030000000000000001000000000000001b00046e6f6465767b65766f6f7e05"], 0x234) (fail_nth: 42)

30.886848ms ago: executing program 2 (id=3906):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000080), 0x2, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix_mp={0x6, 0x3, 0x34325241, 0x6, 0x4, [{0x3, 0x10}, {0x180000, 0x4}, {0x9, 0x101}, {0x7ffffffe, 0x7d}, {0x4, 0x8}, {0xfff, 0x5414}, {0x3ff, 0x800}, {0x40000003, 0x4}], 0x9, 0x7, 0x4, 0x1, 0x5}})
ioctl$sock_ifreq(0xffffffffffffffff, 0x8924, &(0x7f0000000140)={'dvmrp1\x00', @ifru_hwaddr=@link_local})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wlan0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x5}, 0x0)
r2 = add_key$user(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x0}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
r3 = add_key(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f00000002c0)='4', 0xba, 0xfffffffffffffffe)
r4 = add_key$user(&(0x7f0000000540), &(0x7f0000000380)={'syz', 0x2}, &(0x7f0000000580)="ed", 0x1, 0xffffffffffffffff)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r4, r2, r3}, 0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={'blake2b-256\x00'}})
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r6=>0x0})
connect$can_bcm(r5, &(0x7f0000000140)={0x1d, r6}, 0x10)
sendmsg$can_bcm(r5, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000080)={0x5, 0x830, 0x0, {0x77359400}, {}, {0x0, 0x0, 0x1}, 0x1, @canfd={{}, 0x2b, 0x0, 0x0, 0x0, "f33d8e7b847ec8b36f1107e036dd98fc469107485e371bcf5c6b77db54f3d984795c49eca9b92241dc9fc39f976ad52e581942d9fc2178681e6866aa6ef10d06"}}, 0x80}, 0x1, 0x0, 0x0, 0x40084}, 0x20000000)
clock_gettime(0x0, &(0x7f0000000340))
sendmsg$can_bcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000005c0)={0x5, 0x8, 0x9, {0x0, 0xea60}, {}, {0x2, 0x0, 0x1}, 0x1, @canfd={{0x2, 0x0, 0x0, 0x1}, 0x33, 0x1, 0x0, 0x0, "81937a7a1594c26daee342c62dd51d690172e3ee8885d23c8b36a811d9383d26b3945110587f1129ed34c7da17b9a156f9f850a2e60886e340676c1056a49677"}}, 0x80}, 0x1, 0x0, 0x0, 0x1}, 0x4004844)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000180)={'vxcan0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x100003, {0x0, 0x0, 0x0, r8, {0xb, 0xfff3}, {0x3, 0xfff9}, {0xd}}}, 0x24}}, 0x0)

0s ago: executing program 3 (id=3907):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8042, 0x0)
write$P9_RSTATu(r0, &(0x7f0000000840)=ANY=[@ANYBLOB="340200000200000002f300ffff02e8000020fdffffff020004000000000000000000030000000000000001000000000000001b00046e6f6465767b65766f6f7e05"], 0x234)

kernel console output (not intermixed with test programs):

eftover after parsing attributes in process `syz.1.3388'.
[ 1069.310075][T20691] openvswitch: netlink: Flow key attr not present in new flow.
[ 1069.405186][ T5834] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1069.414822][ T5834] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1069.422948][ T5834] usb 4-1: Product: syz
[ 1069.428234][ T5834] usb 4-1: Manufacturer: syz
[ 1069.435731][ T5834] usb 4-1: SerialNumber: syz
[ 1069.733621][ T5834] usb 4-1: 0:2 : does not exist
[ 1069.743445][ T5834] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[ 1069.799446][ T5834] usb 4-1: USB disconnect, device number 8
[ 1069.850726][ T6456] udevd[6456]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1070.736561][T10700] usb 7-1: new high-speed USB device number 100 using dummy_hcd
[ 1070.844866][T20698] bond3: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-tlb(5)
[ 1070.896032][T20698] bond3 (unregistering): Released all slaves
[ 1070.906892][T10700] usb 7-1: Using ep0 maxpacket: 8
[ 1070.931065][T10700] usb 7-1: config index 0 descriptor too short (expected 30, got 18)
[ 1070.963933][T10700] usb 7-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[ 1070.974107][T20706] veth4: entered promiscuous mode
[ 1070.983533][T20706] veth4: entered allmulticast mode
[ 1070.989621][T10700] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1071.009580][T10700] usb 7-1: Product: syz
[ 1071.024103][T10700] usb 7-1: Manufacturer: syz
[ 1071.029275][T10700] usb 7-1: SerialNumber: syz
[ 1071.045401][T10700] usb 7-1: config 0 descriptor??
[ 1071.109863][T20715] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1071.119452][T20715] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1071.166004][T10700] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[ 1071.174354][T10700] usb 7-1: setting power ON
[ 1071.179623][T10700] dvb-usb: bulk message failed: -22 (2/0)
[ 1071.194516][T10700] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1071.210502][T10700] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[ 1071.224717][T10700] usb 7-1: media controller created
[ 1071.291168][T10700] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1071.351683][T10700] usb 7-1: selecting invalid altsetting 6
[ 1071.369902][T20696] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1071.384815][T10700] usb 7-1: digital interface selection failed (-22)
[ 1071.400807][T10700] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[ 1071.411292][T20696] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1071.423798][T10700] usb 7-1: setting power OFF
[ 1071.431467][T10700] dvb-usb: bulk message failed: -22 (2/0)
[ 1071.450854][T20696] dvb-usb: bulk message failed: -22 (3/0)
[ 1071.465795][T10700] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[ 1071.476123][T10700] (NULL device *): no alternate interface
[ 1071.699175][T10700] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[ 1071.942015][T10700] usb 7-1: USB disconnect, device number 100
[ 1072.403865][T20736] bond9: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[ 1072.597941][T20736] bond9 (unregistering): Released all slaves
[ 1072.875366][T20751] fuse: Bad value for 'fd'
[ 1074.179708][T20774] netlink: 'syz.6.3413': attribute type 1 has an invalid length.
[ 1074.241793][T20774] 8021q: adding VLAN 0 to HW filter on device bond9
[ 1074.380431][T20778] bond9: (slave veth1): Enslaving as an active interface with a down link
[ 1074.478939][T20774] bond9: entered allmulticast mode
[ 1074.686096][T20783] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[ 1074.693857][T20783] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1075.011962][T20793] misc userio: The device must be registered before sending interrupts
[ 1075.026949][T20793] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1075.045739][T20793] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1075.071372][T20793] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3417'.
[ 1075.728711][T20804] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3418'.
[ 1075.740241][T20804] loop3: detected capacity change from 0 to 7
[ 1075.776200][T20804] Dev loop3: unable to read RDB block 7
[ 1075.832569][T20804]  loop3: unable to read partition table
[ 1075.838915][T20804] loop3: partition table beyond EOD, truncated
[ 1075.855815][T20804] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1075.963978][   T30] kauditd_printk_skb: 34 callbacks suppressed
[ 1075.964000][   T30] audit: type=1326 audit(1762866504.982:1315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20807 comm="syz.7.3421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f748dd8f6c9 code=0x7ffc0000
[ 1076.048253][   T30] audit: type=1326 audit(1762866504.982:1316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20807 comm="syz.7.3421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f748dd8f6c9 code=0x7ffc0000
[ 1076.112102][   T30] audit: type=1326 audit(1762866504.982:1317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20807 comm="syz.7.3421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f748dd8f6c9 code=0x7ffc0000
[ 1076.134478][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1076.208086][   T30] audit: type=1326 audit(1762866504.982:1318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20807 comm="syz.7.3421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f748dd8f6c9 code=0x7ffc0000
[ 1076.336749][   T30] audit: type=1326 audit(1762866504.982:1319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20807 comm="syz.7.3421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f748dd8f6c9 code=0x7ffc0000
[ 1076.400014][   T30] audit: type=1326 audit(1762866504.982:1320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20807 comm="syz.7.3421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f748dd8f6c9 code=0x7ffc0000
[ 1076.429783][   T30] audit: type=1326 audit(1762866505.042:1321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20807 comm="syz.7.3421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f748dd8f6c9 code=0x7ffc0000
[ 1076.452249][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1076.460191][   T30] audit: type=1326 audit(1762866505.042:1322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20807 comm="syz.7.3421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f748dd8f6c9 code=0x7ffc0000
[ 1076.483460][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1076.491749][   T30] audit: type=1326 audit(1762866505.072:1323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20807 comm="syz.7.3421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f748dd8f6c9 code=0x7ffc0000
[ 1076.515961][   T30] audit: type=1326 audit(1762866505.072:1324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20807 comm="syz.7.3421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f748dd8f6c9 code=0x7ffc0000
[ 1077.118379][   T24] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[ 1077.143242][T20834] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3429'.
[ 1077.153714][T20834] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1077.446581][   T24] usb 4-1: Using ep0 maxpacket: 32
[ 1077.484491][   T24] usb 4-1: config 0 has an invalid interface number: 196 but max is 0
[ 1077.494055][   T24] usb 4-1: config 0 has no interface number 0
[ 1077.500582][   T24] usb 4-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[ 1077.502017][T20840] FAULT_INJECTION: forcing a failure.
[ 1077.502017][T20840] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1077.542541][   T24] usb 4-1: config 0 interface 196 has no altsetting 0
[ 1077.551261][T20840] CPU: 1 UID: 0 PID: 20840 Comm: syz.6.3431 Not tainted syzkaller #0 PREEMPT(full) 
[ 1077.551277][T20840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1077.551283][T20840] Call Trace:
[ 1077.551288][T20840]  <TASK>
[ 1077.551293][T20840]  dump_stack_lvl+0x189/0x250
[ 1077.551312][T20840]  ? __pfx____ratelimit+0x10/0x10
[ 1077.551334][T20840]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1077.551347][T20840]  ? __pfx__printk+0x10/0x10
[ 1077.551361][T20840]  ? __might_fault+0xb0/0x130
[ 1077.551380][T20840]  should_fail_ex+0x414/0x560
[ 1077.551398][T20840]  _copy_from_user+0x2d/0xb0
[ 1077.551412][T20840]  snd_seq_oss_write+0x382/0x930
[ 1077.551435][T20840]  ? __pfx_snd_seq_oss_write+0x10/0x10
[ 1077.551452][T20840]  ? security_file_permission+0x75/0x290
[ 1077.551467][T20840]  odev_write+0x5a/0x80
[ 1077.551482][T20840]  ? __pfx_odev_write+0x10/0x10
[ 1077.551500][T20840]  vfs_write+0x27e/0xb30
[ 1077.551530][T20840]  ? __pfx_vfs_write+0x10/0x10
[ 1077.551552][T20840]  ? __fget_files+0x2a/0x420
[ 1077.551571][T20840]  ? __fget_files+0x2a/0x420
[ 1077.551583][T20840]  ? __fget_files+0x3a0/0x420
[ 1077.551592][T20840]  ? __fget_files+0x2a/0x420
[ 1077.551605][T20840]  ksys_write+0x145/0x250
[ 1077.551619][T20840]  ? __pfx_ksys_write+0x10/0x10
[ 1077.551633][T20840]  ? do_syscall_64+0xbe/0xfa0
[ 1077.551649][T20840]  do_syscall_64+0xfa/0xfa0
[ 1077.551660][T20840]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1077.551674][T20840]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1077.551683][T20840]  ? clear_bhb_loop+0x60/0xb0
[ 1077.551703][T20840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1077.551712][T20840] RIP: 0033:0x7f77e3d8f6c9
[ 1077.551723][T20840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1077.551732][T20840] RSP: 002b:00007f77e4b60038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1077.551744][T20840] RAX: ffffffffffffffda RBX: 00007f77e3fe5fa0 RCX: 00007f77e3d8f6c9
[ 1077.551752][T20840] RDX: 0000000000000234 RSI: 0000200000000840 RDI: 0000000000000003
[ 1077.551758][T20840] RBP: 00007f77e4b60090 R08: 0000000000000000 R09: 0000000000000000
[ 1077.551764][T20840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1077.551770][T20840] R13: 00007f77e3fe6038 R14: 00007f77e3fe5fa0 R15: 00007f77e410fa28
[ 1077.551789][T20840]  </TASK>
[ 1077.951962][   T24] usb 4-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[ 1077.961099][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1077.969116][   T24] usb 4-1: Product: syz
[ 1077.974282][   T24] usb 4-1: Manufacturer: syz
[ 1077.983733][   T24] usb 4-1: SerialNumber: syz
[ 1078.007835][   T24] usb 4-1: config 0 descriptor??
[ 1078.027766][T20829] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[ 1078.669009][T20855] loop9: detected capacity change from 0 to 7
[ 1078.699804][T20855] Dev loop9: unable to read RDB block 7
[ 1078.705894][T20855]  loop9: unable to read partition table
[ 1078.713488][T20855] loop9: partition table beyond EOD, truncated
[ 1078.725118][T20855] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1078.863552][T20855] netlink: 'syz.6.3434': attribute type 10 has an invalid length.
[ 1079.832214][T20859] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1080.232026][   T24] ipheth 4-1:0.196: ipheth_get_macaddr: usb_control_msg: -71
[ 1080.248473][   T24] ipheth 4-1:0.196: probe with driver ipheth failed with error -71
[ 1080.447480][T20876] fuse: Bad value for 'fd'
[ 1080.619521][   T24] usb 4-1: USB disconnect, device number 9
[ 1080.976628][T20887] netlink: 'syz.6.3443': attribute type 2 has an invalid length.
[ 1082.244973][T20899] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3445'.
[ 1082.485407][T20904] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1082.519547][T20905] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3446'.
[ 1082.541803][T20905] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1082.575506][T20907] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1082.619100][T20904] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1082.795943][T20904] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1082.849734][T20904] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1082.933979][T20913] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3449'.
[ 1083.516634][   T30] kauditd_printk_skb: 7 callbacks suppressed
[ 1083.516654][   T30] audit: type=1800 audit(1762866512.552:1332): pid=20909 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3449" name="bus" dev="ramfs" ino=106020 res=0 errno=0
[ 1084.145833][T20934] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1084.163562][T20934] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1084.566981][T10700] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[ 1084.820439][T10700] usb 3-1: Using ep0 maxpacket: 32
[ 1084.875369][T10700] usb 3-1: config 0 has too many interfaces: 35, using maximum allowed: 32
[ 1084.929996][T10700] usb 3-1: config 0 has an invalid interface number: 196 but max is 34
[ 1084.952868][T10700] usb 3-1: config 0 has an invalid descriptor of length 253, skipping remainder of the config
[ 1084.975796][T10700] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 35
[ 1085.011655][T10700] usb 3-1: config 0 has no interface number 0
[ 1085.039017][T10700] usb 3-1: config 0 interface 196 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1085.059934][T10700] usb 3-1: config 0 interface 196 has no altsetting 0
[ 1085.211225][T10700] usb 3-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[ 1085.220549][T10700] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1085.229041][T10700] usb 3-1: Product: syz
[ 1085.233382][T10700] usb 3-1: Manufacturer: syz
[ 1085.253668][T10700] usb 3-1: SerialNumber: syz
[ 1085.377385][T10700] usb 3-1: config 0 descriptor??
[ 1085.464479][T20961] fuse: Unknown parameter 'groun²
'
[ 1085.787147][T20971] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3461'.
[ 1085.900782][T20970] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1853191200 (3706382400 ns) > initial count (1616928832 ns). Using initial count to start timer.
[ 1086.224170][T20976] vlan2: entered promiscuous mode
[ 1086.470337][T20979] FAULT_INJECTION: forcing a failure.
[ 1086.470337][T20979] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1086.490281][T20979] CPU: 1 UID: 0 PID: 20979 Comm: syz.1.3464 Not tainted syzkaller #0 PREEMPT(full) 
[ 1086.490307][T20979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1086.490318][T20979] Call Trace:
[ 1086.490332][T20979]  <TASK>
[ 1086.490340][T20979]  dump_stack_lvl+0x189/0x250
[ 1086.490369][T20979]  ? __pfx____ratelimit+0x10/0x10
[ 1086.490393][T20979]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1086.490415][T20979]  ? __pfx__printk+0x10/0x10
[ 1086.490435][T20979]  ? fs_reclaim_acquire+0x7d/0x100
[ 1086.490462][T20979]  should_fail_ex+0x414/0x560
[ 1086.490494][T20979]  prepare_alloc_pages+0x213/0x610
[ 1086.490520][T20979]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1086.490542][T20979]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1086.490570][T20979]  ? policy_nodemask+0x27c/0x720
[ 1086.490592][T20979]  alloc_pages_bulk_noprof+0x560/0x710
[ 1086.490615][T20979]  ? alloc_pages_noprof+0xbe/0x190
[ 1086.490634][T20979]  kasan_populate_vmalloc+0xd1/0x270
[ 1086.490657][T20979]  ? do_raw_spin_unlock+0x122/0x240
[ 1086.490686][T20979]  alloc_vmap_area+0xd7a/0x14c0
[ 1086.490725][T20979]  ? __pfx_alloc_vmap_area+0x10/0x10
[ 1086.490746][T20979]  ? __kasan_kmalloc+0x93/0xb0
[ 1086.490782][T20979]  ? __get_vm_area_node+0x13f/0x300
[ 1086.490806][T20979]  ? copy_process+0x54b/0x3c00
[ 1086.490827][T20979]  __get_vm_area_node+0x1f8/0x300
[ 1086.490857][T20979]  __vmalloc_node_range_noprof+0x30c/0x12d0
[ 1086.490882][T20979]  ? copy_process+0x54b/0x3c00
[ 1086.490911][T20979]  ? percpu_ref_get_many+0x19/0x140
[ 1086.490947][T20979]  ? __memcg_slab_post_alloc_hook+0x517/0x7d0
[ 1086.490976][T20979]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1086.491003][T20979]  ? memcpy_and_pad+0x48/0x80
[ 1086.491030][T20979]  __vmalloc_node_noprof+0xc2/0x110
[ 1086.491068][T20979]  ? copy_process+0x54b/0x3c00
[ 1086.491085][T20979]  ? copy_process+0x54b/0x3c00
[ 1086.491108][T20979]  dup_task_struct+0x3d4/0x830
[ 1086.491127][T20979]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1086.491155][T20979]  copy_process+0x54b/0x3c00
[ 1086.491206][T20979]  ? __pfx_copy_process+0x10/0x10
[ 1086.491239][T20979]  vhost_task_create+0x1ce/0x320
[ 1086.491261][T20979]  ? arch_stack_walk+0xfc/0x150
[ 1086.491281][T20979]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1086.491308][T20979]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[ 1086.491332][T20979]  ? __pfx_vhost_task_create+0x10/0x10
[ 1086.491363][T20979]  ? __pfx_vhost_task_fn+0x10/0x10
[ 1086.491403][T20979]  kvm_mmu_post_init_vm+0x14c/0x300
[ 1086.491431][T20979]  kvm_arch_vcpu_ioctl_run+0xdc/0x1cb0
[ 1086.491464][T20979]  ? __mutex_trylock_common+0x153/0x260
[ 1086.491489][T20979]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1086.491511][T20979]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1086.491538][T20979]  ? rcu_is_watching+0x15/0xb0
[ 1086.491559][T20979]  ? trace_contention_end+0x39/0x120
[ 1086.491579][T20979]  ? look_up_lock_class+0x74/0x170
[ 1086.491605][T20979]  ? register_lock_class+0x51/0x320
[ 1086.491630][T20979]  ? __lock_acquire+0xab9/0xd20
[ 1086.491676][T20979]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1086.491708][T20979]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1086.491755][T20979]  ? __fget_files+0x2a/0x420
[ 1086.491798][T20979]  ? __fget_files+0x3a0/0x420
[ 1086.491814][T20979]  ? __fget_files+0x2a/0x420
[ 1086.491834][T20979]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1086.491853][T20979]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1086.491885][T20979]  __se_sys_ioctl+0xfc/0x170
[ 1086.491911][T20979]  do_syscall_64+0xfa/0xfa0
[ 1086.491934][T20979]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1086.491955][T20979]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1086.491973][T20979]  ? clear_bhb_loop+0x60/0xb0
[ 1086.491995][T20979]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1086.492013][T20979] RIP: 0033:0x7efcd0f8f6c9
[ 1086.492030][T20979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1086.492045][T20979] RSP: 002b:00007efcd1eda038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1086.492066][T20979] RAX: ffffffffffffffda RBX: 00007efcd11e6090 RCX: 00007efcd0f8f6c9
[ 1086.492079][T20979] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1086.492091][T20979] RBP: 00007efcd1eda090 R08: 0000000000000000 R09: 0000000000000000
[ 1086.492103][T20979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1086.492114][T20979] R13: 00007efcd11e6128 R14: 00007efcd11e6090 R15: 00007efcd130fa28
[ 1086.492147][T20979]  </TASK>
[ 1087.251624][T20979] syz.1.3464: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1087.267714][T20979] CPU: 1 UID: 0 PID: 20979 Comm: syz.1.3464 Not tainted syzkaller #0 PREEMPT(full) 
[ 1087.267737][T20979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1087.267749][T20979] Call Trace:
[ 1087.267766][T20979]  <TASK>
[ 1087.267773][T20979]  dump_stack_lvl+0x189/0x250
[ 1087.267804][T20979]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1087.267825][T20979]  ? __pfx__printk+0x10/0x10
[ 1087.267842][T20979]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1087.267865][T20979]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1087.267890][T20979]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 1087.267914][T20979]  warn_alloc+0x214/0x310
[ 1087.267938][T20979]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1087.267964][T20979]  ? __pfx_warn_alloc+0x10/0x10
[ 1087.267995][T20979]  ? copy_process+0x54b/0x3c00
[ 1087.268015][T20979]  ? __get_vm_area_node+0x211/0x300
[ 1087.268044][T20979]  __vmalloc_node_range_noprof+0x331/0x12d0
[ 1087.268078][T20979]  ? percpu_ref_get_many+0x19/0x140
[ 1087.268105][T20979]  ? __memcg_slab_post_alloc_hook+0x517/0x7d0
[ 1087.268135][T20979]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1087.268162][T20979]  ? memcpy_and_pad+0x48/0x80
[ 1087.268190][T20979]  __vmalloc_node_noprof+0xc2/0x110
[ 1087.268213][T20979]  ? copy_process+0x54b/0x3c00
[ 1087.268230][T20979]  ? copy_process+0x54b/0x3c00
[ 1087.268251][T20979]  dup_task_struct+0x3d4/0x830
[ 1087.268269][T20979]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1087.268294][T20979]  copy_process+0x54b/0x3c00
[ 1087.268341][T20979]  ? __pfx_copy_process+0x10/0x10
[ 1087.268373][T20979]  vhost_task_create+0x1ce/0x320
[ 1087.268393][T20979]  ? arch_stack_walk+0xfc/0x150
[ 1087.268412][T20979]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1087.268435][T20979]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[ 1087.268457][T20979]  ? __pfx_vhost_task_create+0x10/0x10
[ 1087.268487][T20979]  ? __pfx_vhost_task_fn+0x10/0x10
[ 1087.268528][T20979]  kvm_mmu_post_init_vm+0x14c/0x300
[ 1087.268556][T20979]  kvm_arch_vcpu_ioctl_run+0xdc/0x1cb0
[ 1087.268589][T20979]  ? __mutex_trylock_common+0x153/0x260
[ 1087.268614][T20979]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1087.268633][T20979]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1087.268658][T20979]  ? rcu_is_watching+0x15/0xb0
[ 1087.268678][T20979]  ? trace_contention_end+0x39/0x120
[ 1087.268696][T20979]  ? look_up_lock_class+0x74/0x170
[ 1087.268723][T20979]  ? register_lock_class+0x51/0x320
[ 1087.268746][T20979]  ? __lock_acquire+0xab9/0xd20
[ 1087.268799][T20979]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1087.268829][T20979]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1087.268875][T20979]  ? __fget_files+0x2a/0x420
[ 1087.268897][T20979]  ? __fget_files+0x3a0/0x420
[ 1087.268912][T20979]  ? __fget_files+0x2a/0x420
[ 1087.268932][T20979]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1087.268952][T20979]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1087.268974][T20979]  __se_sys_ioctl+0xfc/0x170
[ 1087.268999][T20979]  do_syscall_64+0xfa/0xfa0
[ 1087.269021][T20979]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1087.269043][T20979]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1087.269061][T20979]  ? clear_bhb_loop+0x60/0xb0
[ 1087.269082][T20979]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1087.269099][T20979] RIP: 0033:0x7efcd0f8f6c9
[ 1087.269116][T20979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1087.269131][T20979] RSP: 002b:00007efcd1eda038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1087.269150][T20979] RAX: ffffffffffffffda RBX: 00007efcd11e6090 RCX: 00007efcd0f8f6c9
[ 1087.269164][T20979] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1087.269175][T20979] RBP: 00007efcd1eda090 R08: 0000000000000000 R09: 0000000000000000
[ 1087.269187][T20979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1087.269198][T20979] R13: 00007efcd11e6128 R14: 00007efcd11e6090 R15: 00007efcd130fa28
[ 1087.269230][T20979]  </TASK>
[ 1087.270232][T20979] Mem-Info:
[ 1087.671576][T20979] active_anon:14041 inactive_anon:0 isolated_anon:0
[ 1087.671576][T20979]  active_file:20907 inactive_file:40345 isolated_file:0
[ 1087.671576][T20979]  unevictable:768 dirty:191 writeback:0
[ 1087.671576][T20979]  slab_reclaimable:7516 slab_unreclaimable:105722
[ 1087.671576][T20979]  mapped:44043 shmem:6296 pagetables:1875
[ 1087.671576][T20979]  sec_pagetables:0 bounce:0
[ 1087.671576][T20979]  kernel_misc_reclaimable:0
[ 1087.671576][T20979]  free:1271913 free_pcp:9103 free_cma:0
[ 1087.747410][T20979] Node 0 active_anon:56164kB inactive_anon:0kB active_file:83528kB inactive_file:161176kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:176072kB dirty:740kB writeback:0kB shmem:23648kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14508kB pagetables:7324kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1087.863788][T20987] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3465'.
[ 1087.874794][T20987] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3465'.
[ 1087.938519][T20979] Node 1 active_anon:0kB inactive_anon:0kB active_file:100kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:100kB dirty:24kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:176kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1087.990186][T10700] ipheth 3-1:0.196: Unable to find endpoints
[ 1088.010972][T20979] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1088.051643][T20979] lowmem_reserve[]: 0 2505 2505 2505 2505
[ 1088.057626][T20979] Node 0 DMA32 free:1160096kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:53180kB inactive_anon:0kB active_file:83528kB inactive_file:161176kB unevictable:1536kB writepending:744kB zspages:0kB present:3129332kB managed:2565164kB mlocked:0kB bounce:0kB free_pcp:34848kB local_pcp:19636kB free_cma:0kB
[ 1088.093029][T20979] lowmem_reserve[]: 0 0 0 0 0
[ 1088.101986][T20979] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1088.157005][T10700] usb 3-1: USB disconnect, device number 21
[ 1088.172579][T20979] lowmem_reserve[]: 0 0 0 0 0
[ 1088.282242][T20979] Node 1 Normal free:3907076kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:100kB inactive_file:204kB unevictable:1536kB writepending:24kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:3456kB local_pcp:0kB free_cma:0kB
[ 1088.314765][T20979] lowmem_reserve[]: 0 0 0 0 0
[ 1088.324871][T20979] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1088.390289][T20979] Node 0 DMA32: 1616*4kB (UM) 772*8kB (UME) 1010*16kB (UME) 883*32kB (UME) 255*64kB (UME) 186*128kB (UME) 106*256kB (UME) 43*512kB (UME) 10*1024kB (UME) 4*2048kB (UME) 243*4096kB (UM) = 1160096kB
[ 1088.527375][T20979] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1088.539379][T20979] Node 1 Normal: 227*4kB (UM) 65*8kB (UE) 43*16kB (UME) 266*32kB (UE) 114*64kB (UE) 26*128kB (UME) 7*256kB (UM) 4*512kB (UME) 1*1024kB (M) 3*2048kB (UME) 946*4096kB (M) = 3907076kB
[ 1088.557756][T20979] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1088.567439][T20979] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 1088.577816][T20979] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1088.587767][T20979] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 1088.703643][T20979] 67549 total pagecache pages
[ 1088.722827][T20979] 5 pages in swap cache
[ 1088.764115][T20979] Free swap  = 124976kB
[ 1088.841352][T20979] Total swap = 124996kB
[ 1088.949105][T20979] 2097051 pages RAM
[ 1089.006993][T20979] 0 pages HighMem/MovableOnly
[ 1089.011968][T20979] 424118 pages reserved
[ 1089.069672][T20979] 0 pages cma reserved
[ 1090.165993][T21012] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1090.176859][T21012] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1090.427343][T21017] random: crng reseeded on system resumption
[ 1091.300109][T21034] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1092.103384][T21032] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1092.329338][T21046] FAULT_INJECTION: forcing a failure.
[ 1092.329338][T21046] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1092.343066][T21046] CPU: 0 UID: 0 PID: 21046 Comm: syz.6.3474 Not tainted syzkaller #0 PREEMPT(full) 
[ 1092.343082][T21046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1092.343089][T21046] Call Trace:
[ 1092.343093][T21046]  <TASK>
[ 1092.343098][T21046]  dump_stack_lvl+0x189/0x250
[ 1092.343116][T21046]  ? __pfx____ratelimit+0x10/0x10
[ 1092.343130][T21046]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1092.343143][T21046]  ? __pfx__printk+0x10/0x10
[ 1092.343153][T21046]  ? __might_fault+0xb0/0x130
[ 1092.343173][T21046]  should_fail_ex+0x414/0x560
[ 1092.343191][T21046]  _copy_from_user+0x2d/0xb0
[ 1092.343203][T21046]  proc_setintf+0x8f/0x300
[ 1092.343219][T21046]  ? __pfx_proc_setintf+0x10/0x10
[ 1092.343235][T21046]  usbdev_ioctl+0x99c/0x20b0
[ 1092.343250][T21046]  ? __fget_files+0x2a/0x420
[ 1092.343260][T21046]  ? __pfx_usbdev_ioctl+0x10/0x10
[ 1092.343272][T21046]  ? __fget_files+0x3a0/0x420
[ 1092.343280][T21046]  ? __fget_files+0x2a/0x420
[ 1092.343298][T21046]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1092.343309][T21046]  ? __pfx_usbdev_ioctl+0x10/0x10
[ 1092.343321][T21046]  __se_sys_ioctl+0xfc/0x170
[ 1092.343334][T21046]  do_syscall_64+0xfa/0xfa0
[ 1092.343347][T21046]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1092.343360][T21046]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1092.343370][T21046]  ? clear_bhb_loop+0x60/0xb0
[ 1092.343382][T21046]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1092.343391][T21046] RIP: 0033:0x7f77e3d8f6c9
[ 1092.343402][T21046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1092.343410][T21046] RSP: 002b:00007f77e4b60038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1092.343422][T21046] RAX: ffffffffffffffda RBX: 00007f77e3fe5fa0 RCX: 00007f77e3d8f6c9
[ 1092.343429][T21046] RDX: 0000200000000180 RSI: 0000000080085504 RDI: 0000000000000003
[ 1092.343436][T21046] RBP: 00007f77e4b60090 R08: 0000000000000000 R09: 0000000000000000
[ 1092.343442][T21046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1092.343448][T21046] R13: 00007f77e3fe6038 R14: 00007f77e3fe5fa0 R15: 00007f77e410fa28
[ 1092.343465][T21046]  </TASK>
[ 1093.655297][T10700] usb 7-1: new high-speed USB device number 101 using dummy_hcd
[ 1093.858371][T10700] usb 7-1: device descriptor read/64, error -71
[ 1094.116640][T10700] usb 7-1: new high-speed USB device number 102 using dummy_hcd
[ 1094.276572][T10700] usb 7-1: device descriptor read/64, error -71
[ 1094.404586][T21086] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1094.430412][T21086] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1094.557948][T10700] usb usb7-port1: attempt power cycle
[ 1094.896588][T10700] usb 7-1: new high-speed USB device number 103 using dummy_hcd
[ 1094.928009][T10700] usb 7-1: device descriptor read/8, error -71
[ 1095.346755][T10700] usb 7-1: new high-speed USB device number 104 using dummy_hcd
[ 1095.378076][T10700] usb 7-1: device descriptor read/8, error -71
[ 1095.499787][T10700] usb usb7-port1: unable to enumerate USB device
[ 1095.665825][T21106] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1095.686842][T21106] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[ 1095.718159][T21106] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1095.729577][T21106] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[ 1095.776952][T21106] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1095.785355][T21106] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[ 1095.794575][T21106] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1095.803348][T21106] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[ 1095.875272][T21106] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1095.884016][T21106] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[ 1098.646570][T10700] usb 7-1: new high-speed USB device number 105 using dummy_hcd
[ 1098.680262][T21140] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1098.967258][T10700] usb 7-1: Using ep0 maxpacket: 8
[ 1098.983841][T10700] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1098.995288][T10700] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 65535, setting to 1024
[ 1099.012603][T10700] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[ 1099.023539][T10700] usb 7-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1099.045633][T10700] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[ 1099.056253][T10700] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1099.065014][T10700] usb 7-1: Product: syz
[ 1099.070818][T10700] usb 7-1: Manufacturer: syz
[ 1099.075791][T10700] usb 7-1: SerialNumber: syz
[ 1099.095895][T21136] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1099.113486][T21136] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1099.472747][T10700] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -71
[ 1099.482523][T10700] usbtest 7-1:1.0: Linux user mode ISO test driver
[ 1099.491100][T10700] usbtest 7-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt)
[ 1099.503185][T10700] usb 7-1: USB disconnect, device number 105
[ 1099.995199][T21157] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3496'.
[ 1100.283126][T21157] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3496'.
[ 1100.448505][T21161] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1100.866551][T10700] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[ 1101.217266][T10700] usb 3-1: Using ep0 maxpacket: 32
[ 1101.233825][T10700] usb 3-1: config 0 has an invalid interface number: 196 but max is 0
[ 1101.272125][T10700] usb 3-1: config 0 has no interface number 0
[ 1101.330099][T10700] usb 3-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[ 1101.382081][T10700] usb 3-1: config 0 interface 196 has no altsetting 0
[ 1101.398882][T10700] usb 3-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[ 1101.421088][T10700] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1101.437059][T10700] usb 3-1: Product: syz
[ 1101.443118][T10700] usb 3-1: Manufacturer: syz
[ 1101.448892][T10700] usb 3-1: SerialNumber: syz
[ 1101.462287][T10700] usb 3-1: config 0 descriptor??
[ 1101.469373][T21165] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1101.567459][T21172] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3500'.
[ 1101.577063][T21172] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3500'.
[ 1101.685304][T21172] bond15: entered promiscuous mode
[ 1101.892940][T21180] FAULT_INJECTION: forcing a failure.
[ 1101.892940][T21180] name failslab, interval 1, probability 0, space 0, times 0
[ 1101.906394][T21180] CPU: 1 UID: 0 PID: 21180 Comm: syz.3.3501 Not tainted syzkaller #0 PREEMPT(full) 
[ 1101.906419][T21180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1101.906429][T21180] Call Trace:
[ 1101.906436][T21180]  <TASK>
[ 1101.906444][T21180]  dump_stack_lvl+0x189/0x250
[ 1101.906475][T21180]  ? __pfx____ratelimit+0x10/0x10
[ 1101.906497][T21180]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1101.906517][T21180]  ? __pfx__printk+0x10/0x10
[ 1101.906540][T21180]  ? __pfx___might_resched+0x10/0x10
[ 1101.906557][T21180]  ? fs_reclaim_acquire+0x7d/0x100
[ 1101.906577][T21180]  should_fail_ex+0x414/0x560
[ 1101.906615][T21180]  should_failslab+0xa8/0x100
[ 1101.906635][T21180]  kmem_cache_alloc_node_noprof+0x77/0x710
[ 1101.906659][T21180]  ? dup_task_struct+0x52/0x830
[ 1101.906685][T21180]  dup_task_struct+0x52/0x830
[ 1101.906705][T21180]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1101.906731][T21180]  copy_process+0x54b/0x3c00
[ 1101.906778][T21180]  ? __pfx_copy_process+0x10/0x10
[ 1101.906810][T21180]  vhost_task_create+0x1ce/0x320
[ 1101.906830][T21180]  ? arch_stack_walk+0xfc/0x150
[ 1101.906849][T21180]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1101.906872][T21180]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[ 1101.906895][T21180]  ? __pfx_vhost_task_create+0x10/0x10
[ 1101.906924][T21180]  ? __pfx_vhost_task_fn+0x10/0x10
[ 1101.906965][T21180]  kvm_mmu_post_init_vm+0x14c/0x300
[ 1101.906991][T21180]  kvm_arch_vcpu_ioctl_run+0xdc/0x1cb0
[ 1101.907023][T21180]  ? __mutex_trylock_common+0x153/0x260
[ 1101.907047][T21180]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1101.907068][T21180]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1101.907095][T21180]  ? rcu_is_watching+0x15/0xb0
[ 1101.907116][T21180]  ? trace_contention_end+0x39/0x120
[ 1101.907135][T21180]  ? look_up_lock_class+0x74/0x170
[ 1101.907158][T21180]  ? register_lock_class+0x51/0x320
[ 1101.907180][T21180]  ? __lock_acquire+0xab9/0xd20
[ 1101.907226][T21180]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1101.907253][T21180]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1101.907298][T21180]  ? __fget_files+0x2a/0x420
[ 1101.907321][T21180]  ? __fget_files+0x3a0/0x420
[ 1101.907335][T21180]  ? __fget_files+0x2a/0x420
[ 1101.907354][T21180]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1101.907373][T21180]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1101.907396][T21180]  __se_sys_ioctl+0xfc/0x170
[ 1101.907420][T21180]  do_syscall_64+0xfa/0xfa0
[ 1101.907441][T21180]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1101.907463][T21180]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1101.907479][T21180]  ? clear_bhb_loop+0x60/0xb0
[ 1101.907500][T21180]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1101.907518][T21180] RIP: 0033:0x7fb2b598f6c9
[ 1101.907534][T21180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1101.907548][T21180] RSP: 002b:00007fb2b6808038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1101.907568][T21180] RAX: ffffffffffffffda RBX: 00007fb2b5be6180 RCX: 00007fb2b598f6c9
[ 1101.907581][T21180] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1101.907599][T21180] RBP: 00007fb2b6808090 R08: 0000000000000000 R09: 0000000000000000
[ 1101.907611][T21180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1101.907622][T21180] R13: 00007fb2b5be6218 R14: 00007fb2b5be6180 R15: 00007fb2b5d0fa28
[ 1101.907652][T21180]  </TASK>
[ 1102.702130][T21190] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3505'.
[ 1102.769144][T21192] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1103.646212][T21200] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1103.666181][T10700] ipheth 3-1:0.196: ipheth_get_macaddr: usb_control_msg: -71
[ 1103.682467][T10700] ipheth 3-1:0.196: probe with driver ipheth failed with error -71
[ 1103.704617][T10700] usb 3-1: USB disconnect, device number 22
[ 1103.729986][T21204] veth0_to_team: entered promiscuous mode
[ 1104.269346][T21213] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1104.596669][T10700] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[ 1104.915634][T10700] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1104.937671][T10700] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1104.948183][T10700] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1104.958418][T10700] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1104.982279][T10700] usb 3-1: config 0 descriptor??
[ 1105.066790][ T5834] usb 7-1: new high-speed USB device number 106 using dummy_hcd
[ 1105.296655][ T5834] usb 7-1: Using ep0 maxpacket: 32
[ 1105.325390][ T5834] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1105.342086][ T5834] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1105.366505][ T5834] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1105.429501][ T5834] usb 7-1: config 0 descriptor??
[ 1105.439185][ T5834] hub 7-1:0.0: bad descriptor, ignoring hub
[ 1105.480090][ T5834] hub 7-1:0.0: probe with driver hub failed with error -5
[ 1105.658195][T21205] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1105.672071][T21205] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1105.767520][T21239] netlink: 40 bytes leftover after parsing attributes in process `syz.7.3516'.
[ 1105.997125][T21249] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1106.155285][T21254] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1106.164514][T21254] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1106.570044][T21261] netlink: 'syz.7.3522': attribute type 2 has an invalid length.
[ 1106.582788][T21261] : entered promiscuous mode
[ 1106.636270][T21266] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3524'.
[ 1106.675843][T21265] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3524'.
[ 1106.807648][   T24] usb 3-1: USB disconnect, device number 23
[ 1107.537162][T21280] kvm: MWAIT instruction emulated as NOP!
[ 1108.076571][   T24] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[ 1108.188494][T21273] binder: 21270:21273 unknown command 0
[ 1108.194163][T21273] binder: 21270:21273 ioctl c0306201 200000000080 returned -22
[ 1108.224561][T21273] binder: 21270:21273 unknown command 0
[ 1108.251613][T21273] binder: 21270:21273 ioctl c0306201 2000000003c0 returned -22
[ 1108.259679][   T24] usb 4-1: Using ep0 maxpacket: 16
[ 1108.273584][   T24] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[ 1108.300786][   T24] usb 4-1: config 0 has an invalid descriptor of length 113, skipping remainder of the config
[ 1108.340676][   T24] usb 4-1: config 0 has no interface number 0
[ 1108.376237][   T24] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[ 1108.430084][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1108.491700][   T24] usb 4-1: Product: syz
[ 1108.498007][ T5834] usb 7-1: USB disconnect, device number 106
[ 1108.523328][   T24] usb 4-1: Manufacturer: syz
[ 1108.524278][T21285] fuse: Bad value for 'fd'
[ 1108.557223][   T24] usb 4-1: SerialNumber: syz
[ 1108.629088][   T24] usb 4-1: config 0 descriptor??
[ 1108.794841][T21288] netlink: 40 bytes leftover after parsing attributes in process `syz.7.3530'.
[ 1109.037133][   T24] uvcvideo 4-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[ 1109.044695][   T24] uvcvideo 4-1:0.105: No valid video chain found.
[ 1109.449933][T21299] syz.2.3533 (21299): drop_caches: 2
[ 1109.556733][   T24] usb 4-1: USB disconnect, device number 10
[ 1109.839028][T21305] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3534'.
[ 1109.886702][T21305] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3534'.
[ 1110.330490][T21310] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3535'.
[ 1110.441149][T21313] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1110.471564][T21313] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1110.505320][T21313] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1110.515278][T21313] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1111.240634][T21325] syz.2.3538 (21325): drop_caches: 2
[ 1111.473049][T21329] netlink: 'syz.3.3541': attribute type 1 has an invalid length.
[ 1111.488258][T21330] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1111.757392][T21334] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3542'.
[ 1111.832469][T21332] 8021q: adding VLAN 0 to HW filter on device bond12
[ 1111.900415][T21332] bond11: (slave bond12): making interface the new active one
[ 1111.987151][T21332] bond11: (slave bond12): Enslaving as an active interface with an up link
[ 1112.318739][T21343] syz.3.3543 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[ 1112.386041][T21347] FAULT_INJECTION: forcing a failure.
[ 1112.386041][T21347] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1112.413623][T21347] CPU: 1 UID: 0 PID: 21347 Comm: syz.7.3545 Not tainted syzkaller #0 PREEMPT(full) 
[ 1112.413647][T21347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1112.413658][T21347] Call Trace:
[ 1112.413665][T21347]  <TASK>
[ 1112.413672][T21347]  dump_stack_lvl+0x189/0x250
[ 1112.413699][T21347]  ? __pfx____ratelimit+0x10/0x10
[ 1112.413719][T21347]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1112.413740][T21347]  ? __pfx__printk+0x10/0x10
[ 1112.413759][T21347]  ? __might_fault+0xb0/0x130
[ 1112.413791][T21347]  should_fail_ex+0x414/0x560
[ 1112.413821][T21347]  _copy_from_user+0x2d/0xb0
[ 1112.413840][T21347]  snd_seq_oss_write+0x515/0x930
[ 1112.413874][T21347]  ? __pfx_snd_seq_oss_write+0x10/0x10
[ 1112.413899][T21347]  ? security_file_permission+0x75/0x290
[ 1112.413921][T21347]  odev_write+0x5a/0x80
[ 1112.413936][T21347]  ? __pfx_odev_write+0x10/0x10
[ 1112.413954][T21347]  vfs_write+0x27e/0xb30
[ 1112.413985][T21347]  ? __pfx_vfs_write+0x10/0x10
[ 1112.414009][T21347]  ? __fget_files+0x2a/0x420
[ 1112.414028][T21347]  ? __fget_files+0x2a/0x420
[ 1112.414042][T21347]  ? __fget_files+0x3a0/0x420
[ 1112.414058][T21347]  ? __fget_files+0x2a/0x420
[ 1112.414081][T21347]  ksys_write+0x145/0x250
[ 1112.414105][T21347]  ? __pfx_ksys_write+0x10/0x10
[ 1112.414130][T21347]  ? do_syscall_64+0xbe/0xfa0
[ 1112.414156][T21347]  do_syscall_64+0xfa/0xfa0
[ 1112.414177][T21347]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1112.414199][T21347]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1112.414217][T21347]  ? clear_bhb_loop+0x60/0xb0
[ 1112.414238][T21347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1112.414254][T21347] RIP: 0033:0x7f748dd8f6c9
[ 1112.414270][T21347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1112.414284][T21347] RSP: 002b:00007f748ec76038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1112.414303][T21347] RAX: ffffffffffffffda RBX: 00007f748dfe5fa0 RCX: 00007f748dd8f6c9
[ 1112.414317][T21347] RDX: 0000000000000234 RSI: 0000200000000840 RDI: 0000000000000003
[ 1112.414337][T21347] RBP: 00007f748ec76090 R08: 0000000000000000 R09: 0000000000000000
[ 1112.414348][T21347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1112.414358][T21347] R13: 00007f748dfe6038 R14: 00007f748dfe5fa0 R15: 00007f748e10fa28
[ 1112.414387][T21347]  </TASK>
[ 1112.961117][   T30] audit: type=1326 audit(1762866542.012:1333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21363 comm="syz.1.3549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcd0f8f6c9 code=0x7ffc0000
[ 1113.012202][   T30] audit: type=1326 audit(1762866542.032:1334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21363 comm="syz.1.3549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7efcd0f8f6c9 code=0x7ffc0000
[ 1113.063586][T21366] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1113.085685][T21366] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1113.098377][   T30] audit: type=1326 audit(1762866542.052:1335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21365 comm="syz.1.3549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7efcd0fc1f85 code=0x7ffc0000
[ 1113.188888][   T30] audit: type=1326 audit(1762866542.052:1336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21363 comm="syz.1.3549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcd0f8f6c9 code=0x7ffc0000
[ 1113.286113][   T30] audit: type=1326 audit(1762866542.052:1337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21363 comm="syz.1.3549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcd0f8f6c9 code=0x7ffc0000
[ 1113.311861][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1113.375554][   T30] audit: type=1326 audit(1762866542.062:1338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21363 comm="syz.1.3549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7efcd0f8f6c9 code=0x7ffc0000
[ 1113.424889][   T30] audit: type=1326 audit(1762866542.202:1339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21365 comm="syz.1.3549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7efcd0f8f6c9 code=0x7ffc0000
[ 1113.449116][   T30] audit: type=1326 audit(1762866542.232:1340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21363 comm="syz.1.3549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efcd0f2b779 code=0x7ffc0000
[ 1113.472309][   T30] audit: type=1326 audit(1762866542.232:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21363 comm="syz.1.3549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcd0f8f6c9 code=0x7ffc0000
[ 1113.502892][   T30] audit: type=1326 audit(1762866542.232:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21363 comm="syz.1.3549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcd0f8f6c9 code=0x7ffc0000
[ 1113.695802][T21383] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3554'.
[ 1114.031924][T21396] netlink: 'syz.6.3558': attribute type 1 has an invalid length.
[ 1114.121534][T21399] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1114.381622][T21396] bond11: entered promiscuous mode
[ 1114.395320][T21396] 8021q: adding VLAN 0 to HW filter on device bond11
[ 1116.011365][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1116.017782][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.154469][T21417] kvm: kvm [21416]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0x11e) = 0xbe70a111
[ 1116.547648][T21430] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3568'.
[ 1117.136528][ T5834] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[ 1117.348463][ T5834] usb 3-1: config 0 has too many interfaces: 202, using maximum allowed: 32
[ 1117.357399][ T5834] usb 3-1: config 0 has an invalid descriptor of length 102, skipping remainder of the config
[ 1117.388586][ T5834] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 202
[ 1117.404483][ T5834] usb 3-1: config 0 has no interface number 0
[ 1117.446538][ T5834] usb 3-1: too many endpoints for config 0 interface 72 altsetting 199: 192, using maximum allowed: 30
[ 1117.555063][ T5834] usb 3-1: config 0 interface 72 altsetting 199 has 0 endpoint descriptors, different from the interface descriptor's value: 192
[ 1117.561998][T21458] netlink: 'syz.7.3576': attribute type 1 has an invalid length.
[ 1117.671944][ T5834] usb 3-1: config 0 interface 72 has no altsetting 0
[ 1117.692910][ T5834] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[ 1117.703088][ T5834] usb 3-1: New USB device strings: Mfr=33, Product=2, SerialNumber=3
[ 1117.717710][ T5834] usb 3-1: Product: syz
[ 1117.736215][ T5834] usb 3-1: Manufacturer: syz
[ 1117.746205][ T5834] usb 3-1: SerialNumber: syz
[ 1117.766847][ T5834] usb 3-1: config 0 descriptor??
[ 1117.970963][T21458] 8021q: adding VLAN 0 to HW filter on device bond5
[ 1117.989427][T21434] fuse: Bad value for 'fd'
[ 1118.020270][ T5834] usb 3-1: USB disconnect, device number 24
[ 1118.232629][T21462] bond5: (slave veth7): Enslaving as an active interface with a down link
[ 1118.309455][T21458] bond5: entered allmulticast mode
[ 1118.520616][T21475] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1118.559871][T21475] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1118.597828][T21475] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1118.657203][T21475] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1118.707053][T21475] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1118.766937][T21475] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1118.820632][T21475] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1118.897059][T21475] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1118.921348][T21483] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1118.939528][T21473] xt_CT: No such helper "pptp"
[ 1118.944898][T21483] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1118.962684][T21475] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1118.977140][T21475] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1118.998055][   T30] audit: type=1326 audit(1762866548.052:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21485 comm="syz.3.3583" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb2b598f6c9 code=0x0
[ 1119.246634][ T5834] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[ 1119.440933][ T5834] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00
[ 1119.450509][ T5834] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1119.464314][ T5834] usb 3-1: Product: syz
[ 1119.474595][ T5834] usb 3-1: SerialNumber: syz
[ 1119.573283][ T5834] usb 3-1: config 0 descriptor??
[ 1119.835727][ T5834] usb 3-1: USB disconnect, device number 25
[ 1120.031620][T21505] netlink: 'syz.1.3589': attribute type 1 has an invalid length.
[ 1120.108824][T21505] 8021q: adding VLAN 0 to HW filter on device bond16
[ 1120.151643][T21509] bond16: (slave veth17): Enslaving as an active interface with a down link
[ 1120.181194][T21505] bond16: entered allmulticast mode
[ 1120.326066][T21515] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3592'.
[ 1120.335286][T21515] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3592'.
[ 1120.350671][T21515] sit1: entered allmulticast mode
[ 1121.300775][T21553] netlink: 'syz.6.3602': attribute type 1 has an invalid length.
[ 1121.332873][T21553] 8021q: adding VLAN 0 to HW filter on device bond12
[ 1121.471665][T21555] bond12: entered allmulticast mode
[ 1121.690705][T15949] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[ 1121.846571][T15949] usb 4-1: Using ep0 maxpacket: 16
[ 1121.853830][T15949] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[ 1121.862506][T15949] usb 4-1: config 0 has no interface number 0
[ 1121.868917][T15949] usb 4-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0xED, changing to 0x8D
[ 1121.922432][T15949] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8D has invalid maxpacket 31108, setting to 1024
[ 1122.095644][T15949] usb 4-1: config 0 interface 8 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 1024
[ 1122.568701][T15949] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1122.578262][T15949] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1122.587601][T15949] usb 4-1: Product: syz
[ 1122.593505][T15949] usb 4-1: SerialNumber: syz
[ 1122.630572][T15949] usb 4-1: config 0 descriptor??
[ 1122.636357][T21557] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[ 1122.651651][T15949] usbhid 4-1:0.8: couldn't find an input interrupt endpoint
[ 1122.686666][T10700] usb 7-1: new high-speed USB device number 107 using dummy_hcd
[ 1122.906588][T10700] usb 7-1: Using ep0 maxpacket: 16
[ 1123.048514][T21579] loop9: detected capacity change from 0 to 7
[ 1123.061564][T21579] Dev loop9: unable to read RDB block 7
[ 1123.077585][T21579]  loop9: unable to read partition table
[ 1123.084487][T10700] usb 7-1: config 0 has no interfaces?
[ 1123.097583][T10700] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1123.100554][T21582] netlink: 'syz.1.3609': attribute type 10 has an invalid length.
[ 1123.124950][T10700] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1123.193137][T15949] usb 4-1: USB disconnect, device number 11
[ 1123.199659][T10700] usb 7-1: Manufacturer: syz
[ 1123.206130][T21579] loop9: partition table beyond EOD, truncated
[ 1123.215596][T21579] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1123.292855][T10700] usb 7-1: config 0 descriptor??
[ 1123.325749][T21586] FAULT_INJECTION: forcing a failure.
[ 1123.325749][T21586] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1123.394860][T21586] CPU: 1 UID: 0 PID: 21586 Comm: syz.3.3612 Not tainted syzkaller #0 PREEMPT(full) 
[ 1123.394887][T21586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1123.394901][T21586] Call Trace:
[ 1123.394909][T21586]  <TASK>
[ 1123.394918][T21586]  dump_stack_lvl+0x189/0x250
[ 1123.394946][T21586]  ? __pfx____ratelimit+0x10/0x10
[ 1123.394969][T21586]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1123.394992][T21586]  ? __pfx__printk+0x10/0x10
[ 1123.395011][T21586]  ? __might_fault+0xb0/0x130
[ 1123.395044][T21586]  should_fail_ex+0x414/0x560
[ 1123.395074][T21586]  _copy_from_user+0x2d/0xb0
[ 1123.395096][T21586]  snd_seq_oss_write+0x515/0x930
[ 1123.395134][T21586]  ? __pfx_snd_seq_oss_write+0x10/0x10
[ 1123.395166][T21586]  ? security_file_permission+0x75/0x290
[ 1123.395192][T21586]  odev_write+0x5a/0x80
[ 1123.395211][T21586]  ? __pfx_odev_write+0x10/0x10
[ 1123.395231][T21586]  vfs_write+0x27e/0xb30
[ 1123.395264][T21586]  ? __pfx_vfs_write+0x10/0x10
[ 1123.395297][T21586]  ? __fget_files+0x2a/0x420
[ 1123.395317][T21586]  ? __fget_files+0x2a/0x420
[ 1123.395333][T21586]  ? __fget_files+0x3a0/0x420
[ 1123.395349][T21586]  ? __fget_files+0x2a/0x420
[ 1123.395375][T21586]  ksys_write+0x145/0x250
[ 1123.395401][T21586]  ? __pfx_ksys_write+0x10/0x10
[ 1123.395427][T21586]  ? do_syscall_64+0xbe/0xfa0
[ 1123.395454][T21586]  do_syscall_64+0xfa/0xfa0
[ 1123.395476][T21586]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1123.395499][T21586]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1123.395518][T21586]  ? clear_bhb_loop+0x60/0xb0
[ 1123.395539][T21586]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1123.395557][T21586] RIP: 0033:0x7fb2b598f6c9
[ 1123.395574][T21586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1123.395589][T21586] RSP: 002b:00007fb2b684b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1123.395609][T21586] RAX: ffffffffffffffda RBX: 00007fb2b5be5fa0 RCX: 00007fb2b598f6c9
[ 1123.395623][T21586] RDX: 0000000000000234 RSI: 0000200000000840 RDI: 0000000000000003
[ 1123.395635][T21586] RBP: 00007fb2b684b090 R08: 0000000000000000 R09: 0000000000000000
[ 1123.395646][T21586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1123.395658][T21586] R13: 00007fb2b5be6038 R14: 00007fb2b5be5fa0 R15: 00007fb2b5d0fa28
[ 1123.395688][T21586]  </TASK>
[ 1123.792365][T21585] netlink: 26 bytes leftover after parsing attributes in process `syz.7.3611'.
[ 1123.964084][T21570] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[ 1123.992493][T21570] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3607'.
[ 1124.083528][T21595] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3614'.
[ 1124.757204][T21604] netlink: 'syz.1.3615': attribute type 2 has an invalid length.
[ 1125.201768][T15949] usb 7-1: USB disconnect, device number 107
[ 1127.101061][T21648] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3622'.
[ 1127.117596][T21648] loop3: detected capacity change from 0 to 7
[ 1127.127138][T21648] Dev loop3: unable to read RDB block 7
[ 1127.135812][T21648]  loop3: unable to read partition table
[ 1127.143476][T21648] loop3: partition table beyond EOD, truncated
[ 1127.208534][T21648] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1127.991271][T21658] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1853191200 (3706382400 ns) > initial count (1616928832 ns). Using initial count to start timer.
[ 1128.203635][T21664] loop9: detected capacity change from 0 to 7
[ 1128.237644][T21664] Dev loop9: unable to read RDB block 7
[ 1128.243539][T21664]  loop9: unable to read partition table
[ 1128.250247][T21664] loop9: partition table beyond EOD, truncated
[ 1128.256575][T21664] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1128.327550][T21664] netlink: 'syz.7.3624': attribute type 10 has an invalid length.
[ 1128.372800][T21664] netdevsim netdevsim7 netdevsim0: entered promiscuous mode
[ 1128.384548][T21664] team0: Port device netdevsim0 added
[ 1129.518658][ T5905] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[ 1129.519905][T21695] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1129.578458][T21695] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1129.857979][ T5905] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1129.866977][ T5905] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1129.886537][ T5905] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1129.914410][ T5905] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 1130.009670][ T5905] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 1130.084356][ T5905] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1130.117206][ T5905] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1130.179183][ T5905] usb 3-1: Product: syz
[ 1130.238945][ T5905] usb 3-1: Manufacturer: syz
[ 1130.297456][ T5905] cdc_wdm 3-1:1.0: skipping garbage
[ 1130.314112][ T5905] cdc_wdm 3-1:1.0: skipping garbage
[ 1130.346836][ T5905] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[ 1130.368428][ T5905] cdc_wdm 3-1:1.0: Unknown control protocol
[ 1132.064757][T15949] usb 3-1: USB disconnect, device number 26
[ 1132.389081][T21743] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3641'.
[ 1132.416948][T21743] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3641'.
[ 1132.581172][T21746] netlink: 'syz.1.3642': attribute type 2 has an invalid length.
[ 1133.316560][ T5905] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[ 1133.466550][ T5905] usb 3-1: Using ep0 maxpacket: 16
[ 1133.481472][ T5905] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1133.797456][ T5905] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1133.829617][ T5905] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1133.869890][T21766] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3649'.
[ 1133.895584][ T5905] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1133.927990][ T5905] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1133.945080][ T5905] usb 3-1: Product: syz
[ 1133.953927][ T5905] usb 3-1: Manufacturer: syz
[ 1133.963191][ T5905] usb 3-1: SerialNumber: syz
[ 1133.974969][T21766] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3649'.
[ 1134.094936][T21771] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1134.468872][ T5905] usb 3-1: 0:2 : does not exist
[ 1134.494093][ T5905] usb 3-1: 1:0: cannot get min/max values for control 4 (id 1)
[ 1134.536749][ T5905] usb 3-1: USB disconnect, device number 27
[ 1134.556610][   T24] usb 7-1: new high-speed USB device number 108 using dummy_hcd
[ 1134.796937][   T24] usb 7-1: Using ep0 maxpacket: 32
[ 1134.874791][   T24] usb 7-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 214, changing to 11
[ 1134.874992][ T6456] udevd[6456]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1134.906573][   T24] usb 7-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1134.953696][   T24] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1134.997633][   T24] usb 7-1: New USB device found, idVendor=28bd, idProduct=0933, bcdDevice= 0.00
[ 1135.024832][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1135.097414][   T24] usb 7-1: config 0 descriptor??
[ 1135.539843][   T24] input: HID 28bd:0933 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:28BD:0933.002C/input/input82
[ 1135.679527][   T24] uclogic 0003:28BD:0933.002C: input,hidraw0: USB HID v5f.b2 Mouse [HID 28bd:0933] on usb-dummy_hcd.6-1/input0
[ 1135.743258][T21775] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1135.755020][T21775] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1135.789139][   T24] usb 7-1: USB disconnect, device number 108
[ 1135.874162][T21790] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1136.018186][T21787] fido_id[21787]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/7-1/report_descriptor': No such file or directory
[ 1137.083570][T21797] input: syz0 as /devices/virtual/input/input83
[ 1137.968686][T21818] netlink: 72 bytes leftover after parsing attributes in process `syz.7.3659'.
[ 1138.058340][T21822] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1138.494039][T21830] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1139.077231][T21821] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1139.271239][T21841] netlink: 'syz.3.3664': attribute type 1 has an invalid length.
[ 1139.325936][T21841] 8021q: adding VLAN 0 to HW filter on device bond13
[ 1139.539810][T21843] bond13: (slave veth11): Enslaving as an active interface with a down link
[ 1139.620079][T21845] ptrace attach of "./syz-executor exec"[16370] was attempted by "./syz-executor exec"[21845]
[ 1139.667055][T21841] bond13: entered allmulticast mode
[ 1139.738909][T21846] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3663'.
[ 1139.748058][T21846] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3663'.
[ 1140.004602][T21848] fuse: root generation should be zero
[ 1140.645691][T21861] bridge0: entered promiscuous mode
[ 1140.653221][T21861] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1140.662073][T21861] 8021q: adding VLAN 0 to HW filter on device team0
[ 1141.268904][T21861] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1141.363585][T21861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1141.451301][T21861] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1142.910658][T21876] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3671'.
[ 1142.969428][T21876] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3671'.
[ 1143.517109][T17839] usb 3-1: new full-speed USB device number 28 using dummy_hcd
[ 1143.588098][T21889] FAULT_INJECTION: forcing a failure.
[ 1143.588098][T21889] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1143.639428][T21889] CPU: 0 UID: 0 PID: 21889 Comm: syz.6.3676 Not tainted syzkaller #0 PREEMPT(full) 
[ 1143.639451][T21889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1143.639461][T21889] Call Trace:
[ 1143.639468][T21889]  <TASK>
[ 1143.639477][T21889]  dump_stack_lvl+0x189/0x250
[ 1143.639504][T21889]  ? __pfx____ratelimit+0x10/0x10
[ 1143.639526][T21889]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1143.639548][T21889]  ? __pfx__printk+0x10/0x10
[ 1143.639610][T21889]  should_fail_ex+0x414/0x560
[ 1143.639637][T21889]  _copy_to_user+0x31/0xb0
[ 1143.639659][T21889]  simple_read_from_buffer+0xe1/0x170
[ 1143.639689][T21889]  proc_fail_nth_read+0x1b3/0x220
[ 1143.639714][T21889]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1143.639736][T21889]  ? rw_verify_area+0x2a6/0x4d0
[ 1143.639757][T21889]  ? __lock_acquire+0xab9/0xd20
[ 1143.639771][T21889]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1143.639791][T21889]  vfs_read+0x200/0xa30
[ 1143.639811][T21889]  ? fdget_pos+0x247/0x320
[ 1143.639832][T21889]  ? __pfx___mutex_lock+0x10/0x10
[ 1143.639856][T21889]  ? __pfx_vfs_read+0x10/0x10
[ 1143.639879][T21889]  ? __fget_files+0x2a/0x420
[ 1143.639901][T21889]  ? __fget_files+0x3a0/0x420
[ 1143.639917][T21889]  ? __fget_files+0x2a/0x420
[ 1143.639941][T21889]  ksys_read+0x145/0x250
[ 1143.639965][T21889]  ? __pfx_ksys_read+0x10/0x10
[ 1143.639991][T21889]  ? do_syscall_64+0xbe/0xfa0
[ 1143.640016][T21889]  do_syscall_64+0xfa/0xfa0
[ 1143.640042][T21889]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1143.640065][T21889]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1143.640083][T21889]  ? clear_bhb_loop+0x60/0xb0
[ 1143.640104][T21889]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1143.640122][T21889] RIP: 0033:0x7f77e3d8e0dc
[ 1143.640139][T21889] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1143.640153][T21889] RSP: 002b:00007f77e4b60030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1143.640172][T21889] RAX: ffffffffffffffda RBX: 00007f77e3fe5fa0 RCX: 00007f77e3d8e0dc
[ 1143.640185][T21889] RDX: 000000000000000f RSI: 00007f77e4b600a0 RDI: 0000000000000004
[ 1143.640197][T21889] RBP: 00007f77e4b60090 R08: 0000000000000000 R09: 0000000000000000
[ 1143.640208][T21889] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[ 1143.640219][T21889] R13: 00007f77e3fe6038 R14: 00007f77e3fe5fa0 R15: 00007f77e410fa28
[ 1143.640249][T21889]  </TASK>
[ 1143.939368][T17839] usb 3-1: config index 0 descriptor too short (expected 31, got 27)
[ 1144.069497][T17839] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1144.186853][T21894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1144.227014][T17839] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72
[ 1144.238328][T17839] usb 3-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3
[ 1144.257613][T17839] usb 3-1: Product: syz
[ 1144.262168][T21894] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1144.272031][T17839] usb 3-1: Manufacturer: syz
[ 1144.284486][T17839] usb 3-1: SerialNumber: syz
[ 1144.310296][T21894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1144.320434][T21894] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1144.344372][T21894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1144.360727][T21894] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1144.389841][T21897] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1144.410773][T21894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1144.427349][T21901] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3681'.
[ 1144.427559][T21897] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1144.438618][T21894] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1144.494001][T21901] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3681'.
[ 1144.654870][T21881] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3673'.
[ 1145.589750][T21916] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3683'.
[ 1146.114152][T17839] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 28 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[ 1146.198287][T17839] usb 3-1: USB disconnect, device number 28
[ 1146.277171][T17839] usblp0: removed
[ 1147.584459][T21946] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3688'.
[ 1148.487113][T17839] usb 7-1: new high-speed USB device number 109 using dummy_hcd
[ 1148.816934][T15949] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[ 1148.837070][T17839] usb 7-1: Using ep0 maxpacket: 16
[ 1148.844472][T17839] usb 7-1: config 0 has an invalid interface number: 41 but max is 0
[ 1149.076945][T17839] usb 7-1: config 0 has no interface number 0
[ 1149.083429][T17839] usb 7-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[ 1149.108698][T17839] usb 7-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[ 1149.128547][T15949] usb 4-1: Using ep0 maxpacket: 16
[ 1149.155013][T15949] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7
[ 1149.169527][T15949] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[ 1149.248978][T17839] usb 7-1: config 0 interface 41 has no altsetting 0
[ 1149.422788][T15949] usb 4-1: New USB device found, idVendor=0d46, idProduct=0081, bcdDevice=19.82
[ 1149.464219][T15949] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1149.478005][T15949] usb 4-1: Product: syz
[ 1149.482365][T17839] usb 7-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[ 1149.494638][T15949] usb 4-1: Manufacturer: syz
[ 1149.501663][T15949] usb 4-1: SerialNumber: syz
[ 1149.509458][T17839] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1149.539665][T15949] usb 4-1: config 0 descriptor??
[ 1149.547235][T15949] kobil_sct 4-1:0.0: KOBIL USB smart card terminal converter detected
[ 1149.575854][T17839] usb 7-1: Product: syz
[ 1149.626195][T17839] usb 7-1: Manufacturer: syz
[ 1149.641344][T15949] usb 4-1: KOBIL USB smart card terminal converter now attached to ttyUSB0
[ 1149.650126][T17839] usb 7-1: SerialNumber: syz
[ 1149.667552][T17839] usb 7-1: config 0 descriptor??
[ 1149.691253][T21958] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1149.698589][T21958] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1149.919878][T21958] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1149.937453][T21958] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1150.372563][T21958] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1150.382001][T17839] Error reading MAC address
[ 1150.387957][T21958] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1150.415931][T17839] sr9700 7-1:0.41: probe with driver sr9700 failed with error -71
[ 1150.451819][T17839] usb 7-1: USB disconnect, device number 109
[ 1150.957890][T21983] ptrace attach of "./syz-executor exec"[11778] was attempted by "./syz-executor exec"[21983]
[ 1150.991054][T21983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3697'.
[ 1151.000368][T21983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3697'.
[ 1151.167052][T17839] usb 4-1: USB disconnect, device number 12
[ 1151.181645][T17839] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0
[ 1151.182179][T17839] kobil_sct 4-1:0.0: device disconnected
[ 1151.475168][T22001] 8021q: VLANs not supported on ip6gre0
[ 1151.922602][ T5905] usb 7-1: new high-speed USB device number 110 using dummy_hcd
[ 1152.086691][ T5905] usb 7-1: device descriptor read/64, error -71
[ 1152.337118][ T5905] usb 7-1: new high-speed USB device number 111 using dummy_hcd
[ 1152.521888][ T5905] usb 7-1: device descriptor read/64, error -71
[ 1152.707141][ T5905] usb usb7-port1: attempt power cycle
[ 1153.046799][ T5905] usb 7-1: new high-speed USB device number 112 using dummy_hcd
[ 1153.111800][ T5905] usb 7-1: device descriptor read/8, error -71
[ 1153.126937][T22024] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1153.658056][ T5905] usb 7-1: new high-speed USB device number 113 using dummy_hcd
[ 1153.698764][ T5905] usb 7-1: device descriptor read/8, error -71
[ 1153.816819][ T5905] usb usb7-port1: unable to enumerate USB device
[ 1154.745624][T22044] netlink: 'syz.6.3714': attribute type 2 has an invalid length.
[ 1155.033603][T22054] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3716'.
[ 1155.055733][T22054] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3716'.
[ 1155.281389][T22058] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1156.356761][ T5905] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[ 1156.656595][ T5905] usb 4-1: Using ep0 maxpacket: 8
[ 1156.693431][ T5905] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[ 1156.734804][ T5905] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1156.774752][ T5905] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1156.800835][ T5905] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1156.823374][ T5905] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1156.852816][ T5905] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1156.872416][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1157.095443][ T5905] usb 4-1: GET_CAPABILITIES returned 0
[ 1157.103011][ T5905] usbtmc 4-1:16.0: can't read capabilities
[ 1157.300999][ T5834] usb 7-1: new full-speed USB device number 114 using dummy_hcd
[ 1157.538719][ T5834] usb 7-1: config 0 has no interfaces?
[ 1157.544397][ T5834] usb 7-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47
[ 1157.554499][ T5834] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1157.748877][T22094] fuse: Bad value for 'fd'
[ 1157.767149][ T5834] usb 7-1: config 0 descriptor??
[ 1157.980989][ T5834] usb 7-1: USB disconnect, device number 114
[ 1159.009096][ T5834] usb 4-1: USB disconnect, device number 13
[ 1159.529591][T22110] FAULT_INJECTION: forcing a failure.
[ 1159.529591][T22110] name failslab, interval 1, probability 0, space 0, times 0
[ 1159.542759][T22110] CPU: 0 UID: 0 PID: 22110 Comm: syz.2.3733 Not tainted syzkaller #0 PREEMPT(full) 
[ 1159.542782][T22110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1159.542789][T22110] Call Trace:
[ 1159.542796][T22110]  <TASK>
[ 1159.542802][T22110]  dump_stack_lvl+0x189/0x250
[ 1159.542820][T22110]  ? __pfx____ratelimit+0x10/0x10
[ 1159.542835][T22110]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1159.542847][T22110]  ? __pfx__printk+0x10/0x10
[ 1159.542860][T22110]  ? __pfx___might_resched+0x10/0x10
[ 1159.542871][T22110]  ? fs_reclaim_acquire+0x7d/0x100
[ 1159.542884][T22110]  should_fail_ex+0x414/0x560
[ 1159.542901][T22110]  should_failslab+0xa8/0x100
[ 1159.542912][T22110]  kmem_cache_alloc_node_noprof+0x77/0x710
[ 1159.542926][T22110]  ? __alloc_skb+0x112/0x2d0
[ 1159.542935][T22110]  ? netlink_autobind+0xdb/0x300
[ 1159.542948][T22110]  __alloc_skb+0x112/0x2d0
[ 1159.542960][T22110]  netlink_sendmsg+0x5c6/0xb30
[ 1159.542974][T22110]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1159.542990][T22110]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1159.543007][T22110]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1159.543017][T22110]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1159.543029][T22110]  __sock_sendmsg+0x21c/0x270
[ 1159.543045][T22110]  ____sys_sendmsg+0x505/0x830
[ 1159.543059][T22110]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1159.543074][T22110]  ? import_iovec+0x74/0xa0
[ 1159.543088][T22110]  ___sys_sendmsg+0x21f/0x2a0
[ 1159.543099][T22110]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1159.543127][T22110]  ? __fget_files+0x2a/0x420
[ 1159.543136][T22110]  ? __fget_files+0x3a0/0x420
[ 1159.543150][T22110]  __x64_sys_sendmsg+0x19b/0x260
[ 1159.543163][T22110]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1159.543178][T22110]  ? __pfx_ksys_write+0x10/0x10
[ 1159.543193][T22110]  ? do_syscall_64+0xbe/0xfa0
[ 1159.543208][T22110]  do_syscall_64+0xfa/0xfa0
[ 1159.543220][T22110]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1159.543233][T22110]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1159.543244][T22110]  ? clear_bhb_loop+0x60/0xb0
[ 1159.543255][T22110]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1159.543266][T22110] RIP: 0033:0x7fbda818f6c9
[ 1159.543276][T22110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1159.543285][T22110] RSP: 002b:00007fbda908b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1159.543296][T22110] RAX: ffffffffffffffda RBX: 00007fbda83e5fa0 RCX: 00007fbda818f6c9
[ 1159.543304][T22110] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1159.543310][T22110] RBP: 00007fbda908b090 R08: 0000000000000000 R09: 0000000000000000
[ 1159.543317][T22110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1159.543323][T22110] R13: 00007fbda83e6038 R14: 00007fbda83e5fa0 R15: 00007fbda850fa28
[ 1159.543339][T22110]  </TASK>
[ 1159.876618][T17839] usb 7-1: new high-speed USB device number 115 using dummy_hcd
[ 1159.912853][ T5834] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[ 1160.036597][T17839] usb 7-1: Using ep0 maxpacket: 32
[ 1160.043691][T17839] usb 7-1: config 0 has an invalid interface number: 196 but max is 0
[ 1160.052443][T17839] usb 7-1: config 0 has no interface number 0
[ 1160.064180][T17839] usb 7-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[ 1160.076554][ T5834] usb 4-1: Using ep0 maxpacket: 8
[ 1160.083505][ T5834] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1160.093666][ T5834] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 65535, setting to 1024
[ 1160.104782][ T5834] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[ 1160.114907][ T5834] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1160.167420][ T5834] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[ 1160.204459][ T5834] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1160.228468][ T5834] usb 4-1: Product: syz
[ 1160.238958][ T5834] usb 4-1: Manufacturer: syz
[ 1160.247373][T17839] usb 7-1: config 0 interface 196 has no altsetting 0
[ 1160.296576][ T5834] usb 4-1: SerialNumber: syz
[ 1160.373694][T17839] usb 7-1: New USB device found, idVendor=05ac, idProduct=57c2, bcdDevice=eb.3a
[ 1160.383151][T17839] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1160.391576][T17839] usb 7-1: Product: syz
[ 1160.397621][T17839] usb 7-1: Manufacturer: syz
[ 1160.405582][T17839] usb 7-1: SerialNumber: syz
[ 1160.426423][T17839] usb 7-1: config 0 descriptor??
[ 1160.596951][T22106] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[ 1160.614537][T22104] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1160.622366][T22106] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[ 1160.996665][ T5834] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71
[ 1161.078305][ T5834] usbtest 4-1:1.0: Linux user mode ISO test driver
[ 1161.100744][ T5834] usbtest 4-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt)
[ 1161.192792][ T5834] usb 4-1: USB disconnect, device number 14
[ 1161.846362][T22133] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1162.026220][T22135] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1162.041741][T22135] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1162.053070][T22135] fuse: Unknown parameter '000000000000000000040x0000000000000003'
[ 1162.206920][T17839] ipheth 7-1:0.196: ipheth_get_macaddr: usb_control_msg: -71
[ 1162.251335][T22144] tipc: Failed to remove unknown binding: 66,1,1/0:2580147234/2580147236
[ 1162.393215][T22144] netlink: 176 bytes leftover after parsing attributes in process `syz.7.3743'.
[ 1162.463053][T17839] ipheth 7-1:0.196: probe with driver ipheth failed with error -71
[ 1162.506102][T17839] usb 7-1: USB disconnect, device number 115
[ 1162.691243][T22149] netlink: 212360 bytes leftover after parsing attributes in process `syz.6.3746'.
[ 1163.016292][T22155] netlink: 76 bytes leftover after parsing attributes in process `syz.6.3748'.
[ 1163.025927][T22155] netlink: 72 bytes leftover after parsing attributes in process `syz.6.3748'.
[ 1163.166668][T22155] netlink: 'syz.6.3748': attribute type 3 has an invalid length.
[ 1163.174849][T22155] netlink: 11 bytes leftover after parsing attributes in process `syz.6.3748'.
[ 1163.431359][T22162] netlink: 'syz.1.3749': attribute type 1 has an invalid length.
[ 1163.515645][T22162] 8021q: adding VLAN 0 to HW filter on device bond17
[ 1163.527697][T22169] netlink: 'syz.6.3750': attribute type 2 has an invalid length.
[ 1163.666571][T22164] 8021q: adding VLAN 0 to HW filter on device bond17
[ 1163.685457][T22164] bond17: (slave vxcan1): The slave device specified does not support setting the MAC address
[ 1163.724188][T22164] bond17: (slave vxcan1): Error -95 calling set_mac_address
[ 1163.919515][T22171] gretap1: entered promiscuous mode
[ 1163.967649][T22171] bond17: (slave gretap1): making interface the new active one
[ 1163.998082][T22171] bond17: (slave gretap1): Enslaving as an active interface with an up link
[ 1164.053763][T22176] FAULT_INJECTION: forcing a failure.
[ 1164.053763][T22176] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1164.077092][T22176] CPU: 0 UID: 0 PID: 22176 Comm: syz.7.3753 Not tainted syzkaller #0 PREEMPT(full) 
[ 1164.077120][T22176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1164.077131][T22176] Call Trace:
[ 1164.077141][T22176]  <TASK>
[ 1164.077150][T22176]  dump_stack_lvl+0x189/0x250
[ 1164.077178][T22176]  ? __pfx____ratelimit+0x10/0x10
[ 1164.077202][T22176]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1164.077224][T22176]  ? __pfx__printk+0x10/0x10
[ 1164.077243][T22176]  ? __might_fault+0xb0/0x130
[ 1164.077277][T22176]  should_fail_ex+0x414/0x560
[ 1164.077316][T22176]  _copy_from_iter+0x1de/0x1790
[ 1164.077342][T22176]  ? rcu_is_watching+0x15/0xb0
[ 1164.077365][T22176]  ? kmalloc_reserve+0xbd/0x290
[ 1164.077383][T22176]  ? __pfx__copy_from_iter+0x10/0x10
[ 1164.077404][T22176]  ? __build_skb_around+0x262/0x3f0
[ 1164.077434][T22176]  ? netlink_sendmsg+0x642/0xb30
[ 1164.077450][T22176]  ? skb_put+0x11b/0x210
[ 1164.077471][T22176]  netlink_sendmsg+0x6b2/0xb30
[ 1164.077498][T22176]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1164.077519][T22176]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1164.077554][T22176]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1164.077571][T22176]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1164.077589][T22176]  __sock_sendmsg+0x21c/0x270
[ 1164.077616][T22176]  ____sys_sendmsg+0x505/0x830
[ 1164.077640][T22176]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1164.077669][T22176]  ? import_iovec+0x74/0xa0
[ 1164.077693][T22176]  ___sys_sendmsg+0x21f/0x2a0
[ 1164.077714][T22176]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1164.077764][T22176]  ? __fget_files+0x2a/0x420
[ 1164.077781][T22176]  ? __fget_files+0x3a0/0x420
[ 1164.077807][T22176]  __x64_sys_sendmsg+0x19b/0x260
[ 1164.077832][T22176]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1164.077861][T22176]  ? __pfx_ksys_write+0x10/0x10
[ 1164.077888][T22176]  ? do_syscall_64+0xbe/0xfa0
[ 1164.077915][T22176]  do_syscall_64+0xfa/0xfa0
[ 1164.077936][T22176]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1164.077960][T22176]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1164.077977][T22176]  ? clear_bhb_loop+0x60/0xb0
[ 1164.077999][T22176]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1164.078017][T22176] RIP: 0033:0x7f748dd8f6c9
[ 1164.078034][T22176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1164.078049][T22176] RSP: 002b:00007f748ec76038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1164.078069][T22176] RAX: ffffffffffffffda RBX: 00007f748dfe5fa0 RCX: 00007f748dd8f6c9
[ 1164.078082][T22176] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000003
[ 1164.078094][T22176] RBP: 00007f748ec76090 R08: 0000000000000000 R09: 0000000000000000
[ 1164.078105][T22176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1164.078115][T22176] R13: 00007f748dfe6038 R14: 00007f748dfe5fa0 R15: 00007f748e10fa28
[ 1164.078143][T22176]  </TASK>
[ 1165.201617][T22195] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3760'.
[ 1165.213399][T22195] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3760'.
[ 1165.363076][T22203] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3764'.
[ 1165.375383][T22203] FAULT_INJECTION: forcing a failure.
[ 1165.375383][T22203] name failslab, interval 1, probability 0, space 0, times 0
[ 1165.389078][T22203] CPU: 1 UID: 0 PID: 22203 Comm: syz.2.3764 Not tainted syzkaller #0 PREEMPT(full) 
[ 1165.389102][T22203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1165.389113][T22203] Call Trace:
[ 1165.389121][T22203]  <TASK>
[ 1165.389129][T22203]  dump_stack_lvl+0x189/0x250
[ 1165.389157][T22203]  ? __pfx____ratelimit+0x10/0x10
[ 1165.389181][T22203]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1165.389204][T22203]  ? __pfx__printk+0x10/0x10
[ 1165.389236][T22203]  ? __pfx___might_resched+0x10/0x10
[ 1165.389261][T22203]  should_fail_ex+0x414/0x560
[ 1165.389291][T22203]  should_failslab+0xa8/0x100
[ 1165.389311][T22203]  kmem_cache_alloc_node_noprof+0x77/0x710
[ 1165.389334][T22203]  ? __alloc_skb+0x112/0x2d0
[ 1165.389356][T22203]  __alloc_skb+0x112/0x2d0
[ 1165.389375][T22203]  netlink_ack+0x146/0xa50
[ 1165.389397][T22203]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1165.389437][T22203]  netlink_rcv_skb+0x28c/0x470
[ 1165.389452][T22203]  ? __lock_acquire+0xab9/0xd20
[ 1165.389470][T22203]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1165.389495][T22203]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1165.389530][T22203]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1165.389555][T22203]  netlink_unicast+0x82f/0x9e0
[ 1165.389587][T22203]  ? __pfx_netlink_unicast+0x10/0x10
[ 1165.389611][T22203]  ? netlink_sendmsg+0x642/0xb30
[ 1165.389627][T22203]  ? skb_put+0x11b/0x210
[ 1165.389648][T22203]  netlink_sendmsg+0x805/0xb30
[ 1165.389673][T22203]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1165.389695][T22203]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1165.389720][T22203]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1165.389738][T22203]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1165.389756][T22203]  __sock_sendmsg+0x21c/0x270
[ 1165.389782][T22203]  ____sys_sendmsg+0x505/0x830
[ 1165.389806][T22203]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1165.389833][T22203]  ? import_iovec+0x74/0xa0
[ 1165.389858][T22203]  ___sys_sendmsg+0x21f/0x2a0
[ 1165.389880][T22203]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1165.389934][T22203]  ? __fget_files+0x2a/0x420
[ 1165.389955][T22203]  ? __fget_files+0x3a0/0x420
[ 1165.389982][T22203]  __x64_sys_sendmsg+0x19b/0x260
[ 1165.390005][T22203]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1165.390033][T22203]  ? __pfx_ksys_write+0x10/0x10
[ 1165.390060][T22203]  ? do_syscall_64+0xbe/0xfa0
[ 1165.390085][T22203]  do_syscall_64+0xfa/0xfa0
[ 1165.390107][T22203]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1165.390130][T22203]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1165.390145][T22203]  ? clear_bhb_loop+0x60/0xb0
[ 1165.390166][T22203]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1165.390184][T22203] RIP: 0033:0x7fbda818f6c9
[ 1165.390200][T22203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1165.390219][T22203] RSP: 002b:00007fbda908b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1165.390239][T22203] RAX: ffffffffffffffda RBX: 00007fbda83e5fa0 RCX: 00007fbda818f6c9
[ 1165.390253][T22203] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000003
[ 1165.390264][T22203] RBP: 00007fbda908b090 R08: 0000000000000000 R09: 0000000000000000
[ 1165.390275][T22203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1165.390286][T22203] R13: 00007fbda83e6038 R14: 00007fbda83e5fa0 R15: 00007fbda850fa28
[ 1165.390316][T22203]  </TASK>
[ 1166.056538][ T5905] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[ 1166.196570][ T5905] usb 4-1: device descriptor read/64, error -71
[ 1166.271629][T22223] FAULT_INJECTION: forcing a failure.
[ 1166.271629][T22223] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1166.354898][T22223] CPU: 0 UID: 0 PID: 22223 Comm: syz.1.3771 Not tainted syzkaller #0 PREEMPT(full) 
[ 1166.354922][T22223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1166.354932][T22223] Call Trace:
[ 1166.354939][T22223]  <TASK>
[ 1166.354946][T22223]  dump_stack_lvl+0x189/0x250
[ 1166.354973][T22223]  ? __pfx____ratelimit+0x10/0x10
[ 1166.354995][T22223]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1166.355014][T22223]  ? __pfx__printk+0x10/0x10
[ 1166.355033][T22223]  ? __might_fault+0xb0/0x130
[ 1166.355062][T22223]  should_fail_ex+0x414/0x560
[ 1166.355086][T22223]  _copy_from_user+0x2d/0xb0
[ 1166.355107][T22223]  snd_seq_oss_write+0x515/0x930
[ 1166.355143][T22223]  ? __pfx_snd_seq_oss_write+0x10/0x10
[ 1166.355174][T22223]  ? security_file_permission+0x75/0x290
[ 1166.355198][T22223]  odev_write+0x5a/0x80
[ 1166.355216][T22223]  ? __pfx_odev_write+0x10/0x10
[ 1166.355234][T22223]  vfs_write+0x27e/0xb30
[ 1166.355266][T22223]  ? __pfx_vfs_write+0x10/0x10
[ 1166.355290][T22223]  ? __fget_files+0x2a/0x420
[ 1166.355309][T22223]  ? __fget_files+0x2a/0x420
[ 1166.355323][T22223]  ? __fget_files+0x3a0/0x420
[ 1166.355338][T22223]  ? __fget_files+0x2a/0x420
[ 1166.355363][T22223]  ksys_write+0x145/0x250
[ 1166.355395][T22223]  ? __pfx_ksys_write+0x10/0x10
[ 1166.355420][T22223]  ? do_syscall_64+0xbe/0xfa0
[ 1166.355446][T22223]  do_syscall_64+0xfa/0xfa0
[ 1166.355467][T22223]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1166.355489][T22223]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1166.355506][T22223]  ? clear_bhb_loop+0x60/0xb0
[ 1166.355526][T22223]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1166.355543][T22223] RIP: 0033:0x7efcd0f8f6c9
[ 1166.355559][T22223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1166.355573][T22223] RSP: 002b:00007efcd1efc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1166.355592][T22223] RAX: ffffffffffffffda RBX: 00007efcd11e5fa0 RCX: 00007efcd0f8f6c9
[ 1166.355605][T22223] RDX: 0000000000000234 RSI: 0000200000000840 RDI: 0000000000000003
[ 1166.355616][T22223] RBP: 00007efcd1efc090 R08: 0000000000000000 R09: 0000000000000000
[ 1166.355626][T22223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1166.355636][T22223] R13: 00007efcd11e6038 R14: 00007efcd11e5fa0 R15: 00007efcd130fa28
[ 1166.355666][T22223]  </TASK>
[ 1166.386259][T22227] netlink: 'syz.2.3769': attribute type 2 has an invalid length.
[ 1166.525678][T22230] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3772'.
[ 1166.525716][T22230] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3772'.
[ 1166.547244][ T5905] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[ 1166.676617][ T5905] usb 4-1: device descriptor read/64, error -71
[ 1166.786905][ T5905] usb usb4-port1: attempt power cycle
[ 1166.837978][T22238] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1166.838585][T22238] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1167.137386][ T5905] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[ 1167.227692][ T5905] usb 4-1: device descriptor read/8, error -71
[ 1167.466987][ T5905] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[ 1167.497366][ T5905] usb 4-1: device descriptor read/8, error -71
[ 1167.608588][T22250] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3778'.
[ 1167.675202][ T5905] usb usb4-port1: unable to enumerate USB device
[ 1167.777396][T22254] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3779'.
[ 1167.932732][T22258] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3780'.
[ 1168.855722][T22267] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3782'.
[ 1169.056628][ T5905] usb 7-1: new high-speed USB device number 116 using dummy_hcd
[ 1169.206602][ T5905] usb 7-1: Using ep0 maxpacket: 16
[ 1169.216568][ T5834] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[ 1169.244530][ T5905] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1169.256249][ T5905] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1169.266377][ T5905] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1169.319658][ T5905] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1169.329264][ T5905] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1169.369653][ T5905] usb 7-1: config 0 descriptor??
[ 1169.411141][ T5834] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1169.420893][ T5834] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1169.429503][ T5834] usb 4-1: Product: syz
[ 1169.434603][ T5834] usb 4-1: Manufacturer: syz
[ 1169.440394][ T5834] usb 4-1: SerialNumber: syz
[ 1169.475586][ T5834] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1169.495965][T10700] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1169.618810][ T5905] usbhid 7-1:0.0: can't add hid device: -71
[ 1169.629712][ T5905] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[ 1169.691561][ T5905] usb 7-1: USB disconnect, device number 116
[ 1170.092063][T22285] netlink: 'syz.6.3784': attribute type 4 has an invalid length.
[ 1170.198832][T22289] netlink: 'syz.6.3784': attribute type 4 has an invalid length.
[ 1170.970294][T10700] usb 4-1: Service connection timeout for: 256
[ 1171.000628][T10700] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services
[ 1171.072012][T10700] ath9k_htc: Failed to initialize the device
[ 1171.089692][T10700] usb 4-1: ath9k_htc: USB layer deinitialized
[ 1171.361486][T22307] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1171.489946][   T24] usb 4-1: USB disconnect, device number 19
[ 1172.626627][ T5834] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[ 1172.642429][T22319] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3789'.
[ 1172.700126][T22319] loop3: detected capacity change from 0 to 7
[ 1172.730366][T22319] Dev loop3: unable to read RDB block 7
[ 1172.737269][T22319]  loop3: unable to read partition table
[ 1172.744481][T22319] loop3: partition table beyond EOD, truncated
[ 1172.757613][T22319] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1172.948180][ T5834] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1173.044749][ T5834] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1173.135826][ T5834] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1173.186586][ T5834] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 1173.202499][ T5834] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 1173.264628][ T5834] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1173.312101][ T5834] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1173.320797][ T5834] usb 4-1: Product: syz
[ 1173.325106][ T5834] usb 4-1: Manufacturer: syz
[ 1173.339801][ T5834] cdc_wdm 4-1:1.0: skipping garbage
[ 1173.345142][ T5834] cdc_wdm 4-1:1.0: skipping garbage
[ 1173.370622][ T5834] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[ 1173.404429][T22328] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3792'.
[ 1173.418223][ T5834] cdc_wdm 4-1:1.0: Unknown control protocol
[ 1174.586395][T22356] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3803'.
[ 1174.768340][T22364] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1853191200 (3706382400 ns) > initial count (1616928832 ns). Using initial count to start timer.
[ 1174.933696][T17839] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[ 1175.041989][T22370] only policy match revision 0 supported
[ 1175.042011][T22370] unable to load match
[ 1175.149992][T17839] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1175.361318][T17839] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1175.426685][T17839] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1175.436629][ T5834] usb 4-1: USB disconnect, device number 20
[ 1175.514472][T22374] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3806'.
[ 1175.607374][T17839] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1175.906886][T17839] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1175.946351][T17839] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1175.998390][T22378] syz.3.3808 (22378): attempted to duplicate a private mapping with mremap.  This is not supported.
[ 1176.018763][T17839] usb 3-1: config 0 descriptor??
[ 1176.273561][T17839] usbhid 3-1:0.0: can't add hid device: -71
[ 1176.301273][T17839] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1176.361833][T17839] usb 3-1: USB disconnect, device number 29
[ 1176.696820][T17839] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[ 1176.846612][T17839] usb 3-1: Using ep0 maxpacket: 16
[ 1176.864624][T17839] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1176.924503][T17839] usb 3-1: can't read configurations, error -61
[ 1177.064592][T22409] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3816'.
[ 1177.220651][T17839] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[ 1177.406895][T17839] usb 3-1: Using ep0 maxpacket: 16
[ 1177.414404][T17839] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1177.422305][T17839] usb 3-1: can't read configurations, error -61
[ 1177.431012][T17839] usb usb3-port1: attempt power cycle
[ 1177.452311][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.458835][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.774730][T22423] FAULT_INJECTION: forcing a failure.
[ 1177.774730][T22423] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1177.851618][T22423] CPU: 1 UID: 0 PID: 22423 Comm: syz.7.3821 Not tainted syzkaller #0 PREEMPT(full) 
[ 1177.851636][T22423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1177.851642][T22423] Call Trace:
[ 1177.851647][T22423]  <TASK>
[ 1177.851653][T22423]  dump_stack_lvl+0x189/0x250
[ 1177.851671][T22423]  ? __pfx____ratelimit+0x10/0x10
[ 1177.851685][T22423]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1177.851698][T22423]  ? __pfx__printk+0x10/0x10
[ 1177.851708][T22423]  ? __might_fault+0xb0/0x130
[ 1177.851727][T22423]  should_fail_ex+0x414/0x560
[ 1177.851746][T22423]  _copy_from_user+0x2d/0xb0
[ 1177.851758][T22423]  snd_seq_oss_write+0x515/0x930
[ 1177.851780][T22423]  ? __pfx_snd_seq_oss_write+0x10/0x10
[ 1177.851797][T22423]  ? security_file_permission+0x75/0x290
[ 1177.851811][T22423]  odev_write+0x5a/0x80
[ 1177.851822][T22423]  ? __pfx_odev_write+0x10/0x10
[ 1177.851833][T22423]  vfs_write+0x27e/0xb30
[ 1177.851851][T22423]  ? __pfx_vfs_write+0x10/0x10
[ 1177.851865][T22423]  ? __fget_files+0x2a/0x420
[ 1177.851876][T22423]  ? __fget_files+0x2a/0x420
[ 1177.851884][T22423]  ? __fget_files+0x3a0/0x420
[ 1177.851893][T22423]  ? __fget_files+0x2a/0x420
[ 1177.851906][T22423]  ksys_write+0x145/0x250
[ 1177.851920][T22423]  ? __pfx_ksys_write+0x10/0x10
[ 1177.851934][T22423]  ? do_syscall_64+0xbe/0xfa0
[ 1177.851952][T22423]  do_syscall_64+0xfa/0xfa0
[ 1177.851967][T22423]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1177.851989][T22423]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1177.852006][T22423]  ? clear_bhb_loop+0x60/0xb0
[ 1177.852027][T22423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1177.852043][T22423] RIP: 0033:0x7f748dd8f6c9
[ 1177.852060][T22423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1177.852074][T22423] RSP: 002b:00007f748ec76038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1177.852093][T22423] RAX: ffffffffffffffda RBX: 00007f748dfe5fa0 RCX: 00007f748dd8f6c9
[ 1177.852106][T22423] RDX: 0000000000000234 RSI: 0000200000000840 RDI: 0000000000000003
[ 1177.852117][T22423] RBP: 00007f748ec76090 R08: 0000000000000000 R09: 0000000000000000
[ 1177.852127][T22423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1177.852137][T22423] R13: 00007f748dfe6038 R14: 00007f748dfe5fa0 R15: 00007f748e10fa28
[ 1177.852167][T22423]  </TASK>
[ 1178.083490][T17839] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[ 1178.140287][T17839] usb 3-1: Using ep0 maxpacket: 16
[ 1178.147222][T17839] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1178.154796][T17839] usb 3-1: can't read configurations, error -61
[ 1178.301595][T17839] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[ 1178.347491][T17839] usb 3-1: Using ep0 maxpacket: 16
[ 1178.354747][T17839] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1178.363120][T17839] usb 3-1: can't read configurations, error -61
[ 1178.371566][T17839] usb usb3-port1: unable to enumerate USB device
[ 1178.568788][T22438] netlink: '': attribute type 3 has an invalid length.
[ 1179.778691][T22452] syzkaller1: entered promiscuous mode
[ 1179.784231][T22452] syzkaller1: entered allmulticast mode
[ 1180.294847][T22462] FAULT_INJECTION: forcing a failure.
[ 1180.294847][T22462] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1180.308376][T22462] CPU: 1 UID: 0 PID: 22462 Comm: syz.3.3834 Not tainted syzkaller #0 PREEMPT(full) 
[ 1180.308400][T22462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1180.308411][T22462] Call Trace:
[ 1180.308419][T22462]  <TASK>
[ 1180.308428][T22462]  dump_stack_lvl+0x189/0x250
[ 1180.308456][T22462]  ? __pfx____ratelimit+0x10/0x10
[ 1180.308480][T22462]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1180.308502][T22462]  ? __pfx__printk+0x10/0x10
[ 1180.308520][T22462]  ? __might_fault+0xb0/0x130
[ 1180.308554][T22462]  should_fail_ex+0x414/0x560
[ 1180.308584][T22462]  _copy_from_user+0x2d/0xb0
[ 1180.308606][T22462]  snd_seq_oss_write+0x515/0x930
[ 1180.308645][T22462]  ? __pfx_snd_seq_oss_write+0x10/0x10
[ 1180.308675][T22462]  ? security_file_permission+0x75/0x290
[ 1180.308701][T22462]  odev_write+0x5a/0x80
[ 1180.308719][T22462]  ? __pfx_odev_write+0x10/0x10
[ 1180.308746][T22462]  vfs_write+0x27e/0xb30
[ 1180.308777][T22462]  ? __pfx_vfs_write+0x10/0x10
[ 1180.308801][T22462]  ? __fget_files+0x2a/0x420
[ 1180.308820][T22462]  ? __fget_files+0x2a/0x420
[ 1180.308837][T22462]  ? __fget_files+0x3a0/0x420
[ 1180.308852][T22462]  ? __fget_files+0x2a/0x420
[ 1180.308876][T22462]  ksys_write+0x145/0x250
[ 1180.308902][T22462]  ? __pfx_ksys_write+0x10/0x10
[ 1180.308928][T22462]  ? do_syscall_64+0xbe/0xfa0
[ 1180.308954][T22462]  do_syscall_64+0xfa/0xfa0
[ 1180.308974][T22462]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1180.309004][T22462]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1180.309020][T22462]  ? clear_bhb_loop+0x60/0xb0
[ 1180.309040][T22462]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1180.309057][T22462] RIP: 0033:0x7fb2b598f6c9
[ 1180.309084][T22462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1180.309099][T22462] RSP: 002b:00007fb2b684b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1180.309117][T22462] RAX: ffffffffffffffda RBX: 00007fb2b5be5fa0 RCX: 00007fb2b598f6c9
[ 1180.309131][T22462] RDX: 0000000000000234 RSI: 0000200000000840 RDI: 0000000000000003
[ 1180.309143][T22462] RBP: 00007fb2b684b090 R08: 0000000000000000 R09: 0000000000000000
[ 1180.309158][T22462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1180.309169][T22462] R13: 00007fb2b5be6038 R14: 00007fb2b5be5fa0 R15: 00007fb2b5d0fa28
[ 1180.309199][T22462]  </TASK>
[ 1180.543966][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1181.758748][T22483] binder: 22478:22483 ioctl c018620c 2000000002c0 returned -1
[ 1181.772469][T22483] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3839'.
[ 1182.655205][T10702] kworker/0:10 (10702) used greatest stack depth: 15864 bytes left
[ 1183.016645][ T5905] usb 7-1: new high-speed USB device number 117 using dummy_hcd
[ 1183.108928][T22491] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3842'.
[ 1183.164025][T22491] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3842'.
[ 1183.196620][ T5905] usb 7-1: Using ep0 maxpacket: 32
[ 1183.206116][ T5905] usb 7-1: config 0 has an invalid interface number: 196 but max is 0
[ 1183.262358][ T5905] usb 7-1: config 0 has no interface number 0
[ 1183.307221][ T5905] usb 7-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[ 1183.384278][ T5905] usb 7-1: config 0 interface 196 has no altsetting 0
[ 1183.432601][ T5905] usb 7-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[ 1183.451943][ T5905] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1183.487797][ T5905] usb 7-1: Product: syz
[ 1183.500239][ T5905] usb 7-1: Manufacturer: syz
[ 1183.516407][ T5905] usb 7-1: SerialNumber: syz
[ 1183.538662][ T5905] usb 7-1: config 0 descriptor??
[ 1183.548968][T22489] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22
[ 1183.703126][T22500] netlink: 'syz.3.3845': attribute type 1 has an invalid length.
[ 1183.857949][T22500] 8021q: adding VLAN 0 to HW filter on device bond14
[ 1184.025956][T22502] bond14: (slave veth13): Enslaving as an active interface with a down link
[ 1184.354636][T22518] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3851'.
[ 1184.651190][T22526] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3854'.
[ 1184.708674][T22526] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3854'.
[ 1184.765724][T22528] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1184.777194][T22528] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1184.793381][T22530] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3855'.
[ 1184.812183][T22528] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3855'.
[ 1184.826601][   T24] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[ 1184.986673][   T24] usb 4-1: Using ep0 maxpacket: 8
[ 1185.002100][   T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1185.031176][   T24] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16
[ 1185.070883][   T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1185.091057][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1185.120029][   T24] usb 4-1: Product: syz
[ 1185.136130][   T24] usb 4-1: Manufacturer: syz
[ 1185.151735][   T24] usb 4-1: SerialNumber: syz
[ 1185.374983][T22536] ptrace attach of "./syz-executor exec"[19434] was attempted by "./syz-executor exec"[22536]
[ 1185.391401][T22536] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3853'.
[ 1185.400937][T22536] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3853'.
[ 1185.529762][T22537] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1185.538691][T22537] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1185.560151][T22537] dlm: non-version read from control device 8224
[ 1185.679531][ T5905] ipheth 7-1:0.196: ipheth_get_macaddr: usb_control_msg: -71
[ 1185.705255][ T5905] ipheth 7-1:0.196: probe with driver ipheth failed with error -71
[ 1186.016238][ T5905] usb 7-1: USB disconnect, device number 117
[ 1186.240344][T22546] netlink: 'syz.6.3859': attribute type 1 has an invalid length.
[ 1186.309630][T22546] 8021q: adding VLAN 0 to HW filter on device bond13
[ 1186.443430][T22548] bond13: (slave veth11): Enslaving as an active interface with a down link
[ 1186.512473][T22546] bond13: entered allmulticast mode
[ 1186.786388][T22551] __nla_validate_parse: 1 callbacks suppressed
[ 1186.786407][T22551] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3861'.
[ 1186.806660][T22551] netlink: 72 bytes leftover after parsing attributes in process `syz.6.3861'.
[ 1186.899570][T22554] batman_adv: batadv0: Adding interface: dummy0
[ 1186.991227][T22554] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1187.047350][T22554] batman_adv: batadv0: Interface activated: dummy0
[ 1187.069317][T22556] batadv0: mtu less than device minimum
[ 1187.080828][T22556] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1187.093311][T22556] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1187.105068][T22556] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1187.116899][T22556] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1187.128885][T22556] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1187.140166][T22556] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1187.151582][T22556] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1187.162832][T22556] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1187.174101][T22556] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1187.416691][   T24] cdc_ncm 4-1:1.0: bind() failure
[ 1187.458105][T17839] usb 7-1: new high-speed USB device number 118 using dummy_hcd
[ 1187.509265][   T24] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[ 1187.531916][   T24] cdc_ncm 4-1:1.1: bind() failure
[ 1187.547388][   T24] usb 4-1: USB disconnect, device number 21
[ 1187.658320][T17839] usb 7-1: config 0 has an invalid interface number: 232 but max is 0
[ 1187.670439][T17839] usb 7-1: config 0 has no interface number 0
[ 1187.689405][T22572] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3866'.
[ 1187.722721][T17839] usb 7-1: config 0 interface 232 altsetting 0 endpoint 0xB has invalid maxpacket 1024, setting to 64
[ 1187.761717][T22572] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3866'.
[ 1187.784322][T17839] usb 7-1: config 0 interface 232 altsetting 0 endpoint 0x8 has invalid maxpacket 1024, setting to 64
[ 1187.831599][T17839] usb 7-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=67.3e
[ 1187.853046][T17839] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1187.861689][T17839] usb 7-1: Product: syz
[ 1187.865865][T17839] usb 7-1: Manufacturer: syz
[ 1187.871103][T17839] usb 7-1: SerialNumber: syz
[ 1187.881847][T17839] usb 7-1: config 0 descriptor??
[ 1188.101717][T22576] netlink: 'syz.3.3868': attribute type 1 has an invalid length.
[ 1188.261231][T22576] 8021q: adding VLAN 0 to HW filter on device bond15
[ 1188.400767][T22580] veth15: entered promiscuous mode
[ 1188.418588][T22576] erspan0: entered allmulticast mode
[ 1189.030663][T17839] port100 7-1:0.232: NFC: Could not find bulk-in or bulk-out endpoint
[ 1189.098238][T17839] usb 7-1: USB disconnect, device number 118
[ 1189.651204][T22605] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3873'.
[ 1190.052325][T22614] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3874'.
[ 1190.063987][T22614] loop3: detected capacity change from 0 to 7
[ 1190.086768][T22614] Dev loop3: unable to read RDB block 7
[ 1190.092537][T22614]  loop3: unable to read partition table
[ 1190.098706][T22614] loop3: partition table beyond EOD, truncated
[ 1190.105144][T22614] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1192.156694][ T5905] usb 7-1: new high-speed USB device number 119 using dummy_hcd
[ 1192.288625][T22659] syzkaller0: entered promiscuous mode
[ 1192.324612][T22659] syzkaller0: entered allmulticast mode
[ 1192.358366][ T5905] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1192.388933][ T5905] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1192.452647][ T5905] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1192.462315][ T5905] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 1192.473818][ T5905] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 1192.507743][ T5905] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1192.517903][ T5905] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1192.526173][ T5905] usb 7-1: Product: syz
[ 1192.558673][ T5905] usb 7-1: Manufacturer: syz
[ 1192.780440][ T5905] cdc_wdm 7-1:1.0: skipping garbage
[ 1192.785949][ T5905] cdc_wdm 7-1:1.0: skipping garbage
[ 1192.805494][ T5905] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[ 1192.825742][ T5905] cdc_wdm 7-1:1.0: Unknown control protocol
[ 1193.305322][T22670] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1193.346808][T22670] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1194.265692][T22686] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1194.275252][T22686] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1194.454284][T22691] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3892'.
[ 1194.468297][T22691] loop3: detected capacity change from 0 to 7
[ 1194.536329][T22691] Dev loop3: unable to read RDB block 7
[ 1194.545062][T22691]  loop3: unable to read partition table
[ 1194.551206][T22691] loop3: partition table beyond EOD, truncated
[ 1194.557949][T22691] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1194.616591][T17839] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[ 1194.741394][ T5905] usb 7-1: USB disconnect, device number 119
[ 1194.787555][T17839] usb 4-1: device descriptor read/64, error -71
[ 1195.057101][T17839] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[ 1195.206619][T17839] usb 4-1: device descriptor read/64, error -71
[ 1195.328143][ T5905] usb 7-1: new high-speed USB device number 120 using dummy_hcd
[ 1195.377797][T17839] usb usb4-port1: attempt power cycle
[ 1195.559650][ T5905] usb 7-1: Using ep0 maxpacket: 32
[ 1195.688710][ T5905] usb 7-1: config 0 has an invalid interface number: 132 but max is 0
[ 1195.719084][ T5905] usb 7-1: config 0 has no interface number 0
[ 1195.757496][T17839] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[ 1195.773787][ T5905] usb 7-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1195.803102][T17839] usb 4-1: device descriptor read/8, error -71
[ 1195.892581][ T5905] usb 7-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 1195.966585][ T5905] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1196.045831][ T5905] usb 7-1: Product: syz
[ 1196.052492][ T5905] usb 7-1: Manufacturer: syz
[ 1196.057328][T17839] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[ 1196.083990][ T5905] usb 7-1: SerialNumber: syz
[ 1196.098807][ T5905] usb 7-1: config 0 descriptor??
[ 1196.119370][ T5905] em28xx 7-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 1196.129452][ T5905] em28xx 7-1:0.132: Video interface 132 found:
[ 1196.138358][T17839] usb 4-1: device descriptor read/8, error -71
[ 1196.286171][T17839] usb usb4-port1: unable to enumerate USB device
[ 1196.361553][T22713] syzkaller0: entered promiscuous mode
[ 1196.367540][T22712] sctp: [Deprecated]: syz.6.3895 (pid 22712) Use of int in max_burst socket option.
[ 1196.367540][T22712] Use struct sctp_assoc_value instead
[ 1196.433483][T22713] syzkaller0: entered allmulticast mode
[ 1197.056673][T17839] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[ 1197.246800][T17839] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[ 1197.260825][T17839] usb 3-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82
[ 1197.282790][T17839] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1197.303765][T17839] usb 3-1: config 0 descriptor??
[ 1197.323153][T17839] smsusb:smsusb_probe: board id=8, interface number 0
[ 1197.331785][T17839] smsusb:smsusb_probe: Device initialized with return code -19
[ 1197.464985][ T5905] em28xx 7-1:0.132: unknown em28xx chip ID (0)
[ 1197.537001][T22720] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1197.548166][T22720] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1197.556165][ T5905] em28xx 7-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 1197.566271][ T5905] em28xx 7-1:0.132: board has no eeprom
[ 1197.621446][ T5834] usb 3-1: USB disconnect, device number 34
[ 1197.630398][ T5905] em28xx 7-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 1197.648286][ T5905] em28xx 7-1:0.132: analog set to bulk mode.
[ 1197.660668][T10699] em28xx 7-1:0.132: Registering V4L2 extension
[ 1197.756325][T10699] em28xx 7-1:0.132: failed to trigger read from i2c address 0x4a (error=-5)
[ 1197.782350][T10699] em28xx 7-1:0.132: failed to trigger read from i2c address 0x48 (error=-5)
[ 1197.798117][T10699] em28xx 7-1:0.132: failed to trigger read from i2c address 0x42 (error=-5)
[ 1197.833078][T10699] em28xx 7-1:0.132: failed to trigger read from i2c address 0x40 (error=-5)
[ 1197.935860][T10699] em28xx 7-1:0.132: failed to trigger read from i2c address 0x84 (error=-5)
[ 1197.953565][T22742] netlink: 48 bytes leftover after parsing attributes in process `syz.7.3903'.
[ 1197.958154][T10699] em28xx 7-1:0.132: failed to trigger read from i2c address 0x86 (error=-5)
[ 1198.016541][T10699] em28xx 7-1:0.132: failed to trigger read from i2c address 0x94 (error=-5)
[ 1198.061168][T10699] em28xx 7-1:0.132: failed to trigger read from i2c address 0x96 (error=-5)
[ 1198.224380][T10699] em28xx 7-1:0.132: failed to trigger read from i2c address 0xc0 (error=-5)
[ 1198.267399][T10699] em28xx 7-1:0.132: failed to trigger read from i2c address 0xc2 (error=-5)
[ 1198.291982][T10699] em28xx 7-1:0.132: failed to trigger read from i2c address 0xc4 (error=-5)
[ 1198.321728][T10699] em28xx 7-1:0.132: failed to trigger read from i2c address 0xc6 (error=-5)
[ 1198.348206][T10699] em28xx 7-1:0.132: failed to trigger read from i2c address 0xc8 (error=-5)
[ 1198.359068][T22750] FAULT_INJECTION: forcing a failure.
[ 1198.359068][T22750] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1198.370742][T10699] em28xx 7-1:0.132: Config register raw data: 0xfffffffb
[ 1198.382545][T10699] em28xx 7-1:0.132: AC97 chip type couldn't be determined
[ 1198.390507][T10699] em28xx 7-1:0.132: No AC97 audio processor
[ 1198.399918][T22750] CPU: 1 UID: 0 PID: 22750 Comm: syz.3.3905 Not tainted syzkaller #0 PREEMPT(full) 
[ 1198.399941][T22750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1198.399951][T22750] Call Trace:
[ 1198.399960][T22750]  <TASK>
[ 1198.399968][T22750]  dump_stack_lvl+0x189/0x250
[ 1198.399994][T22750]  ? __pfx____ratelimit+0x10/0x10
[ 1198.400014][T22750]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1198.400032][T22750]  ? __pfx__printk+0x10/0x10
[ 1198.400048][T22750]  ? __might_fault+0xb0/0x130
[ 1198.400078][T22750]  should_fail_ex+0x414/0x560
[ 1198.400104][T22750]  _copy_from_user+0x2d/0xb0
[ 1198.400123][T22750]  snd_seq_oss_write+0x515/0x930
[ 1198.400157][T22750]  ? __pfx_snd_seq_oss_write+0x10/0x10
[ 1198.400183][T22750]  ? security_file_permission+0x75/0x290
[ 1198.400214][T22750]  odev_write+0x5a/0x80
[ 1198.400230][T22750]  ? __pfx_odev_write+0x10/0x10
[ 1198.400246][T22750]  vfs_write+0x27e/0xb30
[ 1198.400275][T22750]  ? __pfx_vfs_write+0x10/0x10
[ 1198.400296][T22750]  ? __fget_files+0x2a/0x420
[ 1198.400313][T22750]  ? __fget_files+0x2a/0x420
[ 1198.400326][T22750]  ? __fget_files+0x3a0/0x420
[ 1198.400342][T22750]  ? __fget_files+0x2a/0x420
[ 1198.400364][T22750]  ksys_write+0x145/0x250
[ 1198.400386][T22750]  ? __pfx_ksys_write+0x10/0x10
[ 1198.400408][T22750]  ? do_syscall_64+0xbe/0xfa0
[ 1198.400431][T22750]  do_syscall_64+0xfa/0xfa0
[ 1198.400450][T22750]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1198.400470][T22750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1198.400485][T22750]  ? clear_bhb_loop+0x60/0xb0
[ 1198.400503][T22750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1198.400519][T22750] RIP: 0033:0x7fb2b598f6c9
[ 1198.400535][T22750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1198.400548][T22750] RSP: 002b:00007fb2b684b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1198.400565][T22750] RAX: ffffffffffffffda RBX: 00007fb2b5be5fa0 RCX: 00007fb2b598f6c9
[ 1198.400576][T22750] RDX: 0000000000000234 RSI: 0000200000000840 RDI: 0000000000000003
[ 1198.400586][T22750] RBP: 00007fb2b684b090 R08: 0000000000000000 R09: 0000000000000000
[ 1198.400595][T22750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1198.400604][T22750] R13: 00007fb2b5be6038 R14: 00007fb2b5be5fa0 R15: 00007fb2b5d0fa28
[ 1198.400630][T22750]  </TASK>
[ 1198.726873][T10699] usb 7-1: Decoder not found
[ 1198.750089][T10699] em28xx 7-1:0.132: failed to create media graph
[ 1198.797249][T10699] em28xx 7-1:0.132: V4L2 device video103 deregistered
[ 1198.831618][T22753] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3906'.
[ 1198.864793][T10699] em28xx 7-1:0.132: Remote control support is not available for this card.
[ 1198.878117][T22751] ==================================================================
[ 1198.886210][T22751] BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xac/0x420
[ 1198.893587][T22751] Read of size 8 at addr ffff88806b104740 by task v4l_id/22751
[ 1198.901201][T22751] 
[ 1198.903519][T22751] CPU: 0 UID: 0 PID: 22751 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[ 1198.903535][T22751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1198.903544][T22751] Call Trace:
[ 1198.903552][T22751]  <TASK>
[ 1198.903558][T22751]  dump_stack_lvl+0x189/0x250
[ 1198.903578][T22751]  ? __virt_addr_valid+0x1c8/0x5c0
[ 1198.903595][T22751]  ? rcu_is_watching+0x15/0xb0
[ 1198.903611][T22751]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1198.903627][T22751]  ? rcu_is_watching+0x15/0xb0
[ 1198.903641][T22751]  ? lock_release+0x4b/0x3e0
[ 1198.903653][T22751]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 1198.903672][T22751]  ? __virt_addr_valid+0x1c8/0x5c0
[ 1198.903688][T22751]  ? __virt_addr_valid+0x4a5/0x5c0
[ 1198.903705][T22751]  print_report+0xca/0x240
[ 1198.903720][T22751]  ? v4l2_fh_open+0xac/0x420
[ 1198.903733][T22751]  kasan_report+0x118/0x150
[ 1198.903747][T22751]  ? v4l2_fh_open+0xac/0x420
[ 1198.903762][T22751]  v4l2_fh_open+0xac/0x420
[ 1198.903775][T22751]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1198.903795][T22751]  em28xx_v4l2_open+0x157/0x9a0
[ 1198.903817][T22751]  v4l2_open+0x1bf/0x3a0
[ 1198.903831][T22751]  chrdev_open+0x4cc/0x5e0
[ 1198.903845][T22751]  ? __pfx_chrdev_open+0x10/0x10
[ 1198.903858][T22751]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[ 1198.903874][T22751]  ? __pfx_chrdev_open+0x10/0x10
[ 1198.903886][T22751]  do_dentry_open+0x953/0x13f0
[ 1198.903904][T22751]  vfs_open+0x3b/0x340
[ 1198.903917][T22751]  ? path_openat+0x2ecd/0x3830
[ 1198.903933][T22751]  path_openat+0x2ee5/0x3830
[ 1198.903959][T22751]  ? __pfx_path_openat+0x10/0x10
[ 1198.903981][T22751]  do_filp_open+0x1fa/0x410
[ 1198.903996][T22751]  ? __lock_acquire+0xab9/0xd20
[ 1198.904008][T22751]  ? __pfx_do_filp_open+0x10/0x10
[ 1198.904030][T22751]  ? _raw_spin_unlock+0x28/0x50
[ 1198.904045][T22751]  ? alloc_fd+0x64c/0x6c0
[ 1198.904066][T22751]  do_sys_openat2+0x121/0x1c0
[ 1198.904081][T22751]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1198.904096][T22751]  ? exc_page_fault+0x82/0x100
[ 1198.904114][T22751]  ? do_user_addr_fault+0xc85/0x1380
[ 1198.904128][T22751]  __x64_sys_openat+0x138/0x170
[ 1198.904144][T22751]  do_syscall_64+0xfa/0xfa0
[ 1198.904161][T22751]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1198.904178][T22751]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1198.904191][T22751]  ? clear_bhb_loop+0x60/0xb0
[ 1198.904206][T22751]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1198.904219][T22751] RIP: 0033:0x7f3cac2a7407
[ 1198.904238][T22751] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 1198.904251][T22751] RSP: 002b:00007ffdcc75bee0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1198.904265][T22751] RAX: ffffffffffffffda RBX: 00007f3cac96a880 RCX: 00007f3cac2a7407
[ 1198.904276][T22751] RDX: 0000000000000000 RSI: 00007ffdcc75df1a RDI: ffffffffffffff9c
[ 1198.904285][T22751] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 1198.904294][T22751] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1198.904303][T22751] R13: 00007ffdcc75c130 R14: 00007f3caca6f000 R15: 000055f012a834d8
[ 1198.904318][T22751]  </TASK>
[ 1198.904323][T22751] 
[ 1199.207317][T22751] Allocated by task 10699:
[ 1199.211830][T22751]  kasan_save_track+0x3e/0x80
[ 1199.216508][T22751]  __kasan_kmalloc+0x93/0xb0
[ 1199.221091][T22751]  __kmalloc_cache_noprof+0x3d5/0x6f0
[ 1199.226449][T22751]  em28xx_v4l2_init+0x10b/0x2e70
[ 1199.231403][T22751]  em28xx_init_extension+0x120/0x1c0
[ 1199.236769][T22751]  process_scheduled_works+0xae1/0x17b0
[ 1199.242302][T22751]  worker_thread+0x8a0/0xda0
[ 1199.247162][T22751]  kthread+0x711/0x8a0
[ 1199.251215][T22751]  ret_from_fork+0x4bc/0x870
[ 1199.255875][T22751]  ret_from_fork_asm+0x1a/0x30
[ 1199.260806][T22751] 
[ 1199.263210][T22751] Freed by task 10699:
[ 1199.267262][T22751]  kasan_save_track+0x3e/0x80
[ 1199.271935][T22751]  __kasan_save_free_info+0x46/0x50
[ 1199.277225][T22751]  __kasan_slab_free+0x5c/0x80
[ 1199.281979][T22751]  kfree+0x19a/0x6d0
[ 1199.285943][T22751]  em28xx_v4l2_init+0x1683/0x2e70
[ 1199.291481][T22751]  em28xx_init_extension+0x120/0x1c0
[ 1199.297470][T22751]  process_scheduled_works+0xae1/0x17b0
[ 1199.303383][T22751]  worker_thread+0x8a0/0xda0
[ 1199.308064][T22751]  kthread+0x711/0x8a0
[ 1199.312126][T22751]  ret_from_fork+0x4bc/0x870
[ 1199.316700][T22751]  ret_from_fork_asm+0x1a/0x30
[ 1199.321449][T22751] 
[ 1199.323759][T22751] The buggy address belongs to the object at ffff88806b104000
[ 1199.323759][T22751]  which belongs to the cache kmalloc-8k of size 8192
[ 1199.337792][T22751] The buggy address is located 1856 bytes inside of
[ 1199.337792][T22751]  freed 8192-byte region [ffff88806b104000, ffff88806b106000)
[ 1199.351766][T22751] 
[ 1199.354098][T22751] The buggy address belongs to the physical page:
[ 1199.360542][T22751] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6b100
[ 1199.369326][T22751] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1199.377809][T22751] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1199.385777][T22751] page_type: f5(slab)
[ 1199.389744][T22751] raw: 00fff00000000040 ffff88801a027280 0000000000000000 dead000000000001
[ 1199.398409][T22751] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 1199.407085][T22751] head: 00fff00000000040 ffff88801a027280 0000000000000000 dead000000000001
[ 1199.415860][T22751] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 1199.424718][T22751] head: 00fff00000000003 ffffea0001ac4001 00000000ffffffff 00000000ffffffff
[ 1199.433375][T22751] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1199.442042][T22751] page dumped because: kasan: bad access detected
[ 1199.448447][T22751] page_owner tracks the page as allocated
[ 1199.454159][T22751] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9068, tgid 9067 (syz.3.693), ts 296376999028, free_ts 292098110908
[ 1199.475502][T22751]  post_alloc_hook+0x240/0x2a0
[ 1199.480267][T22751]  get_page_from_freelist+0x2365/0x2440
[ 1199.485795][T22751]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1199.491580][T22751]  alloc_pages_mpol+0x232/0x4a0
[ 1199.496412][T22751]  allocate_slab+0x96/0x350
[ 1199.500926][T22751]  ___slab_alloc+0xf56/0x1990
[ 1199.505600][T22751]  __slab_alloc+0x65/0x100
[ 1199.510083][T22751]  __kmalloc_cache_noprof+0x411/0x6f0
[ 1199.515442][T22751]  audit_log_d_path+0xb8/0x1a0
[ 1199.520203][T22751]  audit_log_d_path_exe+0x42/0x70
[ 1199.525231][T22751]  audit_log_task+0x2b3/0x3c0
[ 1199.529904][T22751]  audit_seccomp+0x86/0x190
[ 1199.534395][T22751]  __seccomp_filter+0xce4/0x1e10
[ 1199.539327][T22751]  syscall_trace_enter+0xaa/0x160
[ 1199.544350][T22751]  do_syscall_64+0xd3/0xfa0
[ 1199.548859][T22751]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1199.554751][T22751] page last free pid 9 tgid 9 stack trace:
[ 1199.560539][T22751]  __free_frozen_pages+0xbc4/0xd30
[ 1199.565643][T22751]  __slab_free+0x2e7/0x390
[ 1199.570050][T22751]  qlist_free_all+0x97/0x140
[ 1199.574626][T22751]  kasan_quarantine_reduce+0x148/0x160
[ 1199.580095][T22751]  __kasan_slab_alloc+0x22/0x80
[ 1199.584943][T22751]  __kmalloc_cache_noprof+0x36f/0x6f0
[ 1199.590312][T22751]  usb_control_msg+0x73/0x3e0
[ 1199.594980][T22751]  hub_ext_port_status+0x116/0x820
[ 1199.600074][T22751]  hub_port_debounce+0x220/0x310
[ 1199.605007][T22751]  hub_event+0x1d89/0x4a20
[ 1199.609405][T22751]  process_scheduled_works+0xae1/0x17b0
[ 1199.614935][T22751]  worker_thread+0x8a0/0xda0
[ 1199.619600][T22751]  kthread+0x711/0x8a0
[ 1199.623654][T22751]  ret_from_fork+0x4bc/0x870
[ 1199.628239][T22751]  ret_from_fork_asm+0x1a/0x30
[ 1199.633002][T22751] 
[ 1199.635354][T22751] Memory state around the buggy address:
[ 1199.641050][T22751]  ffff88806b104600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1199.649096][T22751]  ffff88806b104680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1199.657146][T22751] >ffff88806b104700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1199.665451][T22751]                                            ^
[ 1199.671590][T22751]  ffff88806b104780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1199.679634][T22751]  ffff88806b104800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1199.687675][T22751] ==================================================================
[ 1199.714713][T22751] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1199.721945][T22751] CPU: 1 UID: 0 PID: 22751 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[ 1199.730977][T22751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1199.741040][T22751] Call Trace:
[ 1199.744323][T22751]  <TASK>
[ 1199.747255][T22751]  dump_stack_lvl+0x99/0x250
[ 1199.751856][T22751]  ? __asan_memcpy+0x40/0x70
[ 1199.756459][T22751]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1199.761669][T22751]  ? __pfx__printk+0x10/0x10
[ 1199.766270][T22751]  vpanic+0x237/0x6d0
[ 1199.770268][T22751]  ? __pfx_vpanic+0x10/0x10
[ 1199.774785][T22751]  ? preempt_schedule+0xae/0xc0
[ 1199.779649][T22751]  ? __pfx_preempt_schedule+0x10/0x10
[ 1199.785059][T22751]  panic+0xb9/0xc0
[ 1199.788798][T22751]  ? __pfx_panic+0x10/0x10
[ 1199.793240][T22751]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 1199.799155][T22751]  ? is_module_address+0x17/0xf0
[ 1199.804118][T22751]  ? v4l2_fh_open+0xac/0x420
[ 1199.808731][T22751]  check_panic_on_warn+0x89/0xb0
[ 1199.813685][T22751]  ? v4l2_fh_open+0xac/0x420
[ 1199.818289][T22751]  end_report+0x78/0x160
[ 1199.822516][T22751]  kasan_report+0x129/0x150
[ 1199.827094][T22751]  ? v4l2_fh_open+0xac/0x420
[ 1199.831687][T22751]  v4l2_fh_open+0xac/0x420
[ 1199.836090][T22751]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1199.842059][T22751]  em28xx_v4l2_open+0x157/0x9a0
[ 1199.846903][T22751]  v4l2_open+0x1bf/0x3a0
[ 1199.851131][T22751]  chrdev_open+0x4cc/0x5e0
[ 1199.855547][T22751]  ? __pfx_chrdev_open+0x10/0x10
[ 1199.860468][T22751]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[ 1199.866795][T22751]  ? __pfx_chrdev_open+0x10/0x10
[ 1199.871724][T22751]  do_dentry_open+0x953/0x13f0
[ 1199.876478][T22751]  vfs_open+0x3b/0x340
[ 1199.880530][T22751]  ? path_openat+0x2ecd/0x3830
[ 1199.885279][T22751]  path_openat+0x2ee5/0x3830
[ 1199.889862][T22751]  ? __pfx_path_openat+0x10/0x10
[ 1199.894791][T22751]  do_filp_open+0x1fa/0x410
[ 1199.899291][T22751]  ? __lock_acquire+0xab9/0xd20
[ 1199.904124][T22751]  ? __pfx_do_filp_open+0x10/0x10
[ 1199.909149][T22751]  ? _raw_spin_unlock+0x28/0x50
[ 1199.913986][T22751]  ? alloc_fd+0x64c/0x6c0
[ 1199.918308][T22751]  do_sys_openat2+0x121/0x1c0
[ 1199.923347][T22751]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1199.928529][T22751]  ? exc_page_fault+0x82/0x100
[ 1199.933281][T22751]  ? do_user_addr_fault+0xc85/0x1380
[ 1199.938553][T22751]  __x64_sys_openat+0x138/0x170
[ 1199.943390][T22751]  do_syscall_64+0xfa/0xfa0
[ 1199.947879][T22751]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1199.953062][T22751]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1199.959110][T22751]  ? clear_bhb_loop+0x60/0xb0
[ 1199.963778][T22751]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1199.969652][T22751] RIP: 0033:0x7f3cac2a7407
[ 1199.974053][T22751] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 1199.993818][T22751] RSP: 002b:00007ffdcc75bee0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1200.002232][T22751] RAX: ffffffffffffffda RBX: 00007f3cac96a880 RCX: 00007f3cac2a7407
[ 1200.010193][T22751] RDX: 0000000000000000 RSI: 00007ffdcc75df1a RDI: ffffffffffffff9c
[ 1200.018150][T22751] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 1200.026105][T22751] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1200.034087][T22751] R13: 00007ffdcc75c130 R14: 00007f3caca6f000 R15: 000055f012a834d8
[ 1200.042053][T22751]  </TASK>
[ 1200.045315][T22751] Kernel Offset: disabled
[ 1200.049636][T22751] Rebooting in 86400 seconds..