last executing test programs:

6m59.831140051s ago: executing program 3 (id=2835):
r0 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x800, 0x143280)
ioctl$HIDIOCGUSAGES(r0, 0xd01c4813, &(0x7f0000001480)={{0x3, 0x100, 0x2, 0x9, 0xff, 0xfffffffc}, 0x80, [0x8, 0xfffffff8, 0x8, 0x9, 0x10001, 0x1, 0xfffffffe, 0x286, 0x6, 0x7fff, 0x8, 0xfffff930, 0x7, 0x3, 0x3ff, 0x2, 0x7, 0x4, 0xc000000, 0x1000, 0x6, 0x4, 0x9, 0xf53, 0x200, 0xd, 0x5, 0x9, 0x8d15, 0x97a01b8b, 0x8000, 0x9, 0x401, 0x200, 0xffff, 0x7, 0x6, 0xfffffffd, 0x4, 0x0, 0x0, 0x7, 0x9, 0x0, 0x8, 0x5, 0x98e, 0x4, 0x7, 0x8, 0x100, 0xb14, 0x3, 0x9, 0xb23f, 0x60ad, 0x101, 0x4, 0x7cc, 0xe, 0x3ff, 0x6, 0x23, 0x9, 0x8, 0x8, 0x7, 0x1000, 0x8, 0x3ff, 0x9, 0x4, 0x7, 0x5, 0xc, 0x2, 0x8, 0x1, 0xd3, 0x438, 0x100, 0xffff8001, 0xffffff01, 0xffffffff, 0x180, 0x5, 0x6855, 0x2, 0x6, 0xd7, 0x2, 0x10000, 0x9, 0x5, 0x9, 0x5, 0x2, 0x6, 0x1ff, 0x9, 0x7, 0x8, 0x21, 0x2, 0x5, 0xe14c, 0x7fffffff, 0x192, 0xa, 0x5, 0x7, 0x2, 0x3, 0x9, 0x9, 0x800, 0x5, 0x9, 0x40, 0xff, 0x0, 0x9, 0x0, 0xffff5c61, 0xfffffffb, 0x9c, 0x4, 0x2, 0x3, 0x4, 0x7, 0xfffffffe, 0x8, 0x5, 0x55, 0x6, 0x3, 0xfffffffa, 0x0, 0x1, 0x7f, 0x1, 0x0, 0x4, 0x81, 0x6, 0x90c5, 0xff, 0xf4b2, 0x2, 0x0, 0x2, 0x1, 0xfffffdcb, 0xa78, 0x7, 0x8, 0xf, 0x1, 0xb058cfe, 0x6, 0x100, 0x7f, 0xc, 0x200, 0x1, 0x450, 0x24, 0xf050, 0x7, 0x1000, 0x5, 0x10000, 0x4, 0x7, 0x8, 0x1c00000, 0x8, 0x2, 0x4, 0xc, 0x400, 0x0, 0x9, 0x0, 0xfffffff9, 0x10d, 0x3, 0x8, 0x2, 0x4, 0xff, 0x8, 0x4, 0x2ac0529f, 0x1, 0x3ff, 0xd, 0x7, 0x8, 0x8, 0xd, 0x7, 0x8, 0x9, 0x0, 0x1, 0x8, 0x2, 0x76, 0xb, 0x4508, 0x8, 0x182e, 0x29ee, 0x3, 0x7fff, 0x4, 0x4, 0x6, 0xa64, 0x73e3, 0x1, 0x4, 0x7ff, 0xbc32, 0x2, 0xf130, 0xfff, 0xcce, 0x30, 0xffffffbd, 0xc71, 0x5, 0x9, 0x6, 0x4, 0x3, 0xe08e, 0x300, 0x7, 0xffff, 0x9, 0xfffffff7, 0x1, 0xffff, 0x9, 0x9, 0x5, 0x1, 0x9, 0x8, 0x8001, 0x4, 0x8, 0x8, 0x9, 0x6, 0xff, 0x9, 0x2, 0x80000001, 0x48, 0x1000, 0x7f, 0x10000, 0x1, 0x1, 0xb2, 0x7, 0xa63, 0x3, 0x2, 0xa3, 0x6, 0xfffffffb, 0x3108a63a, 0xf8a6, 0x6, 0xffffffff, 0x8001, 0x4e21, 0x0, 0x8, 0x3, 0xacf5, 0x8, 0x2, 0x5, 0x8000, 0x1, 0x1ff, 0x7ff, 0x7, 0x4a, 0x401, 0x9, 0x2, 0xe8, 0x1, 0xc, 0x0, 0x3, 0x3, 0x1a, 0x2, 0x3, 0x9, 0x2, 0xfff, 0x5, 0x3, 0x6, 0xfffffff7, 0x0, 0x10001, 0x3, 0x8, 0x1, 0x49fd, 0x2, 0x5, 0x3, 0x5, 0x4, 0xffffffa3, 0x26d, 0x8, 0x7, 0x2, 0x1000, 0x3f17fa5d, 0x578f, 0x7, 0x10000, 0x8, 0x75bf, 0x2a, 0x9, 0x7, 0x2, 0x7fffffff, 0x68, 0x7, 0x7, 0x8, 0x6, 0xf, 0xffffffc0, 0x9, 0x6, 0x3, 0x981, 0xbd4, 0x8, 0x7c, 0x0, 0x2, 0x0, 0x10001, 0x4, 0x1, 0x400, 0x1, 0x232, 0x1, 0x2, 0x2, 0x80, 0xfff, 0xa1f9, 0x0, 0x9, 0x8001, 0x3, 0x0, 0x2, 0x1, 0x13, 0x8, 0x8000, 0x16f8, 0x800, 0xffffffff, 0xc, 0x40, 0xffff, 0x4, 0xb4a, 0x6, 0x3, 0x4, 0x8, 0x4, 0x4, 0x7, 0x5, 0x2, 0xcfe2, 0x1c00000, 0xb, 0x80000000, 0xffff, 0x7, 0xb, 0x6, 0x2, 0x6, 0x0, 0xb70, 0xb3a5, 0x2, 0x6, 0x6, 0x1, 0x3, 0x3, 0x22, 0x3, 0x7, 0xfffffff9, 0x6, 0x4, 0x1, 0x97b, 0x7, 0x7, 0xc, 0x2, 0x80, 0x8, 0x7, 0x0, 0xffffffff, 0x10, 0x7, 0x8, 0xfffffffb, 0x9, 0x10000, 0x9e, 0x4, 0x6f2, 0x40, 0x41, 0x5, 0x3, 0x100, 0x3, 0x4, 0x1, 0x0, 0x6, 0x7c4, 0xc, 0x4, 0x80000000, 0x0, 0x0, 0x81, 0x6, 0x1, 0x6, 0x6, 0x4, 0x10000, 0x8000, 0xdb8, 0x3ff, 0x5, 0x7, 0x9, 0x26f4, 0x0, 0x9, 0x2, 0x5, 0x100, 0x0, 0xffff, 0x8, 0x4, 0x3, 0x5, 0x7, 0x0, 0x9, 0x4, 0x0, 0x80000000, 0x9, 0x7, 0xfffff701, 0xfffffffd, 0x9, 0x0, 0x7, 0x5, 0x1ff, 0x1, 0x7, 0x3, 0x5, 0x5, 0x0, 0x0, 0x2, 0x0, 0xfffffff7, 0xc99, 0x8d7, 0x0, 0x4, 0x10001, 0x5, 0x8001, 0xfff, 0x3, 0x3, 0x10000000, 0x1000, 0xab, 0x5, 0x81, 0x8000, 0x7fff, 0x3f24, 0xc51, 0x3, 0x3, 0x200, 0x9, 0xf, 0x1, 0x5, 0x9, 0x8b9, 0x2, 0x5, 0x5, 0x4, 0x2, 0x8, 0x7000, 0x7, 0xffffffc0, 0xb, 0x0, 0xc2, 0x12c4, 0xf42, 0x1, 0xe9, 0x3, 0x2, 0x40, 0x2, 0x2d18cc61, 0x3, 0x7, 0x9, 0x7fffffff, 0x7ff, 0x9, 0x80, 0x3, 0x2, 0xf7, 0x1, 0x5, 0x6, 0x6, 0x5, 0x5000000, 0xb693, 0x7d, 0x60575bef, 0x9e, 0xc7, 0xb, 0x6, 0xb6, 0x0, 0xfff, 0x10000, 0x8001, 0x3, 0x434f0cfc, 0x892, 0x8093, 0x80000001, 0xffff, 0x1, 0xd835, 0x0, 0x1, 0x44, 0x98e, 0x7ff, 0x5, 0x0, 0x7, 0x4, 0x8, 0x0, 0xabb, 0x9, 0x3, 0x101, 0x9, 0x6, 0x7, 0x6, 0xc000, 0x28, 0x6, 0x1, 0x5, 0x3, 0x0, 0x6, 0xffff, 0xfffffff8, 0x9, 0x0, 0x5, 0x5, 0x6, 0x7f, 0x5, 0x9, 0xff, 0x7ff, 0x5, 0x3, 0x0, 0x8000, 0x0, 0x80, 0xae, 0x6, 0x1, 0xf4, 0x81, 0x2, 0x101, 0x6, 0x1, 0xfffffffc, 0x7f, 0x1, 0x3, 0xffff, 0x9, 0xa82, 0x6, 0xd9ee, 0x54bf, 0x0, 0x1000, 0x7, 0x7, 0x0, 0x5, 0x4, 0xa2e, 0x1ff, 0x9, 0x5, 0x4, 0x10000, 0x7, 0x4, 0x6, 0x6, 0x4, 0x9d, 0xfffffffd, 0x2, 0xb298, 0x0, 0xb13e1677, 0xcc, 0x3, 0xfffffffa, 0x200, 0xa34, 0x6, 0x5, 0x6, 0x8, 0x3ff, 0x7f, 0x3, 0x9, 0x2, 0x4, 0x2, 0xffffa6f2, 0x7, 0x32, 0xfffeffff, 0x2, 0x5857, 0x5, 0xcd, 0x9, 0x8, 0x2, 0x0, 0x81, 0x1, 0x7, 0x596a, 0x3, 0xc8, 0x60, 0x6, 0xffff5f3e, 0x8, 0x5, 0x0, 0x80, 0xdbb1, 0xa6, 0xb0e, 0xff, 0x1ff, 0x100, 0xfffffff8, 0x6, 0x7f, 0x3, 0xcea, 0x3e85, 0x4, 0x10, 0x4, 0x5, 0x8, 0x1, 0x3, 0x6c060, 0x0, 0x401, 0x2, 0x5, 0x9, 0x7f, 0x4, 0x1f, 0x3ff, 0x5, 0x1, 0x101, 0xc, 0x2, 0x7, 0x3, 0x8, 0x6, 0x2, 0x0, 0x1ff, 0xfffffff7, 0x2, 0x7, 0x3, 0x9, 0x7, 0x5, 0x2, 0x7fff, 0x845, 0x7, 0x2, 0xd993, 0x6, 0x3c7bf430, 0x6, 0x6586, 0xa, 0x82, 0x7, 0x1ff, 0x0, 0xfffffffd, 0xf7, 0xf, 0x0, 0xfffffff6, 0xf2af, 0xff, 0x0, 0xf0, 0x6000, 0x29f, 0x9, 0x101, 0x4, 0xd, 0x801, 0x6, 0x57, 0x7, 0xe098, 0x9a0d, 0x100, 0x8, 0x1c5c, 0x10000, 0x9, 0x6, 0x9, 0x4, 0x6, 0x7f, 0xd, 0x6, 0x8001, 0x2, 0xfffffffe, 0x9, 0x9, 0xa70d, 0xfffffe00, 0xaea, 0x80, 0x0, 0x3, 0x9, 0x4, 0x0, 0x10, 0x97, 0x200, 0x101, 0x8e, 0x7c3, 0x5a, 0x200, 0x2, 0x2, 0x7, 0x533b, 0x3, 0x10000, 0x7, 0x1, 0x7, 0x2, 0xb3bb, 0x101, 0x5, 0x9, 0x0, 0x8, 0x2, 0x80000001, 0x9, 0x8000, 0x9, 0x9, 0x7, 0x8, 0x3, 0x8001, 0x6, 0x3ff, 0x3ff, 0x800, 0x7, 0xfffffff8, 0xffff, 0x9, 0x0, 0x9, 0x1, 0x3, 0xfff, 0x9, 0x0, 0x100, 0x6ec7, 0x80, 0x8, 0x3, 0x7, 0xc4, 0x3, 0x6090, 0x4, 0x6097, 0x3, 0x40, 0x0, 0x2, 0x2, 0x3, 0xfffffffc, 0x1c6a, 0x800, 0x5a, 0x3, 0x6319, 0x3, 0x6, 0x471, 0xf3b, 0xa, 0x9, 0x9, 0x7, 0x5, 0x3ff, 0x2, 0xd4f, 0x9, 0x1000, 0xb8b, 0xa, 0x0, 0x8, 0xc1, 0x1400000, 0xa, 0x0, 0x12464007, 0x40, 0x9, 0x5, 0x1ce, 0x200, 0x40, 0x80000000, 0x2b52, 0x2, 0x4, 0x8, 0xfffffff7, 0x903e, 0x8, 0x6, 0xb, 0x6, 0x2, 0x2, 0x1000, 0xe, 0x2, 0x3, 0xc, 0x9, 0x4, 0x5, 0x4, 0x6, 0x6, 0x710e, 0x1, 0x80, 0x5, 0x6, 0x7, 0x3ff, 0x7, 0x9, 0x3, 0xc2a, 0x1, 0x6, 0xf1, 0xfffffff9, 0x200, 0xd9, 0x2, 0x8, 0x759, 0x9, 0xfffffffd, 0x4, 0x7, 0x1754, 0xd48, 0x6, 0x6, 0x2, 0xbd, 0xfffffd37, 0x9, 0x1, 0x5, 0x8, 0xf5f3, 0x101, 0x401, 0x80, 0x81, 0x8001, 0x5, 0x6, 0x401, 0x2, 0x2, 0x10000, 0x58d, 0xfffffff8, 0x1, 0x86c, 0x3, 0x100, 0x7, 0x9, 0xe0, 0x100, 0x9, 0x3, 0x9, 0x1, 0x8, 0x2, 0x5, 0x80, 0x3]})
r1 = socket$tipc(0x1e, 0x5, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x58, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x48, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x24, 0x5, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0xe5574b1ec18a652e}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x21}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xb0}}, 0x0)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r3)
sendmsg$TIPC_CMD_GET_NODES(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)={0x1c, r4, 0x1, 0x20, 0x0, {{}, {0x0, 0x6}}}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r6 = accept4(r5, 0x0, 0x0, 0x800)
sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
bind$tipc(r6, &(0x7f0000000240)=@id={0x1e, 0x3, 0x3, {0x4e23, 0x4}}, 0x10)
r7 = creat(&(0x7f0000001380)='./file0\x00', 0x4)
mount(&(0x7f0000000040)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x208083, 0x0)
ioctl$EVIOCSCLOCKID(r7, 0x400445a0, &(0x7f0000000140)=0x7)

6m59.705360311s ago: executing program 3 (id=2836):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000900)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000016010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a320000000094000000060a010400000000000000000100000608000b40000000006c000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000340001800c00010062697477697365002400028008000340000000040800014000000014080002400000001008000640000000ec0800010073797a30"], 0x108}}, 0x0)

6m59.6658543s ago: executing program 3 (id=2837):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="ac0000000001010400000000000000000a0000003c0001802c000180140003000000000000000000000000000001000014000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8000000000000000000000000000aa0c00028005000100000000000800074000000000180006801400040020"], 0xac}, 0x1, 0x0, 0x0, 0x4000}, 0x4000894)

6m59.593068603s ago: executing program 3 (id=2838):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x60a00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r0, 0x57789000)
pipe2$9p(0x0, 0x80080)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
r2 = accept4(r1, 0x0, 0x0, 0x80800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x201008, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000002c0)='./file1/file0\x00')
open$dir(&(0x7f0000000100)='./file0\x00', 0x15b800, 0x0)
rmdir(&(0x7f0000000440)='./file0\x00')
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}], 0x1}, 0x0)
pipe2$9p(&(0x7f0000000100), 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f00000021c0)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000000040)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x490420, 0x2}}, 0x50)
syz_fuse_handle_req(r4, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r4, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb190df08747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb81035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22263e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485e4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2205eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e44312c24c2ce8e642bb73c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad24c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc5908", 0x2000, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
dup3(r3, r4, 0x6700000000000000)

6m58.669780119s ago: executing program 3 (id=2840):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf411119ed8bebbb9, 0x20011, r0, 0x52fbf000)
syz_genetlink_get_family_id$nl802154(&(0x7f0000007e00), 0xffffffffffffffff)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2179, 0x53, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x8}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0xa4}, 0x1, 0x0, 0x0, 0x8004}, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000880)={0xc4, 0x0, 0x2, 0x301, 0x0, 0x0, {0x7, 0x0, 0x2}, [@CTA_EXPECT_MASTER={0x74, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0xd}}, {0x14, 0x4, @private2}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x6b05}, @CTA_EXPECT_HELP_NAME={0xe, 0x6, 'sip-20000\x00'}, @CTA_EXPECT_HELP_NAME={0x9, 0x6, 'syz1\x00'}, @CTA_EXPECT_TUPLE={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @local}}}]}]}, 0xc4}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000)
r2 = socket(0x10, 0x803, 0x0)
sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})
syz_usb_control_io$hid(r1, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x4, {[@global=@item_012={0x2, 0x1, 0x3, "8daf"}, @local]}}, 0x0}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000080), r3)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

6m58.434634367s ago: executing program 3 (id=2841):
timer_create(0x2, &(0x7f0000000180)={0x0, 0x2e, 0x2, @thr={0x0, 0x0}}, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0x0, 0x1000000)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000007d00)=[{&(0x7f0000000080)={0x18, 0x6a, 0x15, 0x8000000, 0xffffffff, "", [@generic="894150da2e"]}, 0x18}], 0x1}, 0x8000)
bind$netlink(r0, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfb, 0x200010}, 0xc)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0xb25002, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r2, 0x80045301, 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c0017800400"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000)
r4 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0xa0, 0x0, [{{0x9, 0x4, 0x0, 0x1, 0x2, 0x7, 0x1, 0x1, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x3, 0x0, 0x4}}}}}]}}]}}, 0x0)
syz_usb_control_io$printer(r4, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}})
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r5, 0x0, 0x0)
ioctl$EVIOCGMASK(r5, 0x60b, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000007d00)=[{&(0x7f00000000c0)={0x14, 0x69, 0x15, 0x8000000, 0xffffffff, "", [@generic="fdee"]}, 0x14}], 0x1}, 0x8000)
sendfile(r1, r1, 0x0, 0x7ffff000)

6m58.298582435s ago: executing program 32 (id=2841):
timer_create(0x2, &(0x7f0000000180)={0x0, 0x2e, 0x2, @thr={0x0, 0x0}}, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0x0, 0x1000000)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000007d00)=[{&(0x7f0000000080)={0x18, 0x6a, 0x15, 0x8000000, 0xffffffff, "", [@generic="894150da2e"]}, 0x18}], 0x1}, 0x8000)
bind$netlink(r0, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfb, 0x200010}, 0xc)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0xb25002, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r2, 0x80045301, 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c0017800400"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000)
r4 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0xa0, 0x0, [{{0x9, 0x4, 0x0, 0x1, 0x2, 0x7, 0x1, 0x1, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x3, 0x0, 0x4}}}}}]}}]}}, 0x0)
syz_usb_control_io$printer(r4, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}})
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r5, 0x0, 0x0)
ioctl$EVIOCGMASK(r5, 0x60b, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000007d00)=[{&(0x7f00000000c0)={0x14, 0x69, 0x15, 0x8000000, 0xffffffff, "", [@generic="fdee"]}, 0x14}], 0x1}, 0x8000)
sendfile(r1, r1, 0x0, 0x7ffff000)

2m34.685205935s ago: executing program 1 (id=4887):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000640)={{0x1, 0x1, 0x18, <r2=>r0, {0xb4}}, './file0\x00'})
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x34, 0x0, 0x8, 0x101, 0x0, 0x0, {}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0xf6}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @icmp}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000001}, 0x40)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000100)=ANY=[], 0x84}}, 0x0)
ioctl$KVM_GET_STATS_FD_vm(r2, 0xaece)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, 0x0, 0x0, <r4=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r4, r1, <r5=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r4, r5, <r6=>0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)})
ioctl$IOMMU_HWPT_INVALIDATE$TEST(r2, 0x3b8d, &(0x7f0000000280)={0x1e, r6, &(0x7f00000001c0)=[{0x0, 0x2}, {0x0, 0x2}], 0xdeadbeef, 0x8, 0x2000000000000332})
syz_usb_connect$printer(0x5, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x5, 0x10, 0xfe, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x7, 0x1, 0x2, 0x9, "", {{{0x9, 0x5, 0x1, 0x2, 0x10, 0x2, 0xcd}}}}}]}}]}}, &(0x7f00000005c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x310, 0x3, 0xfa, 0x1, 0x20, 0x6}, 0x10, &(0x7f00000002c0)={0x5, 0xf, 0x10, 0x1, [@wireless={0xb, 0x10, 0x1, 0x4, 0x2, 0x1, 0x1d, 0x7ff5, 0xc}]}, 0x7, [{0xf6, &(0x7f0000000300)=@string={0xf6, 0x3, "56892c998770aa46ece26a4c2828afdc8e96e961904c23802633bc659a45abbd5bd1ee8a0f9bd020740e4624ae090dbf15d8c055ff8a7cc5e02755d5cc8492fc8a7f1a2cff8f1d3663ba8a614664e685e254168e3d44a9cade4329cdf4a842204f484ddf827005b0404854e6e0efa367fbb143709d7df5da5299f1f1a0c4d865c5af9af411518876298af63f0e30f835a661260610d9543a59b7da5e84d62b95941ef1952656cb72371240ce02d3e133babeae990158d49233b0acfa081253c03d264969deaef519e52dde18abe26c10df110713989f7779561bfe47c8e196c11c3f0fe6fcbe8e8410d969f68ac356ed0e247f7f"}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x437}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x444}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x419}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x180c}}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x879}}, {0x57, &(0x7f0000000540)=@string={0x57, 0x3, "c1a0f940e766e823997e4bc0b0c1684f55bfd530b46c182b54ec8bb06e7ed6cad25ba545cd8e77a1d78d715918a63fb9092f48128cf05a2a06c63781a504907d4023c87b4e2ee999c65e68676c7d9b40a635aeebd9"}}]})

2m31.645336263s ago: executing program 1 (id=4911):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r0, 0x7a9, &(0x7f0000000140)={{@local, 0x5}, 0x1, 0x0, 0x7, 0xfd96, 0x10, 0x1, 0xfd37, 0x4})
syz_usb_disconnect(0xffffffffffffffff)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000600)={0x84, &(0x7f0000000940)=ANY=[@ANYBLOB="400f01"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, &(0x7f00000005c0)={0x2c, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000480)={0x44, &(0x7f00000006c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1})
io_setup(0x30, &(0x7f0000000600)=<r2=>0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
io_submit(r2, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r0, 0x0, 0x0, 0xfffffffffffffffe}])
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f00000000c0)={{@my=0x0}, 0x1, 0x0, 0x7ff})
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f00000001c0)={@local})
syz_usb_connect(0x0, 0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="1201000047ff4f40d3131132677a010203010902120001760fb30f09040001"], 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, &(0x7f0000000040)={0x4, 0x100000})
openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0)

2m28.205199043s ago: executing program 1 (id=4935):
io_setup(0x3, &(0x7f0000001680)=<r0=>0x0)
socket$kcm(0x10, 0x2, 0x0) (async)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)="d80000001c0081044e81f782db44b9040a1d080214000000020003a118000c000300000000000e1208000f0100810401a8001600200001400300000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c11503c6bbace8017cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000fdbccf137789dd5e3df5fc6047a353000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x400d0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x82, 0x24, 0x37, 0x40, 0x6cd, 0x102, 0x501e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x2, 0x8, 0x20, 0x4, [{{0x9, 0x4, 0x3b, 0x5, 0x0, 0x86, 0x80, 0x71, 0x9}}]}}]}}, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0})
io_getevents(r0, 0x1, 0x1, &(0x7f0000004e00)=[{}], &(0x7f0000004e40))
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
r2 = socket$inet6(0xa, 0x1, 0x0)
sendmsg$inet6(r2, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1400000000000000010000000c0000002b"], 0x30}, 0x4000010) (async)
sendmsg$inet6(r2, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1400000000000000010000000c0000002b"], 0x30}, 0x4000010)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000400)='cramfs\x00', 0xc400, 0x0) (async)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000400)='cramfs\x00', 0xc400, 0x0)
io_setup(0x101, &(0x7f00000000c0))

2m26.74506935s ago: executing program 1 (id=4945):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
mkdir(&(0x7f0000000140)='./file1\x00', 0x4)
mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') (async)
mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota')
r0 = syz_open_dev$media(&(0x7f0000000440), 0x5, 0x88000)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000480)=<r1=>0xffffffffffffffff)
close(r1)
chdir(&(0x7f0000000280)='./file1\x00')
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
fallocate(r2, 0x1, 0x9, 0x81) (async)
fallocate(r2, 0x1, 0x9, 0x81)
r3 = syz_clone(0x2000000, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
r4 = fsopen(&(0x7f0000000000)='udf\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000b00)='\xc3', 0x0) (async)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000b00)='\xc3', 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'veth0_to_hsr\x00'}) (async)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'veth0_to_hsr\x00', <r6=>0x0})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r8, 0x4018aebd, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x1})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x66)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x67) (async)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x67)
socket$inet6(0xa, 0x80002, 0x0) (async)
r9 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r9, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x7}, 0x1c)
sendmmsg$inet6(r9, &(0x7f0000002f00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000004000)=[@pktinfo={{0x24, 0x29, 0x32, {@private2, r6}}}], 0x28}}], 0x1, 0x20005485)
r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_procs(r10, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) (async)
r11 = openat$cgroup_procs(r10, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r11, &(0x7f00000001c0), 0x12)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
r12 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
getsockopt$IP6T_SO_GET_REVISION_TARGET(r9, 0x29, 0x45, &(0x7f0000000080)={'IDLETIMER\x00'}, &(0x7f00000000c0)=0x1e)
mmap(&(0x7f000078a000/0x11000)=nil, 0x11000, 0x5a051feb1f984a1d, 0x202812, r12, 0x7dfff000)
wait4(r3, &(0x7f0000000100), 0x1, &(0x7f0000000440))

2m26.680918545s ago: executing program 1 (id=4946):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
write$tun(r0, &(0x7f00000002c0)={@val={0x0, 0x86dd}, @val={0x3, 0x0, 0xa, 0x0, 0x8d}, @mpls={[], @ipv6=@tipc_packet={0x8, 0x6, "09c2b4", 0x68, 0x6, 0xff, @empty, @mcast2, {[@dstopts={0x3b, 0x6, '\x00', [@generic={0x0, 0x2f, "ecfa7d6266d62810628e9bec0764d366921e7982b0f38470a736c2bcf722b3b7bfff48a599afc05f7e1f7eb3f80930"}]}], @payload_named={{{{{0x28, 0x0, 0x0, 0x0, 0x1, 0xa, 0x2, 0x2, 0x4886, 0x0, 0x3, 0x9, 0x0, 0x2, 0x8, 0x0, 0x0, 0x4e23, 0x4e20}, 0x1}, 0x4, 0x4}}}}}}}, 0x9e)

2m26.5565454s ago: executing program 1 (id=4947):
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x7f}}, './file0\x00'})
sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x9000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)={0x16c, 0x1, 0x2, 0x201, 0x0, 0x0, {}, [@CTA_EXPECT_NAT={0x158, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x74, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x2f}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010100}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6}]}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x8c, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @private=0xa010100}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}]}]}]}, 0x16c}, 0x1, 0x0, 0x0, 0x20000000}, 0x24040001)
fsetxattr$security_ima(r0, &(0x7f0000000280), &(0x7f00000002c0)=@sha1={0x1, "944c1c6e0675f393a9e989c84080a5e7dc201d64"}, 0x15, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x70, 0x24, 0x2, 0x70bd29, 0x25dfdbfe, {0x1b}, [@generic="5ad35655f585e6023155acc4bd1d0f62ba14b9b190c85014d40eadc863a6d4952a6a9e46fe5c6189802b37565db369ce1dd745abbfc01b60fd9c5696d70049f37695285aad0f89f0bdc74b97bbb6ab2bb3398a9f3f129e7c58795e"]}, 0x70}}, 0x20004004)
r2 = socket$netlink(0x10, 0x3, 0x85a902ada66e4033)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000440)={'wlan0\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), r2)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r1, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x40, r4, 0x300, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7, 0x18}}}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x1e0}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x37}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x40840)
r5 = openat(r0, &(0x7f00000005c0)='./file0\x00', 0x80000, 0x1)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r0, 0x80047213, &(0x7f0000000600))
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), r5)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r5, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x20849}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x1c, r6, 0x4, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, ["", "", "", "", "", "", ""]}, 0x1c}}, 0x4000000)
ioctl$NS_GET_OWNER_UID(r0, 0xb704, &(0x7f0000000780))
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r1)
sendmsg$NL80211_CMD_SET_MESH_CONFIG(r2, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x30, r7, 0x200, 0x70bd28, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x4, 0x52}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004014}, 0x4001)
getsockopt$IP_VS_SO_GET_DAEMON(r5, 0x0, 0x487, &(0x7f0000000900), &(0x7f0000000940)=0x30)
r8 = openat$zero(0xffffffffffffff9c, &(0x7f0000000980), 0x20, 0x0)
sendmsg$NL80211_CMD_ADD_TX_TS(r8, &(0x7f0000000ac0)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a00)={0x48, r4, 0x106, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_ADMITTED_TIME={0x6}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_ADMITTED_TIME={0x6}, @NL80211_ATTR_TSID={0x5, 0xd2, 0xe}, @NL80211_ATTR_TSID={0x5, 0xd2, 0x8}]}, 0x48}}, 0x1)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000b40)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_ADD_TX_TS(r9, &(0x7f0000000c00)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b80)={0x30, r6, 0x800, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r10}, @val={0xc, 0x99, {0x4, 0x7d}}}}, [@NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x844}, 0x44050)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r2, &(0x7f0000000d00)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c80)={0x14, 0x4, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x5}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x24000090}, 0x24040811)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f00000012c0)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000001280)={&(0x7f0000000d80)={0x4fc, r4, 0x2, 0x70bd27, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0xb4, 0x11d, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xfa}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x8}]}, {0x50, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x2}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0xf6f1bd08fd440a71}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}]}, {0x20, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x6}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x2}]}, {0x18, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x2}]}]}, @NL80211_ATTR_TID_CONFIG={0x368, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x39}]}, {0x320, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x314, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x34, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x8001, 0x3, 0x1, 0x6, 0x9, 0x6, 0x3ff]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xffff, 0x4, 0x7, 0x9, 0x8, 0x2, 0x7, 0x4]}}]}, @NL80211_BAND_2GHZ={0x5c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x9}, @NL80211_TXRATE_HT={0x22, 0x2, [{0x4, 0x4}, {0x3, 0x7}, {0x2, 0x4}, {0x7, 0x6}, {0x4, 0x1}, {0x2, 0x2}, {0x3, 0x5}, {0x0, 0x9}, {0x0, 0x9}, {0x2, 0x5}, {0x0, 0x5}, {0x7, 0xa}, {0x7, 0x7}, {}, {0x3, 0x9}, {0x7, 0x7}, {0x4, 0x1}, {0x1, 0xa}, {0x4}, {0x4, 0x4}, {0x7}, {0x0, 0x8}, {0x7, 0x5}, {0x1}, {0x2, 0x3}, {}, {0x0, 0x9}, {0x0, 0x7}, {0x0, 0x8}, {0x5, 0xa}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x19, 0x2, [{0x1, 0x7}, {0x3}, {0x6, 0x9}, {0x1, 0x4}, {0x6, 0x1}, {0x7}, {0x1, 0x8}, {0x5, 0x9}, {0x1, 0xa}, {0x1, 0x8}, {0x0, 0xa}, {0x2, 0x8}, {0x0, 0x3}, {0x7, 0x8}, {0x5, 0xa}, {0x0, 0x9}, {0x3, 0x1}, {}, {0x3, 0xa}, {0x5, 0x8}, {0x2, 0x7}]}]}, @NL80211_BAND_6GHZ={0x4}, @NL80211_BAND_60GHZ={0xac, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x4, 0x1ff, 0x561, 0x7bce, 0x8, 0x1, 0x3ff]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x2, 0x8, 0x9, 0x8001, 0x1, 0x1000, 0x4]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xccf, 0x107c, 0x7, 0x1, 0x3, 0x2, 0x7, 0x3]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0x100, 0x9, 0xfff3, 0x8, 0x0, 0x1, 0xfb5]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HT={0x36, 0x2, [{0x4, 0x9}, {0x2, 0x9}, {0x1}, {0x3, 0x8}, {0x4, 0x7}, {0x2, 0x4}, {0x5}, {0x4, 0x9}, {0x6, 0x4}, {0x7, 0x8}, {0x5, 0x9}, {0x2}, {0x5, 0x1}, {0x7, 0x7}, {0x4, 0x7}, {0x3, 0xa}, {0x0, 0x2}, {0x6, 0x1}, {}, {0x3, 0x1}, {0x4, 0x6}, {0x5, 0x8}, {0x4}, {0x0, 0x9}, {0x0, 0x4}, {0x3, 0x1}, {0x0, 0x7}, {0x2, 0x4}, {0x3}, {0x2, 0x9}, {0x3, 0x7}, {0x4, 0xa}, {0x2, 0x4}, {0x4, 0x3}, {0x7, 0x3}, {0x5, 0x2}, {0x2, 0x7}, {0x2, 0x8}, {0x0, 0x7}, {0x4, 0xa}, {0x3, 0x3}, {0x2, 0x8}, {0x2}, {0x0, 0x2}, {0x5, 0x5}, {0x4, 0xa}, {0x1, 0x4}, {0x2, 0x4}, {0x5, 0x9}, {0x3, 0x6}]}]}, @NL80211_BAND_60GHZ={0x48, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HT={0x2a, 0x2, [{0x3, 0x4}, {0x5, 0x7}, {0x1, 0x5}, {0x0, 0x7}, {0x3}, {0x1, 0x4}, {0x0, 0x6}, {0x0, 0x4}, {0x1, 0x4}, {0x1, 0x6}, {0x4, 0xa}, {0x0, 0x4}, {0x1, 0x5}, {0x2, 0x4}, {0x1, 0x7}, {0x6, 0x9}, {0x1}, {0x4, 0x2}, {0x3, 0x6}, {0x1, 0x9}, {0x1, 0x2}, {0x7, 0x8}, {0x4, 0x1}, {0x4}, {0x2, 0x2}, {0x0, 0x1}, {0x4, 0x8}, {0x3, 0x8}, {0x3, 0xa}, {0x7, 0x7}, {0x0, 0x5}, {0x4, 0x5}, {0x4, 0x7}, {0x2, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x1, 0x4}, {0x5, 0x2}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_6GHZ={0x20, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x2, 0x6, 0x6, 0x6, 0x2, 0xb, 0x4]}}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_60GHZ={0x3c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HT={0x2f, 0x2, [{0x0, 0xc}, {0x1, 0x5}, {0x3, 0x9}, {0x4, 0x5}, {0x5, 0x8}, {0x6, 0x2}, {0x6, 0xa}, {0x2, 0x4}, {0x2, 0x7}, {0x2, 0x1}, {0x1, 0x6}, {0x3, 0x1a}, {0x3, 0x1}, {0x1, 0x4}, {0x2, 0x7}, {0x6, 0x1}, {0x6, 0x9}, {0x3, 0x9}, {0x0, 0x9}, {0x7, 0x1}, {0x4, 0x4}, {0x1}, {0x1, 0x1}, {0x4, 0x6}, {0x1, 0xa}, {0x7, 0x8}, {0x7, 0x3}, {0x3, 0x3}, {0x2}, {0x5, 0x3}, {0x7}, {0x4, 0xa}, {0x4, 0x5}, {0x0, 0x6}, {0x7, 0x2}, {0x1, 0xa}, {0x1, 0x3}, {0x4, 0xa}, {0x6, 0x9}, {0x2, 0x6}, {0x4, 0x6}, {0x6, 0x2}, {0x7, 0x1}]}]}, @NL80211_BAND_6GHZ={0x50, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x11b8, 0x3, 0x4, 0x7, 0x9, 0x5, 0x878, 0x6]}}, @NL80211_TXRATE_HT={0xa, 0x2, [{}, {0x4, 0x8}, {0x0, 0x3}, {0x4, 0x3}, {0x6, 0x9}, {0x1, 0x3}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x9, 0x1, 0x1, 0xf, 0xfff, 0x4, 0x4]}}]}, @NL80211_BAND_6GHZ={0x48, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x401, 0x3ff, 0xfff2, 0x4, 0x4b, 0x6, 0xb42, 0x8000]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x200, 0x4, 0x0, 0x7, 0x8, 0x2, 0x10, 0x6]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x3, 0x4, 0x4, 0x800, 0x5, 0x1290, 0xb5f7, 0x81]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_6GHZ={0x94, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x46, 0x2, [{0x1, 0x7}, {0x1, 0x9}, {0x0, 0x3}, {0x1, 0x6}, {0x4, 0x4}, {0x5, 0x2}, {0x0, 0x2}, {0x6, 0x7}, {}, {0x0, 0x9}, {0x4, 0x7}, {0x1, 0x3}, {0x0, 0x4}, {0x3, 0x1}, {0x1, 0x5}, {0x1, 0x8}, {0x7, 0x8}, {0x1, 0x5}, {0x2, 0xa}, {0x1, 0x9}, {0x6, 0x7}, {0x5, 0x6}, {0x2, 0x9}, {0x1, 0xa}, {0x0, 0x9}, {0x3, 0x5}, {0x2, 0x8}, {0x6, 0x1}, {0x2, 0x9}, {0x4, 0x9}, {0x5, 0xa}, {0x6, 0x3}, {0x7}, {0x2, 0x5}, {0x0, 0x5}, {0x7, 0xa}, {0x7, 0x7}, {0x0, 0xa}, {0x5, 0x3}, {0x4, 0x9}, {0x2, 0x4}, {0x1}, {0x6, 0x6}, {0x4, 0x4}, {0x2}, {0x6, 0x4}, {0x2, 0x6}, {0x6, 0x5}, {0x0, 0x4}, {0x1, 0x7}, {0x1}, {0x7, 0x6}, {0x4, 0x2}, {0x0, 0x4}, {0x6, 0x2}, {0x0, 0x2}, {0x2, 0x9}, {0x0, 0x4}, {0x5, 0x7}, {0x5, 0x8}, {0x0, 0x3}, {0x0, 0x6}, {0x7}, {0x6, 0x8}, {0x1, 0x5}, {0x2, 0x5}]}, @NL80211_TXRATE_HT={0x2b, 0x2, [{0x0, 0x4}, {0x3, 0x8}, {0x0, 0xa}, {0x3, 0x3}, {0x0, 0x7}, {0x3, 0x1}, {0x2, 0x8}, {0x5, 0x2}, {0x0, 0x1}, {0x3, 0x7}, {0x1, 0x2}, {0x0, 0xa}, {0x0, 0x7}, {0x5, 0x17}, {0x5, 0x2}, {0x5}, {0x1, 0x9}, {0x0, 0x1}, {0x4, 0x8}, {0x7}, {0x7, 0x5}, {0x2, 0x9}, {0x5, 0x5}, {0x4, 0x5}, {0x0, 0x6}, {0x4, 0x7}, {0x1, 0x3}, {0x6, 0x4}, {0x1, 0x2}, {0x7, 0x6}, {0x2, 0x5}, {0x1, 0x4}, {0x1, 0xa}, {0x3, 0x5}, {0x0, 0x3}, {0x3, 0x5}, {0x5, 0x2}, {0x6}, {0x4, 0x8}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xd, 0x100, 0x4, 0x400, 0x7, 0x3, 0x81, 0x401]}}]}]}]}, {0x38, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x33}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x76}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xf0}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x8cb8}]}]}, @NL80211_ATTR_TID_CONFIG={0xcc, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}]}, {0x40, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0xb55c}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x82}]}, {0x28, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xf9}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xfff}]}, {0x30, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xcf}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x800}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xf5}]}, {0x18, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x37}]}]}]}, 0x4fc}}, 0x0)
r11 = syz_genetlink_get_family_id$batadv(&(0x7f0000001340), r2)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000001440)={&(0x7f0000001300)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001400)={&(0x7f0000001380)={0x4c, r11, 0x300, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x4}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x800}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x40}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0x40)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), r5)
sendmsg$NL80211_CMD_LEAVE_MESH(0xffffffffffffffff, &(0x7f0000001580)={&(0x7f0000001480)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001540)={&(0x7f0000001500)={0x20, r12, 0x2, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xffffffff, 0x7f}}}}, ["", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x24004004)
clock_nanosleep(0x4, 0x1, &(0x7f00000015c0)={0x0, 0x3938700}, &(0x7f0000001600))
recvfrom(r9, &(0x7f0000001640)=""/95, 0x5f, 0x22, &(0x7f00000016c0)=@caif=@rfm={0x25, 0xc9e0, "9c6d5789201b6bbb64f46436be86c04b"}, 0x80)

2m26.449157719s ago: executing program 33 (id=4947):
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x7f}}, './file0\x00'})
sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x9000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)={0x16c, 0x1, 0x2, 0x201, 0x0, 0x0, {}, [@CTA_EXPECT_NAT={0x158, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x74, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x2f}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010100}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6}]}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x8c, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @private=0xa010100}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}]}]}]}, 0x16c}, 0x1, 0x0, 0x0, 0x20000000}, 0x24040001)
fsetxattr$security_ima(r0, &(0x7f0000000280), &(0x7f00000002c0)=@sha1={0x1, "944c1c6e0675f393a9e989c84080a5e7dc201d64"}, 0x15, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x70, 0x24, 0x2, 0x70bd29, 0x25dfdbfe, {0x1b}, [@generic="5ad35655f585e6023155acc4bd1d0f62ba14b9b190c85014d40eadc863a6d4952a6a9e46fe5c6189802b37565db369ce1dd745abbfc01b60fd9c5696d70049f37695285aad0f89f0bdc74b97bbb6ab2bb3398a9f3f129e7c58795e"]}, 0x70}}, 0x20004004)
r2 = socket$netlink(0x10, 0x3, 0x85a902ada66e4033)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000440)={'wlan0\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), r2)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r1, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x40, r4, 0x300, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7, 0x18}}}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x1e0}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x37}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x40840)
r5 = openat(r0, &(0x7f00000005c0)='./file0\x00', 0x80000, 0x1)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r0, 0x80047213, &(0x7f0000000600))
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), r5)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r5, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x20849}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x1c, r6, 0x4, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, ["", "", "", "", "", "", ""]}, 0x1c}}, 0x4000000)
ioctl$NS_GET_OWNER_UID(r0, 0xb704, &(0x7f0000000780))
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r1)
sendmsg$NL80211_CMD_SET_MESH_CONFIG(r2, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x30, r7, 0x200, 0x70bd28, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x4, 0x52}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004014}, 0x4001)
getsockopt$IP_VS_SO_GET_DAEMON(r5, 0x0, 0x487, &(0x7f0000000900), &(0x7f0000000940)=0x30)
r8 = openat$zero(0xffffffffffffff9c, &(0x7f0000000980), 0x20, 0x0)
sendmsg$NL80211_CMD_ADD_TX_TS(r8, &(0x7f0000000ac0)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a00)={0x48, r4, 0x106, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_ADMITTED_TIME={0x6}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_ADMITTED_TIME={0x6}, @NL80211_ATTR_TSID={0x5, 0xd2, 0xe}, @NL80211_ATTR_TSID={0x5, 0xd2, 0x8}]}, 0x48}}, 0x1)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000b40)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_ADD_TX_TS(r9, &(0x7f0000000c00)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b80)={0x30, r6, 0x800, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r10}, @val={0xc, 0x99, {0x4, 0x7d}}}}, [@NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x844}, 0x44050)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r2, &(0x7f0000000d00)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c80)={0x14, 0x4, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x5}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x24000090}, 0x24040811)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f00000012c0)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000001280)={&(0x7f0000000d80)={0x4fc, r4, 0x2, 0x70bd27, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0xb4, 0x11d, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xfa}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x8}]}, {0x50, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x2}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0xf6f1bd08fd440a71}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}]}, {0x20, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x6}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x2}]}, {0x18, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x2}]}]}, @NL80211_ATTR_TID_CONFIG={0x368, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x39}]}, {0x320, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x314, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x34, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x8001, 0x3, 0x1, 0x6, 0x9, 0x6, 0x3ff]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xffff, 0x4, 0x7, 0x9, 0x8, 0x2, 0x7, 0x4]}}]}, @NL80211_BAND_2GHZ={0x5c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x9}, @NL80211_TXRATE_HT={0x22, 0x2, [{0x4, 0x4}, {0x3, 0x7}, {0x2, 0x4}, {0x7, 0x6}, {0x4, 0x1}, {0x2, 0x2}, {0x3, 0x5}, {0x0, 0x9}, {0x0, 0x9}, {0x2, 0x5}, {0x0, 0x5}, {0x7, 0xa}, {0x7, 0x7}, {}, {0x3, 0x9}, {0x7, 0x7}, {0x4, 0x1}, {0x1, 0xa}, {0x4}, {0x4, 0x4}, {0x7}, {0x0, 0x8}, {0x7, 0x5}, {0x1}, {0x2, 0x3}, {}, {0x0, 0x9}, {0x0, 0x7}, {0x0, 0x8}, {0x5, 0xa}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x19, 0x2, [{0x1, 0x7}, {0x3}, {0x6, 0x9}, {0x1, 0x4}, {0x6, 0x1}, {0x7}, {0x1, 0x8}, {0x5, 0x9}, {0x1, 0xa}, {0x1, 0x8}, {0x0, 0xa}, {0x2, 0x8}, {0x0, 0x3}, {0x7, 0x8}, {0x5, 0xa}, {0x0, 0x9}, {0x3, 0x1}, {}, {0x3, 0xa}, {0x5, 0x8}, {0x2, 0x7}]}]}, @NL80211_BAND_6GHZ={0x4}, @NL80211_BAND_60GHZ={0xac, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x4, 0x1ff, 0x561, 0x7bce, 0x8, 0x1, 0x3ff]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x2, 0x8, 0x9, 0x8001, 0x1, 0x1000, 0x4]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xccf, 0x107c, 0x7, 0x1, 0x3, 0x2, 0x7, 0x3]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0x100, 0x9, 0xfff3, 0x8, 0x0, 0x1, 0xfb5]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HT={0x36, 0x2, [{0x4, 0x9}, {0x2, 0x9}, {0x1}, {0x3, 0x8}, {0x4, 0x7}, {0x2, 0x4}, {0x5}, {0x4, 0x9}, {0x6, 0x4}, {0x7, 0x8}, {0x5, 0x9}, {0x2}, {0x5, 0x1}, {0x7, 0x7}, {0x4, 0x7}, {0x3, 0xa}, {0x0, 0x2}, {0x6, 0x1}, {}, {0x3, 0x1}, {0x4, 0x6}, {0x5, 0x8}, {0x4}, {0x0, 0x9}, {0x0, 0x4}, {0x3, 0x1}, {0x0, 0x7}, {0x2, 0x4}, {0x3}, {0x2, 0x9}, {0x3, 0x7}, {0x4, 0xa}, {0x2, 0x4}, {0x4, 0x3}, {0x7, 0x3}, {0x5, 0x2}, {0x2, 0x7}, {0x2, 0x8}, {0x0, 0x7}, {0x4, 0xa}, {0x3, 0x3}, {0x2, 0x8}, {0x2}, {0x0, 0x2}, {0x5, 0x5}, {0x4, 0xa}, {0x1, 0x4}, {0x2, 0x4}, {0x5, 0x9}, {0x3, 0x6}]}]}, @NL80211_BAND_60GHZ={0x48, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HT={0x2a, 0x2, [{0x3, 0x4}, {0x5, 0x7}, {0x1, 0x5}, {0x0, 0x7}, {0x3}, {0x1, 0x4}, {0x0, 0x6}, {0x0, 0x4}, {0x1, 0x4}, {0x1, 0x6}, {0x4, 0xa}, {0x0, 0x4}, {0x1, 0x5}, {0x2, 0x4}, {0x1, 0x7}, {0x6, 0x9}, {0x1}, {0x4, 0x2}, {0x3, 0x6}, {0x1, 0x9}, {0x1, 0x2}, {0x7, 0x8}, {0x4, 0x1}, {0x4}, {0x2, 0x2}, {0x0, 0x1}, {0x4, 0x8}, {0x3, 0x8}, {0x3, 0xa}, {0x7, 0x7}, {0x0, 0x5}, {0x4, 0x5}, {0x4, 0x7}, {0x2, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x1, 0x4}, {0x5, 0x2}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_6GHZ={0x20, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x2, 0x6, 0x6, 0x6, 0x2, 0xb, 0x4]}}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_60GHZ={0x3c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HT={0x2f, 0x2, [{0x0, 0xc}, {0x1, 0x5}, {0x3, 0x9}, {0x4, 0x5}, {0x5, 0x8}, {0x6, 0x2}, {0x6, 0xa}, {0x2, 0x4}, {0x2, 0x7}, {0x2, 0x1}, {0x1, 0x6}, {0x3, 0x1a}, {0x3, 0x1}, {0x1, 0x4}, {0x2, 0x7}, {0x6, 0x1}, {0x6, 0x9}, {0x3, 0x9}, {0x0, 0x9}, {0x7, 0x1}, {0x4, 0x4}, {0x1}, {0x1, 0x1}, {0x4, 0x6}, {0x1, 0xa}, {0x7, 0x8}, {0x7, 0x3}, {0x3, 0x3}, {0x2}, {0x5, 0x3}, {0x7}, {0x4, 0xa}, {0x4, 0x5}, {0x0, 0x6}, {0x7, 0x2}, {0x1, 0xa}, {0x1, 0x3}, {0x4, 0xa}, {0x6, 0x9}, {0x2, 0x6}, {0x4, 0x6}, {0x6, 0x2}, {0x7, 0x1}]}]}, @NL80211_BAND_6GHZ={0x50, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x11b8, 0x3, 0x4, 0x7, 0x9, 0x5, 0x878, 0x6]}}, @NL80211_TXRATE_HT={0xa, 0x2, [{}, {0x4, 0x8}, {0x0, 0x3}, {0x4, 0x3}, {0x6, 0x9}, {0x1, 0x3}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x9, 0x1, 0x1, 0xf, 0xfff, 0x4, 0x4]}}]}, @NL80211_BAND_6GHZ={0x48, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x401, 0x3ff, 0xfff2, 0x4, 0x4b, 0x6, 0xb42, 0x8000]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x200, 0x4, 0x0, 0x7, 0x8, 0x2, 0x10, 0x6]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x3, 0x4, 0x4, 0x800, 0x5, 0x1290, 0xb5f7, 0x81]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_6GHZ={0x94, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x46, 0x2, [{0x1, 0x7}, {0x1, 0x9}, {0x0, 0x3}, {0x1, 0x6}, {0x4, 0x4}, {0x5, 0x2}, {0x0, 0x2}, {0x6, 0x7}, {}, {0x0, 0x9}, {0x4, 0x7}, {0x1, 0x3}, {0x0, 0x4}, {0x3, 0x1}, {0x1, 0x5}, {0x1, 0x8}, {0x7, 0x8}, {0x1, 0x5}, {0x2, 0xa}, {0x1, 0x9}, {0x6, 0x7}, {0x5, 0x6}, {0x2, 0x9}, {0x1, 0xa}, {0x0, 0x9}, {0x3, 0x5}, {0x2, 0x8}, {0x6, 0x1}, {0x2, 0x9}, {0x4, 0x9}, {0x5, 0xa}, {0x6, 0x3}, {0x7}, {0x2, 0x5}, {0x0, 0x5}, {0x7, 0xa}, {0x7, 0x7}, {0x0, 0xa}, {0x5, 0x3}, {0x4, 0x9}, {0x2, 0x4}, {0x1}, {0x6, 0x6}, {0x4, 0x4}, {0x2}, {0x6, 0x4}, {0x2, 0x6}, {0x6, 0x5}, {0x0, 0x4}, {0x1, 0x7}, {0x1}, {0x7, 0x6}, {0x4, 0x2}, {0x0, 0x4}, {0x6, 0x2}, {0x0, 0x2}, {0x2, 0x9}, {0x0, 0x4}, {0x5, 0x7}, {0x5, 0x8}, {0x0, 0x3}, {0x0, 0x6}, {0x7}, {0x6, 0x8}, {0x1, 0x5}, {0x2, 0x5}]}, @NL80211_TXRATE_HT={0x2b, 0x2, [{0x0, 0x4}, {0x3, 0x8}, {0x0, 0xa}, {0x3, 0x3}, {0x0, 0x7}, {0x3, 0x1}, {0x2, 0x8}, {0x5, 0x2}, {0x0, 0x1}, {0x3, 0x7}, {0x1, 0x2}, {0x0, 0xa}, {0x0, 0x7}, {0x5, 0x17}, {0x5, 0x2}, {0x5}, {0x1, 0x9}, {0x0, 0x1}, {0x4, 0x8}, {0x7}, {0x7, 0x5}, {0x2, 0x9}, {0x5, 0x5}, {0x4, 0x5}, {0x0, 0x6}, {0x4, 0x7}, {0x1, 0x3}, {0x6, 0x4}, {0x1, 0x2}, {0x7, 0x6}, {0x2, 0x5}, {0x1, 0x4}, {0x1, 0xa}, {0x3, 0x5}, {0x0, 0x3}, {0x3, 0x5}, {0x5, 0x2}, {0x6}, {0x4, 0x8}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xd, 0x100, 0x4, 0x400, 0x7, 0x3, 0x81, 0x401]}}]}]}]}, {0x38, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x33}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x76}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xf0}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x8cb8}]}]}, @NL80211_ATTR_TID_CONFIG={0xcc, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}]}, {0x40, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0xb55c}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x82}]}, {0x28, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xf9}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xfff}]}, {0x30, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xcf}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x800}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xf5}]}, {0x18, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x37}]}]}]}, 0x4fc}}, 0x0)
r11 = syz_genetlink_get_family_id$batadv(&(0x7f0000001340), r2)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000001440)={&(0x7f0000001300)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001400)={&(0x7f0000001380)={0x4c, r11, 0x300, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x4}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x800}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x40}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0x40)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), r5)
sendmsg$NL80211_CMD_LEAVE_MESH(0xffffffffffffffff, &(0x7f0000001580)={&(0x7f0000001480)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001540)={&(0x7f0000001500)={0x20, r12, 0x2, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xffffffff, 0x7f}}}}, ["", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x24004004)
clock_nanosleep(0x4, 0x1, &(0x7f00000015c0)={0x0, 0x3938700}, &(0x7f0000001600))
recvfrom(r9, &(0x7f0000001640)=""/95, 0x5f, 0x22, &(0x7f00000016c0)=@caif=@rfm={0x25, 0xc9e0, "9c6d5789201b6bbb64f46436be86c04b"}, 0x80)

25.523270628s ago: executing program 5 (id=5894):
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000040)={0x8, {"cbe9f88dc436966861046be4526ad1b6606de57d4e48687c87976c9cc1366792adc0e119f87eaf903707fd42f61ea08fc60b1eabf9462c8a99613d6f1673a65219cc05c7831ed458254ed73d189a393d9b84fd8e4b81f6e4e52221903ab5dd6a668b8112d6a09638f9545c271d118b6ddb9cf8772129b7626a271c895b94e60be93d2afb3561ac06a899699ff33e51205099dc5528d33594ee58c21bda0324afa07735233137ea33d73885e4928f5065d08e0efb5330a2013169e2d98004d794f3d10f14d8cf5a6808e2ffb18b76fb498496c6c2432d4fc7bf3cf280ee302e753e5fd4e3e4846d1de4db6529a89e14903e8e265952c4f418b7025f201b3083167a3d9b396135c69632702ec612524683b162cea51b9c6ebca00e55127b7d4533263130b0572e60f76d71146a5af34e03205f47e5e4715d8ee719108a036f93a03a30be670ab1ac27b476acc959ee5be2cd5f382b6270a358d8bc810d05a60023aaa42e461c155f63f23c99b7e19ef61c2a145013aaec331db767b1b77a93e520fb81712ca167d1b193a6aad587a8259d1d52c92194acc7bbe750b6c26c6bf4f06afe381721cc7882ba2c467c811f6e39cf952c153494f1958e65d4165ade578671b9c52b4e570f3ae078a11275b55af0592a65c78ba91aed8d3680c56871644cbd5ed1845cd5312b57693f3c6403e875f4cb89c17572e35acce06922d6335a0e19324183659a6946c8cd2686cf2fbabb06585dbca2affcd72d6263613619c78add1a6caa7d36a03b04748d927fdc476559deb8206545840f9758032d33e5cef8d189e114933194163dde732ed4bb1df4a185a0e71a27b9d73927ad0a37d06326ccc5ecfd62f9d9055c44a0d377d75c61918f217c8f8592e6fb5fd95aee4931a4dc0c2e48915a7d6b24b5aaa7d51a23ab2b1a2d6b72cef26b13d115c1482efb3f6a231a4d406904ec09be8ece5da6a88f74688c839818b05da5dcbc81325e8ad5c450a703b5cbcdeaeaea8df128e54c32236930e75505b97a62fc01fda75bc0432d84269a2838afc287f6d67303ba91b5e599b4fa58916a20841a841a3f88b389ed29efbaf860a6bb9252c4fcb226982a9c272d94b3079b9bafaaa7a78ba6c4ae8d156d358bfd1805ba2d14efd831624b20a3dcb0d8ccfe6078f7f57cc3ad5185c52dc29ca5d26369eafc82abcb47760d86f8e334d988494b189dfe8e5e57d298323cbf011ce0beec4767edbf5c7d5415899b6b079ad0b57914b2561b51bd0a8292c23f79aaef7c00580fc9334e3d4c520324f212b9efe86484353fae1769ba5edcea81371d1ef5a7e1c09a6fafa410c89fa34e7dbde4c1dca98bcc94755ec95233a2afa999f77ba39a3f949d1f287ab5e9156352efe9e884529ba207850d0648b39596d24f27b74d200dd289a5ccf9dd96f7a6ba46eff497133db943dff7aafcb31db1d5c6d114244ccb960539aec1821e193f244eeaf5352167681eda09ad0ae462537bebc2427c1451bc1c5ce5961dd9f2dcf8dfa6eba53c3af27c613d7d20aaf22739860af856cab733597fac2346504eee380f882d2f49531e58de25568f3fc77b48ce43ce12193f24cebd1913d8f08ff862b119b8eb4eabc924d92408312ff545e83e3b0cbaeea245d6f8982263614ae2a5bf2ffe13595b3dfd181c351ddce53985434d052642f8631369345d5be37cd19c5fd6f62fce8ecad24013cadd8d8ba0b07696e91e214a5f436cd2bf5be2551f3e2e2bde7703739a82e651cd57c1185df5ac6c540d39fc437821a8b93262e00008a04192ca1f36ce1bb7a00c6300b144e6234bdcfe56a20c16e988871e6540a149ee772eba01084cc964c48386d3c51cf5ef1bd5df20ae589004273cd1741449a881a53ca479164e64781d29c4a2ff8d05318e68729c13aef537f3f263ba5eec80cbf02a7c704ed273e1323510704008e798b644c0810d50d17f7750f3b66d5b2e5069df7ebcc0e6af7482c8a0ee5ec5845fc91e7218639aa2563b6f29d40ca61eb43c9c84b1e31e08844a1ee89124e787782298e910dc0708458e29bc16bf19120e8d991ec44187c26b3ccd8f98a27eee7c1dc23e97bc4e274f94285478f8933a812c10fdd07766b1007755521d21cfca2dab2b3787cca6e8bf33a3d17cb32a17e595d1d94279aa5ae1db06951ce4181e2795e9738abaa67ebfc869ab064f2e02cbe527868922368174b3dbbbc114e93a41691ac9f995a56cf2de796d9b37170cded8a0277bc2b6de9e0a6fef660ae799cf38f35db14b9ff43172fbc0bb48bad3f525257baf55568dede1efa5816b34b251df15764807540b21a3b5532aaf6456d18deb6627e92c2ada2d81345509e947f192e6f3cf79dd43950b9fa193cb57a42a4b6e5aac0bdffcdfd45b191bfc452c28ad92663ce53c9db5a7906e367f5cf610a552e23d2e35e52e9b1d69839108e756dc9fb25ee91044dc7e15be1f91042f07350911e961e0274b57c55749bee1d2768de6fe9f164e5e4923dbb79d00c78ef92cbf8593c4c9be05f55180b6b5396e65ebbb14d2a68c148f3f37ea12ee8077f41dc5b702558ce6918aa5f637a700a498b40349d0e865a354330ebd11e052186620e11d3c93188cbdbf363a85f82cc37933e5da24be3ad786573cd2d0671287da620312947f6756953dd5fc71002fdd1ed2237c1dbc6b3f16740054e522b52229809a177f94d0b8d0a529881947a55472a66d0b14807a305217fef5499fb26aed2e375f091edd5660becf42a020d1883393bd0a6d5a0016efd1371578077c101d532903b40e581ed0eab700af3e67f5ac5565d3ef8d00b45c7f8ed4d6dfbf5851355a5c73449884c7a41f031ce41564f826a7227484033663bb809963efdd960e121198e2bd1fd2a8670b6cdb84883fb19215cf619acc0e4d2fb1673fd0c847fbfe0a80565968f7515ccecf8c90dcfd95b75c5c74507ddb7bb9de1eefcae281d0a8b2d4c03699661aa9862cdfe0aa7fc4925868eae37cd7bf6190b2eeb01012584a0d2854ce191cb38ded59b6e9853a1dc3d68ecc3afd261ffee8dc4b9f02fac34658ac9e543edff3f12fc168cf5cf68c444a93ad2500c2974912c4bf3153832c13cee8cdcb5e183bc20665ff303882a2e08be9aba8120ec85b7f8b8a5af4c6ad590f6d5fc4e8edf8df77b881adbacef032ca710a081a7ac1853ee2b01395398298bb8dbd1cb8dbe2deb3e3debf27b1eb38282ad551882e906645b3cf738940af6781532d5480e20abfd59b95a91c0643a1784e7d1f5bd47939d642ec387b99e4037452fe9680fba96b9835f847b81e239bb16869669e4476661bee6191c0e4329ec945bd5478c933401027ddd19c580eb7a752ea0f94e38af561232da66fa4ab8317eb2cb4a281cc11e14768271f76fd145fdfcee1e3a95beb77004837607a57e27bd8e358218fb0c5f51f844b449bafc68f289504f7921301af41a1bbe8c3176e628627c5b1be81cd8498bdecf4cdb711eef2a708a3e4707894d7cc12b813e4a5f21f6812ffa74b9e57f08bba381399d1d52d29ca03fe61f8345dda36d0e44f8a494906dac1ea1feb0e5829556708e0f0a3d00d384d0af2e1d4fd83902a14df23973148b3a7e8ec5fa9e6d3a0fcbcd46d72efae2d6b70b442d54ea312b939596da42c5cd53d2cbf31398680532d27ee4ad664dffe4bdd7a38406f15b8a009537ef724ac02ea65e9956a37d277f6b90bd9c13dcac08bdb84b4da7417ba67ab6a2050891009e13d4b96613ca8b5e62037c1537886f9c2efb07e782118306f1b750795b53936d834062aba04902535f631b33eef2961349c488ee3e5ea66cc1543619b505f2f6a113c992e8e214c3aad556fd64c69a39c7020127f7249cefe4d17c53a42c0c02557725dd14bc0524cd6d7bb34be5a66391ea6347ba3908eb4fc59f17e738167aaf7f091b99d2d372d5c29991ef66e079c583332afcd897dd9941caed8719b6b5088ccf946d42ebb13ccf46b0c43da5bc170446ceb3341c867aa15e3dad1b3971b634f2bfa56fb5ee1aa6c24dfae35764fffb2fe13ea9a168db0bfa9d7948097d92dbb2e1b1e2f3c6a8c427ca8cd7535307acc2e4839ab5bb7a6208c2def924ba3969a5a50701e34c0ab4ce26fcda86cde5a7622d84e75234eca23ac13520e06f46c5b49b37169d04f93b6266ffe1bd77b4f9a21181c95500a6795faf9fc44a12a67dd59b6c1b686bfdbcdebb4855ff412f4079dbd5b3590f1e6316c5b03000b246982025ae79a6844fb6277a50823a4698042e95d1a8321cca4b8529317177bf6eae49b53ffeed42963c2e91a137779f9bdf89fd25b5815fa44ca8b2045bc1fc61e26b7ca6dba7e4a91a50aa07f7a3f50c00061d013e6e7cef872e78b7556da030d0e9c5c76ed7adb007bea10039cb7957d5c8388d58ccb423134b56de589f6606feac0563d40011f6da0637ae5cccda1cb0e8f2b9faf59514ab0d9adf1801d1d1dda75151cdaa7188b13927bdc1dfebb57d970a8f383d86d1a18f10fcba3e6989d8bafa859a2a34b3d15fa10f35059e46ea49bb8c82909daa211ae4b1c01063c64e50458eb938c0915415638c4bcd07daf1bb8cece7c1e322afc1d75c48f41315d8a69da65111bb128a884e5e1fdc3fbd5e7fa2372180984ba02f72cde3ffcd86faafdedee3fb817fe58f742bc794b183e79c8803d65bbea6dc55d3a7a42e28a3557272df4a893c350b3a1d88ae85990e631a52a143bb8cb6256e04d61409f96c21ed2ac916533bda6b3a6a6e6dc90f9a941893fec05a27635f2fa5d916a47ae850e1520b50dba286bcb53acdced254f94a19a8edfbb19963b1b79d415501d566ec45563595ac22546b5bc1d884c418d6289c5a956e441512d6fee642f7338610a83d3c6a3516482da3ef7a04442f3e54b9b9f9a426f2f530be7ec8e918a2a879f9cc0b9e80593961c1eba7bc051318108932e3e03464a332aa16f45cb0f5f6718096c28ec033dc97f0c6bea1e316d9ba78063b74f8960e6d4d5bbd6f4e8f130561f9b6b8c43679d3ae072f647b5bb4b7291c219833f491facf952f3875ea3b3f6972f8936c42597b75879e39a6e55d691d3148363859979f4bc0fa5d8960dc212e98b8dc47d80b32ed9fbe87005aa1fd8ac7ced2fb332d876f846bebd62d27add4494882ec12e06381e0c0dd50a6404a724e17178cb08fef3f7eb9869fcb344754c6c07485d05aa3b45bcf94f55a1dd57cf95684a4029bb982d413273624f4f9cfee53c97d0c041cd177ff100e609b5be8d0ba9536f9495b790acdd293ba362d00cf1dcda448e9cf46e61d15b5e2cf6962fc860684157dd46f6ccacfbdd6f4e5b7da84a18ab5ed647bc1d4c62c9cbb74088b25fabc47157e1701c378d04c90b275728bc59f2d49dfbcfe5ae274ecd60d5f1d86495961d0aaee92c8ff74df11f3177e9adac0f485e61033217b058db53cfae66fe0554f64f93d4cd3e73db9fb361fbad7a947f36c22178a2f0a29c91e3aa0d0cfea6ce013ab62506da286ddd1acad5996a2ce7ca31316d3b0337097b10f3a5c5d2eee9ac9bcb96598750b7959a5cce52d6190b8e58b294cf7580c28d9a751b768043012968011c921d39eeeb64fb2a7c27ce7efecf6f3fd3270e035bf891253dd2413947f534c775105c48948fc4d3aec1b70d9700600a3d88cb4e8b37036b9bd198f4dac9b86d43772278b59bbbeb9322ba2b679d93031355f83d6bd1d72127ff2f59fd8c4535214cbf9a2bd53a144e56b110474b96d910617981ea15a6c7f16b2c8946df84e85e763952d56cfd96aac069", 0x1000}}, 0x1006)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
write$tun(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="000086dd03000a0000008d0000006809c2b4006806ff0000000000"], 0x9e)

25.320004565s ago: executing program 5 (id=5895):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ptrace(0x10, 0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_XCRS(r3, 0x4188aea7, &(0x7f0000000100)={0x6, 0x0, [{0x1, 0x0, 0x101}, {0x0, 0x0, 0x1}, {0xa6, 0x0, 0x4}, {0x7, 0x0, 0xb}, {0x2, 0x0, 0x4}, {0xfffffffe, 0x0, 0x2}, {0x5, 0x0, 0x1}, {0x80000000, 0x0, 0xb}, {0x9, 0x0, 0x30dcff40}, {0x9, 0x0, 0xd}, {0x1, 0x0, 0xb}, {0xa349, 0x0, 0x8}, {0x0, 0x0, 0x9}, {0xb47e, 0x0, 0x4}, {0x2e7c821a}, {0x80000001, 0x0, 0x4}]})
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000200)={0xbb, "3c9c5f63a7ca50052d0e8102407280aad10042f454b165a0c713b1e3f4fcf9a4a864197f3914301e7001b26d9adc2f0ce3180cdd669a9bbda1eef31ac74878202d9a72df408929574f005a4905f0b41bfbac686c1ac94afc3bce3ef65aa37825a7ff94d61d848cb5e4e62b21b4b23adb395b96502774646d210af87e7f7d3e151446c11b86abe9abd9599aaaecef4a464e6d21e0f5b80afaf1d0d38a5795dc02594f0139205fa2768c416b54acec0e5a24254beafe229807541326"})
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
write$tun(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000001311ff00000000000000000000000000000000ff0200000003000000000000e9ffff004f194e20"], 0x4b)

25.085450022s ago: executing program 5 (id=5896):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000340)={0x0, 0x5d, "cbd77924f5bc18ce731a08fbb07586353422294830da479782fd60f2a35cd7bb3674fb6af4b085185c23a6f7dd7823f6bd9c0b9d7c87054bc64862d887e74a0fdf9ccee3f16e8d1c9f78ccaa4d6063a9217ab25d678931ab49427617b7"}, &(0x7f0000000000)=0x65)
write$tun(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a0000008d0000006c07010033d43afffe800000000000000000000000000010ff02000000000000000000000000000189"], 0x340a)

24.990737296s ago: executing program 5 (id=5897):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
link(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./file1\x00')
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000400)='cramfs\x00', 0xc400, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f00000000c0)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x40000012})
ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000180)={0x0, 0x1, &(0x7f0000000340)=[r2], &(0x7f0000000280), &(0x7f0000000200), &(0x7f00000000c0), 0x0, 0xffffffffffffff3e})
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r0, 0xc018937a, &(0x7f0000000080)={{0x1, 0x1, 0x18, r1, {0x539}}, './cgroup\x00'})

24.947918048s ago: executing program 5 (id=5898):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r0, &(0x7f0000000300)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
connect$netrom(r0, 0x0, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x101802, 0x0)
mmap(&(0x7f0000839000/0x1000)=nil, 0x1000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(ecb-aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040)="11da3cf44b1a8c3d8a39ccbd630e8ef9170ccf07ef1800322de53ae3b183ee66", 0x20)
r4 = accept4(r3, 0x0, 0x0, 0x80000)
recvmsg$can_j1939(r4, 0x0, 0x10000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r5 = open(&(0x7f0000000000)='.\x00', 0x800000, 0x28)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r5, 0x9361, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r4)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={<r7=>0xffffffffffffffff}, 0x111, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000380)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0xb, @empty, 0xfffffffd}, {0xa, 0x4e24, 0x2, @local, 0x80000000}, r7, 0xfffffe4d}}, 0x48)
r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x3)
syz_kvm_setup_cpu$x86(r8, r9, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x52, &(0x7f0000000200)=[@vmwrite={0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x85240000c}], 0x1)
ioctl$F2FS_IOC_SET_PIN_FILE(r1, 0x4004f50d, &(0x7f0000000000)=0x1)
lseek(r2, 0x7, 0x3)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)={0x40040, 0xd2, 0xf}, 0x18)
syz_usb_connect(0x2, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100032cb907103e08010000370102030f090212000106f610000904af6800ff43680e412404"], &(0x7f0000000f40)={0x0, 0x0, 0x0, 0x0})
unshare(0x1c060080)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0x2, @empty, 0x3}, {0xa, 0x4e22, 0x7697e902, @mcast1, 0x26}, r7, 0x8000}}, 0x48)

24.669249309s ago: executing program 5 (id=5899):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = gettid()
capset(&(0x7f0000000280)={0x20080522, r2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYRESDEC, @ANYRES16=r3, @ANYRES64=r2, @ANYRES32=r5, @ANYRES64=r1], 0x1c}, 0x1, 0x0, 0x0, 0x8004}, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xd}}, 0x6}, 0x1c)
r6 = mq_open(&(0x7f0000000240)='\xff\xff', 0x40, 0x20, &(0x7f0000000300)={0x8, 0x4, 0x93c, 0xffffffffffffffff})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103080, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)})
ioctl$KVM_SET_CLOCK(r8, 0x4188aec6, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x20000000000000, 0x4})
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r8, 0xffffffffffffffff, &(0x7f0000024000/0x18000)=nil, &(0x7f0000000680)=[@text16={0x10, &(0x7f0000000280)="66b9800000c00f326635010000000f3064660f38828e4258660f08676ac744240012e93bf96766c744240201000000f20f78ecf5543e660f3829544e66b9800000c00f326635002000000f300f01df66b80500000066b900200000a90a000f01c40f019c09000f01c2", 0x69}], 0x1, 0x7d, 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r8, 0x4068aea3, &(0x7f0000000100)={0xbc, 0x0, 0x4})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000240), 0x10)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$BTRFS_IOC_QUOTA_CTL(r6, 0xc0109428, &(0x7f0000000340)={0x2, 0x110000000000000})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f00000001c0)=[{0x0, 0x0, 0x3, 0x4}]}, 0x10)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @remote}, 0x106}, 0x1c)
sendmmsg(r1, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)="b3", 0x1}], 0x1}}], 0x1, 0x4015)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f0000000380))
socket$kcm(0x10, 0x2, 0x4)
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="040f0401fa1b04cef42bf1b506ac160000000000001077e1745cf2c546be7c38a26b5fcf8d7fa33fc71ec2f4554a8794bab73e8b38c572982b6de513b06451e5a73e525d5b1cb8e98a2986448b82e6b288d2cfed37ed37e9e00f6942ffe542c4cedf0a4a03e8ca"], 0x7)

24.602639271s ago: executing program 34 (id=5899):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = gettid()
capset(&(0x7f0000000280)={0x20080522, r2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYRESDEC, @ANYRES16=r3, @ANYRES64=r2, @ANYRES32=r5, @ANYRES64=r1], 0x1c}, 0x1, 0x0, 0x0, 0x8004}, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xd}}, 0x6}, 0x1c)
r6 = mq_open(&(0x7f0000000240)='\xff\xff', 0x40, 0x20, &(0x7f0000000300)={0x8, 0x4, 0x93c, 0xffffffffffffffff})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103080, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)})
ioctl$KVM_SET_CLOCK(r8, 0x4188aec6, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x20000000000000, 0x4})
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r8, 0xffffffffffffffff, &(0x7f0000024000/0x18000)=nil, &(0x7f0000000680)=[@text16={0x10, &(0x7f0000000280)="66b9800000c00f326635010000000f3064660f38828e4258660f08676ac744240012e93bf96766c744240201000000f20f78ecf5543e660f3829544e66b9800000c00f326635002000000f300f01df66b80500000066b900200000a90a000f01c40f019c09000f01c2", 0x69}], 0x1, 0x7d, 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r8, 0x4068aea3, &(0x7f0000000100)={0xbc, 0x0, 0x4})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000240), 0x10)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$BTRFS_IOC_QUOTA_CTL(r6, 0xc0109428, &(0x7f0000000340)={0x2, 0x110000000000000})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f00000001c0)=[{0x0, 0x0, 0x3, 0x4}]}, 0x10)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @remote}, 0x106}, 0x1c)
sendmmsg(r1, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)="b3", 0x1}], 0x1}}], 0x1, 0x4015)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f0000000380))
socket$kcm(0x10, 0x2, 0x4)
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="040f0401fa1b04cef42bf1b506ac160000000000001077e1745cf2c546be7c38a26b5fcf8d7fa33fc71ec2f4554a8794bab73e8b38c572982b6de513b06451e5a73e525d5b1cb8e98a2986448b82e6b288d2cfed37ed37e9e00f6942ffe542c4cedf0a4a03e8ca"], 0x7)

3.553372098s ago: executing program 4 (id=6097):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) (async, rerun: 64)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (rerun: 64)
r2 = openat$cgroup_type(r1, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_type(r2, &(0x7f0000000280), 0x9) (async)
r3 = openat$cgroup_procs(r1, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f0000000c40), 0x12) (async)
getsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f0000000c00), &(0x7f0000002000)=0x2) (async, rerun: 32)
mount(&(0x7f0000000100)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='udf\x00', 0x200000, 0x0) (rerun: 32)

3.269219965s ago: executing program 4 (id=6100):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000900)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000002100010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a320000000094000000060a010400000000000000000100000608000b40000000006c000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000340001800c00010062697477697365002400028008000340000000040800014000000014080002400000001008000640000000ec0800010073797a30"], 0x108}}, 0x0)

3.169795066s ago: executing program 4 (id=6102):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000800), r0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={0x0}, 0x1, 0x0, 0x0, 0x20004801}, 0x448c0)

3.114608431s ago: executing program 4 (id=6103):
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000080)={0xffffffffffffffff, 0x0, {0x0, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x19, 0xc, "fafd8317e5a114998a1a8dbe43ea6a4996e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985891a7beda9d69098c8b534464c516bdd8e0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a0b2f7b6aa54cc50a1fcaed1e831fa79a00", "67523760fd40f78d2cfc03d81a8cc85ba139c01802c4dae4162e43ac61b7ad33", [0x800000000005, 0x7]}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000795d6c08450c3a616dc4010203010902120001000000000904"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000040)=ANY=[@ANYBLOB="00000100000012"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
setsockopt$nfc_llcp_NFC_LLCP_RW(r4, 0x118, 0x0, &(0x7f00000001c0)=0x2f, 0x4)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000001c0)={0x1, 0x0, [{0x39c, 0x0, 0x7ff}]})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073"], 0x7c}, 0x1, 0x0, 0x0, 0x84000}, 0x0)
r5 = dup(r3)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000040)=@x86={0x1, 0x8, 0x8, 0x0, 0x8003, 0x0, 0xd4, 0xe, 0xfc, 0xc9, 0x81, 0xc5, 0x0, 0x80000ff, 0x4, 0x7f, 0x79, 0x7, 0x4, '\x00', 0x92, 0x84})
ioctl$KVM_SET_VAPIC_ADDR(r5, 0x4008ae93, &(0x7f00000000c0)=0xffff)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='msdos\x00', 0x200000, 0x0)

3.068089263s ago: executing program 0 (id=6104):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000008c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000030000005800018044000400200001000a004e24000000002e003a000000003a000000000000002d02000000210002000a0000000000000cff010000000000000000000000000001000000000d0001007564703a73"], 0x6c}}, 0x0)

3.012727584s ago: executing program 0 (id=6105):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe2000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x56, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r1, 0xd000943e, &(0x7f0000000940)={0x0, 0x0, "21c9a1672922666a727afbacc8947dfd32f1220081d26cd5f0cc3fa52e25888e6763495363df0fdb25d5f8d149d1347e7aae475d15778765601230a32cd1159cae0fdca329df3d77dbb77c66c03c35a42175370447ca82b6b948c32843d5c3f8d37ee5702086e17ae1392f43d0f4d9e90c6cfd4f6f022c3b283bf8b050aed08f407bbd1e8f659fc077a8bc2f73e1828742356ed08d81365dc7771ca380aa78a6cc261113afc23fb5d8adfe91fd2902c71ab634f15e7a7e713396897a86d5ba676fe9f2a20596b96a63dcd49535128ba7e6690200e5aa69e562eed3c5dbc911ca2c5fcc2efe89216e04d991bf00ac67041848420791bebd0ce3b15a56b5dadd0c", "0dd7c4842f633025748821ac522f7e2110ee41b69a2d0c30dcd53eec7b2d5c0931f64aa4679863986fded455050e36ba7dcefb4a9f599ea53f4978806204c0c09f637308bed2dc28bd4930a5801a7400574799dd193993889c1c88c1657c93090a765f547a1f4ac60dcf517df76fda01cf4378c61f9f4ebe858f445a64b596f7d555ac1f6f0bbe7615e305e7c020d5ae561a6ad24ed191f191dab233074d536e21f42510c7754f3cd807690cb1aecc0d24e09e2da1dc8223a1c438eb670cf38b180dc4626e7a13fae01594473666852da531063be8a080fc8d5da37624962135a7ffa336904bae8a20c7a51c89aeaa9d48a35f8c9f6c1ea22d99e4109f37c2ef6625cad2b2a6a7b94e5015ddbff0c09aaf7eaf105273532f7a5d6dfbfaf5ae66e26fb3a4d333bcbb407c99334f2807e87b372b6d5ae8f6508fb9f9d834948e2319aa4b0f1aab5ab2ea1d8cc60cc2c312ddd5d99e763f839678d030f5c64abcdc2a79ae035094353f50319986f4579f948adce33545475ef0f43258dfe45ab92d65ae5253ecf5981f0857c3c3d413fcf30d4cdc1280823b61a3e7f8a195cffc79d83557e1ae054ef8b1cd1056557d8558b5eb77dbca0f39777faecb62e02f943d2daac2190fdb0cc6f4969d22f8d40942fb1b39ff8aaa72c34b8fe62487b124a3bd0bd1c6b2905daf706ee02ab85904f1c3293601fd0868510aca3f4be9afc0be4d0be214654c6baf9f579cac2a566bb34ee1a43c064930223f230b7d4ca8e362a0453719732e47e9658ce815e163f8ae4b8cd99807c10681970a8d635faff435e6055899713479b6513b20fdf17cd796b5d86857f3cb06b068c4fa99e56901d0e9a25a0902a765f81e9a7d8325456bcdca6c2f48315cc412158f1d14b35161d08ad4814acea8dfcecec8875eee1b1536fb60f9f2ad8a9ad86880d726c895d49c5680549be45caaf8aad48c79bc09cf54c07213711b418deb14398f75d3e9868fcf1540f1fa14d54647d12bc2d1ba316380a671e1b85e99915639f002d78ecbde97a73aa90a482188a75076a6445c607abd28dd1f984482ee8a22a2e7780cc825e6e83afe764d44415974d7f0fab6bde49feb3984f1e8700d74d84304b81ee284c0124313b619431137d46a42e4d1d68893a68020baf32bd54608020cab0399a0aeeec26ae4b54c27493c2716120a4c3dd84592f80690d6a74f364cc035b36c3ebc80aa1bfe9a8554017ea1b98aa504b14f98b2ac7c55d6df558c967878d4ab4e3c7e10027ced18058eaec26d3cba3adc08b542db33c4f96e88c8a1bcf37c3e2fe04770149d073d84f5f546e4e98ba7b171301fcada68f223c9dbca52c478e5facd6f7563065181de1cadbf84cc727d116cb24a85385905ca79a0b00f1d8ae89612d2fa5dd6507da1e91afcc515d481d82b74b9bb2b46a9c46fa0f20c7641d538b0150a8c25e63c33bc9a78f765fe647d115dc4040dafc4c4f024d6b8208ef3eb8f6104485ffdae64a311fa3bd8c260dd9ffa12cebd29dd8fa01ef8f1f408759393656c33b117a39b442633bb66aff45ccae5efc0724d0756f2888811c6d2c99948bb59f744713f76feebe27616a066ba2061bcb1642ebcc4770dfbee616e07a4f686b125dac43e3b6b3da278db7183f6da151718c4826fb0101c12221c31ef20e2604fb40fac7b4aaaa9c69239cb13f407499e63dfa3b8a649ef8f2b4deb5c9054cb3a2172406011be465eef972f46b066fcb7a7c0ca63966d3ac273d52e4308e6edfd182d1828d39200fe9e2b33c0e3f60cc4a7e87128e621c040c45ae970d8597f0f9e17d63e5498fb19af16469596abc38726ceb3d1506d4b104ce0eb8e3393524fbe18e3f60c951be7a87251f173910043bca7f88f049d9414d2c9a3a1f785daa31d16deb184e017c53c4e548333bc7184057733062ebde60eacc72ed5db4504e3660eb78f61cac97982c783b76885823f4ae0b47eb44f41ef9a94f82427cd647473caa840f498e24fe0c038f69b4a77a76c19059984446e4a4d7b751132e59d7ffcce10aab8ec3732252d696ec86674595544e654ca80f669fb45a509cf74b2649dfd65f7b924eba91ad0529cab290677b7764820b59e54bfd6c4427e822f77ff3394d8d0f24530a7ff2e0f0b4bbd28c930dd2687b09c34bdf21b6963a12a672062af25f61edc68a52a50029be108784aea060af9082f634edd28fb40620520268d774f91eefe2dd0ddbf5efcfae6ddd788181dad6fac452b05335ae804468b5e190d249a781e9a5929a64a7ccc6c3f95cf63bfa32125d2233b7e238d3349c6fea9ebb366c2c836de73aa2cace7380908f115d27b7f85a1819a11ba6e46ca89cb9f488f1921c6497cc75df5d6c422e032329ca737e11291d444e835cc8a00b7aa5884bda1ddab782ab1fd70d2db17d55ef149d5679c417548f8f7f603b784c06b9dc6845d52b6636d809cac602a313063c8ccba296fc720d90b88d8f79332db2b527bb4848bf340cc9b4847395897468fc4b60488e00e5753c4311e30edac0dddd9dc5871325962c6f6bd2f5e6aebc9ca000667cc400e6b93f315ac93efad4399bc2a661cb74f8d52e60d6eaca75fbdc8e758dbe5ff29c1a0a60b0266e2e8e3f604a041f13f70abe45639f43edf100b32468b360bbc395f5fb4131622d64b7bddada5a2143c1d3f813a8213ba38f6d1eccc5cbd04d40ed982bf5f38603f3988c821d40cdf109b6d49f4ec022eff470d467298d794b6b6da1b466bfeed5c9ec5fd48114e2c17f8d7cd22986b6988fc84bc228c8aeb5ec4ba24f1e0d34b17dffb3b6ca8d9363165bbf8107cae5f8839c30b4c524538ac94a5fe0279c1d42d8ea5a42e700cafc25117009a437f74410ad94745571539c9fa3d8e481059791ef616425dd460bd7518417d812da0e69761056221c03123f229c35e0c9bc7ffd21d4f66c865fe21f02bb7856445b157bcf524fa10054b1cba0c0e6416298bf0db1e5ff15cbf29ce2a2fd0c0ceb6164e240bb113d42b28f18d742d9d00c09c956946306ee26c8154e724df89afb7aff82b4e9666e4b79faa439f6b1ca936c275bf591d5e641beeac0201dfb6421d5c33461d1010e13e817b8b56c7727c4fd407758ba52753963250b3500f04c291e8ca599b34956108b47051ea1c134b46269fb24efa2ea8d5f34db494a32ecf1e8cbb8421e8ec513f2458bcd3e75509caebf52911046353db6b67fff6116d5bf85085f60dc1d841d6a8edc153265be9cf0f0a74f9b532cc02f8f3e44124ee8cb8e23591f354088c333bfdfeeb613a757731576a57cda329a61d83d9559644fab8fcf13003811833828e6ee91005c30e3d3c458a97217675c489d70ffbd9a9ac5e62e48722ae23a761480adc828395f1ede603fb31e88af02d9c5a4bf03a235b301e0680321130754a38c16353b8d29f5b4a9ea56fe852914bd457f9d0f2522a17e269d57d2104b73f01edd5c3a285c144843f1b291415b12230c1eb373b1eab718db31881beebb28aa1ef8a12b0c418d9b4be16d579e13a041cf18d906b56955f005f95833bc78b66d9c75c8d17628d087eccf40ce909c15d1e34f4291cdc410cf9ea3c365776fb2b6f221dd91157d959e5ac24bc0b0ae98f03bfe6992148f355399806f9b6d7bf57ee57b79f6516ce5f04fa148c2fc1b1656a6d63b9e471b624d6b9912e6219f56edfc9177f5399bebb8c2980d6a7af893f3151bf00109f078db17e4f63de67ce8afd52d14d8a21b905d781db9e640cf8081ebe221d0004c391d37d6500930a4a21508e830f4e47bf222ff124d099d995736b28ed1ad81c1750b30694ca69f957dc678f630734097bb607be88346e7ec4e00d2c1da684713bd893a84acd3de841d913bd3518d43bdf4706f7fa48f0a05834df8813699c5f7bc7d1e00dac3c5d99daaf6090f9ad158c58d5c0b8b2e29fe27912dcc83b44597fe93bc5e9051dca4742d8aa8bbc9c992b15136f76e15dab0d2e7c23732dded4e8c1233f4758516d129e0054a903ad6d8f1af4ebe601285fadb2a4a3ec5acd34355b1a881bfc798000d5be26414a0fed3ca119ffcb9692b6f561d5debf28edae910e41833741aee885312df3a4e65bf96f169725780596aa6ac77de294f63b16da9c3b687430a7f03f33051daa8358757bf4e93ed532a3bcb168a529e41a544800bb1460f4a5e9cc5c24e15539f2dee65954953e9db641dfbde1b3768b3cb1e167dd9a8fe0365716e00ceaeaafa03b765e22db8eda33582e15de345fae703b306cfe4e87290b7965ea90f642dccc3c3bbbc566774ff6fecda96d31a830834bd82c6fc1aa3ddab79adfe366e7a06bc0059e042957eefd1bcfec7804c4e1c6db480bb9c92bf034cd1035af1d073523f2f6ad9c803a15c1398c712f8f8de5155a42cc8f79896f22c8b3c5867a013004bd5a3db3270f9505063bdd1f0ab2505d2750f9358c5636230d8de26483f3b8d180c60777bb653f424b987889f1138dc62e4f4ea8af9e1f2edc5502581e3582f90c0a76de9750f5a3f15855a9a168d78ef50e9952ae7b6d374b992b9032bca837b312048de595369c55720c8e76a1554991e5740bd3e5a17c1d0f6abb3485c3155e6be73f5f762e44424f1effcb0d08afa4ff07319f408f6d3ea24f656db76ffcb7fb529bef7358c3e50fd956b9e35db4e8538c6fccfb41b9ef56a910fc95b0658cc68e342e4adfac597b7aec0f838e25dcfbdd32ac73252ce65ca9003639ddb602ba9011b1c374e1d4254415383171d2826dbd7e7c8de6511ed366208f2087932ae79ba150323c52c2ab2cd763433c755e3c4479781115b3cf4d7eb6c9956fecf753660da5023894ce1bbb5e87f72096a668882bb602bd90b05e3679de9b163a33bd69429496a0478d8908a6fb0b904f2e41669167b34c6f24f22e13d0e2b3e67b31b0b3527a11ffee41fa006ff1e595e5452145101cd6e585dba439821b87b04300fc0b314bea382787d7e89ec87bff2c380722a8d4a6d5358283241c7591602420f3f1707473332af00bf48f51d2c344b8b667fce41841904133baabf2d53b9b42a822ad69b18298ac385d8788d26146f4a429c40e8037c2398865d7bf23ca9b3a1eb9c086a77d5afc3ade60e4aa18e66eb8df99dacfed46bfb63a5714fdad0d3e3324f5cb83e51ec84098c9c0a4d26c57565d4c8e0cf3eca18f92bf03aefd7afd406dd0670f3083bcc6827bab5b4a35030d2f39953705a404cad966bd1a128c53050866cbc4f71d218ec606c4b1707dff4de3cc03b868fa531082a82c0f4daa6bf58da0fdb852aa021139c62040da3775673d09889d1f8dd0a67ef327c3665cedbcdcaa4f5f227efe64964d10e1b60092a8abaa507ac78e29e0f61d20c2880aa2179f729e78972e8b2c258df404866fbe72a26cdeac"})
ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, &(0x7f0000002240)={{0x0, 0x0, 0xffffffef, {0x0, 0xf000, 0x1}}, '\x00', "000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b529e106802e62be00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ddff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030ff00"})

2.874483711s ago: executing program 0 (id=6106):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ptrace(0x10, 0x1)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000200)={0xbb, "3c9c5f63a7ca50052d0e8102407280aad10042f454b165a0c713b1e3f4fcf9a4a864197f3914301e7001b26d9adc2f0ce3180cdd669a9bbda1eef31ac74878202d9a72df408929574f005a4905f0b41bfbac686c1ac94afc3bce3ef65aa37825a7ff94d61d848cb5e4e62b21b4b23adb395b96502774646d210af87e7f7d3e151446c11b86abe9abd9599aaaecef4a464e6d21e0f5b80afaf1d0d38a5795dc02594f0139205fa2768c416b54acec0e5a24254beafe229807541326"})
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
write$tun(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000001311ff00000000000000000000000000000000ff0200000003000000000000e9ffff004f194e20"], 0x4b)

2.681677521s ago: executing program 0 (id=6107):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, 0x0)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
write$tun(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000001311ff00000000000000000000000000000000ff0200000003000000000000e9ffff004f194e20"], 0x4b)

2.601567739s ago: executing program 0 (id=6108):
r0 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x82b80, 0x0)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r1, 0x84, 0x23, &(0x7f0000000240)={0x0, 0x2}, 0x8)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000000)={0x0, 0x2}, &(0x7f0000000040)=0x8)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x20000023896)
ioctl$TIOCSERGETLSR(r0, 0x5459, &(0x7f0000000300))
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001200), 0x181101, 0x0)
ioctl$TCSBRKP(r2, 0x5425, 0x4)
ioctl$TCSBRKP(r2, 0x5425, 0x40000000005)
syz_usb_connect$uac1(0x0, 0xac, 0x0, 0x0)
set_mempolicy(0x1, &(0x7f00000002c0)=0x3, 0x5)
r3 = signalfd(r1, &(0x7f0000000080)={[0xffffffffffffef53]}, 0x8)
ioctl$EVIOCGMASK(r3, 0x80104592, &(0x7f00000000c0)={0x12, 0x9f, &(0x7f00000003c0)="532b1354650e71d35d74a4edc038d53d5c5af6dd3dd21903ac23411343d286918f06fd083a159da46d1ccfb6970830e975598adcc474f902aeeb6574b5962df0ac5e2494f2b1d00683e2683e3c7af1541f61bf08d79de7f924cc5b2a3765377c63f2e7ae9d3b8bd50c2e85967a31605b3900f62df704114a4487ac9c5b7628b1ec2d995403616a62bcfa922e9d3ed5dec91556c62b571894d5788496f64004"})
ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000380)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000180)={0x98f911, 0x8000, '\x00', @p_u8=&(0x7f0000000340)=0x3}})
r4 = socket$kcm(0x10, 0x2, 0x0)
ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x8000})
syz_kvm_setup_cpu$x86(r3, r3, &(0x7f0000280000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000001c0)="66baf80cb83e04a78aef66bafc0c66ed0fc71d80dd000066b8a4000f00d00fc759273624b0c4e3790490cb000000051b20f40f20e035400000000f22e0b8000000000f23c80f21f835080060000f23f8", 0x50}], 0x1, 0x4b, &(0x7f0000000280), 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="4c00000002060108000034e400000000000000020500010006000000050004000000fe000900020073797a3100000000050005000200000012000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="54000000090601080000000000000000050000000900020073797a310000000005000100070000002c000780060004404e21000005000700e30000000c00018008000140850101010c00028008000140"], 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001a00910c07a551559a257aac81"], 0xfe33)
r7 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x88980, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x22052, r7, 0x5708e000)

2.195342653s ago: executing program 2 (id=6114):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe2000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x56, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, &(0x7f0000002240)={{0x0, 0x0, 0xffffffef, {0x0, 0xf000, 0x1}}, '\x00', "000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b529e106802e62be00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ddff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030ff00"})

2.09374786s ago: executing program 2 (id=6115):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
write$tun(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="000086dd03000a0000008d0000006809c2b4006806ff00000000000000000000000000000000ff020000000000000000000000000001"], 0x9e)

1.977323562s ago: executing program 2 (id=6116):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, 0x0)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
write$tun(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000001311ff00000000000000000000000000000000ff0200000003000000000000e9ffff004f194e20"], 0x4b)

1.935137679s ago: executing program 2 (id=6118):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="ac0000000001010400000000000000000a0000003c0001802c000180140003000000000000000000000000000000000014000400ff0100000000000000000000002f00010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8000000000000000000000000000aa0c00028005000100000000000800074000000000180006801400040020"], 0xac}, 0x1, 0x0, 0x0, 0x4000}, 0x4000894)

1.865030144s ago: executing program 2 (id=6120):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000800), r0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000840)={0x14, r1, 0x1, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20004801}, 0x448c0)

1.852721267s ago: executing program 2 (id=6121):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc000000010902"], 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$netlink(0x10, 0x3, 0xf)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket(0x2b, 0x80801, 0x1)
syz_open_dev$sndpcmc(&(0x7f0000000480), 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a30000000002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a300009000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d6574610000000014000280080001400000001208000240000000", @ANYRES16=r0], 0xc4}}, 0x0)

1.824484541s ago: executing program 6 (id=6122):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000340)={0x0, 0x1c, "cbd77924f5bc18ce731a08fbb07586353422294830da479782fd60f2"}, 0x0)
write$tun(r0, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x340a)

1.735449115s ago: executing program 6 (id=6123):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2)
write$tun(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="001c86dd0700100000001400000060ec97000fc811f9fe8000000000000000000000000000aaff020000000000000000000000000001"], 0xffe)

1.676028845s ago: executing program 6 (id=6124):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0)
write$tun(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="000086dd03000a0000008d0000006809c2b4006806ff00000000000000000000000000000000ff020000000000000000000000000001"], 0x9e)

1.595803608s ago: executing program 6 (id=6125):
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000040)={0x0, 0x9}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
close(r3)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000140)="5c000000130025cc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514000cc00800050007000200060019c00364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) (fail_nth: 5)

1.328094621s ago: executing program 6 (id=6126):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, 0x0)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
write$tun(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000001311ff00000000000000000000000000000000ff0200000003000000000000e9ffff004f194e20"], 0x4b)

1.173160804s ago: executing program 6 (id=6127):
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f00000034c0)={0x2020}, 0xcac)
mmap(&(0x7f0000ff0000/0xd000)=nil, 0xd000, 0x100000e, 0x20c44fb6edc09a38, r0, 0x0)
recvmsg(r0, &(0x7f0000001a00)={&(0x7f00000001c0)=@ll, 0x80, &(0x7f0000002e80)=[{&(0x7f00000018c0)=""/121, 0x79}, {&(0x7f00000003c0)=""/177, 0xb1}, {&(0x7f0000006500)=""/4108, 0x100c}, {&(0x7f0000001480)=""/218, 0xda}, {&(0x7f0000001580)=""/103, 0x67}, {&(0x7f0000001600)=""/159, 0x9f}, {&(0x7f00000016c0)=""/228, 0xe4}, {&(0x7f00000017c0)=""/222, 0xde}, {&(0x7f0000002e00)=""/96, 0x60}], 0x9, &(0x7f0000001940)=""/191, 0xbf}, 0x40012102)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000001100)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f00000001c0)=0x8)
recvmsg$inet_nvme(r1, &(0x7f0000002d80)={&(0x7f0000001a40)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @remote}}, 0x80, &(0x7f0000002d00)=[{&(0x7f0000001ac0)=""/121, 0x79}, {&(0x7f0000001b40)=""/87, 0x57}, {&(0x7f0000001bc0)=""/4096, 0x1000}, {&(0x7f0000002bc0)=""/60, 0x3c}, {&(0x7f0000002c00)=""/115, 0x73}, {&(0x7f0000005500)=""/4096, 0x1000}, {&(0x7f0000002c80)=""/72, 0x48}], 0x7}, 0x100)
r2 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x29})
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000140)={&(0x7f0000564000/0x4000)=nil, 0x4000})
r3 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000280)={0x0, 0x0, r4, <r5=>0x0})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000500)={&(0x7f0000ff8000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x2000, 0x2})
sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000000906010200000000000000000200dbff08000940000000390900020073797a3100000000050001000700000014000880100007800c00018008000140e0000002"], 0x44}, 0x1, 0x0, 0x0, 0x10000082}, 0x4000080)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r3, 0xc01864b0, &(0x7f0000000240)={r4, r5, 0x0, 0x0, 0x4})
ioctl$DRM_IOCTL_MODE_RMFB(r0, 0xc00464af, &(0x7f0000000000)=r5)
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000480)={&(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, r4})
r7 = socket$kcm(0x10, 0x2, 0x0)
bind$inet(r0, &(0x7f0000002dc0)={0x2, 0x4e24, @loopback}, 0x10)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb92e0a4831371400000069bd6efb2502eaf60d000300020400bf050005001201", 0x2e}], 0x1}, 0x0)

1.118771769s ago: executing program 0 (id=6128):
r0 = socket$inet_sctp(0x2, 0x5, 0x84) (async)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000000)={<r1=>0x0, 0xffffa909}, &(0x7f0000000040)=0x8) (async)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
r3 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0)
syz_usb_disconnect(r3)
syz_usb_connect$cdc_ecm(0x5, 0x56, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000102505a1a4400000000101090244000101000000090400001202060000052406000005240000000d240f00e50000008700060000090581030002"], 0x0) (async)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0)
r5 = dup(r4)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.numa_stat\x00', 0x275a, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
r6 = socket$packet(0x11, 0x3, 0x300) (async)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'vcan0\x00', <r7=>0x0})
sendto$packet(r6, &(0x7f0000000000)='g', 0x48, 0x0, &(0x7f00000000c0)={0x11, 0xd, r7, 0x1, 0x0, 0x6, @remote}, 0x14) (async)
close_range(r5, r5, 0x2) (async)
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
r8 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r8, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) (async)
setsockopt$SO_RDS_TRANSPORT(r8, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) (async)
setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r8, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) (async)
sendmsg$xdp(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f00000007c0)="ad237f1863d2d2d1a397e2a489c4ee1564e9eefdb4b79061470cc823e53d854435579529b39d744f960b8ed0bba79f9df628ff262afb11e4c03b500df2985e8f7a86f3ab28aa6e65dc1668e18aa4168755523a88d020c8955b46806d3f69f8112e948be32c675bd54ac2a8fae35dd71d00f06ab2cea8236060d1dcf3d1edf529357f70b8e066aaf93e5b32683568c00392ab3f0f8b1ac8a2ec51caacb1cc69306d814957a18b04bec4fae32726ae9013fe17948367ec6494080c4859841ebdb4d9237640caef0b7010d47901", 0xcc}, {&(0x7f0000000d80)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df895d9907e4afb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b907e0974f1073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf4dee8512f3bac440f5d5e4bed6b897608b01eae26a54433e5f5c74a2ee3c2fc50067be05a677ff52a7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fedb679328f114f7c8238ac955391b24614d91be1701ae07c170a9c299fcf3d0ac4cea07e88fbf66b697883af17a06ac3f9954eb2fbd20f101802cd023fc48c", 0x3a2}, {&(0x7f0000000540)="d805d6a36cce59e7ed5a1f89dd32d02bfe653c", 0x13}], 0x3, 0x0, 0x0, 0x8004}, 0x0) (async)
sendmsg$NL80211_CMD_JOIN_MESH(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40)
ppoll(&(0x7f0000000080)=[{r8, 0xa006}], 0x1, 0x0, 0x0, 0x0) (async)
r9 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000001100)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x32}}]}, &(0x7f0000000180)=0x10) (async)
getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r10=>0x0}, &(0x7f0000001080)=0x8)
setsockopt$inet_sctp_SCTP_ADD_STREAMS(r5, 0x84, 0x79, &(0x7f0000000080)={r10, 0x4}, 0x8) (async)
getsockopt$kcm_KCM_RECV_DISABLE(r2, 0x29, 0x1a, 0x0, 0x20000000)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={r1, 0x8}, &(0x7f00000000c0)=0x8)

31.174143ms ago: executing program 4 (id=6129):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000800), r0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000840)={0x14, r1, 0x1, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20004801}, 0x448c0)

0s ago: executing program 4 (id=6130):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000900)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000002200010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a320000000094000000060a010400000000000000000100000608000b40000000006c000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000340001800c00010062697477697365002400028008000340000000040800014000000014080002400000001008000640000000ec0800010073797a30"], 0x108}}, 0x0)

kernel console output (not intermixed with test programs):

065.990135][T22829]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1065.990152][T22829]  ? tun_get+0x1c/0x2f0
[ 1065.990173][T22829]  ? tun_get+0x1c/0x2f0
[ 1065.990194][T22829]  ? rcu_is_watching+0x15/0xb0
[ 1065.990214][T22829]  ? tun_get+0x1c/0x2f0
[ 1065.990234][T22829]  ? lock_release+0x4b/0x3e0
[ 1065.990252][T22829]  ? common_file_perm+0x1b5/0x230
[ 1065.990277][T22829]  ? tun_get+0x1c/0x2f0
[ 1065.990299][T22829]  tun_chr_write_iter+0x113/0x200
[ 1065.990322][T22829]  vfs_write+0x5c6/0xb30
[ 1065.990344][T22829]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1065.990366][T22829]  ? __pfx_vfs_write+0x10/0x10
[ 1065.990396][T22829]  ? __fget_files+0x2a/0x420
[ 1065.990423][T22829]  ksys_write+0x145/0x250
[ 1065.990444][T22829]  ? __pfx_ksys_write+0x10/0x10
[ 1065.990462][T22829]  ? rcu_is_watching+0x15/0xb0
[ 1065.990486][T22829]  ? rcu_is_watching+0x15/0xb0
[ 1065.990508][T22829]  do_syscall_64+0xfa/0x3b0
[ 1065.990531][T22829]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1065.990547][T22829]  ? clear_bhb_loop+0x60/0xb0
[ 1065.990565][T22829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1065.990581][T22829] RIP: 0033:0x7ff06898ebe9
[ 1065.990603][T22829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1065.990618][T22829] RSP: 002b:00007ff069769038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1065.990637][T22829] RAX: ffffffffffffffda RBX: 00007ff068bb5fa0 RCX: 00007ff06898ebe9
[ 1065.990650][T22829] RDX: 0000000000000ffe RSI: 0000200000000380 RDI: 0000000000000003
[ 1065.990661][T22829] RBP: 00007ff069769090 R08: 0000000000000000 R09: 0000000000000000
[ 1065.990672][T22829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1065.990682][T22829] R13: 00007ff068bb6038 R14: 00007ff068bb5fa0 R15: 00007ffdb23376c8
[ 1065.990701][T22829]  </TASK>
[ 1066.016346][T22832] netlink: 256 bytes leftover after parsing attributes in process `syz.2.5562'.
[ 1066.778393][T22811] kexec: Could not allocate control_code_buffer
[ 1066.814842][T22855] netlink: 'syz.0.5569': attribute type 12 has an invalid length.
[ 1067.055140][T22870] ptrace attach of "./syz-executor exec"[17525] was attempted by "./syz-executor exec"[22870]
[ 1067.074223][T20124] Bluetooth: hci4: ACL packet for unknown connection handle 201
[ 1067.083559][T20124] Bluetooth: hci4: ACL packet for unknown connection handle 201
[ 1067.092570][T20124] Bluetooth: hci4: ACL packet for unknown connection handle 201
[ 1067.101548][T20124] Bluetooth: hci4: ACL packet for unknown connection handle 201
[ 1067.484487][T20123] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1067.491971][T20123] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1067.499682][T20123] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1067.508308][T20123] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1067.515912][T20123] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1067.610658][T22881] lo speed is unknown, defaulting to 1000
[ 1067.749566][T22881] chnl_net:caif_netlink_parms(): no params data found
[ 1067.812098][T22881] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1067.819369][T22881] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1067.826599][T22881] bridge_slave_0: entered allmulticast mode
[ 1067.834145][T22881] bridge_slave_0: entered promiscuous mode
[ 1067.842759][T22881] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1067.850313][T22881] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1067.858004][T22881] bridge_slave_1: entered allmulticast mode
[ 1067.865046][T22881] bridge_slave_1: entered promiscuous mode
[ 1067.887615][T13821] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[ 1067.893612][T22881] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1067.908192][T22881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1067.944247][T22881] team0: Port device team_slave_0 added
[ 1067.955136][T22881] team0: Port device team_slave_1 added
[ 1067.994654][T22881] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1068.002586][T22881] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1068.034792][T22881] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1068.049282][T13821] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1068.070415][T22881] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1068.070459][T13821] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1068.077522][T22881] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1068.107534][T13821] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1068.116625][T22881] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1068.137474][T13821] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1068.147020][T22895] netlink: 'syz.4.5581': attribute type 5 has an invalid length.
[ 1068.155904][T22895] netlink: 'syz.4.5581': attribute type 25 has an invalid length.
[ 1068.156604][T13821] usb 6-1: config 0 descriptor??
[ 1068.205657][T22881] hsr_slave_0: entered promiscuous mode
[ 1068.214257][T22881] hsr_slave_1: entered promiscuous mode
[ 1068.220795][T22881] debugfs: 'hsr0' already exists in 'hsr'
[ 1068.226573][T22881] Cannot create hsr debugfs directory
[ 1068.341744][   T33] bridge_slave_1: left allmulticast mode
[ 1068.353452][   T33] bridge_slave_1: left promiscuous mode
[ 1068.362789][   T33] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1068.387155][   T33] bridge_slave_0: left allmulticast mode
[ 1068.396990][   T33] bridge_slave_0: left promiscuous mode
[ 1068.405571][   T33] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1068.542450][   T33] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1068.564273][   T33] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1068.584808][   T33] bond0 (unregistering): (slave wlan1): Releasing backup interface
[ 1068.599538][T13821] cp2112 0003:10C4:EA90.0031: unknown main item tag 0x0
[ 1068.610862][T13821] cp2112 0003:10C4:EA90.0031: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.5-1/input0
[ 1068.624257][   T33] bond0 (unregistering): Released all slaves
[ 1068.709988][   T33] tipc: Left network mode
[ 1068.906010][T13821] cp2112 0003:10C4:EA90.0031: error requesting version
[ 1068.915102][   T33] hsr_slave_0: left promiscuous mode
[ 1068.915902][T13821] cp2112 0003:10C4:EA90.0031: probe with driver cp2112 failed with error -71
[ 1068.932717][   T33] hsr_slave_1: left promiscuous mode
[ 1068.944266][   T33] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1068.952803][T13821] usb 6-1: USB disconnect, device number 16
[ 1068.968618][   T33] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1069.042891][   T33] team0 (unregistering): Port device team_slave_1 removed
[ 1069.056327][   T33] team0 (unregistering): Port device team_slave_0 removed
[ 1069.537520][T20123] Bluetooth: hci2: command tx timeout
[ 1069.703715][T22881] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1069.715399][T22881] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1069.739926][T22881] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1069.750646][T22881] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1069.845431][T22881] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1069.900875][T22881] 8021q: adding VLAN 0 to HW filter on device team0
[ 1069.915748][T16274] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1069.922912][T16274] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1069.940855][T16276] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1069.948071][T16276] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1070.122364][T22881] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1070.163380][T22965] netlink: 'syz.4.5589': attribute type 12 has an invalid length.
[ 1070.179375][T22881] veth0_vlan: entered promiscuous mode
[ 1070.187208][T22963] netlink: 'syz.5.5591': attribute type 5 has an invalid length.
[ 1070.201138][T22963] netlink: 'syz.5.5591': attribute type 25 has an invalid length.
[ 1070.213722][T22881] veth1_vlan: entered promiscuous mode
[ 1070.246465][T22881] veth0_macvtap: entered promiscuous mode
[ 1070.255171][T22881] veth1_macvtap: entered promiscuous mode
[ 1070.280587][T22881] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1070.295770][T22881] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1070.309197][T16274] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1070.319531][T16274] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1070.341573][T16274] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1070.359033][T12173] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1070.431145][T12173] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1070.447961][T12173] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1070.471751][T12173] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1070.481249][T12173] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1070.525745][T22981] netlink: 'syz.2.5577': attribute type 27 has an invalid length.
[ 1070.577079][T22981] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1070.584673][T22981] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1070.643576][T22981] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1070.655765][T22981] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1070.738346][T22926] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1070.765810][T22926] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1070.775082][T22926] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1070.800225][T22926] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1070.821379][T22989] tipc: Started in network mode
[ 1070.826634][T22989] tipc: Node identity ., cluster identity 4711
[ 1070.836240][T22989] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[ 1070.888463][T22991] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5599'.
[ 1070.901248][T22991] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5599'.
[ 1071.441719][T22997] sp0: Synchronizing with TNC
[ 1071.488468][T22999] [U] �
[ 1071.617808][T20123] Bluetooth: hci2: command tx timeout
[ 1071.631226][T23015] netlink: 'syz.0.5608': attribute type 5 has an invalid length.
[ 1071.640375][T23015] netlink: 'syz.0.5608': attribute type 25 has an invalid length.
[ 1071.807274][T23026] netlink: 'syz.0.5612': attribute type 27 has an invalid length.
[ 1071.834659][T23024] netlink: 'syz.5.5611': attribute type 5 has an invalid length.
[ 1071.844282][T23024] netlink: 'syz.5.5611': attribute type 25 has an invalid length.
[ 1071.871066][T23029] FAULT_INJECTION: forcing a failure.
[ 1071.871066][T23029] name failslab, interval 1, probability 0, space 0, times 0
[ 1071.885332][T23029] CPU: 1 UID: 0 PID: 23029 Comm: syz.0.5613 Not tainted 6.17.0-rc2-next-20250818-syzkaller #0 PREEMPT(full) 
[ 1071.885363][T23029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1071.885377][T23029] Call Trace:
[ 1071.885386][T23029]  <TASK>
[ 1071.885394][T23029]  dump_stack_lvl+0x189/0x250
[ 1071.885432][T23029]  ? __pfx____ratelimit+0x10/0x10
[ 1071.885457][T23029]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1071.885487][T23029]  ? __pfx__printk+0x10/0x10
[ 1071.885516][T23029]  ? __pfx___might_resched+0x10/0x10
[ 1071.885543][T23029]  ? lock_acquire+0x5f/0x360
[ 1071.885567][T23029]  should_fail_ex+0x414/0x560
[ 1071.885599][T23029]  should_failslab+0xa8/0x100
[ 1071.885623][T23029]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1071.885645][T23029]  ? __alloc_skb+0x112/0x2d0
[ 1071.885701][T23029]  __alloc_skb+0x112/0x2d0
[ 1071.885736][T23029]  alloc_skb_with_frags+0xca/0x890
[ 1071.885766][T23029]  ? rcu_is_watching+0x15/0xb0
[ 1071.885795][T23029]  ? lock_release+0x4b/0x3e0
[ 1071.885817][T23029]  ? __might_fault+0xb0/0x130
[ 1071.885839][T23029]  sock_alloc_send_pskb+0x857/0x990
[ 1071.885870][T23029]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[ 1071.885888][T23029]  ? is_bpf_text_address+0x26/0x2b0
[ 1071.885912][T23029]  ? rcu_is_watching+0x15/0xb0
[ 1071.885939][T23029]  ? rcu_is_watching+0x15/0xb0
[ 1071.885967][T23029]  ? iov_iter_advance+0x8b/0x1c0
[ 1071.885993][T23029]  tun_get_user+0xa43/0x3e20
[ 1071.886024][T23029]  ? rcu_is_watching+0x15/0xb0
[ 1071.886050][T23029]  ? lock_release+0x4b/0x3e0
[ 1071.886076][T23029]  ? aa_file_perm+0x44d/0x1550
[ 1071.886094][T23029]  ? __pfx_tun_get_user+0x10/0x10
[ 1071.886121][T23029]  ? _parse_integer_limit+0x1ae/0x1f0
[ 1071.886144][T23029]  ? kstrtoull+0x12f/0x1d0
[ 1071.886166][T23029]  ? ref_tracker_alloc+0x318/0x460
[ 1071.886185][T23029]  ? get_pid_task+0x20/0x1f0
[ 1071.886203][T23029]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1071.886223][T23029]  ? tun_get+0x1c/0x2f0
[ 1071.886249][T23029]  ? tun_get+0x1c/0x2f0
[ 1071.886274][T23029]  ? rcu_is_watching+0x15/0xb0
[ 1071.886301][T23029]  ? tun_get+0x1c/0x2f0
[ 1071.886326][T23029]  ? lock_release+0x4b/0x3e0
[ 1071.886349][T23029]  ? common_file_perm+0x1b5/0x230
[ 1071.886380][T23029]  ? tun_get+0x1c/0x2f0
[ 1071.886408][T23029]  tun_chr_write_iter+0x113/0x200
[ 1071.886437][T23029]  vfs_write+0x5c6/0xb30
[ 1071.886463][T23029]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1071.886490][T23029]  ? __pfx_vfs_write+0x10/0x10
[ 1071.886520][T23029]  ? __fget_files+0x2a/0x420
[ 1071.886552][T23029]  ksys_write+0x145/0x250
[ 1071.886577][T23029]  ? __pfx_ksys_write+0x10/0x10
[ 1071.886600][T23029]  ? rcu_is_watching+0x15/0xb0
[ 1071.886629][T23029]  ? rcu_is_watching+0x15/0xb0
[ 1071.886657][T23029]  do_syscall_64+0xfa/0x3b0
[ 1071.886684][T23029]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1071.886704][T23029]  ? clear_bhb_loop+0x60/0xb0
[ 1071.886736][T23029]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1071.886756][T23029] RIP: 0033:0x7fa8d3b8ebe9
[ 1071.886776][T23029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1071.886795][T23029] RSP: 002b:00007fa8d49e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1071.886817][T23029] RAX: ffffffffffffffda RBX: 00007fa8d3db5fa0 RCX: 00007fa8d3b8ebe9
[ 1071.886832][T23029] RDX: 000000000000009e RSI: 00002000000002c0 RDI: 0000000000000003
[ 1071.886846][T23029] RBP: 00007fa8d49e6090 R08: 0000000000000000 R09: 0000000000000000
[ 1071.886859][T23029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1071.886872][T23029] R13: 00007fa8d3db6038 R14: 00007fa8d3db5fa0 R15: 00007ffef76cfcd8
[ 1071.886894][T23029]  </TASK>
[ 1072.241371][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1072.301898][T23032] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5614'.
[ 1072.452263][T23042] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5619'.
[ 1072.462611][T23042] netlink: 32 bytes leftover after parsing attributes in process `syz.5.5619'.
[ 1072.737748][T16298] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[ 1072.887429][T16298] usb 6-1: Using ep0 maxpacket: 8
[ 1072.894881][T16298] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1072.905248][T16298] usb 6-1: config 1 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1072.921075][T16298] usb 6-1: config 1 interface 0 has no altsetting 0
[ 1072.933746][T16298] usb 6-1: New USB device found, idVendor=05ac, idProduct=025a, bcdDevice= 0.40
[ 1072.945062][T16298] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1072.953443][T16298] usb 6-1: Product: syz
[ 1072.959725][T16298] usb 6-1: Manufacturer: syz
[ 1072.964563][T16298] usb 6-1: SerialNumber: syz
[ 1073.132554][T23057] netlink: 'syz.4.5623': attribute type 5 has an invalid length.
[ 1073.186689][T23044] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5620'.
[ 1073.204124][T23060] fuse: Unknown parameter 'grou00000000000000000000'
[ 1073.210179][T23044] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1073.222475][T23044] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1073.263119][T16298] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input37
[ 1073.295172][T16298] usb 6-1: USB disconnect, device number 17
[ 1073.446610][T23074] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1073.458013][T23074] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1073.707551][T20123] Bluetooth: hci2: command tx timeout
[ 1073.851195][T23079] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5631'.
[ 1073.898090][T23083] fuse: Unknown parameter 'grou00000000000000000000'
[ 1074.196487][T23094] FAULT_INJECTION: forcing a failure.
[ 1074.196487][T23094] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1074.209979][T23094] CPU: 0 UID: 0 PID: 23094 Comm: syz.5.5638 Not tainted 6.17.0-rc2-next-20250818-syzkaller #0 PREEMPT(full) 
[ 1074.210011][T23094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1074.210025][T23094] Call Trace:
[ 1074.210033][T23094]  <TASK>
[ 1074.210042][T23094]  dump_stack_lvl+0x189/0x250
[ 1074.210079][T23094]  ? __pfx____ratelimit+0x10/0x10
[ 1074.210103][T23094]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1074.210134][T23094]  ? __pfx__printk+0x10/0x10
[ 1074.210162][T23094]  ? __might_fault+0xb0/0x130
[ 1074.210187][T23094]  ? rcu_is_watching+0x15/0xb0
[ 1074.210216][T23094]  should_fail_ex+0x414/0x560
[ 1074.210251][T23094]  _copy_from_iter+0x1de/0x1790
[ 1074.210278][T23094]  ? rcu_is_watching+0x15/0xb0
[ 1074.210304][T23094]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[ 1074.210328][T23094]  ? __pfx__copy_from_iter+0x10/0x10
[ 1074.210352][T23094]  ? __build_skb_around+0x262/0x3f0
[ 1074.210381][T23094]  ? rcu_is_watching+0x15/0xb0
[ 1074.210407][T23094]  ? tun_get_user+0x75e/0x3e20
[ 1074.210436][T23094]  skb_copy_datagram_from_iter+0xf5/0x720
[ 1074.210460][T23094]  ? iov_iter_single_seg_count+0xc9/0x2f0
[ 1074.210494][T23094]  tun_get_user+0x1691/0x3e20
[ 1074.210524][T23094]  ? rcu_is_watching+0x15/0xb0
[ 1074.210555][T23094]  ? aa_file_perm+0x44d/0x1550
[ 1074.210585][T23094]  ? __pfx_tun_get_user+0x10/0x10
[ 1074.210611][T23094]  ? _parse_integer_limit+0x1ae/0x1f0
[ 1074.210634][T23094]  ? kstrtoull+0x12f/0x1d0
[ 1074.210657][T23094]  ? ref_tracker_alloc+0x318/0x460
[ 1074.210678][T23094]  ? get_pid_task+0x20/0x1f0
[ 1074.210698][T23094]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1074.210720][T23094]  ? tun_get+0x1c/0x2f0
[ 1074.210745][T23094]  ? tun_get+0x1c/0x2f0
[ 1074.210770][T23094]  ? rcu_is_watching+0x15/0xb0
[ 1074.210796][T23094]  ? tun_get+0x1c/0x2f0
[ 1074.210821][T23094]  ? lock_release+0x4b/0x3e0
[ 1074.210844][T23094]  ? common_file_perm+0x1b5/0x230
[ 1074.210874][T23094]  ? tun_get+0x1c/0x2f0
[ 1074.210901][T23094]  tun_chr_write_iter+0x113/0x200
[ 1074.210929][T23094]  vfs_write+0x5c6/0xb30
[ 1074.210955][T23094]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1074.210983][T23094]  ? __pfx_vfs_write+0x10/0x10
[ 1074.211011][T23094]  ? __fget_files+0x2a/0x420
[ 1074.211043][T23094]  ksys_write+0x145/0x250
[ 1074.211069][T23094]  ? __pfx_ksys_write+0x10/0x10
[ 1074.211091][T23094]  ? rcu_is_watching+0x15/0xb0
[ 1074.211121][T23094]  ? rcu_is_watching+0x15/0xb0
[ 1074.211148][T23094]  do_syscall_64+0xfa/0x3b0
[ 1074.211175][T23094]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1074.211195][T23094]  ? clear_bhb_loop+0x60/0xb0
[ 1074.211218][T23094]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1074.211239][T23094] RIP: 0033:0x7ff06898ebe9
[ 1074.211257][T23094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1074.211276][T23094] RSP: 002b:00007ff069769038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1074.211298][T23094] RAX: ffffffffffffffda RBX: 00007ff068bb5fa0 RCX: 00007ff06898ebe9
[ 1074.211314][T23094] RDX: 0000000000000046 RSI: 0000200000000200 RDI: 0000000000000003
[ 1074.211328][T23094] RBP: 00007ff069769090 R08: 0000000000000000 R09: 0000000000000000
[ 1074.211342][T23094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1074.211355][T23094] R13: 00007ff068bb6038 R14: 00007ff068bb5fa0 R15: 00007ffdb23376c8
[ 1074.211377][T23094]  </TASK>
[ 1074.685975][T23096] kvm_intel: kvm [23095]: vcpu5, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0x8900480001ff
[ 1074.699329][T23096] fuse: Unknown parameter 'otmode'
[ 1074.841849][T23100] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5641'.
[ 1074.851496][T23100] netlink: 32 bytes leftover after parsing attributes in process `syz.5.5641'.
[ 1074.897735][T23103] fuse: Unknown parameter 'grou00000000000000000000'
[ 1075.136219][T23112] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5647'.
[ 1075.427610][T16298] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[ 1075.597492][T16298] usb 3-1: Using ep0 maxpacket: 16
[ 1075.604261][T16298] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1075.614539][T16298] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1075.625949][T16298] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1075.635564][T16298] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1075.643896][T16298] usb 3-1: Product: syz
[ 1075.657431][T16298] usb 3-1: Manufacturer: syz
[ 1075.662114][T16298] usb 3-1: SerialNumber: syz
[ 1075.688792][T23125] loop2: detected capacity change from 0 to 7
[ 1075.696030][T23125] Dev loop2: unable to read RDB block 7
[ 1075.702318][T23125]  loop2: AHDI p1 p2 p3
[ 1075.706649][T23125] loop2: partition table partially beyond EOD, truncated
[ 1075.715032][T23125] loop2: p1 start 1601398130 is beyond EOD, truncated
[ 1075.722474][T23125] loop2: p2 start 1702059890 is beyond EOD, truncated
[ 1075.752232][T21752] udevd[21752]: symlink '../../loop2' '/dev/disk/by-diskseq/293.tmp-b7:2' failed: Read-only file system
[ 1075.778208][T20123] Bluetooth: hci2: command tx timeout
[ 1075.804030][T21752] udevd[21752]: symlink '../../loop2' '/dev/disk/by-diskseq/293.tmp-b7:2' failed: Read-only file system
[ 1075.842361][T21752] udevd[21752]: symlink '../../loop2' '/dev/disk/by-diskseq/293.tmp-b7:2' failed: Read-only file system
[ 1075.867866][T21752] udevd[21752]: symlink '../../loop2' '/dev/disk/by-diskseq/293.tmp-b7:2' failed: Read-only file system
[ 1075.889259][T16298] usb 3-1: 0:2 : does not exist
[ 1075.916014][T16298] usb 3-1: USB disconnect, device number 64
[ 1075.951077][T21765] udevd[21765]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1076.130425][T23132] validate_nla: 3 callbacks suppressed
[ 1076.130445][T23132] netlink: 'syz.0.5652': attribute type 5 has an invalid length.
[ 1076.148857][T23132] netlink: 'syz.0.5652': attribute type 25 has an invalid length.
[ 1076.390207][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.396154][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.403635][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.409997][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.419330][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.425327][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.433494][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.482312][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.486102][T23161] netlink: 'syz.4.5657': attribute type 12 has an invalid length.
[ 1076.491783][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.514434][T21765] udevd[21765]: symlink '../../loop2' '/dev/disk/by-diskseq/294.tmp-b7:2' failed: Read-only file system
[ 1076.532534][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.542183][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.550783][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.556735][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.563663][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.563678][T23163] netlink: 100 bytes leftover after parsing attributes in process `syz.2.5658'.
[ 1076.581027][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.588707][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.594552][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.623706][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.645271][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.662592][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.680348][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.693131][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.705718][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.717993][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.734133][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.762102][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.792661][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.804083][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.818001][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.824016][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.844227][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.860177][T23155] /dev/rnullb0: Can't open blockdev
[ 1076.928155][T23155] /dev/rnullb0: Can't open blockdev
[ 1077.150722][T16298] libceph: connect (1)[c::]:6789 error -101
[ 1077.171966][T16298] libceph: mon0 (1)[c::]:6789 connect error
[ 1077.232452][T23186] netlink: 'syz.4.5661': attribute type 17 has an invalid length.
[ 1077.240436][T23186] netlink: 'syz.4.5661': attribute type 16 has an invalid length.
[ 1077.259858][T23186] netlink: 152 bytes leftover after parsing attributes in process `syz.4.5661'.
[ 1077.296105][T23188] netlink: 'syz.0.5663': attribute type 5 has an invalid length.
[ 1077.307361][T23188] netlink: 'syz.0.5663': attribute type 25 has an invalid length.
[ 1077.438884][T13821] libceph: connect (1)[c::]:6789 error -101
[ 1077.446798][T13821] libceph: mon0 (1)[c::]:6789 connect error
[ 1077.464878][T23195] ceph: Path missing in source
[ 1077.495635][T23197] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5666'.
[ 1077.536475][T21765] udevd[21765]: symlink '../../loop2' '/dev/disk/by-diskseq/294.tmp-b7:2' failed: Read-only file system
[ 1077.541260][T23202] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1077.559405][T23202] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1077.567881][T23200] ptrace attach of "./syz-executor exec"[15546] was attempted by "./syz-executor exec"[23200]
[ 1077.726949][T21765] udevd[21765]: symlink '../../loop2' '/dev/disk/by-diskseq/294.tmp-b7:2' failed: Read-only file system
[ 1077.813821][T23211] openvswitch: netlink: Unknown VXLAN extension attribute 0
[ 1077.824636][T23211] netlink: 14 bytes leftover after parsing attributes in process `syz.5.5671'.
[ 1077.921504][T21765] udevd[21765]: symlink '../../loop2' '/dev/disk/by-diskseq/294.tmp-b7:2' failed: Read-only file system
[ 1077.932340][T23218] netlink: 'syz.2.5675': attribute type 12 has an invalid length.
[ 1077.950871][T23181] ceph: No mds server is up or the cluster is laggy
[ 1077.967713][T13821] libceph: connect (1)[c::]:6789 error -101
[ 1077.974211][T13821] libceph: mon0 (1)[c::]:6789 connect error
[ 1078.003840][T21765] udevd[21765]: symlink '../../loop2' '/dev/disk/by-diskseq/294.tmp-b7:2' failed: Read-only file system
[ 1078.028305][T23224] FAULT_INJECTION: forcing a failure.
[ 1078.028305][T23224] name failslab, interval 1, probability 0, space 0, times 0
[ 1078.041263][T23224] CPU: 0 UID: 0 PID: 23224 Comm: syz.5.5677 Not tainted 6.17.0-rc2-next-20250818-syzkaller #0 PREEMPT(full) 
[ 1078.041295][T23224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1078.041310][T23224] Call Trace:
[ 1078.041319][T23224]  <TASK>
[ 1078.041328][T23224]  dump_stack_lvl+0x189/0x250
[ 1078.041366][T23224]  ? __pfx____ratelimit+0x10/0x10
[ 1078.041391][T23224]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1078.041422][T23224]  ? __pfx__printk+0x10/0x10
[ 1078.041452][T23224]  ? fs_reclaim_acquire+0x7d/0x100
[ 1078.041478][T23224]  ? rcu_is_watching+0x15/0xb0
[ 1078.041504][T23224]  ? __pfx___might_resched+0x10/0x10
[ 1078.041530][T23224]  ? lock_acquire+0x5f/0x360
[ 1078.041555][T23224]  should_fail_ex+0x414/0x560
[ 1078.041596][T23224]  should_failslab+0xa8/0x100
[ 1078.041621][T23224]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1078.041644][T23224]  ? __alloc_skb+0x112/0x2d0
[ 1078.041673][T23224]  __alloc_skb+0x112/0x2d0
[ 1078.041701][T23224]  netlink_sendmsg+0x5c6/0xb30
[ 1078.041733][T23224]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1078.041762][T23224]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1078.041793][T23224]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1078.041823][T23224]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1078.041850][T23224]  __sock_sendmsg+0x219/0x270
[ 1078.041875][T23224]  ____sys_sendmsg+0x505/0x830
[ 1078.041907][T23224]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1078.041941][T23224]  ? import_iovec+0x74/0xa0
[ 1078.041970][T23224]  ___sys_sendmsg+0x21f/0x2a0
[ 1078.042001][T23224]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1078.042048][T23224]  ? __fget_files+0x2a/0x420
[ 1078.042076][T23224]  ? __fget_files+0x3a0/0x420
[ 1078.042109][T23224]  __x64_sys_sendmsg+0x19b/0x260
[ 1078.042140][T23224]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1078.042175][T23224]  ? __pfx_ksys_write+0x10/0x10
[ 1078.042198][T23224]  ? rcu_is_watching+0x15/0xb0
[ 1078.042226][T23224]  ? rcu_is_watching+0x15/0xb0
[ 1078.042254][T23224]  do_syscall_64+0xfa/0x3b0
[ 1078.042281][T23224]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1078.042301][T23224]  ? clear_bhb_loop+0x60/0xb0
[ 1078.042324][T23224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1078.042344][T23224] RIP: 0033:0x7ff06898ebe9
[ 1078.042364][T23224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1078.042383][T23224] RSP: 002b:00007ff069769038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1078.042405][T23224] RAX: ffffffffffffffda RBX: 00007ff068bb5fa0 RCX: 00007ff06898ebe9
[ 1078.042421][T23224] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[ 1078.042434][T23224] RBP: 00007ff069769090 R08: 0000000000000000 R09: 0000000000000000
[ 1078.042447][T23224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1078.042459][T23224] R13: 00007ff068bb6038 R14: 00007ff068bb5fa0 R15: 00007ffdb23376c8
[ 1078.042481][T23224]  </TASK>
[ 1078.397422][T23228] fuse: Unknown parameter 'group_id00000000000000000000'
[ 1078.522570][T23230] /dev/rnullb0: Can't open blockdev
[ 1078.535435][T23234] ptrace attach of "./syz-executor exec"[21096] was attempted by "./syz-executor exec"[23234]
[ 1078.892648][T23246] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5686'.
[ 1078.924618][T23246] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5686'.
[ 1079.062337][T23252] fuse: Unknown parameter 'group_id00000000000000000000'
[ 1079.114268][T23254] netlink: 'syz.2.5689': attribute type 1 has an invalid length.
[ 1079.114655][T23255] /dev/rnullb0: Can't open blockdev
[ 1079.160539][T23258] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5690'.
[ 1079.663124][T23263] ptrace attach of "./syz-executor exec"[21096] was attempted by "./syz-executor exec"[23263]
[ 1079.855061][T23265] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1079.866367][T23265] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1080.058933][T23269] FAULT_INJECTION: forcing a failure.
[ 1080.058933][T23269] name failslab, interval 1, probability 0, space 0, times 0
[ 1080.071779][T23269] CPU: 1 UID: 0 PID: 23269 Comm: syz.2.5695 Not tainted 6.17.0-rc2-next-20250818-syzkaller #0 PREEMPT(full) 
[ 1080.071810][T23269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1080.071825][T23269] Call Trace:
[ 1080.071833][T23269]  <TASK>
[ 1080.071842][T23269]  dump_stack_lvl+0x189/0x250
[ 1080.071878][T23269]  ? __pfx____ratelimit+0x10/0x10
[ 1080.071904][T23269]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1080.071935][T23269]  ? __pfx__printk+0x10/0x10
[ 1080.071965][T23269]  ? fs_reclaim_acquire+0x7d/0x100
[ 1080.071990][T23269]  ? rcu_is_watching+0x15/0xb0
[ 1080.072017][T23269]  ? __pfx___might_resched+0x10/0x10
[ 1080.072044][T23269]  ? lock_acquire+0x5f/0x360
[ 1080.072069][T23269]  should_fail_ex+0x414/0x560
[ 1080.072103][T23269]  should_failslab+0xa8/0x100
[ 1080.072137][T23269]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1080.072160][T23269]  ? __alloc_skb+0x112/0x2d0
[ 1080.072190][T23269]  __alloc_skb+0x112/0x2d0
[ 1080.072218][T23269]  netlink_sendmsg+0x5c6/0xb30
[ 1080.072250][T23269]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1080.072279][T23269]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1080.072310][T23269]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1080.072339][T23269]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1080.072365][T23269]  __sock_sendmsg+0x219/0x270
[ 1080.072389][T23269]  ____sys_sendmsg+0x505/0x830
[ 1080.072421][T23269]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1080.072456][T23269]  ? import_iovec+0x74/0xa0
[ 1080.072485][T23269]  ___sys_sendmsg+0x21f/0x2a0
[ 1080.072516][T23269]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1080.072563][T23269]  ? __fget_files+0x2a/0x420
[ 1080.072591][T23269]  ? __fget_files+0x3a0/0x420
[ 1080.072623][T23269]  __x64_sys_sendmsg+0x19b/0x260
[ 1080.072655][T23269]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1080.072689][T23269]  ? __pfx_ksys_write+0x10/0x10
[ 1080.072716][T23269]  ? rcu_is_watching+0x15/0xb0
[ 1080.072738][T23269]  do_syscall_64+0xfa/0x3b0
[ 1080.072758][T23269]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1080.072772][T23269]  ? clear_bhb_loop+0x60/0xb0
[ 1080.072789][T23269]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1080.072802][T23269] RIP: 0033:0x7f6e5c38ebe9
[ 1080.072816][T23269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1080.072828][T23269] RSP: 002b:00007f6e5d214038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1080.072844][T23269] RAX: ffffffffffffffda RBX: 00007f6e5c5b5fa0 RCX: 00007f6e5c38ebe9
[ 1080.072855][T23269] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[ 1080.072865][T23269] RBP: 00007f6e5d214090 R08: 0000000000000000 R09: 0000000000000000
[ 1080.072874][T23269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1080.072883][T23269] R13: 00007f6e5c5b6038 R14: 00007f6e5c5b5fa0 R15: 00007ffd9f210608
[ 1080.072899][T23269]  </TASK>
[ 1080.357484][T12264] usb 6-1: new full-speed USB device number 18 using dummy_hcd
[ 1080.410314][T23276] fuse: Bad value for 'user_id'
[ 1080.415353][T23276] fuse: Bad value for 'user_id'
[ 1080.446275][T23278] netlink: 'syz.2.5698': attribute type 12 has an invalid length.
[ 1080.519948][T12264] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1080.530441][T12264] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00
[ 1080.540493][T12264] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1080.550369][T12264] usb 6-1: config 0 descriptor??
[ 1080.617980][T23283] /dev/rnullb0: Can't open blockdev
[ 1080.652677][T23285] ptrace attach of "./syz-executor exec"[22881] was attempted by "./syz-executor exec"[23285]
[ 1080.849483][T23289] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5703'.
[ 1080.862869][T23289] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5703'.
[ 1081.137505][T16372] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[ 1081.165004][T23267] netlink: 14 bytes leftover after parsing attributes in process `syz.5.5694'.
[ 1081.175810][T12264] usbhid 6-1:0.0: can't add hid device: -71
[ 1081.183331][T12264] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1081.192892][T12264] usb 6-1: USB disconnect, device number 18
[ 1081.289741][T16372] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1081.300868][T16372] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1081.307564][T16372] usb 3-1: New USB device found, idVendor=044e, idProduct=1215, bcdDevice= 0.00
[ 1081.316627][T16372] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1081.326086][T16372] usb 3-1: config 0 descriptor??
[ 1081.709677][T23295] fuse: Bad value for 'user_id'
[ 1081.714594][T23295] fuse: Bad value for 'user_id'
[ 1081.742669][T16372] hid-alps 0003:044E:1215.0032: hidraw0: USB HID v0.04 Device [HID 044e:1215] on usb-dummy_hcd.2-1/input0
[ 1081.783281][T23297] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5707'.
[ 1081.815361][   T30] audit: type=1326 audit(1755526270.273:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23296 comm="syz.5.5707" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff06898ebe9 code=0x0
[ 1081.929528][T23304] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[ 1081.938515][T16372] usb 3-1: USB disconnect, device number 65
[ 1081.981840][T23306] ptrace attach of "./syz-executor exec"[14970] was attempted by "./syz-executor exec"[23306]
[ 1082.113013][T23308] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1082.121058][T23308] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1082.337810][T23312] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1082.486527][T23316] fuse: Bad value for 'user_id'
[ 1082.491624][T23316] fuse: Bad value for 'user_id'
[ 1082.523698][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.529604][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.535434][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.541503][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.547217][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.553368][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.560380][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.566526][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.572673][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.578913][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.584900][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.590764][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.596633][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.602567][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.608580][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.614473][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.621775][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.627692][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.633587][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.639776][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.645753][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.651673][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.658004][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.664639][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.670973][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.676841][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.682898][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.688928][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.695267][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.701148][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.707119][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.713285][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.719193][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.725056][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.731346][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.737275][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.743929][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.749997][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.756007][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.762489][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.768718][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.775167][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.781837][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.788049][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.794058][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.800502][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.806408][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.812650][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.819299][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.825195][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.831804][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.838111][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.844066][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.850312][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.856373][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.862577][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.869099][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.874934][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.881397][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.887956][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.894153][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.900774][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.906720][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.913027][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.920095][T23319] /dev/rnullb0: Can't open blockdev
[ 1082.958743][T23321] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5718'.
[ 1082.971583][T23321] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5718'.
[ 1083.024838][T23327] ptrace attach of "./syz-executor exec"[21096] was attempted by "./syz-executor exec"[23327]
[ 1083.088180][T23325] validate_nla: 2 callbacks suppressed
[ 1083.088203][T23325] netlink: 'syz.2.5719': attribute type 5 has an invalid length.
[ 1083.103495][T23325] netlink: 'syz.2.5719': attribute type 25 has an invalid length.
[ 1083.192630][T23332] FAULT_INJECTION: forcing a failure.
[ 1083.192630][T23332] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1083.205984][T23332] CPU: 0 UID: 0 PID: 23332 Comm: syz.5.5722 Not tainted 6.17.0-rc2-next-20250818-syzkaller #0 PREEMPT(full) 
[ 1083.206006][T23332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1083.206016][T23332] Call Trace:
[ 1083.206024][T23332]  <TASK>
[ 1083.206030][T23332]  dump_stack_lvl+0x189/0x250
[ 1083.206058][T23332]  ? __pfx____ratelimit+0x10/0x10
[ 1083.206076][T23332]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1083.206098][T23332]  ? __pfx__printk+0x10/0x10
[ 1083.206117][T23332]  ? __might_fault+0xb0/0x130
[ 1083.206135][T23332]  ? rcu_is_watching+0x15/0xb0
[ 1083.206156][T23332]  should_fail_ex+0x414/0x560
[ 1083.206180][T23332]  _copy_from_iter+0x1de/0x1790
[ 1083.206205][T23332]  ? rcu_is_watching+0x15/0xb0
[ 1083.206224][T23332]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[ 1083.206241][T23332]  ? __pfx__copy_from_iter+0x10/0x10
[ 1083.206258][T23332]  ? __build_skb_around+0x262/0x3f0
[ 1083.206279][T23332]  ? netlink_sendmsg+0x642/0xb30
[ 1083.206298][T23332]  ? skb_put+0x11b/0x210
[ 1083.206319][T23332]  netlink_sendmsg+0x6b2/0xb30
[ 1083.206341][T23332]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1083.206361][T23332]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1083.206384][T23332]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1083.206405][T23332]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1083.206424][T23332]  __sock_sendmsg+0x219/0x270
[ 1083.206441][T23332]  ____sys_sendmsg+0x505/0x830
[ 1083.206465][T23332]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1083.206489][T23332]  ? import_iovec+0x74/0xa0
[ 1083.206508][T23332]  ___sys_sendmsg+0x21f/0x2a0
[ 1083.206531][T23332]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1083.206564][T23332]  ? __fget_files+0x2a/0x420
[ 1083.206584][T23332]  ? __fget_files+0x3a0/0x420
[ 1083.206607][T23332]  __x64_sys_sendmsg+0x19b/0x260
[ 1083.206630][T23332]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1083.206655][T23332]  ? __pfx_ksys_write+0x10/0x10
[ 1083.206674][T23332]  ? rcu_is_watching+0x15/0xb0
[ 1083.206694][T23332]  do_syscall_64+0xfa/0x3b0
[ 1083.206713][T23332]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1083.206728][T23332]  ? clear_bhb_loop+0x60/0xb0
[ 1083.206744][T23332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1083.206759][T23332] RIP: 0033:0x7ff06898ebe9
[ 1083.206772][T23332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1083.206785][T23332] RSP: 002b:00007ff069769038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1083.206802][T23332] RAX: ffffffffffffffda RBX: 00007ff068bb5fa0 RCX: 00007ff06898ebe9
[ 1083.206813][T23332] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[ 1083.206823][T23332] RBP: 00007ff069769090 R08: 0000000000000000 R09: 0000000000000000
[ 1083.206832][T23332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1083.206841][T23332] R13: 00007ff068bb6038 R14: 00007ff068bb5fa0 R15: 00007ffdb23376c8
[ 1083.206857][T23332]  </TASK>
[ 1083.515767][T23334] /dev/rnullb0: Can't open blockdev
[ 1083.548632][T23336] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[ 1083.584253][T23338] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5725'.
[ 1083.596720][T23338] /dev/rnullb0: Can't open blockdev
[ 1083.632635][T23341] FAULT_INJECTION: forcing a failure.
[ 1083.632635][T23341] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1083.637797][T16372] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[ 1083.646241][T23341] CPU: 1 UID: 0 PID: 23341 Comm: syz.5.5726 Not tainted 6.17.0-rc2-next-20250818-syzkaller #0 PREEMPT(full) 
[ 1083.646276][T23341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1083.646290][T23341] Call Trace:
[ 1083.646299][T23341]  <TASK>
[ 1083.646309][T23341]  dump_stack_lvl+0x189/0x250
[ 1083.646350][T23341]  ? __pfx____ratelimit+0x10/0x10
[ 1083.646377][T23341]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1083.646411][T23341]  ? __pfx__printk+0x10/0x10
[ 1083.646441][T23341]  ? __might_fault+0xb0/0x130
[ 1083.646470][T23341]  ? rcu_is_watching+0x15/0xb0
[ 1083.646501][T23341]  should_fail_ex+0x414/0x560
[ 1083.646538][T23341]  _copy_from_user+0x2d/0xb0
[ 1083.646571][T23341]  kstrtouint_from_user+0xc4/0x170
[ 1083.646594][T23341]  ? __might_fault+0xb0/0x130
[ 1083.646618][T23341]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1083.646646][T23341]  ? vfs_write+0x211/0xb30
[ 1083.646672][T23341]  ? rcu_is_watching+0x15/0xb0
[ 1083.646703][T23341]  proc_fail_nth_write+0x88/0x200
[ 1083.646727][T23341]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1083.646748][T23341]  ? security_file_permission+0x75/0x290
[ 1083.646777][T23341]  ? preempt_count_add+0x91/0x1a0
[ 1083.646804][T23341]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1083.646826][T23341]  vfs_write+0x27e/0xb30
[ 1083.646864][T23341]  ? __pfx_vfs_write+0x10/0x10
[ 1083.646894][T23341]  ? __fget_files+0x3a0/0x420
[ 1083.646925][T23341]  ? __fget_files+0x2a/0x420
[ 1083.646961][T23341]  ksys_write+0x145/0x250
[ 1083.646988][T23341]  ? __pfx_ksys_write+0x10/0x10
[ 1083.647012][T23341]  ? rcu_is_watching+0x15/0xb0
[ 1083.647045][T23341]  ? rcu_is_watching+0x15/0xb0
[ 1083.647075][T23341]  do_syscall_64+0xfa/0x3b0
[ 1083.647105][T23341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1083.647127][T23341]  ? clear_bhb_loop+0x60/0xb0
[ 1083.647153][T23341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1083.647175][T23341] RIP: 0033:0x7ff06898d69f
[ 1083.647195][T23341] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1083.647215][T23341] RSP: 002b:00007ff069769030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1083.647241][T23341] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff06898d69f
[ 1083.647259][T23341] RDX: 0000000000000001 RSI: 00007ff0697690a0 RDI: 0000000000000005
[ 1083.647274][T23341] RBP: 00007ff069769090 R08: 0000000000000000 R09: 0000000000000000
[ 1083.647289][T23341] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1083.647309][T23341] R13: 00007ff068bb6038 R14: 00007ff068bb5fa0 R15: 00007ffdb23376c8
[ 1083.647334][T23341]  </TASK>
[ 1083.948932][T23343] fuse: Bad value for 'fd'
[ 1084.063409][T23347] netlink: 'syz.5.5729': attribute type 5 has an invalid length.
[ 1084.071881][T23347] netlink: 'syz.5.5729': attribute type 25 has an invalid length.
[ 1084.079645][T16372] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1084.089815][T16372] usb 3-1: config 3 has an invalid interface number: 3 but max is 0
[ 1084.098229][T16372] usb 3-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[ 1084.109742][T16372] usb 3-1: config 3 has no interface number 0
[ 1084.119334][T16372] usb 3-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db
[ 1084.129085][T16372] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1084.137566][T16372] usb 3-1: Product: ၢ掱ᨃຳᖳᇱó
[ 1084.143666][T16372] usb 3-1: Manufacturer: 꽩甇쓿禯룐⟷墟恭㡲ﱸ졠ᙠ莚ᎊ᳤ℋ휡肴堇헽䔠㻯흰㕦ϡ댅艴흀鼐䤙륦眓냌绖뮌翟ꬡ긓㲿Ӂ䟽싔是怏仚벩짳Ⱜ鉶輍㲨篮Ꞿꞧ蟕僥뾞勀籷꟯塚봍房꼒⚠羔ꐼ鹔稠꥛㺔襧됓ᤑ꺴繷譁탾꒶戮껶襜轱섵䃳㡴ퟆꅠ㴣᪸⋺숷碑樼쬦ﵺ岖⌈盲佂⿛芺䝀ꙻ칊
[ 1084.187400][T16372] usb 3-1: SerialNumber: 㷒覐⎝Ꟛ醼絬굁庰Ⱬ䴡猜䐄뾸燭헬铞錹㡼糸絔㽘ك䗆ፖ⻗帒덉梘᲋㧖醜ፐ瀧뜈Ჰ쒃᡻騀㞣琧Ꞅꐔ꿋߽浂駭핻攏䱣뒖䩐薖绬今ޕ줰㚂ニℍ앍ᨯ梚媣큶
[ 1084.217158][T23350] ptrace attach of "./syz-executor exec"[21096] was attempted by "./syz-executor exec"[23350]
[ 1085.388549][T23368] netlink: 'syz.0.5736': attribute type 27 has an invalid length.
[ 1085.439709][T23372] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[ 1085.467839][T13821] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[ 1085.507420][T16372] usb 3-1: reset high-speed USB device number 66 using dummy_hcd
[ 1085.528268][T23380] /dev/rnullb0: Can't open blockdev
[ 1085.563345][T23382] ptrace attach of "./syz-executor exec"[14970] was attempted by "./syz-executor exec"[23382]
[ 1085.637543][T13821] usb 6-1: Using ep0 maxpacket: 8
[ 1085.644423][T13821] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1085.654454][T13821] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1085.664832][T13821] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1085.675305][T13821] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1085.688707][T13821] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1085.703530][T16372] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1085.712913][T16372] usb 3-1: device firmware changed
[ 1085.716529][T13821] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1085.726968][T16372] usb 3-1: USB disconnect, device number 66
[ 1085.823360][T23390] /dev/rnullb0: Can't open blockdev
[ 1085.865775][T23392] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5747'.
[ 1085.877754][T16372] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[ 1085.940577][T13821] usb 6-1: GET_CAPABILITIES returned 0
[ 1085.943156][T23398] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1085.946282][T13821] usbtmc 6-1:16.0: can't read capabilities
[ 1085.972877][T23398] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1086.022359][T16298] usb 6-1: USB disconnect, device number 19
[ 1086.062029][T16372] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1086.079134][T23409] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5752'.
[ 1086.083882][T16372] usb 3-1: config 3 has an invalid interface number: 3 but max is 0
[ 1086.098822][T23409] netlink: 32 bytes leftover after parsing attributes in process `syz.5.5752'.
[ 1086.106836][T16372] usb 3-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[ 1086.127402][T16372] usb 3-1: config 3 has no interface number 0
[ 1086.140176][T16372] usb 3-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db
[ 1086.154481][T16372] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1086.162982][T16372] usb 3-1: Product: syz
[ 1086.167418][T16372] usb 3-1: Manufacturer: syz
[ 1086.172259][T16372] usb 3-1: SerialNumber: syz
[ 1086.189665][T23414] /dev/rnullb0: Can't open blockdev
[ 1086.198599][T16372] usb 3-1: can't set config #3, error -71
[ 1086.213736][T16372] usb 3-1: USB disconnect, device number 67
[ 1086.263177][T23416] /dev/rnullb0: Can't open blockdev
[ 1086.271679][T23418] fuse: Bad value for 'fd'
[ 1086.285939][T23420] netlink: 'syz.2.5757': attribute type 5 has an invalid length.
[ 1086.298497][T23420] netlink: 'syz.2.5757': attribute type 25 has an invalid length.
[ 1086.465233][T23432] netdevsim netdevsim0 ������: renamed from netdevsim0
[ 1086.476224][T23434] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5764'.
[ 1086.529073][T23438] fuse: Bad value for 'fd'
[ 1086.545670][T23441] FAULT_INJECTION: forcing a failure.
[ 1086.545670][T23441] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1086.561936][T23441] CPU: 1 UID: 0 PID: 23441 Comm: syz.2.5767 Not tainted 6.17.0-rc2-next-20250818-syzkaller #0 PREEMPT(full) 
[ 1086.561970][T23441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1086.561984][T23441] Call Trace:
[ 1086.561992][T23441]  <TASK>
[ 1086.562001][T23441]  dump_stack_lvl+0x189/0x250
[ 1086.562039][T23441]  ? __pfx____ratelimit+0x10/0x10
[ 1086.562065][T23441]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1086.562096][T23441]  ? __pfx__printk+0x10/0x10
[ 1086.562128][T23441]  ? rcu_is_watching+0x15/0xb0
[ 1086.562157][T23441]  should_fail_ex+0x414/0x560
[ 1086.562192][T23441]  _copy_to_user+0x31/0xb0
[ 1086.562221][T23441]  simple_read_from_buffer+0xe1/0x170
[ 1086.562250][T23441]  proc_fail_nth_read+0x1b3/0x220
[ 1086.562271][T23441]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1086.562293][T23441]  ? rw_verify_area+0x2a6/0x4d0
[ 1086.562317][T23441]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1086.562337][T23441]  vfs_read+0x1fd/0xa30
[ 1086.562360][T23441]  ? fdget_pos+0x247/0x320
[ 1086.562390][T23441]  ? __pfx___mutex_lock+0x10/0x10
[ 1086.562416][T23441]  ? __pfx_vfs_read+0x10/0x10
[ 1086.562443][T23441]  ? __fget_files+0x3a0/0x420
[ 1086.562470][T23441]  ? __fget_files+0x2a/0x420
[ 1086.562503][T23441]  ksys_read+0x145/0x250
[ 1086.562528][T23441]  ? __pfx_ksys_read+0x10/0x10
[ 1086.562549][T23441]  ? rcu_is_watching+0x15/0xb0
[ 1086.562579][T23441]  ? rcu_is_watching+0x15/0xb0
[ 1086.562605][T23441]  do_syscall_64+0xfa/0x3b0
[ 1086.562632][T23441]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1086.562653][T23441]  ? clear_bhb_loop+0x60/0xb0
[ 1086.562675][T23441]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1086.562695][T23441] RIP: 0033:0x7f6e5c38d5fc
[ 1086.562713][T23441] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1086.562740][T23441] RSP: 002b:00007f6e5d214030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1086.562764][T23441] RAX: ffffffffffffffda RBX: 00007f6e5c5b5fa0 RCX: 00007f6e5c38d5fc
[ 1086.562780][T23441] RDX: 000000000000000f RSI: 00007f6e5d2140a0 RDI: 0000000000000004
[ 1086.562793][T23441] RBP: 00007f6e5d214090 R08: 0000000000000000 R09: 0000000000000000
[ 1086.562807][T23441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1086.562819][T23441] R13: 00007f6e5c5b6038 R14: 00007f6e5c5b5fa0 R15: 00007ffd9f210608
[ 1086.562843][T23441]  </TASK>
[ 1086.575091][T23443] netlink: 'syz.4.5768': attribute type 5 has an invalid length.
[ 1086.603931][T23444] netlink: 10 bytes leftover after parsing attributes in process `syz.0.5763'.
[ 1086.606802][T23443] netlink: 'syz.4.5768': attribute type 25 has an invalid length.
[ 1086.917693][T13821] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[ 1086.957624][T16372] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[ 1087.097701][T13821] usb 3-1: Using ep0 maxpacket: 16
[ 1087.104434][T13821] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[ 1087.108207][T16372] usb 6-1: too many configurations: 9, using maximum allowed: 8
[ 1087.112830][T13821] usb 3-1: config 0 has no interface number 0
[ 1087.126518][T13821] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1087.136292][T16372] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1087.146559][T13821] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1087.158579][T13821] usb 3-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[ 1087.162242][T16372] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1087.167746][T13821] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1087.174713][T13821] usb 3-1: config 0 descriptor??
[ 1087.180202][T16372] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1087.203374][T16372] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1087.212955][T16372] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1087.227653][T16372] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1087.235553][T16372] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1087.245811][T16372] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1087.258159][T16372] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1087.264222][T23460] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5772'.
[ 1087.266008][T16372] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1087.283661][T16372] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1087.296079][T16372] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1087.304169][T16372] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1087.313535][T16372] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1087.317562][T23460] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5772'.
[ 1087.325151][T16372] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1087.354938][T16372] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1087.365531][T16372] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1087.377959][T16372] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1087.396448][T16372] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1087.409383][T16372] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1087.421128][T16372] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1087.441634][T16372] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1087.450956][T16372] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1087.464678][T16372] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1087.473882][T16372] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1087.484319][T16372] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1087.492914][T16372] usb 6-1: Product: syz
[ 1087.498543][T16372] usb 6-1: Manufacturer: syz
[ 1087.503265][T16372] usb 6-1: SerialNumber: syz
[ 1087.510477][T16372] usb 6-1: config 0 descriptor??
[ 1087.519808][T16372] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0
[ 1087.728534][T16372] usb 6-1: USB disconnect, device number 20
[ 1087.738956][T16372] yurex 6-1:0.0: USB YUREX #0 now disconnected
[ 1087.816229][T13821] input: HID 28bd:0071 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.1/0003:28BD:0071.0033/input/input38
[ 1087.835939][T13821] input: HID 28bd:0071 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.1/0003:28BD:0071.0033/input/input39
[ 1087.869635][T13821] uclogic 0003:28BD:0071.0033: input,hidraw0: USB HID v0.02 Keypad [HID 28bd:0071] on usb-dummy_hcd.2-1/input1
[ 1087.994369][T23474] fuseblk: Bad value for 'rootmode'
[ 1088.037017][T16372] usb 3-1: USB disconnect, device number 68
[ 1088.237446][T13821] usb 6-1: new full-speed USB device number 21 using dummy_hcd
[ 1088.270362][T23490] /dev/rnullb0: Can't open blockdev
[ 1088.367634][T13821] usb 6-1: device descriptor read/64, error -71
[ 1088.607488][T13821] usb 6-1: new full-speed USB device number 22 using dummy_hcd
[ 1088.737420][T13821] usb 6-1: device descriptor read/64, error -71
[ 1088.848043][T13821] usb usb6-port1: attempt power cycle
[ 1089.187445][T13821] usb 6-1: new full-speed USB device number 23 using dummy_hcd
[ 1089.208003][T13821] usb 6-1: device descriptor read/8, error -71
[ 1089.317187][T23519] FAULT_INJECTION: forcing a failure.
[ 1089.317187][T23519] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1089.330651][T23519] CPU: 0 UID: 0 PID: 23519 Comm: syz.2.5790 Not tainted 6.17.0-rc2-next-20250818-syzkaller #0 PREEMPT(full) 
[ 1089.330682][T23519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1089.330696][T23519] Call Trace:
[ 1089.330704][T23519]  <TASK>
[ 1089.330713][T23519]  dump_stack_lvl+0x189/0x250
[ 1089.330750][T23519]  ? __pfx____ratelimit+0x10/0x10
[ 1089.330774][T23519]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1089.330804][T23519]  ? __pfx__printk+0x10/0x10
[ 1089.330836][T23519]  ? rcu_is_watching+0x15/0xb0
[ 1089.330864][T23519]  should_fail_ex+0x414/0x560
[ 1089.330899][T23519]  _copy_to_user+0x31/0xb0
[ 1089.330928][T23519]  simple_read_from_buffer+0xe1/0x170
[ 1089.330958][T23519]  proc_fail_nth_read+0x1b3/0x220
[ 1089.330979][T23519]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1089.331001][T23519]  ? rw_verify_area+0x2a6/0x4d0
[ 1089.331024][T23519]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1089.331044][T23519]  vfs_read+0x1fd/0xa30
[ 1089.331064][T23519]  ? fdget_pos+0x247/0x320
[ 1089.331086][T23519]  ? __pfx___mutex_lock+0x10/0x10
[ 1089.331105][T23519]  ? __pfx_vfs_read+0x10/0x10
[ 1089.331124][T23519]  ? __fget_files+0x3a0/0x420
[ 1089.331143][T23519]  ? __fget_files+0x2a/0x420
[ 1089.331166][T23519]  ksys_read+0x145/0x250
[ 1089.331190][T23519]  ? __pfx_ksys_read+0x10/0x10
[ 1089.331215][T23519]  ? rcu_is_watching+0x15/0xb0
[ 1089.331242][T23519]  do_syscall_64+0xfa/0x3b0
[ 1089.331268][T23519]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1089.331285][T23519]  ? clear_bhb_loop+0x60/0xb0
[ 1089.331301][T23519]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1089.331316][T23519] RIP: 0033:0x7f6e5c38d5fc
[ 1089.331329][T23519] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1089.331343][T23519] RSP: 002b:00007f6e5d214030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1089.331359][T23519] RAX: ffffffffffffffda RBX: 00007f6e5c5b5fa0 RCX: 00007f6e5c38d5fc
[ 1089.331370][T23519] RDX: 000000000000000f RSI: 00007f6e5d2140a0 RDI: 0000000000000004
[ 1089.331380][T23519] RBP: 00007f6e5d214090 R08: 0000000000000000 R09: 0000000000000000
[ 1089.331390][T23519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1089.331398][T23519] R13: 00007f6e5c5b6038 R14: 00007f6e5c5b5fa0 R15: 00007ffd9f210608
[ 1089.331414][T23519]  </TASK>
[ 1089.637463][T13821] usb 6-1: new full-speed USB device number 24 using dummy_hcd
[ 1089.714264][T23530] netlink: 'syz.5.5795': attribute type 27 has an invalid length.
[ 1089.749432][T23532] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[ 1089.848766][T13821] usb 6-1: device not accepting address 24, error -71
[ 1089.856029][T13821] usb usb6-port1: unable to enumerate USB device
[ 1090.002513][T23549] FAULT_INJECTION: forcing a failure.
[ 1090.002513][T23549] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1090.019388][T23549] CPU: 0 UID: 0 PID: 23549 Comm: syz.2.5801 Not tainted 6.17.0-rc2-next-20250818-syzkaller #0 PREEMPT(full) 
[ 1090.019420][T23549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1090.019435][T23549] Call Trace:
[ 1090.019443][T23549]  <TASK>
[ 1090.019453][T23549]  dump_stack_lvl+0x189/0x250
[ 1090.019489][T23549]  ? __pfx____ratelimit+0x10/0x10
[ 1090.019515][T23549]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1090.019559][T23549]  ? __pfx__printk+0x10/0x10
[ 1090.019587][T23549]  ? __might_fault+0xb0/0x130
[ 1090.019612][T23549]  ? rcu_is_watching+0x15/0xb0
[ 1090.019641][T23549]  should_fail_ex+0x414/0x560
[ 1090.019675][T23549]  _copy_from_user+0x2d/0xb0
[ 1090.019704][T23549]  ___sys_sendmsg+0x158/0x2a0
[ 1090.019735][T23549]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1090.019782][T23549]  ? __fget_files+0x2a/0x420
[ 1090.019810][T23549]  ? __fget_files+0x3a0/0x420
[ 1090.019842][T23549]  __x64_sys_sendmsg+0x19b/0x260
[ 1090.019873][T23549]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1090.019907][T23549]  ? __pfx_ksys_write+0x10/0x10
[ 1090.019935][T23549]  ? rcu_is_watching+0x15/0xb0
[ 1090.019962][T23549]  do_syscall_64+0xfa/0x3b0
[ 1090.019990][T23549]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1090.020010][T23549]  ? clear_bhb_loop+0x60/0xb0
[ 1090.020034][T23549]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1090.020054][T23549] RIP: 0033:0x7f6e5c38ebe9
[ 1090.020072][T23549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1090.020090][T23549] RSP: 002b:00007f6e5d1f3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1090.020113][T23549] RAX: ffffffffffffffda RBX: 00007f6e5c5b6090 RCX: 00007f6e5c38ebe9
[ 1090.020128][T23549] RDX: 0000000000000000 RSI: 0000200000004340 RDI: 0000000000000003
[ 1090.020142][T23549] RBP: 00007f6e5d1f3090 R08: 0000000000000000 R09: 0000000000000000
[ 1090.020155][T23549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1090.020167][T23549] R13: 00007f6e5c5b6128 R14: 00007f6e5c5b6090 R15: 00007ffd9f210608
[ 1090.020190][T23549]  </TASK>
[ 1090.577459][T16372] usb 6-1: new full-speed USB device number 25 using dummy_hcd
[ 1090.670952][T23571] kvm: vcpu 0: requested 8 ns lapic timer period limited to 200000 ns
[ 1090.749222][T16372] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1090.769640][T16372] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[ 1090.921293][T16372] usb 6-1: New USB device found, idVendor=22d4, idProduct=1503, bcdDevice= 0.00
[ 1090.931507][T16372] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1090.948415][T16372] usb 6-1: config 0 descriptor??
[ 1090.954054][T23555] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1091.454381][T16372] glorious 0003:22D4:1503.0034: item fetching failed at offset 6/7
[ 1091.467256][T16372] glorious 0003:22D4:1503.0034: probe with driver glorious failed with error -22
[ 1091.483136][T23578] ptrace attach of "./syz-executor exec"[15546] was attempted by "./syz-executor exec"[23578]
[ 1091.570808][T13822] usb 6-1: USB disconnect, device number 25
[ 1091.633691][T23585] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[ 1091.830814][T23603] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5820'.
[ 1092.215842][T23618] ptrace attach of "./syz-executor exec"[21096] was attempted by "./syz-executor exec"[23618]
[ 1092.377723][T16372] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[ 1092.547516][T16372] usb 3-1: Using ep0 maxpacket: 8
[ 1092.553885][T16372] usb 3-1: config 6 has an invalid interface number: 151 but max is 0
[ 1092.562463][T16372] usb 3-1: config 6 has no interface number 0
[ 1092.568818][T16372] usb 3-1: config 6 interface 151 has no altsetting 0
[ 1092.578044][T16372] usb 3-1: New USB device found, idVendor=0bfd, idProduct=010d, bcdDevice=7e.a3
[ 1092.587384][T16372] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1092.595582][T16372] usb 3-1: Product: syz
[ 1092.599805][T16372] usb 3-1: Manufacturer: syz
[ 1092.604476][T16372] usb 3-1: SerialNumber: syz
[ 1092.819008][T16372] kvaser_usb 3-1:6.151: error -ENODEV: Cannot get usb endpoint(s)
[ 1092.830325][T16372] usb 3-1: USB disconnect, device number 69
[ 1093.274158][T23624] netlink: 14 bytes leftover after parsing attributes in process `syz.5.5828'.
[ 1093.309744][T23626] netlink: 'syz.5.5829': attribute type 27 has an invalid length.
[ 1093.532712][T23635] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5833'.
[ 1093.603347][T23641] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[ 1093.611944][T23642] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[ 1093.619044][T23641] /dev/rnullb0: Can't open blockdev
[ 1093.624628][T23642] /dev/rnullb0: Can't open blockdev
[ 1093.880181][T16383] hid-generic 0000:0000:0000.0035: unknown main item tag 0x0
[ 1093.898676][T16383] hid-generic 0000:0000:0000.0035: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1093.929250][T23657] comedi comedi3: 8255: I/O port conflict (0x8,4)
[ 1093.946215][T23657] comedi comedi3: 8255: I/O port conflict (0x5,4)
[ 1093.966565][T23657] comedi comedi3: 8255: I/O port conflict (0x2,4)
[ 1093.974540][T23657] comedi comedi3: 8255: I/O port conflict (0x1,4)
[ 1093.988753][T23657] comedi comedi3: 8255: I/O port conflict (0x5c95239c,4)
[ 1094.005149][T23657] comedi comedi3: 8255: I/O port conflict (0x1,4)
[ 1094.069582][T23657] /dev/rnullb0: Can't open blockdev
[ 1094.149448][T23670] netlink: 14 bytes leftover after parsing attributes in process `syz.2.5845'.
[ 1094.162224][T23670] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1094.179650][T23670] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1094.189263][T23670] bond0 (unregistering): Released all slaves
[ 1094.205328][T23672] ptrace attach of "./syz-executor exec"[21096] was attempted by "./syz-executor exec"[23672]
[ 1094.377099][T23681] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5849'.
[ 1094.940070][T23704] netlink: 'syz.5.5857': attribute type 27 has an invalid length.
[ 1095.121542][T23711] netlink: 14 bytes leftover after parsing attributes in process `syz.5.5860'.
[ 1095.305613][T23722] Invalid source name
[ 1095.334403][T23725] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5865'.
[ 1095.484921][T23734] netlink: 52 bytes leftover after parsing attributes in process `syz.5.5869'.
[ 1095.496727][T23734] netlink: 'syz.5.5869': attribute type 1 has an invalid length.
[ 1095.550847][T23739] netlink: 'syz.5.5871': attribute type 27 has an invalid length.
[ 1095.567579][T13822] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[ 1095.632629][T23745] ptrace attach of "./syz-executor exec"[21096] was attempted by "./syz-executor exec"[23745]
[ 1095.737396][T13822] usb 3-1: Using ep0 maxpacket: 8
[ 1095.744440][T13822] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1095.752733][T13822] usb 3-1: can't read configurations, error -61
[ 1095.760658][T23752] fuse: Unknown parameter 'user_id00000000000000000000'
[ 1095.888722][T13822] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[ 1095.938168][T23766] program syz.5.5878 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1096.067462][T13822] usb 3-1: Using ep0 maxpacket: 8
[ 1096.078820][T13822] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1096.096984][T13822] usb 3-1: can't read configurations, error -61
[ 1096.104075][T13822] usb usb3-port1: attempt power cycle
[ 1096.211894][T23775] /dev/nullb0: Can't open blockdev
[ 1096.258461][T23777] ptrace attach of "./syz-executor exec"[14970] was attempted by "./syz-executor exec"[23777]
[ 1096.286729][T23779] fuse: Unknown parameter 'user_id00000000000000000000'
[ 1096.320550][T23781] netlink: 'syz.5.5885': attribute type 27 has an invalid length.
[ 1096.457654][T13822] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[ 1096.480749][T13822] usb 3-1: Using ep0 maxpacket: 8
[ 1096.489184][T13822] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1096.496830][T13822] usb 3-1: can't read configurations, error -61
[ 1096.648038][T13822] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[ 1096.668219][T13822] usb 3-1: Using ep0 maxpacket: 8
[ 1096.679134][T13822] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1096.699543][T13822] usb 3-1: can't read configurations, error -61
[ 1096.707987][T13822] usb usb3-port1: unable to enumerate USB device
[ 1096.836795][T20124] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1096.848485][T20124] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1096.858472][T20124] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1096.870820][T20124] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1096.878677][T20124] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1096.956221][T23803] lo speed is unknown, defaulting to 1000
[ 1097.084023][T23803] chnl_net:caif_netlink_parms(): no params data found
[ 1097.118433][T23811] ptrace attach of "./syz-executor exec"[21096] was attempted by "./syz-executor exec"[23811]
[ 1097.177640][T23803] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1097.185166][T23803] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1097.195150][T23803] bridge_slave_0: entered allmulticast mode
[ 1097.202381][T23803] bridge_slave_0: entered promiscuous mode
[ 1097.211669][T23803] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1097.219136][T23803] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1097.226466][T23803] bridge_slave_1: entered allmulticast mode
[ 1097.233518][T23803] bridge_slave_1: entered promiscuous mode
[ 1097.262577][T23803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1097.275411][T23803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1097.306115][T23803] team0: Port device team_slave_0 added
[ 1097.316982][T23803] team0: Port device team_slave_1 added
[ 1097.343698][T23803] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1097.351096][T23803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1097.379248][T23803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1097.391816][T23803] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1097.399176][T23803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1097.426385][T23803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1097.441801][T23821] /dev/rnullb0: Can't open blockdev
[ 1097.473532][T23803] hsr_slave_0: entered promiscuous mode
[ 1097.481775][T23803] hsr_slave_1: entered promiscuous mode
[ 1097.499996][T23803] debugfs: 'hsr0' already exists in 'hsr'
[ 1097.505971][T23803] Cannot create hsr debugfs directory
[ 1097.651602][T21420] syz_tun (unregistering): left allmulticast mode
[ 1097.658622][T21420] syz_tun (unregistering): left promiscuous mode
[ 1097.665102][T21420] bridge0: port 3(syz_tun) entered disabled state
[ 1097.958735][T23803] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1097.968125][T20124] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1097.975617][T20124] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1097.978960][T23803] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1097.987702][T20124] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1097.997397][T20124] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1098.000301][T23803] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1098.004983][T20124] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1098.024762][T23803] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1098.059196][T23823] lo speed is unknown, defaulting to 1000
[ 1098.162404][T23803] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1098.184474][T23803] 8021q: adding VLAN 0 to HW filter on device team0
[ 1098.196248][T23823] chnl_net:caif_netlink_parms(): no params data found
[ 1098.226138][ T3017] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1098.233425][ T3017] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1098.265932][ T3017] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1098.273137][ T3017] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1098.304822][T23823] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1098.313368][T23823] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1098.321876][T23823] bridge_slave_0: entered allmulticast mode
[ 1098.329125][T23823] bridge_slave_0: entered promiscuous mode
[ 1098.340765][T23823] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1098.348076][T23823] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1098.355463][T23823] bridge_slave_1: entered allmulticast mode
[ 1098.362475][T23823] bridge_slave_1: entered promiscuous mode
[ 1098.399193][T23823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1098.411276][T23823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1098.446711][T23823] team0: Port device team_slave_0 added
[ 1098.455290][T23823] team0: Port device team_slave_1 added
[ 1098.482107][T23823] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1098.489168][T23823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1098.515737][T23823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1098.532680][T23823] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1098.540188][T23823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1098.567544][T23823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1098.614967][T23823] hsr_slave_0: entered promiscuous mode
[ 1098.622219][T23823] hsr_slave_1: entered promiscuous mode
[ 1098.630264][T23823] debugfs: 'hsr0' already exists in 'hsr'
[ 1098.636322][T23823] Cannot create hsr debugfs directory
[ 1098.667717][T13822] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[ 1098.801961][T23803] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1098.816167][T23823] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1098.818621][T13822] usb 3-1: Using ep0 maxpacket: 8
[ 1098.831671][T13822] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1098.843990][T23823] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1098.850913][T13822] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1098.863884][T23823] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1098.870908][T13822] usb 3-1: Product: syz
[ 1098.875124][T13822] usb 3-1: Manufacturer: syz
[ 1098.883581][T23823] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1098.890530][T13822] usb 3-1: SerialNumber: syz
[ 1098.897447][T20124] Bluetooth: hci3: command tx timeout
[ 1098.910905][T13822] usb 3-1: config 0 descriptor??
[ 1099.080718][T23823] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1099.122601][T13822] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1099.124487][T23823] 8021q: adding VLAN 0 to HW filter on device team0
[ 1099.152592][T12173] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1099.159763][T12173] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1099.181376][T12173] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1099.188567][T12173] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1099.217264][T23865] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5905'.
[ 1099.228200][T23865] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5905'.
[ 1099.252326][T23803] veth0_vlan: entered promiscuous mode
[ 1099.276682][T23803] veth1_vlan: entered promiscuous mode
[ 1099.313843][T23868] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5906'.
[ 1099.338447][T23803] veth0_macvtap: entered promiscuous mode
[ 1099.349776][T23803] veth1_macvtap: entered promiscuous mode
[ 1099.380658][T23803] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1099.416818][T23803] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1099.443774][T22926] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1099.461654][T22926] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1099.496973][T22926] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1099.525458][T22926] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1099.565286][T23823] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1099.590412][T22926] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1099.617002][T22926] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1099.671910][T22926] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1099.680987][T22926] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1099.743390][T23885] fuse: Unknown parameter 'user_id00000000000000000000'
[ 1099.896792][T23823] veth0_vlan: entered promiscuous mode
[ 1099.909354][T23823] veth1_vlan: entered promiscuous mode
[ 1099.947595][T23823] veth0_macvtap: entered promiscuous mode
[ 1099.959734][T23823] veth1_macvtap: entered promiscuous mode
[ 1099.984308][T23823] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1100.000618][T23823] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1100.024958][T12173] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1100.035340][T12173] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1100.054630][T12173] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1100.071897][T12173] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1100.098102][T20123] Bluetooth: hci0: command tx timeout
[ 1100.141037][T16276] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1100.162777][T16276] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1100.191081][T12173] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1100.206167][T23902] tipc: Started in network mode
[ 1100.211719][T12173] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1100.221883][T23902] tipc: Node identity ., cluster identity 4711
[ 1100.229829][T23902] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[ 1100.239815][T23904] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5916'.
[ 1100.261314][T23904] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5916'.
[ 1100.321124][T23908] ptrace attach of "./syz-executor exec"[23823] was attempted by "./syz-executor exec"[23908]
[ 1100.328457][T23906] fuse: Bad value for 'fd'
[ 1100.551380][T13822] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1100.553566][T23921] ptrace attach of "./syz-executor exec"[15546] was attempted by "./syz-executor exec"[23921]
[ 1100.574179][T13822] usb 3-1: USB disconnect, device number 74
[ 1100.977583][T20123] Bluetooth: hci3: command tx timeout
[ 1101.251708][T23935] fuse: Bad value for 'fd'
[ 1101.331616][T23939] syzkaller1: entered promiscuous mode
[ 1101.340619][T23939] syzkaller1: entered allmulticast mode
[ 1101.344171][T23941] ptrace attach of "./syz-executor exec"[22881] was attempted by "./syz-executor exec"[23941]
[ 1101.559998][T23945] ptrace attach of "./syz-executor exec"[23823] was attempted by "./syz-executor exec"[23945]
[ 1101.897647][T12264] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[ 1102.010014][T23955] fuse: Bad value for 'fd'
[ 1102.060546][T12264] usb 3-1: config 0 has no interfaces?
[ 1102.066134][T12264] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1102.080022][T12264] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1102.084505][T23959] netlink: 14 bytes leftover after parsing attributes in process `syz.4.5938'.
[ 1102.090326][T12264] usb 3-1: config 0 descriptor??
[ 1102.127014][T23959] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1102.140370][T23959] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1102.151596][T23959] bond0 (unregistering): Released all slaves
[ 1102.179334][T20123] Bluetooth: hci0: command tx timeout
[ 1102.327000][T13821] usb 3-1: USB disconnect, device number 75
[ 1102.346639][T23965] /dev/rnullb0: Can't open blockdev
[ 1103.005380][T23982] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[ 1103.039821][T23984] netlink: 'syz.2.5949': attribute type 27 has an invalid length.
[ 1103.048171][T16298] usb 7-1: new low-speed USB device number 2 using dummy_hcd
[ 1103.058029][T20123] Bluetooth: hci3: command tx timeout
[ 1103.198017][T16298] usb 7-1: Invalid ep0 maxpacket: 32
[ 1103.327503][T16298] usb 7-1: new low-speed USB device number 3 using dummy_hcd
[ 1103.477556][T16298] usb 7-1: Invalid ep0 maxpacket: 32
[ 1103.483315][T16298] usb usb7-port1: attempt power cycle
[ 1103.827441][T16298] usb 7-1: new low-speed USB device number 4 using dummy_hcd
[ 1103.847858][T16298] usb 7-1: Invalid ep0 maxpacket: 32
[ 1103.977480][T16298] usb 7-1: new low-speed USB device number 5 using dummy_hcd
[ 1103.998545][T16298] usb 7-1: Invalid ep0 maxpacket: 32
[ 1104.004399][T16298] usb usb7-port1: unable to enumerate USB device
[ 1104.257636][T20123] Bluetooth: hci0: command tx timeout
[ 1104.754778][T24004] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5957'.
[ 1105.139697][T20123] Bluetooth: hci3: command tx timeout
[ 1105.663634][T24029] netlink: 'syz.2.5969': attribute type 1 has an invalid length.
[ 1105.671966][T24029] netlink: 232 bytes leftover after parsing attributes in process `syz.2.5969'.
[ 1105.681504][T24029] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5969'.
[ 1105.765804][T24033] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5971'.
[ 1105.937716][T16372] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[ 1106.023120][T24043] netlink: 'syz.4.5975': attribute type 5 has an invalid length.
[ 1106.031592][T24043] netlink: 'syz.4.5975': attribute type 25 has an invalid length.
[ 1106.110184][T16372] usb 3-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33
[ 1106.119621][T16372] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1106.129650][T16372] usb 3-1: config 0 descriptor??
[ 1106.138121][T16372] gspca_main: sunplus-2.14.0 probing 055f:c420
[ 1106.201983][T24049] /dev/rnullb0: Can't open blockdev
[ 1106.337973][T20123] Bluetooth: hci0: command tx timeout
[ 1106.544536][T24067] nbd: must specify at least one socket
[ 1106.555185][T24067] nbd: must specify at least one socket
[ 1106.927491][T13822] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[ 1107.072081][T24074] netlink: 'syz.4.5988': attribute type 5 has an invalid length.
[ 1107.080258][T13822] usb 7-1: Using ep0 maxpacket: 16
[ 1107.089219][T24074] netlink: 'syz.4.5988': attribute type 25 has an invalid length.
[ 1107.100496][T13822] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1107.121155][T13822] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1107.149412][T13822] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1107.164026][T13822] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1107.192851][T13822] usb 7-1: Product: syz
[ 1107.211184][T13822] usb 7-1: Manufacturer: syz
[ 1107.228622][T13822] usb 7-1: SerialNumber: syz
[ 1107.268234][T13822] usb 7-1: config 0 descriptor??
[ 1107.286827][T13822] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1107.302595][T16372] gspca_sunplus: reg_w_riv err -110
[ 1107.311055][T16372] sunplus 3-1:0.0: probe with driver sunplus failed with error -110
[ 1107.315335][T13822] em28xx 7-1:0.0: Audio interface 0 found (Vendor Class)
[ 1107.632596][T24089] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5993'.
[ 1107.649660][T24089] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5993'.
[ 1107.899186][T13822] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[ 1107.908904][T13822] em28xx 7-1:0.0: Config register raw data: 0xfffffffb
[ 1108.117741][T13822] em28xx 7-1:0.0: AC97 chip type couldn't be determined
[ 1108.125997][T13822] em28xx 7-1:0.0: No AC97 audio processor
[ 1108.695033][T12264] usb 3-1: USB disconnect, device number 76
[ 1109.102050][T24122] netlink: 'syz.2.6005': attribute type 27 has an invalid length.
[ 1109.132448][T24124] FAULT_INJECTION: forcing a failure.
[ 1109.132448][T24124] name failslab, interval 1, probability 0, space 0, times 0
[ 1109.146209][T24124] CPU: 0 UID: 0 PID: 24124 Comm: syz.4.6006 Not tainted 6.17.0-rc2-next-20250818-syzkaller #0 PREEMPT(full) 
[ 1109.146239][T24124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1109.146253][T24124] Call Trace:
[ 1109.146261][T24124]  <TASK>
[ 1109.146270][T24124]  dump_stack_lvl+0x189/0x250
[ 1109.146306][T24124]  ? __pfx____ratelimit+0x10/0x10
[ 1109.146330][T24124]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1109.146358][T24124]  ? __pfx__printk+0x10/0x10
[ 1109.146391][T24124]  should_fail_ex+0x414/0x560
[ 1109.146425][T24124]  should_failslab+0xa8/0x100
[ 1109.146449][T24124]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1109.146470][T24124]  ? skb_clone+0x212/0x3a0
[ 1109.146491][T24124]  skb_clone+0x212/0x3a0
[ 1109.146511][T24124]  __netlink_deliver_tap+0x404/0x850
[ 1109.146543][T24124]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1109.146569][T24124]  netlink_deliver_tap+0x19c/0x1b0
[ 1109.146596][T24124]  netlink_unicast+0x7fa/0x9e0
[ 1109.146621][T24124]  ? __pfx_netlink_unicast+0x10/0x10
[ 1109.146645][T24124]  ? netlink_sendmsg+0x642/0xb30
[ 1109.146671][T24124]  ? skb_put+0x11b/0x210
[ 1109.146703][T24124]  netlink_sendmsg+0x805/0xb30
[ 1109.146734][T24124]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1109.146762][T24124]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1109.146792][T24124]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1109.146822][T24124]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1109.146849][T24124]  __sock_sendmsg+0x219/0x270
[ 1109.146872][T24124]  ____sys_sendmsg+0x505/0x830
[ 1109.146904][T24124]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1109.146940][T24124]  ? import_iovec+0x74/0xa0
[ 1109.146967][T24124]  ___sys_sendmsg+0x21f/0x2a0
[ 1109.146998][T24124]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1109.147057][T24124]  ? __fget_files+0x2a/0x420
[ 1109.147083][T24124]  ? __fget_files+0x3a0/0x420
[ 1109.147114][T24124]  __x64_sys_sendmsg+0x19b/0x260
[ 1109.147145][T24124]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1109.147177][T24124]  ? __pfx_ksys_write+0x10/0x10
[ 1109.147200][T24124]  ? rcu_is_watching+0x15/0xb0
[ 1109.147228][T24124]  ? rcu_is_watching+0x15/0xb0
[ 1109.147256][T24124]  do_syscall_64+0xfa/0x3b0
[ 1109.147282][T24124]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1109.147306][T24124]  ? clear_bhb_loop+0x60/0xb0
[ 1109.147328][T24124]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1109.147347][T24124] RIP: 0033:0x7f3d6538ebe9
[ 1109.147365][T24124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1109.147381][T24124] RSP: 002b:00007f3d661d0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1109.147403][T24124] RAX: ffffffffffffffda RBX: 00007f3d655b5fa0 RCX: 00007f3d6538ebe9
[ 1109.147417][T24124] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[ 1109.147431][T24124] RBP: 00007f3d661d0090 R08: 0000000000000000 R09: 0000000000000000
[ 1109.147443][T24124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1109.147455][T24124] R13: 00007f3d655b6038 R14: 00007f3d655b5fa0 R15: 00007fffc33d15c8
[ 1109.147476][T24124]  </TASK>
[ 1109.445820][T24124] netlink: 'syz.4.6006': attribute type 5 has an invalid length.
[ 1109.453732][T24124] netlink: 'syz.4.6006': attribute type 25 has an invalid length.
[ 1109.606338][T13821] usb 7-1: USB disconnect, device number 6
[ 1109.625776][T13821] em28xx 7-1:0.0: Disconnecting em28xx
[ 1109.636555][T24137] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[ 1109.650839][T13821] em28xx 7-1:0.0: Freeing device
[ 1110.186659][T24164] ptrace attach of "./syz-executor exec"[23823] was attempted by "./syz-executor exec"[24164]
[ 1110.313956][T24177] netlink: 'syz.4.6024': attribute type 5 has an invalid length.
[ 1110.321976][T24177] netlink: 'syz.4.6024': attribute type 25 has an invalid length.
[ 1110.333777][T24177] FAULT_INJECTION: forcing a failure.
[ 1110.333777][T24177] name failslab, interval 1, probability 0, space 0, times 0
[ 1110.346685][T24177] CPU: 0 UID: 0 PID: 24177 Comm: syz.4.6024 Not tainted 6.17.0-rc2-next-20250818-syzkaller #0 PREEMPT(full) 
[ 1110.346713][T24177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1110.346727][T24177] Call Trace:
[ 1110.346735][T24177]  <TASK>
[ 1110.346743][T24177]  dump_stack_lvl+0x189/0x250
[ 1110.346780][T24177]  ? __pfx____ratelimit+0x10/0x10
[ 1110.346804][T24177]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1110.346833][T24177]  ? __pfx__printk+0x10/0x10
[ 1110.346859][T24177]  ? rcu_is_watching+0x15/0xb0
[ 1110.346888][T24177]  ? rcu_is_watching+0x15/0xb0
[ 1110.346914][T24177]  ? lock_release+0x4b/0x3e0
[ 1110.346940][T24177]  should_fail_ex+0x414/0x560
[ 1110.346975][T24177]  should_failslab+0xa8/0x100
[ 1110.346999][T24177]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1110.347022][T24177]  ? __alloc_skb+0x112/0x2d0
[ 1110.347049][T24177]  ? __pfx_br_get_link_af_size_filtered+0x10/0x10
[ 1110.347077][T24177]  __alloc_skb+0x112/0x2d0
[ 1110.347105][T24177]  br_info_notify+0x105/0x260
[ 1110.347128][T24177]  br_setlink+0x33e/0x800
[ 1110.347153][T24177]  ? __pfx_br_setlink+0x10/0x10
[ 1110.347192][T24177]  ? __dev_queue_xmit+0x1d79/0x3b50
[ 1110.347215][T24177]  ? mutex_is_locked+0x17/0x50
[ 1110.347254][T24177]  rtnl_bridge_setlink+0x5b2/0x7d0
[ 1110.347290][T24177]  ? __pfx_rtnl_bridge_setlink+0x10/0x10
[ 1110.347317][T24177]  ? perf_trace_contention_begin+0xd0/0x2f0
[ 1110.347342][T24177]  ? bpf_lsm_capable+0x9/0x20
[ 1110.347363][T24177]  ? security_capable+0x7e/0x2e0
[ 1110.347392][T24177]  ? __pfx_rtnl_bridge_setlink+0x10/0x10
[ 1110.347417][T24177]  rtnetlink_rcv_msg+0x779/0xb70
[ 1110.347443][T24177]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1110.347467][T24177]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1110.347491][T24177]  ? ref_tracker_free+0x63a/0x7d0
[ 1110.347512][T24177]  ? __asan_memcpy+0x40/0x70
[ 1110.347542][T24177]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1110.347562][T24177]  ? __skb_clone+0x63/0x7a0
[ 1110.347595][T24177]  netlink_rcv_skb+0x205/0x470
[ 1110.347623][T24177]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1110.347649][T24177]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1110.347685][T24177]  netlink_unicast+0x82f/0x9e0
[ 1110.347712][T24177]  ? __pfx_netlink_unicast+0x10/0x10
[ 1110.347736][T24177]  ? netlink_sendmsg+0x642/0xb30
[ 1110.347761][T24177]  ? skb_put+0x11b/0x210
[ 1110.347791][T24177]  netlink_sendmsg+0x805/0xb30
[ 1110.347822][T24177]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1110.347850][T24177]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1110.347882][T24177]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1110.347911][T24177]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1110.347938][T24177]  __sock_sendmsg+0x219/0x270
[ 1110.347961][T24177]  ____sys_sendmsg+0x505/0x830
[ 1110.347992][T24177]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1110.348020][T24177]  ? import_iovec+0x74/0xa0
[ 1110.348043][T24177]  ___sys_sendmsg+0x21f/0x2a0
[ 1110.348071][T24177]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1110.348118][T24177]  ? __fget_files+0x2a/0x420
[ 1110.348145][T24177]  ? __fget_files+0x3a0/0x420
[ 1110.348176][T24177]  __x64_sys_sendmsg+0x19b/0x260
[ 1110.348208][T24177]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1110.348253][T24177]  ? __pfx_ksys_write+0x10/0x10
[ 1110.348281][T24177]  ? rcu_is_watching+0x15/0xb0
[ 1110.348310][T24177]  do_syscall_64+0xfa/0x3b0
[ 1110.348337][T24177]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1110.348357][T24177]  ? clear_bhb_loop+0x60/0xb0
[ 1110.348380][T24177]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1110.348400][T24177] RIP: 0033:0x7f3d6538ebe9
[ 1110.348419][T24177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1110.348437][T24177] RSP: 002b:00007f3d661d0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1110.348460][T24177] RAX: ffffffffffffffda RBX: 00007f3d655b5fa0 RCX: 00007f3d6538ebe9
[ 1110.348475][T24177] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[ 1110.348489][T24177] RBP: 00007f3d661d0090 R08: 0000000000000000 R09: 0000000000000000
[ 1110.348502][T24177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1110.348515][T24177] R13: 00007f3d655b6038 R14: 00007f3d655b5fa0 R15: 00007fffc33d15c8
[ 1110.348537][T24177]  </TASK>
[ 1110.762002][T24179] tipc: Started in network mode
[ 1110.766948][T24179] tipc: Node identity ., cluster identity 4711
[ 1110.773499][T24179] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[ 1110.817646][T24182] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6026'.
[ 1110.832296][T24182] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6026'.
[ 1110.891848][T24188] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6028'.
[ 1110.949463][T24192] program syz.4.6030 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1111.126267][T24199] ptrace attach of "./syz-executor exec"[23823] was attempted by "./syz-executor exec"[24199]
[ 1111.164353][T24202] FAULT_INJECTION: forcing a failure.
[ 1111.164353][T24202] name failslab, interval 1, probability 0, space 0, times 0
[ 1111.190382][T24202] CPU: 1 UID: 0 PID: 24202 Comm: syz.2.6034 Not tainted 6.17.0-rc2-next-20250818-syzkaller #0 PREEMPT(full) 
[ 1111.190414][T24202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1111.190427][T24202] Call Trace:
[ 1111.190435][T24202]  <TASK>
[ 1111.190444][T24202]  dump_stack_lvl+0x189/0x250
[ 1111.190480][T24202]  ? __pfx____ratelimit+0x10/0x10
[ 1111.190505][T24202]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1111.190535][T24202]  ? __pfx__printk+0x10/0x10
[ 1111.190566][T24202]  ? __pfx___might_resched+0x10/0x10
[ 1111.190594][T24202]  ? lock_acquire+0x5f/0x360
[ 1111.190619][T24202]  should_fail_ex+0x414/0x560
[ 1111.190653][T24202]  should_failslab+0xa8/0x100
[ 1111.190689][T24202]  __kmalloc_noprof+0xcb/0x4f0
[ 1111.190711][T24202]  ? tomoyo_encode+0x28b/0x550
[ 1111.190745][T24202]  tomoyo_encode+0x28b/0x550
[ 1111.190778][T24202]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1111.190811][T24202]  ? tomoyo_domain+0xd9/0x130
[ 1111.190832][T24202]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1111.190858][T24202]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1111.190884][T24202]  ? lock_release+0x4b/0x3e0
[ 1111.190908][T24202]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1111.190934][T24202]  ? rcu_is_watching+0x15/0xb0
[ 1111.190961][T24202]  ? lock_release+0x4b/0x3e0
[ 1111.190981][T24202]  ? vfs_write+0x956/0xb30
[ 1111.191009][T24202]  ? __mutex_unlock_slowpath+0x1a1/0x740
[ 1111.191050][T24202]  ? lock_release+0x4b/0x3e0
[ 1111.191075][T24202]  ? __fget_files+0x2a/0x420
[ 1111.191103][T24202]  ? __fget_files+0x3a0/0x420
[ 1111.191130][T24202]  ? __fget_files+0x2a/0x420
[ 1111.191160][T24202]  security_file_ioctl+0xcb/0x2d0
[ 1111.191185][T24202]  __se_sys_ioctl+0x47/0x170
[ 1111.191209][T24202]  do_syscall_64+0xfa/0x3b0
[ 1111.191244][T24202]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1111.191265][T24202]  ? clear_bhb_loop+0x60/0xb0
[ 1111.191287][T24202]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1111.191307][T24202] RIP: 0033:0x7f6e5c38ebe9
[ 1111.191325][T24202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1111.191344][T24202] RSP: 002b:00007f6e5d214038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1111.191366][T24202] RAX: ffffffffffffffda RBX: 00007f6e5c5b5fa0 RCX: 00007f6e5c38ebe9
[ 1111.191381][T24202] RDX: 0000200000000180 RSI: 0000000000008914 RDI: 0000000000000003
[ 1111.191394][T24202] RBP: 00007f6e5d214090 R08: 0000000000000000 R09: 0000000000000000
[ 1111.191406][T24202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1111.191418][T24202] R13: 00007f6e5c5b6038 R14: 00007f6e5c5b5fa0 R15: 00007ffd9f210608
[ 1111.191439][T24202]  </TASK>
[ 1111.191457][T24202] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1111.833713][T24231] netlink: 'syz.0.6044': attribute type 27 has an invalid length.
[ 1111.847542][T16298] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[ 1111.937403][T13821] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[ 1111.957065][T24239] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[ 1111.993744][T24241] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6048'.
[ 1112.003297][T16298] usb 3-1: Using ep0 maxpacket: 32
[ 1112.010670][T24241] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6048'.
[ 1112.012301][T16298] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1112.033863][T16298] usb 3-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[ 1112.043400][T16298] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1112.051841][T16298] usb 3-1: Product: syz
[ 1112.056141][T16298] usb 3-1: Manufacturer: syz
[ 1112.061640][T16298] usb 3-1: SerialNumber: syz
[ 1112.069859][T16298] usb 3-1: config 0 descriptor??
[ 1112.078553][T16298] usb 3-1: bad CDC descriptors
[ 1112.084523][T16298] usb 3-1: unsupported MDLM descriptors
[ 1112.090297][T24243] ptrace attach of "./syz-executor exec"[15546] was attempted by "./syz-executor exec"[24243]
[ 1112.101514][T13821] usb 7-1: Using ep0 maxpacket: 16
[ 1112.113607][T13821] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1112.125341][T13821] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1112.138768][T13821] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1112.148198][T13821] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1112.156342][T13821] usb 7-1: Product: syz
[ 1112.161210][T13821] usb 7-1: Manufacturer: syz
[ 1112.166144][T13821] usb 7-1: SerialNumber: syz
[ 1112.313301][T24218] netlink: 356 bytes leftover after parsing attributes in process `syz.2.6038'.
[ 1112.322735][T24218] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6038'.
[ 1112.337212][T12264] usb 3-1: USB disconnect, device number 77
[ 1112.380155][T13821] usb 7-1: 0:2 : does not exist
[ 1112.396646][T13821] usb 7-1: USB disconnect, device number 7
[ 1112.544226][T24260] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1112.552087][T24260] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1112.560588][T24260] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1112.568456][T24260] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1112.695513][T24262] FAULT_INJECTION: forcing a failure.
[ 1112.695513][T24262] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1112.709325][T24262] CPU: 1 UID: 0 PID: 24262 Comm: syz.4.6055 Not tainted 6.17.0-rc2-next-20250818-syzkaller #0 PREEMPT(full) 
[ 1112.709347][T24262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1112.709357][T24262] Call Trace:
[ 1112.709363][T24262]  <TASK>
[ 1112.709369][T24262]  dump_stack_lvl+0x189/0x250
[ 1112.709397][T24262]  ? __pfx____ratelimit+0x10/0x10
[ 1112.709415][T24262]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1112.709436][T24262]  ? __pfx__printk+0x10/0x10
[ 1112.709458][T24262]  ? rcu_is_watching+0x15/0xb0
[ 1112.709479][T24262]  should_fail_ex+0x414/0x560
[ 1112.709504][T24262]  _copy_from_user+0x2d/0xb0
[ 1112.709523][T24262]  get_user_ifreq+0x6c/0x180
[ 1112.709539][T24262]  inet_ioctl+0x38c/0x4c0
[ 1112.709555][T24262]  ? __pfx_inet_ioctl+0x10/0x10
[ 1112.709571][T24262]  ? lock_release+0x4b/0x3e0
[ 1112.709587][T24262]  ? tomoyo_path_number_perm+0x47a/0x5a0
[ 1112.709606][T24262]  ? kfree+0x18e/0x440
[ 1112.709625][T24262]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1112.709642][T24262]  ? packet_ioctl+0x254/0x350
[ 1112.709656][T24262]  sock_do_ioctl+0xd9/0x300
[ 1112.709672][T24262]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1112.709686][T24262]  ? __mutex_unlock_slowpath+0x1a1/0x740
[ 1112.709711][T24262]  sock_ioctl+0x576/0x790
[ 1112.709724][T24262]  ? lock_release+0x4b/0x3e0
[ 1112.709741][T24262]  ? __pfx_sock_ioctl+0x10/0x10
[ 1112.709755][T24262]  ? __fget_files+0x2a/0x420
[ 1112.709775][T24262]  ? __fget_files+0x3a0/0x420
[ 1112.709794][T24262]  ? __fget_files+0x2a/0x420
[ 1112.709814][T24262]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1112.709828][T24262]  ? __pfx_sock_ioctl+0x10/0x10
[ 1112.709842][T24262]  __se_sys_ioctl+0xf9/0x170
[ 1112.709858][T24262]  do_syscall_64+0xfa/0x3b0
[ 1112.709877][T24262]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1112.709893][T24262]  ? clear_bhb_loop+0x60/0xb0
[ 1112.709909][T24262]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1112.709924][T24262] RIP: 0033:0x7f3d6538ebe9
[ 1112.709938][T24262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1112.709951][T24262] RSP: 002b:00007f3d661d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1112.709967][T24262] RAX: ffffffffffffffda RBX: 00007f3d655b5fa0 RCX: 00007f3d6538ebe9
[ 1112.709978][T24262] RDX: 0000200000000180 RSI: 0000000000008914 RDI: 0000000000000003
[ 1112.709988][T24262] RBP: 00007f3d661d0090 R08: 0000000000000000 R09: 0000000000000000
[ 1112.709998][T24262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1112.710007][T24262] R13: 00007f3d655b6038 R14: 00007f3d655b5fa0 R15: 00007fffc33d15c8
[ 1112.710024][T24262]  </TASK>
[ 1113.243498][T24267] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1113.272699][T24267] can: request_module (can-proto-0) failed.
[ 1113.478322][T16383] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[ 1113.627631][T16383] usb 7-1: Using ep0 maxpacket: 16
[ 1113.635701][T16383] usb 7-1: config 1 interface 0 altsetting 76 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1113.649110][T16383] usb 7-1: config 1 interface 0 has no altsetting 0
[ 1113.657862][T16383] usb 7-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.40
[ 1113.666958][T16383] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1113.675339][T16383] usb 7-1: Product: syz
[ 1113.679561][T16383] usb 7-1: Manufacturer: Ы
[ 1113.684088][T16383] usb 7-1: SerialNumber: syz
[ 1113.903673][T16383] usbhid 7-1:1.0: can't add hid device: -71
[ 1113.912155][T16383] usbhid 7-1:1.0: probe with driver usbhid failed with error -71
[ 1113.924447][T16383] usb 7-1: USB disconnect, device number 8
[ 1114.599577][T24284] netlink: 'syz.6.6064': attribute type 5 has an invalid length.
[ 1114.608608][T24284] netlink: 'syz.6.6064': attribute type 25 has an invalid length.
[ 1114.616632][T24284] FAULT_INJECTION: forcing a failure.
[ 1114.616632][T24284] name failslab, interval 1, probability 0, space 0, times 0
[ 1114.629502][T24284] CPU: 0 UID: 0 PID: 24284 Comm: syz.6.6064 Not tainted 6.17.0-rc2-next-20250818-syzkaller #0 PREEMPT(full) 
[ 1114.629532][T24284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1114.629545][T24284] Call Trace:
[ 1114.629553][T24284]  <TASK>
[ 1114.629561][T24284]  dump_stack_lvl+0x189/0x250
[ 1114.629594][T24284]  ? __pfx____ratelimit+0x10/0x10
[ 1114.629617][T24284]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1114.629646][T24284]  ? __pfx__printk+0x10/0x10
[ 1114.629686][T24284]  ? nlmsg_notify+0xf0/0x1a0
[ 1114.629712][T24284]  ? nlmsg_notify+0x14a/0x1a0
[ 1114.629738][T24284]  should_fail_ex+0x414/0x560
[ 1114.629774][T24284]  should_failslab+0xa8/0x100
[ 1114.629799][T24284]  __kmalloc_noprof+0xcb/0x4f0
[ 1114.629821][T24284]  ? __pfx_br_rtr_notify+0x10/0x10
[ 1114.629851][T24284]  ? switchdev_deferred_enqueue+0x2d/0x240
[ 1114.629882][T24284]  ? __pfx_switchdev_port_attr_set_deferred+0x10/0x10
[ 1114.629910][T24284]  switchdev_deferred_enqueue+0x2d/0x240
[ 1114.629939][T24284]  br_multicast_add_router+0x4ae/0x520
[ 1114.629971][T24284]  ? __wake_up_klogd+0xd9/0x110
[ 1114.629995][T24284]  ? __pfx_br_multicast_add_router+0x10/0x10
[ 1114.630034][T24284]  br_multicast_mark_router+0x3fa/0x5d0
[ 1114.630067][T24284]  ? __pfx____ratelimit+0x10/0x10
[ 1114.630092][T24284]  ? __pfx_br_multicast_mark_router+0x10/0x10
[ 1114.630123][T24284]  ? do_raw_spin_lock+0x121/0x290
[ 1114.630142][T24284]  ? lock_acquire+0x5f/0x360
[ 1114.630166][T24284]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1114.630188][T24284]  ? br_multicast_set_port_router+0x16a/0xc50
[ 1114.630218][T24284]  br_multicast_set_port_router+0x3cf/0xc50
[ 1114.630249][T24284]  ? __pfx_br_multicast_set_port_router+0x10/0x10
[ 1114.630279][T24284]  ? kasan_save_track+0x3e/0x80
[ 1114.630299][T24284]  ? kasan_save_free_info+0x46/0x50
[ 1114.630329][T24284]  ? netlink_unicast+0x7fa/0x9e0
[ 1114.630351][T24284]  ? netlink_sendmsg+0x805/0xb30
[ 1114.630377][T24284]  ? __sock_sendmsg+0x219/0x270
[ 1114.630399][T24284]  ? ____sys_sendmsg+0x505/0x830
[ 1114.630427][T24284]  ? ___sys_sendmsg+0x21f/0x2a0
[ 1114.630457][T24284]  ? do_syscall_64+0xfa/0x3b0
[ 1114.630483][T24284]  ? br_port_flags_change+0x19f/0x1f0
[ 1114.630513][T24284]  br_setport+0xeab/0x1670
[ 1114.630538][T24284]  ? __pfx_br_setport+0x10/0x10
[ 1114.630560][T24284]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1114.630582][T24284]  ? br_setlink+0x4c5/0x800
[ 1114.630604][T24284]  br_setlink+0x4d5/0x800
[ 1114.630630][T24284]  ? __pfx_br_setlink+0x10/0x10
[ 1114.630668][T24284]  ? __dev_queue_xmit+0x1d79/0x3b50
[ 1114.630707][T24284]  ? mutex_is_locked+0x17/0x50
[ 1114.630736][T24284]  rtnl_bridge_setlink+0x5b2/0x7d0
[ 1114.630768][T24284]  ? __pfx_rtnl_bridge_setlink+0x10/0x10
[ 1114.630796][T24284]  ? perf_trace_contention_begin+0xd0/0x2f0
[ 1114.630823][T24284]  ? bpf_lsm_capable+0x9/0x20
[ 1114.630845][T24284]  ? security_capable+0x7e/0x2e0
[ 1114.630875][T24284]  ? __pfx_rtnl_bridge_setlink+0x10/0x10
[ 1114.630903][T24284]  rtnetlink_rcv_msg+0x779/0xb70
[ 1114.630932][T24284]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1114.630958][T24284]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1114.630984][T24284]  ? ref_tracker_free+0x63a/0x7d0
[ 1114.631005][T24284]  ? __asan_memcpy+0x40/0x70
[ 1114.631035][T24284]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1114.631055][T24284]  ? __skb_clone+0x63/0x7a0
[ 1114.631091][T24284]  netlink_rcv_skb+0x205/0x470
[ 1114.631118][T24284]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1114.631146][T24284]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1114.631183][T24284]  netlink_unicast+0x82f/0x9e0
[ 1114.631210][T24284]  ? __pfx_netlink_unicast+0x10/0x10
[ 1114.631234][T24284]  ? netlink_sendmsg+0x642/0xb30
[ 1114.631261][T24284]  ? skb_put+0x11b/0x210
[ 1114.631290][T24284]  netlink_sendmsg+0x805/0xb30
[ 1114.631322][T24284]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1114.631351][T24284]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1114.631382][T24284]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1114.631411][T24284]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1114.631440][T24284]  __sock_sendmsg+0x219/0x270
[ 1114.631464][T24284]  ____sys_sendmsg+0x505/0x830
[ 1114.631497][T24284]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1114.631533][T24284]  ? import_iovec+0x74/0xa0
[ 1114.631562][T24284]  ___sys_sendmsg+0x21f/0x2a0
[ 1114.631594][T24284]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1114.631642][T24284]  ? __fget_files+0x2a/0x420
[ 1114.631670][T24284]  ? __fget_files+0x3a0/0x420
[ 1114.631784][T24284]  __x64_sys_sendmsg+0x19b/0x260
[ 1114.631817][T24284]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1114.631853][T24284]  ? __pfx_ksys_write+0x10/0x10
[ 1114.631881][T24284]  ? rcu_is_watching+0x15/0xb0
[ 1114.631910][T24284]  do_syscall_64+0xfa/0x3b0
[ 1114.631935][T24284]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1114.631952][T24284]  ? clear_bhb_loop+0x60/0xb0
[ 1114.631974][T24284]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1114.631994][T24284] RIP: 0033:0x7f163878ebe9
[ 1114.632013][T24284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1114.632031][T24284] RSP: 002b:00007f16396d2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1114.632054][T24284] RAX: ffffffffffffffda RBX: 00007f16389b5fa0 RCX: 00007f163878ebe9
[ 1114.632069][T24284] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[ 1114.632082][T24284] RBP: 00007f16396d2090 R08: 0000000000000000 R09: 0000000000000000
[ 1114.632095][T24284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1114.632107][T24284] R13: 00007f16389b6038 R14: 00007f16389b5fa0 R15: 00007fffebed0738
[ 1114.632131][T24284]  </TASK>
[ 1115.332207][T24290] netlink: 'syz.2.6067': attribute type 5 has an invalid length.
[ 1115.340505][T24290] netlink: 'syz.2.6067': attribute type 25 has an invalid length.
[ 1115.374915][T24292] FAULT_INJECTION: forcing a failure.
[ 1115.374915][T24292] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1115.390204][T24292] CPU: 1 UID: 0 PID: 24292 Comm: syz.2.6068 Not tainted 6.17.0-rc2-next-20250818-syzkaller #0 PREEMPT(full) 
[ 1115.390234][T24292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1115.390248][T24292] Call Trace:
[ 1115.390255][T24292]  <TASK>
[ 1115.390264][T24292]  dump_stack_lvl+0x189/0x250
[ 1115.390300][T24292]  ? __pfx____ratelimit+0x10/0x10
[ 1115.390325][T24292]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1115.390355][T24292]  ? __pfx__printk+0x10/0x10
[ 1115.390387][T24292]  ? rcu_is_watching+0x15/0xb0
[ 1115.390416][T24292]  should_fail_ex+0x414/0x560
[ 1115.390450][T24292]  _copy_to_user+0x31/0xb0
[ 1115.390478][T24292]  simple_read_from_buffer+0xe1/0x170
[ 1115.390507][T24292]  proc_fail_nth_read+0x1b3/0x220
[ 1115.390528][T24292]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1115.390550][T24292]  ? rw_verify_area+0x2a6/0x4d0
[ 1115.390573][T24292]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1115.390593][T24292]  vfs_read+0x1fd/0xa30
[ 1115.390616][T24292]  ? fdget_pos+0x247/0x320
[ 1115.390646][T24292]  ? __pfx___mutex_lock+0x10/0x10
[ 1115.390672][T24292]  ? __pfx_vfs_read+0x10/0x10
[ 1115.390700][T24292]  ? __fget_files+0x3a0/0x420
[ 1115.390727][T24292]  ? __fget_files+0x2a/0x420
[ 1115.390759][T24292]  ksys_read+0x145/0x250
[ 1115.390782][T24292]  ? __fget_files+0x3a0/0x420
[ 1115.390810][T24292]  ? __pfx_ksys_read+0x10/0x10
[ 1115.390833][T24292]  ? __pfx_sock_ioctl+0x10/0x10
[ 1115.390855][T24292]  ? rcu_is_watching+0x15/0xb0
[ 1115.390884][T24292]  do_syscall_64+0xfa/0x3b0
[ 1115.390920][T24292]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1115.390940][T24292]  ? clear_bhb_loop+0x60/0xb0
[ 1115.390963][T24292]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1115.390983][T24292] RIP: 0033:0x7f6e5c38d5fc
[ 1115.391002][T24292] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1115.391020][T24292] RSP: 002b:00007f6e5d214030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1115.391041][T24292] RAX: ffffffffffffffda RBX: 00007f6e5c5b5fa0 RCX: 00007f6e5c38d5fc
[ 1115.391056][T24292] RDX: 000000000000000f RSI: 00007f6e5d2140a0 RDI: 0000000000000004
[ 1115.391070][T24292] RBP: 00007f6e5d214090 R08: 0000000000000000 R09: 0000000000000000
[ 1115.391083][T24292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1115.391095][T24292] R13: 00007f6e5c5b6038 R14: 00007f6e5c5b5fa0 R15: 00007ffd9f210608
[ 1115.391118][T24292]  </TASK>
[ 1115.700475][T16372] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[ 1115.877366][T16372] usb 7-1: Using ep0 maxpacket: 32
[ 1115.879932][T16372] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1115.897117][T16372] usb 7-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[ 1115.897149][T16372] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1115.897172][T16372] usb 7-1: Product: syz
[ 1115.897187][T16372] usb 7-1: Manufacturer: syz
[ 1115.897203][T16372] usb 7-1: SerialNumber: syz
[ 1115.901085][T16372] usb 7-1: config 0 descriptor??
[ 1115.903531][T16372] usb 7-1: bad CDC descriptors
[ 1115.904441][T16372] usb 7-1: unsupported MDLM descriptors
[ 1116.124489][ T5952] usb 7-1: USB disconnect, device number 9
[ 1116.371342][T24314] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6074'.
[ 1116.428867][T24316] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6075'.
[ 1116.440797][T24316] tipc: Invalid UDP bearer configuration
[ 1116.440849][T24316] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[ 1116.569173][T24323] netlink: 'syz.4.6077': attribute type 27 has an invalid length.
[ 1116.675055][T24323] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1116.682855][T24323] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1117.084400][T16274] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1117.120362][T16274] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1117.142414][T16274] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1117.186734][T16274] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1117.356334][T24340] ptrace attach of "./syz-executor exec"[22881] was attempted by "./syz-executor exec"[24340]
[ 1117.436943][T24346] netlink: 'syz.6.6086': attribute type 31 has an invalid length.
[ 1117.445405][T24346] netlink: 'syz.6.6086': attribute type 1 has an invalid length.
[ 1117.457058][T24346] bridge0: port 1(bridge_slave_0) entered learning state
[ 1117.707854][ T5863] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[ 1117.847493][ T5863] usb 7-1: device descriptor read/64, error -71
[ 1118.097515][ T5863] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[ 1118.227523][ T5863] usb 7-1: device descriptor read/64, error -71
[ 1118.337787][ T5863] usb usb7-port1: attempt power cycle
[ 1118.687575][ T5863] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[ 1118.711026][ T5863] usb 7-1: device descriptor read/8, error -71
[ 1118.739269][T24372] ptrace attach of "./syz-executor exec"[22881] was attempted by "./syz-executor exec"[24372]
[ 1118.779250][T24375] netlink: 'syz.4.6096': attribute type 5 has an invalid length.
[ 1118.789402][T24375] netlink: 'syz.4.6096': attribute type 25 has an invalid length.
[ 1118.846574][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.852751][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.859162][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.865169][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.872048][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.878879][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.885010][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.891831][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.898056][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.903900][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.911586][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.918121][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.924848][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.933398][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.939787][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.945685][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.951990][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.958734][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.964881][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.971824][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.977831][ T5863] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[ 1118.978584][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.992030][T24381] /dev/rnullb0: Can't open blockdev
[ 1118.998332][T24381] /dev/rnullb0: Can't open blockdev
[ 1119.004211][T24381] /dev/rnullb0: Can't open blockdev
[ 1119.010735][T24381] /dev/rnullb0: Can't open blockdev
[ 1119.016570][T24381] /dev/rnullb0: Can't open blockdev
[ 1119.018837][ T5863] usb 7-1: device descriptor read/8, error -71
[ 1119.023180][T24381] /dev/rnullb0: Can't open blockdev
[ 1119.034527][T24381] /dev/rnullb0: Can't open blockdev
[ 1119.041083][T24381] /dev/rnullb0: Can't open blockdev
[ 1119.046903][T24381] /dev/rnullb0: Can't open blockdev
[ 1119.053337][T24381] /dev/rnullb0: Can't open blockdev
[ 1119.060802][T24381] /dev/rnullb0: Can't open blockdev
[ 1119.068949][T24381] /dev/rnullb0: Can't open blockdev
[ 1119.139707][ T5863] usb usb7-port1: unable to enumerate USB device
[ 1119.155253][T24393] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6100'.
[ 1119.326371][   T30] audit: type=1800 audit(1755526307.783:16): pid=24388 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.6099" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[ 1119.358276][T24400] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6104'.
[ 1119.368294][T24400] tipc: Invalid UDP bearer configuration
[ 1119.368338][T24400] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[ 1119.563675][T24405] ptrace attach of "./syz-executor exec"[15546] was attempted by "./syz-executor exec"[24405]
[ 1120.013208][T24418] netlink: 'syz.2.6110': attribute type 5 has an invalid length.
[ 1120.021381][T24418] netlink: 'syz.2.6110': attribute type 25 has an invalid length.
[ 1120.093352][T24422] /dev/rnullb0: Can't open blockdev
[ 1120.471386][T24439] netlink: 'syz.6.6117': attribute type 5 has an invalid length.
[ 1120.481305][T24439] netlink: 'syz.6.6117': attribute type 25 has an invalid length.
[ 1120.807404][ T5933] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[ 1120.834162][T24455] FAULT_INJECTION: forcing a failure.
[ 1120.834162][T24455] name failslab, interval 1, probability 0, space 0, times 0
[ 1120.847204][T24455] CPU: 0 UID: 0 PID: 24455 Comm: syz.6.6125 Not tainted 6.17.0-rc2-next-20250818-syzkaller #0 PREEMPT(full) 
[ 1120.847234][T24455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1120.847248][T24455] Call Trace:
[ 1120.847256][T24455]  <TASK>
[ 1120.847265][T24455]  dump_stack_lvl+0x189/0x250
[ 1120.847351][T24455]  ? __pfx____ratelimit+0x10/0x10
[ 1120.847375][T24455]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1120.847405][T24455]  ? __pfx__printk+0x10/0x10
[ 1120.847441][T24455]  should_fail_ex+0x414/0x560
[ 1120.847475][T24455]  should_failslab+0xa8/0x100
[ 1120.847500][T24455]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1120.847520][T24455]  ? skb_clone+0x212/0x3a0
[ 1120.847541][T24455]  skb_clone+0x212/0x3a0
[ 1120.847560][T24455]  __netlink_deliver_tap+0x404/0x850
[ 1120.847593][T24455]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1120.847620][T24455]  netlink_deliver_tap+0x19c/0x1b0
[ 1120.847647][T24455]  netlink_unicast+0x7fa/0x9e0
[ 1120.847673][T24455]  ? __pfx_netlink_unicast+0x10/0x10
[ 1120.847696][T24455]  ? netlink_sendmsg+0x642/0xb30
[ 1120.847722][T24455]  ? skb_put+0x11b/0x210
[ 1120.847751][T24455]  netlink_sendmsg+0x805/0xb30
[ 1120.847781][T24455]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1120.847809][T24455]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1120.847840][T24455]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1120.847870][T24455]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1120.847897][T24455]  __sock_sendmsg+0x219/0x270
[ 1120.847921][T24455]  ____sys_sendmsg+0x505/0x830
[ 1120.847953][T24455]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1120.847986][T24455]  ? import_iovec+0x74/0xa0
[ 1120.848013][T24455]  ___sys_sendmsg+0x21f/0x2a0
[ 1120.848044][T24455]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1120.848089][T24455]  ? __fget_files+0x2a/0x420
[ 1120.848115][T24455]  ? __fget_files+0x3a0/0x420
[ 1120.848138][T24455]  __x64_sys_sendmsg+0x19b/0x260
[ 1120.848161][T24455]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1120.848186][T24455]  ? __pfx_ksys_write+0x10/0x10
[ 1120.848208][T24455]  ? rcu_is_watching+0x15/0xb0
[ 1120.848229][T24455]  do_syscall_64+0xfa/0x3b0
[ 1120.848252][T24455]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1120.848274][T24455]  ? clear_bhb_loop+0x60/0xb0
[ 1120.848291][T24455]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1120.848306][T24455] RIP: 0033:0x7f163878ebe9
[ 1120.848320][T24455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1120.848333][T24455] RSP: 002b:00007f16396d2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1120.848349][T24455] RAX: ffffffffffffffda RBX: 00007f16389b5fa0 RCX: 00007f163878ebe9
[ 1120.848360][T24455] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[ 1120.848370][T24455] RBP: 00007f16396d2090 R08: 0000000000000000 R09: 0000000000000000
[ 1120.848379][T24455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1120.848390][T24455] R13: 00007f16389b6038 R14: 00007f16389b5fa0 R15: 00007fffebed0738
[ 1120.848406][T24455]  </TASK>
[ 1120.970272][ T5933] usb 3-1: config 0 has no interfaces?
[ 1120.981535][T24455] netlink: 'syz.6.6125': attribute type 5 has an invalid length.
[ 1121.001943][ T5933] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1121.005264][T24455] netlink: 'syz.6.6125': attribute type 25 has an invalid length.
[ 1121.171069][ T5933] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1121.180810][ T5933] usb 3-1: config 0 descriptor??
[ 1121.264416][T24459] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1121.272582][T24459] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1121.288155][T24459] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1121.296678][T24459] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1121.308359][ T1311] ieee802154 phy0 wpan0: encryption failed: -22
[ 1121.314746][ T1311] ieee802154 phy1 wpan1: encryption failed: -22
[ 1122.405689][T24468] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6130'.
[ 1136.703705][ T1311] ==================================================================
[ 1136.711867][ T1311] BUG: KASAN: slab-use-after-free in handle_tx+0x1ec/0x610
[ 1136.719314][ T1311] Read of size 8 at addr ffff88806683e020 by task aoe_tx0/1311
[ 1136.726872][ T1311] 
[ 1136.729221][ T1311] CPU: 1 UID: 0 PID: 1311 Comm: aoe_tx0 Not tainted 6.17.0-rc2-next-20250818-syzkaller #0 PREEMPT(full) 
[ 1136.729243][ T1311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1136.729254][ T1311] Call Trace:
[ 1136.729263][ T1311]  <TASK>
[ 1136.729271][ T1311]  dump_stack_lvl+0x189/0x250
[ 1136.729299][ T1311]  ? __virt_addr_valid+0x1c8/0x5c0
[ 1136.729316][ T1311]  ? rcu_is_watching+0x15/0xb0
[ 1136.729336][ T1311]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1136.729358][ T1311]  ? rcu_is_watching+0x15/0xb0
[ 1136.729394][ T1311]  ? lock_release+0x4b/0x3e0
[ 1136.729411][ T1311]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 1136.729429][ T1311]  ? __virt_addr_valid+0x1c8/0x5c0
[ 1136.729443][ T1311]  ? __virt_addr_valid+0x4a5/0x5c0
[ 1136.729458][ T1311]  print_report+0xca/0x240
[ 1136.729473][ T1311]  ? handle_tx+0x1ec/0x610
[ 1136.729488][ T1311]  kasan_report+0x118/0x150
[ 1136.729507][ T1311]  ? handle_tx+0x1ec/0x610
[ 1136.729524][ T1311]  handle_tx+0x1ec/0x610
[ 1136.729544][ T1311]  dev_hard_start_xmit+0x2d4/0x830
[ 1136.729574][ T1311]  __dev_queue_xmit+0x1b8d/0x3b50
[ 1136.729601][ T1311]  ? __dev_queue_xmit+0x27b/0x3b50
[ 1136.729617][ T1311]  ? rcu_is_watching+0x15/0xb0
[ 1136.729636][ T1311]  ? trace_sched_exit_tp+0x36/0x110
[ 1136.729652][ T1311]  ? __schedule+0x17ae/0x4cc0
[ 1136.729670][ T1311]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1136.729687][ T1311]  ? do_raw_spin_lock+0x121/0x290
[ 1136.729702][ T1311]  ? rcu_is_watching+0x15/0xb0
[ 1136.729722][ T1311]  ? do_raw_spin_unlock+0x122/0x240
[ 1136.729737][ T1311]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1136.729755][ T1311]  ? rcu_is_watching+0x15/0xb0
[ 1136.729775][ T1311]  ? rcu_is_watching+0x15/0xb0
[ 1136.729795][ T1311]  tx+0x6b/0x190
[ 1136.729808][ T1311]  ? __pfx_tx+0x10/0x10
[ 1136.729820][ T1311]  kthread+0x1d0/0x3e0
[ 1136.729843][ T1311]  ? __pfx_kthread+0x10/0x10
[ 1136.729862][ T1311]  ? __pfx_default_wake_function+0x10/0x10
[ 1136.729878][ T1311]  ? __kthread_parkme+0x7b/0x200
[ 1136.729899][ T1311]  ? __kthread_parkme+0x1a1/0x200
[ 1136.729921][ T1311]  kthread+0x711/0x8a0
[ 1136.729936][ T1311]  ? __pfx_kthread+0x10/0x10
[ 1136.729955][ T1311]  ? __pfx_kthread+0x10/0x10
[ 1136.729968][ T1311]  ? rcu_is_watching+0x15/0xb0
[ 1136.729987][ T1311]  ? __pfx_kthread+0x10/0x10
[ 1136.730001][ T1311]  ret_from_fork+0x3f9/0x770
[ 1136.730022][ T1311]  ? __pfx_ret_from_fork+0x10/0x10
[ 1136.730044][ T1311]  ? __switch_to_asm+0x39/0x70
[ 1136.730064][ T1311]  ? __switch_to_asm+0x33/0x70
[ 1136.730079][ T1311]  ? __pfx_kthread+0x10/0x10
[ 1136.730093][ T1311]  ret_from_fork_asm+0x1a/0x30
[ 1136.730114][ T1311]  </TASK>
[ 1136.730119][ T1311] 
[ 1136.985150][ T1311] Allocated by task 20199:
[ 1136.990202][ T1311]  kasan_save_track+0x3e/0x80
[ 1136.995182][ T1311]  __kasan_kmalloc+0x93/0xb0
[ 1136.999896][ T1311]  __kmalloc_cache_noprof+0x230/0x3d0
[ 1137.005471][ T1311]  alloc_tty_struct+0xa6/0x780
[ 1137.010249][ T1311]  tty_init_dev+0x59/0x4d0
[ 1137.014673][ T1311]  tty_open+0x5ab/0xd10
[ 1137.019296][ T1311]  chrdev_open+0x4cc/0x5e0
[ 1137.023731][ T1311]  do_dentry_open+0x953/0x13f0
[ 1137.028513][ T1311]  vfs_open+0x3b/0x340
[ 1137.032764][ T1311]  path_openat+0x2ee5/0x3830
[ 1137.037562][ T1311]  do_filp_open+0x1fa/0x410
[ 1137.042072][ T1311]  do_sys_openat2+0x121/0x1c0
[ 1137.046853][ T1311]  __x64_sys_openat+0x138/0x170
[ 1137.051766][ T1311]  do_syscall_64+0xfa/0x3b0
[ 1137.056544][ T1311]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1137.062715][ T1311] 
[ 1137.065411][ T1311] Freed by task 13808:
[ 1137.069480][ T1311]  kasan_save_track+0x3e/0x80
[ 1137.074179][ T1311]  kasan_save_free_info+0x46/0x50
[ 1137.079235][ T1311]  __kasan_slab_free+0x5b/0x80
[ 1137.084363][ T1311]  kfree+0x18e/0x440
[ 1137.088424][ T1311]  process_scheduled_works+0xade/0x17b0
[ 1137.094209][ T1311]  worker_thread+0x8a0/0xda0
[ 1137.098913][ T1311]  kthread+0x711/0x8a0
[ 1137.103016][ T1311]  ret_from_fork+0x3f9/0x770
[ 1137.108325][ T1311]  ret_from_fork_asm+0x1a/0x30
[ 1137.114084][ T1311] 
[ 1137.116457][ T1311] Last potentially related work creation:
[ 1137.122187][ T1311]  kasan_save_stack+0x3e/0x60
[ 1137.127008][ T1311]  kasan_record_aux_stack+0xbd/0xd0
[ 1137.133287][ T1311]  insert_work+0x3d/0x330
[ 1137.137907][ T1311]  __queue_work+0xcd2/0xfb0
[ 1137.149850][ T1311]  queue_work_on+0x181/0x270
[ 1137.154568][ T1311]  tty_release_struct+0xb8/0xd0
[ 1137.160847][ T1311]  tty_release+0xcb0/0x1640
[ 1137.168008][ T1311]  __fput+0x449/0xa70
[ 1137.172515][ T1311]  task_work_run+0x1d4/0x260
[ 1137.178974][ T1311]  do_exit+0x6b5/0x2300
[ 1137.183523][ T1311]  do_group_exit+0x21c/0x2d0
[ 1137.188658][ T1311]  get_signal+0x1286/0x1340
[ 1137.194823][ T1311]  arch_do_signal_or_restart+0x9a/0x750
[ 1137.201047][ T1311]  exit_to_user_mode_loop+0x75/0x130
[ 1137.206761][ T1311]  do_syscall_64+0x2bd/0x3b0
[ 1137.212100][ T1311]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1137.218121][ T1311] 
[ 1137.220563][ T1311] The buggy address belongs to the object at ffff88806683e000
[ 1137.220563][ T1311]  which belongs to the cache kmalloc-cg-2k of size 2048
[ 1137.235259][ T1311] The buggy address is located 32 bytes inside of
[ 1137.235259][ T1311]  freed 2048-byte region [ffff88806683e000, ffff88806683e800)
[ 1137.249695][ T1311] 
[ 1137.252253][ T1311] The buggy address belongs to the physical page:
[ 1137.258827][ T1311] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806683f000 pfn:0x66838
[ 1137.269610][ T1311] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1137.278495][ T1311] memcg:ffff88802eca0281
[ 1137.283114][ T1311] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[ 1137.292089][ T1311] page_type: f5(slab)
[ 1137.296096][ T1311] raw: 00fff00000000240 ffff88801a84b3c0 ffffea0000cd4e10 ffffea0000cfec10
[ 1137.304700][ T1311] raw: ffff88806683f000 0000000000080003 00000000f5000000 ffff88802eca0281
[ 1137.313424][ T1311] head: 00fff00000000240 ffff88801a84b3c0 ffffea0000cd4e10 ffffea0000cfec10
[ 1137.322119][ T1311] head: ffff88806683f000 0000000000080003 00000000f5000000 ffff88802eca0281
[ 1137.330919][ T1311] head: 00fff00000000003 ffffea00019a0e01 00000000ffffffff 00000000ffffffff
[ 1137.339623][ T1311] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1137.348394][ T1311] page dumped because: kasan: bad access detected
[ 1137.354857][ T1311] page_owner tracks the page as allocated
[ 1137.360590][ T1311] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 19758, tgid 19757 (syz.1.4491), ts 914740198587, free_ts 914713642654
[ 1137.383469][ T1311]  post_alloc_hook+0x240/0x2a0
[ 1137.388898][ T1311]  get_page_from_freelist+0x21e4/0x22c0
[ 1137.394560][ T1311]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1137.400559][ T1311]  alloc_pages_mpol+0x232/0x4a0
[ 1137.405425][ T1311]  allocate_slab+0x8a/0x370
[ 1137.410042][ T1311]  ___slab_alloc+0xbeb/0x1410
[ 1137.414726][ T1311]  __kmalloc_node_track_caller_noprof+0x2f8/0x4e0
[ 1137.421146][ T1311]  kmemdup_noprof+0x2b/0x70
[ 1137.425753][ T1311]  neigh_sysctl_register+0x9f/0xa80
[ 1137.430972][ T1311]  addrconf_sysctl_register+0xb3/0x1c0
[ 1137.436722][ T1311]  ipv6_add_dev+0xd46/0x1370
[ 1137.441365][ T1311]  addrconf_notify+0x794/0x1010
[ 1137.446240][ T1311]  notifier_call_chain+0x1b6/0x3e0
[ 1137.451509][ T1311]  register_netdevice+0x1608/0x1ae0
[ 1137.457403][ T1311]  __ip_tunnel_create+0x3e7/0x560
[ 1137.462566][ T1311]  ip_tunnel_init_net+0x2ba/0x800
[ 1137.467882][ T1311] page last free pid 19757 tgid 19757 stack trace:
[ 1137.474400][ T1311]  __free_frozen_pages+0xbc4/0xd30
[ 1137.479640][ T1311]  __put_partials+0x156/0x1a0
[ 1137.484352][ T1311]  put_cpu_partial+0x17c/0x250
[ 1137.489502][ T1311]  __slab_free+0x2d5/0x3c0
[ 1137.494412][ T1311]  qlist_free_all+0x97/0x140
[ 1137.499046][ T1311]  kasan_quarantine_reduce+0x148/0x160
[ 1137.504535][ T1311]  __kasan_slab_alloc+0x22/0x80
[ 1137.509405][ T1311]  __kmalloc_noprof+0x224/0x4f0
[ 1137.514469][ T1311]  tomoyo_encode+0x28b/0x550
[ 1137.519437][ T1311]  tomoyo_path_perm+0x2b3/0x4b0
[ 1137.524478][ T1311]  tomoyo_path_symlink+0xa3/0xe0
[ 1137.529513][ T1311]  security_path_symlink+0x177/0x380
[ 1137.534817][ T1311]  do_symlinkat+0x107/0x3f0
[ 1137.539449][ T1311]  __x64_sys_symlinkat+0x95/0xb0
[ 1137.544422][ T1311]  do_syscall_64+0xfa/0x3b0
[ 1137.549035][ T1311]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1137.555142][ T1311] 
[ 1137.557501][ T1311] Memory state around the buggy address:
[ 1137.563274][ T1311]  ffff88806683df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1137.571619][ T1311]  ffff88806683df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1137.580576][ T1311] >ffff88806683e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1137.589281][ T1311]                                ^
[ 1137.594542][ T1311]  ffff88806683e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1137.603161][ T1311]  ffff88806683e100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1137.611545][ T1311] ==================================================================
[ 1137.619728][ T1311] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1137.627151][ T1311] CPU: 1 UID: 0 PID: 1311 Comm: aoe_tx0 Not tainted 6.17.0-rc2-next-20250818-syzkaller #0 PREEMPT(full) 
[ 1137.638561][ T1311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1137.648762][ T1311] Call Trace:
[ 1137.652075][ T1311]  <TASK>
[ 1137.655193][ T1311]  dump_stack_lvl+0x99/0x250
[ 1137.659830][ T1311]  ? __asan_memcpy+0x40/0x70
[ 1137.664457][ T1311]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1137.669786][ T1311]  ? __pfx__printk+0x10/0x10
[ 1137.674523][ T1311]  vpanic+0x281/0x750
[ 1137.678609][ T1311]  ? __pfx_vpanic+0x10/0x10
[ 1137.683665][ T1311]  ? rcu_is_watching+0x15/0xb0
[ 1137.688473][ T1311]  panic+0xb9/0xc0
[ 1137.692354][ T1311]  ? __pfx_panic+0x10/0x10
[ 1137.696903][ T1311]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 1137.702926][ T1311]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1137.708869][ T1311]  ? is_module_address+0x17/0xf0
[ 1137.713823][ T1311]  ? handle_tx+0x1ec/0x610
[ 1137.718312][ T1311]  check_panic_on_warn+0x89/0xb0
[ 1137.723279][ T1311]  ? handle_tx+0x1ec/0x610
[ 1137.727800][ T1311]  end_report+0x78/0x160
[ 1137.732163][ T1311]  kasan_report+0x129/0x150
[ 1137.736723][ T1311]  ? handle_tx+0x1ec/0x610
[ 1137.741613][ T1311]  handle_tx+0x1ec/0x610
[ 1137.745979][ T1311]  dev_hard_start_xmit+0x2d4/0x830
[ 1137.751250][ T1311]  __dev_queue_xmit+0x1b8d/0x3b50
[ 1137.757372][ T1311]  ? __dev_queue_xmit+0x27b/0x3b50
[ 1137.763191][ T1311]  ? rcu_is_watching+0x15/0xb0
[ 1137.768338][ T1311]  ? trace_sched_exit_tp+0x36/0x110
[ 1137.773573][ T1311]  ? __schedule+0x17ae/0x4cc0
[ 1137.778569][ T1311]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1137.784062][ T1311]  ? do_raw_spin_lock+0x121/0x290
[ 1137.789374][ T1311]  ? rcu_is_watching+0x15/0xb0
[ 1137.794198][ T1311]  ? do_raw_spin_unlock+0x122/0x240
[ 1137.799762][ T1311]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1137.805674][ T1311]  ? rcu_is_watching+0x15/0xb0
[ 1137.810503][ T1311]  ? rcu_is_watching+0x15/0xb0
[ 1137.815303][ T1311]  tx+0x6b/0x190
[ 1137.818863][ T1311]  ? __pfx_tx+0x10/0x10
[ 1137.823030][ T1311]  kthread+0x1d0/0x3e0
[ 1137.827140][ T1311]  ? __pfx_kthread+0x10/0x10
[ 1137.831840][ T1311]  ? __pfx_default_wake_function+0x10/0x10
[ 1137.837674][ T1311]  ? __kthread_parkme+0x7b/0x200
[ 1137.842630][ T1311]  ? __kthread_parkme+0x1a1/0x200
[ 1137.847944][ T1311]  kthread+0x711/0x8a0
[ 1137.852231][ T1311]  ? __pfx_kthread+0x10/0x10
[ 1137.857152][ T1311]  ? __pfx_kthread+0x10/0x10
[ 1137.862717][ T1311]  ? rcu_is_watching+0x15/0xb0
[ 1137.868062][ T1311]  ? __pfx_kthread+0x10/0x10
[ 1137.872761][ T1311]  ret_from_fork+0x3f9/0x770
[ 1137.877570][ T1311]  ? __pfx_ret_from_fork+0x10/0x10
[ 1137.882897][ T1311]  ? __switch_to_asm+0x39/0x70
[ 1137.887772][ T1311]  ? __switch_to_asm+0x33/0x70
[ 1137.892907][ T1311]  ? __pfx_kthread+0x10/0x10
[ 1137.897912][ T1311]  ret_from_fork_asm+0x1a/0x30
[ 1137.902741][ T1311]  </TASK>
[ 1137.906255][ T1311] Kernel Offset: disabled
[ 1137.910600][ T1311] Rebooting in 86400 seconds..