last executing test programs:

34m26.094918579s ago: executing program 32 (id=26):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)={0x38, 0x1403, 0x1, 0x0, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vxcan1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x200c08a5}, 0x8000)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000180)={'vxcan1\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r3, {0x7, 0x6}, {0xffff}, {0x1}}}, 0x24}}, 0x0)

29m0.837025435s ago: executing program 33 (id=1023):
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
gettid()
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
timer_create(0x3, &(0x7f0000533fa0)={0x0, 0x21, 0x2, @tid=r0}, &(0x7f0000000200))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r1 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r2 = socket(0x40000000015, 0x5, 0x0)
setsockopt$sock_int(r2, 0x1, 0x23, &(0x7f0000000000)=0x2, 0x4)
bind$inet(r2, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
recvmmsg(r2, &(0x7f00000040c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000015c0)=""/127, 0x7f}}], 0x1, 0x0, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)
fcntl$setlease(r1, 0x400, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0)
ppoll(&(0x7f0000000000)=[{r3, 0x4c}], 0x1, 0x0, 0x0, 0x0)
mq_open(&(0x7f0000000780)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O', 0x1, 0x136, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000)

19m6.358783716s ago: executing program 34 (id=2952):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000480)={0x3, @sliced={0x1, [0x3a3e, 0x7000, 0x9, 0x1, 0x2, 0x2a6, 0x7ff, 0x4f, 0x9, 0x800, 0x2, 0x9a, 0x5, 0x6, 0x8001, 0xb, 0x26da, 0x9, 0x5, 0x2, 0x1, 0x7, 0x5, 0xffff, 0x4, 0x4, 0x0, 0xb, 0x101, 0x3, 0x3fe, 0x200, 0x7, 0xcb2f, 0x3ff, 0x7, 0x7, 0x8, 0x7, 0xe0c6, 0x8, 0x48, 0x7, 0x0, 0x0, 0x5, 0x0, 0x7], 0xcaa4}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0)
r0 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000180)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
r3 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r3, &(0x7f00000001c0)={0xa, 0x4, 0x3ff, @empty, 0x1}, 0x1c)
pselect6(0x40, &(0x7f0000000200)={0x4, 0xfffffffffffffffd, 0x5, 0x4, 0x5, 0xb, 0x2, 0x2}, &(0x7f00000002c0)={0x0, 0x3, 0xdb53, 0x1, 0x4008, 0x7, 0x18, 0x800}, 0x0, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000002c00)=@IORING_OP_TIMEOUT={0xb, 0x11, 0x0, 0x0, 0x7, &(0x7f0000000100), 0x1, 0x8, 0x1})
io_uring_enter(r0, 0x627, 0xc1040000, 0x43, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x1, 0x84)
clock_settime(0x2, &(0x7f0000000080))
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
ioperm(0x0, 0x6, 0x2da3b9f3)
r5 = openat$binder_debug(0xffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
fchown(r5, 0x0, 0xffffffffffffffff)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0xe2981)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
ioctl(r7, 0x8b21, &(0x7f0000000040))
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r6, &(0x7f0000000000)=[{0x84, 0x40, 0x0, 0x0, @tick=0xb7, {}, {}, @raw32={[0x2600, 0x0, 0x2000]}}], 0x1c)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)

19m6.118919813s ago: executing program 35 (id=2966):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r4, 0x0, 0xc8, &(0x7f0000003d40), 0x4)

19m5.431266511s ago: executing program 36 (id=2965):
r0 = landlock_create_ruleset(&(0x7f00000001c0)={0xe01f, 0x0, 0x3}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0) (async)
r1 = socket$unix(0x1, 0x1, 0x0) (async, rerun: 64)
r2 = socket$unix(0x1, 0x1, 0x0) (rerun: 64)
bind$unix(r2, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (async)
listen(r2, 0x0) (async, rerun: 32)
connect$unix(r1, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (async, rerun: 32)
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x1, 0x4, [{0x0, 0x2, 0x10000}]}]}}, 0x0, 0x32, 0x0, 0x1, 0x741, 0x0, @void, @value}, 0x28) (async)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) (async, rerun: 32)
r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x101041, 0x0) (rerun: 32)
ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x4, <r6=>r4})
lseek(r6, 0x3cb991db, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, <r7=>0xffffffffffffffff}) (async, rerun: 32)
r8 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 32)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000006a0083130000000000000500000000000000000008000e0000000008"], 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x40040c0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r9=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="3400000011000100000000000000000007000000", @ANYRES32=r9, @ANYBLOB="000000000000000014001a80100005800c00058008"], 0x34}}, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0)
ioctl$I2C_TIMEOUT(r6, 0x702, 0x4d869bbf) (async, rerun: 64)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) (rerun: 64)
ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60) (async, rerun: 64)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) (rerun: 64)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x24)
r13 = dup(r12)
ioctl$KVM_SET_VAPIC_ADDR(r13, 0x4008ae93, &(0x7f00000002c0)=0x10000)
r14 = socket$nl_rdma(0x10, 0x3, 0x14)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r14, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)

19m5.34297703s ago: executing program 37 (id=2964):
madvise(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x4)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000140), 0x2, 0x1c1301)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x23b, &(0x7f0000000740)={0x0, 0x1c29, 0x1, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="020300080e0000000000000000d00a0000000500060000000e000a004e20000000e7fd8000000000000000000000000000bb06000000000000000200010000000000000000020000000005000500000000000a004e22fffffffe000000000000000000000000000000013e49a9031bd234be"], 0x70}}, 0x0)
io_uring_enter(r2, 0x2ded, 0xc7aa, 0x10, 0x0, 0x0)
r6 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
flock(r6, 0x2)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r7, 0x5453, 0x0)
ioctl$TIOCMGET(r7, 0x5415, 0x0)
r8 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
flock(r8, 0x1)
r9 = socket(0x1e, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000000)={0x4}, 0x10)
write(r9, &(0x7f0000000240)="240000001a007f0214f9f4070009040803000000000000050000000008000f40fe00000e", 0x24)
r10 = socket$inet(0x2, 0x80002, 0x1)
bind$inet(r10, &(0x7f0000000200)={0x2, 0x4e20, @broadcast}, 0x10)
bind$inet(r9, &(0x7f0000000040)={0x2, 0x4e20, @rand_addr=0x64010101}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

19m4.960376997s ago: executing program 38 (id=2962):
r0 = socket(0x10, 0x80002, 0x0)
syz_usb_connect(0x2, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004366b408c70b0800c84f0102030109022d00010000000009040000032eb47d000905f9ffffff00000009050f47d5"], 0x0)
r1 = socket(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9}, &(0x7f0000000240)=<r4=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r3, 0xdb4, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r3, 0x18, &(0x7f0000000000)={0x6, 0xffffffffffffffff, 0x21, {0x4, 0x1}, 0x6}, 0x1)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r7 = ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f00000001c0)={0x0, 0x1, [{0xffffffffffffffff, 0x0, 0x0, 0x100000000}]})
dup2(r7, r5)
accept4(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x80000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge0\x00'})
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[], 0xb8}}, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x215, 0x100000}}, 0x4c}, 0x1, 0xba01}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="380000005400e5ea29bd7000ffffffff07000002", @ANYRES32=r2, @ANYBLOB="20000100", @ANYRES32=r2, @ANYBLOB="01030300ff"], 0x38}, 0x1, 0x0, 0x0, 0x2800}, 0x40084c0)

13m2.733741701s ago: executing program 39 (id=4223):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
writev(r0, &(0x7f0000000440)=[{&(0x7f0000000080)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e9001c329d90491ceaebfd26d4eef23248000000fc58dbb8a19052343f", 0x32}, {&(0x7f0000000100)="051a00000e", 0x5}, {&(0x7f0000000240)="7a0e1d", 0x3}], 0x3) (fail_nth: 2)

11m19.748666784s ago: executing program 40 (id=4535):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x101040, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141082)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r3 = accept(r2, 0x0, 0x0)
sendmmsg$alg(r3, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0x33a77c20f21f5ff8}], 0x1, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmsg(r3, &(0x7f000000b680)={0x0, 0xfffffe58, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x4}, {&(0x7f000000b500)=""/153, 0xfb7b}], 0x2}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
sched_setscheduler(0x0, 0x1, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
setsockopt$packet_int(r4, 0x107, 0xf, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r5, 0x1, 0xa, &(0x7f0000000180), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000080))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x15, 0x1, 0x2, 0x0, {0xe}}, 0x14}}, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000280)={0xffffffff}, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000004200010a2fbd0f7000fddbdf2516000000612136602a2b43ee6490cd0025bd8f9d46aa0d60c63023398427f8024c4e86552ebe839952d1586f9e7faa2e615b347794e6203144e65bf1377292111946389a6bee81e23908b5036955ee6128e7e26ff67048824fd39bc7e21e6261ac8de6dad55665a1e447b7b342"], 0x14}}, 0x0)
recvmsg$unix(r5, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x10111)

11m2.141458533s ago: executing program 41 (id=4579):
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000000)=@ipv4_newaddr={0x38, 0x14, 0x509, 0x1, 0x25dfdbfd, {0x2, 0x10, 0x0, 0xcb, r2}, [@IFA_RT_PRIORITY={0x8, 0x9, 0x4}, @IFA_ADDRESS={0x8, 0x1, @private=0xa010102}, @IFA_ADDRESS={0x8, 0x1, @empty}, @IFA_FLAGS={0x8, 0x8, 0x210}]}, 0x38}}, 0x0)
accept4$x25(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0x80000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000140)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x400, @loopback={0xff00000000000000}, 0xff}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000100)="8000102e7577d401", 0x8}], 0x1, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000010000029000000040000002900000000000000180000000000000029000000040000"], 0x30}}], 0x1, 0x800)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x8000000004)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r7, &(0x7f0000000000), 0xd)
writev(r6, &(0x7f0000000640)=[{&(0x7f0000000240)="961c11c25b48775f758c3c3202a25eb45d63e85e334a2e9ca162972017bc33d08cda38e846b851d6f000aef642c852433fe7829b98c1b029a414fe025e291c86ee1485bd245737f91802953fdf2155a467c7c71c91e30f7ad0398e3c2cb2a9e0e279cce3d20ee9c333b56bcea677efb08acb49827dfe706538bd27e393102bb027adb24067899297", 0x88}, {&(0x7f0000000300)="7f4db49ae837d54d96b93a8ee4b6eefc14b43c8894999a84a71d77fdf16e6f0b4022530c0a7f774bda1f63d77bc755cc20c2971a1e9e8b6fd5e8546be11d2b02235d4e67f112117f91e2fac18d85455cd1364139f9475be788b54d8239b0de4be6cc6d50a61804c40d5ef2d4", 0x6c}, {&(0x7f0000000400)="c4fc0fbb0dc44376d055be9ba3e36781e824dc8d581695a8c0cbaca54532ff442d0e44b097107568e9a88e42310820c8827df9990dc728ba8932a478babfb1a01f2d1a51237c63f37aaf0b1f0333b5fcabda66a4d2ba96256b695f90913a7482a9597167b7b8969137a7a2bdacdfb3ff4c4eee04ae7c8dc13665944fb54a76a4b1f4ced4ff9f0830ae0863b9f5de5ec6e5d9994111f41fc8a145a81792ce329f46d58a8f160d9c606c0b2a03aba5e114676ce9734d", 0xb5}, {&(0x7f0000000500)="67bd51827e86c64c9a5bd076656dd2b24b1bb2d2a2a5dfe04f66759ecfe850762a6663044b80f6cb49c4117bcc4601ce503ed6eb6457eb38", 0x38}, {0x0}], 0x5)
mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', 0x0, 0x200000, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000100), 0x80000, 0x0)
dup(0xffffffffffffffff)

10m15.112431687s ago: executing program 8 (id=4681):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, 0x0, 0x0, <r2=>0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r2, 0x0, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)}) (fail_nth: 2)

10m13.851117815s ago: executing program 8 (id=4685):
syz_emit_ethernet(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = syz_open_dev$sg(0x0, 0x0, 0x5)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/disk', 0x169a82, 0x18c)
ioctl$PTP_SYS_OFFSET(0xffffffffffffffff, 0xc0403d08, 0xffffffffffffffff)
ioctl$SG_IO(r1, 0x2285, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x8000000003c)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)

10m12.96281778s ago: executing program 7 (id=4689):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = socket$igmp6(0xa, 0x3, 0x2)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x8a, 0x8d, 0x1c, 0x40, 0x57c, 0x2200, 0x34b1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xe4, 0x0, 0x2, 0x55, 0xcd, 0x89, 0x0, [], [{{0x9, 0x5, 0xf, 0x8, 0x0, 0xfc, 0xd, 0x5}}, {{0x9, 0x5, 0x7, 0x4, 0x8, 0x4, 0x6, 0xf8}}]}}]}}]}}, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000a80)=@raw={'raw\x00', 0x8, 0x3, 0x4a8, 0x0, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x3d8, 0xffffffff, 0xffffffff, 0x3d8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x128, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x508)
socket$inet6(0xa, 0x3, 0x3c)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000200)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="5a400486852da7a299e4c3976140a6db2edf1767f1570000", 0x18}], 0x1, &(0x7f0000000480)}], 0x1, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0x1, 0x5479, 0x103f, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6b], 0x2000, 0x808d6})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

10m12.848802154s ago: executing program 8 (id=4692):
r0 = gettid()
capset(&(0x7f0000000140)={0x20080522, r0}, &(0x7f00000000c0)={0x0, 0x0, 0x5, 0x4, 0x5})
r1 = syz_open_procfs(r0, 0x0)
write$smackfs_labels_list(r1, &(0x7f0000000080)={[{'@.-&#^\')%+'}]}, 0xc)

10m11.668810075s ago: executing program 42 (id=4691):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x10000008, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
keyctl$dh_compute(0x17, &(0x7f0000000040), 0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)={'sha1-generic\x00'}})
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
openat$tun(0xffffffffffffff9c, &(0x7f0000000440), 0x68c01, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r5)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r5, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'})

10m11.663640428s ago: executing program 8 (id=4694):
syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000100)={0x640, 0x300, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, {}, {0x0, 0x20000000}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x217ec793, 0x0, 0x0, 0x0, 0x0, 0xc})
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b7000000ff000003bfa30000000000000703000000feffff620af0fff8ffffff71a4f0ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40485404, &(0x7f0000000180)={{0x2, 0x2, 0x38000, 0x0, 0xfffffffc}, 0x9, 0x7})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="28000000020601020000000000000000010000000500040000000000090002007379"], 0x28}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffc}, 0x18)
write$binfmt_misc(r0, &(0x7f0000000040), 0xe09)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_CQ_RING(&(0x7f00008ba000/0x4000)=nil, 0x4000, 0x2, 0x2010, 0xffffffffffffffff, 0x8000000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x79, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0, 0x81, 0x1080a422012f758f})
r3 = syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1000, 0x5cc}, &(0x7f0000000300)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0)
mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x4, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1})
io_uring_enter(r3, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

10m10.48059051s ago: executing program 8 (id=4698):
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000000)={0x0, 0x3}, &(0x7f0000000040)=0x8) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0xc09, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @initdev={0xac, 0x1e, 0x0, 0x0}}]}}}, @IFLA_ADDRESS={0xa, 0x1, @local}]}, 0x48}}, 0x0) (async)
r2 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) (async)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000000c0)='xfrm0\x00', 0x10) (async)
setsockopt$sock_int(r2, 0x1, 0x5, &(0x7f0000000080)=0x8a5, 0x4) (async)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f00000001c0)={{0x1}}) (async)
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000140)={{0x0, 0x3, 0x0, 0x2, 0x2}})
sendmmsg$inet(r2, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0x0)

10m9.820998011s ago: executing program 7 (id=4701):
syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x10, 0x0, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r1}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x10, &(0x7f0000000480)=ANY=[@ANYRES8=r0, @ANYRES32=r1, @ANYBLOB], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00')
acct(0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x40f00, 0x67, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r2}, 0x18)
io_setup(0x8, &(0x7f0000004200))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000000)='system.posix_acl_default\x00', 0x0, 0xfe44, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
open(0x0, 0x44842, 0x0)
io_pgetevents(0x0, 0x6, 0x1, &(0x7f0000000340)=[{}], &(0x7f0000000380), &(0x7f0000000600)={&(0x7f00000005c0)={[0x9]}, 0x8})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r3, 0x5607, 0x2c)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
ioctl$TIOCL_SETVESABLANK(r5, 0x560e, &(0x7f0000000140))
r6 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$TIOCL_BLANKSCREEN(r6, 0x541c, &(0x7f0000000000))
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000001800)={'#! ', './file1/../file0', [{0x20, '@&,,\\{$'}, {0x20, '\f\xc2x?\x00\x00W\xca\xb7\xb1\x8e\xeb\xdc\xbbQ-\xee\x80\xf3\xc2\xe5\xedj|\x9b\xd9) \vL\x1b_m9\xa4\xd5\x15\x01\xa7\x19\x92q\x85D\x8b~\xffH9\x88\x8a\xddf0\xea1\xf1*]\xc3\x9agH\x01\x9b\xe8*%\x8d\xe0}\xed\xc8%\xban2\xfd\x1e^\x02*q0\xc5\xcbc\xc1\a\xee\xf1~\xdb\xae\'\x05r\xb1\xb4R e^\xa0\xdf\xf9'}, {0x20, '\x00\x00\x00\x00Z\x00-\x9e\v\xed?\xa3\xe4S\tSD\xb0\x9fU\xa9L\xc3\x9f\x18\x89\xc7\x1fc\xc8UEN\xfaZH\xd3\xact\x8e\xefN?kr\xe8?1y\t\r\xe1\xd7\x81\xf0\x9e\x9e\xa5\x92m\xa6\x87Uy\xeav\xb7Y4\xe0\xb9\xf9!\xdbY!\xder\x81\x8d\xfa\v.\xbb\xe0Q\xdb\xa4\xcd5\xcf\x04fm]\xd9\x1b\xe5`\xb2\xd6\x9fV\xb9D\xfa\xe9\xe0\xdcEJ\xef\'\x0fZu\f\v\xc2\xaf\xdd\x80\xac\xe7!g|\a\x00\xbb\x80FK\x94\x7f\x8a \x94\xc5\xfb\xe0\x03W#\x1c\x9au\xf6\xb1N\xdaL\xdb/c\x84\xf8b\r\x90\x94\n\x93\xd5\x00\x00\x00\x00\x00\x00\x00'}, {0x20, '&'}], 0xa, "0000783348b29e910024000029f50a899336010000000000000000ebf7fade3d580388d290d96721ec137228b60a0fd94415ad24ed37066498a2e1fed31075654e1b44ce9354e57979626903f434b5d6957398b43841d87d000e28863c05541ca0c925aa7abb20db364524f96af9fabc4777fc7aeb7cf194e16c05317ff4d8c1549b7682d66809e4"}, 0x1bd)

10m9.739312875s ago: executing program 8 (id=4703):
r0 = gettid()
capset(&(0x7f0000000140)={0x20080522, r0}, &(0x7f00000000c0)={0x0, 0x0, 0x5, 0x4, 0x5})
r1 = syz_open_procfs(r0, 0x0)
write$smackfs_labels_list(r1, &(0x7f0000000080)={[{'@.-&#^\')%+'}]}, 0xc)

10m8.956871832s ago: executing program 43 (id=4703):
r0 = gettid()
capset(&(0x7f0000000140)={0x20080522, r0}, &(0x7f00000000c0)={0x0, 0x0, 0x5, 0x4, 0x5})
r1 = syz_open_procfs(r0, 0x0)
write$smackfs_labels_list(r1, &(0x7f0000000080)={[{'@.-&#^\')%+'}]}, 0xc)

10m8.829020273s ago: executing program 7 (id=4707):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000005c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61965b7e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x6, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7f, 0x0, 0x1], [0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x199, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000], [0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x100000, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000]}, 0x45c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
prctl$PR_SET_NAME(0xf, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r1 = getpid()
r2 = syz_open_dev$sndctrl(&(0x7f00000001c0), 0xffff, 0x84080)
ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r2, 0xc0505510, &(0x7f0000000240)={0x200001, 0x9, 0xd, 0x1, &(0x7f0000000a40)=[{}, {}, {}, {}, {}, {}, {}, {}, {}]})
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000005b80)={{{@in6=@remote, @in=@loopback, 0x4e22, 0x0, 0x1, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x0, 0x0, 0x0, 0x6}, 0x2253, 0x6e6bb0}, {{@in6=@local, 0x4d2, 0x6c}, 0x0, @in6=@private2}}, 0xe8)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a0b040000000000000200fffe4c0004802800018007000100637400001c000280080001400000000208000240000000160500030000000000200001800700010063740000140002800800024031f8ca92080004400000000c0900010073797a30000000000900020073797a3200000000140000001100010000000000000000000500000a0000"], 0xa0}, 0x1, 0x0, 0x0, 0x840}, 0x0)
close(r5)
openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TCSBRKP(r6, 0x5425, 0x0)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0x3)

10m7.603362681s ago: executing program 7 (id=4708):
syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000100)={0x640, 0x300, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, {}, {0x0, 0x20000000}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x217ec793, 0x0, 0x0, 0x0, 0x0, 0xc})
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b7000000ff000003bfa30000000000000703000000feffff620af0fff8ffffff71a4f0ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40485404, &(0x7f0000000180)={{0x2, 0x2, 0x38000, 0x0, 0xfffffffc}, 0x9, 0x7})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="28000000020601020000000000000000010000000500040000000000090002007379"], 0x28}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffc}, 0x18)
write$binfmt_misc(r0, &(0x7f0000000040), 0xe09)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_CQ_RING(&(0x7f00008ba000/0x4000)=nil, 0x4000, 0x2, 0x2010, 0xffffffffffffffff, 0x8000000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x79, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0, 0x81, 0x1080a422012f758f})
r3 = syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1000, 0x5cc}, &(0x7f0000000300)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0)
mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x4, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1})
io_uring_enter(r3, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

10m6.59504699s ago: executing program 7 (id=4709):
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001640)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f42fc3199f000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af735ed41793bdf9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbc68223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f00001000000000eeff7c5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729eec082830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d424c14283a94395b64645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d620100000000000000494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd779a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9b0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000002684c2d8eb8cac98930fa6a893ca44c0f64c07a87eb7b05f56ca6c70cb3a0eb328a15fe96a88235155e6d64bd434f641ddf9db2245e47e5904453577895dd81d"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='rcu_utilization\x00', r0}, 0x18)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r5, &(0x7f0000000080)={0x1d, 0x0, 0x0, {0x0, 0x0, 0x4}}, 0x18)
sendmsg$can_j1939(r5, &(0x7f00000001c0)={&(0x7f0000000040)={0x1d, 0x0, 0x0, {0x0, 0xf1, 0x3}}, 0x18, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x240000ef)
r6 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180))
ioctl$SG_IO(r6, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x3, 0x0}, &(0x7f0000000500)="43dd93573829", 0x0, 0x0, 0x0, 0x0, 0x0})
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0)

10m5.987779447s ago: executing program 7 (id=4712):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$int_in(r1, 0x5452, &(0x7f0000000000)=0xf4e)
r2 = socket$kcm(0x29, 0x5, 0x0)
dup(r2)
writev(r1, &(0x7f0000019880)=[{&(0x7f0000000400)="fb", 0xffffff5c}, {&(0x7f00000197c0)="1902eb02d5e5f29e59e1a7caec33eb76d2430da474d87e367f6598d026438b65eda8341073b6752abdcee080c8e1e876b25227c37d7dd79886ce33f13e857c8eda1cecf6ac36c03dbf54e3cb5136da5a33fee76fb3113f8b6700e9e5fc006b8eed665fed48738d59395ad07438c3610ae3976aac75caf2facafa21c25be3c2", 0x7f}], 0x2)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000780)={0xffffffffffffffff, 0x0, 0x25, 0x0, @val=@iter={0x0}}, 0x20)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27"})
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000200), 0x8)
sendto$inet6(r3, &(0x7f0000000180)="b8", 0x1, 0x2004c054, &(0x7f0000000140)={0xa, 0x4e23, 0x8000000, @loopback, 0xffffffff}, 0x1c)
unshare(0x2a020480)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000840)={0xa7, <r5=>0x0}, 0x8)
unshare(0x10000000)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r7=>0x0})
bind$can_j1939(r6, &(0x7f0000000080)={0x1d, r7, 0x0, {0x2, 0xf0, 0x1}, 0x1}, 0x18)
bind$can_j1939(r6, &(0x7f0000000340)={0x1d, r7, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x2, 0x1c, &(0x7f0000000300)=@raw=[@map_idx_val={0x18, 0x1, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0x2}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x2}, @generic={0x7, 0x9, 0x2, 0x2, 0xc6}, @ringbuf_query, @generic={0xba, 0x1, 0x4, 0xc, 0x7}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1025}}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, @printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xffffffff}}], &(0x7f0000000080)='GPL\x00', 0x200, 0x2a, &(0x7f0000000780)=""/42, 0x40f00, 0xa0, '\x00', r7, @fallback=0x2a, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x4, 0xfffffff4}, 0x8, 0x10, 0x0, 0x0, r5, r4, 0x0, 0x0, 0x0, 0x10, 0x100, @void, @value}, 0x94)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=r5, 0x4)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f00000002c0), 0x8c, 0x20000001, 0x0, 0x0, 0x0)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)

10m4.962253971s ago: executing program 44 (id=4712):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$int_in(r1, 0x5452, &(0x7f0000000000)=0xf4e)
r2 = socket$kcm(0x29, 0x5, 0x0)
dup(r2)
writev(r1, &(0x7f0000019880)=[{&(0x7f0000000400)="fb", 0xffffff5c}, {&(0x7f00000197c0)="1902eb02d5e5f29e59e1a7caec33eb76d2430da474d87e367f6598d026438b65eda8341073b6752abdcee080c8e1e876b25227c37d7dd79886ce33f13e857c8eda1cecf6ac36c03dbf54e3cb5136da5a33fee76fb3113f8b6700e9e5fc006b8eed665fed48738d59395ad07438c3610ae3976aac75caf2facafa21c25be3c2", 0x7f}], 0x2)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000780)={0xffffffffffffffff, 0x0, 0x25, 0x0, @val=@iter={0x0}}, 0x20)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27"})
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000200), 0x8)
sendto$inet6(r3, &(0x7f0000000180)="b8", 0x1, 0x2004c054, &(0x7f0000000140)={0xa, 0x4e23, 0x8000000, @loopback, 0xffffffff}, 0x1c)
unshare(0x2a020480)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000840)={0xa7, <r5=>0x0}, 0x8)
unshare(0x10000000)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r7=>0x0})
bind$can_j1939(r6, &(0x7f0000000080)={0x1d, r7, 0x0, {0x2, 0xf0, 0x1}, 0x1}, 0x18)
bind$can_j1939(r6, &(0x7f0000000340)={0x1d, r7, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x2, 0x1c, &(0x7f0000000300)=@raw=[@map_idx_val={0x18, 0x1, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0x2}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x2}, @generic={0x7, 0x9, 0x2, 0x2, 0xc6}, @ringbuf_query, @generic={0xba, 0x1, 0x4, 0xc, 0x7}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1025}}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, @printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xffffffff}}], &(0x7f0000000080)='GPL\x00', 0x200, 0x2a, &(0x7f0000000780)=""/42, 0x40f00, 0xa0, '\x00', r7, @fallback=0x2a, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x4, 0xfffffff4}, 0x8, 0x10, 0x0, 0x0, r5, r4, 0x0, 0x0, 0x0, 0x10, 0x100, @void, @value}, 0x94)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=r5, 0x4)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f00000002c0), 0x8c, 0x20000001, 0x0, 0x0, 0x0)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)

9m50.437419372s ago: executing program 4 (id=4740):
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0x0, 0x0)
write$char_usb(r0, 0x0, 0x0)

9m49.830400131s ago: executing program 4 (id=4743):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, 0x0)

9m49.531757123s ago: executing program 4 (id=4744):
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = dup(r1)
write$UHID_INPUT(r2, &(0x7f0000000ac0)={0xc, {"a2e3ad214fc752f91b25470987f70e06d038e7ff7fc6e5539b3264078b089b3b08346c060890e0878f0e1ac6e70a9b3368959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b313b0d095d0636cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62239c6f30e065cd5b91cd0a03000000000018001b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd7878a37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b412435139000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a4cd13c257ac06c7d8ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190ba4d7909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810ba2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e8134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b000000807ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d24145a2e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a0400000000000000f463661c953fcad6f37725c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2ca8378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa04006651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed004000000b53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f090056b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b5c7fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d050000002a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f463934c54edc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a3b89f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d3560aba573bd16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22005b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db239dfe785b54c34a0a5db4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbf4c807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9edbaaadaea56765404e0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901003a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d00000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d50b00", 0x1000}}, 0x1006)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x5, @ipv4={'\x00', '\xff\xff', @local}, 0xffffff}, 0x1c)
r3 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0xa, 0x0, 0x300, 0x0, 0x0, 0xfffffffd}})
syz_emit_ethernet(0x6e, &(0x7f0000000340)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x3a, 0x0, @mcast1, @loopback={0x0, 0xffffac1414aa}, [], "1e520b4c951ee12e"}}}}}}}, 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0x0, 0x0)
write$char_usb(r4, 0x0, 0x0)

9m48.353318202s ago: executing program 4 (id=4746):
syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000100)={0x640, 0x300, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, {}, {0x0, 0x20000000}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x217ec793, 0x0, 0x0, 0x0, 0x0, 0xc})
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b7000000ff000003bfa30000000000000703000000feffff620af0fff8ffffff71a4f0ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40485404, &(0x7f0000000180)={{0x2, 0x2, 0x38000, 0x0, 0xfffffffc}, 0x9, 0x7})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="28000000020601020000000000000000010000000500040000000000090002007379"], 0x28}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffc}, 0x18)
write$binfmt_misc(r0, &(0x7f0000000040), 0xe09)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_CQ_RING(&(0x7f00008ba000/0x4000)=nil, 0x4000, 0x2, 0x2010, 0xffffffffffffffff, 0x8000000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x79, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0, 0x81, 0x1080a422012f758f})
syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1000, 0x5cc}, &(0x7f0000000300)=<r3=>0x0, &(0x7f0000000080))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0)
mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

9m47.252682762s ago: executing program 4 (id=4750):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$OSF_MSG_REMOVE(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4048804}, 0x40)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
keyctl$chown(0x4, 0x0, 0xee01, 0xee00)
keyctl$KEYCTL_RESTRICT_KEYRING(0xb, 0x0, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xf, &(0x7f0000000580)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x101}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='tlb_flush\x00', r3}, 0x10)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000200)='source', &(0x7f0000000000)='\\\\\xe9\x838\x9d<\f\x91\a\xd4$\xae$\x91&6n @\xf4M\xba\xf2<\xd6A\xdb\xd7\xbeY@g\xcc\xca\n@\x06\xa3\xfe%\x11\xc9\xc5\xc4\x96\xb7b\xa7\x15R.\xa3`fd\xdc\x8b\x18rBl{\x82\\\xbeA\x17\n\f\xcd=\'\x11\x1bZ\x8e\xb1\xc3j$v\xefw\x96\\\\\xa2\xfc\xe3\xb8\xc7\x0f\xaa\x01\x00\x00\x00;\xd5\xcd4g+\xbd\xd1\xe0R\x9d\x18\x19a:\xa2\xdf\xbe\x8b\x89\x81', 0x0)

9m46.025326178s ago: executing program 4 (id=4752):
syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000100)={0x640, 0x300, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, {}, {0x0, 0x20000000}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x217ec793, 0x0, 0x0, 0x0, 0x0, 0xc})
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b7000000ff000003bfa30000000000000703000000feffff620af0fff8ffffff71a4f0ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40485404, &(0x7f0000000180)={{0x2, 0x2, 0x38000, 0x0, 0xfffffffc}, 0x9, 0x7})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="28000000020601020000000000000000010000000500040000000000090002007379"], 0x28}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffc}, 0x18)
write$binfmt_misc(r0, &(0x7f0000000040), 0xe09)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_CQ_RING(&(0x7f00008ba000/0x4000)=nil, 0x4000, 0x2, 0x2010, 0xffffffffffffffff, 0x8000000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x79, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0, 0x81, 0x1080a422012f758f})
syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1000, 0x5cc}, &(0x7f0000000300)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0)
mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x4, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1})
syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

9m45.139447102s ago: executing program 45 (id=4752):
syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000100)={0x640, 0x300, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, {}, {0x0, 0x20000000}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x217ec793, 0x0, 0x0, 0x0, 0x0, 0xc})
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b7000000ff000003bfa30000000000000703000000feffff620af0fff8ffffff71a4f0ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40485404, &(0x7f0000000180)={{0x2, 0x2, 0x38000, 0x0, 0xfffffffc}, 0x9, 0x7})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="28000000020601020000000000000000010000000500040000000000090002007379"], 0x28}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffc}, 0x18)
write$binfmt_misc(r0, &(0x7f0000000040), 0xe09)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_CQ_RING(&(0x7f00008ba000/0x4000)=nil, 0x4000, 0x2, 0x2010, 0xffffffffffffffff, 0x8000000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x79, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0, 0x81, 0x1080a422012f758f})
syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1000, 0x5cc}, &(0x7f0000000300)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0)
mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x4, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1})
syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

7m26.144810935s ago: executing program 0 (id=5215):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket(0x2b, 0x1, 0x1)
listen(r0, 0x5)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz0\x00', {0x3fe, 0x3, 0x4}, 0x51, [0x68d9, 0x5, 0x9, 0x8a4, 0x2, 0x3, 0x7fffffff, 0x80000001, 0x5, 0x1, 0x105, 0x3c6, 0xa, 0x6, 0xf70, 0x3, 0xe7, 0x7, 0x401, 0xbc5e, 0x0, 0x1, 0x4, 0xffff, 0xe, 0xb, 0x90, 0x20000000, 0x15098855, 0x6, 0x2, 0xfffffffb, 0x6, 0xc, 0xfffffff7, 0x4, 0xe7c, 0x7, 0x1ff4, 0x1, 0x1, 0x80000000, 0x401, 0x9, 0xbdc7, 0xb, 0x1, 0x9, 0x1, 0x1, 0xa, 0x2, 0x5, 0x9, 0x5, 0x9, 0x0, 0x3a26, 0x1000, 0x57f5, 0x2, 0x6, 0x7ff, 0xb8547353], [0x80000000, 0xffffffff, 0x4, 0x0, 0x7fffffff, 0x1, 0x553, 0x7, 0x2, 0xfffffffc, 0x8, 0xc, 0x36, 0xa, 0x6, 0x1, 0x9, 0x98, 0x8, 0xe56d, 0xa4, 0x4, 0x99d, 0x8, 0x0, 0xd, 0x5, 0x0, 0x6e38, 0x8000, 0xa, 0x2, 0x3, 0x0, 0x2, 0x7, 0x4, 0xd, 0x80000009, 0xfff, 0x4, 0x0, 0x40, 0x1, 0x6, 0x6, 0x8, 0x0, 0x34f1, 0x1ff, 0x4, 0x1b2c5a17, 0x0, 0x9, 0x7, 0x9, 0xffffffff, 0x1, 0x9, 0x6, 0xac, 0x2, 0x54, 0xcfb9], [0x6, 0xdb8, 0x9, 0x4, 0x2, 0x6, 0x5, 0x5, 0x3, 0x5, 0xfffffffd, 0xc8d3, 0x33, 0x9a45, 0x0, 0xee40000, 0x1, 0x1, 0x43, 0x69d, 0x8, 0xffff, 0x0, 0x0, 0x8, 0x2, 0x4, 0x800, 0x7, 0x9, 0x0, 0x0, 0x1, 0xfffffffe, 0x7, 0x0, 0x9, 0x8c0, 0x9, 0x8000002, 0x9, 0x7, 0x6, 0x5, 0x81, 0xf7b4, 0xffffff20, 0x55f2, 0xdf46, 0xfffffffd, 0x7f, 0x9, 0x7ffc, 0x40, 0x3, 0x2, 0xa, 0x6, 0x2, 0xffffff00, 0xda15, 0x7f, 0x3, 0x10], [0x0, 0x896, 0x8, 0x246d, 0x6, 0xfe, 0xfffff410, 0xd, 0x7ff, 0x606, 0x4, 0x800009, 0x80000001, 0x9, 0x8000000b, 0x2, 0x7, 0x1, 0x80000000, 0x2, 0x7ff, 0x3ff, 0x0, 0x2, 0x9, 0x100, 0x2, 0xec9b, 0x61c8, 0x6, 0x0, 0x101, 0xff, 0x7, 0x9, 0x5, 0x7, 0x101, 0x9, 0x3000000, 0xe, 0x4000006, 0x7, 0x1, 0x9, 0x1, 0x4, 0x100009, 0x100, 0x3, 0x3c, 0x1000, 0x1000, 0xfffffffe, 0x15, 0x8002, 0x7, 0x81, 0x5, 0x7, 0xfffffffc, 0x7, 0x6, 0xeff]}, 0x45c)
unshare(0x22020600)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) (fail_nth: 2)

7m25.595079581s ago: executing program 0 (id=5219):
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0xc00, &(0x7f0000000080)=ANY=[@ANYBLOB="2c00006ee10000"])

7m24.921640215s ago: executing program 0 (id=5224):
r0 = socket$nl_route(0x10, 0x3, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xfffffffffffffffe}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0xfffffffffffffff5}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000bc0)={{{@in=@loopback, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0xa, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x2, 0x0, 0x8, 0x8, 0x4}, {0x4}}, {{@in=@dev={0xac, 0x14, 0x14, 0x3f}, 0x80, 0x32}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x8}}, 0xe8)
ioctl$EXT4_IOC_GROUP_ADD(r2, 0x40286608, &(0x7f00000000c0)={0x10, 0x3, 0x9, 0x9, 0xfffffff7, 0xffe6})
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0xc, &(0x7f0000000000)=0x201, 0x4)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000004a00030000000000000000000a", @ANYRES32], 0x1c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x50, 0x10, 0x1, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x2102}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_MASTER={0x8}, @IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0x9, 0x316}}]}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x20042800}, 0x4044800)

7m23.484981439s ago: executing program 0 (id=5230):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x100)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000100)={{0x0, 0x1}, {0xe}, 0xffe, 0x6, 0x3f})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, &(0x7f0000000180)={0x0, 0x3a, 0x3, 0x0, 0x7})

7m22.590043507s ago: executing program 0 (id=5232):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000cc0)={0x1, @pix={0x0, 0x0, 0x20323159, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}})
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f00000004c0)={<r2=>0x0, @in6={{0xa, 0x4e21, 0xfffffffd, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4000000f}}, 0xffffffff, 0x4a5, 0x1c2, 0x0, 0x1}, &(0x7f00000000c0)=0x98)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r3, 0x84, 0x1b, &(0x7f0000000100)={r2, 0x52, "ec81c5e3f6ec7d9609cd39ced4bf3692da897cbc76925e2c64618a7bdd1d0431f5f32ade0d88511225309d93df290e698ba2b279fa9a47ce1769368eeddb25204e4a8a7280b32b0b50a89dbc9633c991904f"}, &(0x7f0000000000)=0x5a)
io_uring_setup(0x5ba9, &(0x7f0000000180)={0x0, 0xfda0, 0x800, 0x0, 0x2de})
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x44, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000002c0)={0x40, 0x13, 0x4, "fb6db8a2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_usb_connect$uac1(0x0, 0xab, &(0x7f0000001480)=ANY=[@ANYBLOB="12011001000000106b1d010140000102030109029900030106000e0904000000010100000a2401000e0643020102112406010105000008000200030005000909240305ff01010306082405030ca587e9092403060703040304090401000001"], 0x0)

7m18.332407803s ago: executing program 0 (id=5240):
fsopen(&(0x7f00000001c0)='bpf\x00', 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x8d0, &(0x7f00000000c0)={0x0, 0xc48a, 0x800, 0x3}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r5 = syz_io_uring_setup(0x238, &(0x7f0000000740)={0x0, 0x198b, 0x10100, 0x0, 0x3aa}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r5, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x47ba, 0x3e80, 0x2, 0x0, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x5)
connect$unix(r1, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e) (fail_nth: 2)

7m2.892540046s ago: executing program 46 (id=5240):
fsopen(&(0x7f00000001c0)='bpf\x00', 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x8d0, &(0x7f00000000c0)={0x0, 0xc48a, 0x800, 0x3}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r5 = syz_io_uring_setup(0x238, &(0x7f0000000740)={0x0, 0x198b, 0x10100, 0x0, 0x3aa}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r5, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x47ba, 0x3e80, 0x2, 0x0, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x5)
connect$unix(r1, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e) (fail_nth: 2)

2m32.487430277s ago: executing program 2 (id=6164):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
socket$kcm(0x10, 0x5, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
setresgid(0xee00, 0xee01, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='adfs\x00', 0x8000, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r6, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r6, 0x84, 0x15, &(0x7f00000000c0), 0x1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e1c, 0x401, @loopback, 0x4}], 0x1c)
sendto$inet6(r6, &(0x7f0000000480)="47df12fe8ad23ef0a84f96af61252103c5178c10a535944971ed9a6af8f9cdde87bed6d976f4eba48d36a1a8d860716d5936a437b6f0d2c8b1e1d507070bf09fb7446baa9d130a1385991bc4f598766e183b4fcc38fd869feb97881952ee888d92b643fd20370e6f470e989a26ea865594b64c39fcc5daeb4056c45ca54d7d71c8a5320bd682f0768336de0387", 0x8d, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
prlimit64(0x0, 0x3, &(0x7f0000000140)={0x928, 0x200000008b}, 0x0)
syz_init_net_socket$llc(0x1a, 0x801, 0x0)
r7 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0)
write$cgroup_int(r7, &(0x7f0000000180)=0x3, 0x12)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="200000003d0007010000000000000000047c00000c000000170b0000000000006b635aba35de8caff3616eb338f825d5621ecef605a8e5165194fa246307ec134d6a5af540e2a7385c02cb28f55afa2f0ac920092d195f88af4ec17dfd2c"], 0x20}}, 0x8004)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

2m30.548622645s ago: executing program 2 (id=6176):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x101040, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141082)
writev(r1, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
r2 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r3 = accept(r2, 0x0, 0x0)
sendmmsg$alg(r3, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0x33a77c20f21f5ff8}], 0x1, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmsg(r3, &(0x7f000000b680)={0x0, 0xfffffe58, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x4}, {&(0x7f000000b500)=""/153, 0xfb7b}], 0x2}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
sched_setscheduler(0x0, 0x1, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000080))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x15, 0x1, 0x2, 0x0, {0xe}}, 0x14}}, 0x0)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000004200010a2fbd0f7000fddbdf2516000000612136602a2b43ee6490cd0025bd8f9d46aa0d60c63023398427f8024c4e86552ebe839952d1586f9e7faa2e615b347794e6203144e65bf1377292111946389a6bee81e23908b5036955ee6128e7e26ff67048824fd39bc7e21e6261ac8de6dad55665a1e447b7b342"], 0x14}}, 0x0)
recvmsg$unix(r5, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x10111)

2m30.472147978s ago: executing program 2 (id=6178):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xd)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close_range(r2, r2, 0x0)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000980)={0x6}, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, 0x52, 0x1, 0x603d04, 0x25dfdbfc, {0xa}, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0xa12}]}, 0x20}}, 0x800)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeed, 0x8031, 0xffffffffffffffff, 0xf6d0d000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
socket$packet(0x11, 0x3, 0x300)
mremap(&(0x7f0000097000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f0000bff000/0x400000)=nil)

2m28.09353641s ago: executing program 2 (id=6185):
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r0 = socket$packet(0x11, 0x1, 0x300)
syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x4, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xfff1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_BETA={0x8, 0x6, 0x7}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
add_key$user(&(0x7f0000000240), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
add_key$user(0x0, &(0x7f0000000440), &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x48, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x38, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x14, 0x5, 0x0, 0x1, @payload={{0xc}, @val={0x4}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xa0}}, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
process_vm_readv(r4, &(0x7f0000008400)=[{0x0}, {0x0}], 0x2, &(0x7f0000008640), 0x0, 0x0)
mlockall(0x5)

2m27.109545473s ago: executing program 2 (id=6188):
mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0xd5)
openat$cgroup_ro(r0, &(0x7f0000000040)='cpu.stat\x00', 0x0, 0x0)

2m26.941570239s ago: executing program 2 (id=6190):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) (async)
r1 = syz_io_uring_setup(0x119f, &(0x7f0000000480)={0x0, 0x0, 0x80, 0x0, 0xf}, &(0x7f0000000340)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0) (async)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={<r5=>0xffffffffffffffff}, 0x2, 0xb}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, &(0x7f0000000000)={0x15, 0x110, 0xfa08, {r5, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x4e20, @empty}, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1c}}}}, 0x118)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) (async)
syz_io_uring_submit(r2, r3, &(0x7f0000000240)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) (async)
io_uring_enter(r1, 0x47ba, 0xc153, 0x0, 0x0, 0x0) (async, rerun: 32)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/custom0\x00', 0x0, 0x0) (rerun: 32)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000100))
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x401, 0x5, 0x0, 0x81, 0x100000, 0x80000001, 0x2004c8, 0x8000000, 0x5, 0x2, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2000002], 0x80a0000, 0x42242})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478e"]) (async)
r10 = openat$kvm(0xffffff9c, &(0x7f0000000440), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
r13 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000540), 0xffffffffffffffff)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r13, @ANYBLOB="000229bd700efedbdf25cdd9dcbfc3566a70ce50560df100f80e0000001c000380050008008000000008000300"], 0x38}, 0x1, 0x0, 0x0, 0x24040054}, 0x4000040) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_REGS(r12, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0xffe, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x8d], 0xeeee8000, 0x281580}) (async)
ioctl$KVM_RUN(r12, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r12, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
r14 = socket$tipc(0x1e, 0x2, 0x0)
getsockopt$SO_COOKIE(r14, 0x1, 0x39, &(0x7f0000000200), &(0x7f00000002c0)=0x8) (async)
ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0285629, &(0x7f0000000080)={0x3, @raw_data="fc42275a1e94bd215e4ff8e9b24a382a3b631b863cbd3396778e01e0ebe9058e46541c490ab5c2654c1f279b72b77fba6cbe0be2648f20bad1aaa98aec8b61ff000000d2bd1e771fdb339bfe62b6d926082c9618de6b7dc207f34ed4b06ad9194782c6d44e5ca63dc731985de3d6b5c9eaaab27d7ba63a0d81f2b7dae67f2b2b7b521c215491e4e65030cf78fd8babaed643e4915413de33dde4b45d551b19ee4c43e2562a7f1530ede9ab7e0059a2d6dc6fbd1bcbf33da8708ff1179b77e1e6a48d8904542e4ae2"})

2m11.839130155s ago: executing program 47 (id=6190):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) (async)
r1 = syz_io_uring_setup(0x119f, &(0x7f0000000480)={0x0, 0x0, 0x80, 0x0, 0xf}, &(0x7f0000000340)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0) (async)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={<r5=>0xffffffffffffffff}, 0x2, 0xb}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, &(0x7f0000000000)={0x15, 0x110, 0xfa08, {r5, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x4e20, @empty}, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1c}}}}, 0x118)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) (async)
syz_io_uring_submit(r2, r3, &(0x7f0000000240)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) (async)
io_uring_enter(r1, 0x47ba, 0xc153, 0x0, 0x0, 0x0) (async, rerun: 32)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/custom0\x00', 0x0, 0x0) (rerun: 32)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000100))
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x401, 0x5, 0x0, 0x81, 0x100000, 0x80000001, 0x2004c8, 0x8000000, 0x5, 0x2, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2000002], 0x80a0000, 0x42242})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478e"]) (async)
r10 = openat$kvm(0xffffff9c, &(0x7f0000000440), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
r13 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000540), 0xffffffffffffffff)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r13, @ANYBLOB="000229bd700efedbdf25cdd9dcbfc3566a70ce50560df100f80e0000001c000380050008008000000008000300"], 0x38}, 0x1, 0x0, 0x0, 0x24040054}, 0x4000040) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_REGS(r12, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0xffe, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x8d], 0xeeee8000, 0x281580}) (async)
ioctl$KVM_RUN(r12, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r12, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
r14 = socket$tipc(0x1e, 0x2, 0x0)
getsockopt$SO_COOKIE(r14, 0x1, 0x39, &(0x7f0000000200), &(0x7f00000002c0)=0x8) (async)
ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0285629, &(0x7f0000000080)={0x3, @raw_data="fc42275a1e94bd215e4ff8e9b24a382a3b631b863cbd3396778e01e0ebe9058e46541c490ab5c2654c1f279b72b77fba6cbe0be2648f20bad1aaa98aec8b61ff000000d2bd1e771fdb339bfe62b6d926082c9618de6b7dc207f34ed4b06ad9194782c6d44e5ca63dc731985de3d6b5c9eaaab27d7ba63a0d81f2b7dae67f2b2b7b521c215491e4e65030cf78fd8babaed643e4915413de33dde4b45d551b19ee4c43e2562a7f1530ede9ab7e0059a2d6dc6fbd1bcbf33da8708ff1179b77e1e6a48d8904542e4ae2"})

11.194262064s ago: executing program 3 (id=6538):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
read$msr(0xffffffffffffffff, &(0x7f0000019540)=""/102400, 0x19000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00])
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x627c0af5e554f614, 0x0, 0x0)
r2 = getpid()
prlimit64(r2, 0x5, &(0x7f0000000000)={0x9, 0xff}, &(0x7f0000000280))
syz_open_dev$vim2m(&(0x7f00000001c0), 0x0, 0x2)
accept4(r0, &(0x7f00000002c0)=@x25, &(0x7f0000000340)=0x80, 0x80000)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={0xffffffffffffffff, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, &(0x7f0000000700)=[0x0, 0x0], &(0x7f0000000400)=[0x0, 0x0], 0x0, 0x95, &(0x7f0000000440)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0x98, 0x8, 0x8, &(0x7f0000000500)}}, 0x10)
r3 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r3, &(0x7f0000001300)=[{{&(0x7f0000000040)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000340)="fd", 0x1}], 0x1}}, {{&(0x7f0000000300)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000540)=[{&(0x7f00000006c0)='\f', 0x1}], 0x1}}], 0x2, 0x4000000)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r5=>0x0}, &(0x7f00000002c0)=0x8)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r5, 0x2}, 0x8)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x28, 0x1a, 0x0, 0x0)

11.018607623s ago: executing program 5 (id=6539):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
read$msr(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00])
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x627c0af5e554f614, 0x0, 0x0)
r2 = getpid()
prlimit64(r2, 0x5, &(0x7f0000000000)={0x9, 0xff}, &(0x7f0000000280))
syz_open_dev$vim2m(&(0x7f00000001c0), 0x0, 0x2)
accept4(r0, &(0x7f00000002c0)=@x25, &(0x7f0000000340)=0x80, 0x80000)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={0xffffffffffffffff, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, &(0x7f0000000700)=[0x0, 0x0], &(0x7f0000000400)=[0x0, 0x0], 0x0, 0x95, &(0x7f0000000440)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0x98, 0x8, 0x8, &(0x7f0000000500)}}, 0x10)
r3 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r3, &(0x7f0000001300)=[{{&(0x7f0000000040)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000340)="fd", 0x1}], 0x1}}, {{&(0x7f0000000300)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000540)=[{&(0x7f00000006c0)='\f', 0x1}], 0x1}}], 0x2, 0x4000000)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r5=>0x0}, &(0x7f00000002c0)=0x8)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r5, 0x2}, 0x8)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x28, 0x1a, 0x0, 0x0)

10.400329804s ago: executing program 3 (id=6542):
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ioctl$RTC_UIE_ON(r0, 0x7003)
ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000240)={0x1, 0x1, {0xa, 0x2e, 0x4, 0x4, 0x7, 0xfe3, 0x0, 0x151, 0xffffffffffffffff}})

10.188800353s ago: executing program 5 (id=6545):
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
fanotify_mark(0xffffffffffffffff, 0x105, 0x40009975, r3, 0x0)
mknod(&(0x7f0000000100)='./file0\x00', 0x8001420, 0x1)
r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x6d6b, 0x480)
ioctl$VIDIOC_QUERYMENU(r4, 0xc008561c, &(0x7f0000000000)={0x980900, 0x81, @value=0x327})
r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x6040, 0x0)
r6 = getpid()
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000001c0)={'gretap0\x00', &(0x7f0000000300)=@ethtool_rxnfc={0x29, 0xa, 0xf, {0xd, @ether_spec={@random="12fde16630e8", @broadcast}, {0x0, @random="349cfca53ac4", 0x6, 0x7fff, [0x3, 0xd5]}, @sctp_ip4_spec={@multicast1, @private=0xa010101, 0x4e24, 0x4e24, 0x4}, {0x0, @random="3fdae9628c6d", 0x8, 0x8000, [0x4, 0x7]}, 0x3, 0x3}, 0x3, [0xa, 0x4, 0x7e]}})
r7 = syz_pidfd_open(r6, 0x0)
ioctl$VIDIOC_QBUF(r7, 0xc058ff0b, &(0x7f0000000200)=@mmap={0x1, 0x1, 0x4, 0x10, 0x200, {}, {0x5, 0x8, 0xe, 0x9f, 0x0, 0x7b, "c16599e2"}, 0xabdb, 0x1, {}, 0xbaa})
r8 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r5, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000006c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="000428bd7000ffdbdf25010000000500020002000000050004000500000004000500050002000200000008000800e000000208000b00", @ANYRES32=0x0, @ANYBLOB="0500f73e120b5d24f3c1a8"], 0x48}, 0x1, 0x0, 0x0, 0x4000854}, 0x1)
r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)

10.188215337s ago: executing program 3 (id=6546):
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
landlock_restrict_self(0xffffffffffffffff, 0x0)
r3 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x9a)
r4 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff)
keyctl$get_persistent(0x16, 0x0, r4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4)
shutdown(0xffffffffffffffff, 0x1)
write(0xffffffffffffffff, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)

8.774765369s ago: executing program 1 (id=6549):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRES32], &(0x7f0000000040)='syzkaller\x00', 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = gettid()
timer_create(0x6, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000000140)=<r1=>0x0)
timer_settime(r1, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='io.stat\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = getpid()
rt_tgsigqueueinfo(r4, r4, 0x27, &(0x7f0000000580)={0x33, 0x2})
read(r3, &(0x7f0000000040)=""/148, 0xffffff96)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1f, 0x6, &(0x7f0000000cc0)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x7, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x4e, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r8, &(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="050000000005000000150000b900000000000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r9}, 0x18)
syz_open_procfs$namespace(r5, &(0x7f00000002c0)='ns/ipc\x00')
openat$urandom(0xffffffffffffff9c, 0x0, 0x42, 0x0)

8.461789895s ago: executing program 3 (id=6550):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x8884)
r4 = getpid()
r5 = syz_pidfd_open(r4, 0x0)
setns(r5, 0x8020000)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x0, 0x100000}, 0x20)
syz_clone3(&(0x7f00000008c0)={0x14860000, 0x0, 0x0, 0x0, {0x28}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x10000, 0x100000, 0x8, 0x1, 0x0, 0x0, 0x0, 0x20}, {0x0, 0x2000, 0xf, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5}, {0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3, 0x0, 0x4}, {0x10000, 0xffff1000, 0xf, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0xffff1000, 0xf, 0x2, 0xfe, 0x10, 0x6, 0x0, 0x1, 0x0, 0x4}, {0x0, 0x8000000, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x5}, {0xe000, 0x5000, 0xa, 0x0, 0x80, 0xf9, 0x0, 0x7, 0x3a, 0x2}, {0x0, 0x3000, 0x0, 0x2, 0x0, 0x54, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x5}, {0x2000, 0x400}, {}, 0xddf8ffdb, 0x0, 0x80af000, 0x100, 0x8, 0x8000, 0x2000, [0xdd41, 0x0, 0x2]})
ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f0000001280)={0x0, 0xdddd0000, 0x2, 0x5, 0x50})
socket$kcm(0x29, 0x57a0678123012ac7, 0x0)

7.875227696s ago: executing program 6 (id=6551):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x4000000044402, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0)
io_setup(0x5, &(0x7f00000000c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f0000000140)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x6417, r0, &(0x7f0000000000)="ab", 0x1, 0xb0a}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x5, 0x3eb, r0, 0x0}])

6.912978924s ago: executing program 1 (id=6552):
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0)
ioctl$SOUND_MIXER_READ_STEREODEVS(r0, 0x80044dfb, &(0x7f0000000100))

6.903608478s ago: executing program 6 (id=6553):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r2=>0x0})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
r5 = socket$inet6(0xa, 0x3, 0x2)
connect$inet6(r5, &(0x7f0000000200)={0xa, 0x4e24, 0x0, @empty}, 0x1c)
sendmmsg(r5, &(0x7f00000092c0), 0x4ff, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r6, 0x29, 0x3b, 0x0, 0xb0)
setsockopt$inet6_int(r5, 0x29, 0x49, &(0x7f0000000000)=0x80, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000029008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e00280010000700028000001294", 0x2e}], 0x1}, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x1c0, 0x3c0, &(0x7f0000000180)=[0x6bd1a312, 0xec66, 0xff, 0x8, 0x98bd, 0x800000000000009, 0xfffffffffffffffe, 0x4, 0x10000, 0x100, 0x1004, 0x0, 0x8, 0x5, 0x5, 0x9, 0x9, 0x5, 0x2, 0x9, 0x7, 0x7, 0xc1, 0x3, 0x2, 0x2, 0x6, 0x9, 0x96, 0xf0, 0xffffffff00000000, 0x4, 0x4, 0x7, 0x23b, 0x3, 0x2, 0x888f, 0xffffffff, 0x8, 0x6, 0x6, 0x3, 0x4, 0x20000000006, 0x8, 0x9, 0x400, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x2, 0xe, 0x6, 0x4, 0xea, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x5, 0x1, 0x47bc, 0xd, 0x6, 0xbbdc, 0x80000000, 0xfffffffffffffc00, 0x2, 0xb, 0x2, 0xcdc, 0x7, 0x2, 0x3, 0x2, 0x5, 0x2, 0x6, 0x0, 0x3403, 0xab6, 0x0, 0x4, 0x0, 0xffffffffffffff81, 0x9, 0xff, 0x6, 0x28000000, 0x5, 0x61d, 0x3, 0x7, 0xf6, 0x4, 0x6, 0x200, 0x7, 0xe53e, 0x2b, 0x8, 0x2293332f, 0x4, 0x5, 0x0, 0xd, 0x2, 0x80000001, 0x981, 0x2, 0x7, 0xdfd4, 0xfffd, 0x10, 0x5, 0x8, 0x1, 0x9, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb692, 0xcc, 0x8, 0x3]})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2080, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000380)={[0xf, 0x6, 0x0, 0x0, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x7, 0x0, 0x8], 0x91000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)={0x50, r1, 0x101, 0x0, 0x80000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @chandef_params, @NL80211_ATTR_SSID={0x1d, 0x34, @random="0eac2aa25e4002c863003074fe7d401a04b4953845fa6159ae"}]}, 0x50}, 0x1, 0x0, 0x0, 0x884}, 0x4804)

6.745046782s ago: executing program 3 (id=6554):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000180)=ANY=[@ANYBLOB="01000000000000008e02"])

6.669975294s ago: executing program 1 (id=6555):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x5, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r0 = fsopen(&(0x7f0000000240)='debugfs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
syz_clone(0xa0122580, 0x0, 0x0, 0x0, 0x0, 0x0)

6.285603503s ago: executing program 6 (id=6556):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, <r2=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000080)={0x28, 0x4, r1, 0x0, &(0x7f0000e1d000/0x4000)=nil, 0x4000, 0xfffffffffffff000})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r2, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x3d3b4e})
r3 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(r3, 0xc0205647, &(0x7f00000001c0)={0xf0200e7, 0x1, 0x7, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x980913, 0x0, '\x00', @p_u8=0x0}})

6.129480087s ago: executing program 3 (id=6557):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x101040, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141082)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r3 = accept(r2, 0x0, 0x0)
sendmmsg$alg(r3, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e12edf", 0x14}], 0x1, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmsg(r3, &(0x7f000000b680)={0x0, 0xfffffe58, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x4}, {&(0x7f000000b500)=""/153, 0xfb7b}], 0x2}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
sched_setscheduler(0x0, 0x1, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000080))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x15, 0x1, 0x2, 0x0, {0xe}}, 0x14}}, 0x0)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000004200010a2fbd0f7000fddbdf2516000000612136602a2b43ee6490cd0025bd8f9d46aa0d60c63023398427f8024c4e86552ebe839952d1586f9e7faa2e615b347794e6203144e65bf1377292111946389a6bee81e23908b5036955ee6128e7e26ff67048824fd39bc7e21e6261ac8de6dad55665a1e447b7b342"], 0x14}}, 0x0)
recvmsg$unix(r5, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x10111)

5.473312528s ago: executing program 5 (id=6559):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200), 0x60281, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000c, 0x3032, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000240)={0x0, 0x20, "d656c9a61490b7e8773ca55437fa234c0170c8cbe5ebdd2be9"}, &(0x7f0000000180)=0xfc86)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x15)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0xfffffffffffffffe}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7fffffff, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r3, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)

5.21755188s ago: executing program 1 (id=6560):
unshare(0x2a020400)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$xdp(0x2c, 0x3, 0x0)
unshare(0x8000000)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/5, 0x1c000, 0x800}, 0x20)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r2=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f00000000c0)=0x40, 0x4)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000280)=0x20, 0x4)
bind$xdp(r1, &(0x7f00000001c0)={0x2c, 0x0, r2}, 0x2a)

4.80082009s ago: executing program 5 (id=6563):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x40, 0x1, 0x539e09df839dfe96, "d3fa5b89042b7205fe7bafe9e6415dbf6b34944d164ce8cd4e0d4c7b546787a7", 0x47314356})

4.717451699s ago: executing program 1 (id=6564):
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x88c4}, 0x8000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8080}, 0x20040001)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4.717265307s ago: executing program 9 (id=6565):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x10000, 0x100000, 0x8, 0x1, 0x0, 0x0, 0x0, 0x20}, {0x0, 0x2000, 0xf, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5}, {0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3, 0x0, 0x4}, {0x10000, 0xffff1000, 0xf, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0xffff1000, 0xf, 0x2, 0xfe, 0x10, 0x6, 0x0, 0x1, 0x0, 0x4}, {0x0, 0x8000000, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x5}, {0xe000, 0x5000, 0xa, 0x0, 0x80, 0xf9, 0x0, 0x7, 0x3a, 0x2}, {0x0, 0x3000, 0x0, 0x2, 0x0, 0x54, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x5}, {0x2000, 0x400}, {}, 0xddf8ffdb, 0x0, 0x80af000, 0x100, 0x8, 0x8000, 0x2000, [0xdd41, 0x0, 0x2]})
ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f0000001280)={0x0, 0xdddd0000, 0x2, 0x5, 0x50})

4.341052093s ago: executing program 9 (id=6566):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
writev(r0, &(0x7f0000000080)=[{&(0x7f00000003c0)="bf27e25458", 0x5}], 0x1)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x3, &(0x7f0000000000)=@raw=[@map_idx={0x18, 0xb, 0x5, 0x0, 0xb}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}], &(0x7f00000000c0)='GPL\x00', 0x7, 0x92, &(0x7f0000000100)=""/146, 0x41000, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000200)={0x5, 0x8, 0x0, 0x3}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000240)=[{0x3, 0x1, 0x7, 0x7}], 0x10, 0xf4d2, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000700)={r1, 0x0, 0xf1, 0xc6, &(0x7f0000000400)="857a665cc48a7aff0c701b0f70ca583dfd8d65443b5245ce4ee3a9b70ed668d8929311b6a4cfe23f86b132dfba17b0fab13b42ef9c3a73ae2cb989202589cb55c46f94f5f4daf26994590000cc994fafac49d8544432f5bdb5ab13f3a8dce874318d37e52e895d79ce38978c468a3677f516d139649107db1034e8900e23e95addb5267a050720e0b9610ad8b715bf12653437f3ab584eb06c535e4761d7512cfa212dc2d471261e9bc240fa79a326cafe2bdfd1d42cdd4bb60511fc3d42d9c8fdfbfb0abb205a559242ce2b1d533d1eca623ca18c63a64d887d913183a4401508f2e7a0137a4f5b8d54a23968b8aaf15d", &(0x7f0000000500)=""/198, 0x0, 0x0, 0x2f, 0xc7, &(0x7f0000000340)="6eee4fc2effc2fb127b42b84b9d42c935ffd32575168ceadd59e418324ded8d3c7d901098efddcf98f63929d33eef2", &(0x7f0000000600)="8631dedaa22fd2665eb24fb59c09e913d2e9bd5205df128d143064a70f438feb0cb0a24d9f5fecb65555286d07fc1319debbd1b149057ab30da6818a1f504daac597c6ac332ee907148cc1efd9704b95c5fcab72b650d945c49ac0585e8996368f250f9534826f17eb1969c263dc45ab04cdd4c0fb141f08b392f9ab36dbcd8843e63acd586ddb9c3995da39860d2284ab442f6834bf526c8aea3b18a0ca188d030637c27ec76754f62525bc0cad4c212826cf92fcaa0fb87f3febc1baf1ebe94cef91d3b227c3", 0x2, 0x0, 0x6}, 0x50)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0x4000, &(0x7f0000000780)='\x00\xff\xff\x00\x02@qGP\xc5\x94\xa6\x8fB\xc3\x93\xe5\xc1a\x05!\x9a\x8b\xeb\xcew\xd8\x1e\xda\xc1\x9f\xe9\xc4c\xdd\xf6^\xcb\xec\x9b\x82\xcf\x14\xde\xa5\xef\x162bP\x95/\xefMs\xe0%}\xe4\xf1=\x05\xf6l\xb7\xc1\xe9c\xc3\x7f\tg\xf56\xeasl\xbd\x02\xc1\x8a\xa9\x83\xaf\xfa\x95W+N$\x06R\x92\xe5Z\x97\xfb\xb6e}fW\x8bm\x04\'{\xaf\xe2zd\x91+-\xb1\xd8\ftK|\xb8\xd2\xb6\x7f\xf4\x84\v\x1e\x00R\xfc\xbcg\x81\xbb\xc4\xcd\xe9\xe5.\x9b\x7f\xeb\x04\xe6,N\x00\x9a\x9d\xf8\xd1\x8aR4;\x7f\x8a\x86\xb7\xd7o\x90\xfd\xa9dJ\xd5.\x18F2\x00\x00\x00\xf2y\x99\xfd\xca\xff*\xd3;\x84F\x8f !N\x1c\xfaI\xa5\x85:\xc1\x9ed\x13\xaf\xd0/\x00\x9b\x0e\xb6\xca\xa5X\xb9]<\n\x04\x00\x00\x00\x00\x00\x00\x00\xc2\xf6\x1bw\n6^\xfa\xea\r\xf1\xc1\xd0\xd821\x9e\v4Q\xc6{\xa0\xf7\xcd\x82 6zL\xeeqG\t~\xafQ(\xc3\xd8\x05\xcb\xbfB\xb0\xe1b\x0f\xa8f\xe6\xb1\xe8\x9aB\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xcd\xefx\x0f\xf5\x85M\x14\xbb\xab1)\x8e%\xb7\x89\x17/')
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000d4c000/0x2000)=nil, 0x2000, &(0x7f0000000040)='%pK    \x00')
mremap(&(0x7f0000d4d000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil)

4.238757102s ago: executing program 9 (id=6567):
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
dup(0xffffffffffffffff)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000001280)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="180000002d0001002cbd70000000000008000000", @ANYRES32=0x0, @ANYBLOB="417a79e2bae9b2472311a1660e179ff705ac9e7e02df5afc616fb64174ca5408d34d846844eb3951dee67610363f12581bd28819d2cf2cb86afb9cb00a7d85a3fac237c29b1b768e65cfe95f4a6d6d1be33dacdf5052"], 0x18}], 0x1, 0x0, 0x0, 0x4000854}, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_PARM(r5, 0xc0cc5615, &(0x7f0000000040)={0x8, @output={0x0, 0x1, {0xffffffff}, 0x3, 0xd}})
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)=ANY=[])
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r6 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000380)=ANY=[@ANYBLOB="380000000314010073797a30000000004800410072786500140033006c6f0000000000000000000000000000ed16d24ebac6133e724f3a3d731ed8abbe793740c86dae36ec81d3885ae9c0f285cdbc721b25c1aad316e6213bf21319c2ffa7e456ef229c8bd5b3cd8561c7636004f167a5031919ac3786ed8336e07ec72b7a4c51e764aa163c818de1a01cb68046129fc6c5b5902dd8"], 0x38}, 0x1, 0x0, 0x0, 0x55}, 0x0)
syz_io_uring_setup(0xbde, &(0x7f0000000540)={0x0, 0xec25, 0x1, 0x41, 0x40000337}, &(0x7f0000000dc0)=<r7=>0x0, &(0x7f0000000a40)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})

4.146375193s ago: executing program 1 (id=6568):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
dup(r0)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000400)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010025bd7000ffdbdf253b00000008000300", @ANYRES32=r2, @ANYBLOB="24003300d0980700ffffffffffff080211000001505050505050020004000ec108"], 0x40}, 0x1, 0x0, 0x0, 0x4}, 0x44050)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x42280, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$xdp(0x2c, 0x3, 0x0)
pselect6(0x0, 0x0, 0x0, &(0x7f0000000280)={0xff, 0xffff, 0x753, 0x22, 0x0, 0x1, 0x5, 0x7}, 0x0, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r4, 0xffffffffffffffff, 0x0)
timer_create(0x5, &(0x7f0000000180)={0x0, 0x40011, 0x5}, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
r5 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$RTC_WKALM_SET(r5, 0x4028700f, &(0x7f0000000140)={0x2, 0x0, {0x0, 0x0, 0x0, 0x18, 0x0, 0x60}})
r6 = openat$fb0(0xffffff9c, &(0x7f0000000040), 0x20080, 0x0)
ioctl$FBIOPUTCMAP(r6, 0x4605, &(0x7f00000001c0)={0x8, 0x1, &(0x7f0000000080)=[0x6], &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)})

3.757358047s ago: executing program 9 (id=6569):
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
fanotify_mark(0xffffffffffffffff, 0x105, 0x40009975, r3, 0x0)
mknod(&(0x7f0000000100)='./file0\x00', 0x8001420, 0x1)
r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x6d6b, 0x480)
ioctl$VIDIOC_QUERYMENU(r4, 0xc008561c, &(0x7f0000000000)={0x980900, 0x81, @value=0x327})
r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x6040, 0x0)
r6 = getpid()
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000001c0)={'gretap0\x00', &(0x7f0000000300)=@ethtool_rxnfc={0x29, 0xa, 0xf, {0xd, @ether_spec={@random="12fde16630e8", @broadcast}, {0x0, @random="349cfca53ac4", 0x6, 0x7fff, [0x3, 0xd5]}, @sctp_ip4_spec={@multicast1, @private=0xa010101, 0x4e24, 0x4e24, 0x4}, {0x0, @random="3fdae9628c6d", 0x8, 0x8000, [0x4, 0x7]}, 0x3, 0x3}, 0x3, [0xa, 0x4, 0x7e]}})
r7 = syz_pidfd_open(r6, 0x0)
ioctl$VIDIOC_QBUF(r7, 0xc058ff0b, &(0x7f0000000200)=@mmap={0x1, 0x1, 0x4, 0x10, 0x200, {}, {0x5, 0x8, 0xe, 0x9f, 0x0, 0x7b, "c16599e2"}, 0xabdb, 0x1, {}, 0xbaa})
r8 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r5, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000006c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="000428bd7000ffdbdf25010000000500020002000000050004000500000004000500050002000200000008000800e000000208000b00", @ANYRES32=0x0, @ANYBLOB="0500f73e120b5d24f3c1a8"], 0x48}, 0x1, 0x0, 0x0, 0x4000854}, 0x1)
r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)

3.756959176s ago: executing program 6 (id=6570):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000c40)={'vxcan0\x00'})
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0xfffffffc, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0185648, &(0x7f0000000100)={0xa00000, 0x1, 0x49, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f90b, 0x9e69, '\x00', @ptr=0x6}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
syz_open_dev$hidraw(0x0, 0x6, 0x40000)
syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904"], 0x0)
close(0x3)
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x20, 0x45e, 0x48, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x10, 0x0, 0xf8, [{{0x9, 0x4, 0x0, 0x1, 0x1, 0x3, 0x1, 0x1, 0x2, {0x9, 0x21, 0x5, 0xff, 0x1, {0x22, 0x661}}, {{{0x9, 0x5, 0x81, 0x3, 0x3df, 0x75, 0x8, 0x7}}}}}]}}]}}, 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r5 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
tkill(r5, 0xb)
open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0xfffffc8f)

3.67319316s ago: executing program 5 (id=6571):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="d80000001e0081054e81f782060000000000000006007c095dd2466518000e800a00142603600e1208000f0000000406a80016c00800094014000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791433a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad909d5e1cace81ed0bffece0b42a9eca0200e6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x0)

2.37149867s ago: executing program 5 (id=6572):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth0_to_bridge\x00', <r1=>0x0})
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000300)=0x2000004)
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r3, 0x0)
readv(r3, &(0x7f00000002c0)=[{&(0x7f0000000100)=""/246, 0xf6}], 0x1)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000400)=0xfffffffd)
ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000100)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, r1})
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r4}, 0x8)
accept$alg(r5, 0x0, 0x0)
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000140)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1, @private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0022})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$kcm(0xa, 0x1, 0x0)
r8 = socket$kcm(0xa, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="000000ffffffffffffe7ffffffff050000000000", @ANYRES32=0x1], 0x48)
ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x8916, &(0x7f0000000000)={r8})
r9 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r9, 0x8916, &(0x7f0000000000)={r9})
ioctl$sock_kcm_SIOCKCMCLONE(r7, 0x8936, &(0x7f0000000000)={r8})
sendmsg$NFT_BATCH(r6, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'ip6gre0\x00', <r10=>0x0})
r11 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCADDRT(r11, 0x890b, &(0x7f0000000540)={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, r10})
r12 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$KVM_SET_CLOCK(r4, 0x4030ae7b, &(0x7f00000001c0)={0x1, 0x6, 0xa61, 0x284, 0x200})
sendmsg$nl_route(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)

1.31349288s ago: executing program 9 (id=6573):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200), 0x60281, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000c, 0x3032, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000240)={0x0, 0x20, "d656c9a61490b7e8773ca55437fa234c0170c8cbe5ebdd2be9"}, &(0x7f0000000180)=0xfc86)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x15)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0xfffffffffffffffe}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7fffffff, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r3, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)

704.218514ms ago: executing program 9 (id=6574):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="d4000000020103000000000000000000020000050800170000000000b80001802c00018014000300fe80000000000000000000000000002514000400fe88000000000000000000000000000106000340000300002c00018014000300fe80000000000000000000000000002414000400fe8000000000000000000000000000122c00018014000300fe8000000000000000000000000000bb14000400c800000000000000000000000000003b1400018008000100ffffffff080002000000000006000340000400000c000280"], 0xd4}, 0x1, 0x0, 0x0, 0x24000880}, 0x40000)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
fsopen(0x0, 0x0)
gettid()
clock_nanosleep(0xb, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
getresuid(&(0x7f0000005780), &(0x7f0000000040), &(0x7f0000005700))

619.374589ms ago: executing program 6 (id=6575):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)

0s ago: executing program 6 (id=6576):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x10000, 0x100000, 0x8, 0x1, 0x0, 0x0, 0x0, 0x20}, {0x0, 0x2000, 0xf, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5}, {0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3, 0x0, 0x4}, {0x10000, 0xffff1000, 0xf, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0xffff1000, 0xf, 0x2, 0xfe, 0x10, 0x6, 0x0, 0x1, 0x0, 0x4}, {0x0, 0x8000000, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x5}, {0xe000, 0x5000, 0xa, 0x0, 0x80, 0xf9, 0x0, 0x7, 0x3a, 0x2}, {0x0, 0x3000, 0x0, 0x2, 0x0, 0x54, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x5}, {0x2000, 0x400}, {}, 0xddf8ffdb, 0x0, 0x80af000, 0x100, 0x8, 0x8000, 0x2000, [0xdd41, 0x0, 0x2]})
ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f0000001280)={0x0, 0xdddd0000, 0x2, 0x5, 0x50})

kernel console output (not intermixed with test programs):

318/0xff0
[ 2079.194364][T27626]  ? kasan_save_track+0x3e/0x80
[ 2079.194384][T27626]  ? __pfx___mutex_lock+0x10/0x10
[ 2079.194406][T27626]  ? __se_sys_io_uring_enter+0x2df/0x2b20
[ 2079.194439][T27626]  vb2_core_poll+0x4c1/0x840
[ 2079.194462][T27626]  vb2_fop_poll+0x168/0x380
[ 2079.194491][T27626]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 2079.194515][T27626]  v4l2_poll+0x144/0x2c0
[ 2079.194543][T27626]  __io_read+0x4b1/0x14f0
[ 2079.194566][T27626]  ? __lock_acquire+0xab9/0xd20
[ 2079.194604][T27626]  ? __pfx___io_read+0x10/0x10
[ 2079.194636][T27626]  io_read+0x1c/0x60
[ 2079.194654][T27626]  __io_issue_sqe+0x17e/0x4b0
[ 2079.194673][T27626]  ? io_file_get_normal+0x101/0x2f0
[ 2079.194694][T27626]  io_issue_sqe+0x165/0xfd0
[ 2079.194722][T27626]  io_submit_sqes+0xa38/0x1c50
[ 2079.194773][T27626]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 2079.194796][T27626]  ? __pfx_futex_wait+0x10/0x10
[ 2079.194837][T27626]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 2079.194854][T27626]  ? do_futex+0x333/0x420
[ 2079.194870][T27626]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2079.194897][T27626]  ? __pfx_do_futex+0x10/0x10
[ 2079.194914][T27626]  ? kmem_cache_free+0x18f/0x400
[ 2079.194942][T27626]  ? __se_sys_futex+0x36f/0x400
[ 2079.194971][T27626]  ? rcu_is_watching+0x15/0xb0
[ 2079.195001][T27626]  ? __x64_sys_io_uring_enter+0x21/0xf0
[ 2079.195023][T27626]  do_syscall_64+0xfa/0x3b0
[ 2079.195045][T27626]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2079.195067][T27626]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2079.195083][T27626]  ? clear_bhb_loop+0x60/0xb0
[ 2079.195105][T27626]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2079.195121][T27626] RIP: 0033:0x7f8d32d8e929
[ 2079.195138][T27626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2079.195153][T27626] RSP: 002b:00007f8d33bf0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2079.195172][T27626] RAX: ffffffffffffffda RBX: 00007f8d32fb6160 RCX: 00007f8d32d8e929
[ 2079.195185][T27626] RDX: 000000000000c153 RSI: 00000000000047ba RDI: 0000000000000004
[ 2079.195195][T27626] RBP: 00007f8d32e10b39 R08: 0000000000000000 R09: 0000000000000000
[ 2079.195207][T27626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2079.195217][T27626] R13: 0000000000000000 R14: 00007f8d32fb6160 R15: 00007ffc903fcb28
[ 2079.195248][T27626]  </TASK>
[ 2079.674070][   T30] audit: type=1326 audit(1750655728.258:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28144 comm="syz.1.6338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59d5f8e929 code=0x7ffc0000
[ 2079.697603][   T30] audit: type=1326 audit(1750655728.258:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28144 comm="syz.1.6338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59d5f8e929 code=0x7ffc0000
[ 2079.713233][T27626] Mem-Info:
[ 2079.753060][T27626] active_anon:272 inactive_anon:6673 isolated_anon:0
[ 2079.753060][T27626]  active_file:16736 inactive_file:39314 isolated_file:0
[ 2079.753060][T27626]  unevictable:768 dirty:256 writeback:0
[ 2079.753060][T27626]  slab_reclaimable:11542 slab_unreclaimable:112427
[ 2079.753060][T27626]  mapped:38624 shmem:4267 pagetables:1107
[ 2079.753060][T27626]  sec_pagetables:0 bounce:0
[ 2079.753060][T27626]  kernel_misc_reclaimable:0
[ 2079.753060][T27626]  free:1282484 free_pcp:11702 free_cma:0
[ 2080.321454][T27626] Node 0 active_anon:1088kB inactive_anon:38304kB active_file:66648kB inactive_file:157256kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:165828kB dirty:956kB writeback:0kB shmem:26848kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12564kB pagetables:4244kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2080.519747][T27626] Node 1 active_anon:0kB inactive_anon:0kB active_file:292kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:52kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2080.732392][T27626] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2080.809489][T27626] lowmem_reserve[]: 0 2501 2503 2503 2503
[ 2080.818944][T27626] Node 0 DMA32 free:1179832kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:3184kB inactive_anon:26584kB active_file:64880kB inactive_file:157196kB unevictable:1536kB writepending:1028kB present:3129332kB managed:2561488kB mlocked:0kB bounce:0kB free_pcp:60836kB local_pcp:27644kB free_cma:0kB
[ 2081.221500][   T30] audit: type=1326 audit(1750655729.558:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28152 comm="syz.6.6341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed0f8e929 code=0x7ffc0000
[ 2081.326066][T27626] lowmem_reserve[]: 0 0 1 1 1
[ 2081.330834][T27626] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1768kB inactive_file:60kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[ 2081.359902][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2081.388468][   T30] audit: type=1326 audit(1750655729.568:1009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28152 comm="syz.6.6341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7f1ed0f8e929 code=0x7ffc0000
[ 2081.419348][T28161] random: crng reseeded on system resumption
[ 2081.630935][T28168] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6346'.
[ 2081.632129][   T30] audit: type=1326 audit(1750655729.628:1010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28152 comm="syz.6.6341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ed0f8e929 code=0x7ffc0000
[ 2081.662347][T27626] lowmem_reserve[]: 0 0 0 0 0
[ 2081.667211][T27626] Node 1 Normal free:3918136kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:292kB inactive_file:0kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:252kB local_pcp:180kB free_cma:0kB
[ 2081.754020][T28170] netlink: 100 bytes leftover after parsing attributes in process `syz.5.6345'.
[ 2081.933361][T27626] lowmem_reserve[]: 0 0 0 0 0
[ 2081.938251][T27626] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2081.992684][T27626] Node 0 DMA32: 291*4kB (UME) 91*8kB (UE) 15*16kB (UME) 227*32kB (UME) 107*64kB (ME) 40*128kB (ME) 19*256kB (UME) 13*512kB (UM) 66*1024kB (UME) 11*2048kB (UME) 256*4096kB (UME) = 1171572kB
[ 2082.653137][T27626] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[ 2082.673056][T27626] Node 1 Normal: 169*4kB (UME) 42*8kB (UME) 48*16kB (UME) 224*32kB (UME) 101*64kB (UME) 25*128kB (UE) 9*256kB (UME) 8*512kB (UME) 4*1024kB (ME) 1*2048kB (U) 949*4096kB (UM) = 3918260kB
[ 2083.650040][T27626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2083.824926][T27626] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 2083.884704][T27626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2083.924861][T27626] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 2084.461131][T27626] 62830 total pagecache pages
[ 2084.475343][T27626] 0 pages in swap cache
[ 2084.479543][T27626] Free swap  = 124996kB
[ 2084.483837][T27626] Total swap = 124996kB
[ 2084.487994][T27626] 2097051 pages RAM
[ 2084.491800][T27626] 0 pages HighMem/MovableOnly
[ 2084.537280][T27626] 424572 pages reserved
[ 2084.545977][T27626] 0 pages cma reserved
[ 2084.844332][T28186] netlink: 'syz.1.6350': attribute type 10 has an invalid length.
[ 2084.885682][T28186] syz_tun: entered promiscuous mode
[ 2084.954401][T28186] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[ 2085.016654][T28194] netlink: 6772 bytes leftover after parsing attributes in process `syz.5.6352'.
[ 2085.052954][T28194] netlink: 88 bytes leftover after parsing attributes in process `syz.5.6352'.
[ 2085.065584][T28192] FAULT_INJECTION: forcing a failure.
[ 2085.065584][T28192] name failslab, interval 1, probability 0, space 0, times 0
[ 2085.100230][T28192] CPU: 1 UID: 0 PID: 28192 Comm: syz.3.6351 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[ 2085.100257][T28192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2085.100268][T28192] Call Trace:
[ 2085.100276][T28192]  <TASK>
[ 2085.100284][T28192]  dump_stack_lvl+0x189/0x250
[ 2085.100312][T28192]  ? __pfx____ratelimit+0x10/0x10
[ 2085.100336][T28192]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2085.100358][T28192]  ? __pfx__printk+0x10/0x10
[ 2085.100379][T28192]  ? __pfx___might_resched+0x10/0x10
[ 2085.100402][T28192]  ? fs_reclaim_acquire+0x7d/0x100
[ 2085.100429][T28192]  should_fail_ex+0x414/0x560
[ 2085.100455][T28192]  should_failslab+0xa8/0x100
[ 2085.100477][T28192]  __kmalloc_noprof+0xcb/0x4f0
[ 2085.100497][T28192]  ? tomoyo_encode+0x28b/0x550
[ 2085.100531][T28192]  tomoyo_encode+0x28b/0x550
[ 2085.100559][T28192]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 2085.100584][T28192]  ? tomoyo_domain+0xda/0x130
[ 2085.100612][T28192]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 2085.100633][T28192]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 2085.100655][T28192]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2085.100692][T28192]  ? __lock_acquire+0xab9/0xd20
[ 2085.100734][T28192]  ? __fget_files+0x2a/0x420
[ 2085.100758][T28192]  ? __fget_files+0x2a/0x420
[ 2085.100776][T28192]  ? __fget_files+0x3a0/0x420
[ 2085.100796][T28192]  ? __fget_files+0x2a/0x420
[ 2085.100820][T28192]  security_file_ioctl+0xcb/0x2d0
[ 2085.100843][T28192]  __se_sys_ioctl+0x47/0x170
[ 2085.100865][T28192]  do_syscall_64+0xfa/0x3b0
[ 2085.100887][T28192]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2085.100910][T28192]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2085.100927][T28192]  ? clear_bhb_loop+0x60/0xb0
[ 2085.100948][T28192]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2085.100964][T28192] RIP: 0033:0x7fd03598e929
[ 2085.100980][T28192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2085.100995][T28192] RSP: 002b:00007fd03685e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2085.101014][T28192] RAX: ffffffffffffffda RBX: 00007fd035bb5fa0 RCX: 00007fd03598e929
[ 2085.101027][T28192] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 2085.101038][T28192] RBP: 00007fd03685e090 R08: 0000000000000000 R09: 0000000000000000
[ 2085.101049][T28192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2085.101059][T28192] R13: 0000000000000000 R14: 00007fd035bb5fa0 R15: 00007ffdd3b58618
[ 2085.101088][T28192]  </TASK>
[ 2085.101114][T28192] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2085.180169][T28199] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6353'.
[ 2085.275402][T28198] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6353'.
[ 2085.870430][T28202] xt_hashlimit: size too large, truncated to 1048576
[ 2086.080056][T28203] netlink: 'syz.9.6354': attribute type 33 has an invalid length.
[ 2086.113486][T28203] netlink: 152 bytes leftover after parsing attributes in process `syz.9.6354'.
[ 2087.151411][T28219] random: crng reseeded on system resumption
[ 2089.231767][T27626] warn_alloc: 1 callbacks suppressed
[ 2089.231786][T27626] syz.2.6190: vmalloc error: size 188743680, failed to allocated page array size 368640, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 2089.255413][T27626] CPU: 1 UID: 0 PID: 27626 Comm: syz.2.6190 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[ 2089.255437][T27626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2089.255454][T27626] Call Trace:
[ 2089.255462][T27626]  <TASK>
[ 2089.255470][T27626]  dump_stack_lvl+0x189/0x250
[ 2089.255501][T27626]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2089.255525][T27626]  ? __pfx__printk+0x10/0x10
[ 2089.255542][T27626]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 2089.255569][T27626]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 2089.255595][T27626]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 2089.255623][T27626]  warn_alloc+0x214/0x310
[ 2089.255652][T27626]  ? __pfx_warn_alloc+0x10/0x10
[ 2089.255684][T27626]  ? __get_vm_area_node+0x28f/0x300
[ 2089.255705][T27626]  ? vb2_vmalloc_alloc+0xef/0x340
[ 2089.255727][T27626]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 2089.255778][T27626]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 2089.255806][T27626]  ? __kasan_kmalloc+0x93/0xb0
[ 2089.255830][T27626]  vmalloc_user_noprof+0xad/0xf0
[ 2089.255851][T27626]  ? vb2_vmalloc_alloc+0xef/0x340
[ 2089.255869][T27626]  vb2_vmalloc_alloc+0xef/0x340
[ 2089.255887][T27626]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 2089.255905][T27626]  __vb2_queue_alloc+0x9bf/0x15a0
[ 2089.255956][T27626]  vb2_core_reqbufs+0xc31/0x1420
[ 2089.256000][T27626]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 2089.256023][T27626]  ? preempt_schedule_thunk+0x16/0x30
[ 2089.256051][T27626]  ? __vb2_init_fileio+0x1e8/0xff0
[ 2089.256073][T27626]  __vb2_init_fileio+0x318/0xff0
[ 2089.256088][T27626]  ? rcu_is_watching+0x15/0xb0
[ 2089.256114][T27626]  ? __pfx___mutex_lock+0x10/0x10
[ 2089.256136][T27626]  ? preempt_schedule_irq+0xde/0x150
[ 2089.256157][T27626]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 2089.256188][T27626]  vb2_core_poll+0x4c1/0x840
[ 2089.256210][T27626]  vb2_fop_poll+0x168/0x380
[ 2089.256238][T27626]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 2089.256263][T27626]  v4l2_poll+0x144/0x2c0
[ 2089.256295][T27626]  __io_read+0x4b1/0x14f0
[ 2089.256318][T27626]  ? __lock_acquire+0xab9/0xd20
[ 2089.256356][T27626]  ? __pfx___io_read+0x10/0x10
[ 2089.256387][T27626]  io_read+0x1c/0x60
[ 2089.256406][T27626]  __io_issue_sqe+0x17e/0x4b0
[ 2089.256425][T27626]  ? io_file_get_normal+0x101/0x2f0
[ 2089.256451][T27626]  io_issue_sqe+0x165/0xfd0
[ 2089.256479][T27626]  io_submit_sqes+0xa38/0x1c50
[ 2089.256530][T27626]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 2089.256553][T27626]  ? __pfx_futex_wait+0x10/0x10
[ 2089.256595][T27626]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 2089.256612][T27626]  ? do_futex+0x333/0x420
[ 2089.256628][T27626]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2089.256656][T27626]  ? __pfx_do_futex+0x10/0x10
[ 2089.256672][T27626]  ? kmem_cache_free+0x18f/0x400
[ 2089.256701][T27626]  ? __se_sys_futex+0x36f/0x400
[ 2089.256730][T27626]  ? rcu_is_watching+0x15/0xb0
[ 2089.256758][T27626]  ? __x64_sys_io_uring_enter+0x21/0xf0
[ 2089.256781][T27626]  do_syscall_64+0xfa/0x3b0
[ 2089.256803][T27626]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2089.256824][T27626]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2089.256841][T27626]  ? clear_bhb_loop+0x60/0xb0
[ 2089.256862][T27626]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2089.256878][T27626] RIP: 0033:0x7f8d32d8e929
[ 2089.256894][T27626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2089.256909][T27626] RSP: 002b:00007f8d33bf0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2089.256927][T27626] RAX: ffffffffffffffda RBX: 00007f8d32fb6160 RCX: 00007f8d32d8e929
[ 2089.256939][T27626] RDX: 000000000000c153 RSI: 00000000000047ba RDI: 0000000000000004
[ 2089.256950][T27626] RBP: 00007f8d32e10b39 R08: 0000000000000000 R09: 0000000000000000
[ 2089.256961][T27626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2089.256971][T27626] R13: 0000000000000000 R14: 00007f8d32fb6160 R15: 00007ffc903fcb28
[ 2089.257001][T27626]  </TASK>
[ 2089.257027][T27626] Mem-Info:
[ 2089.266689][T28227] FAULT_INJECTION: forcing a failure.
[ 2089.266689][T28227] name failslab, interval 1, probability 0, space 0, times 0
[ 2089.269964][T27626] active_anon:272 inactive_anon:3779 isolated_anon:0
[ 2089.269964][T27626]  active_file:16739 inactive_file:39314 isolated_file:0
[ 2089.269964][T27626]  unevictable:768 dirty:409 writeback:0
[ 2089.269964][T27626]  slab_reclaimable:11562 slab_unreclaimable:112626
[ 2089.269964][T27626]  mapped:36818 shmem:1397 pagetables:1113
[ 2089.269964][T27626]  sec_pagetables:0 bounce:0
[ 2089.269964][T27626]  kernel_misc_reclaimable:0
[ 2089.269964][T27626]  free:1283607 free_pcp:13205 free_cma:0
[ 2089.707097][T28227] CPU: 0 UID: 0 PID: 28227 Comm: syz.5.6360 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[ 2089.707122][T28227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2089.707132][T28227] Call Trace:
[ 2089.707139][T28227]  <TASK>
[ 2089.707147][T28227]  dump_stack_lvl+0x189/0x250
[ 2089.707175][T28227]  ? __pfx____ratelimit+0x10/0x10
[ 2089.707199][T28227]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2089.707222][T28227]  ? __pfx__printk+0x10/0x10
[ 2089.707245][T28227]  ? __pfx___might_resched+0x10/0x10
[ 2089.707267][T28227]  ? fs_reclaim_acquire+0x7d/0x100
[ 2089.707292][T28227]  should_fail_ex+0x414/0x560
[ 2089.707317][T28227]  should_failslab+0xa8/0x100
[ 2089.707340][T28227]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[ 2089.707360][T28227]  ? __d_alloc+0x31/0x6f0
[ 2089.707389][T28227]  __d_alloc+0x31/0x6f0
[ 2089.707425][T28227]  d_alloc+0x4b/0x190
[ 2089.707446][T28227]  ? lookup_one_qstr_excl_raw+0xb4/0x280
[ 2089.707469][T28227]  lookup_one_qstr_excl_raw+0xc8/0x280
[ 2089.707494][T28227]  do_rmdir+0x1c3/0x630
[ 2089.707514][T28227]  ? __pfx_do_rmdir+0x10/0x10
[ 2089.707539][T28227]  ? getname_flags+0x1e5/0x540
[ 2089.707565][T28227]  __x64_sys_rmdir+0x47/0x50
[ 2089.707582][T28227]  do_syscall_64+0xfa/0x3b0
[ 2089.707603][T28227]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2089.707626][T28227]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2089.707643][T28227]  ? clear_bhb_loop+0x60/0xb0
[ 2089.707664][T28227]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2089.707680][T28227] RIP: 0033:0x7fa0f778e929
[ 2089.707695][T28227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2089.707710][T28227] RSP: 002b:00007fa0f852b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000054
[ 2089.707729][T28227] RAX: ffffffffffffffda RBX: 00007fa0f79b5fa0 RCX: 00007fa0f778e929
[ 2089.707742][T28227] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000440
[ 2089.707753][T28227] RBP: 00007fa0f852b090 R08: 0000000000000000 R09: 0000000000000000
[ 2089.707764][T28227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2089.707775][T28227] R13: 0000000000000000 R14: 00007fa0f79b5fa0 R15: 00007ffdbeb41b58
[ 2089.707804][T28227]  </TASK>
[ 2089.938233][T27626] Node 0 active_anon:1088kB inactive_anon:15120kB active_file:66664kB inactive_file:157256kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:155220kB dirty:1640kB writeback:0kB shmem:4052kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12736kB pagetables:4440kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2089.973498][T27626] Node 1 active_anon:0kB inactive_anon:0kB active_file:292kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:40kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2090.005966][T27626] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2090.036571][T27626] lowmem_reserve[]: 0 2501 2503 2503 2503
[ 2090.044125][T27626] Node 0 DMA32 free:1200456kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1084kB inactive_anon:15076kB active_file:64896kB inactive_file:157196kB unevictable:1536kB writepending:1640kB present:3129332kB managed:2561488kB mlocked:0kB bounce:0kB free_pcp:51852kB local_pcp:30316kB free_cma:0kB
[ 2090.077742][T27626] lowmem_reserve[]: 0 0 1 1 1
[ 2090.083963][T27626] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1768kB inactive_file:60kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[ 2090.114005][T27626] lowmem_reserve[]: 0 0 0 0 0
[ 2090.119966][T27626] Node 1 Normal free:3918440kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:292kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2090.150997][T27626] lowmem_reserve[]: 0 0 0 0 0
[ 2090.156262][T27626] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2090.218486][T28236] sctp: [Deprecated]: syz.6.6362 (pid 28236) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2090.218486][T28236] Use struct sctp_sack_info instead
[ 2090.238061][   T30] kauditd_printk_skb: 1 callbacks suppressed
[ 2090.238124][   T30] audit: type=1326 audit(1750655738.628:1012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28211 comm="syz.3.6356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd03598e929 code=0x7ffc0000
[ 2090.289985][T27626] Node 0 DMA32: 639*4kB (UME) 904*8kB (UME) 842*16kB (UME) 344*32kB (UME) 159*64kB (UME) 49*128kB (UME) 19*256kB (UME) 13*512kB (UM) 65*1024kB (UME) 10*2048kB (UME) 257*4096kB (UME) = 1201948kB
[ 2090.567440][T27626] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[ 2090.584332][   T30] audit: type=1326 audit(1750655738.668:1013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28211 comm="syz.3.6356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd03598e929 code=0x7ffc0000
[ 2090.670034][T27626] Node 1 Normal: 168*4kB (UE) 41*8kB (UE) 46*16kB (UME) 223*32kB (UME) 101*64kB (UME) 25*128kB (UE) 8*256kB (UME) 7*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 949*4096kB (UM) = 3918440kB
[ 2090.847772][T27626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2090.878875][T27626] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 2090.903333][T27626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2090.917771][T27626] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 2090.949958][T27626] 58127 total pagecache pages
[ 2090.968532][T27626] 0 pages in swap cache
[ 2090.979257][T27626] Free swap  = 124996kB
[ 2090.985441][T27626] Total swap = 124996kB
[ 2090.989852][T27626] 2097051 pages RAM
[ 2090.994104][T27626] 0 pages HighMem/MovableOnly
[ 2090.998789][T27626] 424572 pages reserved
[ 2091.003238][T27626] 0 pages cma reserved
[ 2091.014702][T28241] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6365'.
[ 2091.023712][T28241] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6365'.
[ 2091.032650][T28241] netlink: 'syz.3.6365': attribute type 13 has an invalid length.
[ 2092.192982][T16424] usb 10-1: new high-speed USB device number 43 using dummy_hcd
[ 2092.393436][T16424] usb 10-1: Using ep0 maxpacket: 8
[ 2092.417529][T16424] usb 10-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[ 2092.451755][T16424] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2092.490624][T16424] usb 10-1: Product: syz
[ 2092.510843][T16424] usb 10-1: Manufacturer: syz
[ 2092.543522][T16424] usb 10-1: SerialNumber: syz
[ 2092.563876][T16424] usb 10-1: config 0 descriptor??
[ 2092.605025][T16424] gspca_main: sq930x-2.14.0 probing 2770:930c
[ 2092.822644][T28248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2092.856155][T28264] random: crng reseeded on system resumption
[ 2092.888510][T28248] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2092.958583][T28265] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6373'.
[ 2093.013099][T28265] netlink: 36 bytes leftover after parsing attributes in process `syz.5.6373'.
[ 2093.412969][T16424] gspca_sq930x: reg_w 0305 fd00 failed -71
[ 2093.430002][T16424] sq930x 10-1:0.0: probe with driver sq930x failed with error -71
[ 2093.611740][T16424] usb 10-1: USB disconnect, device number 43
[ 2093.977572][T28271] sctp: [Deprecated]: syz.5.6374 (pid 28271) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2093.977572][T28271] Use struct sctp_sack_info instead
[ 2094.736245][   T30] audit: type=1326 audit(1750655743.268:1014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28272 comm="syz.3.6375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd03598e929 code=0x7ffc0000
[ 2094.974496][   T30] audit: type=1326 audit(1750655743.278:1015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28272 comm="syz.3.6375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd03598e929 code=0x7ffc0000
[ 2095.060542][T22138] usb 6-1: new high-speed USB device number 117 using dummy_hcd
[ 2095.141789][T28287] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6379'.
[ 2095.260775][T28291] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6379'.
[ 2095.377489][T22138] usb 6-1: config 0 has an invalid interface number: 33 but max is 0
[ 2095.392590][T22138] usb 6-1: config 0 has no interface number 0
[ 2095.414997][T28296] FAULT_INJECTION: forcing a failure.
[ 2095.414997][T28296] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2095.421930][T22138] usb 6-1: New USB device found, idVendor=24cf, idProduct=59e4, bcdDevice= 9.43
[ 2095.457531][T28296] CPU: 1 UID: 0 PID: 28296 Comm: syz.9.6380 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[ 2095.457566][T28296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2095.457578][T28296] Call Trace:
[ 2095.457586][T28296]  <TASK>
[ 2095.457595][T28296]  dump_stack_lvl+0x189/0x250
[ 2095.457623][T28296]  ? __pfx____ratelimit+0x10/0x10
[ 2095.457647][T28296]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2095.457669][T28296]  ? __pfx__printk+0x10/0x10
[ 2095.457687][T28296]  ? __might_fault+0xb0/0x130
[ 2095.457717][T28296]  should_fail_ex+0x414/0x560
[ 2095.457742][T28296]  _copy_from_user+0x2d/0xb0
[ 2095.457760][T28296]  ___sys_sendmsg+0x158/0x2a0
[ 2095.457783][T28296]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2095.457837][T28296]  ? __fget_files+0x2a/0x420
[ 2095.457857][T28296]  ? __fget_files+0x3a0/0x420
[ 2095.457888][T28296]  __sys_sendmmsg+0x227/0x430
[ 2095.457914][T28296]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 2095.457932][T28296]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 2095.457980][T28296]  ? ksys_write+0x22a/0x250
[ 2095.458002][T28296]  ? __pfx_ksys_write+0x10/0x10
[ 2095.458018][T28296]  ? rcu_is_watching+0x15/0xb0
[ 2095.458048][T28296]  __x64_sys_sendmmsg+0xa0/0xc0
[ 2095.458070][T28296]  do_syscall_64+0xfa/0x3b0
[ 2095.458092][T28296]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2095.458114][T28296]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2095.458131][T28296]  ? clear_bhb_loop+0x60/0xb0
[ 2095.458151][T28296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2095.458168][T28296] RIP: 0033:0x7f01cb58e929
[ 2095.458184][T28296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2095.458198][T28296] RSP: 002b:00007f01cc338038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2095.458217][T28296] RAX: ffffffffffffffda RBX: 00007f01cb7b6160 RCX: 00007f01cb58e929
[ 2095.458230][T28296] RDX: 0000000000000001 RSI: 0000200000004900 RDI: 0000000000000006
[ 2095.458241][T28296] RBP: 00007f01cc338090 R08: 0000000000000000 R09: 0000000000000000
[ 2095.458252][T28296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2095.458262][T28296] R13: 0000000000000000 R14: 00007f01cb7b6160 R15: 00007ffc2e5b6328
[ 2095.458290][T28296]  </TASK>
[ 2095.475800][T22138] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2095.967430][T28306] random: crng reseeded on system resumption
[ 2096.809636][T28316] sctp: [Deprecated]: syz.3.6387 (pid 28316) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2096.809636][T28316] Use struct sctp_sack_info instead
[ 2097.144137][T22138] usb 6-1: config 0 descriptor??
[ 2097.174638][T22138] usb-storage 6-1:0.33: USB Mass Storage device detected
[ 2097.464880][T22623] usb 6-1: USB disconnect, device number 117
[ 2099.318690][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 2100.380082][T27626] warn_alloc: 5 callbacks suppressed
[ 2100.380102][T27626] syz.2.6190: vmalloc error: size 188743680, failed to allocated page array size 368640, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 2100.529281][T28334] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[ 2100.541155][T27626] CPU: 0 UID: 0 PID: 27626 Comm: syz.2.6190 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[ 2100.541182][T27626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2100.541193][T27626] Call Trace:
[ 2100.541201][T27626]  <TASK>
[ 2100.541210][T27626]  dump_stack_lvl+0x189/0x250
[ 2100.541240][T27626]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2100.541263][T27626]  ? __pfx__printk+0x10/0x10
[ 2100.541281][T27626]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 2100.541307][T27626]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 2100.541333][T27626]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 2100.541359][T27626]  warn_alloc+0x214/0x310
[ 2100.541387][T27626]  ? __pfx_warn_alloc+0x10/0x10
[ 2100.541417][T27626]  ? __get_vm_area_node+0x28f/0x300
[ 2100.541439][T27626]  ? vb2_vmalloc_alloc+0xef/0x340
[ 2100.541459][T27626]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 2100.541509][T27626]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 2100.541535][T27626]  ? __kasan_kmalloc+0x93/0xb0
[ 2100.541557][T27626]  vmalloc_user_noprof+0xad/0xf0
[ 2100.541578][T27626]  ? vb2_vmalloc_alloc+0xef/0x340
[ 2100.541595][T27626]  vb2_vmalloc_alloc+0xef/0x340
[ 2100.541611][T27626]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 2100.541628][T27626]  __vb2_queue_alloc+0x9bf/0x15a0
[ 2100.541676][T27626]  vb2_core_reqbufs+0xc31/0x1420
[ 2100.541718][T27626]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 2100.541750][T27626]  ? __vb2_init_fileio+0x1e8/0xff0
[ 2100.541770][T27626]  __vb2_init_fileio+0x318/0xff0
[ 2100.541784][T27626]  ? kasan_save_track+0x3e/0x80
[ 2100.541803][T27626]  ? __pfx___mutex_lock+0x10/0x10
[ 2100.541825][T27626]  ? __se_sys_io_uring_enter+0x2df/0x2b20
[ 2100.541855][T27626]  vb2_core_poll+0x4c1/0x840
[ 2100.541876][T27626]  vb2_fop_poll+0x168/0x380
[ 2100.541903][T27626]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 2100.541927][T27626]  v4l2_poll+0x144/0x2c0
[ 2100.541954][T27626]  __io_read+0x4b1/0x14f0
[ 2100.541976][T27626]  ? __lock_acquire+0xab9/0xd20
[ 2100.542012][T27626]  ? __pfx___io_read+0x10/0x10
[ 2100.542041][T27626]  io_read+0x1c/0x60
[ 2100.542059][T27626]  __io_issue_sqe+0x17e/0x4b0
[ 2100.542077][T27626]  ? io_file_get_normal+0x101/0x2f0
[ 2100.542103][T27626]  io_issue_sqe+0x165/0xfd0
[ 2100.542130][T27626]  io_submit_sqes+0xa38/0x1c50
[ 2100.542177][T27626]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 2100.542199][T27626]  ? __pfx_futex_wait+0x10/0x10
[ 2100.542238][T27626]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 2100.542255][T27626]  ? do_futex+0x333/0x420
[ 2100.542270][T27626]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2100.542297][T27626]  ? __pfx_do_futex+0x10/0x10
[ 2100.542312][T27626]  ? kmem_cache_free+0x18f/0x400
[ 2100.542339][T27626]  ? __se_sys_futex+0x36f/0x400
[ 2100.542367][T27626]  ? rcu_is_watching+0x15/0xb0
[ 2100.542395][T27626]  ? __x64_sys_io_uring_enter+0x21/0xf0
[ 2100.542416][T27626]  do_syscall_64+0xfa/0x3b0
[ 2100.542438][T27626]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2100.542459][T27626]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2100.542475][T27626]  ? clear_bhb_loop+0x60/0xb0
[ 2100.542495][T27626]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2100.542512][T27626] RIP: 0033:0x7f8d32d8e929
[ 2100.542528][T27626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2100.542542][T27626] RSP: 002b:00007f8d33bf0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2100.542560][T27626] RAX: ffffffffffffffda RBX: 00007f8d32fb6160 RCX: 00007f8d32d8e929
[ 2100.542573][T27626] RDX: 000000000000c153 RSI: 00000000000047ba RDI: 0000000000000004
[ 2100.542582][T27626] RBP: 00007f8d32e10b39 R08: 0000000000000000 R09: 0000000000000000
[ 2100.542591][T27626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2100.542600][T27626] R13: 0000000000000000 R14: 00007f8d32fb6160 R15: 00007ffc903fcb28
[ 2100.542625][T27626]  </TASK>
[ 2100.542631][T27626] Mem-Info:
[ 2100.542643][T27626] active_anon:272 inactive_anon:9517 isolated_anon:0
[ 2100.542643][T27626]  active_file:16747 inactive_file:39310 isolated_file:0
[ 2100.542643][T27626]  unevictable:768 dirty:412 writeback:0
[ 2100.542643][T27626]  slab_reclaimable:11560 slab_unreclaimable:112505
[ 2100.542643][T27626]  mapped:41479 shmem:7109 pagetables:1133
[ 2100.542643][T27626]  sec_pagetables:0 bounce:0
[ 2100.542643][T27626]  kernel_misc_reclaimable:0
[ 2100.542643][T27626]  free:1284574 free_pcp:6589 free_cma:0
[ 2100.542685][T27626] Node 0 active_anon:1088kB inactive_anon:38068kB active_file:66696kB inactive_file:157240kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:165824kB dirty:1636kB writeback:0kB shmem:26900kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12460kB pagetables:4380kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2100.542730][T27626] Node 1 active_anon:0kB inactive_anon:0kB active_file:292kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:92kB dirty:12kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2100.542774][T27626] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2100.542824][T27626] lowmem_reserve[]:
[ 2100.555025][T28334] Error validating options; rc = [-22]
[ 2102.439576][T27626]  0 2501 2503 2503 2503
[ 2102.453092][T27626] Node 0 DMA32 free:1190720kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1128kB inactive_anon:46152kB active_file:64936kB inactive_file:157180kB unevictable:1536kB writepending:548kB present:3129332kB managed:2561488kB mlocked:0kB bounce:0kB free_pcp:23896kB local_pcp:11684kB free_cma:0kB
[ 2102.485680][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2102.571023][T28357] netlink: 100 bytes leftover after parsing attributes in process `syz.3.6400'.
[ 2102.607588][T27626] lowmem_reserve[]: 0 0 1 1 1
[ 2103.636706][T27626] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1768kB inactive_file:60kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[ 2103.773053][T27626] lowmem_reserve[]: 0 0 0 0 0
[ 2103.798761][T27626] Node 1 Normal free:3918440kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:292kB inactive_file:0kB unevictable:1536kB writepending:12kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2103.849814][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2104.051074][T27626] lowmem_reserve[]: 0 0 0 0 0
[ 2104.068354][T27626] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2104.261158][T27626] Node 0 DMA32: 1693*4kB (UME) 583*8kB (UME) 588*16kB (UME) 403*32kB (UME) 196*64kB (UME) 77*128kB (UME) 22*256kB (UME) 13*512kB (UM) 65*1024kB (UME) 2*2048kB (UE) 257*4096kB (UME) = 1191756kB
[ 2104.604860][T27626] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[ 2104.676565][T27626] Node 1 Normal: 168*4kB (UE) 41*8kB (UE) 46*16kB (UME) 223*32kB (UME) 101*64kB (UME) 25*128kB (UE) 8*256kB (UME) 7*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 949*4096kB (UM) = 3918440kB
[ 2104.777214][T27626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2104.861259][T27626] Node 0 hugepages_total=5 hugepages_free=0 hugepages_surp=4 hugepages_size=2048kB
[ 2104.896836][T28364] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2104.941779][T28364] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 2105.006513][T27626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2105.832781][T28364] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2105.874638][T28364] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 2105.882944][T27626] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2105.903906][T28364] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 2105.942877][T27626] 57432 total pagecache pages
[ 2105.947595][T27626] 0 pages in swap cache
[ 2105.951750][T27626] Free swap  = 124996kB
[ 2105.997936][T27626] Total swap = 124996kB
[ 2106.002141][T27626] 2097051 pages RAM
[ 2106.023280][T27626] 0 pages HighMem/MovableOnly
[ 2106.043175][T27626] 424572 pages reserved
[ 2106.047460][T27626] 0 pages cma reserved
[ 2106.207298][T28385] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[ 2106.222455][T28385] Error validating options; rc = [-22]
[ 2106.653137][T16336] Bluetooth: hci2: command 0x0406 tx timeout
[ 2106.693171][T28395] netlink: 100 bytes leftover after parsing attributes in process `syz.1.6412'.
[ 2107.933050][T16336] Bluetooth: hci1: command 0x0c1a tx timeout
[ 2108.204956][T28404] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6415'.
[ 2108.853493][T16336] Bluetooth: hci2: command 0x0406 tx timeout
[ 2109.794596][T28413] FAULT_INJECTION: forcing a failure.
[ 2109.794596][T28413] name failslab, interval 1, probability 0, space 0, times 0
[ 2109.861741][T28413] CPU: 0 UID: 0 PID: 28413 Comm: syz.6.6416 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[ 2109.861759][T28413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2109.861766][T28413] Call Trace:
[ 2109.861771][T28413]  <TASK>
[ 2109.861776][T28413]  dump_stack_lvl+0x189/0x250
[ 2109.861795][T28413]  ? __pfx____ratelimit+0x10/0x10
[ 2109.861810][T28413]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2109.861824][T28413]  ? __pfx__printk+0x10/0x10
[ 2109.861837][T28413]  ? __pfx___might_resched+0x10/0x10
[ 2109.861852][T28413]  ? fs_reclaim_acquire+0x7d/0x100
[ 2109.861868][T28413]  should_fail_ex+0x414/0x560
[ 2109.861884][T28413]  should_failslab+0xa8/0x100
[ 2109.861897][T28413]  __kmalloc_noprof+0xcb/0x4f0
[ 2109.861908][T28413]  ? kfree+0x4d/0x440
[ 2109.861917][T28413]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 2109.861933][T28413]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 2109.861948][T28413]  ? tomoyo_domain+0xda/0x130
[ 2109.861966][T28413]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 2109.861977][T28413]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 2109.861990][T28413]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2109.862011][T28413]  ? __lock_acquire+0xab9/0xd20
[ 2109.862034][T28413]  ? __fget_files+0x2a/0x420
[ 2109.862049][T28413]  ? __fget_files+0x2a/0x420
[ 2109.862060][T28413]  ? __fget_files+0x3a0/0x420
[ 2109.862071][T28413]  ? __fget_files+0x2a/0x420
[ 2109.862086][T28413]  security_file_ioctl+0xcb/0x2d0
[ 2109.862101][T28413]  __se_sys_ioctl+0x47/0x170
[ 2109.862113][T28413]  do_syscall_64+0xfa/0x3b0
[ 2109.862129][T28413]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2109.862142][T28413]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2109.862152][T28413]  ? clear_bhb_loop+0x60/0xb0
[ 2109.862164][T28413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2109.862173][T28413] RIP: 0033:0x7f1ed0f8e929
[ 2109.862183][T28413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2109.862192][T28413] RSP: 002b:00007f1ed1d80038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2109.862203][T28413] RAX: ffffffffffffffda RBX: 00007f1ed11b6080 RCX: 00007f1ed0f8e929
[ 2109.862210][T28413] RDX: 0000200000000140 RSI: 00000000c008561c RDI: 0000000000000005
[ 2109.862217][T28413] RBP: 00007f1ed1d80090 R08: 0000000000000000 R09: 0000000000000000
[ 2109.862223][T28413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2109.862229][T28413] R13: 0000000000000000 R14: 00007f1ed11b6080 R15: 00007ffc09e29f48
[ 2109.862244][T28413]  </TASK>
[ 2109.862250][T28413] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2110.128533][T16336] Bluetooth: hci1: command 0x0c1a tx timeout
[ 2110.517205][T28417] fuse: Unknown parameter ''
[ 2110.573432][   T10] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[ 2110.683457][T27626] warn_alloc: 1 callbacks suppressed
[ 2110.683476][T27626] syz.2.6190: vmalloc error: size 188743680, failed to allocated page array size 368640, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 2110.722948][   T10] usb 2-1: device descriptor read/64, error -71
[ 2110.733387][T27626] CPU: 0 UID: 0 PID: 27626 Comm: syz.2.6190 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[ 2110.733414][T27626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2110.733426][T27626] Call Trace:
[ 2110.733434][T27626]  <TASK>
[ 2110.733442][T27626]  dump_stack_lvl+0x189/0x250
[ 2110.733473][T27626]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2110.733496][T27626]  ? __pfx__printk+0x10/0x10
[ 2110.733514][T27626]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 2110.733540][T27626]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 2110.733568][T27626]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 2110.733596][T27626]  warn_alloc+0x214/0x310
[ 2110.733625][T27626]  ? __pfx_warn_alloc+0x10/0x10
[ 2110.733656][T27626]  ? __get_vm_area_node+0x28f/0x300
[ 2110.733678][T27626]  ? vb2_vmalloc_alloc+0xef/0x340
[ 2110.733700][T27626]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 2110.733751][T27626]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 2110.733779][T27626]  ? __kasan_kmalloc+0x93/0xb0
[ 2110.733802][T27626]  vmalloc_user_noprof+0xad/0xf0
[ 2110.733824][T27626]  ? vb2_vmalloc_alloc+0xef/0x340
[ 2110.733842][T27626]  vb2_vmalloc_alloc+0xef/0x340
[ 2110.733859][T27626]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 2110.733877][T27626]  __vb2_queue_alloc+0x9bf/0x15a0
[ 2110.733927][T27626]  vb2_core_reqbufs+0xc31/0x1420
[ 2110.733970][T27626]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 2110.734004][T27626]  ? __vb2_init_fileio+0x1e8/0xff0
[ 2110.734024][T27626]  __vb2_init_fileio+0x318/0xff0
[ 2110.734039][T27626]  ? kasan_save_track+0x3e/0x80
[ 2110.734058][T27626]  ? __pfx___mutex_lock+0x10/0x10
[ 2110.734079][T27626]  ? __se_sys_io_uring_enter+0x2df/0x2b20
[ 2110.734110][T27626]  vb2_core_poll+0x4c1/0x840
[ 2110.734133][T27626]  vb2_fop_poll+0x168/0x380
[ 2110.734161][T27626]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 2110.734186][T27626]  v4l2_poll+0x144/0x2c0
[ 2110.734213][T27626]  __io_read+0x4b1/0x14f0
[ 2110.734236][T27626]  ? __lock_acquire+0xab9/0xd20
[ 2110.734281][T27626]  ? __pfx___io_read+0x10/0x10
[ 2110.734312][T27626]  io_read+0x1c/0x60
[ 2110.734331][T27626]  __io_issue_sqe+0x17e/0x4b0
[ 2110.734349][T27626]  ? io_file_get_normal+0x101/0x2f0
[ 2110.734370][T27626]  io_issue_sqe+0x165/0xfd0
[ 2110.734397][T27626]  io_submit_sqes+0xa38/0x1c50
[ 2110.734444][T27626]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 2110.734467][T27626]  ? __pfx_futex_wait+0x10/0x10
[ 2110.734508][T27626]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 2110.734525][T27626]  ? do_futex+0x333/0x420
[ 2110.734540][T27626]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2110.734568][T27626]  ? __pfx_do_futex+0x10/0x10
[ 2110.734585][T27626]  ? kmem_cache_free+0x18f/0x400
[ 2110.734611][T27626]  ? __se_sys_futex+0x36f/0x400
[ 2110.734640][T27626]  ? rcu_is_watching+0x15/0xb0
[ 2110.734669][T27626]  ? __x64_sys_io_uring_enter+0x21/0xf0
[ 2110.734691][T27626]  do_syscall_64+0xfa/0x3b0
[ 2110.734714][T27626]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2110.734735][T27626]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2110.734752][T27626]  ? clear_bhb_loop+0x60/0xb0
[ 2110.734770][T27626]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2110.734785][T27626] RIP: 0033:0x7f8d32d8e929
[ 2110.734800][T27626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2110.734814][T27626] RSP: 002b:00007f8d33bf0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2110.734831][T27626] RAX: ffffffffffffffda RBX: 00007f8d32fb6160 RCX: 00007f8d32d8e929
[ 2110.734844][T27626] RDX: 000000000000c153 RSI: 00000000000047ba RDI: 0000000000000004
[ 2110.734855][T27626] RBP: 00007f8d32e10b39 R08: 0000000000000000 R09: 0000000000000000
[ 2110.734866][T27626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2110.734876][T27626] R13: 0000000000000000 R14: 00007f8d32fb6160 R15: 00007ffc903fcb28
[ 2110.734906][T27626]  </TASK>
[ 2110.734971][T27626] Mem-Info:
[ 2111.060781][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2111.177091][T28427] netlink: 60 bytes leftover after parsing attributes in process `syz.5.6421'.
[ 2111.811450][T27626] active_anon:273 inactive_anon:23949 isolated_anon:0
[ 2111.811450][T27626]  active_file:17751 inactive_file:39235 isolated_file:0
[ 2111.811450][T27626]  unevictable:768 dirty:301 writeback:0
[ 2111.811450][T27626]  slab_reclaimable:11447 slab_unreclaimable:112037
[ 2111.811450][T27626]  mapped:38584 shmem:21571 pagetables:1142
[ 2111.811450][T27626]  sec_pagetables:0 bounce:0
[ 2111.811450][T27626]  kernel_misc_reclaimable:0
[ 2111.811450][T27626]  free:1267855 free_pcp:8471 free_cma:0
[ 2111.853006][   T10] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[ 2112.176686][T27626] Node 0 active_anon:1092kB inactive_anon:26528kB active_file:70812kB inactive_file:156840kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:154300kB dirty:1256kB writeback:0kB shmem:15452kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12532kB pagetables:4440kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2112.210477][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2112.232799][T16336] Bluetooth: hci1: command 0x0c1a tx timeout
[ 2112.243203][   T10] usb 2-1: device descriptor read/64, error -71
[ 2112.266527][T28435] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6423'.
[ 2112.278898][T27626] Node 1 active_anon:0kB inactive_anon:0kB active_file:292kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:56kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2112.313215][T27626] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2112.367671][   T10] usb usb2-port1: attempt power cycle
[ 2112.412950][T27626] lowmem_reserve[]: 0 2501 2503 2503 2503
[ 2112.429227][T27626] Node 0 DMA32 free:1137216kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1088kB inactive_anon:26584kB active_file:69044kB inactive_file:156780kB unevictable:1536kB writepending:1256kB present:3129332kB managed:2561488kB mlocked:0kB bounce:0kB free_pcp:104040kB local_pcp:86664kB free_cma:0kB
[ 2112.462001][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2112.522351][T27626] lowmem_reserve[]: 0 0 1 1 1
[ 2112.529214][T27626] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1768kB inactive_file:60kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[ 2112.569736][T27626] lowmem_reserve[]: 0 0 0 0 0
[ 2112.606809][T27626] Node 1 Normal free:3918440kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:292kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2113.066629][   T10] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[ 2113.078888][T27626] lowmem_reserve[]: 0 0 0 0 0
[ 2113.109977][   T10] usb 2-1: device descriptor read/8, error -71
[ 2113.132189][T27626] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2113.272117][T27626] Node 0 DMA32: 2*4kB (UE) 10*8kB (UME) 577*16kB (UME) 279*32kB (UE) 58*64kB (UE) 34*128kB (UE) 7*256kB (UME) 2*512kB (UM) 56*1024kB (UE) 3*2048kB (UME) 255*4096kB (UME) = 1137096kB
[ 2113.608202][T27626] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[ 2113.653992][T27626] Node 1 Normal: 168*4kB (UE) 41*8kB (UE) 46*16kB (UME) 223*32kB (UME) 101*64kB (UME) 25*128kB (UE) 8*256kB (UME) 7*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 949*4096kB (UM) = 3918440kB
[ 2113.663073][   T10] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[ 2113.718789][T27626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2113.761340][   T10] usb 2-1: device descriptor read/8, error -71
[ 2113.761740][T27626] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 2113.917516][   T10] usb usb2-port1: unable to enumerate USB device
[ 2113.937613][T27626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2113.967880][T27626] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 2113.968596][T28456] syz.5.6426: attempt to access beyond end of device
[ 2113.968596][T28456] nbd5: rw=0, sector=6, nr_sectors = 2 limit=0
[ 2113.990094][T28456] ADFS-fs (nbd5): error: unable to read block 3, try 0
[ 2114.083421][T28460] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6426'.
[ 2114.120884][T27626] 64837 total pagecache pages
[ 2114.530200][T27626] 0 pages in swap cache
[ 2114.534567][T27626] Free swap  = 124996kB
[ 2114.548797][T27626] Total swap = 124996kB
[ 2114.563696][T27626] 2097051 pages RAM
[ 2114.567545][T27626] 0 pages HighMem/MovableOnly
[ 2114.572225][T27626] 424572 pages reserved
[ 2114.612001][T27626] 0 pages cma reserved
[ 2116.111227][T28471] FAULT_INJECTION: forcing a failure.
[ 2116.111227][T28471] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2116.144324][T28473] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6434'.
[ 2116.154492][T28471] CPU: 1 UID: 0 PID: 28471 Comm: syz.3.6433 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[ 2116.154518][T28471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2116.154528][T28471] Call Trace:
[ 2116.154535][T28471]  <TASK>
[ 2116.154598][T28471]  dump_stack_lvl+0x189/0x250
[ 2116.154629][T28471]  ? __pfx____ratelimit+0x10/0x10
[ 2116.154653][T28471]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2116.154673][T28471]  ? __pfx__printk+0x10/0x10
[ 2116.154689][T28471]  ? __might_fault+0xb0/0x130
[ 2116.154717][T28471]  should_fail_ex+0x414/0x560
[ 2116.154740][T28471]  _copy_from_user+0x2d/0xb0
[ 2116.154756][T28471]  ppp_write+0x186/0x400
[ 2116.154773][T28471]  ? __pfx_ppp_write+0x10/0x10
[ 2116.154792][T28471]  vfs_write+0x27e/0xa90
[ 2116.154817][T28471]  ? __pfx_vfs_write+0x10/0x10
[ 2116.154835][T28471]  ? __fget_files+0x2a/0x420
[ 2116.154856][T28471]  ? __fget_files+0x2a/0x420
[ 2116.154873][T28471]  ? __fget_files+0x3a0/0x420
[ 2116.154903][T28471]  ? __fget_files+0x2a/0x420
[ 2116.154929][T28471]  __x64_sys_pwrite64+0x193/0x220
[ 2116.154949][T28471]  ? __pfx___x64_sys_pwrite64+0x10/0x10
[ 2116.154965][T28471]  ? rcu_is_watching+0x15/0xb0
[ 2116.154990][T28471]  ? do_syscall_64+0xbe/0x3b0
[ 2116.155015][T28471]  do_syscall_64+0xfa/0x3b0
[ 2116.155033][T28471]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2116.155054][T28471]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2116.155070][T28471]  ? clear_bhb_loop+0x60/0xb0
[ 2116.155089][T28471]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2116.155104][T28471] RIP: 0033:0x7fd03598e929
[ 2116.155121][T28471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2116.155135][T28471] RSP: 002b:00007fd03685e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[ 2116.155152][T28471] RAX: ffffffffffffffda RBX: 00007fd035bb5fa0 RCX: 00007fd03598e929
[ 2116.155163][T28471] RDX: 0000000000000002 RSI: 00002000000004c0 RDI: 0000000000000003
[ 2116.155173][T28471] RBP: 00007fd03685e090 R08: 0000000000000000 R09: 0000000000000000
[ 2116.155184][T28471] R10: 0000000000000d39 R11: 0000000000000246 R12: 0000000000000001
[ 2116.155194][T28471] R13: 0000000000000000 R14: 00007fd035bb5fa0 R15: 00007ffdd3b58618
[ 2116.155223][T28471]  </TASK>
[ 2116.722446][T28485] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6435'.
[ 2119.008388][T28508] syz.6.6441: attempt to access beyond end of device
[ 2119.008388][T28508] nbd6: rw=0, sector=6, nr_sectors = 2 limit=0
[ 2119.021438][T28508] ADFS-fs (nbd6): error: unable to read block 3, try 0
[ 2119.129724][T28509] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6441'.
[ 2120.522924][T27876] usb 7-1: new high-speed USB device number 68 using dummy_hcd
[ 2120.613731][ T5959] usb 10-1: new high-speed USB device number 44 using dummy_hcd
[ 2120.714724][T27876] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2120.737416][T27876] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 2120.795957][ T5959] usb 10-1: Using ep0 maxpacket: 32
[ 2120.941665][ T5959] usb 10-1: config 0 has an invalid interface number: 8 but max is 0
[ 2120.949960][T27876] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2120.968495][ T5959] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2121.569034][T27876] usb 7-1: config 0 descriptor??
[ 2121.584860][T27876] pwc: Askey VC010 type 2 USB webcam detected.
[ 2121.651115][T28525] netlink: 'syz.1.6447': attribute type 16 has an invalid length.
[ 2121.659079][T28525] netlink: 'syz.1.6447': attribute type 17 has an invalid length.
[ 2121.667301][T28525] netlink: 'syz.1.6447': attribute type 27 has an invalid length.
[ 2121.685719][ T5959] usb 10-1: config 0 has no interface number 0
[ 2121.692376][ T5959] usb 10-1: config 0 interface 8 altsetting 248 endpoint 0x2 has invalid wMaxPacketSize 0
[ 2121.758449][ T5959] usb 10-1: config 0 interface 8 altsetting 248 has 2 endpoint descriptors, different from the interface descriptor's value: 10
[ 2121.809016][T27876] pwc: recv_control_msg error -71 req 02 val 2b00
[ 2121.822132][T27876] pwc: recv_control_msg error -71 req 02 val 2700
[ 2121.833086][ T5931] usb 6-1: new high-speed USB device number 118 using dummy_hcd
[ 2121.841341][T27876] pwc: recv_control_msg error -71 req 02 val 2c00
[ 2121.916235][T28535] random: crng reseeded on system resumption
[ 2122.659364][ T5959] usb 10-1: config 0 interface 8 has no altsetting 0
[ 2122.903357][T27876] pwc: recv_control_msg error -71 req 04 val 1000
[ 2122.910473][T27876] pwc: recv_control_msg error -71 req 04 val 1300
[ 2122.918157][T27876] pwc: recv_control_msg error -71 req 04 val 1400
[ 2122.933466][T27876] pwc: recv_control_msg error -71 req 02 val 2000
[ 2122.940632][T27876] pwc: recv_control_msg error -71 req 02 val 2100
[ 2122.948180][T27876] pwc: recv_control_msg error -71 req 04 val 1500
[ 2122.954424][ T5931] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2122.956045][T27876] pwc: recv_control_msg error -71 req 02 val 2500
[ 2122.975495][T27876] pwc: recv_control_msg error -71 req 02 val 2400
[ 2122.986834][T27876] pwc: recv_control_msg error -71 req 02 val 2600
[ 2122.990503][ T5959] usb 10-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=2d.bb
[ 2123.003309][ T5931] usb 6-1: config 0 interface 0 has no altsetting 1
[ 2123.003457][T27876] pwc: recv_control_msg error -71 req 02 val 2900
[ 2123.010323][ T5959] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2123.025522][ T5959] usb 10-1: Product: syz
[ 2123.031480][ T5959] usb 10-1: Manufacturer: syz
[ 2123.038488][ T5959] usb 10-1: SerialNumber: syz
[ 2123.044562][ T5931] usb 6-1: New USB device found, idVendor=0499, idProduct=5ae2, bcdDevice= 9.0f
[ 2123.054653][ T5931] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=7
[ 2123.062662][ T5931] usb 6-1: Product: syz
[ 2123.067184][ T5931] usb 6-1: Manufacturer: syz
[ 2123.071905][ T5931] usb 6-1: SerialNumber: syz
[ 2123.097193][ T5959] usb 10-1: config 0 descriptor??
[ 2123.101668][T27876] pwc: recv_control_msg error -71 req 02 val 2800
[ 2123.113509][ T5931] usb 6-1: config 0 descriptor??
[ 2123.169349][T27876] pwc: recv_control_msg error -71 req 04 val 1100
[ 2123.204732][T27876] pwc: recv_control_msg error -71 req 04 val 1200
[ 2123.225200][T27876] pwc: Registered as video103.
[ 2123.232074][T27876] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input71
[ 2123.577622][ T5959] ath6kl: Failed to submit usb control message: -71
[ 2123.619888][ T5959] ath6kl: unable to send the bmi data to the device: -71
[ 2123.621310][T27626] warn_alloc: 4 callbacks suppressed
[ 2123.621325][T27626] syz.2.6190: vmalloc error: size 188743680, failed to allocated page array size 368640, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null)
[ 2123.633384][ T5959] ath6kl: Unable to send get target info: -71
[ 2123.633959][T27876] usb 7-1: USB disconnect, device number 68
[ 2123.683507][ T5959] ath6kl: Failed to init ath6kl core: -71
[ 2123.694001][T27626] ,cpuset=/,mems_allowed=0-1
[ 2123.701756][T27626] CPU: 1 UID: 0 PID: 27626 Comm: syz.2.6190 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[ 2123.701783][T27626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2123.701794][T27626] Call Trace:
[ 2123.701801][T27626]  <TASK>
[ 2123.701808][T27626]  dump_stack_lvl+0x189/0x250
[ 2123.701840][T27626]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2123.701865][T27626]  ? __pfx__printk+0x10/0x10
[ 2123.701883][T27626]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 2123.701910][T27626]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 2123.701938][T27626]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 2123.701967][T27626]  warn_alloc+0x214/0x310
[ 2123.701997][T27626]  ? __pfx_warn_alloc+0x10/0x10
[ 2123.702034][T27626]  ? __get_vm_area_node+0x28f/0x300
[ 2123.702056][T27626]  ? vb2_vmalloc_alloc+0xef/0x340
[ 2123.702079][T27626]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 2123.702133][T27626]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 2123.702161][T27626]  ? __kasan_kmalloc+0x93/0xb0
[ 2123.702185][T27626]  vmalloc_user_noprof+0xad/0xf0
[ 2123.702206][T27626]  ? vb2_vmalloc_alloc+0xef/0x340
[ 2123.702224][T27626]  vb2_vmalloc_alloc+0xef/0x340
[ 2123.702241][T27626]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 2123.702260][T27626]  __vb2_queue_alloc+0x9bf/0x15a0
[ 2123.702312][T27626]  vb2_core_reqbufs+0xc31/0x1420
[ 2123.702356][T27626]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 2123.702384][T27626]  ? __kasan_kmalloc+0x93/0xb0
[ 2123.702405][T27626]  ? __kmalloc_cache_noprof+0x230/0x3d0
[ 2123.702424][T27626]  ? __vb2_init_fileio+0x1e8/0xff0
[ 2123.702446][T27626]  __vb2_init_fileio+0x318/0xff0
[ 2123.702466][T27626]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 2123.702488][T27626]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 2123.702520][T27626]  vb2_core_poll+0x4c1/0x840
[ 2123.702543][T27626]  vb2_fop_poll+0x168/0x380
[ 2123.702570][T27626]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 2123.702595][T27626]  v4l2_poll+0x144/0x2c0
[ 2123.702618][T27626]  ? __pfx_v4l2_poll+0x10/0x10
[ 2123.702643][T27626]  __io_arm_poll_handler+0x372/0xbb0
[ 2123.702681][T27626]  io_arm_poll_handler+0x726/0xb70
[ 2123.702711][T27626]  ? __pfx_io_arm_poll_handler+0x10/0x10
[ 2123.702729][T27626]  ? __io_issue_sqe+0x1f9/0x4b0
[ 2123.702744][T27626]  ? __pfx_io_async_queue_proc+0x10/0x10
[ 2123.702766][T27626]  ? io_file_get_normal+0x101/0x2f0
[ 2123.702785][T27626]  ? io_issue_sqe+0x3bb/0xfd0
[ 2123.702806][T27626]  io_queue_async+0x79/0x2f0
[ 2123.702827][T27626]  io_submit_sqes+0xe22/0x1c50
[ 2123.702875][T27626]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 2123.702899][T27626]  ? __pfx_futex_wait+0x10/0x10
[ 2123.702941][T27626]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 2123.702959][T27626]  ? do_futex+0x333/0x420
[ 2123.702974][T27626]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2123.703002][T27626]  ? __pfx_do_futex+0x10/0x10
[ 2123.703024][T27626]  ? kmem_cache_free+0x18f/0x400
[ 2123.703052][T27626]  ? __se_sys_futex+0x36f/0x400
[ 2123.703081][T27626]  ? rcu_is_watching+0x15/0xb0
[ 2123.703110][T27626]  ? __x64_sys_io_uring_enter+0x21/0xf0
[ 2123.703132][T27626]  do_syscall_64+0xfa/0x3b0
[ 2123.703154][T27626]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2123.703176][T27626]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2123.703193][T27626]  ? clear_bhb_loop+0x60/0xb0
[ 2123.703214][T27626]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2123.703231][T27626] RIP: 0033:0x7f8d32d8e929
[ 2123.703247][T27626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2123.703263][T27626] RSP: 002b:00007f8d33bf0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2123.703281][T27626] RAX: ffffffffffffffda RBX: 00007f8d32fb6160 RCX: 00007f8d32d8e929
[ 2123.703295][T27626] RDX: 000000000000c153 RSI: 00000000000047ba RDI: 0000000000000004
[ 2123.703306][T27626] RBP: 00007f8d32e10b39 R08: 0000000000000000 R09: 0000000000000000
[ 2123.703318][T27626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2123.703329][T27626] R13: 0000000000000000 R14: 00007f8d32fb6160 R15: 00007ffc903fcb28
[ 2123.703358][T27626]  </TASK>
[ 2124.148211][T27626] Mem-Info:
[ 2124.157645][T27626] active_anon:274 inactive_anon:6949 isolated_anon:0
[ 2124.157645][T27626]  active_file:17815 inactive_file:39180 isolated_file:0
[ 2124.157645][T27626]  unevictable:768 dirty:337 writeback:0
[ 2124.157645][T27626]  slab_reclaimable:11466 slab_unreclaimable:111701
[ 2124.157645][T27626]  mapped:38640 shmem:4246 pagetables:1120
[ 2124.157645][T27626]  sec_pagetables:0 bounce:0
[ 2124.157645][T27626]  kernel_misc_reclaimable:0
[ 2124.157645][T27626]  free:1276664 free_pcp:15448 free_cma:0
[ 2124.244694][ T5959] ath6kl_usb 10-1:0.8: probe with driver ath6kl_usb failed with error -71
[ 2124.258278][ T5959] usb 10-1: USB disconnect, device number 44
[ 2124.391968][ T5931] usb 6-1: USB disconnect, device number 118
[ 2124.513115][T27626] Node 0 active_anon:1096kB inactive_anon:16760kB active_file:70968kB inactive_file:156720kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:144688kB dirty:1348kB writeback:0kB shmem:5748kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12560kB pagetables:4224kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2124.563056][T27876] usb 7-1: new high-speed USB device number 69 using dummy_hcd
[ 2124.623006][T27626] Node 1 active_anon:0kB inactive_anon:0kB active_file:292kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:72kB dirty:12kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2124.634149][T28550] netlink: 44 bytes leftover after parsing attributes in process `syz.5.6455'.
[ 2124.776237][T27626] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2124.920465][T27626] lowmem_reserve[]: 0 2501 2503 2503 2503
[ 2124.933835][T27876] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 2124.955322][T27626] Node 0 DMA32 free:1173092kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1092kB inactive_anon:20052kB active_file:69200kB inactive_file:156660kB unevictable:1536kB writepending:1348kB present:3129332kB managed:2561488kB mlocked:0kB bounce:0kB free_pcp:68548kB local_pcp:38524kB free_cma:0kB
[ 2124.993124][T27876] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 2125.017010][T27876] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 2125.102549][T27876] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2125.145253][T27626] lowmem_reserve[]: 0 0 1 1 1
[ 2125.175796][T27626] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1768kB inactive_file:60kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[ 2125.215385][   T30] audit: type=1326 audit(1750655773.668:1016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28544 comm="syz.9.6453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01cb58e929 code=0x7ffc0000
[ 2125.318448][T28547] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 2125.447459][   T30] audit: type=1326 audit(1750655773.668:1017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28544 comm="syz.9.6453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01cb58e929 code=0x7ffc0000
[ 2125.479022][T27876] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[ 2125.519737][T27626] lowmem_reserve[]: 0 0 0 0 0
[ 2125.562980][T27626] Node 1 Normal free:3918440kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:292kB inactive_file:0kB unevictable:1536kB writepending:12kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2125.633383][   T30] audit: type=1326 audit(1750655773.668:1018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28544 comm="syz.9.6453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7f01cb58e929 code=0x7ffc0000
[ 2125.757886][   T30] audit: type=1326 audit(1750655773.728:1019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28544 comm="syz.9.6453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01cb58e929 code=0x7ffc0000
[ 2125.762976][T27626] lowmem_reserve[]:
[ 2125.887160][T27876] usb 7-1: USB disconnect, device number 69
[ 2126.134736][T27626]  0 0 0 0 0
[ 2126.138529][T27626] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2126.169242][   T30] audit: type=1326 audit(1750655773.728:1020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28544 comm="syz.9.6453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01cb58e929 code=0x7ffc0000
[ 2126.174577][T27626] Node 0 DMA32: 1333*4kB (UME) 102*8kB (ME) 364*16kB (UME) 839*32kB (UM) 148*64kB (UM) 74*128kB (UME) 15*256kB (UME) 7*512kB (UM) 62*1024kB (UME) 4*2048kB (UME) 253*4096kB (UME) = 1173156kB
[ 2126.412974][T27626] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[ 2126.482488][T28558] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 2126.520899][T27626] Node 1 Normal: 168*4kB (UE) 41*8kB (UE) 46*16kB (UME) 223*32kB (UME) 101*64kB (UME) 25*128kB (UE) 8*256kB (UME) 7*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 949*4096kB (UM) = 3918440kB
[ 2126.943833][T27626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2127.153765][T27626] Node 0 hugepages_total=3 hugepages_free=0 hugepages_surp=2 hugepages_size=2048kB
[ 2127.319543][T27626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2127.606405][T27626] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 2127.648032][T27626] 60537 total pagecache pages
[ 2127.670558][T27626] 0 pages in swap cache
[ 2127.708664][T27626] Free swap  = 124996kB
[ 2127.727197][T27626] Total swap = 124996kB
[ 2127.731406][T27626] 2097051 pages RAM
[ 2127.738120][T27626] 0 pages HighMem/MovableOnly
[ 2127.742939][T27626] 424572 pages reserved
[ 2127.747178][T27626] 0 pages cma reserved
[ 2127.921397][T28578] FAULT_INJECTION: forcing a failure.
[ 2127.921397][T28578] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2127.945456][T28579] overlay: Unknown parameter '/'
[ 2127.973759][T28578] CPU: 1 UID: 0 PID: 28578 Comm: syz.5.6464 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[ 2127.973787][T28578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2127.973798][T28578] Call Trace:
[ 2127.973806][T28578]  <TASK>
[ 2127.973814][T28578]  dump_stack_lvl+0x189/0x250
[ 2127.973842][T28578]  ? __pfx____ratelimit+0x10/0x10
[ 2127.973865][T28578]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2127.973888][T28578]  ? __pfx__printk+0x10/0x10
[ 2127.973907][T28578]  ? fs_reclaim_acquire+0x7d/0x100
[ 2127.973938][T28578]  should_fail_ex+0x414/0x560
[ 2127.973963][T28578]  prepare_alloc_pages+0x213/0x610
[ 2127.973993][T28578]  __alloc_frozen_pages_noprof+0x123/0x370
[ 2127.974019][T28578]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 2127.974045][T28578]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 2127.974072][T28578]  ? policy_nodemask+0x27c/0x720
[ 2127.974097][T28578]  alloc_pages_mpol+0x232/0x4a0
[ 2127.974121][T28578]  alloc_pages_noprof+0xa9/0x190
[ 2127.974145][T28578]  get_free_pages_noprof+0xf/0x80
[ 2127.974168][T28578]  __pollwait+0x27b/0x460
[ 2127.974189][T28578]  ? __pfx___pollwait+0x10/0x10
[ 2127.974208][T28578]  datagram_poll+0x82/0x420
[ 2127.974233][T28578]  sock_poll+0x329/0x3e0
[ 2127.974257][T28578]  ? __pfx_sock_poll+0x10/0x10
[ 2127.974280][T28578]  do_select+0x105e/0x17e0
[ 2127.974298][T28578]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[ 2127.974327][T28578]  ? do_select+0x881/0x17e0
[ 2127.974366][T28578]  ? __pfx_do_select+0x10/0x10
[ 2127.974385][T28578]  ? __lock_acquire+0xab9/0xd20
[ 2127.974411][T28578]  ? __pfx___pollwait+0x10/0x10
[ 2127.974434][T28578]  ? __pfx_pollwake+0x10/0x10
[ 2127.974457][T28578]  ? __pfx_pollwake+0x10/0x10
[ 2127.974480][T28578]  ? __pfx_pollwake+0x10/0x10
[ 2127.974503][T28578]  ? __pfx_pollwake+0x10/0x10
[ 2127.974526][T28578]  ? __pfx_pollwake+0x10/0x10
[ 2127.974549][T28578]  ? __pfx_pollwake+0x10/0x10
[ 2127.974571][T28578]  ? __pfx_pollwake+0x10/0x10
[ 2127.974593][T28578]  ? __pfx_pollwake+0x10/0x10
[ 2127.974623][T28578]  ? __pfx_pollwake+0x10/0x10
[ 2127.974664][T28578]  core_sys_select+0x6dd/0xa20
[ 2127.974695][T28578]  ? __pfx_core_sys_select+0x10/0x10
[ 2127.974739][T28578]  ? __pfx_set_user_sigmask+0x10/0x10
[ 2127.974772][T28578]  __se_sys_pselect6+0x27a/0x300
[ 2127.974799][T28578]  ? __pfx___se_sys_pselect6+0x10/0x10
[ 2127.974819][T28578]  ? __pfx_ksys_write+0x10/0x10
[ 2127.974836][T28578]  ? rcu_is_watching+0x15/0xb0
[ 2127.974863][T28578]  ? __x64_sys_pselect6+0x21/0xf0
[ 2127.974886][T28578]  do_syscall_64+0xfa/0x3b0
[ 2127.974908][T28578]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2127.974930][T28578]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2127.974947][T28578]  ? clear_bhb_loop+0x60/0xb0
[ 2127.974968][T28578]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2127.974984][T28578] RIP: 0033:0x7fa0f778e929
[ 2127.975000][T28578] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2127.975014][T28578] RSP: 002b:00007fa0f852b038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 2127.975033][T28578] RAX: ffffffffffffffda RBX: 00007fa0f79b5fa0 RCX: 00007fa0f778e929
[ 2127.975046][T28578] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000040
[ 2127.975057][T28578] RBP: 00007fa0f852b090 R08: 0000000000000000 R09: 0000000000000000
[ 2127.975067][T28578] R10: 0000200000000680 R11: 0000000000000246 R12: 0000000000000001
[ 2127.975078][T28578] R13: 0000000000000000 R14: 00007fa0f79b5fa0 R15: 00007ffdbeb41b58
[ 2127.975106][T28578]  </TASK>
[ 2128.722954][T22623] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[ 2128.810675][T28589] netlink: 'syz.5.6467': attribute type 1 has an invalid length.
[ 2128.922885][T22623] usb 4-1: Using ep0 maxpacket: 8
[ 2128.934826][T22623] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2128.945276][T22623] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[ 2128.955421][T22623] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2128.983199][T22623] usb 4-1: config 0 descriptor??
[ 2128.991336][T22623] gspca_main: vc032x-2.14.0 probing 046d:0892
[ 2129.010200][T28589] 8021q: adding VLAN 0 to HW filter on device bond1
[ 2130.162740][T28594] 8021q: adding VLAN 0 to HW filter on device bond1
[ 2130.173808][T28594] bond1: (slave ipip0): The slave device specified does not support setting the MAC address
[ 2130.234483][T28594] bond1: (slave ipip0): Error -95 calling set_mac_address
[ 2130.341002][T28597] bond1: (slave ip6erspan0): making interface the new active one
[ 2130.398123][T28597] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link
[ 2130.482312][T28603] sctp: [Deprecated]: syz.6.6470 (pid 28603) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2130.482312][T28603] Use struct sctp_sack_info instead
[ 2130.773182][T22623] gspca_vc032x: reg_w err -110
[ 2130.778123][T22623] vc032x 4-1:0.0: probe with driver vc032x failed with error -110
[ 2130.924420][T28593] netlink: 12 bytes leftover after parsing attributes in process `syz.9.6468'.
[ 2131.463246][T22623] usb 6-1: new high-speed USB device number 119 using dummy_hcd
[ 2131.499922][ T5821] usb 4-1: USB disconnect, device number 76
[ 2132.343158][T22623] usb 6-1: Using ep0 maxpacket: 16
[ 2132.421480][T22623] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2132.458004][T22623] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 2132.493200][T22623] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2132.614708][T22623] usb 6-1: config 0 descriptor??
[ 2132.693639][T28625] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6478'.
[ 2133.291264][T22623] mcp2221 0003:04D8:00DD.001A: unknown main item tag 0x0
[ 2133.392433][T22623] mcp2221 0003:04D8:00DD.001A: unknown main item tag 0x0
[ 2133.455969][T22623] mcp2221 0003:04D8:00DD.001A: unknown main item tag 0x0
[ 2133.482966][T22623] mcp2221 0003:04D8:00DD.001A: unknown main item tag 0x0
[ 2133.490865][T22623] mcp2221 0003:04D8:00DD.001A: unknown main item tag 0x0
[ 2133.505423][T28614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2133.508099][T22623] mcp2221 0003:04D8:00DD.001A: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0
[ 2133.545928][T28614] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2134.023439][T16424] usb 10-1: new high-speed USB device number 45 using dummy_hcd
[ 2134.269117][T16424] usb 10-1: device descriptor read/64, error -71
[ 2134.613249][T16424] usb 10-1: new high-speed USB device number 46 using dummy_hcd
[ 2134.945458][T16424] usb 10-1: device descriptor read/64, error -71
[ 2135.207560][T16424] usb usb10-port1: attempt power cycle
[ 2135.713791][T16424] usb 10-1: new high-speed USB device number 47 using dummy_hcd
[ 2135.829253][T16424] usb 10-1: device descriptor read/8, error -71
[ 2136.193067][T16424] usb 10-1: new high-speed USB device number 48 using dummy_hcd
[ 2136.406480][T22623] usb 6-1: USB disconnect, device number 119
[ 2136.520315][T16424] usb 10-1: device descriptor read/8, error -71
[ 2136.586563][T27626] warn_alloc: 7 callbacks suppressed
[ 2136.586578][T27626] syz.2.6190: vmalloc error: size 188743680, failed to allocated page array size 368640, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 2136.723407][T16424] usb usb10-port1: unable to enumerate USB device
[ 2136.789663][T27626] CPU: 1 UID: 0 PID: 27626 Comm: syz.2.6190 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[ 2136.789686][T27626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2136.789693][T27626] Call Trace:
[ 2136.789698][T27626]  <TASK>
[ 2136.789703][T27626]  dump_stack_lvl+0x189/0x250
[ 2136.789723][T27626]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[ 2136.789737][T27626]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2136.789753][T27626]  ? __pfx__printk+0x10/0x10
[ 2136.789764][T27626]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 2136.789780][T27626]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 2136.789800][T27626]  warn_alloc+0x214/0x310
[ 2136.789818][T27626]  ? __pfx_warn_alloc+0x10/0x10
[ 2136.789836][T27626]  ? __get_vm_area_node+0x28f/0x300
[ 2136.789849][T27626]  ? vb2_vmalloc_alloc+0xef/0x340
[ 2136.789861][T27626]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 2136.789894][T27626]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 2136.789909][T27626]  ? __kasan_kmalloc+0x93/0xb0
[ 2136.789923][T27626]  vmalloc_user_noprof+0xad/0xf0
[ 2136.789936][T27626]  ? vb2_vmalloc_alloc+0xef/0x340
[ 2136.789945][T27626]  vb2_vmalloc_alloc+0xef/0x340
[ 2136.789955][T27626]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 2136.789965][T27626]  __vb2_queue_alloc+0x9bf/0x15a0
[ 2136.789994][T27626]  vb2_core_reqbufs+0xc31/0x1420
[ 2136.790019][T27626]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 2136.790036][T27626]  ? __kasan_kmalloc+0x93/0xb0
[ 2136.790047][T27626]  ? __kmalloc_cache_noprof+0x230/0x3d0
[ 2136.790058][T27626]  ? __vb2_init_fileio+0x1e8/0xff0
[ 2136.790070][T27626]  __vb2_init_fileio+0x318/0xff0
[ 2136.790081][T27626]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 2136.790094][T27626]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 2136.790112][T27626]  vb2_core_poll+0x4c1/0x840
[ 2136.790125][T27626]  vb2_fop_poll+0x168/0x380
[ 2136.790142][T27626]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 2136.790157][T27626]  v4l2_poll+0x144/0x2c0
[ 2136.790172][T27626]  ? __pfx_v4l2_poll+0x10/0x10
[ 2136.790187][T27626]  __io_arm_poll_handler+0x372/0xbb0
[ 2136.790208][T27626]  io_arm_poll_handler+0x726/0xb70
[ 2136.790226][T27626]  ? __pfx_io_arm_poll_handler+0x10/0x10
[ 2136.790238][T27626]  ? __pfx_io_async_queue_proc+0x10/0x10
[ 2136.790252][T27626]  ? io_file_get_normal+0x101/0x2f0
[ 2136.790264][T27626]  ? io_issue_sqe+0x3bb/0xfd0
[ 2136.790276][T27626]  io_queue_async+0x79/0x2f0
[ 2136.790290][T27626]  io_submit_sqes+0xe22/0x1c50
[ 2136.790317][T27626]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 2136.790330][T27626]  ? __pfx_futex_wait+0x10/0x10
[ 2136.790353][T27626]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 2136.790363][T27626]  ? do_futex+0x333/0x420
[ 2136.790372][T27626]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2136.790388][T27626]  ? __pfx_do_futex+0x10/0x10
[ 2136.790397][T27626]  ? kmem_cache_free+0x18f/0x400
[ 2136.790413][T27626]  ? __se_sys_futex+0x36f/0x400
[ 2136.790429][T27626]  ? rcu_is_watching+0x15/0xb0
[ 2136.790446][T27626]  ? __x64_sys_io_uring_enter+0x21/0xf0
[ 2136.790458][T27626]  do_syscall_64+0xfa/0x3b0
[ 2136.790486][T27626]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2136.790504][T27626]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2136.790513][T27626]  ? clear_bhb_loop+0x60/0xb0
[ 2136.790525][T27626]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2136.790534][T27626] RIP: 0033:0x7f8d32d8e929
[ 2136.790544][T27626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2136.790553][T27626] RSP: 002b:00007f8d33bf0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2136.790564][T27626] RAX: ffffffffffffffda RBX: 00007f8d32fb6160 RCX: 00007f8d32d8e929
[ 2136.790571][T27626] RDX: 000000000000c153 RSI: 00000000000047ba RDI: 0000000000000004
[ 2136.790578][T27626] RBP: 00007f8d32e10b39 R08: 0000000000000000 R09: 0000000000000000
[ 2136.790584][T27626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2136.790590][T27626] R13: 0000000000000000 R14: 00007f8d32fb6160 R15: 00007ffc903fcb28
[ 2136.790606][T27626]  </TASK>
[ 2136.790632][T27626] Mem-Info:
[ 2137.199775][T27626] active_anon:1347 inactive_anon:3798 isolated_anon:0
[ 2137.199775][T27626]  active_file:17819 inactive_file:39180 isolated_file:0
[ 2137.199775][T27626]  unevictable:768 dirty:224 writeback:0
[ 2137.199775][T27626]  slab_reclaimable:11524 slab_unreclaimable:113023
[ 2137.199775][T27626]  mapped:35741 shmem:2474 pagetables:1060
[ 2137.199775][T27626]  sec_pagetables:0 bounce:0
[ 2137.199775][T27626]  kernel_misc_reclaimable:0
[ 2137.199775][T27626]  free:1277373 free_pcp:17039 free_cma:0
[ 2137.265752][T27626] Node 0 active_anon:5388kB inactive_anon:15092kB active_file:70984kB inactive_file:156720kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:142872kB dirty:880kB writeback:0kB shmem:8360kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12348kB pagetables:4088kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2137.301511][T27626] Node 1 active_anon:0kB inactive_anon:0kB active_file:292kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:92kB dirty:16kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2137.349642][T28649] netlink: 'syz.6.6485': attribute type 1 has an invalid length.
[ 2137.371900][T28649] netlink: 228 bytes leftover after parsing attributes in process `syz.6.6485'.
[ 2137.390921][T28649] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6485'.
[ 2137.403086][T27626] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2137.481447][   T30] audit: type=1804 audit(1750655786.048:1021): pid=28651 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.5.6486" name="/newroot/363/file1" dev="fuse" ino=1 res=1 errno=0
[ 2137.527430][   T30] audit: type=1800 audit(1750655786.048:1022): pid=28651 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.5.6486" name="/" dev="fuse" ino=1 res=0 errno=0
[ 2137.775209][T27626] lowmem_reserve[]: 0 2501 2503 2503 2503
[ 2137.806867][T27626] Node 0 DMA32 free:1178256kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1180kB inactive_anon:18112kB active_file:69216kB inactive_file:156660kB unevictable:1536kB writepending:980kB present:3129332kB managed:2561488kB mlocked:0kB bounce:0kB free_pcp:68564kB local_pcp:32216kB free_cma:0kB
[ 2137.922789][   T30] audit: type=1800 audit(1750655786.048:1023): pid=28651 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.5.6486" name="/" dev="fuse" ino=1 res=0 errno=0
[ 2138.083308][T27626] lowmem_reserve[]: 0 0 1 1 1
[ 2138.100699][T27626] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1768kB inactive_file:60kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[ 2138.233072][T27626] lowmem_reserve[]: 0 0 0 0 0
[ 2138.237853][T27626] Node 1 Normal free:3918440kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:292kB inactive_file:0kB unevictable:1536kB writepending:16kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2138.385716][T27626] lowmem_reserve[]: 0 0 0 0 0
[ 2138.429600][T27626] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2138.745643][T27626] Node 0 DMA32: 1634*4kB (UME) 543*8kB (UME) 851*16kB (UM) 437*32kB (UME) 177*64kB (UM) 96*128kB (UME) 22*256kB (UM) 17*512kB (UM) 42*1024kB (UME) 7*2048kB (UME) 255*4096kB (UME) = 1178256kB
[ 2139.038512][T27626] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[ 2139.247922][   T30] audit: type=1326 audit(1750655787.398:1024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28663 comm="syz.5.6489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0f778e929 code=0x7ffc0000
[ 2139.352396][T27626] Node 1 Normal: 168*4kB (UE) 41*8kB (UE) 46*16kB (UME) 223*32kB (UME) 101*64kB (UME) 25*128kB (UE) 8*256kB (UME) 7*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 949*4096kB (UM) = 3918440kB
[ 2139.649180][   T30] audit: type=1326 audit(1750655787.398:1025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28663 comm="syz.5.6489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0f778e929 code=0x7ffc0000
[ 2139.737761][T27626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2139.837405][   T30] audit: type=1326 audit(1750655787.458:1026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28663 comm="syz.5.6489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7fa0f778e929 code=0x7ffc0000
[ 2139.860612][   T30] audit: type=1326 audit(1750655787.588:1027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28663 comm="syz.5.6489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0f778e929 code=0x7ffc0000
[ 2139.884106][   T30] audit: type=1326 audit(1750655787.598:1028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28663 comm="syz.5.6489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0f778e929 code=0x7ffc0000
[ 2139.921475][T27626] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 2140.035472][T27626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2140.050817][T27626] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 2140.060591][T27626] 61244 total pagecache pages
[ 2140.065484][T27626] 0 pages in swap cache
[ 2140.069712][T27626] Free swap  = 124996kB
[ 2140.074019][T27626] Total swap = 124996kB
[ 2140.078318][T27626] 2097051 pages RAM
[ 2140.082179][T27626] 0 pages HighMem/MovableOnly
[ 2140.087054][T27626] 424572 pages reserved
[ 2140.091350][T27626] 0 pages cma reserved
[ 2140.205574][T28676] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6492'.
[ 2140.519860][T28677] loop6: detected capacity change from 0 to 7
[ 2140.610350][T28677] Dev loop6: unable to read RDB block 7
[ 2140.683008][T28677]  loop6: AHDI p3 p4
[ 2140.692925][T28677] loop6: partition table partially beyond EOD, truncated
[ 2140.779887][T28677] loop6: p3 start 1869967406 is beyond EOD, truncated
[ 2141.258770][T28694] FAULT_INJECTION: forcing a failure.
[ 2141.258770][T28694] name failslab, interval 1, probability 0, space 0, times 0
[ 2141.295351][T28694] CPU: 1 UID: 0 PID: 28694 Comm: syz.1.6497 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[ 2141.295378][T28694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2141.295389][T28694] Call Trace:
[ 2141.295397][T28694]  <TASK>
[ 2141.295405][T28694]  dump_stack_lvl+0x189/0x250
[ 2141.295433][T28694]  ? __pfx____ratelimit+0x10/0x10
[ 2141.295457][T28694]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2141.295479][T28694]  ? __pfx__printk+0x10/0x10
[ 2141.295503][T28694]  ? __pfx___might_resched+0x10/0x10
[ 2141.295524][T28694]  ? fs_reclaim_acquire+0x7d/0x100
[ 2141.295551][T28694]  should_fail_ex+0x414/0x560
[ 2141.295577][T28694]  should_failslab+0xa8/0x100
[ 2141.295599][T28694]  __kmalloc_noprof+0xcb/0x4f0
[ 2141.295617][T28694]  ? kfree+0x4d/0x440
[ 2141.295632][T28694]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 2141.295660][T28694]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 2141.295685][T28694]  ? tomoyo_domain+0xda/0x130
[ 2141.295714][T28694]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 2141.295733][T28694]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 2141.295757][T28694]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2141.295775][T28694]  ? rwsem_down_write_slowpath+0x7ec/0x1030
[ 2141.295837][T28694]  ? __pfx_from_kuid+0x10/0x10
[ 2141.295858][T28694]  ? down_write_killable+0x178/0x230
[ 2141.295878][T28694]  ? __pfx_down_write_killable+0x10/0x10
[ 2141.295899][T28694]  tomoyo_path_chown+0x46/0xc0
[ 2141.295917][T28694]  security_path_chown+0x13d/0x360
[ 2141.295939][T28694]  chown_common+0x3bd/0x5c0
[ 2141.295970][T28694]  ? __pfx_chown_common+0x10/0x10
[ 2141.296003][T28694]  ? mnt_get_write_access+0x223/0x2a0
[ 2141.296037][T28694]  do_fchownat+0x161/0x270
[ 2141.296068][T28694]  ? __pfx_do_fchownat+0x10/0x10
[ 2141.296090][T28694]  ? __pfx_ksys_write+0x10/0x10
[ 2141.296107][T28694]  ? rcu_is_watching+0x15/0xb0
[ 2141.296137][T28694]  __x64_sys_lchown+0x85/0xa0
[ 2141.296161][T28694]  do_syscall_64+0xfa/0x3b0
[ 2141.296183][T28694]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2141.296205][T28694]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2141.296221][T28694]  ? clear_bhb_loop+0x60/0xb0
[ 2141.296242][T28694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2141.296258][T28694] RIP: 0033:0x7f59d5f8e929
[ 2141.296274][T28694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2141.296289][T28694] RSP: 002b:00007f59d3df6038 EFLAGS: 00000246 ORIG_RAX: 000000000000005e
[ 2141.296308][T28694] RAX: ffffffffffffffda RBX: 00007f59d61b6080 RCX: 00007f59d5f8e929
[ 2141.296323][T28694] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180
[ 2141.296335][T28694] RBP: 00007f59d3df6090 R08: 0000000000000000 R09: 0000000000000000
[ 2141.296346][T28694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2141.296356][T28694] R13: 0000000000000000 R14: 00007f59d61b6080 R15: 00007fff36e9b0d8
[ 2141.296386][T28694]  </TASK>
[ 2141.298705][T28694] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2141.356759][T28698] mac80211_hwsim hwsim36 wlan1: entered allmulticast mode
[ 2141.658069][T28698] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6499'.
[ 2144.344656][   T30] audit: type=1326 audit(1750655792.858:1029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28727 comm="syz.3.6508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd03598e929 code=0x7ffc0000
[ 2144.887783][   T30] audit: type=1326 audit(1750655792.858:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28727 comm="syz.3.6508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd03598e929 code=0x7ffc0000
[ 2144.909466][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2145.502488][   T30] audit: type=1326 audit(1750655792.858:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28727 comm="syz.3.6508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fd03598e929 code=0x7ffc0000
[ 2145.763276][T27876] usb 6-1: new high-speed USB device number 120 using dummy_hcd
[ 2145.951004][   T30] audit: type=1326 audit(1750655792.858:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28727 comm="syz.3.6508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd03598e929 code=0x7ffc0000
[ 2145.972909][   T30] audit: type=1326 audit(1750655792.858:1033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28727 comm="syz.3.6508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd03598e929 code=0x7ffc0000
[ 2145.995260][   T30] audit: type=1326 audit(1750655792.968:1034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28727 comm="syz.3.6508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fd03598e929 code=0x7ffc0000
[ 2146.017202][   T30] audit: type=1326 audit(1750655792.968:1035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28727 comm="syz.3.6508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd03592ab19 code=0x7ffc0000
[ 2146.038865][   T30] audit: type=1326 audit(1750655792.978:1036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28727 comm="syz.3.6508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd03592ab19 code=0x7ffc0000
[ 2146.074266][   T30] audit: type=1326 audit(1750655792.988:1037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28727 comm="syz.3.6508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd03592ab19 code=0x7ffc0000
[ 2146.096472][   T30] audit: type=1326 audit(1750655793.008:1038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28727 comm="syz.3.6508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd03592ab19 code=0x7ffc0000
[ 2146.133649][T27876] usb 6-1: Using ep0 maxpacket: 32
[ 2146.225713][T27876] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[ 2146.249182][T27876] usb 6-1: config 0 has no interface number 0
[ 2146.282434][T27876] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 2146.299384][T27876] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2146.318184][T27876] usb 6-1: Product: syz
[ 2146.362240][T27876] usb 6-1: Manufacturer: syz
[ 2146.374553][T27876] usb 6-1: SerialNumber: syz
[ 2146.396124][T27876] usb 6-1: config 0 descriptor??
[ 2146.417969][T27876] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 2146.665689][T27876] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 2147.235917][T27876] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 2147.283414][    C0] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 2147.339710][T27876] usb 6-1: USB disconnect, device number 120
[ 2147.376426][T27876] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 2147.439506][T27876] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 2147.477328][T27876] quatech2 6-1:0.51: device disconnected
[ 2148.351403][T27626] warn_alloc: 5 callbacks suppressed
[ 2148.357974][T27626] syz.2.6190: vmalloc error: size 188743680, failed to allocated page array size 368640, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 2148.405088][T27626] CPU: 1 UID: 0 PID: 27626 Comm: syz.2.6190 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[ 2148.405114][T27626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2148.405124][T27626] Call Trace:
[ 2148.405131][T27626]  <TASK>
[ 2148.405138][T27626]  dump_stack_lvl+0x189/0x250
[ 2148.405165][T27626]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2148.405184][T27626]  ? __pfx__printk+0x10/0x10
[ 2148.405198][T27626]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 2148.405219][T27626]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 2148.405240][T27626]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 2148.405262][T27626]  warn_alloc+0x214/0x310
[ 2148.405284][T27626]  ? __pfx_warn_alloc+0x10/0x10
[ 2148.405308][T27626]  ? __get_vm_area_node+0x28f/0x300
[ 2148.405325][T27626]  ? vb2_vmalloc_alloc+0xef/0x340
[ 2148.405342][T27626]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 2148.405383][T27626]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 2148.405419][T27626]  ? __kasan_kmalloc+0x93/0xb0
[ 2148.405438][T27626]  vmalloc_user_noprof+0xad/0xf0
[ 2148.405454][T27626]  ? vb2_vmalloc_alloc+0xef/0x340
[ 2148.405468][T27626]  vb2_vmalloc_alloc+0xef/0x340
[ 2148.405481][T27626]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 2148.405495][T27626]  __vb2_queue_alloc+0x9bf/0x15a0
[ 2148.405534][T27626]  vb2_core_reqbufs+0xc31/0x1420
[ 2148.405567][T27626]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 2148.405588][T27626]  ? __kasan_kmalloc+0x93/0xb0
[ 2148.405604][T27626]  ? __kmalloc_cache_noprof+0x230/0x3d0
[ 2148.405618][T27626]  ? __vb2_init_fileio+0x1e8/0xff0
[ 2148.405635][T27626]  __vb2_init_fileio+0x318/0xff0
[ 2148.405650][T27626]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 2148.405668][T27626]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 2148.405693][T27626]  vb2_core_poll+0x4c1/0x840
[ 2148.405711][T27626]  vb2_fop_poll+0x168/0x380
[ 2148.405732][T27626]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 2148.405751][T27626]  v4l2_poll+0x144/0x2c0
[ 2148.405772][T27626]  ? __pfx_v4l2_poll+0x10/0x10
[ 2148.405792][T27626]  __io_arm_poll_handler+0x372/0xbb0
[ 2148.405820][T27626]  io_arm_poll_handler+0x726/0xb70
[ 2148.405843][T27626]  ? __pfx_io_arm_poll_handler+0x10/0x10
[ 2148.405858][T27626]  ? __pfx_io_async_queue_proc+0x10/0x10
[ 2148.405877][T27626]  ? io_file_get_normal+0x101/0x2f0
[ 2148.405894][T27626]  ? io_issue_sqe+0x3bb/0xfd0
[ 2148.405910][T27626]  io_queue_async+0x79/0x2f0
[ 2148.405929][T27626]  io_submit_sqes+0xe22/0x1c50
[ 2148.405966][T27626]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 2148.405984][T27626]  ? __pfx_futex_wait+0x10/0x10
[ 2148.406016][T27626]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 2148.406029][T27626]  ? do_futex+0x333/0x420
[ 2148.406041][T27626]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2148.406062][T27626]  ? __pfx_do_futex+0x10/0x10
[ 2148.406075][T27626]  ? kmem_cache_free+0x18f/0x400
[ 2148.406096][T27626]  ? __se_sys_futex+0x36f/0x400
[ 2148.406118][T27626]  ? rcu_is_watching+0x15/0xb0
[ 2148.406141][T27626]  ? __x64_sys_io_uring_enter+0x21/0xf0
[ 2148.406158][T27626]  do_syscall_64+0xfa/0x3b0
[ 2148.406175][T27626]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2148.406192][T27626]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2148.406205][T27626]  ? clear_bhb_loop+0x60/0xb0
[ 2148.406222][T27626]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2148.406234][T27626] RIP: 0033:0x7f8d32d8e929
[ 2148.406247][T27626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2148.406259][T27626] RSP: 002b:00007f8d33bf0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2148.406274][T27626] RAX: ffffffffffffffda RBX: 00007f8d32fb6160 RCX: 00007f8d32d8e929
[ 2148.406285][T27626] RDX: 000000000000c153 RSI: 00000000000047ba RDI: 0000000000000004
[ 2148.406293][T27626] RBP: 00007f8d32e10b39 R08: 0000000000000000 R09: 0000000000000000
[ 2148.406302][T27626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2148.406310][T27626] R13: 0000000000000000 R14: 00007f8d32fb6160 R15: 00007ffc903fcb28
[ 2148.406332][T27626]  </TASK>
[ 2148.795763][T27626] Mem-Info:
[ 2148.814976][T27626] active_anon:1022 inactive_anon:13735 isolated_anon:0
[ 2148.814976][T27626]  active_file:17881 inactive_file:39122 isolated_file:0
[ 2148.814976][T27626]  unevictable:768 dirty:472 writeback:0
[ 2148.814976][T27626]  slab_reclaimable:11533 slab_unreclaimable:112933
[ 2148.814976][T27626]  mapped:45715 shmem:12054 pagetables:1100
[ 2148.814976][T27626]  sec_pagetables:0 bounce:0
[ 2148.814976][T27626]  kernel_misc_reclaimable:0
[ 2148.814976][T27626]  free:1270852 free_pcp:13912 free_cma:0
[ 2148.927151][T27626] Node 0 active_anon:7312kB inactive_anon:43452kB active_file:71304kB inactive_file:156424kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:171324kB dirty:2172kB writeback:12kB shmem:38468kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12652kB pagetables:4320kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2148.966532][T27626] Node 1 active_anon:0kB inactive_anon:0kB active_file:292kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:76kB dirty:0kB writeback:4kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2148.998388][T27626] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2149.027450][T27626] lowmem_reserve[]: 0 2501 2503 2503 2503
[ 2149.033358][T27626] Node 0 DMA32 free:1149496kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1108kB inactive_anon:43408kB active_file:69536kB inactive_file:156364kB unevictable:1536kB writepending:2184kB present:3129332kB managed:2561488kB mlocked:0kB bounce:0kB free_pcp:70564kB local_pcp:38424kB free_cma:0kB
[ 2149.066991][T27626] lowmem_reserve[]: 0 0 1 1 1
[ 2149.071826][T27626] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1768kB inactive_file:60kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[ 2149.183030][T27626] lowmem_reserve[]: 0 0 0 0 0
[ 2149.201891][T27626] Node 1 Normal free:3918440kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:292kB inactive_file:0kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2149.232969][T27626] lowmem_reserve[]: 0 0 0 0 0
[ 2149.242694][T27626] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2149.257326][T27626] Node 0 DMA32: 2*4kB (ME) 23*8kB (UME) 2*16kB (UE) 1*32kB (E) 137*64kB (UM) 120*128kB (UM) 35*256kB (UME) 19*512kB (UM) 42*1024kB (UME) 9*2048kB (UME) 255*4096kB (UME) = 1148992kB
[ 2149.283525][T27626] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[ 2149.324980][T27626] Node 1 Normal: 168*4kB (UE) 41*8kB (UE) 46*16kB (UME) 223*32kB (UME) 101*64kB (UME) 25*128kB (UE) 8*256kB (UME) 7*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 949*4096kB (UM) = 3918440kB
[ 2149.347833][T27626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2149.357731][T27626] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 2149.369973][T27626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2150.357682][T27626] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 2150.371536][T27626] 62705 total pagecache pages
[ 2150.377103][T27626] 0 pages in swap cache
[ 2150.381310][T27626] Free swap  = 124996kB
[ 2150.389889][T27626] Total swap = 124996kB
[ 2150.394892][T27626] 2097051 pages RAM
[ 2150.398747][T27626] 0 pages HighMem/MovableOnly
[ 2150.428903][T27626] 424572 pages reserved
[ 2150.508127][T27626] 0 pages cma reserved
[ 2151.734279][T28785] FAULT_INJECTION: forcing a failure.
[ 2151.734279][T28785] name failslab, interval 1, probability 0, space 0, times 0
[ 2151.783104][T28785] CPU: 1 UID: 0 PID: 28785 Comm: syz.9.6523 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[ 2151.783133][T28785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2151.783144][T28785] Call Trace:
[ 2151.783152][T28785]  <TASK>
[ 2151.783160][T28785]  dump_stack_lvl+0x189/0x250
[ 2151.783188][T28785]  ? __pfx____ratelimit+0x10/0x10
[ 2151.783211][T28785]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2151.783234][T28785]  ? __pfx__printk+0x10/0x10
[ 2151.783256][T28785]  ? __pfx___might_resched+0x10/0x10
[ 2151.783276][T28785]  ? fs_reclaim_acquire+0x7d/0x100
[ 2151.783302][T28785]  should_fail_ex+0x414/0x560
[ 2151.783325][T28785]  should_failslab+0xa8/0x100
[ 2151.783347][T28785]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 2151.783366][T28785]  ? alloc_empty_file+0x55/0x1d0
[ 2151.783394][T28785]  alloc_empty_file+0x55/0x1d0
[ 2151.783416][T28785]  path_openat+0x107/0x3830
[ 2151.783430][T28785]  ? arch_stack_walk+0xfc/0x150
[ 2151.783477][T28785]  ? kasan_save_track+0x4f/0x80
[ 2151.783499][T28785]  ? kasan_save_track+0x3e/0x80
[ 2151.783514][T28785]  ? __kasan_slab_alloc+0x6c/0x80
[ 2151.783529][T28785]  ? getname_flags+0xb8/0x540
[ 2151.783546][T28785]  ? __pfx_path_openat+0x10/0x10
[ 2151.783557][T28785]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2151.783585][T28785]  do_filp_open+0x1fa/0x410
[ 2151.783597][T28785]  ? __lock_acquire+0xab9/0xd20
[ 2151.783616][T28785]  ? __pfx_do_filp_open+0x10/0x10
[ 2151.783645][T28785]  ? _raw_spin_unlock+0x28/0x50
[ 2151.783660][T28785]  ? alloc_fd+0x64c/0x6c0
[ 2151.783684][T28785]  do_sys_openat2+0x121/0x1c0
[ 2151.783704][T28785]  ? __pfx_do_sys_openat2+0x10/0x10
[ 2151.783723][T28785]  ? ksys_write+0x22a/0x250
[ 2151.783739][T28785]  ? __pfx_ksys_write+0x10/0x10
[ 2151.783751][T28785]  ? rcu_is_watching+0x15/0xb0
[ 2151.783772][T28785]  __x64_sys_openat+0x138/0x170
[ 2151.783794][T28785]  do_syscall_64+0xfa/0x3b0
[ 2151.783819][T28785]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2151.783842][T28785]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2151.783854][T28785]  ? clear_bhb_loop+0x60/0xb0
[ 2151.783870][T28785]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2151.783883][T28785] RIP: 0033:0x7f01cb58d290
[ 2151.783896][T28785] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[ 2151.783907][T28785] RSP: 002b:00007f01cc379b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 2151.783923][T28785] RAX: ffffffffffffffda RBX: 0000000000101301 RCX: 00007f01cb58d290
[ 2151.783933][T28785] RDX: 0000000000101301 RSI: 00007f01cc379c10 RDI: 00000000ffffff9c
[ 2151.783943][T28785] RBP: 00007f01cc379c10 R08: 0000000000000000 R09: 0000000000000000
[ 2151.783951][T28785] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd
[ 2151.783960][T28785] R13: 0000000000000000 R14: 00007f01cb7b5fa0 R15: 00007ffc2e5b6328
[ 2151.783981][T28785]  </TASK>
[ 2153.322897][   T30] kauditd_printk_skb: 271 callbacks suppressed
[ 2153.322918][   T30] audit: type=1326 audit(1750655801.448:1310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28791 comm="syz.5.6527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0f778e929 code=0x7ffc0000
[ 2153.414076][   T30] audit: type=1326 audit(1750655801.448:1311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28791 comm="syz.5.6527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0f778e929 code=0x7ffc0000
[ 2153.446982][   T30] audit: type=1326 audit(1750655801.448:1312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28791 comm="syz.5.6527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7fa0f778e929 code=0x7ffc0000
[ 2153.474011][T28795] ubi31: attaching mtd0
[ 2153.496355][T28795] ubi31: scanning is finished
[ 2153.501543][T28795] ubi31: empty MTD device detected
[ 2153.513161][   T30] audit: type=1326 audit(1750655801.508:1313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28791 comm="syz.5.6527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0f778e929 code=0x7ffc0000
[ 2153.535225][   T30] audit: type=1326 audit(1750655801.508:1314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28791 comm="syz.5.6527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0f778e929 code=0x7ffc0000
[ 2153.739650][T28795] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[ 2153.782894][T28795] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3008 bytes
[ 2153.793079][T27876] usb 10-1: new high-speed USB device number 49 using dummy_hcd
[ 2153.824977][   T30] audit: type=1804 audit(1750655802.408:1315): pid=28805 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.6531" name="/newroot/52/bus" dev="tmpfs" ino=282 res=1 errno=0
[ 2153.833252][T28795] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[ 2153.963841][T28795] ubi31: VID header offset: 1024 (aligned 1024), data offset: 1088
[ 2154.003166][T28795] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[ 2154.014730][T28795] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 17
[ 2154.052915][T28795] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1407726479
[ 2154.063760][T27876] usb 10-1: New USB device found, idVendor=0733, idProduct=0430, bcdDevice=35.fb
[ 2154.105355][T27876] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2154.114025][T28795] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[ 2154.139339][T27876] usb 10-1: config 0 descriptor??
[ 2154.146603][T28806] sctp: [Deprecated]: syz.6.6530 (pid 28806) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2154.146603][T28806] Use struct sctp_sack_info instead
[ 2154.166482][T27876] gspca_main: spca505-2.14.0 probing 0733:0430
[ 2154.190036][T28800] ubi31: background thread "ubi_bgt31d" started, PID 28800
[ 2154.923276][T22623] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[ 2155.106072][T22623] usb 2-1: Using ep0 maxpacket: 32
[ 2155.128781][T22623] usb 2-1: New USB device found, idVendor=13d3, idProduct=3211, bcdDevice=cb.d7
[ 2155.141244][T22623] usb 2-1: New USB device strings: Mfr=1, Product=18, SerialNumber=3
[ 2155.167330][T22623] usb 2-1: Product: syz
[ 2155.179031][T22623] usb 2-1: Manufacturer: syz
[ 2155.195983][T22623] usb 2-1: SerialNumber: syz
[ 2155.196119][T27876] gspca_spca505: reg write: error -110
[ 2155.227070][T27876] spca505 10-1:0.0: probe with driver spca505 failed with error -5
[ 2155.237953][T22623] usb 2-1: config 0 descriptor??
[ 2155.278466][T22623] dvb-usb: found a 'Pinnacle PCTV 310e' in cold state, will try to load a firmware
[ 2155.317628][T22623] dvb-usb: did not find the firmware file '(null)' (status -22). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[ 2155.525496][T22623] usb 2-1: USB disconnect, device number 38
[ 2155.811277][T22623] usb 10-1: USB disconnect, device number 49
[ 2155.899171][T28820] netlink: 100 bytes leftover after parsing attributes in process `syz.5.6535'.
[ 2158.137213][T28828] sctp: [Deprecated]: syz.3.6538 (pid 28828) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2158.137213][T28828] Use struct sctp_sack_info instead
[ 2158.261906][T28836] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 2158.293184][T28830] sctp: [Deprecated]: syz.5.6539 (pid 28830) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2158.293184][T28830] Use struct sctp_sack_info instead
[ 2158.458421][T27626] warn_alloc: 6 callbacks suppressed
[ 2158.458436][T27626] syz.2.6190: vmalloc error: size 188743680, failed to allocated page array size 368640, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 2158.887376][T28851] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6544'.
[ 2159.568724][ T5959] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 2159.593332][T27626] CPU: 1 UID: 0 PID: 27626 Comm: syz.2.6190 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[ 2159.593360][T27626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2159.593371][T27626] Call Trace:
[ 2159.593379][T27626]  <TASK>
[ 2159.593388][T27626]  dump_stack_lvl+0x189/0x250
[ 2159.593419][T27626]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2159.593441][T27626]  ? __pfx__printk+0x10/0x10
[ 2159.593459][T27626]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 2159.593485][T27626]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 2159.593512][T27626]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 2159.593535][T27626]  warn_alloc+0x214/0x310
[ 2159.593565][T27626]  ? __pfx_warn_alloc+0x10/0x10
[ 2159.593602][T27626]  ? __get_vm_area_node+0x28f/0x300
[ 2159.593624][T27626]  ? vb2_vmalloc_alloc+0xef/0x340
[ 2159.593645][T27626]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 2159.593699][T27626]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 2159.593725][T27626]  ? __kasan_kmalloc+0x93/0xb0
[ 2159.593749][T27626]  vmalloc_user_noprof+0xad/0xf0
[ 2159.593770][T27626]  ? vb2_vmalloc_alloc+0xef/0x340
[ 2159.593789][T27626]  vb2_vmalloc_alloc+0xef/0x340
[ 2159.593806][T27626]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 2159.593824][T27626]  __vb2_queue_alloc+0x9bf/0x15a0
[ 2159.593871][T27626]  vb2_core_reqbufs+0xc31/0x1420
[ 2159.593915][T27626]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 2159.593942][T27626]  ? __kasan_kmalloc+0x93/0xb0
[ 2159.593963][T27626]  ? __kmalloc_cache_noprof+0x230/0x3d0
[ 2159.593982][T27626]  ? __vb2_init_fileio+0x1e8/0xff0
[ 2159.594004][T27626]  __vb2_init_fileio+0x318/0xff0
[ 2159.594024][T27626]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 2159.594047][T27626]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 2159.594080][T27626]  vb2_core_poll+0x4c1/0x840
[ 2159.594103][T27626]  vb2_fop_poll+0x168/0x380
[ 2159.594132][T27626]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 2159.594157][T27626]  v4l2_poll+0x144/0x2c0
[ 2159.594180][T27626]  ? __pfx_v4l2_poll+0x10/0x10
[ 2159.594205][T27626]  __io_arm_poll_handler+0x372/0xbb0
[ 2159.594241][T27626]  io_arm_poll_handler+0x726/0xb70
[ 2159.594323][T27626]  ? __pfx_io_arm_poll_handler+0x10/0x10
[ 2159.594353][T27626]  ? __pfx_io_async_queue_proc+0x10/0x10
[ 2159.594378][T27626]  ? io_file_get_normal+0x101/0x2f0
[ 2159.594400][T27626]  ? io_issue_sqe+0x3bb/0xfd0
[ 2159.594422][T27626]  io_queue_async+0x79/0x2f0
[ 2159.594445][T27626]  io_submit_sqes+0xe22/0x1c50
[ 2159.594495][T27626]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 2159.594517][T27626]  ? __pfx_futex_wait+0x10/0x10
[ 2159.594566][T27626]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 2159.594583][T27626]  ? do_futex+0x333/0x420
[ 2159.594599][T27626]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2159.594627][T27626]  ? __pfx_do_futex+0x10/0x10
[ 2159.594642][T27626]  ? kmem_cache_free+0x18f/0x400
[ 2159.594670][T27626]  ? __se_sys_futex+0x36f/0x400
[ 2159.594698][T27626]  ? rcu_is_watching+0x15/0xb0
[ 2159.594726][T27626]  ? __x64_sys_io_uring_enter+0x21/0xf0
[ 2159.594749][T27626]  do_syscall_64+0xfa/0x3b0
[ 2159.594771][T27626]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2159.594793][T27626]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2159.594810][T27626]  ? clear_bhb_loop+0x60/0xb0
[ 2159.594831][T27626]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2159.594848][T27626] RIP: 0033:0x7f8d32d8e929
[ 2159.594865][T27626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2159.594880][T27626] RSP: 002b:00007f8d33bf0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2159.594899][T27626] RAX: ffffffffffffffda RBX: 00007f8d32fb6160 RCX: 00007f8d32d8e929
[ 2159.594912][T27626] RDX: 000000000000c153 RSI: 00000000000047ba RDI: 0000000000000004
[ 2159.594924][T27626] RBP: 00007f8d32e10b39 R08: 0000000000000000 R09: 0000000000000000
[ 2159.594935][T27626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2159.594946][T27626] R13: 0000000000000000 R14: 00007f8d32fb6160 R15: 00007ffc903fcb28
[ 2159.594975][T27626]  </TASK>
[ 2159.594983][T27626] Mem-Info:
[ 2159.989461][ T5959] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 2160.063543][T27626] active_anon:1922 inactive_anon:5862 isolated_anon:0
[ 2160.063543][T27626]  active_file:17903 inactive_file:39106 isolated_file:0
[ 2160.063543][T27626]  unevictable:768 dirty:242 writeback:1
[ 2160.063543][T27626]  slab_reclaimable:11433 slab_unreclaimable:112753
[ 2160.063543][T27626]  mapped:37805 shmem:5078 pagetables:1131
[ 2160.063543][T27626]  sec_pagetables:0 bounce:0
[ 2160.063543][T27626]  kernel_misc_reclaimable:0
[ 2160.063543][T27626]  free:1278068 free_pcp:13963 free_cma:0
[ 2160.099641][ T5959] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 2160.116962][ T5959] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 2160.124963][ T5959] rtc rtc0: __rtc_set_alarm: err=-22
[ 2160.173290][T27626] Node 0 active_anon:1088kB inactive_anon:26948kB active_file:71320kB inactive_file:156424kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:154664kB dirty:968kB writeback:4kB shmem:15676kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12556kB pagetables:4272kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2160.343386][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 2160.346717][T27626] Node 1 active_anon:0kB inactive_anon:0kB active_file:292kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:56kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2160.555715][T27626] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2160.585598][T27626] lowmem_reserve[]: 0 2501 2503 2503 2503
[ 2160.592181][T27626] Node 0 DMA32 free:1162152kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:10884kB inactive_anon:34504kB active_file:69552kB inactive_file:156364kB unevictable:1536kB writepending:972kB present:3129332kB managed:2561488kB mlocked:0kB bounce:0kB free_pcp:57896kB local_pcp:15000kB free_cma:0kB
[ 2160.625652][T27626] lowmem_reserve[]: 0 0 1 1 1
[ 2160.630485][T27626] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1768kB inactive_file:60kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[ 2160.711736][T27626] lowmem_reserve[]: 0 0 0 0 0
[ 2160.752125][T27626] Node 1 Normal free:3918440kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:292kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2161.133872][T27626] lowmem_reserve[]: 0 0 0 0 0
[ 2161.166312][T27626] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2161.307467][T27626] Node 0 DMA32: 280*4kB (UME) 483*8kB (UME) 308*16kB (UME) 161*32kB (UE) 160*64kB (UM) 87*128kB (UM) 37*256kB (UME) 20*512kB (UM) 42*1024kB (UME) 9*2048kB (UME) 255*4096kB (UME) = 1162072kB
[ 2161.535750][T27626] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[ 2161.661216][T27626] Node 1 Normal: 168*4kB (UE) 41*8kB (UE) 46*16kB (UME) 223*32kB (UME) 101*64kB (UME) 25*128kB (UE) 8*256kB (UME) 7*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 949*4096kB (UM) = 3918440kB
[ 2161.682888][T27626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2161.692479][T27626] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 2161.735836][T27626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2161.766870][T27626] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 2161.818529][T28877] netlink: 10 bytes leftover after parsing attributes in process `syz.6.6553'.
[ 2161.849001][T27626] 64123 total pagecache pages
[ 2161.873011][T27626] 0 pages in swap cache
[ 2161.877232][T27626] Free swap  = 124996kB
[ 2161.950379][T27626] Total swap = 124996kB
[ 2161.966314][T27626] 2097051 pages RAM
[ 2161.987073][T27626] 0 pages HighMem/MovableOnly
[ 2162.022941][T27626] 424572 pages reserved
[ 2162.062911][T27626] 0 pages cma reserved
[ 2162.665997][ T6375] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2162.802595][ T6375] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2163.007578][ T6375] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2163.428094][ T6375] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2163.683008][   T30] audit: type=1326 audit(1750655812.258:1316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28888 comm="syz.5.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0f778e929 code=0x7ffc0000
[ 2163.791741][   T30] audit: type=1326 audit(1750655812.258:1317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28888 comm="syz.5.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0f778e929 code=0x7ffc0000
[ 2163.883635][   T30] audit: type=1326 audit(1750655812.258:1318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28888 comm="syz.5.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7fa0f778e929 code=0x7ffc0000
[ 2163.964296][T25558] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 2163.972174][   T30] audit: type=1326 audit(1750655812.328:1319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28888 comm="syz.5.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0f778e929 code=0x7ffc0000
[ 2163.994453][T25558] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 2164.004935][T25558] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 2164.006054][   T30] audit: type=1326 audit(1750655812.328:1320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28888 comm="syz.5.6559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0f778e929 code=0x7ffc0000
[ 2164.013317][T25558] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 2164.034910][ T6375] bridge_slave_1: left allmulticast mode
[ 2164.043370][T25558] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 2164.053667][ T6375] bridge_slave_1: left promiscuous mode
[ 2164.059961][ T6375] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2164.118364][ T6375] bridge_slave_0: left allmulticast mode
[ 2164.137339][ T6375] bridge_slave_0: left promiscuous mode
[ 2164.152621][ T6375] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2164.664532][T28914] netlink: 40 bytes leftover after parsing attributes in process `syz.9.6567'.
[ 2165.614907][T22623] usb 7-1: new high-speed USB device number 70 using dummy_hcd
[ 2165.968781][T22623] usb 7-1: Using ep0 maxpacket: 8
[ 2166.044040][T28928] netlink: 156 bytes leftover after parsing attributes in process `syz.5.6571'.
[ 2166.063353][T22623] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2166.093358][T16336] Bluetooth: hci2: command tx timeout
[ 2166.099259][T22623] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 2166.099322][T22623] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[ 2166.190313][T22623] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2166.215142][ T6375] bond1 (unregistering): (slave gretap1): Releasing backup interface
[ 2166.235269][T22623] hub 7-1:1.0: bad descriptor, ignoring hub
[ 2166.256330][T22623] hub 7-1:1.0: probe with driver hub failed with error -5
[ 2166.488351][T28924] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2166.497740][T28924] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2166.550555][T22138] libceph: connect (1)[c::]:6789 error -101
[ 2166.558368][T22138] libceph: mon0 (1)[c::]:6789 connect error
[ 2166.565159][T28924] ceph: No mds server is up or the cluster is laggy
[ 2166.573943][ T6375] dvmrp1 (unregistering): left allmulticast mode
[ 2167.138043][ T6375] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2167.163160][ T6375] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2167.183865][ T6375] bond0 (unregistering): (slave batadv0): Releasing backup interface
[ 2167.221437][ T6375] bond0 (unregistering): Released all slaves
[ 2167.259725][ T6375] bond1 (unregistering): (slave bond2): Releasing backup interface
[ 2167.298471][ T6375] bond1 (unregistering): Released all slaves
[ 2167.708683][ T6375] bond2 (unregistering): Released all slaves
[ 2167.712056][   T30] audit: type=1326 audit(1750655816.288:1321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28941 comm="syz.9.6573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01cb58e929 code=0x7ffc0000
[ 2167.788725][   T30] audit: type=1326 audit(1750655816.288:1322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28941 comm="syz.9.6573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01cb58e929 code=0x7ffc0000
[ 2167.850755][   T30] audit: type=1326 audit(1750655816.328:1323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28941 comm="syz.9.6573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7f01cb58e929 code=0x7ffc0000
[ 2168.030433][   T30] audit: type=1326 audit(1750655816.398:1324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28941 comm="syz.9.6573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01cb58e929 code=0x7ffc0000
[ 2168.186936][T16336] Bluetooth: hci2: command tx timeout
[ 2168.201128][T22555] usb 7-1: USB disconnect, device number 70
[ 2168.212519][T28950] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6574'.
[ 2168.273010][   T30] audit: type=1326 audit(1750655816.398:1325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28941 comm="syz.9.6573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01cb58e929 code=0x7ffc0000
[ 2168.619100][   T31] INFO: task syz.2.6190:27625 blocked for more than 143 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 2168.707661][   T31]       Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0
[ 2168.747974][   T31]       Blocked by coredump.
[ 2168.752608][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 2168.775123][T27626] warn_alloc: 8 callbacks suppressed
[ 2168.775140][T27626] syz.2.6190: vmalloc error: size 188743680, failed to allocated page array size 368640, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 2168.802581][   T31] task:syz.2.6190      state:D stack:26856 pid:27625 tgid:27623 ppid:24549  task_flags:0x400548 flags:0x00004000
[ 2168.873591][   T31] Call Trace:
[ 2168.876931][   T31]  <TASK>
[ 2168.879885][   T31]  __schedule+0x16a2/0x4cb0
[ 2168.923139][T27626] CPU: 0 UID: 0 PID: 27626 Comm: syz.2.6190 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[ 2168.923168][T27626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2168.923179][T27626] Call Trace:
[ 2168.923187][T27626]  <TASK>
[ 2168.923196][T27626]  dump_stack_lvl+0x189/0x250
[ 2168.923228][T27626]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2168.923251][T27626]  ? __pfx__printk+0x10/0x10
[ 2168.923268][T27626]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 2168.923295][T27626]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 2168.923322][T27626]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 2168.923351][T27626]  warn_alloc+0x214/0x310
[ 2168.923379][T27626]  ? __pfx_warn_alloc+0x10/0x10
[ 2168.923410][T27626]  ? __get_vm_area_node+0x28f/0x300
[ 2168.923432][T27626]  ? vb2_vmalloc_alloc+0xef/0x340
[ 2168.923453][T27626]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 2168.923506][T27626]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 2168.923533][T27626]  ? __kasan_kmalloc+0x93/0xb0
[ 2168.923555][T27626]  vmalloc_user_noprof+0xad/0xf0
[ 2168.923577][T27626]  ? vb2_vmalloc_alloc+0xef/0x340
[ 2168.923607][T27626]  vb2_vmalloc_alloc+0xef/0x340
[ 2168.923628][T27626]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 2168.923654][T27626]  __vb2_queue_alloc+0x9bf/0x15a0
[ 2168.923706][T27626]  vb2_core_reqbufs+0xc31/0x1420
[ 2168.923749][T27626]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 2168.923777][T27626]  ? __kasan_kmalloc+0x93/0xb0
[ 2168.923797][T27626]  ? __kmalloc_cache_noprof+0x230/0x3d0
[ 2168.923817][T27626]  ? __vb2_init_fileio+0x1e8/0xff0
[ 2168.923839][T27626]  __vb2_init_fileio+0x318/0xff0
[ 2168.923859][T27626]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 2168.923881][T27626]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 2168.923914][T27626]  vb2_core_poll+0x4c1/0x840
[ 2168.923936][T27626]  vb2_fop_poll+0x168/0x380
[ 2168.923964][T27626]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 2168.923989][T27626]  v4l2_poll+0x144/0x2c0
[ 2168.924010][T27626]  ? __pfx_v4l2_poll+0x10/0x10
[ 2168.924036][T27626]  __io_arm_poll_handler+0x372/0xbb0
[ 2168.924072][T27626]  io_arm_poll_handler+0x726/0xb70
[ 2168.924103][T27626]  ? __pfx_io_arm_poll_handler+0x10/0x10
[ 2168.924122][T27626]  ? __pfx_io_async_queue_proc+0x10/0x10
[ 2168.924146][T27626]  ? io_file_get_normal+0x101/0x2f0
[ 2168.924167][T27626]  ? io_issue_sqe+0x3bb/0xfd0
[ 2168.924187][T27626]  io_queue_async+0x79/0x2f0
[ 2168.924212][T27626]  io_submit_sqes+0xe22/0x1c50
[ 2168.924262][T27626]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 2168.924285][T27626]  ? __pfx_futex_wait+0x10/0x10
[ 2168.924327][T27626]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 2168.924345][T27626]  ? do_futex+0x333/0x420
[ 2168.924360][T27626]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2168.924387][T27626]  ? __pfx_do_futex+0x10/0x10
[ 2168.924404][T27626]  ? kmem_cache_free+0x18f/0x400
[ 2168.924432][T27626]  ? __se_sys_futex+0x36f/0x400
[ 2168.924461][T27626]  ? rcu_is_watching+0x15/0xb0
[ 2168.924490][T27626]  ? __x64_sys_io_uring_enter+0x21/0xf0
[ 2168.924513][T27626]  do_syscall_64+0xfa/0x3b0
[ 2168.924536][T27626]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2168.924558][T27626]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2168.924575][T27626]  ? clear_bhb_loop+0x60/0xb0
[ 2168.924597][T27626]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2168.924613][T27626] RIP: 0033:0x7f8d32d8e929
[ 2168.924630][T27626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2168.924650][T27626] RSP: 002b:00007f8d33bf0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2168.924669][T27626] RAX: ffffffffffffffda RBX: 00007f8d32fb6160 RCX: 00007f8d32d8e929
[ 2168.924682][T27626] RDX: 000000000000c153 RSI: 00000000000047ba RDI: 0000000000000004
[ 2168.924692][T27626] RBP: 00007f8d32e10b39 R08: 0000000000000000 R09: 0000000000000000
[ 2168.924704][T27626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2168.924714][T27626] R13: 0000000000000000 R14: 00007f8d32fb6160 R15: 00007ffc903fcb28
[ 2168.924744][T27626]  </TASK>
[ 2168.924751][T27626] Mem-Info:
[ 2168.960693][   T31]  ? __lock_acquire+0xa80/0xd20
[ 2169.326174][T27626] active_anon:271 inactive_anon:2092 isolated_anon:0
[ 2169.326174][T27626]  active_file:18125 inactive_file:38889 isolated_file:0
[ 2169.326174][T27626]  unevictable:768 dirty:216 writeback:0
[ 2169.326174][T27626]  slab_reclaimable:11457 slab_unreclaimable:112089
[ 2169.326174][T27626]  mapped:26953 shmem:1377 pagetables:1075
[ 2169.326174][T27626]  sec_pagetables:0 bounce:0
[ 2169.326174][T27626]  kernel_misc_reclaimable:0
[ 2169.326174][T27626]  free:1285806 free_pcp:22991 free_cma:0
[ 2169.372311][T27626] Node 0 active_anon:1084kB inactive_anon:8368kB active_file:72208kB inactive_file:155556kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:107752kB dirty:860kB writeback:0kB shmem:3972kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11924kB pagetables:4148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2169.406290][T27626] Node 1 active_anon:0kB inactive_anon:0kB active_file:292kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:60kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2169.437895][T27626] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2169.467284][T27626] lowmem_reserve[]: 0 2501 2503 2503 2503
[ 2169.473527][T27626] Node 0 DMA32 free:1229448kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1080kB inactive_anon:8324kB active_file:70440kB inactive_file:155496kB unevictable:1536kB writepending:856kB present:3129332kB managed:2561488kB mlocked:0kB bounce:0kB free_pcp:91000kB local_pcp:64584kB free_cma:0kB
[ 2169.506245][T27626] lowmem_reserve[]: 0 0 1 1 1
[ 2169.511014][T27626] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1768kB inactive_file:60kB unevictable:0kB writepending:4kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[ 2169.540464][T27626] lowmem_reserve[]: 0 0 0 0 0
[ 2169.546999][T27626] Node 1 Normal free:3918440kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:292kB inactive_file:0kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2169.577737][   T31]  ? schedule+0x165/0x360
[ 2169.582115][   T31]  ? __pfx___schedule+0x10/0x10
[ 2169.587051][   T31]  ? schedule+0x91/0x360
[ 2169.591316][   T31]  schedule+0x165/0x360
[ 2169.595589][   T31]  schedule_preempt_disabled+0x13/0x30
[ 2169.601066][   T31]  __mutex_lock+0x724/0xe80
[ 2169.605656][T27626] lowmem_reserve[]: 0 0 0 0 0
[ 2169.610399][T27626] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2169.626301][   T31]  ? __mutex_lock+0x51b/0xe80
[ 2169.631049][   T31]  ? io_uring_del_tctx_node+0xf0/0x2c0
[ 2169.636748][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 2169.641835][   T31]  ? do_raw_spin_unlock+0x122/0x240
[ 2169.647719][T27626] Node 0 DMA32: 5167*4kB (UME) 3090*8kB (UME) 1313*16kB (UME) 967*32kB (UME) 165*64kB (UM) 116*128kB (UME) 48*256kB (UME) 24*512kB (UM) 42*1024kB (UME) 8*2048kB (UME) 256*4096kB (UME) = 1255292kB
[ 2169.673867][   T31]  ? _raw_spin_unlock+0x28/0x50
[ 2169.678776][   T31]  ? xa_erase+0xd5/0xf0
[ 2169.686546][   T31]  io_uring_del_tctx_node+0xf0/0x2c0
[ 2169.691883][   T31]  io_uring_clean_tctx+0xd4/0x1a0
[ 2169.706812][T27626] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[ 2169.720021][   T31]  ? __lock_acquire+0xab9/0xd20
[ 2169.729126][T27626] Node 1 Normal: 168*4kB (UE) 41*8kB (UE) 46*16kB (UME) 223*32kB (UME) 101*64kB (UME) 25*128kB (UE) 8*256kB (UME) 7*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 949*4096kB (UM) = 3918440kB
[ 2169.741879][   T31]  ? __pfx_io_uring_clean_tctx+0x10/0x10
[ 2169.752829][T27626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2169.757187][   T31]  ? __lock_acquire+0xab9/0xd20
[ 2169.762746][T27626] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 2169.768360][   T31]  ? io_uring_drop_tctx_refs+0x108/0x1c0
[ 2169.783608][   T31]  io_uring_cancel_generic+0x6ca/0x7d0
[ 2169.785499][T27626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2169.789094][   T31]  ? __pfx_io_uring_cancel_generic+0x10/0x10
[ 2169.804776][T27626] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 2169.806116][   T31]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 2169.814305][T27626] 56025 total pagecache pages
[ 2169.824846][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2169.824875][   T31]  ? io_uring_unreg_ringfd+0x52f/0x540
[ 2169.824898][   T31]  do_exit+0x345/0x22e0
[ 2169.824925][   T31]  ? do_raw_spin_lock+0x121/0x290
[ 2169.830094][T27626] 0 pages in swap cache
[ 2169.838531][   T31]  ? __pfx_do_exit+0x10/0x10
[ 2169.839950][T27626] Free swap  = 124996kB
[ 2169.847197][   T31]  do_group_exit+0x21c/0x2d0
[ 2169.849111][T27626] Total swap = 124996kB
[ 2169.861112][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2169.873094][   T31]  get_signal+0x125e/0x1310
[ 2169.877640][T27626] 2097051 pages RAM
[ 2169.877661][   T31]  arch_do_signal_or_restart+0x9a/0x750
[ 2169.883989][T27626] 0 pages HighMem/MovableOnly
[ 2169.887081][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 2169.891620][T27626] 424572 pages reserved
[ 2169.898158][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[ 2169.907881][   T31]  exit_to_user_mode_loop+0x75/0x110
[ 2169.910546][T27626] 0 pages cma reserved
[ 2169.913277][   T31]  do_syscall_64+0x2bd/0x3b0
[ 2169.913309][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2169.913332][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2169.913352][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 2169.913374][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2169.913392][   T31] RIP: 0033:0x7f8d32d8e929
[ 2169.948974][   T31] RSP: 002b:00007f8d33c110e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 2169.957505][   T31] RAX: 0000000000000000 RBX: 00007f8d32fb6088 RCX: 00007f8d32d8e929
[ 2169.967141][   T31] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8d32fb6088
[ 2169.975225][   T31] RBP: 00007f8d32fb6080 R08: 0000000000000000 R09: 0000000000000000
[ 2169.983464][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d32fb608c
[ 2169.991490][   T31] R13: 0000000000000000 R14: 00007ffc903fca40 R15: 00007ffc903fcb28
[ 2170.022950][   T31]  </TASK>
[ 2170.036155][   T31] 
[ 2170.036155][   T31] Showing all locks held in the system:
[ 2170.073352][   T31] 2 locks held by ksoftirqd/1/23:
[ 2170.112914][   T31]  #0: ffff8880b8639e18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[ 2170.142930][   T31]  #1: ffff8880b8723f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39e/0x6d0
[ 2170.168067][   T31] 3 locks held by kworker/1:0/24:
[ 2170.189130][   T31]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 2170.200714][   T31]  #1: ffffc900001e7bc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 2170.211979][   T31]  #2: ffffffff8f4fdbc8 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20
[ 2170.230679][   T31] 1 lock held by khungtaskd/31:
[ 2170.236341][   T31]  #0: ffffffff8e13ee60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 2170.251173][   T31] 2 locks held by kworker/u8:8/3555:
[ 2170.253384][T16336] Bluetooth: hci2: command tx timeout
[ 2170.268121][   T31]  #0: ffff8880b8739e18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[ 2170.278205][   T31]  #1: ffff8880b8723f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39e/0x6d0
[ 2170.294526][   T31] 2 locks held by getty/5579:
[ 2170.299236][   T31]  #0: ffff88814c8e30a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 2170.311147][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 2170.323477][   T31] 2 locks held by kworker/0:3/5821:
[ 2170.328715][   T31]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 2170.372910][   T31]  #1: ffffc90003fffbc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 2170.397580][   T31] 4 locks held by kworker/u8:13/6375:
[ 2170.412838][   T31]  #0: ffff88801b2fb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 2170.428743][   T31]  #1: ffffc9000bc6fbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 2170.439407][   T31]  #2: ffffffff8f4f0fd0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[ 2170.455062][   T31]  #3: ffffffff8f4fdbc8 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_unregister_hw+0x55/0x2c0
[ 2170.470078][   T31] 3 locks held by kworker/u8:1/16079:
[ 2170.475843][   T31]  #0: ffff88814c5e5948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 2170.492295][   T31]  #1: ffffc9000f12fbc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 2170.511373][   T31]  #2: ffffffff8f4fdbc8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x112/0x14b0
[ 2170.521086][   T31] 2 locks held by kworker/0:2/22138:
[ 2170.531359][   T31] 1 lock held by syz-executor/22431:
[ 2170.536700][   T31]  #0: ffffffff8f4fdbc8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[ 2170.550727][   T31] 1 lock held by syz.2.6190/27625:
[ 2170.557815][   T31]  #0: ffff88807d3580a8 (&ctx->uring_lock){+.+.}-{4:4}, at: io_uring_del_tctx_node+0xf0/0x2c0
[ 2170.576333][   T31] 3 locks held by syz.2.6190/27626:
[ 2170.581561][   T31] 1 lock held by syz-executor/27804:
[ 2170.587704][   T31]  #0: ffffffff8f4fdbc8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[ 2170.600738][   T31] 2 locks held by syz-executor/28899:
[ 2170.606982][   T31]  #0: ffffffff8f4f0fd0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[ 2170.620780][   T31]  #1: ffffffff8f4fdbc8 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x80/0x210
[ 2170.631680][   T31] 2 locks held by syz.5.6572/28939:
[ 2170.641156][   T31]  #0: ffffffff8f4fdbc8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[ 2170.651070][   T31]  #1: ffffffff8e144978 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730
[ 2170.666812][   T31] 
[ 2170.669204][   T31] =============================================
[ 2170.669204][   T31] 
[ 2170.681597][   T31] NMI backtrace for cpu 1
[ 2170.681617][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[ 2170.681634][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2170.681645][   T31] Call Trace:
[ 2170.681652][   T31]  <TASK>
[ 2170.681659][   T31]  dump_stack_lvl+0x189/0x250
[ 2170.681684][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 2170.681702][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2170.681722][   T31]  ? __pfx__printk+0x10/0x10
[ 2170.681749][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 2170.681770][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 2170.681785][   T31]  ? _printk+0xcf/0x120
[ 2170.681803][   T31]  ? __pfx__printk+0x10/0x10
[ 2170.681820][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 2170.681841][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 2170.681862][   T31]  watchdog+0xfee/0x1030
[ 2170.681882][   T31]  ? watchdog+0x1de/0x1030
[ 2170.681906][   T31]  kthread+0x70e/0x8a0
[ 2170.681925][   T31]  ? __pfx_watchdog+0x10/0x10
[ 2170.681942][   T31]  ? __pfx_kthread+0x10/0x10
[ 2170.681959][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2170.681978][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2170.681995][   T31]  ? __pfx_kthread+0x10/0x10
[ 2170.682012][   T31]  ret_from_fork+0x3fc/0x770
[ 2170.682033][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 2170.682057][   T31]  ? __switch_to_asm+0x39/0x70
[ 2170.682071][   T31]  ? __switch_to_asm+0x33/0x70
[ 2170.682083][   T31]  ? __pfx_kthread+0x10/0x10
[ 2170.682099][   T31]  ret_from_fork_asm+0x1a/0x30
[ 2170.682126][   T31]  </TASK>
[ 2170.682133][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 2170.765090][T28939] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2170.766488][    C0] NMI backtrace for cpu 0
[ 2170.766503][    C0] CPU: 0 UID: 0 PID: 28939 Comm: syz.5.6572 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[ 2170.766523][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2170.766534][    C0] RIP: 0010:io_serial_out+0x7c/0xc0
[ 2170.766562][    C0] Code: 32 80 fc 44 89 f9 d3 e5 49 83 c6 40 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 2c 8a e1 fc 41 03 2e 89 d8 89 ea ee <5b> 41 5c 41 5e 41 5f 5d e9 87 f8 21 06 cc 44 89 f9 80 e1 07 38 c1
[ 2170.766575][    C0] RSP: 0018:ffffc90003a4e250 EFLAGS: 00000002
[ 2170.766591][    C0] RAX: 000000000000002e RBX: 000000000000002e RCX: 0000000000000000
[ 2170.766602][    C0] RDX: 00000000000003f8 RSI: 0000000000049fa1 RDI: 0000000000049fa2
[ 2170.766613][    C0] RBP: 00000000000003f8 R08: ffff888024770237 R09: 1ffff110048ee046
[ 2170.766625][    C0] R10: dffffc0000000000 R11: ffffffff85401910 R12: dffffc0000000000
[ 2170.766637][    C0] R13: ffffffff99a8f8c7 R14: ffffffff99d94520 R15: 0000000000000000
[ 2170.766649][    C0] FS:  00007fa0f496c6c0(0000) GS:ffff888125c85000(0000) knlGS:0000000000000000
[ 2170.766663][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2170.766674][    C0] CR2: 0000558ccf7a3fb0 CR3: 000000004c380000 CR4: 00000000003526f0
[ 2170.766688][    C0] Call Trace:
[ 2170.766695][    C0]  <TASK>
[ 2170.766704][    C0]  serial8250_console_write+0x1410/0x1ba0
[ 2170.766727][    C0]  ? __lock_acquire+0xab9/0xd20
[ 2170.766747][    C0]  ? __pfx_serial8250_console_write+0x10/0x10
[ 2170.766765][    C0]  ? console_flush_all+0x13a/0xc40
[ 2170.766781][    C0]  ? console_flush_all+0x13a/0xc40
[ 2170.766799][    C0]  ? do_raw_spin_unlock+0x122/0x240
[ 2170.766814][    C0]  ? console_flush_all+0x13a/0xc40
[ 2170.766828][    C0]  ? console_flush_all+0x13a/0xc40
[ 2170.766844][    C0]  console_flush_all+0x728/0xc40
[ 2170.766861][    C0]  ? console_flush_all+0x13a/0xc40
[ 2170.766880][    C0]  ? __pfx_console_flush_all+0x10/0x10
[ 2170.766900][    C0]  ? is_printk_cpu_sync_owner+0x32/0x40
[ 2170.766919][    C0]  console_unlock+0xc4/0x270
[ 2170.766942][    C0]  ? __pfx_console_unlock+0x10/0x10
[ 2170.766965][    C0]  ? vprintk_emit+0x444/0x7a0
[ 2170.766985][    C0]  ? vprintk_emit+0x444/0x7a0
[ 2170.767007][    C0]  vprintk_emit+0x5b7/0x7a0
[ 2170.767027][    C0]  ? vprintk_emit+0x444/0x7a0
[ 2170.767049][    C0]  ? __pfx_vprintk_emit+0x10/0x10
[ 2170.767070][    C0]  ? __queue_work+0xc80/0xfe0
[ 2170.767094][    C0]  ? queue_work_on+0x115/0x270
[ 2170.767115][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2170.767139][    C0]  _printk+0xcf/0x120
[ 2170.767153][    C0]  ? __pfx_queue_work_on+0x10/0x10
[ 2170.767205][    C0]  ? __pfx__printk+0x10/0x10
[ 2170.767223][    C0]  ? switchdev_deferred_enqueue+0x1fe/0x240
[ 2170.767240][    C0]  br_set_state+0x475/0x710
[ 2170.767261][    C0]  ? __pfx_br_set_state+0x10/0x10
[ 2170.767279][    C0]  ? do_raw_spin_lock+0x121/0x290
[ 2170.767296][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 2170.767310][    C0]  ? br_become_designated_port+0x20/0x250
[ 2170.767329][    C0]  br_stp_disable_port+0x76/0x1d0
[ 2170.767350][    C0]  br_stp_disable_bridge+0x81/0x150
[ 2170.767370][    C0]  br_dev_stop+0x2d/0x180
[ 2170.767388][    C0]  ? __pfx_br_dev_stop+0x10/0x10
[ 2170.767406][    C0]  __dev_close_many+0x364/0x6f0
[ 2170.767423][    C0]  ? __pfx___dev_close_many+0x10/0x10
[ 2170.767443][    C0]  __dev_change_flags+0x2c7/0x6d0
[ 2170.767463][    C0]  ? __pfx___dev_change_flags+0x10/0x10
[ 2170.767479][    C0]  ? netif_state_change+0x256/0x3a0
[ 2170.767503][    C0]  ? __pfx_netif_state_change+0x10/0x10
[ 2170.767528][    C0]  netif_change_flags+0x88/0x1a0
[ 2170.767547][    C0]  do_setlink+0xc55/0x41c0
[ 2170.767566][    C0]  ? trace_sched_exit_tp+0x38/0x120
[ 2170.767588][    C0]  ? __pfx_do_setlink+0x10/0x10
[ 2170.767606][    C0]  ? __lock_acquire+0xab9/0xd20
[ 2170.767628][    C0]  ? do_raw_spin_lock+0x121/0x290
[ 2170.767648][    C0]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 2170.767668][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2170.767689][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 2170.767709][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 2170.767731][    C0]  ? rcu_is_watching+0x15/0xb0
[ 2170.767754][    C0]  ? __mutex_lock+0xa6d/0xe80
[ 2170.767776][    C0]  ? __mutex_lock+0x51b/0xe80
[ 2170.767799][    C0]  ? rtnl_newlink+0x8db/0x1c70
[ 2170.767815][    C0]  ? __pfx___mutex_lock+0x10/0x10
[ 2170.767840][    C0]  ? ns_capable+0x8a/0xf0
[ 2170.767861][    C0]  ? rtnl_link_get_net_capable+0x16a/0x350
[ 2170.767880][    C0]  rtnl_newlink+0x149f/0x1c70
[ 2170.767894][    C0]  ? netlink_sendmsg+0x805/0xb30
[ 2170.767916][    C0]  ? __pfx_rtnl_newlink+0x10/0x10
[ 2170.767941][    C0]  ? kasan_quarantine_put+0xdd/0x220
[ 2170.767957][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2170.767980][    C0]  ? nlmon_xmit+0xb0/0x100
[ 2170.767999][    C0]  ? kmem_cache_free+0x18f/0x400
[ 2170.768021][    C0]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 2170.768042][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2170.768062][    C0]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 2170.768082][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 2170.768104][    C0]  ? __dev_queue_xmit+0x27e/0x3a70
[ 2170.768124][    C0]  ? __dev_queue_xmit+0x27e/0x3a70
[ 2170.768142][    C0]  ? __dev_queue_xmit+0x27e/0x3a70
[ 2170.768161][    C0]  ? __dev_queue_xmit+0x1cd7/0x3a70
[ 2170.768187][    C0]  ? __lock_acquire+0xab9/0xd20
[ 2170.768217][    C0]  ? __pfx_rtnl_newlink+0x10/0x10
[ 2170.768232][    C0]  rtnetlink_rcv_msg+0x7cc/0xb70
[ 2170.768248][    C0]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 2170.768262][    C0]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 2170.768276][    C0]  ? ref_tracker_free+0x63a/0x7d0
[ 2170.768294][    C0]  ? __copy_skb_header+0xa7/0x550
[ 2170.768313][    C0]  ? __pfx_ref_tracker_free+0x10/0x10
[ 2170.768332][    C0]  ? __skb_clone+0x63/0x7a0
[ 2170.768353][    C0]  netlink_rcv_skb+0x208/0x470
[ 2170.768369][    C0]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 2170.768385][    C0]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 2170.768408][    C0]  ? netlink_deliver_tap+0x2e/0x1b0
[ 2170.768424][    C0]  ? netlink_deliver_tap+0x2e/0x1b0
[ 2170.768442][    C0]  netlink_unicast+0x75b/0x8d0
[ 2170.768462][    C0]  netlink_sendmsg+0x805/0xb30
[ 2170.768483][    C0]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2170.768503][    C0]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 2170.768522][    C0]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2170.768539][    C0]  __sock_sendmsg+0x21c/0x270
[ 2170.768562][    C0]  ____sys_sendmsg+0x505/0x830
[ 2170.768582][    C0]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2170.768604][    C0]  ? import_iovec+0x74/0xa0
[ 2170.768620][    C0]  ___sys_sendmsg+0x21f/0x2a0
[ 2170.768639][    C0]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2170.768674][    C0]  ? __fget_files+0x2a/0x420
[ 2170.768693][    C0]  ? __fget_files+0x3a0/0x420
[ 2170.768716][    C0]  __x64_sys_sendmsg+0x19b/0x260
[ 2170.768735][    C0]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 2170.768758][    C0]  ? rcu_is_watching+0x15/0xb0
[ 2170.768781][    C0]  ? do_syscall_64+0xbe/0x3b0
[ 2170.768804][    C0]  do_syscall_64+0xfa/0x3b0
[ 2170.768824][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2170.768844][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2170.768860][    C0]  ? clear_bhb_loop+0x60/0xb0
[ 2170.768877][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2170.768893][    C0] RIP: 0033:0x7fa0f778e929
[ 2170.768907][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2170.768921][    C0] RSP: 002b:00007fa0f496c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2170.768937][    C0] RAX: ffffffffffffffda RBX: 00007fa0f79b6400 RCX: 00007fa0f778e929
[ 2170.768949][    C0] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 000000000000000c
[ 2170.768960][    C0] RBP: 00007fa0f7810b39 R08: 0000000000000000 R09: 0000000000000000
[ 2170.768970][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2170.768980][    C0] R13: 0000000000000000 R14: 00007fa0f79b6400 R15: 00007ffdbeb41b58
[ 2170.768999][    C0]  </TASK>
[ 2170.801253][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 2170.801277][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[ 2170.801298][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2170.801311][   T31] Call Trace:
[ 2170.801320][   T31]  <TASK>
[ 2170.801330][   T31]  dump_stack_lvl+0x99/0x250
[ 2170.801358][   T31]  ? __asan_memcpy+0x40/0x70
[ 2170.801376][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2170.801399][   T31]  ? __pfx__printk+0x10/0x10
[ 2170.801434][   T31]  panic+0x2db/0x790
[ 2170.801461][   T31]  ? __pfx_panic+0x10/0x10
[ 2170.801482][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 2170.801510][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 2170.801531][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 2170.801558][   T31]  watchdog+0x102d/0x1030
[ 2170.801580][   T31]  ? watchdog+0x1de/0x1030
[ 2170.801607][   T31]  kthread+0x70e/0x8a0
[ 2170.801628][   T31]  ? __pfx_watchdog+0x10/0x10
[ 2170.801647][   T31]  ? __pfx_kthread+0x10/0x10
[ 2170.801666][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2170.801687][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2170.801708][   T31]  ? __pfx_kthread+0x10/0x10
[ 2170.801727][   T31]  ret_from_fork+0x3fc/0x770
[ 2170.801750][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 2170.801777][   T31]  ? __switch_to_asm+0x39/0x70
[ 2170.801792][   T31]  ? __switch_to_asm+0x33/0x70
[ 2170.801807][   T31]  ? __pfx_kthread+0x10/0x10
[ 2170.801825][   T31]  ret_from_fork_asm+0x1a/0x30
[ 2170.801855][   T31]  </TASK>
[ 2170.805559][   T31] Kernel Offset: disabled