last executing test programs:

1m21.925555976s ago: executing program 2 (id=23):
r0 = ioctl$USERFAULTFD_IOC_NEW(0xffffffffffffffff, 0xaa00)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x40090)
r2 = socket$kcm(0xa, 0x3, 0x73)
sendmsg$inet(r2, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @multicast2}, 0x3c, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c068c0a7d2eaebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0f7490abe9fde91ffa62e059962bd134be8501cb5b715a744b1398e2c4c7e8afe72e189dda0654296afa1c1f99ab7d800fa40f72a758625c833b6fc7b7d42250522b456e1e7de815350c36c9cb2f4d1c9cb99109f89b456c559463f11b8b58247809b17a4ed4912bd0a47a529f1364d6dc593ea7f3eb98962078ac90e5012ee1c7b4b9ed5a8c7a9c0231b4ce425693faab64fa0f3482a04d4be2e06ee5d103694d288810a1a7f4d1e908dd82dd2016a064ece5cd67ef1dd5f4cda728fc6f1ccdd949dd8f775d862621507248ef4c83ae274969d19c7ddb02a4e8a1ab2b7aa539a442b22735ceedeefe60a1059dfaaa0979ce8d5387b5a047841fd9749b88ca91216b02d7926408a01916b7781bb7167528ccdb9a486d173437a5ba3e552c8674dff2cc9b21054e0e4f86b61b8723fca58ceef4413bffae9e9be79c5b9788f5449811ce78be9bc7a86375a670197baaef751beabcba0aa6c7c33f1cd702cb78ec39fa1f17d9da733d6abf2b80f9c51ac8f6f664b24edc53a7c9525c3016bd05c67272375fe816b2b121f2de68b885a0fd8f8b8c6c342237b632f6414a3eb3480f5f42106c5812e9bfd4e8c8dea8d08525d9aa1da7c7c2ee7ff3d31b79b211dd01e304a8ffc83a89a59f3b1e2ef5e969b6d90bea7e161066f25622fad914bff52bacd2807093dda1838b529ee57f718b374ce2841b924a42457867547a6edcb8412d85f11796742bf640b5819a9546357df778c332af5983c4373a95d9c58b52dba445eee92e6911824f0c534e7a5934d9eac9b7f6fec22002fc53a3003a3304217f567b47cd326edc5f48eb1f46bb20d1e10e72239afc9769344590cf48902aba5405b7d4baa31a912ab398a2f2d3f037614bb56a89244ece50f3a1e058d274f1e70f944eb8a305be91e561e5eb843d057a81f4deb84a6335ec81ca964cdae5f318d4e9aaea2c477cc279c00c698bcfe4b8e04c09079d8f3f5438d9d45a00f50d2f9b245c8c68eebf247e25ba8d26f8b95b21ac9ceb50c0aa2e4bdc032024db216b92f9350a90ac79341af14d3fa8ba908096e1b503341aed667bb184c672dac85fc4f335b3871c3b4e55ea219a857d2d2e135358f6b45a20b3e7de8e09b2041eb7c5084a80258fb524a983752659298a251e178b56f96bc67ae0a78ec92f92d92c9cf0edb5dcb11e739d69410ad44c8df00caa030d7d89f2ec38bd7698115c423cf3e6048793aca08ffbcdac766f1553773fa00031c1d75246e4e1eddf8948d02a3de6d67fd7329e45070f29044587f1e0db50d04e673191a63e30f96ee0d8d52738fab36a7fe2c6ab9301d401e7ca5b1f039193a580e40abbdf40c2d7e27809dec80815d37adae9fe7fb9d3a974c9fc03944d7338d000b81170be4c6792ed6b3b827194b3ae11e2acfca48498d1126aacf80f3d574256ef7f75552ff087a819e", 0x1000}, {&(0x7f0000001040)="9d7fcf3efc63f4a6a555ba8b4726d7ccaf8a207100e69cfac4377876021d7131b838029f96bd206d4776368ed2a92432e5af71", 0x33}], 0x2, &(0x7f00000010c0)=[@ip_tos_int={{0x14, 0x29, 0x34}}, @ip_tos_u8={{0x14, 0x29, 0x43}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @broadcast, @remote}}}], 0x50}, 0x9fc)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffa000/0x4000)=nil, 0x4000}, 0x2})
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000001280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c6427000000000000009847c7c4087890a56000ddc96d01bf16e9ab71dbf42efb44769eaaa63a3f741d966d861b0ade758a100daca6a0bc37b0a3eb2ebf26a92e7b91cac25116b1d74f3fe720d17876cbe1bc5a83b573df255b6cfe941d83ed9cf3547201275b640013afb87d2a399ed778e836e195a94641146281070773626c59c020ee809f80332d97982ce8cb0b1c03a8f42138396612fdcb0c4b9b8e16c2fe5dcb57f2d930218db0a863c662", @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
statx(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x100, 0x800, 0x0)
read$FUSE(r3, &(0x7f0000006380)={0x2020, 0x0, <r4=>0x0, 0x0, <r5=>0x0}, 0x2020)
syz_fuse_handle_req(r3, &(0x7f0000004300)="00e7a0633e8438bafa888b9b02144af32e296a0a01dc194d649b6fa26d6d5e63bac4a04baeeb8aacb22c6eec461b67db6a737737c6d2687acb00572f92e3fdb5d0cb2f11121c557a943020200755bcab77b39c406b733239e2bb1175b9322ba39dc7d67da8f77aed1714dae2e6c24c3ea96be9d151c6ab7b3c54bbe507b8b2461fb4be8dc90042184af6d48f8ace16abb5e3fc943cf61cdb75624a259bdb5f7829b9775820f85f2d1a6ee6c6c2af4fd41ab8a41ecb2612abf13cd2c6f9f3e6db505e4bbe68cc000cf5fa6d5636191a4b366ab59af52132a3f9678d4ed1bd577bacffb3b52850804005eebf3dfa4763168ff30490a11acdbbf4c3312a45f30139f6b72b1e7cdec185006bb30e0e8fa88da2cefc718cae7e9830f7ca101e4e23c6bd16bfacf4a9927fb13af4b79c86ab999beda4ad396abdda354a42fb4ef21d6749175dc21a0cf9191aa4f90d274b50370a580ad8dcd166d2b06c0d8b071973c3fde30f7e2bc371a51ca5866bf8b24eaac75bf482dd4436b214ff62d32e20df223b0b680ede28b3a49e66e330a8a3ecace0db9855d235d5ff23765e742d1a739c2ac8743f4c62664a3b347279da55a1a5b16e1e2828b584a013577d50f890e3894d9e8d6bfccdfb2b70221f12a7fac24b7a8818edce72b65f622c77bf1312771a2c0d805ec9a25c536c91868762032255be78903b77b2c1a773a03996fabba69214e76f5df6df0375b592692a2c3c86c75a3be56fe598ddaea0b9901d20db7e43e128e04e5509283f833c24c625887288459db5727210ba9a301fb8c934dd1d8dca68039fe5b2e1a8d7cdfc6d875e5851098100c3cd42544ed90bb55b58d20a501fabbc485d148c615a3b070fa0520da2ed68ee115a4411d5418b47f3d95616096f67a7a36d68f1e8df82eca8ef96fb4a96b3422fe046a37ea5f5967513a559bd770fecab7228b0692f439765c9e9c6ea4fc608e0b27f9b49064daa2bac06f83f6d87ebc61fa3a29bb5ed39641245ce8cf43770df32a84838802b0827ca5a40e2003915e2ed108a005637bb028d29bd2cfd28a1bd55e67ed1b6b7b72163c27c4b0e36d1b134d6dfdb165a66fb46498fc04bb8053b84098af5b18758631d1318d625a6fa4d3ce5a4d3a90e10c6363a26b5ae96c2d56f87ad21a6118af6847d041f88f852ddc3f250c088ef5cb31198f3ac81cff9a5bab26ed56c09f8416188974e08349f7da28fc754b98c1ac4ea0060ac1e1b1c49f7dbadbc59254b265dc418cab9ac14e2bbecc4c3103543e37984efb1f61315e10d2b422732217d3a9b0cfe4561f3765d3bda60be239e02bdc164dd631582e8c87dd8fa60d63dcf9e7f3dadc4ce5e4433a42425b8ee8cb8a2defab0bf9b6109c90b5655b79b18c06884f2670a985d454e08e54de69f645cb0cbb70620bd988ee717c310ae77b4abe81c01c6e7f47268ee20bc30b9062830917705682eba2c5ef966b877f33294aa5f8b29d3dd5ed92302087f34fa18d19a005de05f925e3e93c8c0f24507ff20cd23d9ae5452c32ff58c78ccdb1ab32c98edfaa6d2c3971934ca8f849ac360c286566eb72b0793f12cef84bd282368d533247ee750f18aeda484167f3d680e4aaa3aa0694441d4ff6a71531f1a30f87eeb71afd04c5d686e1f86f27586f4e2c8ff77c09612ba1af9b3fb93efd31af42f8e0498f35d07c662b743a08f2839cad8f95b90cbb4fc0ed2ca45dd093a549cde4c6ff08ce09a2cbc6f9f78b6f96643357f92f8f403202742057731fd3e343a87c0affe803cfdbddb8c2694ab63f2dc35da705624747e30a943000fc82c40f10e1975d2e2ec15aefd531b6dbc053606b054dc976f44d5b5a5f37e9c08532ce16cf8bca55ab6c814ceb855ab50b8b52620f8645a9dc25fcb732080d84bf39c3ebb235b4d96da527b64ec4b72f69e91d16a4efcaf76f2e1f968ca68a06f60b01ec7becc9ffd7877c0992cb0f80fb3daabc039513896bd7697843be06aba53e7761e11e075c61ef2d897d4d9f90041c14283746feeb3f0d456ba4be27843350fe43e7c1110b4439489139f6dae01c43f23ec71f08d3042663c65e059d368e4e2c6e49de45bf078d3182a1bc1208bc59379e705aa3309579947409f2a8b3d79099c8619f916e7a6fa333d2312a274247156b8c25cbcfcc59ef13339c700f56a8691dff39bd4338789001872c0d90929037dc0ad99b380a6ba73f331f73f9274f4c2bf5233d7482edf37bf6ffed4f2c0ee44a1d57cae0d644f25591dc03bf837571a82d0c31b61be7ff85a5b3843e8f96a50eaa43f5c137ecfc4e4530d08a2afa4ba02fcc50117a4ad0d5862302017639344c82749f673dbd650e49b35302d0acbab45c0973198291bb42b4cfcd3b0c272074341ea8eca19e122cd234da6d41bf5eedb706e16c17687ed8b84db67130796d26b94eac83bbcd785b603242bd6252c155711efd7dd22cc54e1eaf6d910d0f22c701f3d4da0314dd2829c6ee13bbcbd126558b47b8066bf0766c792a012315bd29bfeda8f28a2c1f4e638b701758e19a0e5bd5b4f19048b00a877d956292e345f8a3a8367892f955bcb5e50ca145ec5e2c9309e25941bd277e393aaad38f9b72a42514b27da6856223c37a1fc1327fa760551d3fdeb0b222ab180b16c9eea138cf4f327e88fdfee293c5b6b007028eb796a60772148282dcd17ffc1c90ed8b6540ede933545ed5a5301d6ff39734444ff3d85cda4ac3befa5083a4685e9e231eba4a91a35f4f7f48fd5ac2447c64c010e2a9f8e80691c95460e1995444466ec5f3cd71fe509a26ff0b7f3254bc8c3255e903834e841b37c70b267fb33deb0d1ed4ea84a869453ba508fc255b12cf847103d5195046c930ae4a75c956f22fcfe4186d547686b54bd7a534940d5d62216994eac0e8ed3bd2bd59354e6b9c6b5b10511d54a8b928040f1e1024a423b0cf519fc6e9673df5c48c0778c7edb8fa8d8ace77463a77d2d6313160e1ee72742953e433b6732ced59c93464fd91520847db238610ed0c289fc55647881a7d6257cf28090c75a6f19df079cfd35742a74a5ab270314f7c8039c20ff0f3f543d029b75a741b5dc6425241ac2ffabf1f96288e6d4ba34da09fb6049c2c8753fbd41fdb4bc68c57bf374ef4feb0df00c41319debb26afba2ff39e1799a1c2137f4e920ee5b02d93789b6b0c853e8143dae5b08ee85da2ea7c31803610ce797293ea95c16ade6dae2afb008e59d8b9505737f008b5227df5f1e4eb5d707f502698a17ead9b1f5ec09dff34248ff2fb153dc6df4812e39754a4baa42e1d8b77fbddef3ca091701ac28ae5fd422dbd8db5b122d3965383abc37a52d2fca5ce56eba974dba3d059cefe40e3c35c9daa8ae31198214303c1dcb90d58fc983ccfd504fa43925636f94b128d44e8aa5cd3ecfabd50a84062d03f7508a0575ab65ecc749d3ef566fdbc529a8139b7a7fb3a9bd784df52cddc6f2699044ba47615163fbbe19f3d88d38a8b71fe52b2611ca74341429d1cef1a7e350545be29d2caa560e60352cab074c298c44ca2c07f9795ce52f10aa3e2fcdef371f24e309b19e52218881f25a4674527edbe3b3bd0b9b536d810c6f9500c0c81bcfd9a440dd91c1d35c52758d2b2ae1a8497bb394c4f09d3947cf777727b0d1daf5ac4fe4fa3c247a791702cb84b96321b7fec81bf549d4eb5d6dafe019b26187417c68b064e4308908535a3e77b6cd3e28caaf12d726f15590b7958e40134d045a38cbb689131a7e85532f1c63dd4bac9e4d00645cd7b2b71704563f3738b92044a8153f6ba717800ab7cb238175c376d7add2c5ec38e4c856f1ab9c3ee33f6ca6d576ae908dd290e4bae23470182e253765e04e8eb02a791c4396a511ef467879a9e2818b8a4b1b0b39a6c44e816e3ebf6e3be93929dfcb38d5dad7d20b60215447674d0608b8b02331ac20e57083cb9b4449fecbb149441aea0ad82f00a82d87d743fc80d410922bc20923516885440f43c9f32beb81ce148def6140952583a7825c2d2fe012d52d30ef66d32a8a0864ac5c1737e2506228d41ff0515ee80be4cf012927dde0fd2a07cac68eff8c4437f2844d4df07936fd8753e5909f962c5c767f8719cc295bdfa8a16f3f36ff56e34d7b14b6b8c46d5af248b04a9c5396f84990e23d145670950bce5f5638e5e2cea37c371a4483729338f1305cbb32fa1c05dd9d21d2a69e5fa3abe9a2dad2237be20b4088393c04aa66cf13718de4bffac72f641a8c017a1d5568fa15a6a06e4dc833874ec95af6f115bdadf15179bfc8c4e3e64f26f1299e282c4ab397340934efc1e601afc630fe195e8ae7d8da1310568cab4f2fad085d0ec39710d8b7c812b3fd55c6f50925bcfc90fbcb35b8daa0f1e1f69d82fae2034039f7ad6921694ed48a55a68bc541e6d86f1e33c261a92d48b50eb58a03d8e31b2f6564a4ddc3ee988d0dc47b4b610a9a9dcb87571b5c1edb3362df0ec3d58872157e0f7247dfa8100b4478b705702a5620c9201010f40232327550db333e845dbecd6aadbd0a94c064862b1100b4dd45ece811b8c0275e3753e11b4bcd8bc5ed7668e72afa5bc5cc17b4c313273755f532ecfdefdf2d5c47999453a3b7c158d98332f0bd3a820cfb2c8c3bcd43197e7395a032cec6e41662079f2f654965aebc393e22b5c8516d9b8ad01e33ee481a4ac46a2df304dadeaa9e5274d340aaebe14dcea315fe1279f1a41a5c7aa8c94bf4b3d48757503171f53488e01210145e62c0de7c39737848dbdb1b207d4d33b8de180b020e8a76b1b521905e5e3ce97292f8558fb68efdee774681bfffcf1dc3eef35f660dd1659a32950de2d50e762313beee330d9c2a9fe8ce5e4e61ddd86378d3551335f6ef62053d3b248a8c33a11abdf3f3aa1975a15f4a6957a13d5b12a44d0f2b52b9a2d996e98c630c0f2abca80c7ae89efcf81ae284a0d19582cb1319d207077e5657d245533181ed6e07e0f7647123fc46c37bd75b4f4d181112b4a08acdcf445332cb9dde69a0923dd9244dd2ecd818b19588939922e3b2d8dd9d9fed95fa55b0e4564b38aca2c4d24eebc634664400177fbdeaeb278bb1d8eb11baf4be5c87d4f8d9a855bfa75df4c51fb4eec87a27c59df9a47d82523b08022a1c0fb22ff6f93c3d2cc22a4111a6ec5be428cba33617be65739c2240248f3a02d01ddf2d6aca9e537a2296b16d082d2b868504371dd5e41898885b03ebfaca73b40e8924ece83c1c80de6ce14943e1199c6f81bf359f44c3ed5ae3c6eacb730b1039f0b6555347bd566dfff45a7a2176420ab2b40916a73b66a3ad07af6e1ac5597393d203fa1ad34d4564af956a0a3e2997e27a4e5eff67dd89cce8875d995e00c1858234f149f6ad4cac2b8056966f726df57b8c4ee8f22f23097ba1471b1f1036e3a499400fccdb75b56eb13e9eca1407d5bff4b075b06d00fcbfcafc28431eb33156232e73c6577e3eca437330c494ede57b9609e1f40634918dea767338b5542197410cdc000143ace89ca0b7bf645b3267f74767d7c7fce05d2f59c137204e56bfa711f66903c511f681cf7a1b4f9fc0f42b7c438ff8957e1059375321df5b0c5c884f46d94c21686e1300582d34928bc398653118f79bfeea2e7cfbbf31a7718f4aab50fae57db94203d43e060365c9a7455241be03d82dffc3783d0f6aa170c0866eb0dad07485831526922d8348a7a16e2e9903a2ac93c58c6dce83127fab17703ec004a519ae5675baffb31bf4b52f9ca992a84017a44d68dc693abd829947342f277fdcbc87168bcc03c32b8b1e81a1915af2517c464af07d52b79d1b0e53164c82ba049f81e92ed1dc20a88fd72e9ce7aa4b22a7cc57dc5527d14f62bc29cfc9d57ed26fd523cac39ac00ba12d3a49d694709924275fc0793d56acf9558818dc9eb210749fa5307d45886b879257d627cee0542b51c2ce6ce134100efb47c92456ece5b73cdc051f570810a8d534222649eb56cf73a377162b753de6c282bcd4a25dda21dd10901bd8dfe8fd4ba8a70811c39707beded23dd60f23e2933372e3a6bce099899b07f0a4c4956fd98e956a8649622c77717de099463c0c6c9389ab4a1ae10f8ddd086d876af2943ee0b6b402ae5f89e09922e8c510ec0caa0a83e366e916400bfec88a52ab457037a35ddc6a8e2289c33684a5915c37bf5d227cbc65a737b52bdcb4fbbb7b4e7f965db116b46044d0870846c730dce12e120b1fe6dd5798ced24cad72c59a3f44de4978b8bc05a1dbeb766be6e2abf6ef46c67a58a370e54e92d89e5f44525e82b94a388d8d0cb20c3469a258c1633c9dddb6854aee255f93f59435ff317622f6899250aa185c207644275278580c5d32401741fe264a2e03b80f442ed58fd0704ebac923ac6a5abb7f0c695252f82e3fbcf2b99d721589a8fe3fad4d5926aee3d7bfafb6739e525faae3d25b12841fa2cc61dddc44d36acb9a8b72d60ecdd9c8cf04f9bac341b5e0f9bc59042db8126324888b07afe72b18cce36d61eec975b6b4ef5dc4a16ac14440cf770599bd4db630bd110eb63a03a80cd95c16d314a4de60cc5115bf0754cb7ab84a827ecefafa96069c721a5979f227fdc2467b4cd1975dafb5b28e1d6f3c1c3a2816ad831dd98c1378a03798c128f176426eaa0e361571e758d54bf4ec2c988355f016e16d6cd5cf97bb4891ab33f5623b7e796af313cc7a9e2f9510cd2bead1ea5dd080d9de1f595b2629ebccf69a0feaed3963ae8a6c89edd66fbf6e566379898185828925f8669668d6bddff961b08aaedbbe7fc196931a887ec740da6bcdab8f826a34aa2aa1e406a258558f3baf022a64222df4d6ee8726c79ba3dd6e11a19e4b4bb49b4a8cd99c189e6392f08ad731e415b65d0ccb919dca46efe9f79e21437111ab09e926d3038182044ae047bf1cc92e2d2644c528985719667a1a8abaf65d0f211172ea789b2fa016e1a88325d1ed706239da4dbb9e2079e3598b4ae5885667587ba1e0921c9ba55d7a3be4c47bc2f2f3547ce9efe32e5a22855f761bd4cbe1cd9337eda4bd7d82a918084d7e116b656104ca87e64b1b8c62323c3c296c5b5b98051feb607b872edf9f789744aff710c4b7279711182bcac6b76c05f5cd982f52f451e7e29046550e012e01d8cdd3e305427030f4247488c9136303084c12175c5c781cdd08aede5a356ea0ccdd05a460be3c7b4bfd62c3ce9ab68e285a36c1546d0b18edad71f69f5bedb340772e1bbb035514b085067259e39f59dc292a12557350c66904b253efee29a5eb7a6920f583c899dc46a1d3e2af2db3a3d1a0e8d1f98722a16c6cc1e401058d60c8c436d8f1166ba53bdde5810f9d0288528affd486c266546a864c92af3df8abd451cc1e0d6bfea534865cea9d49b3ea5e390fa823118df8a61e31022f5fbb8ceee870bf2e60890263c4d14e24d053d0fddf665ff80a66fa00a5957f8a30fe82a4b82cf2f6b4d49def98f66bfcdaa0aef13314e950ca9f3849b1edf3b82eaf74a0dbcf45c3dba9bd2d853281a78484f1efaf4150da1207ec3cb61fbcbf759f8182b7052b28d7164b73197b0a440759fe9d5ddf827f1897a174e82fb968a9a07c61bee44bc1f7f9ee5c6de04c02d57735c5fab741b36aec7c8642e56cba932a08b8e8a9d3eb066a4ee7cbf22e5abbd4346de59eca1f24ad9f7f9ff7621e5f30dd08f4cddda8e80e496908109f5212a72bab1378d1237def07bdda4178719975346c68405de15153031fb17535894e5e3c1de6fdd507333f0226b78ba7cae509cfb48d6735ede9392650bf85ac1db919b1e9fe0a823119d8253204dbb2f7a8f524be6d419f3a45c5051a7a88ef0bd41586d90c11a894d647f03895f671a6e19f1c70e32668653aba8366a3d372522f49844081a9637db080663ab02f4a8af502955d5411461b62f85308c91852f8fb9f0bdddd500b4a133791d3a2f91a82dc4b09f5ad2196a9172ab0cd3fafe7266e9f6d159110d99ca8da8a34b17be17a04ad4509a9fffab1e45e10f10e0cf9cfbd9c761ad044064c07e473fdc626289cfb88b13a11455c069b70aa02426d9119ac878a14c9483be9c0d5bcbb5fa76c8d06531f59c7cf7c26372e750e2f332418ca769e5e7fbeb3ada7bb58b573a0635e2e3ad9a53ddb809ea01086a3fa993ad57e89da6f9c5e61bd0f8ba69212a386b2aa1ae17520d7fb989dbe14021885eb50fa3048aebd42c861a09a308b660d382c0480ead8a52a1e14927c7c77957f94bb59ccfd557f8c4a7af23360a298a603d20ebc386db041d8c306b3e32b0bff541bdec5ff75c3b40950815cf9f89d48a382f67e44c409d046c01fb1262aca0df6f5238a3c3c09977261494f7361ba326815d6e23f49e4d6d4b54665081067332265fff59cf54af9da0db9d19bc611cbcb6e6f3f1e2e1ffb6cdd6253578d78d06a2ff5f9250f1994c5749e3ce49231fbd63bba28e948f9150933e3ae31299babaa41043b181a100882e613b4b4b8f49ceeb742d22f860853a9b917f5a323a8a1fb1f3363a7be4407fba44b408f259b5db79a055b92ce3d7a0649cc59f4afa2b1f69959d5c6f5eef1fa7987a47bee4491f685c52e9db1ee1a231ab5a4bae1019c97868a409dd0d57b32525394a233023c4a7ac429808bbcb57a34b41883202744c3bdebc0a637773273f19c2be6e806bef7fc1002846db762ee4e16867773808c5477987d5851d5b1641d070feabc203cb3d7943ffb206272fcac1bccb616352d85975f5a22c0f247548535ad9fb83fb2be17689453f10691143c060cd964df63c3c70e7b1cfc7e2b468015f327f9869353477bfeeed330b03ddd9e4e0a2441182244da283d7a59d2b2b20e6de3e3a47c26aeef4944c1190bba674523a6c3c4ed6bac53b9edffcb0e9fb19d8bf36949d03ef6a7e59eb903a00d9614f642d1932c766421906f5b177963c71e881453560e3ffcec792e8dc46b1832a8fcb2ab2268a9c1fb648d1c6fa1c8cbd50d5a2d8264fbc6c063e6daac5519d362da389dcd3d12c8039f991de91e728abf5bab95c3aef66dd8cc36c60e73cb10afb02eff6df20ff12c59b142b07fc48fe94612de80b8b958f78256fd7cf3c6f79a83867f3bb5f70da392957badadecefdf7b6e4ebd39ff945397c7d302ca0a5a3918d8abb893cd9cdd680916a50fe19699ff0476ad82e6ba46523f26ccc5eb65313c1df1077c8876d2b73bf86ba311862d12b0c557a92ef827197121512e87f817167d4b17c7e225a48b3f8fbbf4187438e0e9b78e905cdbeb72e80dfb37ec0104f5186b39b4ff34f0cdf4b74dc915acd3f98874cd6a67308d0ad9697121ac477550b1affe004f433705933f9647522be65cb5a7471120ec942aeb956f195be0c1783102cf7d842f2968222ae1a7fa6513f200d3fa85d71724956ed697f0673ee3b40a4d46ba4850439ec125b708ed52b52b9f72906477d520c90a9f5dd49a7a33a328137a183f439895532b78ae451a8c3db789bc862fbc37241d523027e1a008629c969380f6eb55f9cf3f0675bca6851f00df6aaf90de9f62d5c179945ef81d1073850301f97e379ea415d830e3f3751cf83e2dba541cb6cdd89e6b674f2c53e329e5f3dd418d534ada6469a5b3bca5b7cfbdfdd6df4abaf77d4520d0311e801145c91b52586a56086e663841b702f52cef9fff8cfb7b33dfa125688ba6b4fadd1dca8defaf4259ca85323b23d3bbb45933562c25af3e8d7bc6ad4a50ae974f8d207994b3bd74a6812ab6a40fcaf96bb4e17bd20d742b14c72226caef3e0f5c56c4930071e9f9a894f18650fbb785c6f707605c86b634c9722c8690cf3a954f68d7c2db3a257339ade67a41259f6f878dd0ab7876deffa77f6f00819282a8f4c4da84c6cf4f335cd0410770a2b1a1fbb3f85f4489eeceb78bbfddb2d1866c57b41f6ed179a0bc3750a486403d23473f2feef43ebc5af1018d9c20089e277d77fb9c34f425c8f8af4c49864b57572fa8c232e61ef37194251a1ddc2f73ffecd57e638751cb72bcb2c40d22540166ca1e8588f24b010c9fbd962e3a2c23a7e93f131df61b8703ce326ed80cc87912d3c6aaa27574bbe8d65bcaecd660c31cead132a44b1d0e4a53cacc0b82a263c4e7783944af0af08ea9e68e8e25ed9111cfef841f1b2fd24164f9097f70efe09b1109e5cb91fe68a2760381fd63a7fd422dd578a60661abc9ee3a5db1c2cde2fb21f2040f1ed3fc27b99e254256949d0560e8b98fa028fca50768caa951a87bf8969af498d50a9ee773c9caa7d9f7d8e1955506013f198cda316d79b177e59f233b98f727afd2494fc18642f0015adab756ea6742690c7d00f28655b915ce4eb8b3ba2e8559ba23e1ff1ccc9f79ae2df85f924459c56715dec78ef4592352eb1a850cd65ecd36e1a9121e888586b7b2fa84da920b8cf44480433e61ab076b10171c0537524bb170a4b99b0b0c437418a665b7ef909652b6483b20362e557c1480c2a2a0efa221fc59054a48122b52d38245f9bd026001635be5b155f5c766a59306fbde231fa72b4d74449a2fe8fb969496ee26af5881adaafb4189b439877ab8f78709cfd32c10ea576a010bfc137b7a4aae137ea3d29070ce3bc8dbe6655e967115ca3461ad9d28b9cf8af07441e68a54ec5e889846f3978f07ba51f7d5af5da78c5c675dc5d0c1a4a399ff4247203573a46fb903eaf7bc886e6cbd3126fa4a3fe3bb13bbdfea7da871f6563aa750f6ad7895b34b2809563dcf5ed30f1c60cef4138aa49d4f55e396534ed10cf4d857723a2b442f47d79de162c30ec6c4daf939b4c88649494e3682d1da81b4a5928d8e18a16c46707a685305e592589acb484e28e9d5af89c44b6e563d125ec97c0155410527406d94b90bc9576a662db99da1cb82b04d610d02187ce08f22ea0e8fd31919d53fa6aaf980e31ca7f8610e695a41919c24136a8406c62d5f15fca36507002b54ece17664b5247583ad60d863f283f3c288946139575dcaedc978762e85f534e56334ef0221c34ffae054ddf79339b8f08701e9699b11041df8f518dd33203363c8098fbefb01555bcc2542422777b38d8dff11b15aadb0c251ce2c5b32f8735b3cb784f2e5731b48feb5a0e791a1106abdea0f7d1f087737cbe7fdf523fa14c9be2a2987511004c5b7ac1814ef6961db16799698242452c469a07c30e4a1f73193c74a41bdd88aef50035e4648bc9dfa276951798420a45e4085932bdb9381af3cc4678bd962af616549e4020d2c9fd25e2117a6d8934fde2218273d7833d60ea492e251417a27e7fb32012a940a6b6487af4b64958bf05f1b1107732149d227eeda5ca5a43cf583dc297d66072a1acd75e93a7caefd36a0d581e21d5cb08654c4ecef46ebac5391546e0b7d2a6418548d8f816446bcf237f676e873e6bae9107234abe5ab24c53ea472ad10653cef068fd9f4e729fc0d526e489f8df13af5575f1e70e0ec22899728b0659d70fc2dd509d9df3ec170638f89e540f4d3f02aa9b1b1819f84da596e0d7b45a5818061728f8eeccd2bea0f460dd7e18cb95f2364c50e351f0690e184eb63ebbb14a0b4b2117e44f3b2b3", 0x2000, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x130, 0x0, 0x3ff, {0x1, 0x7, 0x0, '\x00', {0x1, 0xad7, 0x8, 0x808, 0x0, r5, 0x6000, '\x00', 0xffffffffffffffff, 0x8, 0x100000000, 0x7, {0x6, 0x7}, {0x20000000000004}, {0x100000000, 0xc}, {0x10000, 0xa06}, 0x4, 0x5, 0x1, 0x3}}}})
write$FUSE_INIT(r3, &(0x7f0000001200)={0x50, 0x0, r4}, 0x50)
socket$can_j1939(0x1d, 0x2, 0x7)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = openat2$dir(0xffffffffffffff9c, &(0x7f0000001140)='./file0\x00', &(0x7f00000011c0)={0x101800, 0x44, 0x1}, 0x18)
getdents64(r7, &(0x7f00000013c0)=""/223, 0xdf)
r8 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r8, 0x4148, 0x0)

1m20.151296921s ago: executing program 2 (id=25):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0)
sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x54, r2, 0x100, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_MAC={0xa, 0x6, @random="85a95d928e21"}, @key_params=[@NL80211_ATTR_KEY={0x10, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_DEFAULT={0x4}]}], @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1716}]]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x40)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, 0x0, &(0x7f00000000c0)='GPL\x00', 0x5, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r5, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r7 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/ignore_tunneled\x00', 0x2, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x680182)
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x6, 0x0, 0x111, 0x6}}, 0x20)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000240), r7)
sendmsg$SEG6_CMD_SETHMAC(r7, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x4000011}, 0x48045)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, 0x0, 0x38)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r9, &(0x7f0000002c00)={0x0, 0x0, &(0x7f0000002bc0)={&(0x7f0000002b80)={0x20, 0x1405, 0x1, 0x70bd26, 0x25dfdbff, "", [{{0x8}, {0x8}}]}, 0x20}, 0x1, 0x0, 0x0, 0x40004}, 0x4000040)
ioctl$FS_IOC_GETFLAGS(r9, 0x80086601, &(0x7f0000000380))
write$RDMA_USER_CM_CMD_MIGRATE_ID(r8, &(0x7f0000000080)={0x12, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, r8}}, 0x18)
dup(r3)

1m18.291704024s ago: executing program 2 (id=28):
syz_emit_ethernet(0x6e, &(0x7f0000000180)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x38, 0x6, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, {[@md5sig={0x1d, 0x12, "bb9b69de4386bf2ae6a3b321505c68cd"}, @md5sig={0x1d, 0x12, "c52a2d43d2c85500"}]}}}}}}}}, 0x0)
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
memfd_create(&(0x7f0000000a40)='\x00', 0x0)
capset(&(0x7f0000000380)={0x19980330}, &(0x7f0000000040)={0x200000, 0x200003, 0x3, 0x0, 0x7})
prctl$PR_SET_IO_FLUSHER(0x39, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000000000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
r2 = syz_open_dev$sg(&(0x7f0000000280), 0x0, 0x22c43)
syz_usb_control_io(r0, &(0x7f0000000c40)={0x2c, &(0x7f00000000c0)={0x20, 0xc, 0x4f, {0x4f, 0x31, "77379a53585fa5ec29cfc31d66c89141cadf1fe3f826ac254bbc37707f1a55ee3a3454bc7dbb451ebde127a2bcd98a04fa7b78fdb6a1b7ac88c02fb332a17ba69d731c59cf1a266cd46df6eabb"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x41a}}, &(0x7f0000000b80)={0x0, 0xf, 0x1c, {0x5, 0xf, 0x1c, 0x2, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "9fd0b7c982f3c06863d0a3eb18c1ded0"}]}}, &(0x7f0000000bc0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x18, 0x2, 0x3a, 0x1, "9aaaf9a3", "8b4ce4ca"}}, &(0x7f0000000c00)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xa, 0x10, 0x49, 0x5, 0x35, 0x71, 0x8}}}, &(0x7f00000010c0)={0x84, &(0x7f0000000c80)={0x40, 0xe, 0x4a, "9eeb529c12feb78eb828fa16bb1135892611326c2e9f9453f8b4cafbc18785401b649f18f9bd86ef20d807968a88127bf591228c5cf3bfa5dd5e4efba519edf8a95dc07cba3b9e5f13c9"}, &(0x7f0000000d00)={0x0, 0xa, 0x1, 0xf}, &(0x7f0000000d40)={0x0, 0x8, 0x1, 0x67}, &(0x7f0000000d80)={0x20, 0x0, 0x4, {0x2, 0x1}}, &(0x7f0000000dc0)={0x20, 0x0, 0x8, {0x100, 0x20, [0xff0]}}, &(0x7f0000000e00)={0x40, 0x7, 0x2, 0x7ff}, &(0x7f0000000e40)={0x40, 0x9, 0x1, 0x9}, &(0x7f0000000e80)={0x40, 0xb, 0x2, "6b02"}, &(0x7f0000000ec0)={0x40, 0xf, 0x2, 0x1000}, &(0x7f0000000f00)={0x40, 0x13, 0x6, @remote}, &(0x7f0000000f40)={0x40, 0x17, 0x6}, &(0x7f0000000f80)={0x40, 0x19, 0x2, "f9d4"}, &(0x7f0000000fc0)={0x40, 0x1a, 0x2, 0x3}, &(0x7f0000001000)={0x40, 0x1c, 0x1, 0x3}, &(0x7f0000001040)={0x40, 0x1e, 0x1, 0x1}, &(0x7f0000001080)={0x40, 0x21, 0x1, 0x8}})
fcntl$setstatus(r2, 0x4, 0x40400)
r3 = syz_usb_connect$uac1(0x5, 0xef, &(0x7f0000000a80)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0xff, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xdd, 0x3, 0x1, 0x2, 0x10, 0x5, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xff}, [@selector_unit={0x7, 0x24, 0x5, 0x3, 0xb, "c64b"}, @output_terminal={0x9, 0x24, 0x3, 0x5, 0x101, 0x2, 0x4, 0x6}, @input_terminal={0xc, 0x24, 0x2, 0x5, 0x203, 0x4, 0x7, 0x1, 0x0, 0x9}, @processing_unit={0xa, 0x24, 0x7, 0x4, 0x6, 0x67, '\vvU'}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0x7, 0x4, 0xb, 0x10, "45a5e1"}, @format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x5, 0x2, 0x0, 0x1, "9c29f630e75118eeee"}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x86, 0x4, 0x83, 0x7, 'v'}, @format_type_i_discrete={0xf, 0x24, 0x2, 0x1, 0xf8, 0x1, 0x80, 0x4, "b204f5965af2b3"}, @format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x4, 0x4, 0x2, "38170d"}]}, {{0x9, 0x5, 0x1, 0x9, 0x200, 0x0, 0xf7, 0x7, {0x7, 0x25, 0x1, 0x80, 0x4, 0x48}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xf, 0x24, 0x2, 0x1, 0xc, 0x4, 0x8, 0x2, "817eab16ecce5f"}, @format_type_i_discrete={0x9, 0x24, 0x2, 0x1, 0x6, 0x2, 0x2a, 0x5, "de"}]}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x4, 0x4, 0x5, {0x7, 0x25, 0x1, 0x80, 0x5, 0x8001}}}}}}}]}}, &(0x7f0000000540)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x200, 0x4, 0x1, 0x3, 0x8, 0xb9}, 0xc, &(0x7f00000001c0)={0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x4, 0x7, 0x5}]}, 0x9, [{0x31, &(0x7f0000000200)=@string={0x31, 0x3, "5aba0a222e60a86168608c50eb055ff14cd16646421154a0b39a0f02b922d1716a4373ef584bc5652f9adeb6b4557d"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x447}}, {0xf, &(0x7f0000000280)=@string={0xf, 0x3, "35126bc17284eace07fe8944c2"}}, {0x6e, &(0x7f00000003c0)=@string={0x6e, 0x3, "f378b69b24f2f2a2f5b81ed5e2d62f6db66461e8afe67bc91ac176e01d2d12329c20abbe699973e1cc28e7650407c6be096b4fad3ed07a00c93c67cf0844f6242a42420d525ff79e0c0a70fe8035dd6631969d402a5d071833750e822b124fd4e0814d334fa5b7c99031564d"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x180a}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x801}}, {0x2c, &(0x7f0000000480)=@string={0x2c, 0x3, "b91a0a07ac3f23fa0ddfa3da22b078ae3605bcf482aa560588cb0b8176a3b596cb0397ad5e7a05fac9d4"}}, {0x16, &(0x7f00000004c0)=@string={0x16, 0x3, "f32d4a6896c7d4e1b6ce143428ee49a52bb198c5"}}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x40e}}]})
syz_usb_control_io$uac1(r3, &(0x7f0000000740)={0x14, &(0x7f0000000600)={0x0, 0xc, 0xcb, {0xcb, 0x23, "6509a2f476aa4c2f4ad75d83e425bb218a51702adc2d788c26fc042106d1d08382534a0360cb7f7328ed9574331a125c9390be3886efa79b902c70fb870322ccdef9538b8b9c288ac6667946e171acfabcda625abcfbdf393fa43100cc668db37792b580706eca61ff734ef2306883abfc8310f065b222738d8f2676175f2b2d5fdf0fdd6334b09d8c4de1185b1ddb4ed291af07b6c0b9362a4c7350092305b4cc55b075a1f7badef160ed1bdf6d8a32aea05525fdcd85b338c521f37b9e194f5de1ebf8f00a797d81"}}, &(0x7f0000000700)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xfcff}}}, &(0x7f00000009c0)={0x44, &(0x7f0000000780)={0x40, 0x8, 0x3c, "9b1594f10993d88a7581649182ae053447938298aa851068e8b8bc23ada8dd391e04ad0b7470326aec651ca47fb63c0fd94827e056125498f6d032fb"}, &(0x7f0000000800)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000840)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000000880)={0x20, 0x81, 0x3, "f71076"}, &(0x7f00000008c0)={0x20, 0x82, 0x1, "a4"}, &(0x7f0000000900)={0x20, 0x83, 0x1, 'u'}, &(0x7f0000000940)={0x20, 0x84, 0x3, "a911f4"}, &(0x7f0000000980)={0x20, 0x85, 0x3, "19f390"}})
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, &(0x7f0000000040))

1m12.666035539s ago: executing program 2 (id=35):
syz_open_dev$dri(0x0, 0x1fd, 0x14b700)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x8000)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
semctl$IPC_RMID(0x0, 0x0, 0x0)
r2 = syz_open_dev$I2C(0x0, 0x0, 0x2002)
ioctl$I2C_SLAVE_FORCE(r2, 0x706, 0x7b)
r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000003fc0), 0x0, 0x0)
ioctl$SOUND_MIXER_READ_DEVMASK(r3, 0xc0044dff, &(0x7f0000004000)) (fail_nth: 4)

1m11.518315984s ago: executing program 2 (id=40):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000000)=@sg0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='nfs\x00', 0x0, &(0x7f0000000240))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
close(0xffffffffffffffff)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000100)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x1000001, 0x5069f481, 0x8, 0x7fff, 0x0, 0x800, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef10542a2201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42731b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c32768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e179100a0000000000000021e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90a14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9edb6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc83cccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x400000000000000, {0x0, 0x9}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
stat(&(0x7f0000000c40)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000d40))
add_key(&(0x7f0000002c40)='big_key\x00', &(0x7f0000002c80)={'syz', 0x1}, &(0x7f0000002cc0)="b547f465129e5e7aeb8a1fbb4d3d917d2c80860f2f50b285c3aeae3b495963a558d3980295f671a1adcc7efe31430a88939c00931842cae1d8c943e639abf2c1a8042034aa880ca25d12b5e08c0492b0c2ff3ab3dcccbe63a4a8d42918f3faad36d2ddd1afa40e1220c254f7d06a520086154fdd5cd84252502edff012e669ffc7c674d8edea1c709c0be9c250891f09282710a25ac8b45d9b802e595ec209c514eef254d03acc05bb89fc144591c71787f5b7036451ff74e9abe27fe41b5541f6235492597fb5362b14d34ee63f4b4bd3b94c59ccbd72fcc1763b2f5cdab68e4c010e3122ed44766dca1f51b5e98135a64a58ffc54dc8b3fdda6537740a6bf34920646a8d994ff1c55b6808bd68253d0afbb7fb9050957e20fda29278f7efe149d45a20660bbcc49142164d91f908ef11f46ea3641a3a8068fc44c3e59dea420c62b01c8955af7c1e97240ebdb2858cea6b75e5c150a98922df6dcd1fc24d671bf3a003f144face8d3fbe35c5296cde97beb80fc68f4958999876284e3db48da22c45fa82298a8c0698d609e8b68f2586dedb0d59ccb2bf7bd680a190f15a69e0326301b26ce7a0fc9d8132e6f175515e0ba2351cb7547cdf52692085ba4273546b452f36788b0d7740c8710610f801620fb375bf3132ed69bbffc664bdfd4a31a1b0f64cf8b9298a5f4b586b6549af6031ef1d286a1f202c14399a201b49b22d32895b998143cc0206612fff92d69f62bb9c046f0e2df516ee027567da500d0f7b34dc22a45fae1c4ef4fcb0216f04da802ee84bfabbdd249d62877843571d69b1ad7a2ddbee65a3383afd97a92d9bf0d1a1475b9ef4b125142cf160545e3ad3ded1878420ca9514429aba0bb03f7ae8a203d054a4c9be7d3b7a088e28cec4b22fc14e053731f7251797a86b59c64729a2bf5d3d4c0b62564a7f10b4da78382aa6128695656e10d231b60da623a21c691be540cd70d08c48d0c79a26e09fab233cdc51d92ac9753e344a398ad8bac989a448a20779cadb3b5730da576f0fbfc7d6e7a060dca1cef8527d4f4f84c7257242430bbe005655aab8b8a91b742b5e9e5385c057f56fdba928297e2ce832d0a8e435eead98f52d78e486464b54d3ccc2b64df5832444590ae93de8b4b32524c75bd5019a94a12125577d50d667afbc06e9b250d5907128a744ee1770fa78fe67c2b172c8f58eec40086fae08039c76bc543b2fe1aa8fba0c8e1dea5a869168368bd961d8199eeb92b6d412b2fb92894e42c269db10685a0093890c019718e0b920d3256840b799f369db7c46569cd3aadabf49b3ecc829fa7a583cc23a6662a49f8bd4d63eef91ef3ffed6cff38abd10091ed684c83f5dcb07068dc392be366adc4ca3e12283630eb55c99773f655df5ce9fcbcb9205d17412601891e795959da2e3416d139b1da579f40d41a9eea857d643f577a6a153f22cea9e9b90c589694088a277ac714f2d1248af386f5c873ced146c6639a66d6d40558c56435536dc752c0d27b511ae1409afa1a6b2fe57c5775121f953be2b8070b0e9b6201610edf606dbbaf5b09d3de0de0f33baada630f11e4af30cc291f3a1386f40dea2ff325958ab3d0fa0a5a90e0485c4aa93a1e46b67fc0537c8ba3987b3853421ff6c0a7d2a0e6496ed8df7621b024f59b58292669a000056a65bd22d66722573f28ca44b211ae7a89dee3d266cb99021753a41752610f4a0d304d38afa0a860f6e725f13da727b4d86bc99450f95b6925770652b2a52da1219a87ba55dc8f23d878fffb52cdc17d6f55b1cf32215f30920bf3bb02978a7dc236e4e5c869a30e3c657c33c1611664832ea24bac6107e3a3ce9c6469262cc4121b083784cd388f338e52c848f1ce53115e2c59e1badfc65031d0cc3168ce9c9840a019259ff266dd87099098210224fa868e3391acb5de17fb46373b65dd02ad059c5665e0bf7658b558b66dfcbe3e8393a7579e884c414ab65b67f4fdcd08268ab8fe6f7b938eace5afcba6c0290a759ee11b7d78aece3dd0656bdcd009ed5bf95d1e67a8bfcc8571d4443d863f68f43e66342dc6f75c2eaaee0e07b03c47762aa7c5b11c63f228aacc61ad7fe29938c66bba89cac051898bdb4217db583e4a7874f2251112dce7310913850929292ac0d115622a31e8f113169bffedfc8e000efd67430e5505a6cc45fc78500b7976d13ae4d32558ebba0d761e1139ad9a5a6fef12a478aa33d70a6c512e974844fa42f65e011c312ee502eb4cb4f5aaeeb0289f425b7ac9492fba1c0ef05849f85e62983f5a09ba914152f46ddfffab6c4a29b94ced8b55c236be8f5eb152e09417afe6c0e16977a54edc7429fd246048a56a77bcb063ec8194a87dae28d7691e2307db53f889d6b364194d24edc66554ed2d95fc2a08dab02f3cbfc5c9888f54e72fc76b0f5ad46a96e880e628ecc6fb92037889cb21c4d18c11c07398cb912651d0bb881e0d571d3c36f172e17dd36f24ec6ed6f2dd1ce0585a33adf30e14c71729fe96b24a16ae25105772b3950e938ee7f3a78c84817101bb57d8bd9e68766ce3e16422ec007c594ad3a85d77aa08b9b419da857b965fc2d00eb3b548fe760623f4401c0fd1dfaaed6d1ef64c4869ef81fd5c3a80301997d50e3e0a76731a3471e7d173babb6b4513652e968ac60c3f335860a8fd07f706bd86c5cee6542e9aec6565ade57ef990c312f874de16f2bf2fe76b9e19e8bb339194bd2bcb877196c1b45967803a4cb36574bf16e773f16ec310f0e3fae0b43a7db9e555ffeb6feb7b613798dfe6f2ab6573eb2b969b3c6a83863d5bbed13d1fff9eeee2e71b5a8f496b170207631f97d779c56165c3b7b10adf2b03a19bf402ec0298430a7848fe15f7dc5f91ab4ab0bdb6008dfcfb7", 0x805, 0xfffffffffffffffe) (fail_nth: 2)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4000, 0x0, &(0x7f0000001000/0x4000)=nil)
setsockopt$inet_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x0, 0x2d, &(0x7f00000014c0)={0x0, {{0x2, 0x4e21, @private=0xa010100}}}, 0x88)
acct(&(0x7f00000001c0)='./file0\x00')

1m9.165281159s ago: executing program 2 (id=44):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20040040)
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x30)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x10001, 0x5, 0x10000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

51.801320034s ago: executing program 32 (id=44):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20040040)
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x30)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x10001, 0x5, 0x10000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

16.13319358s ago: executing program 4 (id=133):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0)
sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x54, r2, 0x100, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_MAC={0xa, 0x6, @random="85a95d928e21"}, @key_params=[@NL80211_ATTR_KEY={0x10, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_DEFAULT={0x4}]}], @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1716}]]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x40)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, 0x0, &(0x7f00000000c0)='GPL\x00', 0x5, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r7 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/ignore_tunneled\x00', 0x2, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x680182)
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x6, 0x0, 0x111, 0x6}}, 0x20)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000240), r7)
sendmsg$SEG6_CMD_SETHMAC(r7, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x4000011}, 0x48045)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, 0x0, 0x38)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r9, &(0x7f0000002c00)={0x0, 0x0, &(0x7f0000002bc0)={&(0x7f0000002b80)={0x20, 0x1405, 0x1, 0x70bd26, 0x25dfdbff, "", [{{0x8}, {0x8}}]}, 0x20}, 0x1, 0x0, 0x0, 0x40004}, 0x4000040)
ioctl$FS_IOC_GETFLAGS(r9, 0x80086601, &(0x7f0000000380))
write$RDMA_USER_CM_CMD_MIGRATE_ID(r8, &(0x7f0000000080)={0x12, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, r8}}, 0x18)
dup(r3)

13.927508307s ago: executing program 4 (id=134):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0)
write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000440)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000040)=0xfff)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000b54000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000003c0)="c744240000000000c7442402aeb50000c7442406000000000f011424b8010000000f01c126640fc75b0066ba4300b0d0ee660fc7310f070fc73d18855ea2f30f209966ba4000b000ee0f09"}], 0x1, 0x8f, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000180)={<r6=>0xffffffffffffffff}, 0x111, 0x5}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000200)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000040), r6, 0x0, 0x1, 0x4}}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000002000)=""/102400, 0x19000)
r8 = gettid()
socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="24000000330001002bbd7000fedbdb25040000000800040002000000080005000776b860d6b1992e56d6", @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x4000000)
rt_tgsigqueueinfo(r8, r8, 0xb, &(0x7f0000000540)={0x1e, 0x8, 0x2a3})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001340)=@newtfilter={0x18, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x2}, {}, {0x4}}, [@filter_kind_options=@f_route={{}, {0x0, 0x2, [@TCA_ROUTE4_TO={0x0, 0x2, 0x36}, @TCA_ROUTE4_CLASSID={0x0, 0x1, {0xf, 0x5}}, @TCA_ROUTE4_IIF, @TCA_ROUTE4_CLASSID={0x0, 0x1, {0x2, 0x9}}, @TCA_ROUTE4_POLICE={0x0, 0x5, [@TCA_POLICE_TBF={0x0, 0x1, {0x5, 0x10000002, 0x101, 0x756, 0x7, {0xda, 0x0, 0x3, 0x0, 0xc69, 0x3}, {0x5, 0x0, 0x3a, 0x8, 0x76, 0x51}, 0x1ff, 0xba}}, @TCA_POLICE_RATE={0x0, 0x2, [0x2, 0xa88, 0x401, 0x9, 0x2, 0x10, 0x5, 0x2, 0x800, 0x6, 0x2994, 0x1, 0x7f2add8c, 0x3c60000, 0x7fffffff, 0xfffffffe, 0x1, 0x9dec, 0x200, 0x45789639, 0x5, 0xffff, 0x5, 0x3, 0x7, 0xa4b0, 0x12e, 0x4, 0x0, 0x7236, 0x9, 0x1000, 0xffffffff, 0x1, 0x8, 0x7, 0x3, 0x8001, 0xffffffff, 0xbf, 0x1, 0x9, 0x10001, 0x7, 0xfffffffa, 0x4, 0x0, 0xfffffffe, 0x10, 0x3, 0x291c, 0xcc, 0x80, 0x2, 0x8, 0x6, 0xfffffffe, 0x7, 0xfffffffd, 0x7, 0x7, 0xfffffffc, 0x9, 0x7, 0x40, 0xe0e8, 0xffffffff, 0xfffffff8, 0x38, 0x12f, 0x6aae, 0x7, 0x2, 0x4, 0x9, 0x6, 0x0, 0x2, 0xd, 0x0, 0x2, 0xa, 0x549, 0x8, 0xfffffffa, 0x3, 0x5, 0xf787b24, 0xfffffff8, 0x1, 0x9, 0x4, 0x99, 0x0, 0x80000001, 0x5, 0x70e, 0xa, 0x80000001, 0x185f, 0x0, 0x7, 0x9d0, 0x10000, 0x2, 0xb75, 0xfff, 0x0, 0x200, 0x5, 0x2, 0x30, 0xb555, 0xe9, 0x80, 0x0, 0x0, 0x9, 0xdb7, 0xf, 0x7, 0xa1, 0x7f, 0x5, 0x6, 0x7, 0x4000000, 0x7, 0xf, 0x8e7, 0x7, 0xe567, 0x2, 0x0, 0x4, 0x9, 0x7, 0x3ff, 0x85f, 0x7, 0x6, 0x9, 0x10100000, 0x6, 0x2, 0x1ff, 0x60000000, 0x1, 0x3, 0x1, 0x4, 0x0, 0x4, 0x0, 0xfffffffa, 0x80000000, 0x80000001, 0xb1, 0x6, 0x9, 0x3, 0x8, 0xc4, 0x1, 0x81, 0x7fff, 0x4, 0x7, 0x0, 0x7, 0xb095, 0x8000, 0x80000001, 0xff, 0x6, 0x1, 0x2, 0x676, 0x6, 0x8, 0x2, 0x1, 0x7, 0x8, 0x4, 0x2, 0x9, 0x0, 0x9, 0x2, 0xffffffff, 0x5, 0x2, 0x4, 0x82, 0x6, 0xffffff98, 0x3, 0x8, 0x3, 0xffff, 0x7, 0x9ebd, 0x3, 0x2, 0x9, 0x7, 0x8c7b, 0x8, 0x8000, 0xfffffffb, 0x7, 0xa, 0x2, 0x7fff, 0x8, 0x2, 0x4, 0x33, 0xf, 0x0, 0x6, 0x2, 0xc7, 0x64a, 0x2, 0x5, 0x6, 0x6, 0x1, 0xfa, 0xfffff1e2, 0x6, 0xfa, 0x7, 0x6d74, 0x400, 0x5, 0xfff, 0x9, 0x200, 0x0, 0xedd, 0x87, 0xffffffb5, 0x7, 0xa7f, 0x0, 0x7, 0x62, 0x10000, 0x3, 0xeb, 0x9, 0x4, 0x6]}]}, @TCA_ROUTE4_POLICE={0x0, 0x5, [@TCA_POLICE_PEAKRATE64={0x0, 0x9, 0xfffffffffffeffff}, @TCA_POLICE_RATE64, @TCA_POLICE_PEAKRATE={0x0, 0x3, [0x3, 0x4, 0x3, 0x9, 0x81, 0x1, 0x0, 0x9, 0x200, 0x100, 0x8, 0xf, 0x0, 0x15e, 0x2, 0x7, 0x9295, 0x5, 0x2, 0x7, 0x1, 0x7, 0x1, 0xfffffffa, 0x35e5f817, 0x2, 0x1, 0x0, 0x7, 0x3e, 0x7, 0x9, 0x8654, 0x7, 0xcc, 0x8000, 0x2, 0x4, 0x23, 0x3, 0x9, 0xa8, 0x1, 0x8, 0x3ff, 0x8, 0x100, 0x200, 0x7, 0x198, 0x4, 0x5, 0x7, 0x9, 0x6, 0x302, 0x5b7, 0x3c, 0x6, 0xf58, 0xffffff01, 0x0, 0xb51, 0x2, 0x8, 0x3, 0x7, 0x8000, 0xd, 0x8, 0x1, 0xc98d, 0x8, 0x1, 0x8, 0x800, 0x1058, 0x5, 0x2, 0x10000, 0x7ff, 0x400, 0x6, 0x0, 0x6, 0x9, 0xf0e5, 0x101, 0x3, 0x1, 0xf4f, 0x1000, 0x1, 0xa796, 0x50, 0xe, 0xfffffffe, 0x0, 0x1, 0xa, 0x7, 0xc69, 0x3, 0x400, 0x20000000, 0x4, 0x6f2, 0x9, 0x1, 0x82, 0x7, 0x1f, 0x4, 0x4, 0x1, 0x9, 0x2, 0x3ff, 0x4, 0xa, 0x8, 0x80, 0xa0dc, 0x2, 0x0, 0x7, 0x3, 0x5, 0x0, 0x2, 0x3, 0x1, 0x401, 0x2, 0x972, 0x10001, 0xa0, 0x1, 0x2, 0x7ff, 0x3b, 0x4d, 0x7, 0x0, 0x7, 0xda7, 0x1143, 0x6, 0x7, 0x7, 0x9, 0x4, 0x9, 0x80000001, 0x97, 0x3, 0x6, 0x6, 0x6, 0xa, 0x3, 0x200000, 0x0, 0x5, 0x6, 0x1, 0xfffffffa, 0x0, 0x80, 0x5, 0xffffffff, 0x5a, 0x8, 0xa6da, 0x7, 0x8, 0x0, 0x8, 0x4d, 0x307, 0x5, 0x2100, 0x7, 0x7, 0x6, 0x8001, 0xd4b1, 0x101, 0x1, 0x8, 0xffff, 0x6, 0x5, 0xffffffff, 0x4, 0x81, 0x5, 0x81, 0x4, 0xffffdfdc, 0x1, 0x8, 0x8, 0x8, 0x3, 0x4, 0x7fffffff, 0x800, 0x2843, 0xf7c, 0x3, 0x2, 0x8, 0x5, 0xcfe, 0x2, 0xd, 0x2113900a, 0x101, 0x7, 0x8, 0x2, 0x7fff, 0xef, 0x1, 0x1, 0x2, 0x10001, 0x2, 0x1, 0xffffff81, 0x352, 0x7, 0xf, 0x89a2, 0x80000000, 0x8, 0x6, 0x63d, 0x7, 0x9, 0x101, 0x3, 0x9, 0xfff, 0x6, 0xfffffb0d, 0x8000, 0x3, 0x4, 0xffffffff, 0x5, 0x2647, 0x1, 0x3, 0x5]}, @TCA_POLICE_RATE64={0x0, 0x8, 0x40}, @TCA_POLICE_RATE64={0x0, 0x8, 0x8}]}, @TCA_ROUTE4_POLICE={0x0, 0x5, [@TCA_POLICE_RATE={0x0, 0x2, [0x8, 0x9, 0x8, 0x4, 0x4, 0x3, 0x6, 0x9, 0x80000000, 0x3, 0x10, 0x4, 0x10000, 0x1, 0x2c, 0x5, 0x89a, 0x7fff, 0xffffffff, 0xc, 0x5, 0x4, 0x2, 0x2, 0x2, 0x6, 0x6, 0x9, 0x8, 0x9, 0x5, 0x0, 0x6, 0x5, 0xfffffff8, 0x5, 0x1, 0xffffffff, 0xc9, 0x0, 0xfffffc01, 0x6, 0x0, 0x6ae, 0x848, 0xe1, 0xfffffffa, 0x3ff, 0x4, 0x1, 0x0, 0x100, 0xe1, 0xe, 0xf24, 0x1, 0x3ff, 0x8, 0x81c, 0xe, 0xffffffff, 0x4, 0x8, 0x3ff, 0x7, 0xd5, 0x18a86424, 0x7, 0x1, 0x8, 0x2, 0x7, 0x7, 0x7, 0x0, 0xffffffff, 0x5, 0x5, 0x9, 0x7f, 0xc, 0x2, 0x122, 0x8, 0x9, 0x401, 0x1, 0x0, 0x8a, 0x8001, 0x3, 0xfffffffc, 0xffffff00, 0x6, 0x94, 0x8, 0x4, 0x8, 0x0, 0x3, 0x4, 0x80000000, 0x1, 0x9cac, 0x0, 0x24, 0x3, 0x5, 0x3, 0x0, 0x2, 0x0, 0x3, 0xb, 0x8, 0xfffffffa, 0xfffffffe, 0x1000, 0x2, 0x401, 0x9, 0x100, 0x0, 0x5feabd67, 0xf8, 0x6, 0x62, 0x8, 0xe, 0x100, 0x3, 0x2, 0xffff, 0x800, 0x5, 0x8, 0x10000, 0x80000001, 0x0, 0xffffff00, 0x1, 0x3, 0x9, 0x4, 0x4, 0x0, 0x7, 0x1ff, 0xf, 0x2, 0x2, 0x8, 0x5b8, 0xffff, 0xae, 0x10001, 0xfffffffe, 0x1, 0x6000, 0xfffffff8, 0x2, 0x7fffffff, 0x4, 0xc7, 0x4ea40038, 0x4, 0x101, 0x8, 0x53c5146d, 0x7f, 0x8, 0x81, 0x3, 0x3, 0xfffffffc, 0x7, 0x8, 0xfffffff7, 0xa, 0x4, 0x24000000, 0x9, 0x1, 0x1, 0x6, 0x9, 0x7, 0x3, 0x8000, 0x0, 0x0, 0x2ac2, 0x7, 0x5, 0x7fffffff, 0x3, 0x7, 0xf22, 0x6, 0x5, 0xa, 0x401, 0xffffffff, 0xfffffffe, 0xe, 0xffff, 0x9, 0xe, 0x9, 0x0, 0x10000, 0x4e, 0xffffff19, 0x38, 0x0, 0x10001, 0x80, 0x66, 0x4, 0x0, 0x0, 0x3, 0xaabd0, 0x4, 0x4, 0x80, 0x802d, 0x200, 0xfffffffd, 0x597, 0x0, 0x5, 0x3, 0x7, 0x3, 0xa, 0x7, 0xdaa3, 0xfff, 0x3, 0x8, 0xffff, 0x5, 0xfffffff8, 0x5, 0xffffff81, 0x8, 0x8, 0x1, 0x6, 0x7, 0x9, 0x916, 0x8, 0x2cab, 0x3ff]}]}, @TCA_ROUTE4_IIF]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40080}, 0x20000000)
ioctl$KVM_CAP_PMU_CAPABILITY(r3, 0x4068aea3, &(0x7f00000002c0)={0xd4, 0x0, 0x5})

11.850655758s ago: executing program 0 (id=138):
r0 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000000580)={0xa20000, 0x0, 0x922, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x9a0902, 0xfffffffc, '\x00', @value64=0x5}})

11.645804098s ago: executing program 0 (id=140):
r0 = socket(0x2a, 0x2, 0x0)
r1 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080))
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000002d00)={0x1, {{0xa, 0x4e22, 0x1000, @mcast2, 0x3}}, {{0xa, 0x4e22, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0xb0}}}, 0x108)
r3 = gettid()
mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x0)
acct(&(0x7f0000000140)='./file0\x00')
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8)
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00001c9000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000040)=[{}], 0xb3c, 0x0, 0x0, 0x2, 0x0, 0x2})
r5 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x101201, 0x0)
ioctl$IMADDTIMER(r5, 0x80044940, &(0x7f0000000600)=0x14)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000000)={<r7=>0x0, 0x8}, &(0x7f00000000c0)=0x8)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r6, 0x84, 0x1b, &(0x7f0000000200)={r7, 0x12, "4194989ee151523275710aac7f553976cca1"}, &(0x7f00000002c0)=0x1a)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r8 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r8}, 0x10)
ioctl$IMADDTIMER(r5, 0x80044940, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x183a00)
r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)

9.652396473s ago: executing program 4 (id=144):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4309(aegis128-generic)\x00'}, 0x58)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f00000002c0)=<r3=>0x0, &(0x7f0000000000)=<r4=>0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
r5 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f00000001c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff56})
io_uring_enter(r5, 0x7a98, 0x0, 0x0, 0x0, 0x0)
r8 = syz_io_uring_setup(0x1e1e, &(0x7f0000000380)={0x0, 0x86f7, 0x10100, 0x3, 0x38a}, &(0x7f0000002000)=<r9=>0x0, &(0x7f0000000440)=<r10=>0x0)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0900000018000000080000004000000042000000", @ANYRES32=0x1, @ANYBLOB="00000000000000fafa9bc65a00000000000000001f0b49828782a0ed07ff07000000000000ce0c990fc93a2f3e7461dcdffdeb3810e13f71c98de72bc78851", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r11}, 0x38)
syz_io_uring_submit(r9, r10, &(0x7f00000001c0)=@IORING_OP_SENDMSG={0x9, 0x49, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000001080)={0x0, 0x0, 0x0}, 0x0, 0x8000})
io_uring_enter(r8, 0x48e9, 0xf2bb, 0x2, 0x0, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd=r2, 0xfffffffffffffffd})
io_uring_enter(r8, 0x2def, 0x0, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r2, 0xffffffffffffffff, 0x0)
r12 = syz_open_dev$usbfs(&(0x7f0000000000), 0x76, 0x103381)
ioctl$USBDEVFS_DROP_PRIVILEGES(r12, 0x4004551e, &(0x7f0000000280)=0x4)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="3800000010000108fdffffff0000000800000000", @ANYRES32=0x0, @ANYBLOB="000000002104020008001b000000000010001a800c002d800500080003000000f1b048ebadab81ea8cd6465d917921e906866dc0089ea1c6f7bf70052a57e6907598f966facb59cb2fc38a336504cfcaf2deeddc44b71c89d8e8bac6ec8f9f2a9718a8bcc70a7511d4c2ac18171e9b066933d3a408e32bef4a3ee4f5d2c9d1dc0f81864dc8076c2451a30ea259d8effc558ec738bbdfddc2eba373e0fc0444f4764104ea4d457b140b7457fd97ae612b43b46cb53a082b8565555ba900292bada67cd671259dc1b55af507fcf4584e1bf97f94"], 0x38}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)

9.622565776s ago: executing program 0 (id=145):
sendmsg$NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, 0x0, 0x20040040)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2)
ptrace$ARCH_GET_MAX_TAG_BITS(0x1e, 0x0, 0x0, 0x4003)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
keyctl$read(0x1f, 0x0, &(0x7f0000000080)=""/61, 0x3d)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
close_range(r1, r2, 0x0)

7.49039517s ago: executing program 0 (id=147):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18)
connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18)
sendmmsg(r0, &(0x7f0000003e40), 0x3fffffffffffe3d, 0x0)

7.304116674s ago: executing program 1 (id=148):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001000ffff27bd7000fbdbdf", @ANYRES32=0x0, @ANYBLOB="1503"], 0x4c}, 0x1, 0x0, 0x0, 0x1}, 0x8000002)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
getrusage(0x0, &(0x7f0000000640))
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x3, 0xc, &(0x7f00000008c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x87}, @printk={@s, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x9b}}]}, &(0x7f0000000800)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r3, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffff35)
semget(0x2, 0x2, 0x600)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24008004}, 0x20048040)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f0000000a00)={<r4=>0x0, 0xffff, 0x8, 0x1})
ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f0000000e00)={0x14, 0x2, {0x1000, @usage=0x100000, <r5=>0x0, 0xfe5, 0x4, 0x10001, 0x8000, 0x1f, 0x0, @usage=0x10, 0x400, 0x80ec, [0xfffffffffffffff2, 0x3, 0x6, 0x2, 0x0, 0x9d]}, {0x4, @struct={0x8, 0x10}, 0x0, 0x3, 0x38, 0x4, 0x200, 0x7, 0x1, @struct={0x2c3, 0x10}, 0x4, 0xfffeffff, [0x0, 0x3, 0x1, 0x0, 0xf9e6, 0x2]}, {0xfffffffffffffff9, @usage, 0x0, 0x1, 0x8, 0x2, 0xffffffffa1a2b414, 0x6, 0x0, @struct={0x3, 0x2}, 0x2, 0x6, [0x7, 0x1, 0xffffffff, 0x0, 0x2, 0x4000000000000000]}, {0x800, 0x7fff, 0x3}})
ioctl$BTRFS_IOC_SCRUB(r2, 0xc400941b, &(0x7f0000001200)={<r6=>0x0, 0x8f5a, 0x1000, 0x1})
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000001600)={0x18, 0x1, {0x100, @usage=0x4, r4, 0xfffffffffffffbff, 0x51bb, 0x0, 0x2, 0x1, 0x0, @struct={0x400, 0x2}, 0x1, 0x8, [0xae1d, 0x6, 0x7, 0x3, 0x7ff, 0x8]}, {0x4, @usage=0xfffffffffffffff9, r5, 0x167, 0x8000000000000000, 0x8000000000000, 0x1, 0x6, 0x1, @struct={0x8, 0x7ff}, 0x7, 0x80000000, [0xb, 0x9, 0xb3b0, 0x3, 0x7, 0x10001]}, {0x2, @usage=0x3, r6, 0x20000000000, 0xe78, 0x5, 0x6, 0x2, 0x10, @usage=0x7, 0x2, 0x2, [0x2, 0x41, 0x1, 0xfffffffffffffffd, 0x5, 0x30c]}, {0xe8, 0x0, 0x10000}})
r7 = request_key(&(0x7f00000000c0)='encrypted\x00', &(0x7f0000000140)={'syz', 0x2}, &(0x7f00000001c0)='-,$-\'((^}&(.\x00', 0xfffffffffffffff9)
r8 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffa)
r9 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9)
keyctl$KEYCTL_MOVE(0x1e, r7, r8, r9, 0x0)

7.122112327s ago: executing program 4 (id=150):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = fsopen(&(0x7f0000000400)='cramfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, 0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)=@o_path={0x0, 0x0, 0x4000}, 0x18)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x5)
dup(r4)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000080)='cubic', 0x4)
unshare(0x2040400)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x0)
bind$inet6(r5, 0x0, 0x0)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)

6.284278238s ago: executing program 1 (id=152):
socket$inet6_sctp(0xa, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
socket(0xa, 0x3, 0xff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0))
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f)
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r1, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000140), &(0x7f0000001300))
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x4, 0x200000400000000, 0x4, 0x344}, 0x0, 0x0)

5.854078779s ago: executing program 4 (id=153):
r0 = syz_usb_connect(0x1, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000400)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x40, 0x13, 0x6, @remote}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async, rerun: 32)
syz_usb_control_io(r0, 0x0, &(0x7f0000000340)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)={0x40, 0x19, 0x2, "b3f0"}, 0x0, 0x0, 0x0, 0x0}) (async, rerun: 32)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000180)=ANY=[@ANYBLOB="400f07"], 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) (async, rerun: 32)
syz_usb_control_io$uac1(r0, 0x0, 0x0) (rerun: 32)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) (async, rerun: 64)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 64)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) (async)
r1 = getpid()
sched_setscheduler(r1, 0x1, 0x0) (async)
sched_setscheduler(r1, 0x1, &(0x7f0000000080)=0x6) (async, rerun: 64)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async, rerun: 64)
r2 = socket(0x1e, 0x4, 0x0) (async)
r3 = socket(0x25, 0x4, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000040)=@req3={0xfffffff7, 0x7fffffff, 0x2, 0x7, 0x1, 0x4, 0x3fd}, 0x1c) (async)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
recvmmsg(r3, &(0x7f0000002840)=[{{0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000000480)=""/4085, 0xff5}], 0x1}, 0xbe58}], 0x1, 0x7ffeedc0, 0x0) (async)
r4 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000000)=@req3={0xffff, 0x101, 0xffff, 0xfffffffd, 0x103, 0xe66, 0x7}, 0x1c) (async)
write(r4, 0x0, 0x0) (async)
close(0xffffffffffffffff) (async)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

5.514073754s ago: executing program 3 (id=154):
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_HANDLE(r0, 0x113, 0x3, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, r3)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0xfffffffffffffd82, r2, 0x5, 0x0, 0x9, {{}, {@val={0x8, 0x3, r4}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4a, 0xe, {{{}, {}, @device_b}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @val={0x2a, 0x1, {0x1}}, @val={0x3c, 0x4, {0x1, 0x4, 0x7, 0x6}}, @void, @val, @void, @val={0x76, 0x3, {0xc, 0x2, 0xff7f, 0xe9}}}}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_HIDDEN_SSID={0x8, 0x7e, 0x1}]}, 0x80}, 0x1, 0x0, 0x0, 0x800}, 0x40000040)

5.21067979s ago: executing program 0 (id=155):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000d"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
prctl$PR_SET_MM(0x23, 0x9, &(0x7f0000004000/0x3000)=nil)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
read$FUSE(r2, &(0x7f00000102c0)={0x2020}, 0x2020)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x11, 0x15, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x10000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000009}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
rt_sigprocmask(0x0, &(0x7f00000000c0)={[0xfffffeffffffffff]}, 0x0, 0x8)
r4 = gettid()
timer_create(0x1, &(0x7f0000000800)={0x0, 0x12, 0x4, @tid=r4}, &(0x7f0000000380)=<r5=>0x0)
timer_settime(r5, 0x1, &(0x7f0000000080)={{}, {0x0, 0x989680}}, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r7, 0x84, 0x10, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r6}, 0x10)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
prctl$PR_SET_IO_FLUSHER(0x43, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
read$FUSE(r8, &(0x7f0000002640)={0x2020}, 0x2020)
r9 = gettid()
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
tkill(r9, 0x16)

5.068023645s ago: executing program 1 (id=156):
write(0xffffffffffffffff, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x141000, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000018c0)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="ffbbdc8706c2c3e27ca6639f", 0xc}], 0x1}}], 0x1, 0x4c015)
r3 = accept(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet_sctp(r3, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x804c040}, 0x1)
ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(0xffffffffffffffff, 0x80845663, 0x0)
r4 = socket$inet6(0xa, 0x80003, 0xff)
socket$inet6(0xa, 0x80003, 0xff)
r5 = getpid()
syz_pidfd_open(r5, 0x0)
r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SNDCTL_FM_4OP_ENABLE(r6, 0xc0045405, 0xffffffffffffffff)
sched_getattr(r5, &(0x7f0000000200)={0x38}, 0x38, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000140)=@framed={{}, [@printk={@lx, {0x3, 0x3, 0x3, 0xa, 0x1, 0xfe00}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xca}}]}, 0x0, 0x1}, 0x94)
setsockopt$inet6_int(r4, 0x29, 0x16, 0x0, 0x0)

5.067355349s ago: executing program 3 (id=157):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003d80)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000003c0)="d6", 0x1}], 0x1}}], 0x1, 0x4048841)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f00000001c0)={"5fbcdbfb555ab7b6da2c492fe4db90aeaf8e5347c79716e75fe060d73e9de531ef8085f88b3a09f05bf084c593b4dab8756600000000077eebf9940a0b60f02d333a2c2aa407522edaabb8cfccecb9d7e0cfd915c17f32bc1ac7e430af977b671ede8605c7c72a5d1397639fd21bf848190fbdbfaeb7e166205def53caa18404ba077c2b5713acbc3d125aea78dfd962dd250511376c3a3b5732114cc92d27be04c7c146cedcc9081a8435f9c67a0c5174df503a84dc11d1d98a2473fbd39de5d9c56ffa28098914b4d47ea99e8134deb75f944afd0df95136c08e057e4d839936c0755318e58ae63dd46f7009df574d263f87508d7e496efb29de0496d4018e8d6c6f7d016752a1d10bb1df8b406bb488dbb43ffd11eb1eb9b36d57cee3b9e4e2e72e97a8059bb8e8120bf04b1d0b929692cc3e5508293bb205beba29259f18213a602dde8a8a19dd2a16b26476ca4f24e86b84ee76d86aacc862c59e154e6bec6ec6e86eb3d9dd50c4ecf6de82c2419674da3b885ac6abaea4765d256727d8560fb55d0bee0c11b1e8a05d4b932254673e8f67abfca2f184a23839164b15e021bff742605fbeb628ab93803e90954074762487b0afc90eec0e31e75dda865693dd655a190f16dbdf7ce7693d27aaf31758d97e25ab40fc44dbc911639d99b592dd0c660b820a46b8374f7e8030031c39768fb9361164f5dad133cf0d5d66c617d3d62b1f0b80e9f88ffc872df05fb5822601dfe4b39179ace0a4f6808b39bad72a80a9a9bd579d0f9a104191ef6e708083218053d3daf8211dff0a87568b7c734ab79b26cf2a65d66b00f2c2f0d3ffd5fc35b58795406446275afb8df4247add7730331b045d384b0c9fa06284463eec7167512277a435ced48980aab83b37a85b7a33ce8fd8b2a543af82bd15955b12833a59645e1de6bd6ab86c4a046a0323415351e6ddb9bcb869d2e7d092b234bfa8c5be098abcd24d8b4a659b36d8af4f3136d23f9115ea6bdc62fb89e2de415e0f08bd6ec5cc53ee3a666049168a88191c6911ea5fe7972f5627923e8b5b9e7c5323da43d48b25caee3016f88c8178fb8ab1149547e33d7fff442fa3ab42408c87cdfe35a82034bd77399a0861ce16141670ffecde05c7393ae522430425707a4c7d988f34a494727e0b1920e93c95af07d3affe9d41bb82d59ff2149705bb782c9d85e53320268fb57096c6c47e616c457a371dda361170f706e53bf9a9ac5692b72d44072217ecb8646e841b6929251a080f56be308c47dac5d59db54bd1ca7499cf3bf7cb8bb763fed9a75d2eb69573b118e3ee78fb11d41c1ce314538fec8fc542c7bf4865841a2e71fc1efd9fa385903372e3670d96398128e75d786f242a6dbf2c053dc48ee2398763b1ba3550136c14ac7ad77d3c8e97b2f36b6af200"})
ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 4)

4.68002428s ago: executing program 4 (id=158):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x12}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x5c}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r3=>0x0}) (async)
r4 = socket$netlink(0x10, 0x3, 0x4)
writev(r4, &(0x7f0000000080)=[{&(0x7f00000000c0)="480000001500257f09004b01fcfc8c860a881300f217e0060000e3323909b8f8896e33719fe3bb036e0bc90900000000000000000000ffff5bf1090000d0bd5e000000006203005b", 0x48}], 0x1)
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)={0x60, r1, 0x101, 0x3, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_KEYS={0x2c, 0x51, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_IDX={0x5, 0x2, 0x1}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "a3446ceb1c5a6525e8f56e2add"}]}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4010}, 0x0)

4.311554219s ago: executing program 3 (id=159):
r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r0, &(0x7f00000002c0)=""/4096, 0x1000)
read$dsp(r0, 0x0, 0x0)

3.493602805s ago: executing program 3 (id=160):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc})
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000180)={&(0x7f0000000040), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x200, 0x70bd2b, 0x25dfdbfe, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x40800)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20004804)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r5=>0x0})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r4)
sendmsg$NL80211_CMD_AUTHENTICATE(r3, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8020411}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)={0x54, 0x0, 0x20, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0xffffffff, 0x78}}}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x7}], @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_SSID={0x18, 0x34, @random="bb90f4b5264bf1be97d0a3802a5a0290b1e353bc"}]}, 0x54}, 0x1, 0x0, 0x0, 0x81}, 0x20040850)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)

2.261622604s ago: executing program 3 (id=161):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ff199610b90661408801010203010902120001000000000904"], 0x0) (async)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0xff, 0x56a, 0xc5, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x6, 0x10, 0xf4, [{{0x9, 0x4, 0x0, 0x9, 0x2, 0x3, 0x1, 0x3, 0x2, {0x9, 0x21, 0x0, 0x5, 0x1, {0x22, 0xed9}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x8b, 0x3, 0xa}}}}}]}}]}}, &(0x7f00000001c0)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x250, 0x4, 0x83, 0x3, 0x8, 0x2}, 0x5, &(0x7f0000000100)={0x5, 0xf, 0x5}, 0x1, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x3c0a}}]})
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x109)
sendfile(r1, r1, 0x0, 0xb) (async)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r1, 0x3b70, &(0x7f0000000200)={0x30}) (async, rerun: 64)
syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x24, @string={0x24, 0x3, "da0780abd35f5da1b3a25ea45d7eff93f2b26ed3eacb8fdc53d7514ddbf6d0990c22"}}, 0x0, 0x0}, 0x0) (rerun: 64)

1.806143235s ago: executing program 1 (id=162):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = fsopen(&(0x7f0000000400)='cramfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, 0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)=@o_path={0x0, 0x0, 0x4000}, 0x18)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x5)
dup(r4)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000080)='cubic', 0x4)
unshare(0x2040400)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x0)
bind$inet6(r5, 0x0, 0x0)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)

1.296342487s ago: executing program 0 (id=163):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10)
r3 = accept$alg(r2, 0x0, 0x0)
sendmmsg$alg(r3, &(0x7f0000001040)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}], 0x1, 0xc8d1)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000200), 0x4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$xdp(0x2c, 0x3, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x80, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_REPLY={0x1c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x133}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0xcd}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5ff}]}]}, 0x80}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x6, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x20000000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
pipe2(&(0x7f0000000000)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff}, 0x80000)
splice(r7, 0x0, r9, 0x0, 0x6, 0x0)
write$P9_RREADDIR(r9, &(0x7f0000000140)={0xb, 0x29, 0x2, {0x7}}, 0xb)
splice(r8, 0x0, 0xffffffffffffffff, 0x0, 0x6, 0xf)

581.247467ms ago: executing program 1 (id=164):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000004c0)=ANY=[@ANYBLOB="0c0000000000000084000040"]) (fail_nth: 2)

45.897117ms ago: executing program 1 (id=165):
socket$inet6_sctp(0xa, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
socket(0xa, 0x3, 0xff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0))
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f)
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r1, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000140), &(0x7f0000001300))
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x4, 0x200000400000000, 0x4, 0x344}, 0x0, 0x0)

0s ago: executing program 3 (id=166):
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x62)
listen(r0, 0x3)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
socket(0x23, 0x5, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x80, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x8, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x1f00)
r3 = epoll_create1(0x0)
r4 = fcntl$dupfd(r3, 0x2, 0xffffffffffffffff)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYBLOB="1a00"/12, @ANYRES32=r4, @ANYBLOB="91"], 0x20)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x80000000005, 0x100000001000087}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r6 = getpid()
sched_setscheduler(r6, 0x1, &(0x7f0000000100)=0x5)
capset(&(0x7f0000000000)={0x20080522, r6}, &(0x7f0000000100)={0x9, 0x1000, 0x7f, 0x7fffffff, 0xfffffffc, 0x3})
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
chroot(&(0x7f0000000a40)='./file0\x00')
mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x1)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.61' (ED25519) to the list of known hosts.
[   90.246194][ T5831] cgroup: Unknown subsys name 'net'
[   90.472390][ T5831] cgroup: Unknown subsys name 'cpuset'
[   90.527402][ T5831] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   92.120019][ T1246] cfg80211: failed to load regulatory.db
[   92.542506][ T5831] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   95.699305][   T59] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   95.712843][ T5845] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   95.715791][ T5845] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   95.718313][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   95.736094][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   95.744288][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   95.783777][ T5851] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   95.786261][ T5851] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   95.800873][ T5162] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   95.813204][ T5162] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   95.827763][ T5162] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   95.830649][ T5162] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   95.887115][ T5858] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   95.905702][ T5858] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   95.907434][ T5858] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   95.910179][ T5858] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   95.911021][ T5858] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   95.924294][ T5855] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   95.955251][ T5858] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   95.963368][ T5845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   95.964242][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   95.964578][ T5845] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   95.976644][ T5845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   95.982216][ T5845] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   95.988126][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   96.855869][ T5843] chnl_net:caif_netlink_parms(): no params data found
[   97.039951][ T5850] chnl_net:caif_netlink_parms(): no params data found
[   97.167894][ T5844] chnl_net:caif_netlink_parms(): no params data found
[   97.309194][ T5849] chnl_net:caif_netlink_parms(): no params data found
[   97.319973][ T5852] chnl_net:caif_netlink_parms(): no params data found
[   97.797949][ T5855] Bluetooth: hci0: command tx timeout
[   97.876646][ T5855] Bluetooth: hci1: command tx timeout
[   97.893917][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.895307][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.895812][ T5843] bridge_slave_0: entered allmulticast mode
[   97.911157][ T5843] bridge_slave_0: entered promiscuous mode
[   98.018512][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.018660][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.018857][ T5843] bridge_slave_1: entered allmulticast mode
[   98.021188][ T5843] bridge_slave_1: entered promiscuous mode
[   98.036746][ T5855] Bluetooth: hci2: command tx timeout
[   98.126686][ T5855] Bluetooth: hci3: command tx timeout
[   98.126873][ T5855] Bluetooth: hci4: command tx timeout
[   98.431898][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.432043][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.432242][ T5850] bridge_slave_0: entered allmulticast mode
[   98.435315][ T5850] bridge_slave_0: entered promiscuous mode
[   98.571358][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.571501][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.571693][ T5844] bridge_slave_0: entered allmulticast mode
[   98.574000][ T5844] bridge_slave_0: entered promiscuous mode
[   98.577814][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.577974][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.578206][ T5850] bridge_slave_1: entered allmulticast mode
[   98.581546][ T5850] bridge_slave_1: entered promiscuous mode
[   98.783966][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.858298][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.858517][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.858714][ T5844] bridge_slave_1: entered allmulticast mode
[   98.860833][ T5844] bridge_slave_1: entered promiscuous mode
[   99.033361][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.218620][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.218741][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.218906][ T5849] bridge_slave_0: entered allmulticast mode
[   99.220825][ T5849] bridge_slave_0: entered promiscuous mode
[   99.223451][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.223600][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.223783][ T5852] bridge_slave_0: entered allmulticast mode
[   99.226104][ T5852] bridge_slave_0: entered promiscuous mode
[   99.356970][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.426124][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.426347][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.427896][ T5849] bridge_slave_1: entered allmulticast mode
[   99.431570][ T5849] bridge_slave_1: entered promiscuous mode
[   99.433493][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.433651][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.434223][ T5852] bridge_slave_1: entered allmulticast mode
[   99.439460][ T5852] bridge_slave_1: entered promiscuous mode
[   99.573128][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.580270][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.745285][ T5843] team0: Port device team_slave_0 added
[   99.809985][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.876680][ T5851] Bluetooth: hci0: command tx timeout
[   99.956571][ T5851] Bluetooth: hci1: command tx timeout
[   99.980593][ T5843] team0: Port device team_slave_1 added
[  100.117085][ T5851] Bluetooth: hci2: command tx timeout
[  100.123355][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.129291][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.196819][ T5851] Bluetooth: hci4: command tx timeout
[  100.196855][ T5851] Bluetooth: hci3: command tx timeout
[  100.211319][ T5850] team0: Port device team_slave_0 added
[  100.291328][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.293950][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.579441][ T5850] team0: Port device team_slave_1 added
[  100.582247][ T5844] team0: Port device team_slave_0 added
[  100.719828][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.719847][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.719876][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.814239][ T5844] team0: Port device team_slave_1 added
[  100.950087][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.950105][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.950133][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.118857][ T5849] team0: Port device team_slave_0 added
[  101.123204][ T5852] team0: Port device team_slave_0 added
[  101.140032][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.140051][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.140083][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.214776][ T5849] team0: Port device team_slave_1 added
[  101.223077][ T5852] team0: Port device team_slave_1 added
[  101.226007][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.226019][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.226038][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.229312][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.229329][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.229359][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.448887][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.448904][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.448933][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.852230][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.852243][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.852262][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.853589][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.853604][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.853632][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.956930][ T5855] Bluetooth: hci0: command tx timeout
[  102.036656][ T5855] Bluetooth: hci1: command tx timeout
[  102.044275][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.044292][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.044320][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.045824][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.045838][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.045866][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.069253][ T5843] hsr_slave_0: entered promiscuous mode
[  102.071307][ T5843] hsr_slave_1: entered promiscuous mode
[  102.196584][ T5855] Bluetooth: hci2: command tx timeout
[  102.276786][ T5855] Bluetooth: hci3: command tx timeout
[  102.276823][ T5855] Bluetooth: hci4: command tx timeout
[  102.471167][ T5850] hsr_slave_0: entered promiscuous mode
[  102.472494][ T5850] hsr_slave_1: entered promiscuous mode
[  102.473329][ T5850] debugfs: 'hsr0' already exists in 'hsr'
[  102.473424][ T5850] Cannot create hsr debugfs directory
[  102.557923][ T5844] hsr_slave_0: entered promiscuous mode
[  102.558883][ T5844] hsr_slave_1: entered promiscuous mode
[  102.559545][ T5844] debugfs: 'hsr0' already exists in 'hsr'
[  102.559569][ T5844] Cannot create hsr debugfs directory
[  103.077188][ T5849] hsr_slave_0: entered promiscuous mode
[  103.078599][ T5849] hsr_slave_1: entered promiscuous mode
[  103.079555][ T5849] debugfs: 'hsr0' already exists in 'hsr'
[  103.079580][ T5849] Cannot create hsr debugfs directory
[  103.178722][ T5852] hsr_slave_0: entered promiscuous mode
[  103.180162][ T5852] hsr_slave_1: entered promiscuous mode
[  103.180821][ T5852] debugfs: 'hsr0' already exists in 'hsr'
[  103.180847][ T5852] Cannot create hsr debugfs directory
[  104.036889][ T5851] Bluetooth: hci0: command tx timeout
[  104.116760][ T5851] Bluetooth: hci1: command tx timeout
[  104.276646][ T5851] Bluetooth: hci2: command tx timeout
[  104.356770][ T5855] Bluetooth: hci4: command tx timeout
[  104.356803][ T5855] Bluetooth: hci3: command tx timeout
[  104.805474][ T5843] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  104.863126][ T5843] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  104.893336][ T5843] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  104.953130][ T5843] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  105.103220][ T5850] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  105.144536][ T5850] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  105.177777][ T5850] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  105.250862][ T5850] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  105.403483][ T5844] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  105.456378][ T5844] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  105.501665][ T5844] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  105.564714][ T5844] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  105.774158][ T5849] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  105.844134][ T5849] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  105.895368][ T5849] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  105.950882][ T5849] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  106.133478][ T5852] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  106.183209][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.185114][ T5852] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  106.244849][ T5852] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  106.291023][ T5852] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  106.407605][ T5843] 8021q: adding VLAN 0 to HW filter on device team0
[  106.433750][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.482520][ T3197] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.483051][ T3197] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.545392][ T1009] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.545553][ T1009] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.618625][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[  106.666196][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.698459][ T3197] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.698740][ T3197] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.754453][ T3197] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.754557][ T3197] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.825989][ T5844] 8021q: adding VLAN 0 to HW filter on device team0
[  106.880014][ T1009] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.880246][ T1009] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.914908][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.945380][ T1009] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.945533][ T1009] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.089997][ T5849] 8021q: adding VLAN 0 to HW filter on device team0
[  107.103611][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.185616][ T3596] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.185972][ T3596] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.257537][ T1162] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.257715][ T1162] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.375293][ T5852] 8021q: adding VLAN 0 to HW filter on device team0
[  107.449784][ T3197] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.450506][ T3197] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.523394][ T3197] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.527148][ T3197] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.622151][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.891312][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.024487][ T5843] veth0_vlan: entered promiscuous mode
[  108.097731][ T5843] veth1_vlan: entered promiscuous mode
[  108.230254][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.373909][ T5850] veth0_vlan: entered promiscuous mode
[  108.428604][ T5843] veth0_macvtap: entered promiscuous mode
[  108.452537][ T5850] veth1_vlan: entered promiscuous mode
[  108.477607][ T5843] veth1_macvtap: entered promiscuous mode
[  108.512957][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.561375][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.609695][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.664788][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.665939][ T5844] veth0_vlan: entered promiscuous mode
[  108.721612][ T3197] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.731448][ T5850] veth0_macvtap: entered promiscuous mode
[  108.734272][ T3197] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.744638][ T3197] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.755248][ T5844] veth1_vlan: entered promiscuous mode
[  108.759220][ T3197] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.773484][ T5850] veth1_macvtap: entered promiscuous mode
[  109.052985][ T5849] veth0_vlan: entered promiscuous mode
[  109.090865][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.167487][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.171355][ T5849] veth1_vlan: entered promiscuous mode
[  109.273857][ T5844] veth0_macvtap: entered promiscuous mode
[  109.285494][ T3570] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.285521][ T3570] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.288219][ T1009] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.312800][ T1009] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.341696][ T1009] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.353683][ T5844] veth1_macvtap: entered promiscuous mode
[  109.359999][ T1009] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.468773][ T3197] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.468795][ T3197] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.583693][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.659404][ T5849] veth0_macvtap: entered promiscuous mode
[  109.675191][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.715381][ T5849] veth1_macvtap: entered promiscuous mode
[  109.796647][ T3570] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.817744][ T3570] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.867752][ T3570] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.899807][ T3570] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.908070][ T5852] veth0_vlan: entered promiscuous mode
[  109.927495][ T3596] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.927516][ T3596] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.027231][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0
[  110.074802][ T5852] veth1_vlan: entered promiscuous mode
[  110.157416][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!!
[  110.157571][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!!
[  110.157645][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!!
[  110.157747][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!!
[  110.172059][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1
[  110.316678][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  110.316873][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  110.317847][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  110.318160][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  110.676502][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  110.836501][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  112.963664][ T1009] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.014787][ T3570] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.014805][ T3570] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.019220][ T1009] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.083962][ T1009] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.136558][ T1009] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.862912][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.862936][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.565075][ T5852] veth0_macvtap: entered promiscuous mode
[  116.652033][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.652053][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.672781][ T5852] veth1_macvtap: entered promiscuous mode
[  116.905032][ T3625] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.905054][ T3625] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.167130][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0
[  117.198905][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.198927][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.342213][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.516986][ T3197] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.517343][ T3197] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.517630][ T3197] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.517931][ T3197] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.907142][    C1] vkms_vblank_simulate: vblank timer overrun
[  118.700855][    C1] vkms_vblank_simulate: vblank timer overrun
[  119.238437][    C1] vkms_vblank_simulate: vblank timer overrun
[  119.464434][    C1] vkms_vblank_simulate: vblank timer overrun
[  119.619102][    C1] vkms_vblank_simulate: vblank timer overrun
[  119.733277][    C1] vkms_vblank_simulate: vblank timer overrun
[  119.793274][    C1] vkms_vblank_simulate: vblank timer overrun
[  120.161576][    C1] vkms_vblank_simulate: vblank timer overrun
[  120.390184][   T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.390205][   T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.522449][    C1] vkms_vblank_simulate: vblank timer overrun
[  120.913987][    C1] vkms_vblank_simulate: vblank timer overrun
[  121.109899][    C1] vkms_vblank_simulate: vblank timer overrun
[  121.306010][    C1] vkms_vblank_simulate: vblank timer overrun
[  122.768159][ T3596] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.768181][ T3596] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.179044][   T38] audit: type=1326 audit(1758741446.252:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6008 comm="syz.0.15" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2cc0e4eec9 code=0x0
[  124.004344][ T6017] netlink: 8 bytes leftover after parsing attributes in process `syz.0.15'.
[  124.004377][ T6017] netlink: 8 bytes leftover after parsing attributes in process `syz.0.15'.
[  126.029560][ T6033] syz.1.20 uses obsolete (PF_INET,SOCK_PACKET)
[  126.069536][ T6030] netlink: zone id is out of range
[  126.069620][ T6030] netlink: zone id is out of range
[  126.137406][ T6037] netlink: zone id is out of range
[  126.137443][ T6037] netlink: zone id is out of range
[  126.139100][ T6037] netlink: del zone limit has 4 unknown bytes
[  126.282707][ T6030] netlink: set zone limit has 4 unknown bytes
[  126.315532][ T6030] Illegal XDP return value 4294967274 on prog  (id 7) dev N/A, expect packet loss!
[  126.775063][ T6050] fuse: Unknown parameter 'd''
[  127.043439][ T5961] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[  127.320120][  T991] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  128.303979][ T5961] usb 1-1: unable to get BOS descriptor or descriptor too short
[  128.320707][ T5961] usb 1-1: not running at top speed; connect to a high speed hub
[  128.336182][  T991] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  128.336252][  T991] usb 5-1: config 0 interface 0 altsetting 185 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  128.336286][  T991] usb 5-1: config 0 interface 0 has no altsetting 0
[  128.336326][  T991] usb 5-1: New USB device found, idVendor=05ac, idProduct=027a, bcdDevice= 0.00
[  128.336353][  T991] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.348348][ T5961] usb 1-1: config 5 has an invalid interface number: 246 but max is 0
[  128.348382][ T5961] usb 1-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  128.348406][ T5961] usb 1-1: config 5 has no interface number 0
[  128.348464][ T5961] usb 1-1: config 5 interface 246 altsetting 4 endpoint 0x3 has invalid maxpacket 1023, setting to 64
[  128.348495][ T5961] usb 1-1: config 5 interface 246 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  128.348527][ T5961] usb 1-1: config 5 interface 246 has no altsetting 0
[  128.387057][ T5961] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=f5.e4
[  128.387092][ T5961] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.387113][ T5961] usb 1-1: Product: syz
[  128.387127][ T5961] usb 1-1: Manufacturer: syz
[  128.387141][ T5961] usb 1-1: SerialNumber: syz
[  128.571874][  T991] usb 5-1: config 0 descriptor??
[  131.329174][  T991] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  131.540812][  T991] usb 5-1: USB disconnect, device number 2
[  131.726788][ T1009] usb 1-1: Failed to submit usb control message: -71
[  131.726829][ T1009] usb 1-1: unable to send the bmi data to the device: -71
[  131.726854][ T1009] usb 1-1: unable to get target info from device
[  131.726882][ T1009] usb 1-1: could not get target info (-71)
[  131.727179][ T1009] usb 1-1: could not probe fw (-71)
[  131.730463][ T5961] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  131.766548][ T5934] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  131.851886][ T5961] usb 1-1: USB disconnect, device number 2
[  131.939624][ T5934] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  131.939678][ T5934] usb 4-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00
[  131.939703][ T5934] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.999744][ T5934] usb 4-1: config 0 descriptor??
[  132.117313][   T31] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  132.497426][   T31] usb 3-1: Using ep0 maxpacket: 8
[  132.499961][   T31] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  132.499990][   T31] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  132.500017][   T31] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  132.500042][   T31] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  132.500087][   T31] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  132.500111][   T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.967135][ T6079] capability: warning: `syz.2.28' uses 32-bit capabilities (legacy support in use)
[  133.000138][   T31] usb 3-1: GET_CAPABILITIES returned 0
[  133.000189][   T31] usbtmc 3-1:16.0: can't read capabilities
[  133.066120][ T5934] lenovo 0003:17EF:6062.0001: unknown main item tag 0x1
[  133.211457][ T5934] lenovo 0003:17EF:6062.0001: hidraw0: USB HID v0.04 Device [HID 17ef:6062] on usb-dummy_hcd.3-1/input0
[  133.410822][   T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  133.567101][   T10] usb 5-1: Using ep0 maxpacket: 32
[  133.570052][   T10] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  133.579519][   T10] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  133.579553][   T10] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  133.579594][   T10] usb 5-1: Product: syz
[  133.579609][   T10] usb 5-1: Manufacturer: syz
[  133.579625][   T10] usb 5-1: SerialNumber: syz
[  133.612475][ T6084] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  133.624755][ T6084] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  133.687267][   T10] usb 5-1: config 0 descriptor??
[  133.689174][ T6085] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  133.821873][ T5213] udevd[5213]: worker [6090] terminated by signal 33 (Unknown signal 33)
[  133.821929][ T5213] udevd[5213]: worker [6090] failed while handling '/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:17EF:6062.0001/hidraw/hidraw0'
[  134.015556][ T5961] usb 4-1: USB disconnect, device number 2
[  134.269065][   T31] usb 5-1: USB disconnect, device number 3
[  134.525866][ T6085] netlink: 277 bytes leftover after parsing attributes in process `syz.4.30'.
[  135.482945][   T44] usb 3-1: USB disconnect, device number 2
[  136.026761][    C0] vkms_vblank_simulate: vblank timer overrun
[  136.230256][    C0] vkms_vblank_simulate: vblank timer overrun
[  136.245343][ T6113] FAULT_INJECTION: forcing a failure.
[  136.245343][ T6113] name failslab, interval 1, probability 0, space 0, times 0
[  136.245464][ T6113] CPU: 0 UID: 0 PID: 6113 Comm: syz.2.35 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  136.245489][ T6113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  136.245506][ T6113] Call Trace:
[  136.245512][ T6113]  <TASK>
[  136.245518][ T6113]  dump_stack_lvl+0x189/0x250
[  136.245551][ T6113]  ? lockdep_hardirqs_on+0x9c/0x150
[  136.245575][ T6113]  ? __pfx_dump_stack_lvl+0x10/0x10
[  136.245610][ T6113]  should_fail_ex+0x46c/0x600
[  136.245636][ T6113]  should_failslab+0xa8/0x100
[  136.245658][ T6113]  __kmalloc_cache_noprof+0x6e/0x320
[  136.245679][ T6113]  ? snd_mixer_oss_put_volume1_sw+0xf4/0x3f0
[  136.245703][ T6113]  snd_mixer_oss_put_volume1_sw+0xf4/0x3f0
[  136.245727][ T6113]  snd_mixer_oss_put_recsrc1_sw+0x65/0x90
[  136.245745][ T6113]  ? __pfx_snd_mixer_oss_put_recsrc1_sw+0x10/0x10
[  136.245764][ T6113]  snd_mixer_oss_set_recsrc+0x26c/0x430
[  136.245786][ T6113]  ? __pfx_snd_mixer_oss_set_recsrc+0x10/0x10
[  136.245804][ T6113]  ? __might_fault+0xb0/0x130
[  136.245833][ T6113]  snd_mixer_oss_ioctl1+0xe76/0x19f0
[  136.245851][ T6113]  ? rcu_is_watching+0x15/0xb0
[  136.245876][ T6113]  ? __pfx_snd_mixer_oss_ioctl1+0x10/0x10
[  136.245891][ T6113]  ? preempt_schedule_irq+0xde/0x150
[  136.245913][ T6113]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  136.245941][ T6113]  ? irqentry_exit+0x74/0x90
[  136.245962][ T6113]  ? lockdep_hardirqs_on+0x9c/0x150
[  136.245988][ T6113]  ? __pfx_snd_mixer_oss_ioctl+0x10/0x10
[  136.246006][ T6113]  ? __pfx_snd_mixer_oss_ioctl+0x10/0x10
[  136.246027][ T6113]  ? __pfx_snd_mixer_oss_ioctl+0x10/0x10
[  136.246045][ T6113]  snd_mixer_oss_ioctl+0x48/0x60
[  136.246062][ T6113]  __se_sys_ioctl+0xff/0x170
[  136.246082][ T6113]  do_syscall_64+0xfa/0x3b0
[  136.246096][ T6113]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.246112][ T6113]  ? asm_sysvec_call_function_single+0x1a/0x20
[  136.246128][ T6113]  ? clear_bhb_loop+0x60/0xb0
[  136.246147][ T6113]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.246161][ T6113] RIP: 0033:0x7f092a42eec9
[  136.246178][ T6113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  136.246190][ T6113] RSP: 002b:00007f092866d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  136.246211][ T6113] RAX: ffffffffffffffda RBX: 00007f092a686090 RCX: 00007f092a42eec9
[  136.246222][ T6113] RDX: 0000200000004000 RSI: 00000000c0044dff RDI: 0000000000000005
[  136.246232][ T6113] RBP: 00007f092866d090 R08: 0000000000000000 R09: 0000000000000000
[  136.246246][ T6113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  136.246255][ T6113] R13: 00007f092a686128 R14: 00007f092a686090 R15: 00007ffd3a1aa548
[  136.246279][ T6113]  </TASK>
[  136.305004][    C0] vkms_vblank_simulate: vblank timer overrun
[  136.402251][ T6108] syz.1.34 (6108) used greatest stack depth: 18568 bytes left
[  137.049471][ T6122] netlink: 'syz.1.39': attribute type 1 has an invalid length.
[  137.049528][ T6122] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  137.861581][    C0] vkms_vblank_simulate: vblank timer overrun
[  137.931776][    C0] vkms_vblank_simulate: vblank timer overrun
[  138.269790][    C0] vkms_vblank_simulate: vblank timer overrun
[  138.277121][ T1324] ieee802154 phy0 wpan0: encryption failed: -22
[  138.277224][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[  138.535086][    C0] vkms_vblank_simulate: vblank timer overrun
[  139.055139][ T6126] Process accounting resumed
[  139.109057][    C0] vkms_vblank_simulate: vblank timer overrun
[  139.755034][ T5851] Bluetooth: hci0: unexpected cc 0x0c1b length: 1 < 5
[  139.894733][ T6130] Process accounting resumed
[  139.989023][    C0] vkms_vblank_simulate: vblank timer overrun
[  140.419787][ T6145] netlink: 'syz.0.43': attribute type 1 has an invalid length.
[  140.559325][    C0] vkms_vblank_simulate: vblank timer overrun
[  140.993730][   T38] audit: type=1326 audit(1758741464.072:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6148 comm="syz.4.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efffd8feec9 code=0x7ffc0000
[  140.993787][   T38] audit: type=1326 audit(1758741464.072:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6148 comm="syz.4.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efffd8feec9 code=0x7ffc0000
[  140.994764][   T38] audit: type=1326 audit(1758741464.072:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6148 comm="syz.4.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7efffd8feec9 code=0x7ffc0000
[  140.994815][   T38] audit: type=1326 audit(1758741464.072:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6148 comm="syz.4.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efffd8feec9 code=0x7ffc0000
[  140.994863][   T38] audit: type=1326 audit(1758741464.072:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6148 comm="syz.4.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efffd8feec9 code=0x7ffc0000
[  141.037705][   T38] audit: type=1326 audit(1758741464.072:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6148 comm="syz.4.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7efffd8feec9 code=0x7ffc0000
[  141.037763][   T38] audit: type=1326 audit(1758741464.072:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6148 comm="syz.4.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efffd8feec9 code=0x7ffc0000
[  141.037810][   T38] audit: type=1326 audit(1758741464.072:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6148 comm="syz.4.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7efffd8feec9 code=0x7ffc0000
[  141.166538][ T5921] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  141.287471][ T6153] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  141.351769][   T38] audit: type=1326 audit(1758741464.372:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6148 comm="syz.4.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efffd8feec9 code=0x7ffc0000
[  141.351834][   T38] audit: type=1326 audit(1758741464.372:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6148 comm="syz.4.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efffd8feec9 code=0x7ffc0000
[  141.374317][ T5921] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  141.374576][ T5921] usb 1-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00
[  141.374628][ T5921] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.741210][ T5921] usb 1-1: config 0 descriptor??
[  142.204482][ T6157] netlink: 'syz.4.46': attribute type 1 has an invalid length.
[  142.204506][ T6157] netlink: 224 bytes leftover after parsing attributes in process `syz.4.46'.
[  142.206071][ T6157] workqueue: Failed to create a rescuer kthread for wq "phy2": -EINTR
[  142.219949][ T5921] lenovo 0003:17EF:6062.0002: unknown main item tag 0x1
[  142.258654][ T5921] lenovo 0003:17EF:6062.0002: hidraw0: USB HID v0.04 Device [HID 17ef:6062] on usb-dummy_hcd.0-1/input0
[  143.140501][ T6164] netlink: 4 bytes leftover after parsing attributes in process `syz.1.48'.
[  143.143091][ T6164] netlink: 4 bytes leftover after parsing attributes in process `syz.1.48'.
[  143.716343][    T9] usb 1-1: USB disconnect, device number 3
[  144.538237][ T6176] netlink: 4 bytes leftover after parsing attributes in process `syz.0.50'.
[  144.596546][ T6176] netlink: 4 bytes leftover after parsing attributes in process `syz.0.50'.
[  145.526584][   T10] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  146.329181][   T10] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  146.329211][   T10] usb 4-1: config 0 has no interface number 0
[  146.332921][   T10] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  146.332950][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.332970][   T10] usb 4-1: Product: syz
[  146.332984][   T10] usb 4-1: Manufacturer: syz
[  146.332999][   T10] usb 4-1: SerialNumber: syz
[  146.369326][   T10] usb 4-1: config 0 descriptor??
[  146.571842][   T10] usb 4-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  146.587885][   T10] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  146.588426][   T10] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  146.588485][   T10] usb 4-1: media controller created
[  146.654066][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  147.038272][   T10] i2c i2c-1: ec100: i2c rd failed=-32 reg=33
[  147.601167][   T38] kauditd_printk_skb: 4 callbacks suppressed
[  147.601190][   T38] audit: type=1326 audit(1758741470.672:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6187 comm="syz.4.54" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efffd8feec9 code=0x0
[  148.232098][   T10] usb 4-1: USB disconnect, device number 3
[  149.575228][ T6200] FAULT_INJECTION: forcing a failure.
[  149.575228][ T6200] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  149.575266][ T6200] CPU: 1 UID: 0 PID: 6200 Comm: syz.4.57 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  149.575292][ T6200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  149.575306][ T6200] Call Trace:
[  149.575315][ T6200]  <TASK>
[  149.575324][ T6200]  dump_stack_lvl+0x189/0x250
[  149.575362][ T6200]  ? __pfx____ratelimit+0x10/0x10
[  149.575396][ T6200]  ? __pfx_dump_stack_lvl+0x10/0x10
[  149.575428][ T6200]  ? __pfx__printk+0x10/0x10
[  149.575451][ T6200]  ? __might_fault+0xb0/0x130
[  149.575495][ T6200]  should_fail_ex+0x46c/0x600
[  149.575533][ T6200]  _copy_from_user+0x2d/0xb0
[  149.575561][ T6200]  __ia32_sys_rt_sigreturn+0x228/0x7b0
[  149.575589][ T6200]  ? rt_spin_unlock+0x65/0x80
[  149.575620][ T6200]  ? __pfx___ia32_sys_rt_sigreturn+0x10/0x10
[  149.575678][ T6200]  ? __task_pid_nr_ns+0x28/0x470
[  149.575717][ T6200]  ? do_syscall_64+0xbe/0x3b0
[  149.575742][ T6200]  do_syscall_64+0xfa/0x3b0
[  149.575761][ T6200]  ? lockdep_hardirqs_on+0x9c/0x150
[  149.575794][ T6200]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.575815][ T6200]  ? clear_bhb_loop+0x60/0xb0
[  149.575842][ T6200]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.575862][ T6200] RIP: 0033:0x7efffd89af79
[  149.575892][ T6200] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[  149.575910][ T6200] RSP: 002b:00007efffbb5da80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f
[  149.575933][ T6200] RAX: ffffffffffffffda RBX: 00007efffdb55fa0 RCX: 00007efffd89af79
[  149.575949][ T6200] RDX: 00007efffbb5da80 RSI: 00007efffbb5dbb0 RDI: 0000000000000021
[  149.575964][ T6200] RBP: 00007efffbb5e090 R08: 0000000000000000 R09: 0000000000000000
[  149.575977][ T6200] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
[  149.575990][ T6200] R13: 00007efffdb56038 R14: 00007efffdb55fa0 R15: 00007fff93ce6458
[  149.576023][ T6200]  </TASK>
[  150.307889][    T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  150.536435][    T9] usb 4-1: Using ep0 maxpacket: 8
[  150.544182][    T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  150.544213][    T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  150.544238][    T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  150.544263][    T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  150.544308][    T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  150.544331][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  151.390199][    T9] usb 4-1: GET_CAPABILITIES returned 0
[  151.390236][    T9] usbtmc 4-1:16.0: can't read capabilities
[  151.476315][ T6213] netlink: 'syz.0.60': attribute type 1 has an invalid length.
[  153.886598][    T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  154.052107][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  154.052161][    T9] usb 1-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00
[  154.052185][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.040442][    T9] usb 1-1: config 0 descriptor??
[  156.071721][   T44] usb 4-1: USB disconnect, device number 4
[  156.074931][ T6216] sctp: failed to load transform for md5: -2
[  156.301843][    T9] usbhid 1-1:0.0: can't add hid device: -71
[  156.301941][    T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  156.308882][    T9] usb 1-1: USB disconnect, device number 4
[  160.023016][ T6259] FAULT_INJECTION: forcing a failure.
[  160.023016][ T6259] name failslab, interval 1, probability 0, space 0, times 0
[  160.023127][ T6259] CPU: 1 UID: 0 PID: 6259 Comm: syz.1.69 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  160.023155][ T6259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  160.023168][ T6259] Call Trace:
[  160.023177][ T6259]  <TASK>
[  160.023186][ T6259]  dump_stack_lvl+0x189/0x250
[  160.023223][ T6259]  ? __pfx____ratelimit+0x10/0x10
[  160.023257][ T6259]  ? __pfx_dump_stack_lvl+0x10/0x10
[  160.023290][ T6259]  ? __pfx__printk+0x10/0x10
[  160.023320][ T6259]  ? __pfx___might_resched+0x10/0x10
[  160.023345][ T6259]  ? fs_reclaim_acquire+0x7d/0x100
[  160.023371][ T6259]  should_fail_ex+0x46c/0x600
[  160.023420][ T6259]  should_failslab+0xa8/0x100
[  160.023452][ T6259]  __kmalloc_noprof+0xcb/0x430
[  160.023481][ T6259]  ? do_pagemap_cmd+0x3ed/0xbb0
[  160.023519][ T6259]  do_pagemap_cmd+0x3ed/0xbb0
[  160.023561][ T6259]  ? __pfx_do_pagemap_cmd+0x10/0x10
[  160.023619][ T6259]  ? __fget_files+0x2a/0x420
[  160.023650][ T6259]  ? __fget_files+0x3a6/0x420
[  160.023680][ T6259]  ? __fget_files+0x2a/0x420
[  160.023715][ T6259]  ? bpf_lsm_file_ioctl+0x9/0x20
[  160.023741][ T6259]  ? __pfx_do_pagemap_cmd+0x10/0x10
[  160.023774][ T6259]  __se_sys_ioctl+0xff/0x170
[  160.023802][ T6259]  do_syscall_64+0xfa/0x3b0
[  160.023825][ T6259]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.023846][ T6259]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  160.023868][ T6259]  ? clear_bhb_loop+0x60/0xb0
[  160.023894][ T6259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.023915][ T6259] RIP: 0033:0x7f04c8b2eec9
[  160.023934][ T6259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  160.023952][ T6259] RSP: 002b:00007f04c6d4c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  160.023980][ T6259] RAX: ffffffffffffffda RBX: 00007f04c8d86180 RCX: 00007f04c8b2eec9
[  160.023996][ T6259] RDX: 0000200000000140 RSI: 00000000c0606610 RDI: 0000000000000005
[  160.024011][ T6259] RBP: 00007f04c6d4c090 R08: 0000000000000000 R09: 0000000000000000
[  160.024024][ T6259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  160.024037][ T6259] R13: 00007f04c8d86218 R14: 00007f04c8d86180 R15: 00007fff5f4662a8
[  160.024071][ T6259]  </TASK>
[  161.131978][ T6261] FAULT_INJECTION: forcing a failure.
[  161.131978][ T6261] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  161.132044][ T6261] CPU: 1 UID: 0 PID: 6261 Comm: syz.0.70 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  161.132070][ T6261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  161.132083][ T6261] Call Trace:
[  161.132092][ T6261]  <TASK>
[  161.132101][ T6261]  dump_stack_lvl+0x189/0x250
[  161.132139][ T6261]  ? __pfx____ratelimit+0x10/0x10
[  161.132174][ T6261]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.132207][ T6261]  ? __pfx__printk+0x10/0x10
[  161.132249][ T6261]  should_fail_ex+0x46c/0x600
[  161.132288][ T6261]  _copy_to_user+0x31/0xb0
[  161.132319][ T6261]  simple_read_from_buffer+0xe1/0x170
[  161.132355][ T6261]  proc_fail_nth_read+0x1b6/0x220
[  161.132382][ T6261]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  161.132409][ T6261]  ? rw_verify_area+0x2ac/0x4e0
[  161.132436][ T6261]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  161.132461][ T6261]  vfs_read+0x206/0xa30
[  161.132498][ T6261]  ? __pfx_vfs_read+0x10/0x10
[  161.132521][ T6261]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  161.132559][ T6261]  ? mutex_lock_nested+0x154/0x1d0
[  161.132584][ T6261]  ? fdget_pos+0x253/0x320
[  161.132619][ T6261]  ksys_read+0x14b/0x260
[  161.132642][ T6261]  ? __pfx_ksys_read+0x10/0x10
[  161.132668][ T6261]  ? do_syscall_64+0xbe/0x3b0
[  161.132687][ T6261]  do_syscall_64+0xfa/0x3b0
[  161.132704][ T6261]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.132720][ T6261]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  161.132737][ T6261]  ? clear_bhb_loop+0x60/0xb0
[  161.132757][ T6261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.132773][ T6261] RIP: 0033:0x7f2cc0e4d8dc
[  161.132788][ T6261] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  161.132801][ T6261] RSP: 002b:00007f2cbf074030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  161.132819][ T6261] RAX: ffffffffffffffda RBX: 00007f2cc10a6180 RCX: 00007f2cc0e4d8dc
[  161.132832][ T6261] RDX: 000000000000000f RSI: 00007f2cbf0740a0 RDI: 000000000000000c
[  161.132842][ T6261] RBP: 00007f2cbf074090 R08: 0000000000000000 R09: 0000000000000000
[  161.132852][ T6261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  161.132862][ T6261] R13: 00007f2cc10a6218 R14: 00007f2cc10a6180 R15: 00007ffe03f79928
[  161.132888][ T6261]  </TASK>
[  162.303682][ T5855] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  162.319833][ T5855] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  162.320903][ T5855] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  162.322178][ T5855] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  162.323032][ T5855] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  162.508923][    C0] vkms_vblank_simulate: vblank timer overrun
[  162.626278][ T6277] netlink: 'syz.0.74': attribute type 1 has an invalid length.
[  162.748093][    C0] vkms_vblank_simulate: vblank timer overrun
[  162.797608][    C0] vkms_vblank_simulate: vblank timer overrun
[  163.186954][    C0] vkms_vblank_simulate: vblank timer overrun
[  163.927665][ T1246] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  164.190277][ T1246] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  164.190329][ T1246] usb 1-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00
[  164.190353][ T1246] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  164.355519][ T6282] process 'syz.1.75' launched './file0' with NULL argv: empty string added
[  164.438158][ T6282] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  164.438213][ T6282] CIFS mount error: No usable UNC path provided in device string!
[  164.438213][ T6282] 
[  164.438465][ T6282] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  164.477093][ T6282] binder: 6279:6282 ioctl c0046209 9999999999999999 returned -22
[  164.576574][    C0] vkms_vblank_simulate: vblank timer overrun
[  164.892504][    C0] vkms_vblank_simulate: vblank timer overrun
[  164.958238][    C0] vkms_vblank_simulate: vblank timer overrun
[  164.998257][    C0] vkms_vblank_simulate: vblank timer overrun
[  165.208290][ T5851] Bluetooth: hci5: command tx timeout
[  165.238660][ T1246] usb 1-1: config 0 descriptor??
[  165.266557][    C0] vkms_vblank_simulate: vblank timer overrun
[  165.285870][ T1246] usb 1-1: can't set config #0, error -71
[  165.297133][ T1246] usb 1-1: USB disconnect, device number 5
[  166.799922][    C0] vkms_vblank_simulate: vblank timer overrun
[  167.269493][    C0] vkms_vblank_simulate: vblank timer overrun
[  167.270481][ T5851] Bluetooth: hci5: command tx timeout
[  167.394934][ T6294] block nbd0: Attempted send on invalid socket
[  167.395025][ T6294] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  167.395224][ T6294] ADFS-fs (nbd0): error: unable to read block 3, try 0
[  167.598924][    C0] vkms_vblank_simulate: vblank timer overrun
[  168.293982][ T6300] FAULT_INJECTION: forcing a failure.
[  168.293982][ T6300] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  168.294017][ T6300] CPU: 0 UID: 0 PID: 6300 Comm: syz.3.79 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  168.294042][ T6300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  168.294055][ T6300] Call Trace:
[  168.294063][ T6300]  <TASK>
[  168.294071][ T6300]  dump_stack_lvl+0x189/0x250
[  168.294109][ T6300]  ? __pfx____ratelimit+0x10/0x10
[  168.294143][ T6300]  ? __pfx_dump_stack_lvl+0x10/0x10
[  168.294174][ T6300]  ? __pfx__printk+0x10/0x10
[  168.294197][ T6300]  ? __might_fault+0xb0/0x130
[  168.294241][ T6300]  should_fail_ex+0x46c/0x600
[  168.294277][ T6300]  _copy_from_iter+0x1de/0x1790
[  168.294304][ T6300]  ? kmalloc_reserve+0xbd/0x290
[  168.294335][ T6300]  ? kmalloc_reserve+0xbd/0x290
[  168.294361][ T6300]  ? rcu_is_watching+0x15/0xb0
[  168.294391][ T6300]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  168.294418][ T6300]  ? kmem_cache_alloc_node_noprof+0x19c/0x330
[  168.294449][ T6300]  ? __pfx__copy_from_iter+0x10/0x10
[  168.294484][ T6300]  ? __build_skb_around+0x257/0x3e0
[  168.294519][ T6300]  ? netlink_sendmsg+0x642/0xb30
[  168.294549][ T6300]  ? skb_put+0x11b/0x210
[  168.294585][ T6300]  netlink_sendmsg+0x6b2/0xb30
[  168.294626][ T6300]  ? __pfx_netlink_sendmsg+0x10/0x10
[  168.294667][ T6300]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  168.294689][ T6300]  ? __pfx_netlink_sendmsg+0x10/0x10
[  168.294722][ T6300]  __sock_sendmsg+0x21c/0x270
[  168.294755][ T6300]  ____sys_sendmsg+0x508/0x820
[  168.294782][ T6300]  ? __pfx_____sys_sendmsg+0x10/0x10
[  168.294814][ T6300]  ? import_iovec+0x74/0xa0
[  168.294844][ T6300]  ___sys_sendmsg+0x21f/0x2a0
[  168.294868][ T6300]  ? __pfx____sys_sendmsg+0x10/0x10
[  168.294928][ T6300]  ? __fget_files+0x2a/0x420
[  168.294958][ T6300]  ? __fget_files+0x3a6/0x420
[  168.295000][ T6300]  __x64_sys_sendmsg+0x1a1/0x260
[  168.295026][ T6300]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  168.295059][ T6300]  ? __pfx_ksys_write+0x10/0x10
[  168.295083][ T6300]  ? rcu_is_watching+0x15/0xb0
[  168.295122][ T6300]  ? do_syscall_64+0xbe/0x3b0
[  168.295148][ T6300]  do_syscall_64+0xfa/0x3b0
[  168.295167][ T6300]  ? lockdep_hardirqs_on+0x9c/0x150
[  168.295199][ T6300]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.295220][ T6300]  ? clear_bhb_loop+0x60/0xb0
[  168.295243][ T6300]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.295261][ T6300] RIP: 0033:0x7f2257f6eec9
[  168.295280][ T6300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  168.295298][ T6300] RSP: 002b:00007f22561d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  168.295321][ T6300] RAX: ffffffffffffffda RBX: 00007f22581c5fa0 RCX: 00007f2257f6eec9
[  168.295337][ T6300] RDX: 0000000020040040 RSI: 0000200000009b40 RDI: 0000000000000003
[  168.295351][ T6300] RBP: 00007f22561d6090 R08: 0000000000000000 R09: 0000000000000000
[  168.295365][ T6300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  168.295378][ T6300] R13: 00007f22581c6038 R14: 00007f22581c5fa0 R15: 00007fff27c7c678
[  168.295411][ T6300]  </TASK>
[  168.711144][ T6304] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  168.951795][    C0] vkms_vblank_simulate: vblank timer overrun
[  169.115040][ T6311] netlink: 'syz.1.81': attribute type 1 has an invalid length.
[  169.321653][ T5851] Bluetooth: hci5: command tx timeout
[  171.396605][ T5851] Bluetooth: hci5: command tx timeout
[  171.561115][ T6339] FAULT_INJECTION: forcing a failure.
[  171.561115][ T6339] name fail_futex, interval 1, probability 0, space 0, times 1
[  171.561152][ T6339] CPU: 0 UID: 0 PID: 6339 Comm: syz.4.92 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  171.561177][ T6339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  171.561190][ T6339] Call Trace:
[  171.561198][ T6339]  <TASK>
[  171.561208][ T6339]  dump_stack_lvl+0x189/0x250
[  171.561256][ T6339]  ? __pfx____ratelimit+0x10/0x10
[  171.561290][ T6339]  ? __pfx_dump_stack_lvl+0x10/0x10
[  171.561322][ T6339]  ? __pfx__printk+0x10/0x10
[  171.561362][ T6339]  should_fail_ex+0x46c/0x600
[  171.561400][ T6339]  get_futex_key+0x1a8/0x1660
[  171.561422][ T6339]  ? futex_private_hash_get+0x43/0x290
[  171.561456][ T6339]  ? __pfx_get_futex_key+0x10/0x10
[  171.561476][ T6339]  ? futex_private_hash+0xb5/0x390
[  171.561500][ T6339]  ? futex_private_hash+0xb5/0x390
[  171.561532][ T6339]  futex_wait_multiple_setup+0x103/0x6e0
[  171.561567][ T6339]  ? __asan_memcpy+0x40/0x70
[  171.561598][ T6339]  ? __pfx_futex_wake_mark+0x10/0x10
[  171.561632][ T6339]  futex_wait_multiple+0xaf/0x3b0
[  171.561675][ T6339]  __se_sys_futex_waitv+0x1e3/0x280
[  171.561706][ T6339]  ? __pfx___se_sys_futex_waitv+0x10/0x10
[  171.561741][ T6339]  ? __pfx_ksys_write+0x10/0x10
[  171.561766][ T6339]  ? rcu_is_watching+0x15/0xb0
[  171.561805][ T6339]  ? do_syscall_64+0xbe/0x3b0
[  171.561825][ T6339]  ? __x64_sys_futex_waitv+0x20/0xc0
[  171.561855][ T6339]  do_syscall_64+0xfa/0x3b0
[  171.561875][ T6339]  ? lockdep_hardirqs_on+0x9c/0x150
[  171.561906][ T6339]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.561928][ T6339]  ? clear_bhb_loop+0x60/0xb0
[  171.561955][ T6339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.561976][ T6339] RIP: 0033:0x7efffd8feec9
[  171.561995][ T6339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  171.562013][ T6339] RSP: 002b:00007efffbb5e038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c1
[  171.562035][ T6339] RAX: ffffffffffffffda RBX: 00007efffdb55fa0 RCX: 00007efffd8feec9
[  171.562051][ T6339] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000200000000180
[  171.562065][ T6339] RBP: 00007efffbb5e090 R08: 0000000000000000 R09: 0000000000000000
[  171.562079][ T6339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  171.562091][ T6339] R13: 00007efffdb56038 R14: 00007efffdb55fa0 R15: 00007fff93ce6458
[  171.562125][ T6339]  </TASK>
[  172.060158][ T3581] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.475898][    C0] vkms_vblank_simulate: vblank timer overrun
[  172.525333][ T6349] netlink: 16 bytes leftover after parsing attributes in process `syz.1.96'.
[  172.525359][ T6349] netlink: 20 bytes leftover after parsing attributes in process `syz.1.96'.
[  172.774437][    C0] vkms_vblank_simulate: vblank timer overrun
[  172.927123][ T6353] Zero length message leads to an empty skb
[  172.934917][    C0] vkms_vblank_simulate: vblank timer overrun
[  173.371302][    C0] vkms_vblank_simulate: vblank timer overrun
[  173.456977][ T3581] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.586630][   T31] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  173.709066][ T6270] chnl_net:caif_netlink_parms(): no params data found
[  173.734001][    C0] vkms_vblank_simulate: vblank timer overrun
[  173.754637][   T31] usb 5-1: config 0 has an invalid interface number: 135 but max is 0
[  173.754666][   T31] usb 5-1: config 0 has no interface number 0
[  173.754717][   T31] usb 5-1: config 0 interface 135 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 32
[  173.754743][   T31] usb 5-1: config 0 interface 135 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  173.801011][   T31] usb 5-1: New USB device found, idVendor=05ac, idProduct=1402, bcdDevice=45.65
[  173.801046][   T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.801068][   T31] usb 5-1: Product: syz
[  173.801083][   T31] usb 5-1: Manufacturer: syz
[  173.801098][   T31] usb 5-1: SerialNumber: syz
[  173.843891][   T31] usb 5-1: config 0 descriptor??
[  173.855107][ T6356] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  173.855383][ T6356] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  173.944853][ T6361] CIFS mount error: No usable UNC path provided in device string!
[  173.944853][ T6361] 
[  173.944876][ T6361] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  174.060747][ T6356] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  174.063343][ T6356] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  174.199749][ T3581] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.304105][   T38] audit: type=1326 audit(1758741497.382:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6364 comm="syz.0.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cc0e4eec9 code=0x7ffc0000
[  174.304503][   T38] audit: type=1326 audit(1758741497.382:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6364 comm="syz.0.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f2cc0e4eec9 code=0x7ffc0000
[  174.304770][   T38] audit: type=1326 audit(1758741497.382:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6364 comm="syz.0.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cc0e4eec9 code=0x7ffc0000
[  174.307227][   T38] audit: type=1326 audit(1758741497.382:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6364 comm="syz.0.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2cc0e4eec9 code=0x7ffc0000
[  174.318098][   T38] audit: type=1326 audit(1758741497.392:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6364 comm="syz.0.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cc0e4eec9 code=0x7ffc0000
[  174.318154][   T38] audit: type=1326 audit(1758741497.402:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6364 comm="syz.0.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2cc0e4eec9 code=0x7ffc0000
[  174.318201][   T38] audit: type=1326 audit(1758741497.402:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6364 comm="syz.0.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cc0e4eec9 code=0x7ffc0000
[  175.004797][    C0] vkms_vblank_simulate: vblank timer overrun
[  175.247576][    C0] vkms_vblank_simulate: vblank timer overrun
[  175.724099][    C0] vkms_vblank_simulate: vblank timer overrun
[  176.061026][    C0] vkms_vblank_simulate: vblank timer overrun
[  176.381131][   T31] asix 5-1:0.135 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  176.381678][   T31] asix 5-1:0.135: probe with driver asix failed with error -71
[  176.431584][   T31] usb 5-1: USB disconnect, device number 4
[  176.928207][    C0] vkms_vblank_simulate: vblank timer overrun
[  176.996925][ T3581] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  180.379681][ T6410] netlink: 'syz.0.111': attribute type 1 has an invalid length.
[  180.382117][ T6270] bridge0: port 1(bridge_slave_0) entered blocking state
[  180.382267][ T6270] bridge0: port 1(bridge_slave_0) entered disabled state
[  180.382523][ T6270] bridge_slave_0: entered allmulticast mode
[  180.385120][ T6270] bridge_slave_0: entered promiscuous mode
[  180.496097][ T6270] bridge0: port 2(bridge_slave_1) entered blocking state
[  180.596918][ T6270] bridge0: port 2(bridge_slave_1) entered disabled state
[  180.597211][ T6270] bridge_slave_1: entered allmulticast mode
[  180.600151][ T6270] bridge_slave_1: entered promiscuous mode
[  181.324486][   T38] audit: type=1326 audit(1758741504.392:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6448 comm="syz.4.114" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efffd8feec9 code=0x0
[  182.913635][ T6270] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  182.947533][ T6270] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  185.665263][ T6270] team0: Port device team_slave_0 added
[  185.689889][ T6270] team0: Port device team_slave_1 added
[  187.921139][ T3581] bridge_slave_1: left allmulticast mode
[  187.924747][ T3581] bridge_slave_1: left promiscuous mode
[  187.931398][ T3581] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.276100][ T3581] bridge_slave_0: left allmulticast mode
[  188.276125][ T3581] bridge_slave_0: left promiscuous mode
[  188.276334][ T3581] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.337837][  T991] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[  189.375822][  T991] usb 1-1: config 0 has an invalid interface number: 23 but max is 0
[  189.375842][  T991] usb 1-1: config 0 has no interface number 0
[  189.418506][  T991] usb 1-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice= 1.7b
[  189.418538][  T991] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.418558][  T991] usb 1-1: Product: syz
[  189.418573][  T991] usb 1-1: Manufacturer: syz
[  189.418587][  T991] usb 1-1: SerialNumber: syz
[  189.760381][  T991] usb 1-1: config 0 descriptor??
[  190.157408][  T991] usb 1-1: can't set config #0, error -71
[  190.159622][  T991] usb 1-1: USB disconnect, device number 6
[  192.152172][ T6521] netlink: 4 bytes leftover after parsing attributes in process `syz.4.131'.
[  192.217636][ T6523] capability: warning: `syz.0.132' uses deprecated v2 capabilities in a way that may be insecure
[  193.067074][   T10] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  193.226594][   T10] usb 1-1: Using ep0 maxpacket: 16
[  193.258262][   T10] usb 1-1: config 4 has an invalid interface number: 15 but max is 0
[  193.258298][   T10] usb 1-1: config 4 has no interface number 0
[  193.258347][   T10] usb 1-1: config 4 interface 15 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  193.258373][   T10] usb 1-1: config 4 interface 15 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  193.258399][   T10] usb 1-1: config 4 interface 15 has no altsetting 0
[  193.263395][   T10] usb 1-1: New USB device found, idVendor=0930, idProduct=0a13, bcdDevice=76.44
[  193.263418][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.263438][   T10] usb 1-1: Product: syz
[  193.263448][   T10] usb 1-1: Manufacturer: syz
[  193.263459][   T10] usb 1-1: SerialNumber: syz
[  193.322161][ T6523] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  193.322676][ T6523] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  193.620853][ T3581] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  193.679017][ T3581] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  193.723051][ T3581] bond0 (unregistering): Released all slaves
[  194.111679][ T6270] batman_adv: batadv0: Adding interface: batadv_slave_0
[  194.111697][ T6270] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  194.111726][ T6270] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  194.241117][ T6270] batman_adv: batadv0: Adding interface: batadv_slave_1
[  194.241136][ T6270] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  194.241165][ T6270] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  194.250701][   T10] ax88179_178a 1-1:4.15: probe with driver ax88179_178a failed with error -71
[  194.469219][   T10] usb 1-1: USB disconnect, device number 7
[  195.244478][ T6547] block nbd0: Attempted send on invalid socket
[  195.244504][ T6547] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  195.244616][ T6547] ADFS-fs (nbd0): error: unable to read block 3, try 0
[  195.482222][ T6548] netlink: 'syz.1.136': attribute type 1 has an invalid length.
[  197.602888][ T6560] Falling back ldisc for ttyprintk.
[  198.489491][ T6565] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  199.352778][ T6583] CIFS mount error: No usable UNC path provided in device string!
[  199.352778][ T6583] 
[  199.352853][ T6583] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  200.362651][ T1324] ieee802154 phy0 wpan0: encryption failed: -22
[  200.367871][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[  200.958529][ T6270] hsr_slave_0: entered promiscuous mode
[  200.959869][ T6270] hsr_slave_1: entered promiscuous mode
[  200.960672][ T6270] debugfs: 'hsr0' already exists in 'hsr'
[  200.960695][ T6270] Cannot create hsr debugfs directory
[  200.972977][ T6573] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  202.283163][ T6597] Falling back ldisc for ttyprintk.
[  202.571412][ T6605] FAULT_INJECTION: forcing a failure.
[  202.571412][ T6605] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  202.571448][ T6605] CPU: 1 UID: 0 PID: 6605 Comm: syz.3.151 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  202.571473][ T6605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  202.571486][ T6605] Call Trace:
[  202.571494][ T6605]  <TASK>
[  202.571503][ T6605]  dump_stack_lvl+0x189/0x250
[  202.571540][ T6605]  ? __pfx____ratelimit+0x10/0x10
[  202.571575][ T6605]  ? __pfx_dump_stack_lvl+0x10/0x10
[  202.571607][ T6605]  ? __pfx__printk+0x10/0x10
[  202.571634][ T6605]  ? __pfx_binder_debug+0x10/0x10
[  202.571664][ T6605]  should_fail_ex+0x46c/0x600
[  202.571702][ T6605]  _copy_to_user+0x31/0xb0
[  202.571733][ T6605]  binder_ioctl_write_read+0x9505/0x9fd0
[  202.571775][ T6605]  ? try_to_take_rt_mutex+0x840/0xb00
[  202.571830][ T6605]  ? __pfx_binder_ioctl_write_read+0x10/0x10
[  202.571858][ T6605]  ? do_raw_spin_lock+0x121/0x290
[  202.571895][ T6605]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  202.571929][ T6605]  ? lockdep_hardirqs_on+0x9c/0x150
[  202.571963][ T6605]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  202.571997][ T6605]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  202.572036][ T6605]  ? __lock_acquire+0xab9/0xd20
[  202.572068][ T6605]  ? rt_mutex_slowunlock+0x493/0x8a0
[  202.572099][ T6605]  ? reacquire_held_locks+0x127/0x1d0
[  202.572142][ T6605]  ? rt_spin_lock+0x1bb/0x2c0
[  202.572168][ T6605]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  202.572213][ T6605]  ? binder_get_thread+0x178/0x6d0
[  202.572240][ T6605]  binder_ioctl+0x3e3/0x19c0
[  202.572264][ T6605]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  202.572292][ T6605]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  202.572322][ T6605]  ? do_vfs_ioctl+0xbeb/0x1440
[  202.572347][ T6605]  ? __pfx_binder_ioctl+0x10/0x10
[  202.572370][ T6605]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  202.572395][ T6605]  ? __pfx_smack_log+0x10/0x10
[  202.572430][ T6605]  ? lockdep_hardirqs_on+0x9c/0x150
[  202.572460][ T6605]  ? smk_access+0x14c/0x4e0
[  202.572502][ T6605]  ? smk_tskacc+0x2fc/0x370
[  202.572541][ T6605]  ? smack_file_ioctl+0x2ac/0x340
[  202.572568][ T6605]  ? __pfx_smack_file_ioctl+0x10/0x10
[  202.572603][ T6605]  ? __fget_files+0x2a/0x420
[  202.572633][ T6605]  ? __fget_files+0x3a6/0x420
[  202.572663][ T6605]  ? __fget_files+0x2a/0x420
[  202.572698][ T6605]  ? bpf_lsm_file_ioctl+0x9/0x20
[  202.572723][ T6605]  ? __pfx_binder_ioctl+0x10/0x10
[  202.572746][ T6605]  __se_sys_ioctl+0xff/0x170
[  202.572774][ T6605]  do_syscall_64+0xfa/0x3b0
[  202.572794][ T6605]  ? lockdep_hardirqs_on+0x9c/0x150
[  202.572826][ T6605]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.572848][ T6605]  ? clear_bhb_loop+0x60/0xb0
[  202.572874][ T6605]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.572895][ T6605] RIP: 0033:0x7f2257f6eec9
[  202.572914][ T6605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  202.572932][ T6605] RSP: 002b:00007f22561d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  202.572955][ T6605] RAX: ffffffffffffffda RBX: 00007f22581c5fa0 RCX: 00007f2257f6eec9
[  202.572971][ T6605] RDX: 0000200000004a40 RSI: 00000000c0306201 RDI: 0000000000000005
[  202.572985][ T6605] RBP: 00007f22561d6090 R08: 0000000000000000 R09: 0000000000000000
[  202.572999][ T6605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  202.573012][ T6605] R13: 00007f22581c6038 R14: 00007f22581c5fa0 R15: 00007fff27c7c678
[  202.573046][ T6605]  </TASK>
[  202.573054][ T6605] binder: 6604:6605 ioctl c0306201 200000004a40 returned -14
[  202.746530][    T9] usb 5-1: new low-speed USB device number 5 using dummy_hcd
[  202.965887][    T9] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  202.965919][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.014181][    T9] usb 5-1: config 0 descriptor??
[  203.108168][ T3581] hsr_slave_0: left promiscuous mode
[  203.157416][ T3581] hsr_slave_1: left promiscuous mode
[  203.160067][ T3581] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  203.160138][ T3581] batman_adv: batadv0: Removing interface: batadv_slave_0
[  203.224788][ T3581] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  203.224823][ T3581] batman_adv: batadv0: Removing interface: batadv_slave_1
[  203.437854][ T6613] FAULT_INJECTION: forcing a failure.
[  203.437854][ T6613] name failslab, interval 1, probability 0, space 0, times 0
[  203.437890][ T6613] CPU: 1 UID: 0 PID: 6613 Comm: syz.3.157 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  203.437915][ T6613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  203.437928][ T6613] Call Trace:
[  203.437936][ T6613]  <TASK>
[  203.437945][ T6613]  dump_stack_lvl+0x189/0x250
[  203.437984][ T6613]  ? __pfx____ratelimit+0x10/0x10
[  203.438020][ T6613]  ? __pfx_dump_stack_lvl+0x10/0x10
[  203.438051][ T6613]  ? __pfx__printk+0x10/0x10
[  203.438082][ T6613]  ? __pfx___might_resched+0x10/0x10
[  203.438111][ T6613]  should_fail_ex+0x46c/0x600
[  203.438149][ T6613]  ? dup_task_struct+0x52/0x860
[  203.438179][ T6613]  should_failslab+0xa8/0x100
[  203.438211][ T6613]  ? dup_task_struct+0x52/0x860
[  203.438235][ T6613]  kmem_cache_alloc_node_noprof+0x77/0x330
[  203.438274][ T6613]  dup_task_struct+0x52/0x860
[  203.438321][ T6613]  copy_process+0x545/0x3ae0
[  203.438384][ T6613]  ? __pfx_copy_process+0x10/0x10
[  203.438427][ T6613]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  203.438452][ T6613]  vhost_task_create+0x1df/0x2a0
[  203.438489][ T6613]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  203.438514][ T6613]  ? __pfx_vhost_task_create+0x10/0x10
[  203.438555][ T6613]  ? __pfx_vhost_task_fn+0x10/0x10
[  203.438590][ T6613]  ? rtlock_slowlock_locked+0xd8/0x4010
[  203.438627][ T6613]  ? mutex_lock_nested+0x154/0x1d0
[  203.438652][ T6613]  ? kvm_mmu_post_init_vm+0x91/0x300
[  203.438683][ T6613]  kvm_mmu_post_init_vm+0x14c/0x300
[  203.438712][ T6613]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  203.438744][ T6613]  ? do_raw_spin_lock+0x121/0x290
[  203.438773][ T6613]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  203.438801][ T6613]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  203.438835][ T6613]  ? lockdep_hardirqs_on+0x9c/0x150
[  203.438869][ T6613]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  203.438903][ T6613]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  203.438935][ T6613]  ? do_raw_spin_lock+0x121/0x290
[  203.438972][ T6613]  ? rt_mutex_slowunlock+0x493/0x8a0
[  203.439000][ T6613]  ? lockdep_hardirqs_on+0x9c/0x150
[  203.439033][ T6613]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  203.439066][ T6613]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  203.439099][ T6613]  ? rt_write_unlock+0x64/0xc0
[  203.439137][ T6613]  kvm_vcpu_ioctl+0x95f/0xe90
[  203.439178][ T6613]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  203.439208][ T6613]  ? __lock_acquire+0xab9/0xd20
[  203.439241][ T6613]  ? __asan_memset+0x22/0x50
[  203.439264][ T6613]  ? smack_file_ioctl+0x305/0x340
[  203.439291][ T6613]  ? __pfx_smack_file_ioctl+0x10/0x10
[  203.439332][ T6613]  ? __fget_files+0x2a/0x420
[  203.439362][ T6613]  ? __fget_files+0x3a6/0x420
[  203.439391][ T6613]  ? __fget_files+0x2a/0x420
[  203.439426][ T6613]  ? bpf_lsm_file_ioctl+0x9/0x20
[  203.439451][ T6613]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  203.439485][ T6613]  __se_sys_ioctl+0xff/0x170
[  203.439513][ T6613]  do_syscall_64+0xfa/0x3b0
[  203.439533][ T6613]  ? lockdep_hardirqs_on+0x9c/0x150
[  203.439565][ T6613]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.439587][ T6613]  ? clear_bhb_loop+0x60/0xb0
[  203.439614][ T6613]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.439635][ T6613] RIP: 0033:0x7f2257f6eec9
[  203.439654][ T6613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  203.439672][ T6613] RSP: 002b:00007f22561d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  203.439695][ T6613] RAX: ffffffffffffffda RBX: 00007f22581c5fa0 RCX: 00007f2257f6eec9
[  203.439710][ T6613] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  203.439723][ T6613] RBP: 00007f22561d6090 R08: 0000000000000000 R09: 0000000000000000
[  203.439736][ T6613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  203.439748][ T6613] R13: 00007f22581c6038 R14: 00007f22581c5fa0 R15: 00007fff27c7c678
[  203.439782][ T6613]  </TASK>
[  203.587378][ T3581] veth1_macvtap: left promiscuous mode
[  203.587674][ T3581] veth0_macvtap: left promiscuous mode
[  203.588040][ T3581] veth1_vlan: left promiscuous mode
[  203.588413][ T3581] veth0_vlan: left promiscuous mode
[  203.706525][    T9] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  203.706554][    T9] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  203.706827][    T9] asix 5-1:0.0: probe with driver asix failed with error -71
[  203.905818][    T9] usb 5-1: USB disconnect, device number 5
[  206.171401][ T6632] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  206.189975][ T6632] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  206.396584][    T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  206.546569][    T9] usb 4-1: Using ep0 maxpacket: 16
[  206.553189][    T9] usb 4-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88
[  206.553220][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.553303][    T9] usb 4-1: Product: syz
[  206.553319][    T9] usb 4-1: Manufacturer: syz
[  206.553334][    T9] usb 4-1: SerialNumber: syz
[  207.464779][ T6636] Falling back ldisc for ttyprintk.
[  207.546195][    T9] usb 4-1: config 0 descriptor??
[  207.772386][    T9] speedtch 4-1:0.0: speedtch_bind: data interface not found!
[  207.772426][    T9] speedtch 4-1:0.0: usbatm_usb_probe: bind failed: -19!
[  207.807167][    T9] usb 4-1: USB disconnect, device number 5
[  207.875042][ T6641] FAULT_INJECTION: forcing a failure.
[  207.875042][ T6641] name failslab, interval 1, probability 0, space 0, times 0
[  207.875078][ T6641] CPU: 0 UID: 0 PID: 6641 Comm: syz.1.164 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  207.875101][ T6641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  207.875114][ T6641] Call Trace:
[  207.875122][ T6641]  <TASK>
[  207.875131][ T6641]  dump_stack_lvl+0x189/0x250
[  207.875169][ T6641]  ? __pfx____ratelimit+0x10/0x10
[  207.875203][ T6641]  ? __pfx_dump_stack_lvl+0x10/0x10
[  207.875235][ T6641]  ? __pfx__printk+0x10/0x10
[  207.875265][ T6641]  ? __pfx___might_resched+0x10/0x10
[  207.875294][ T6641]  should_fail_ex+0x46c/0x600
[  207.875333][ T6641]  should_failslab+0xa8/0x100
[  207.875365][ T6641]  __kmalloc_noprof+0xcb/0x430
[  207.875392][ T6641]  ? tomoyo_encode+0x28b/0x550
[  207.875428][ T6641]  tomoyo_encode+0x28b/0x550
[  207.875465][ T6641]  tomoyo_realpath_from_path+0x58d/0x5d0
[  207.875498][ T6641]  ? tomoyo_domain+0xda/0x130
[  207.875534][ T6641]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  207.875560][ T6641]  tomoyo_path_number_perm+0x1e8/0x5a0
[  207.875589][ T6641]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  207.875617][ T6641]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  207.875642][ T6641]  ? lockdep_hardirqs_on+0x9c/0x150
[  207.875672][ T6641]  ? __lock_acquire+0xab9/0xd20
[  207.875709][ T6641]  ? __fget_files+0x2a/0x420
[  207.875733][ T6641]  ? __fget_files+0x2a/0x420
[  207.875754][ T6641]  ? __fget_files+0x3a6/0x420
[  207.875775][ T6641]  ? __fget_files+0x2a/0x420
[  207.875800][ T6641]  security_file_ioctl+0xcb/0x2d0
[  207.875821][ T6641]  __se_sys_ioctl+0x47/0x170
[  207.875841][ T6641]  do_syscall_64+0xfa/0x3b0
[  207.875854][ T6641]  ? lockdep_hardirqs_on+0x9c/0x150
[  207.875877][ T6641]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.875892][ T6641]  ? clear_bhb_loop+0x60/0xb0
[  207.875917][ T6641]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.875932][ T6641] RIP: 0033:0x7f04c8b2eec9
[  207.875945][ T6641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  207.875957][ T6641] RSP: 002b:00007f04c6d8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  207.875974][ T6641] RAX: ffffffffffffffda RBX: 00007f04c8d85fa0 RCX: 00007f04c8b2eec9
[  207.875985][ T6641] RDX: 00002000000004c0 RSI: 000000004008ae89 RDI: 0000000000000005
[  207.875995][ T6641] RBP: 00007f04c6d8e090 R08: 0000000000000000 R09: 0000000000000000
[  207.876004][ T6641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  207.876012][ T6641] R13: 00007f04c8d86038 R14: 00007f04c8d85fa0 R15: 00007fff5f4662a8
[  207.876036][ T6641]  </TASK>
[  207.876280][ T6641] ERROR: Out of memory at tomoyo_realpath_from_path.
[  208.551099][ T6649] =======================================================
[  208.551099][ T6649] WARNING: The mand mount option has been deprecated and
[  208.551099][ T6649]          and is ignored by this kernel. Remove the mand
[  208.551099][ T6649]          option from the mount to silence this warning.
[  208.551099][ T6649] =======================================================
[  209.990745][ T6648] ==================================================================
[  209.990768][ T6648] BUG: KASAN: slab-use-after-free in rt_spin_lock+0x88/0x2c0
[  209.990803][ T6648] Read of size 1 at addr ffff88805e58f200 by task syz.1.165/6648
[  209.990820][ T6648] 
[  209.990834][ T6648] CPU: 0 UID: 0 PID: 6648 Comm: syz.1.165 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  209.990854][ T6648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  209.990864][ T6648] Call Trace:
[  209.990871][ T6648]  <TASK>
[  209.990877][ T6648]  dump_stack_lvl+0x189/0x250
[  209.990902][ T6648]  ? rcu_is_watching+0x15/0xb0
[  209.990925][ T6648]  ? __kasan_check_byte+0x12/0x40
[  209.990947][ T6648]  ? __pfx_dump_stack_lvl+0x10/0x10
[  209.990969][ T6648]  ? rcu_is_watching+0x15/0xb0
[  209.990993][ T6648]  ? lock_release+0x4b/0x3e0
[  209.991015][ T6648]  ? __virt_addr_valid+0x1c8/0x5c0
[  209.991029][ T6648]  ? __virt_addr_valid+0x4a5/0x5c0
[  209.991043][ T6648]  print_report+0xca/0x240
[  209.991063][ T6648]  ? rt_spin_lock+0x88/0x2c0
[  209.991080][ T6648]  kasan_report+0x118/0x150
[  209.991102][ T6648]  ? rt_spin_lock+0x88/0x2c0
[  209.991123][ T6648]  ? __wake_up_common_lock+0x2f/0x1e0
[  209.991142][ T6648]  __kasan_check_byte+0x2a/0x40
[  209.991162][ T6648]  lock_acquire+0x8d/0x360
[  209.991183][ T6648]  ? rt_mutex_slowunlock+0x668/0x8a0
[  209.991206][ T6648]  rt_spin_lock+0x88/0x2c0
[  209.991224][ T6648]  ? __wake_up_common_lock+0x2f/0x1e0
[  209.991245][ T6648]  ? __pfx_rt_spin_lock+0x10/0x10
[  209.991265][ T6648]  ? __wake_up_common_lock+0x18a/0x1e0
[  209.991286][ T6648]  __wake_up_common_lock+0x2f/0x1e0
[  209.991306][ T6648]  ? snd_pcm_post_stop+0x14a/0x1e0
[  209.991327][ T6648]  ? __pfx_snd_pcm_post_stop+0x10/0x10
[  209.991347][ T6648]  snd_pcm_action+0x1f1/0x240
[  209.991365][ T6648]  loopback_trigger+0xb01/0x1ac0
[  209.991394][ T6648]  snd_pcm_do_start+0xb4/0x180
[  209.991414][ T6648]  snd_pcm_action+0xe7/0x240
[  209.991431][ T6648]  __snd_pcm_lib_xfer+0x1767/0x1ce0
[  209.991459][ T6648]  ? __pfx_interleaved_copy+0x10/0x10
[  209.991481][ T6648]  ? __pfx_default_write_copy+0x10/0x10
[  209.991507][ T6648]  ? __pfx___snd_pcm_lib_xfer+0x10/0x10
[  209.991528][ T6648]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  209.991547][ T6648]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  209.991567][ T6648]  ? snd_pcm_oss_write3+0x1a2/0x320
[  209.991589][ T6648]  snd_pcm_oss_write3+0x1bc/0x320
[  209.991612][ T6648]  snd_pcm_plug_write_transfer+0x2cb/0x4c0
[  209.991640][ T6648]  ? __pfx_snd_pcm_plug_write_transfer+0x10/0x10
[  209.991665][ T6648]  ? snd_pcm_plug_client_channels_buf+0x490/0x640
[  209.991693][ T6648]  snd_pcm_oss_write+0xba2/0x11a0
[  209.991727][ T6648]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  209.991750][ T6648]  ? rw_verify_area+0x25b/0x4e0
[  209.991768][ T6648]  ? __lock_acquire+0xab9/0xd20
[  209.991788][ T6648]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  209.991809][ T6648]  vfs_write+0x287/0xb40
[  209.991831][ T6648]  ? __pfx_vfs_write+0x10/0x10
[  209.991850][ T6648]  ? __fget_files+0x2a/0x420
[  209.991873][ T6648]  ? __fget_files+0x2a/0x420
[  209.991894][ T6648]  ? __fget_files+0x3a6/0x420
[  209.991916][ T6648]  ? __fget_files+0x2a/0x420
[  209.991941][ T6648]  ksys_write+0x14b/0x260
[  209.991960][ T6648]  ? __pfx_ksys_write+0x10/0x10
[  209.991981][ T6648]  ? do_syscall_64+0xbe/0x3b0
[  209.991997][ T6648]  do_syscall_64+0xfa/0x3b0
[  209.992011][ T6648]  ? lockdep_hardirqs_on+0x9c/0x150
[  209.992034][ T6648]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.992049][ T6648]  ? clear_bhb_loop+0x60/0xb0
[  209.992066][ T6648]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.992081][ T6648] RIP: 0033:0x7f04c8b2eec9
[  209.992095][ T6648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  209.992108][ T6648] RSP: 002b:00007f04c6d6d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  209.992123][ T6648] RAX: ffffffffffffffda RBX: 00007f04c8d86090 RCX: 00007f04c8b2eec9
[  209.992135][ T6648] RDX: 0000000000004000 RSI: 00002000000012c0 RDI: 0000000000000008
[  209.992145][ T6648] RBP: 00007f04c8bb1f91 R08: 0000000000000000 R09: 0000000000000000
[  209.992154][ T6648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  209.992163][ T6648] R13: 00007f04c8d86128 R14: 00007f04c8d86090 R15: 00007fff5f4662a8
[  209.992181][ T6648]  </TASK>
[  209.992186][ T6648] 
[  209.992190][ T6648] Allocated by task 6645:
[  209.992197][ T6648]  kasan_save_track+0x3e/0x80
[  209.992214][ T6648]  __kasan_kmalloc+0x93/0xb0
[  209.992231][ T6648]  __kmalloc_cache_noprof+0x1a8/0x320
[  209.992251][ T6648]  snd_pcm_attach_substream+0x5b7/0xb50
[  209.992273][ T6648]  snd_pcm_open_substream+0xb9/0x23a0
[  209.992288][ T6648]  snd_pcm_oss_open+0xf35/0x1bf0
[  209.992306][ T6648]  chrdev_open+0x4cf/0x5e0
[  209.992327][ T6648]  do_dentry_open+0x9b1/0x1350
[  209.992338][ T6648]  vfs_open+0x3b/0x350
[  209.992349][ T6648]  path_openat+0x2ef1/0x3840
[  209.992364][ T6648]  do_filp_open+0x1fa/0x410
[  209.992379][ T6648]  do_sys_openat2+0x121/0x1c0
[  209.992392][ T6648]  __x64_sys_openat+0x138/0x170
[  209.992405][ T6648]  do_syscall_64+0xfa/0x3b0
[  209.992417][ T6648]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.992430][ T6648] 
[  209.992433][ T6648] Freed by task 6645:
[  209.992440][ T6648]  kasan_save_track+0x3e/0x80
[  209.992456][ T6648]  kasan_save_free_info+0x46/0x50
[  209.992470][ T6648]  __kasan_slab_free+0x5b/0x80
[  209.992487][ T6648]  kfree+0x195/0x550
[  209.992503][ T6648]  snd_pcm_detach_substream+0x1e1/0x290
[  209.992525][ T6648]  snd_pcm_oss_release+0x184/0x250
[  209.992543][ T6648]  __fput+0x458/0xa80
[  209.992555][ T6648]  task_work_run+0x1d4/0x260
[  209.992568][ T6648]  get_signal+0x11c5/0x1310
[  209.992584][ T6648]  arch_do_signal_or_restart+0x9a/0x750
[  209.992601][ T6648]  exit_to_user_mode_loop+0x75/0x110
[  209.992620][ T6648]  do_syscall_64+0x2bd/0x3b0
[  209.992632][ T6648]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.992646][ T6648] 
[  209.992649][ T6648] The buggy address belongs to the object at ffff88805e58f000
[  209.992649][ T6648]  which belongs to the cache kmalloc-2k of size 2048
[  209.992661][ T6648] The buggy address is located 512 bytes inside of
[  209.992661][ T6648]  freed 2048-byte region [ffff88805e58f000, ffff88805e58f800)
[  209.992676][ T6648] 
[  209.992680][ T6648] The buggy address belongs to the physical page:
[  209.992693][ T6648] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e588
[  209.992715][ T6648] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  209.992727][ T6648] anon flags: 0x80000000000040(head|node=0|zone=1)
[  209.992744][ T6648] page_type: f5(slab)
[  209.992758][ T6648] raw: 0080000000000040 ffff888019842000 0000000000000000 dead000000000001
[  209.992771][ T6648] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[  209.992785][ T6648] head: 0080000000000040 ffff888019842000 0000000000000000 dead000000000001
[  209.992798][ T6648] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[  209.992818][ T6648] head: 0080000000000003 ffffea0001796201 00000000ffffffff 00000000ffffffff
[  209.992836][ T6648] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  209.992846][ T6648] page dumped because: kasan: bad access detected
[  209.992860][ T6648] page_owner tracks the page as allocated
[  209.992867][ T6648] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5849, tgid 5849 (syz-executor), ts 99432563654, free_ts 0
[  209.992905][ T6648]  post_alloc_hook+0x240/0x2a0
[  209.992934][ T6648]  get_page_from_freelist+0x2119/0x21b0
[  209.992954][ T6648]  __alloc_frozen_pages_noprof+0x181/0x370
[  209.992973][ T6648]  alloc_pages_mpol+0xd1/0x380
[  209.992997][ T6648]  allocate_slab+0x8a/0x370
[  209.993015][ T6648]  ___slab_alloc+0x8d1/0xdc0
[  209.993030][ T6648]  __kmalloc_cache_noprof+0xe6/0x320
[  209.993056][ T6648]  nbp_vlan_add+0x20f/0x3c0
[  209.993081][ T6648]  nbp_vlan_init+0x35b/0x440
[  209.993105][ T6648]  br_add_if+0xaa1/0xee0
[  209.993132][ T6648]  do_set_master+0x533/0x6d0
[  209.993161][ T6648]  do_setlink+0xcf0/0x41c0
[  209.993188][ T6648]  rtnl_newlink+0x160b/0x1c70
[  209.993214][ T6648]  rtnetlink_rcv_msg+0x7cf/0xb70
[  209.993245][ T6648]  netlink_rcv_skb+0x205/0x470
[  209.993271][ T6648]  netlink_unicast+0x843/0xa10
[  209.993294][ T6648] page_owner free stack trace missing
[  209.993301][ T6648] 
[  209.993306][ T6648] Memory state around the buggy address:
[  209.993317][ T6648]  ffff88805e58f100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  209.993332][ T6648]  ffff88805e58f180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  209.993346][ T6648] >ffff88805e58f200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  209.993356][ T6648]                    ^
[  209.993367][ T6648]  ffff88805e58f280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  209.993380][ T6648]  ffff88805e58f300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  209.993391][ T6648] ==================================================================
[  209.996203][ T6648] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  209.996223][ T6648] CPU: 0 UID: 0 PID: 6648 Comm: syz.1.165 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  209.996250][ T6648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  209.996264][ T6648] Call Trace:
[  209.996272][ T6648]  <TASK>
[  209.996281][ T6648]  dump_stack_lvl+0x99/0x250
[  209.996315][ T6648]  ? __asan_memcpy+0x40/0x70
[  209.996333][ T6648]  ? __pfx_dump_stack_lvl+0x10/0x10
[  209.996369][ T6648]  ? __pfx__printk+0x10/0x10
[  209.996399][ T6648]  vpanic+0x281/0x750
[  209.996433][ T6648]  ? preempt_schedule+0xae/0xc0
[  209.996467][ T6648]  ? __pfx_vpanic+0x10/0x10
[  209.996499][ T6648]  ? preempt_schedule_common+0x83/0xd0
[  209.996531][ T6648]  ? preempt_schedule+0xae/0xc0
[  209.996561][ T6648]  ? __pfx_preempt_schedule+0x10/0x10
[  209.996597][ T6648]  panic+0xb9/0xc0
[  209.996629][ T6648]  ? __pfx_panic+0x10/0x10
[  209.996662][ T6648]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  209.996699][ T6648]  ? rt_spin_lock+0x88/0x2c0
[  209.996732][ T6648]  check_panic_on_warn+0x89/0xb0
[  209.996754][ T6648]  ? rt_spin_lock+0x88/0x2c0
[  209.996778][ T6648]  end_report+0x78/0x160
[  209.996805][ T6648]  kasan_report+0x129/0x150
[  209.996834][ T6648]  ? rt_spin_lock+0x88/0x2c0
[  209.996863][ T6648]  ? __wake_up_common_lock+0x2f/0x1e0
[  209.996889][ T6648]  __kasan_check_byte+0x2a/0x40
[  209.996915][ T6648]  lock_acquire+0x8d/0x360
[  209.996943][ T6648]  ? rt_mutex_slowunlock+0x668/0x8a0
[  209.996976][ T6648]  rt_spin_lock+0x88/0x2c0
[  209.997001][ T6648]  ? __wake_up_common_lock+0x2f/0x1e0
[  209.997030][ T6648]  ? __pfx_rt_spin_lock+0x10/0x10
[  209.997058][ T6648]  ? __wake_up_common_lock+0x18a/0x1e0
[  209.997088][ T6648]  __wake_up_common_lock+0x2f/0x1e0
[  209.997116][ T6648]  ? snd_pcm_post_stop+0x14a/0x1e0
[  209.997145][ T6648]  ? __pfx_snd_pcm_post_stop+0x10/0x10
[  209.997172][ T6648]  snd_pcm_action+0x1f1/0x240
[  209.997196][ T6648]  loopback_trigger+0xb01/0x1ac0
[  209.997233][ T6648]  snd_pcm_do_start+0xb4/0x180
[  209.997262][ T6648]  snd_pcm_action+0xe7/0x240
[  209.997286][ T6648]  __snd_pcm_lib_xfer+0x1767/0x1ce0
[  209.997321][ T6648]  ? __pfx_interleaved_copy+0x10/0x10
[  209.997353][ T6648]  ? __pfx_default_write_copy+0x10/0x10
[  209.997389][ T6648]  ? __pfx___snd_pcm_lib_xfer+0x10/0x10
[  209.997418][ T6648]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  209.997444][ T6648]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  209.997475][ T6648]  ? snd_pcm_oss_write3+0x1a2/0x320
[  209.997505][ T6648]  snd_pcm_oss_write3+0x1bc/0x320
[  209.997538][ T6648]  snd_pcm_plug_write_transfer+0x2cb/0x4c0
[  209.997576][ T6648]  ? __pfx_snd_pcm_plug_write_transfer+0x10/0x10
[  209.997611][ T6648]  ? snd_pcm_plug_client_channels_buf+0x490/0x640
[  209.997651][ T6648]  snd_pcm_oss_write+0xba2/0x11a0
[  209.997689][ T6648]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  209.997729][ T6648]  ? rw_verify_area+0x25b/0x4e0
[  209.997753][ T6648]  ? __lock_acquire+0xab9/0xd20
[  209.997781][ T6648]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  209.997810][ T6648]  vfs_write+0x287/0xb40
[  209.997841][ T6648]  ? __pfx_vfs_write+0x10/0x10
[  209.997868][ T6648]  ? __fget_files+0x2a/0x420
[  209.997900][ T6648]  ? __fget_files+0x2a/0x420
[  209.997931][ T6648]  ? __fget_files+0x3a6/0x420
[  209.997961][ T6648]  ? __fget_files+0x2a/0x420
[  209.997997][ T6648]  ksys_write+0x14b/0x260
[  209.998025][ T6648]  ? __pfx_ksys_write+0x10/0x10
[  209.998054][ T6648]  ? do_syscall_64+0xbe/0x3b0
[  209.998076][ T6648]  do_syscall_64+0xfa/0x3b0
[  209.998097][ T6648]  ? lockdep_hardirqs_on+0x9c/0x150
[  209.998128][ T6648]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.998149][ T6648]  ? clear_bhb_loop+0x60/0xb0
[  209.998173][ T6648]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.998194][ T6648] RIP: 0033:0x7f04c8b2eec9
[  209.998214][ T6648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  209.998232][ T6648] RSP: 002b:00007f04c6d6d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  209.998255][ T6648] RAX: ffffffffffffffda RBX: 00007f04c8d86090 RCX: 00007f04c8b2eec9
[  209.998271][ T6648] RDX: 0000000000004000 RSI: 00002000000012c0 RDI: 0000000000000008
[  209.998286][ T6648] RBP: 00007f04c8bb1f91 R08: 0000000000000000 R09: 0000000000000000
[  209.998299][ T6648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  209.998312][ T6648] R13: 00007f04c8d86128 R14: 00007f04c8d86090 R15: 00007fff5f4662a8
[  209.998338][ T6648]  </TASK>
[  209.998698][ T6648] Kernel Offset: disabled