last executing test programs:

7m58.908056157s ago: executing program 3 (id=178):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = fsopen(&(0x7f0000000040)='9p\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x420481, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r4, 0x8010aebc, &(0x7f0000000100)={0x6, 0x892, 0x0, 0x0})
r5 = fsmount(r2, 0x0, 0x0)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r2, 0x4, &(0x7f0000000080)='dirsync\x00', &(0x7f00000000c0)='./file0\x00', r5)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
syz_emit_ethernet(0xc2, &(0x7f00000001c0)=ANY=[], 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = syz_open_dev$sndctrl(&(0x7f00000012c0), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r6, 0xc2c45512, &(0x7f0000000a00)={{0x5, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8, 0x0, 0x20000000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x3, 0x1]})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)

7m57.20368752s ago: executing program 3 (id=189):
r0 = socket$unix(0x1, 0x5, 0x0)
clock_gettime(0x0, &(0x7f0000002380)={<r1=>0x0, <r2=>0x0})
recvmmsg$unix(r0, &(0x7f00000022c0)=[{{&(0x7f0000000040)=@abs, 0x6e, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/1, 0x1}, {&(0x7f0000000100)=""/8, 0x8}, {&(0x7f0000000140)=""/176, 0xb0}, {&(0x7f0000000200)=""/128, 0x80}], 0x4, &(0x7f00000002c0)=[@cred={{0x18}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0xc}}, @cred={{0x18}}, @cred={{0x18}}], 0xa4}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000380)=""/157, 0x9d}], 0x1, &(0x7f0000000480)=[@cred={{0x18}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x38}}, {{&(0x7f00000004c0)=@abs, 0x6e, &(0x7f0000000780)=[{&(0x7f0000000540)=""/252, 0xfc}, {&(0x7f0000000640)=""/36, 0x24}, {&(0x7f0000000680)=""/204, 0xcc}], 0x3, &(0x7f00000007c0)=[@cred={{0x18}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x84}}, {{&(0x7f0000000880)=@abs, 0x6e, &(0x7f0000000b00)=[{&(0x7f0000000900)=""/41, 0x29}, {&(0x7f0000000940)=""/255, 0xff}, {&(0x7f0000000a40)=""/161, 0xa1}], 0x3, &(0x7f0000000b40)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x28}}, {{&(0x7f0000000b80)=@abs, 0x6e, &(0x7f0000001080)=[{&(0x7f0000000c00)=""/180, 0xb4}, {&(0x7f0000000cc0)=""/109, 0x6d}, {&(0x7f0000000d40)=""/202, 0xca}, {&(0x7f0000000e40)=""/7, 0x7}, {&(0x7f0000000e80)=""/183, 0xb7}, {&(0x7f0000000f40)=""/129, 0x81}, {&(0x7f0000001000)=""/87, 0x57}], 0x7}}, {{&(0x7f00000010c0)=@abs, 0x6e, &(0x7f0000002280)=[{&(0x7f0000001140)=""/4096, 0x1000}, {&(0x7f0000002140)=""/115, 0x73}, {&(0x7f00000021c0)=""/53, 0x35}, {&(0x7f0000002200)=""/97, 0x61}], 0x4}}], 0x6, 0x1, &(0x7f00000023c0)={r1, r2+10000000})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
ioctl$VIDIOC_S_SELECTION(r4, 0xc040565f, &(0x7f0000000000)={0xa, 0x0, 0xc, {0x5, 0x4, 0x4, 0x2}})
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_coalesce={0xe, 0xffffffff, 0x6, 0x4, 0xd, 0x27, 0x614, 0x7ff, 0x5, 0x40, 0x1, 0x4, 0x7, 0x7, 0x8, 0x10005, 0xd, 0x7, 0x5, 0x8, 0x792, 0x3ff, 0xc}})
sendmsg$nl_route(r3, &(0x7f000000e0c0)={0x0, 0x0, &(0x7f000000e080)={&(0x7f000000e000)=ANY=[@ANYBLOB="1b0000001e00010000000000000000000a000000", @ANYRES32=0x0, @ANYBLOB="00ea49dc96597aef0000001400e4ff1f0100000080000000"], 0x30}}, 0x0)
syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000008ac05450200000000000109022400010001a000090400d701cbb50200092100000001220700090581032000018700"], 0x0)

7m56.98795299s ago: executing program 2 (id=191):
prctl$PR_SET_KEEPCAPS(0x8, 0x3)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect(0x3, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
read$char_usb(r2, &(0x7f00000002c0)=""/151, 0x97)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x20000023896)
close(r4)
r6 = gettid()
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x20802, 0x0)
syz_emit_ethernet(0xe0, &(0x7f0000000640)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0xd2, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @empty}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x800, [0x5, 0x39e]}, {}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0xc}}}, {}, {0x8, 0x6558, 0x0, "086b041e089725fe37cbf9f56d9f5940c822e8ae662d1e9889a3c6c07a1f832b7db8a6fbb301b2a232cd341a43fd537a59c5a10dab4af40381de578e548ac9785cacb374064f58c7452f8c71f36c7959488a74fe2adae10d30e578ac12fafce32b670fa8283a22d0013b6a2e580ebca17379fe3a5429"}}}}}}, 0x0)
sendmmsg$alg(r1, &(0x7f00000091c0)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d", 0x2a}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
prctl$PR_SET_KEEPCAPS(0x8, 0x0)
ioctl$sock_SIOCGPGRP(r5, 0x8904, &(0x7f0000000040)=<r7=>0x0)
rt_tgsigqueueinfo(r6, r7, 0x3e, &(0x7f0000000080)={0x3f, 0x54, 0xff})
recvfrom$unix(r1, &(0x7f0000000000)=""/41, 0x29, 0x20, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000002d00)=[{{0x0, 0x0, 0x0}, 0xc80}, {{0x0, 0x0, &(0x7f0000002c00)=[{&(0x7f00000005c0)=""/230, 0xe6}], 0x1}, 0x2}], 0x2, 0x32060, 0x0)

7m55.5360775s ago: executing program 3 (id=195):
r0 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900})
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r0, 0x4020565b, &(0x7f0000000040)={0x0, 0xd9c})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000400)={<r1=>0x0}, &(0x7f0000000740)=0xc)
syz_open_procfs(r1, &(0x7f00000007c0)='net/udp\x00')
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000800)={&(0x7f00000002c0)=ANY=[@ANYRES8=0x0], &(0x7f0000000200)=""/188, 0x96, 0xbc, 0x1, 0x1}, 0x28)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(twofish)\x00'}, 0x58)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r4, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000000, @mcast2, 0x6}, 0x1c)
socket$inet6(0xa, 0x80000, 0x3a)
syz_emit_ethernet(0xa9, &(0x7f0000000880)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd6002adf700733a01fe880000000000000000000000000001ff0200000000000000000000000000018100907800070000b1e021bebffdc403a6ff3bde2a34f175dfe79437020448ae56258b15992a4769040000004f06a8c893170031671c57811a088e1f8d9a651848c87c558a67f827fe85df11e78db3d51cb749944dd5b4a0f96f76887ac58131b35905a9b8464235346fb0a24bc4baf94275e4"], 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
r5 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000340)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10, 0x40004}], 0x1, 0x4044840)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000800), 0x0)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000140)='htcp', 0x53)
sendto$inet(r6, 0x0, 0x0, 0x2004073c, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r6, &(0x7f0000000580)="17", 0xfdef, 0x10008095, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r7, {0x0, 0xe}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}}, 0x0)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000380)=@isdn, 0x80, &(0x7f0000000480)=[{&(0x7f0000000180)=""/56, 0x38}, {&(0x7f0000000440)=""/6, 0x6}, {&(0x7f00000005c0)=""/194, 0xc2}, {&(0x7f0000000500)=""/84, 0x54}], 0x4, &(0x7f00000006c0)=""/24, 0x18}, 0x2003)

7m54.481531301s ago: executing program 3 (id=196):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002200)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
unshare(0x2c020400)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x226)
syz_usb_connect(0x0, 0x58, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000073c2b403b1b5129ee9e01020301090246000100000002090419cd010e0100000624060000a105240405000d240f0124000000090008004706241a0a00210724140080f9ff06"], 0x0)

7m53.862608064s ago: executing program 2 (id=198):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x80023b, &(0x7f0000000740)={0x0, 0x1c2a, 0x1000, 0x4, 0x0, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'lo\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x20, 0x14, 0x503, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, r7}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}}, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000000))
socket$kcm(0x10, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
socket$inet6(0x10, 0x80000, 0x3)
sendmsg(r9, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r10 = syz_open_dev$vim2m(&(0x7f0000000280), 0x5, 0x2)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="5800000002060108000034e40000000001000000050001000600000005000400000000000900020073797a3100000000050005000200000011000300686173683a6e65742c6e6574050014000d00"/88], 0x58}, 0x1, 0x0, 0x0, 0x20000000}, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r10, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r10, 0xc058560f, &(0x7f00000001c0)=@userptr={0xb, 0x0, 0x4, 0x800, 0x9, {}, {0x2, 0xc3a360ab3b82f309, 0x9, 0x8, 0x5, 0x7, "1540043c"}, 0x1, 0x2, {&(0x7f0000000140)}, 0x8})
r12 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r12, 0x10e, 0xc, &(0x7f0000000040)={0x4, 0xffffffff, 0xfffffff8, 0xfffffffc}, 0x10)
sendmsg$nl_route(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000900)=@ipv4_newroute={0x1c, 0x1a, 0x1, 0x6, 0x0, {0x2, 0x0, 0x20, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x2000}}, 0x1c}}, 0x48010)
ioctl$vim2m_VIDIOC_STREAMOFF(r10, 0x40045612, &(0x7f0000000100)=0x1)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)

7m52.714865956s ago: executing program 3 (id=203):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
unshare(0x62040200)
syz_usb_connect$hid(0x2, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x319c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000006800e978ee000000000000000a00000000000000040004"], 0x1c}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@ipv4_newroute={0x24, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x10, 0x0, 0xfe, 0x4, 0x0, 0x1, 0x20000000}, [@RTA_NH_ID={0x8, 0x1e, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010)
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x24, 0x68, 0x309, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x24}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x4000000000000004, 0xfffffffffffffffc, 0x0, 0x5}, 0x0)
syz_open_dev$dri(0x0, 0xd21, 0x4000)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000006a80)={{{@in=@broadcast, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@private0}}, &(0x7f0000006b80)=0xe4)
lstat(&(0x7f0000006bc0)='./file0\x00', &(0x7f0000006c00))
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0xf, &(0x7f0000000d80)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB], &(0x7f00000002c0)='GPL\x00', 0x9, 0x0, 0x0, 0x40f00, 0x46, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newtfilter={0x50, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {}, {0x5}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_ENC_IPV4_DST={0x8, 0x1d, @local}, @TCA_FLOWER_KEY_ENC_IPV6_SRC={0x14, 0x1f, @empty}]}}]}, 0x50}}, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
socket(0x10, 0x3, 0x9)
socket(0x10, 0x3, 0x0)

7m52.34505848s ago: executing program 2 (id=204):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = epoll_create(0x10)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000040)={0x60000000})
epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r3, &(0x7f0000000080)={0x8})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x6d, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'netdevsim0\x00'})
socket$nl_netfilter(0x10, 0x3, 0xc)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
shutdown(r4, 0x8c5d47e95537ac9b)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r1, 0x80047213, &(0x7f0000000000))
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x1, 0xb, &(0x7f0000001580)=ANY=[@ANYBLOB="18000000010000000000000008000000180500002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000020b7030000010000008500000069000000"], &(0x7f0000000000)='syzkaller\x00', 0xe, 0xff5, &(0x7f00000003c0)=""/4085}, 0x94)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newsa={0x144, 0x10, 0x1, 0xbffffffe, 0x100, {{@in=@empty, @in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x1, 0x394, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@remote, {0x0, 0x9, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0x6, 0x0, 0x1f, 0x1ff}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0xa, 0x1, 0xfd, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @mark={0xc, 0x15, {0x35075a, 0x3}}]}, 0x144}, 0x1, 0x0, 0x0, 0x8801}, 0x10)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0xa, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)

7m52.228303913s ago: executing program 3 (id=205):
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301)
ioctl$USBDEVFS_SUBMITURB(r0, 0x802c550a, &(0x7f0000000500)=@urb_type_control={0x2, {0x0, 0x1}, 0x6, 0x40, &(0x7f0000000000)={0x1, 0x14, 0xf801, 0x220}, 0x8, 0x8001, 0x4000, 0x0, 0x1676ab34, 0xdffffff9, 0x0})

7m51.59250504s ago: executing program 32 (id=205):
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301)
ioctl$USBDEVFS_SUBMITURB(r0, 0x802c550a, &(0x7f0000000500)=@urb_type_control={0x2, {0x0, 0x1}, 0x6, 0x40, &(0x7f0000000000)={0x1, 0x14, 0xf801, 0x220}, 0x8, 0x8001, 0x4000, 0x0, 0x1676ab34, 0xdffffff9, 0x0})

7m50.326822446s ago: executing program 2 (id=214):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002200)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
unshare(0x2c020400)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x226)
syz_usb_connect(0x0, 0x58, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000073c2b403b1b5129ee9e01020301090246000100000002090419cd010e0100000624060000a105240405000d240f0124000000090008004706241a0a00210724140080f9ff06"], 0x0)

7m47.127541728s ago: executing program 2 (id=224):
modify_ldt$write(0x1, &(0x7f0000000040)={0x401, 0x1000, 0x4000, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f0000000080)={0x20008, 0x0, 0x400, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x10)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140))
pwritev(r0, &(0x7f0000000780)=[{&(0x7f0000000180)="80fd0fe874bf", 0x6}], 0x1, 0x0, 0x9)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)={0x14, 0x0, 0xb01, 0x70bd2a, 0x25dfdbff}, 0x14}}, 0x0)
r3 = mq_open(&(0x7f00000000c0)='${$\x00', 0x840, 0x0, 0x0)
r4 = syz_io_uring_setup(0x9e, &(0x7f0000000700)={0x0, 0x3ca9, 0x10, 0x0, 0x10002da}, &(0x7f0000000280)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r3, 0x6, &(0x7f0000000380), 0x0, 0x4})
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0)
accept4(r2, &(0x7f0000000380)=@ieee802154, &(0x7f0000000400)=0x80, 0x80000)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_clone(0x2a809000, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12411001e1e9cb20daa6781ee45601020395f078e407010902120001000010000904a040"], 0x0)

7m46.588219348s ago: executing program 2 (id=227):
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x2, 0x1}}, 0x20)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x80000, 0x0, <r2=>0xffffffffffffffff})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r3)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000002c0)={0x44, r4, 0xd55319eec59dfa33, 0xfffffffd, 0x25dfdbfc, {{}, {@void, @val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'caif0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0xc, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}]]}, 0x44}, 0x1, 0x0, 0x0, 0xc804}, 0xc2010)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, 0x0, 0x814)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0xfffffffe, @rand_addr=' \x01\x00'}, {0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, r1}}, 0x48)

7m45.271873469s ago: executing program 33 (id=227):
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x2, 0x1}}, 0x20)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x80000, 0x0, <r2=>0xffffffffffffffff})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r3)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000002c0)={0x44, r4, 0xd55319eec59dfa33, 0xfffffffd, 0x25dfdbfc, {{}, {@void, @val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'caif0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0xc, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}]]}, 0x44}, 0x1, 0x0, 0x0, 0xc804}, 0xc2010)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, 0x0, 0x814)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0xfffffffe, @rand_addr=' \x01\x00'}, {0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, r1}}, 0x48)

1m24.839193572s ago: executing program 6 (id=1567):
socket$packet(0x11, 0x3, 0x300)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x8001}, 0x4)
syz_emit_ethernet(0x32, &(0x7f0000000740)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb0800450000240000400200"], 0x0)

1m24.346754452s ago: executing program 6 (id=1571):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
socket(0x2000000000000021, 0x2, 0xe128)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xffffffff}, 0x5b)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, 0x0, 0x0)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r5, &(0x7f0000000a00)={'syz1\x00', {0x6ec9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x6, 0xf5, 0x9, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x4623b, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x3, 0xd, 0x3, 0xba55, 0x1000, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0x0, 0x8, 0x9, 0x1, 0x199f, 0x8, 0x2, 0x9, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0xf7, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0x0, 0x5, 0x1, 0xffffffff, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffffd, 0x101, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0x200, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x3], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x7, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0xffffffff, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x9, 0x2, 0x20000005, 0x80, 0x9, 0x9, 0x47, 0x2, 0x3, 0x4, 0x7, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0xffffffff, 0x4, 0x3, 0x6, 0x100fffd, 0x2005, 0x7, 0x4, 0xea, 0x9, 0x5, 0x2, 0xd9, 0x0, 0x7ff, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x4, 0x50, 0x8, 0x763, 0xb, 0x402, 0x800, 0x2, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e0, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x403b, 0x2, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x8a8, 0x2, 0x40, 0x7, 0x2, 0x4, 0x4, 0x10, 0x0, 0x0, 0x7fff, 0x1, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0xfffffffd, 0x7, 0xe, 0x2, 0xe, 0xf, 0x133, 0x6]}, 0x45c)
ioctl$UI_DEV_CREATE(r5, 0x5501)
readv(r5, &(0x7f0000001900)=[{0x0, 0xea}], 0x1)
write$input_event(r5, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f)
ptrace$PTRACE_GETSIGMASK(0x420a, 0x0, 0x0, 0x0)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
fsopen(&(0x7f0000000180)='proc\x00', 0x1)
r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000140), 0x21041, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0xe)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)

1m22.089559318s ago: executing program 6 (id=1577):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), r0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000a40)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000000c0)={0x58, r1, 0x801, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PMK={0x14, 0xfe, "40935cc41ada8ea143ae90afa32e6905"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_PMK={0x14, 0xfe, "2c9e8d6099a9397c602845783588e3de"}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x203}]}, 0x58}, 0x1, 0x0, 0x0, 0x8000004}, 0x8000)

1m21.674163162s ago: executing program 6 (id=1580):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000680)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="2c0d9e64", @ANYRES16=r1, @ANYBLOB="6f8027bd7000fedbdf251900000008000300", @ANYRES32=r3, @ANYBLOB="06006d00ff0000000500600009000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x24004050)

1m20.87626529s ago: executing program 6 (id=1582):
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x20400, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0)
ftruncate(r2, 0x8800000)
r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
sendfile(r3, r2, 0x0, 0x558410e9)

1m18.119786585s ago: executing program 6 (id=1591):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
unshare(0x2040400)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
fdatasync(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
sendmsg$NL80211_CMD_CONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={0x70, r5, 0x8, 0x0, 0x0, {{}, {@void, @val={0xfffffffffffffece, 0x99, {0x5, 0x52}}}}, [@NL80211_ATTR_DISABLE_HT={0x4}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x88ca}, @NL80211_ATTR_CONTROL_PORT_NO_PREAUTH={0x4}, @NL80211_ATTR_AKM_SUITES={0x18, 0x4c, [0xfac0e, 0xfac03, 0xfac0e, 0xfac10, 0xfac08]}, @NL80211_ATTR_PMK={0x13, 0xfe, "bb8a8cd6bcd267f2ca284b358aecc7"}], @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @random="ef04ab2aea8d"}]}, 0x70}}, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}, 0x1, 0x0, 0x0, 0x24004084}, 0x0)
getsockopt(r0, 0x8, 0x3, &(0x7f00000002c0)=""/200, &(0x7f0000000040)=0xc8)

1m2.803650558s ago: executing program 34 (id=1591):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
unshare(0x2040400)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
fdatasync(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
sendmsg$NL80211_CMD_CONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={0x70, r5, 0x8, 0x0, 0x0, {{}, {@void, @val={0xfffffffffffffece, 0x99, {0x5, 0x52}}}}, [@NL80211_ATTR_DISABLE_HT={0x4}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x88ca}, @NL80211_ATTR_CONTROL_PORT_NO_PREAUTH={0x4}, @NL80211_ATTR_AKM_SUITES={0x18, 0x4c, [0xfac0e, 0xfac03, 0xfac0e, 0xfac10, 0xfac08]}, @NL80211_ATTR_PMK={0x13, 0xfe, "bb8a8cd6bcd267f2ca284b358aecc7"}], @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @random="ef04ab2aea8d"}]}, 0x70}}, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}, 0x1, 0x0, 0x0, 0x24004084}, 0x0)
getsockopt(r0, 0x8, 0x3, &(0x7f00000002c0)=""/200, &(0x7f0000000040)=0xc8)

8.732837129s ago: executing program 7 (id=1782):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0)
write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xfffffffffffffeea)
r1 = openat$mice(0xffffff9c, &(0x7f00000000c0), 0x2800)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r1, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40404022}, 0xc, &(0x7f0000000340)={&(0x7f0000000200)={0x90, r2, 0x10, 0x70bd2b, 0x25dfdbfe, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8}, {0x6, 0x11, 0x9}, {0x8, 0x15, 0x3}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0x5}, {0x8, 0x15, 0x2}}]}, 0x90}}, 0x8004)
r3 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000140))
r4 = syz_open_procfs(0x0, &(0x7f0000000440)='net/ip_vs_stats\x00')
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)={0x1c, r6, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4c0c0}, 0x40080)
sendmsg$NL80211_CMD_FLUSH_PMKSA(r4, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x14, r6, 0x100, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", "", ""]}, 0x14}}, 0x4040001)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(0xffffffffffffffff, 0xc0684113, &(0x7f0000000380)={0x1, 0x5, 0x3, 0x1000, 0x8000, 0x0, 0x6, 0x5, 0x8, 0x6, 0x800001})

8.104292332s ago: executing program 1 (id=1784):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x40081}, 0x4000)
recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x1ff001}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, 0x0}, 0x6393}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000800)=""/202, 0xca}, {&(0x7f00000002c0)=""/230, 0xe6}, {&(0x7f0000003e00)=""/4111, 0x100f}], 0x3}, 0x8101}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000580)=""/152, 0x98}, {&(0x7f0000000b80)=""/231, 0xe7}, {&(0x7f0000001a00)=""/4096, 0x1000}, {&(0x7f0000002e00)=""/4087, 0xff7}, {&(0x7f0000000440)=""/117, 0x75}, {&(0x7f0000000240)=""/100, 0x64}, {&(0x7f0000000080)=""/118, 0x76}, {&(0x7f0000000100)=""/12, 0xc}, {&(0x7f0000000a00)=""/166, 0xa6}], 0x9}, 0x4db}, {{0x0, 0x0, 0x0}, 0x8}], 0x8, 0x40010020, 0x0) (fail_nth: 7)

7.965328331s ago: executing program 1 (id=1785):
r0 = landlock_create_ruleset(&(0x7f0000000040)={0xc015, 0x2}, 0x7bfa2405b9bc58fa, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58)
accept4(r1, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

7.9591935s ago: executing program 4 (id=1786):
r0 = openat$sndseq(0xffffff9c, &(0x7f0000000500), 0x200)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f0000000180)={0x7, 0x0, 'client0\x00', 0x2, "3ce55b18c1f27588", "583d57b0a57e6430d87bc0fb393b14d5e384752fed0f1c8133f3b5ccbae26cfa", 0xfffffffc, 0x8})
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0xfea8, 0xa)

7.69575874s ago: executing program 4 (id=1788):
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x7fff}}, './file0\x00'}) (async)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_CREATE(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, r1, 0x100, 0x70bd2c, 0x25dfdbfc, {}, [@L2TP_ATTR_IP6_DADDR={0x14, 0x20, @private2={0xfc, 0x2, '\x00', 0x1}}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @empty}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5, 0x21, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20008040}, 0x80) (async, rerun: 64)
r2 = getuid() (async, rerun: 64)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000200), r0)
sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x38, r3, 0x224, 0x70bd27, 0x25dfdbfb, {}, [@L2TP_ATTR_IFNAME={0x14, 0x8, 'ip6erspan0\x00'}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x3}]}, 0x38}, 0x1, 0x0, 0x0, 0x40800}, 0x4004885)
socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64)
quotactl$Q_SETINFO(0xffffffff80000600, &(0x7f0000000300)=@nbd={'/dev/nbd', 0x0}, r2, &(0x7f0000000340)={0xb0, 0x34ce, 0x1, 0x5}) (async, rerun: 64)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000380), &(0x7f00000003c0)=0x4) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000400)={0x0, 0x6, 0x6}, 0x8) (rerun: 64)
recvmsg$can_j1939(r0, &(0x7f00000026c0)={&(0x7f0000000440)=@alg, 0x80, &(0x7f0000002640)=[{&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/178, 0xb2}, {&(0x7f0000001580)=""/4096, 0x1000}, {&(0x7f0000002580)=""/67, 0x43}, {&(0x7f0000002600)}], 0x5, &(0x7f0000002680)=""/33, 0x21}, 0x100) (async)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000002700)={<r5=>0x0}, &(0x7f0000002740)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000027c0)={r5, 0x38, &(0x7f0000002780)=[@in6={0xa, 0x4e20, 0xa5b, @local, 0x400}, @in6={0xa, 0x4e20, 0xe2c, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x80000001}]}, &(0x7f0000002800)=0xc) (async)
r6 = inotify_init()
ioctl$BTRFS_IOC_SNAP_DESTROY(r0, 0x5000940f, &(0x7f0000002840)={{r6}, "037c223cc0512ac24cf49bfe3ccb2b03c5af88c282df933aeb0e8e43e0a1368789236506bb6b247efeb3017ee3f59c0a39c929c2052bb8989c72e0f4b81b153b8e7f68e418612566a01624546bc77dce2518f26327e32637ef05144e521df332ee8d123068ed50d618e7ccedd5ff91ed1390f8e23dc506131deaa1fd5dc7ea17dc2805613e20d7e6751f1c19446dd3e0b74f8b2ffe06e16cd3f8a5f74be2b6f1e49ef2004df9005c4c8bf6ebb40acf4dc2556eadcab4d7a4aafba3ebcfdf03403c661a19dade0b69c1e03b971372751e3b993f0efde0190453df9d3ba8930ae5b541c5cf35f9f73821122d8abddef2555578d844e987e655471665a5b017f7ad337e660eddc5cd3b619365abf429de36997dc28864ca5fd3f98550ab8aca0eeb1e0043dad97d62851c7aa5975a4a2d3e7857e2e0087d4577105e8e4e5674532f1396510c199d1833d582b1de10bc26bddfc60d2c763cbca59f73c4a875e828339f8a67423d11155f86fd7b8dce15828593233dbecef1514089c9274c71eff4108df12f0c048a0e3b5059b7c256f9a7e987713271e183bc27115f467158ca4473799da458b44b592f31ec84eaed0c7071d536c1873ca853a3b0fac44e204e4911e5b08997292d73ef080e15af2830772a8d0a1833f7d6ece4ace587f28efd5f9783114a8497039a827ffe902ae1d2decd40db1e5a54abf02bd8e2841509d6449042a8bac3a86d97d5fdcd82208ac31d9142a8e9b6a874d9629b58f8ddfcb1312cd4404f3d50f86abc26130739922738d341b5498b449ecf84820b4eeb1e912997ea06239e81520a42894b5065f308ede073ef73640275e422018b722b91b91029390103ce7da0ff09993a710174a0ebeee2284dea22d04c006e14415b2e059d0ca8f82af929f2704ff38b480a410ef92ddab7b43538bc23abae304e6fde6b343568ef564ad206e95d3e36b4b139d699698c6b01cc3bda824835453bd708e03e5efee86629758d7e6b8a7ce79a4db13b5da2dd92c75c2f4190daa90c727613485453936b5754cfbc6103c8fecc6062de16e60e40498a79706e7b25f6dc0d97c3c26c33db6c5354083db6cfce381fd92406e6b05685777f1241d0a1b852ff8e045af75cc1c495b4de9a43d7f00c4f72cf6cc5134e4c1d69fcbe9bc44fafcd9d0cee1506847e853cd6f096b0950cca11e67f10c24a0d2567a85159eef0007cebb6215fd9fe512acfb145b6663766546fefaaa7fb8a6898dd73f98ee9e5fbcb828c0aee250226678456687b14ac9ba55c4315638ad932766f6a80ae81da9e7e953d0dc32bc3cdd250f0f92d600f5e2c042814fc751bcc868fac88d002de299a620939f4f3ae3fdd503a0945b1d309ed8a65d1823ca6341bc6cd0835b1c9598942c2c94ed1ea97526b6a91ea916c626c1efccfc585044dda10f6cec0493a5797a5d557b48b67f494e3a9a15b0010e3e87d0999f92dba1714a7f7b9377b1dee8769ea0ab770487fb2eb6f1a50e651e18277b892641090b99a81988a7fcbca7e0aae09537e1097e650b8ec7cbc2bef3081ab6a4dc93460d92a7668afd31ac69fe30ea12928ca85f37abd3da51fdc0e7ac49a7df8c9488fa7c503324d9eaf443317869cc3eaf639da6003999a0c962378230456cdc038b147c43608d873caffcb2dcff42e1b87295b8580b2f3cbfee7cea76c75b0fd3790c643b773f284a08ba0183c2e6215ff43996d869846c3420352ca8650ec6142ded00f2a51a91d860d020f8a960dcaac36d0278b16c0947dbb0a6783709c8003062254751619c238014acea15464be1ccfd753c46e340475fb732e300e61c3b657a2cf162cdee796d818c427dc08815f5730a5921382351f156ba0c3c78ce74a37a4aef47b49c45c59c7f4cacb0c25cf67e48857e29c537e972ae1e8c5f062bf59225fc02667a2b308fcc8456dd781a4a0b42d33b31e7fa153e678081588d97f4ffd728cff0e47d82e0e08c8f474558a0d255ba39e75248fbb93a5e7f361d7394356445dc1345e5b45f0152ff26cd444b737839b279f8909d6cadc144f04f166944fc22dd20be2bcff63b95d8dd48afb88ba95f4fd2958bb06e00f08e6d65ea068dc76e17f2730a93ecfd556903f11646845556592ccbdc922b25f539ffa98a4dfac40910bc4426e1c3a9fa59034c744d0d973446e4479d2972d4ef7b550dad9e95666004c3e37e39e96d5376a035571f535f30a1f7290baa0c5a329f95f45289472f6729b4834ff799eae628c165ed2e18a10198565da30bfc5e6f09a91912a1c41f57f25a3e58ed62ecfb640797bc9b4ed0609618267b296f17ad1df67053cbcb45b25eceb999c90da506212ccf821fe02e8e1a64ff498b9b085c15a5884e544a7a6f32e1d40ee0ec642ae3a71726f20940f30da7e604e8cc79c807dbba0341de2adec4bfaba4fa8bad87e3d77cf77590f0c00d3f1e7f036c4fe3656571d1aa34ebec8429cd89cee1e67abccd1cd977ac8df0f7b8cbd542161d32c245078c3ab2d7c5d3e0696bd944f825381bb82c1ff642df285d7c3293cc3a615558d6c570a1490e636f2e40572b06a7d5acb501e7356ddff4610813a36691c2624cb453342045f45b33df99dbdaf4f3a37c30c7bf9bbfd0c332fc6f009e1221efe0d1965f535ff2732489edc7a8d673a5558ad6101700563b42a18e102045ede18032fd36c830433e848183fcb5a1857d961c65c6c61476ea7220baf08309d17eff91630c6adf7642b6aab4d60ae7b51cd8028eccaccfe898f829cd719efae089f9d31cb92805435977c31684a540d0957fe6041e94b15600aca9b0d3520c2ed0616f71f75cc9b0b0e1ac916ff3f8cf2abace22a3ffef25c3e662b943093065a0da40b10eebf25a144dae803453791c699f89530fa2fc9a3fdc70f6d877163d15773211610c29100fe6793c38df62034eadf89f512a0098e0f8fadebe682b85053b86bb8fae9375c2776b9c0090cc0ad663630ae79976af21270071b501d03ef34d068eb283a4d09d1769de32aa986b253c651ea3e687a6e6bac1a360ac9851c8b2f3296b8687052a2eb0eb777d73cc8e26e752408608e24a57803b8056e8411b61e8a5bcf62d4e2b7db21844eb693292d4eccf8bad7c67cca069b6a13469e15e35faa452ebf4b242c75107206e9a6ef811a66e5b99889b6b7ff2fc859c526ec705d3a1cf64570014ca4672ce78583d4bafe38f5215dae425a03b383c68401e74b309226d2e5f2217a7f553a5a734241cc80132ba4fdef001fa52874cbe1b80f813a2db312a71b149db717b7285fefa14926ea7b261dc264f2e557ca878c2d778b07f92c44d0684b2ae82c9c0a4d2e84222050e681daf9b3e9e4cbdb21dd38e5fedff9dcdcf5f5a9f9a92e9c6bd37085aab691674f552cd2e195a0daa6d1bfdc3fbf1e5bfecf4eb06150b18de67447dfe7dc4da5ed9567b7632325442194fe609428a2b72968a541629e15c16854a8bcd5c39a8417cc6f08117ecb2a6670d5923647b3c12ebafef9c569e216f87a81f46e90c1acb53422ff4f4557127664c7bff2b1edd369becb71ffd03ffa22721d004e37b9a67e3db3182357536f5c859d73ced12ffea318c2d9ad0650133142d6ce67731c5cf2d06e82a316576e29097be1defd4ca6abf933877d510e73c9d8eb100de27b16ff280826de39c54cd8eb4df6b740455f48c128d17fbbfb570a147ed8236d32382a372ca7b1567c5c3010a73c282d313ea5a77b3e8ed1e81013b3a3d2dd940ff40ca598f2710916b50dcfa5c8f8cccda22ae1562a3975582ed0c705a9bcc9b531fb075d5e400f3c970f9ec59a985395488f25f28e2e1ce32f50e1416596c5d61b4f945bb7b269b966de6c44dd8c3daec2be64d6417eaf61f6d4ec2228598831f12aa8296aa6df9fecdf7e960c23a02779142687c4ea5dfccfeab22daa2d67d6f633f7e271e903894469a784d41fd8938809521f6bf344dca125f0aecac19bcae9d569958cdf4870645ad057b92e12b84b1c3ef59bf7b4895d57cff8fcfc45e2053e35b0eb87ac196839efc55c6d48ff715b6f2a55cb4665acd25bc008f5ef3667bdf60483d4323fc2dc0bfbca09b694041e1d58a6260790d6d0725173bc3c59d63c95a79be4b746b3f1cbc2250c0b47229b28ba36aa88c13f14fd70eeefe348f3bfed4648109140e0bafd3f91b1b5f5f901645288466cab46e43e23e7bbe839162288d9db73f9f8050c89c63f448fa1b311443d5461e00625394ff1ef931ea5fe18ea37b7d61e8908c793c962e877e330c179598aba576c8660265d7ee97146150e7cddeae810a21d63e913c2d2d01fff5ed939440fffc4f29912645997b95daa55795a31eabf6f4311fb82e511745df8a3d3635af5c25e69dfdcc4c54aefbe6e7f3e3d44e04fc6ffc21f8feaaee9184bc30aa6afbbc6a73cdb56ef139327ef7dae0f874dad1eb5c1316fce8ed924eed9807fd0b18925467004b2da633d261286d58d9ffcbd7d75b9df4b54307008e205cf6f1d25edf22b0f8bdcdbd0078821474aa44e996f6fd4992a62f4272f344290b5e8bec6040ce84af438d663ffe3ee20302e0b04dec2c9db568c7b4c14ec27dfbe9ec767ad5b090bb8b05ba4d45383ad58a936ae5e789514f4de17e9bc61c0d0df6e15702c2f4d59d0cd3d852c9da9df371ed8999af7ef7c2525c1f6d17eb9d63a000a0b07cb40f3ffa44ea987a9eb6e93ba91ebaec965a35eddeff097457b1b0f2bbad9e04cb5442f3423db6d436687a0cc3e093a95ae3ee776e9e8667269d394060328a2dd1eb0b2efcabc5284e04c43a67c8fb2450a11e45f2a0eec27b0f9d0ce7b7b9289c0dbb2e03a902aa30dc343160cb0fafa89a1415c6b0976f6712fc4ca2897b046dacd89d7485175530e213a805aa4d1065b64fe5138481906f97db675f919dfd41ba7f4ea6ae917669c0087b96c92f843cfc456f002df1993e70d3d89d5310b6e99994ea8ff38886ec36375663aab1ff30ffad67bd568af1c761fd613e0e0361fb7aa1264cd06cd045580bd26b725026c1007570f5fee3a2197aa448aa71e06463dd4bb480c7cdf0b95dc5e14dc7e04ffd14d7dc6e49239285cfdb2d00ff2ccb4ee9ff24fcd830f3d43940546e391f869557dd8f9970c5351732700fa57f961a61b0f6545f4d259ad87774f72f1eb3945fb8199c5b19c8d71833f257ceb8b8f7737a42348b8c1c849d105722bff663a02ccd2d634c64c04879bb197a77101725863687d0522b6f93465f06d020f08e676469ded18c2f63b8e9ed22ce02f166b794336baee64cc6f0883a88d3ec2a63894964d16c379440e05401d80586bf5b83fb4d377315440052c1abc9add8592af812878e4a3d870406a7393d2928b279d4a029ad7b14bdcf0d163c1c325ac4f500bb8e10d068cfd3b0f950b697becbb32ebb705402d725ed12942c8d94f8f85e1cf2294603694216906eb537b267b89da0e0b8afdd96ab8e6bdd6b5a7e97f6d6a62c9e37d0a3989e5d00d23021bb70fc145c2254b157ec3aafc31ab46d893f2f050234034263bc6501383c2785a7ef8b77a38fa26e86f394678e017f9b7689955f51b9681123850074364e1312c04e0b2f046fc07f910338f6b0e3c7ed6b0ab9721974bde66ed88286207f9f7712bb2e60427f88cb7d5157b1bdbe178a870e25b768a2795e5fc51f31f01547709b95530f96f482e5153a3e71cc983338c0965f041e0f52fe33bca37765bdf87c27435d98a4eb2502df54ec34f8cad132d365d2df9ae01eb10fa65e2ea4e1936bd3f8c236b"}) (async, rerun: 32)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000003940)={&(0x7f0000003840)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000003900)={&(0x7f0000003880)={0x54, 0x1402, 0x400, 0x70bd2b, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r0}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x4040800}, 0x810) (async, rerun: 32)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r6, 0xf501, 0x0) (async)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000039c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_STATION(r4, &(0x7f0000003ac0)={&(0x7f0000003980)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000003a80)={&(0x7f0000003a00)={0x74, r7, 0x400, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x0, 0x5d}}}}, [@NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x6a}, @NL80211_ATTR_STA_FLAGS={0xc, 0x11, 0x0, 0x1, [@NL80211_STA_FLAG_WME={0x4}, @NL80211_STA_FLAG_SHORT_PREAMBLE={0x4}]}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0x14, 0xbd, [0xffff, 0x9, 0x1000, 0x6, 0x101, 0x6, 0x1ff, 0x401]}, @NL80211_ATTR_STA_PLINK_ACTION={0x5}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x23d}, @NL80211_ATTR_STA_EXT_CAPABILITY={0x4}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x2}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x77c}, @NL80211_ATTR_STA_PLINK_STATE={0x5, 0x74, 0x6}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000010}, 0x4091)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc00c64b5, &(0x7f0000003b40)={&(0x7f0000003b00)=[0x0, 0x0, <r8=>0x0], 0x3})
socket$inet6_udplite(0xa, 0x2, 0x88) (async, rerun: 64)
ioctl$F2FS_IOC_GET_FEATURES(r4, 0x8004f50c, &(0x7f0000003b80)) (async, rerun: 64)
read$FUSE(r0, &(0x7f0000003bc0)={0x2020}, 0x2020) (async, rerun: 64)
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000005c40)={r8, 0x0, <r9=>0x0, 0x0, 0x0, 0x4, &(0x7f0000005c00)=[0x0, 0x0, 0x0, 0x0]}) (rerun: 64)
ioctl$DRM_IOCTL_MODE_GETFB(r0, 0xc01c64ad, &(0x7f0000005c80)={r9}) (async, rerun: 64)
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000005cc0)={0xdddd0000, 0x0, 0x1}) (rerun: 64)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r0, 0xc02054a5, &(0x7f0000005d00)={0xfff, <r10=>r0, 'id1\x00'})
recvfrom(r10, &(0x7f0000005d80)=""/146, 0x92, 0x40, &(0x7f0000005e40)=@pppoe={0x18, 0x0, {0x0, @remote, 'pimreg1\x00'}}, 0x80) (async)
ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r4, 0x8040942d, &(0x7f0000005ec0))

7.648537491s ago: executing program 1 (id=1789):
prctl$PR_SET_KEEPCAPS(0x8, 0x3)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect(0x3, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
read$char_usb(r2, &(0x7f00000002c0)=""/151, 0x97)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x20000023896)
close(r4)
r6 = gettid()
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x20802, 0x0)
syz_emit_ethernet(0xe3, &(0x7f0000000640)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0xd5, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @empty}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x800, [0x5, 0x39e]}, {}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0xc}}}, {}, {0x8, 0x6558, 0x0, "086b041e089725fe37cbf9f56d9f5940c822e8ae662d1e9889a3c6c07a1f832b7db8a6fbb301b2a232cd341a43fd537a59c5a10dab4af40381de578e548ac9785cacb374064f58c7452f8c71f36c7959488a74fe2adae10d30e578ac12fafce32b670fa8283a22d0013b6a2e580ebca17379fe3a5429d33807"}}}}}}, 0x0)
sendmmsg$alg(r1, &(0x7f00000091c0)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d", 0x2a}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
prctl$PR_SET_KEEPCAPS(0x8, 0x0)
ioctl$sock_SIOCGPGRP(r5, 0x8904, &(0x7f0000000040)=<r7=>0x0)
rt_tgsigqueueinfo(r6, r7, 0x3e, &(0x7f0000000080)={0x3f, 0x54, 0xff})
recvfrom$unix(r1, &(0x7f0000000000)=""/41, 0x29, 0x20, 0x0, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x32060, 0x0)

7.403940569s ago: executing program 4 (id=1791):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0xa4242, 0x0)
r1 = dup(r0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
pipe(0x0)
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000600)={0xaa, 0x298})
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_WRITEPROTECT(r4, 0xc018aa06, &(0x7f0000000000)={{&(0x7f0000bd8000/0x3000)=nil, 0x3000}, 0x1})
ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00001b1000/0x4000)=nil, 0x400000, 0x2, 0x2})
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f0000000280)={0x1, 0x3, 0x2, 0x2, 0x5})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r5, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000003c0)={0x11c, 0x0, 0x4, 0x70bd2b, 0x25dfdbfb, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0xea}, {0x6, 0x11, 0x9e}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x1}, {0x6, 0x11, 0x9}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8}, {0x6, 0x11, 0xf801}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x9}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0xba8}, {0x6, 0x11, 0x6}}]}, 0x11c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r7=>0x0})
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x38, 0x16, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x401}]}]}], {0x14}}, 0x8c}}, 0x0)
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/msg\x00', 0x0, 0x0)
pread64(r9, &(0x7f0000000a00)=""/126, 0x7e, 0x7)
r10 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x2a803)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r10, 0xc10c5541, &(0x7f0000000280)={0x2, 0x100004, 0x20})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0500000000000000000021000000080003006a86c96bc0cf7a04865d666aae5cd6000ec620eee21f2590c21eb9e894933e1820348fbff27ad185644ad3f1a9ce1156216bbe5ca76dac0d9365016e2fbe62341224de414cd56763bc004b4af2f5decc6e47f7c8095f3f3e91f23bfdc97cc3dfd551d74274238fb1e3bb3149b4a3672a270c8cc8fcd37d", @ANYRES32=r7, @ANYBLOB="11002a00dd0b6162636465666768696a6b00000010002d800a0000000202020202020000"], 0x40}}, 0x0)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
write$6lowpan_enable(r1, &(0x7f0000000080)='1', 0xfffffffffffffe51)

7.308295192s ago: executing program 7 (id=1793):
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fsopen(0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x5, 0x0, 0x0, 0x0, 0x2, 0x9, 0x8, 0x40, 0x3}, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r2, &(0x7f0000000280)='g', 0x1, 0x4008891, &(0x7f000005ffe4)={0xa, 0x0, 0x202, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x41}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000100)={0xb, 0x6, 0xfe, 0x2, 0x3, 0x80, 0x5, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x9}, 0xe)
setsockopt$sock_int(r2, 0x1, 0x28, &(0x7f0000000000)=0xf66, 0x4)
shutdown(r2, 0x1)
recvmmsg(r2, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000500)='./binderfs2/custom1\x00', 0x2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1, 0x4})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r5 = dup3(r4, r3, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
syz_io_uring_setup(0x66e, &(0x7f0000000240)={0x0, 0x29cc, 0x10100}, &(0x7f0000000380), &(0x7f0000000200))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r5)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000340)={'wlan0\x00'})

6.396283056s ago: executing program 0 (id=1796):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4}) (async)
mremap(&(0x7f0000aaf000/0x3000)=nil, 0x3000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) (async)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) (async)
read$FUSE(r1, &(0x7f0000006300)={0x2020, 0x0, <r2=>0x0, <r3=>0x0, <r4=>0x0}, 0x2020) (async)
mkdir(0x0, 0x0) (async)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async, rerun: 32)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) (async, rerun: 32)
r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_ro(r5, 0x0, 0x275a, 0x0) (async)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x34014c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50) (async)
syz_fuse_handle_req(r1, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_fuse_handle_req(r1, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb1000008747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb80035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22383e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485a4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2245eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e4c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad64c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc590800", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x78, 0x0, 0x6, {0xfeffffffffffffff, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3966, 0x1, 0x8000, 0xfffffffc, r3, r4, 0x3, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x80101, 0x101)
write$tcp_congestion(r6, &(0x7f00000000c0)='lp\x00', 0xfffffdef) (async)
dup2(r6, r1) (async)
write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000100)={0xfffffffffffffeab, 0x1, 0x0, {0x2}}, 0xffffffe8) (async)
syz_usb_connect$uac1(0x0, 0xa4, 0x0, 0x0) (async)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000400)={0x53, 0xfffffffffffffffe, 0x1, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000240)="a8", 0x0, 0x8, 0x0, 0x1, 0x0})
syz_io_uring_setup(0x111, &(0x7f0000000140)={0x0, 0x334e, 0x10, 0x4, 0x312}, &(0x7f00000029c0)=<r7=>0x0, &(0x7f0000000300)=<r8=>0x0) (async)
socket$packet(0x11, 0x3, 0x300) (async, rerun: 32)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) (rerun: 32)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7}) (async)
write$UHID_CREATE2(r9, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) (async)
mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x12, r6, 0x0) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000000)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x20, 0x0, @fd, 0x5, 0x0, 0xb, 0x7})

5.428030052s ago: executing program 0 (id=1798):
r0 = syz_open_dev$video4linux(&(0x7f0000002c00), 0xb244, 0x80000)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(r0, 0xc040564b, &(0x7f0000000180)={0x9, 0x0, 0x1007, 0x1, 0x3, {0x80000280, 0xffff}, 0x1}) (async)
r1 = socket(0x2, 0x3, 0x101)
connect$inet(r1, &(0x7f00000000c0)={0x2, 0xfffd, @local}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) (async, rerun: 64)
madvise(&(0x7f0000328000/0x4000)=nil, 0x4000, 0x65) (rerun: 64)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 32)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) (async, rerun: 32)
r4 = socket$netlink(0x10, 0x3, 0x4)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="18000000160000022bbd7000ffc978db76771797", @ANYRES32=0x0], 0x18}}, 0x0) (async, rerun: 32)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) (async, rerun: 32)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x5}, 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94) (async)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb0100fcd51118000000000400000c0000000c000000020000000000000000000004000000000000"], 0x0, 0x26}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r5, 0x20, &(0x7f0000000100)={0x0, 0xfffffffffffffc46, 0x0, 0x0}}, 0xfffffdae)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x7, &(0x7f000022c000/0x3000)=nil) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, 0x0) (async)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffffffe}]})
r8 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0x109003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r8, 0xc0184800, &(0x7f0000000100)={0x4, r7})

5.292347013s ago: executing program 7 (id=1800):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
socket(0x2000000000000021, 0x2, 0xe128)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xffffffff}, 0x5b)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, 0x0, 0x0)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r5, &(0x7f0000000a00)={'syz1\x00', {0x6ec9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x6, 0xf5, 0x9, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x4623b, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x3, 0xd, 0x3, 0xba55, 0x1000, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0x0, 0x8, 0x9, 0x1, 0x199f, 0x8, 0x2, 0x9, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0xf7, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0x0, 0x5, 0x1, 0xffffffff, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffffd, 0x101, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0x200, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x3], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x7, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0xffffffff, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x9, 0x2, 0x20000005, 0x80, 0x9, 0x9, 0x47, 0x2, 0x3, 0x4, 0x7, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0xffffffff, 0x4, 0x3, 0x6, 0x100fffd, 0x2005, 0x7, 0x4, 0xea, 0x9, 0x5, 0x2, 0xd9, 0x0, 0x7ff, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x4, 0x50, 0x8, 0x763, 0xb, 0x402, 0x800, 0x2, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e0, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x403b, 0x2, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x8a8, 0x2, 0x40, 0x7, 0x2, 0x4, 0x4, 0x10, 0x0, 0x0, 0x7fff, 0x1, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0xfffffffd, 0x7, 0xe, 0x2, 0xe, 0xf, 0x133, 0x6]}, 0x45c)
ioctl$UI_DEV_CREATE(r5, 0x5501)
readv(r5, &(0x7f0000001900)=[{0x0, 0xea}], 0x1)
write$input_event(r5, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f)
ptrace$PTRACE_GETSIGMASK(0x420a, 0x0, 0x0, 0x0)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000140), 0x21041, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0xe)
ioctl$VT_SETMODE(r6, 0x5602, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)

5.188109939s ago: executing program 4 (id=1801):
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16, @ANYBLOB="010829bd7000000000000b00000008000300", @ANYRES32, @ANYBLOB="60005080110001004abee339084eeef16f162471f4000000080003000aac0f00050002"], 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0x38}}, 0x40000)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010829bd7000000000000b00000008000300", @ANYRES32=r2], 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x0) (fail_nth: 7)

4.8818235s ago: executing program 4 (id=1802):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$media(0x0, 0x0, 0x101d01)
r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0)
fcntl$setlease(r2, 0x400, 0x1)
sendmsg$nl_netfilter(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'tunl0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_blackhole={0xe}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x3, 0x10, 0x0, 0x8, 0x0, 0x73f, 0x3}}, {0x4}}]}]}, 0x58}}, 0x4800)
r5 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_S_OUTPUT(r5, 0xc004562f, &(0x7f00000000c0)=0x1)
ioctl$VIDIOC_S_DV_TIMINGS(r5, 0xc0845657, &(0x7f0000000580)={0x0, @bt={0x13, 0x7c5, 0x1, 0x2800, 0xd59f80, 0x2, 0x5, 0xb, 0x8, 0x0, 0x722, 0xffffffff, 0x7, 0x9, 0x2b, 0x1c, {0xffff945a, 0x1}, 0x5, 0x2d}})
r6 = openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0)
ioctl$SNDCTL_DSP_SPEED(r6, 0xc0045002, &(0x7f0000000040)=0x10000)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPCTNL_MSG_EXP_GET(r2, &(0x7f00000004c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000480)={&(0x7f0000000380)={0xe8, 0x1, 0x2, 0x101, 0x0, 0x0, {0x5, 0x0, 0x9}, [@CTA_EXPECT_HELP_NAME={0xe, 0x6, 'irc-20000\x00'}, @CTA_EXPECT_NAT={0x84, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x80, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0xb8}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}]}]}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x3}, @CTA_EXPECT_MASK={0x28, 0x3, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0xc1}, @CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x2}]}, 0xe8}, 0x1, 0x0, 0x0, 0x8981}, 0x400c040)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = add_key$user(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000080)="01", 0x1, 0xffffffffffffffff)
r10 = add_key$user(&(0x7f0000000140), &(0x7f00000007c0)={'syz', 0x0}, &(0x7f0000000980)="f40fc24077021c9b084c60ffc26fd06301176d36c2f546f10626db12b9e78d629870bb26edb4a5e1cc09ed8c58ca4fe84b94a7b70000000000000000002945ffebbfea11dd3d0df936a10285ecc1ad2243d878dde6cfd6ea08d5abcb00bb35436929ddabce530b63fab525337057438cf64a506d54d5c83e3e593d1d53ad0e6a44168fe8cfc6ad98b653d80636e4ddc1f2ab58762b57f5b606a43e50874c90143034142cd5f7bd9b4dd8b57fbccb69ba4376b97b7feb75b9138dde818a3c6b96dd8000"/209, 0xd1, 0xfffffffffffffffb)
keyctl$dh_compute(0x17, &(0x7f0000001340)={r10, r10, r9}, &(0x7f0000003f00)=""/4101, 0x1005, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="4400000010004b0400000000fedbdf257a000000", @ANYRES32=0x0, @ANYBLOB="000004ba61af7b79cf7e58eca9a79578680000000000240012800b0001006772657461700000140002800500"], 0x44}}, 0x0)
semget$private(0x0, 0x1, 0x5db)
listen(0xffffffffffffffff, 0x2)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r11 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x54, r11, 0x1, 0x70bd2d, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x14, 0x2, @in={0x2, 0x0, @empty}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x0)

4.250582082s ago: executing program 5 (id=1803):
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f00000000c0)={0x1, 0xaa4, 0x0, &(0x7f0000000100), 0x0, 0x33})
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x1, 0x5, 0x470, 0x6, 0x8000000000000000, 0x2, 0x58, 0xa2e, 0x3, 0x7fffffffffffffff, 0x8, 0x5, 0x7, 0xffffffffc9507190, 0x1ff], 0x10000, 0x400})
ioctl$KVM_SET_CLOCK(r1, 0x4188aec6, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r2, 0xffffffffffffffff, 0x0)

4.201006254s ago: executing program 0 (id=1804):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0)
write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xfffffffffffffeea)
r1 = openat$mice(0xffffff9c, &(0x7f00000000c0), 0x2800)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r1, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40404022}, 0xc, &(0x7f0000000340)={&(0x7f0000000200)={0x90, r2, 0x10, 0x70bd2b, 0x25dfdbfe, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8}, {0x6, 0x11, 0x9}, {0x8, 0x15, 0x3}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0x5}, {0x8, 0x15, 0x2}}]}, 0x90}}, 0x8004)
r3 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000140))
syz_open_procfs(0x0, &(0x7f0000000440)='net/ip_vs_stats\x00')
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)={0x1c, r5, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4c0c0}, 0x40080)
r7 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r7, 0xc0684113, &(0x7f0000000380)={0x1, 0x5, 0x3, 0x1000, 0x8000, 0x0, 0x6, 0x5, 0x8, 0x6, 0x800001})

3.452169482s ago: executing program 5 (id=1805):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/netlink\x00')
pread64(r3, &(0x7f0000000080)=""/102356, 0x18fd4, 0x200)
r4 = timerfd_create(0x0, 0x0)
timerfd_settime(r4, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
readv(r4, 0x0, 0x0)
r5 = getpid()
r6 = syz_pidfd_open(r5, 0x0)
r7 = socket$pppl2tp(0x18, 0x1, 0x1)
setsockopt$pppl2tp_PPPOL2TP_SO_REORDERTO(r7, 0x111, 0x5, 0x80000004, 0x4)
setns(r6, 0x24020000)
syz_clone(0x12800100, 0x0, 0x0, 0x0, 0x0, 0x0)
rseq(&(0x7f0000000180)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
rseq(&(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x2, 0x800, 0xf3, 0x2}}, 0x20, 0x1, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r8, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r8, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r8, 0x29, 0x1, &(0x7f0000000780), 0x4)
rseq(&(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x4, 0x1, 0x1, 0x8000}, 0x4}, 0x20, 0x1, 0x0)

3.319609489s ago: executing program 1 (id=1806):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000004c0)="3e262e470f01c3b9800000c00f326201008e7300d70000d700640f008cc4e3710aa6006000002cc4617d11ad8d41f090f20f01f866baf80cb81667858cef66bafc0c66ed410f01c50f21a5a1305caa8ad5a75818", 0x54}], 0x1, 0xb, 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000400)={0x34, 0x0, [{0x86956090991702cc, 0xfffffed6, &(0x7f0000001e80)=""/133}, {0x0, 0xfffffffffffffdd3, &(0x7f0000000500)=""/10}]})
close_range(r2, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000003c0)=ANY=[@ANYBLOB="88020000", @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="610233005030010008021100000108021100"], 0x288}, 0x1, 0x0, 0x0, 0x800}, 0x0)

2.986703801s ago: executing program 0 (id=1807):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000002140)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000180)={0x50, 0x0, r1, {0x7, 0x2b, 0xfffffffc, 0xeb4b89e7d6752632, 0xc, 0x82b, 0x3, 0x1, 0x0, 0x0, 0x47696b33bbbec408}}, 0x50)

2.764072438s ago: executing program 1 (id=1808):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0xa4242, 0x0)
r1 = dup(r0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
pipe(0x0)
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000600)={0xaa, 0x298})
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_WRITEPROTECT(r4, 0xc018aa06, &(0x7f0000000000)={{&(0x7f0000bd8000/0x3000)=nil, 0x3000}, 0x1})
ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00001b1000/0x4000)=nil, 0x400000, 0x2, 0x2})
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f0000000280)={0x1, 0x3, 0x2, 0x2, 0x5})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r5, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000003c0)={0x11c, 0x0, 0x4, 0x70bd2b, 0x25dfdbfb, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0xea}, {0x6, 0x11, 0x9e}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x1}, {0x6, 0x11, 0x9}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8}, {0x6, 0x11, 0xf801}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x9}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0xba8}, {0x6, 0x11, 0x6}}]}, 0x11c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r7=>0x0})
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x38, 0x16, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x401}]}]}], {0x14}}, 0x8c}}, 0x0)
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/msg\x00', 0x0, 0x0)
pread64(r9, &(0x7f0000000a00)=""/126, 0x7e, 0x7)
r10 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x2a803)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r10, 0xc10c5541, &(0x7f0000000280)={0x2, 0x100004, 0x20})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0500000000000000000021000000080003006a86c96bc0cf7a04865d666aae5cd6000ec620eee21f2590c21eb9e894933e1820348fbff27ad185644ad3f1a9ce1156216bbe5ca76dac0d9365016e2fbe62341224de414cd56763bc004b4af2f5decc6e47f7c8095f3f3e91f23bfdc97cc3dfd551d74274238fb1e3bb3149b4a3672a270c8cc8fcd37d", @ANYRES32=r7, @ANYBLOB="11002a00dd0b6162636465666768696a6b00000010002d800a0000000202020202020000"], 0x40}}, 0x0)
write$6lowpan_enable(r1, &(0x7f0000000080)='1', 0xfffffffffffffe51)

2.750913979s ago: executing program 7 (id=1809):
r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x4000}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x2, 'syz1\x00', 0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0x40405515, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x4000}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7ad, 0x0, 0x0, 0xc7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8]})
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x13)
socket$inet6(0xa, 0x800, 0xf1)

2.721218779s ago: executing program 0 (id=1810):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000003c0)=ANY=[@ANYBLOB="88020000", @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="610233005030010008021100000108021100"], 0x288}, 0x1, 0x0, 0x0, 0x800}, 0x0) (fail_nth: 7)

1.592384104s ago: executing program 0 (id=1811):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
r2 = syz_open_dev$video(&(0x7f0000000040), 0x8, 0x103000)
ioctl$VIDIOC_S_SELECTION(r2, 0xc040565f, &(0x7f0000000940)={0xa, 0x100, 0x1, {0x3, 0xffffffff, 0x403}})
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
unshare(0x2c020400)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x2000001, 0x812, r3, 0xffffd000)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FD_FRAMES(r4, 0x65, 0x5, &(0x7f0000000040)=0x1, 0x4)
syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_ep_write(r1, 0x82, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.536898119s ago: executing program 5 (id=1812):
futex(&(0x7f000000cffc), 0x3, 0x801, 0x0, &(0x7f0000000040), 0xfffffffc)
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000340), 0x610000, 0x0)
fcntl$setsig(r0, 0x404, 0x21)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_int(r1, &(0x7f0000000080)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0)
write$cgroup_int(r2, &(0x7f0000000200)=0x8, 0x2)

1.442842608s ago: executing program 7 (id=1813):
r0 = syz_open_dev$ndb(&(0x7f0000000200), 0x0, 0x105301)
ioctl$BLKBSZGET(r0, 0x80041270, &(0x7f0000000280))
getpgid(0xffffffffffffffff)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = memfd_create(&(0x7f0000000680)='\x103q}2\x9a\xce\xaf^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99\x18\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1f\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\tRJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd99C\x9fF\x9c[M=\xa0^\xa8\xed)\xe8Z\xe8\x9b&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xc9\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8ZmH\x98\xaeb\xa5B5)\x80m\xff\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6\x05\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa\x19\x06U)j!\x91\'\x98\xd2kFN\xfa\x80)O\xb9(!n\x9d\x13\x15\xf1\x1a\xb8y\x14l\xd1', 0x7)
ioctl$FS_IOC_RESVSP(r2, 0x402c5828, &(0x7f00000000c0)={0x0, 0x0, 0x1, 0x762})
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r2, 0x0)
r3 = openat$cgroup_pressure(r1, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r3, &(0x7f0000000140)={'full', 0x20, 0x7f, 0x20, 0x40}, 0x2f)
r4 = openat$cgroup_pressure(r1, &(0x7f00000000c0)='io.pressure\x00', 0x2, 0x0)
ppoll(&(0x7f00000001c0)=[{r3}, {r3, 0x10}], 0x2, 0x0, 0x0, 0x0)
write$cgroup_pressure(r4, &(0x7f0000000100)={'some', 0x20, 0x4, 0x20, 0xffffa}, 0x2f)
close(r4)
syz_emit_ethernet(0x46, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000000000000800450000380000000000019078ac1e0001ac1414aa0b00907803000000450000020000000000330000000000007ff17d61a7d7000001080000"], 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="200000050000000000000000000000000a000000000000000800050011ea651a95f6741758e8810e976b3f9609b0f02afda4eb1f41db0bc78dff1b42277f8102ca87f96ed2ea2b5f23476ae001d9d74ca2e9ca17cb4eb0f906e66e59435fe52fe92e", @ANYRES32=r7, @ANYBLOB="adbab1f454cd8473a0635088ab653867b46b81e988780ccbe84e0680f4ca38eba756587126538301528f1c9fa68b277a9c4f9b98893bfa8461013b74f7557faa42198db71571ad2c666680203e8474d71a7010469a6cf1a0ce5dbc9f8809fcc8a1953d580ff278b1f22f0ca7637d91d5da13d4434b96513950e90ec5e77838f6edd4dfc2582cbbbb1e56e345749dd93de0527dddf30e51679f30d82769165eb6a8399bbae3be1639c6ef84e6ae4e"], 0x20}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$FS_IOC_FSGETXATTR(r8, 0x801c581f, 0x0)
setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0)
openat$adsp1(0xffffffffffffff9c, 0x0, 0xa0201, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r9 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x82)
ioctl$SCSI_IOCTL_SEND_COMMAND(r9, 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0200"])
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)

1.068446238s ago: executing program 5 (id=1814):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DEL(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="e00000000a06010100000000000000000300000908000940800000010900020073797a310000000005000100070000000800094000000005880008800c000780080009"], 0x13a}, 0x1, 0x0, 0x0, 0x2400c080}, 0x48080) (fail_nth: 7)

511.522483ms ago: executing program 5 (id=1815):
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f00000000c0)={0x1, 0xaa4, 0x0, &(0x7f0000000100), 0x0, 0x33})
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x1, 0x5, 0x470, 0x6, 0x8000000000000000, 0x2, 0x58, 0xa2e, 0x3, 0x7fffffffffffffff, 0x8, 0x5, 0x7, 0xffffffffc9507190, 0x1ff], 0x10000, 0x400})
ioctl$KVM_SET_CLOCK(r1, 0x4188aec6, &(0x7f0000000040))
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)

233.400235ms ago: executing program 7 (id=1816):
prctl$PR_SET_KEEPCAPS(0x8, 0x3)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect(0x3, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
read$char_usb(r2, &(0x7f00000002c0)=""/151, 0x97)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x20000023896)
close(r4)
r6 = gettid()
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x20802, 0x0)
syz_emit_ethernet(0xe3, &(0x7f0000000640)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0xd5, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @empty}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x800, [0x5, 0x39e]}, {}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0xc}}}, {}, {0x8, 0x6558, 0x0, "086b041e089725fe37cbf9f56d9f5940c822e8ae662d1e9889a3c6c07a1f832b7db8a6fbb301b2a232cd341a43fd537a59c5a10dab4af40381de578e548ac9785cacb374064f58c7452f8c71f36c7959488a74fe2adae10d30e578ac12fafce32b670fa8283a22d0013b6a2e580ebca17379fe3a5429d33807"}}}}}}, 0x0)
sendmmsg$alg(r1, &(0x7f00000091c0)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d", 0x2a}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
prctl$PR_SET_KEEPCAPS(0x8, 0x0)
ioctl$sock_SIOCGPGRP(r5, 0x8904, &(0x7f0000000040)=<r7=>0x0)
rt_tgsigqueueinfo(r6, r7, 0x3e, &(0x7f0000000080)={0x3f, 0x54, 0xff})
recvfrom$unix(r1, &(0x7f0000000000)=""/41, 0x29, 0x20, 0x0, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x32060, 0x0)

123.56951ms ago: executing program 4 (id=1817):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3d}}]}, &(0x7f0000000100)=0xc)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000340)=0x8)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
inotify_init()
setrlimit(0x2, &(0x7f00000000c0)={0x0, 0xfffffffe})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r4, 0x0)
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000010000000000000007000000ff"])
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @hyper}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1f, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
write$uinput_user_dev(r5, &(0x7f0000000b00)={'syz0\x00', {0x5, 0x7, 0x3, 0x7}, 0x50, [0x2, 0x9, 0x0, 0x1, 0x8, 0xea45, 0xe, 0x1, 0x63, 0x0, 0x6, 0xc, 0x8, 0x9, 0x1, 0x4, 0x1000, 0x1, 0x51, 0x8, 0x800, 0xfffffffa, 0x3ff, 0x4, 0x7, 0x10001, 0xffff, 0x0, 0x4, 0x6, 0x401, 0xc, 0x9, 0x4, 0x7f, 0x1, 0x5, 0x4, 0x1, 0x4, 0xa, 0x8, 0x3, 0x9, 0x804d7f, 0x2, 0x8c00, 0x6, 0x939, 0x5, 0x9, 0x2, 0x6, 0x4, 0xfffffff7, 0x7fff, 0x803, 0x5, 0x2, 0xd77, 0x5, 0x2a, 0x1, 0x23], [0x8, 0x20009, 0x5, 0x9, 0x80000005, 0x12, 0x800, 0xc, 0x0, 0x2329, 0xfd8, 0x3, 0x7, 0x5, 0x0, 0x24e, 0x2, 0xfffffff7, 0x2, 0x3, 0x5, 0x0, 0x80, 0xb, 0x8001, 0x40, 0xa1, 0x4, 0xffffffff, 0x5, 0x10004, 0x1, 0xffffff00, 0x7ff, 0x6, 0x7, 0x0, 0xe, 0xffff3f15, 0xc, 0x2, 0x9, 0x7, 0x5, 0x5, 0x7, 0x800, 0x5, 0xc5, 0x3, 0x1, 0x9, 0x8, 0x3, 0xfffffff7, 0x3, 0x24c, 0x1ff, 0x2a0, 0x5, 0x6, 0x6, 0x200007, 0x8], [0x2, 0x9, 0x1a9e1bfa, 0xfffffffc, 0x8, 0x6, 0x1, 0x8001, 0x7abe, 0x5, 0x2, 0x7ffffff7, 0x8000, 0x1, 0x1, 0x5, 0x4, 0x2, 0x2b0, 0x5, 0x97f82544, 0x8, 0x0, 0x0, 0x9, 0x9, 0x4, 0x10000, 0xc92, 0xffffff3c, 0x8b2, 0x10, 0x4, 0xff, 0x140, 0x2, 0x2, 0xb, 0x4, 0x6, 0x7, 0x8007c12, 0x5, 0x1, 0x17, 0x9, 0xe, 0xf3, 0x4, 0x8, 0x1, 0xffffff00, 0x100, 0x7, 0x2, 0x0, 0x8, 0xdd, 0x1, 0x9, 0xc3, 0x20ffff, 0x2], [0x9, 0x3a8d, 0xffff9a7f, 0x200, 0x6, 0x2, 0x1, 0xfffffff3, 0xd077, 0x4, 0xfbffffff, 0x1f, 0x81, 0xa, 0x6, 0x2, 0x200, 0xfe, 0x2, 0x66608000, 0x5e82, 0x7fb, 0x6, 0x1, 0xa476, 0x5, 0x70d, 0xffff, 0xd, 0x0, 0x1, 0x1, 0x10001, 0x61, 0x10, 0x1000, 0x8, 0x10001, 0x8, 0x20000000, 0x8, 0x15, 0xb32a, 0xec000000, 0x2, 0x1904, 0x4, 0xc, 0x8, 0x7ff, 0x280, 0x5, 0xfffffffb, 0x7, 0x6e79, 0x8, 0x6, 0x9371, 0x4f89, 0x7, 0x580, 0x2d1, 0x80, 0x8]}, 0x45c)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r5, 0x0)
inotify_add_watch(r2, &(0x7f00000001c0)='./file0\x00', 0x429)
removexattr(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)=@known='system.posix_acl_default\x00')
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000180)='/dev/fuse\x00', &(0x7f0000000240)='syz0\x00', 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000040))
sendto$inet6(r0, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x3, @loopback, 0xffffffff}, 0x1c)
write$UHID_SET_REPORT_REPLY(r0, &(0x7f00000007c0)=ANY=[], 0xffe0)

115.918444ms ago: executing program 1 (id=1818):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = fsopen(&(0x7f0000000040)='9p\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x420481, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r4, 0x8010aebc, &(0x7f0000000100)={0x6, 0x892, 0x0, 0x0})
r5 = fsmount(r2, 0x0, 0x0)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r2, 0x4, &(0x7f0000000080)='dirsync\x00', &(0x7f00000000c0)='./file0\x00', r5)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
syz_emit_ethernet(0xc2, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = syz_open_dev$sndctrl(&(0x7f00000012c0), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r6, 0xc2c45512, &(0x7f0000000a00)={{0x5, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8, 0x0, 0x20000000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x3, 0x1]})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r5, 0x0, 0x0)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)

0s ago: executing program 5 (id=1819):
socket$packet(0x11, 0x3, 0x300)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000006c0), 0x2000)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000740)={0xfffffffb, 0x2, 0x1, 'queue0\x00'})
tkill(0x0, 0x7)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000000800))
r1 = creat(0x0, 0xce)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='ns\x00')
r3 = open_tree(r2, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuseblk(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0xa08024, 0x0)
r4 = getpid()
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x1)
pipe(&(0x7f00000001c0))
r5 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x88040, 0x0)
fcntl$setlease(r5, 0x400, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x300, 0xf5f9)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2, 0x4}]}, &(0x7f0000000180)=0x10)
sendmmsg$inet6(r2, &(0x7f0000000080)=[{{&(0x7f0000000000)={0xa, 0x0, 0x6, @remote}, 0x1c, 0x0, 0x0, 0x0, 0x3f}}], 0x1, 0x0)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r8, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
ioctl$BTRFS_IOC_RM_DEV(r1, 0x5000940b, &(0x7f0000000880)={{r0}, "491503290e96f35df09bd2ff44263e8df151230c361ce997e2196311134eed483ef3b8b03ad03f1fc895eb505de8bed26b2bc88b2fe887c351d77ad3bc8b52cfaaa58e858b5f7d8b22b6e99f185acb7c3a42008f69b23bf70624797c90b9be42e40638ce3c7a818ea38e06439bc62a7996a2facd393745e60d22c5b890245c72df6a566c178c50a9c8ed30659e7f47d70031313b51cad605d93417a01ffac77521a0cbc8aa4849e454a2d687db52dd7a120040d40bd92d8787531bc78e242a42d662b88d1ea2865b6abe1909d54a7f80aec0b6bbd0c938092a962e82388ef7f396054cf8e3adbd72c81515e16f2274384e86d7c60d213ea8d28c6a7c6966035792dcfec5bd53f1b75b45d38ef5f851ce4d0757a021b9651c3d9106c5583cdd4fc5d636dd2b827e24d649f9aa7ea9d9f378b73e4b3075bc9b2b9043d45c91982347fc2504eeb74d5af7f98beb7abd6885e266f662544f98013fe4bc2b1420c7b2598e4f7de32c257901de1297aefafef184f4fe73d7e9b9d9b519735063117569cbb40147a217aa019fbe9c8493350ee1268d67896293df53c515d8a1733e787049fefbe867c8979617376aea8198bb10323518faeccd207c4ebdbaf808d0893c2980421502072dca3c5f48111ba1cbd7d99869aeb91ffe0716abbf13c837c4170b3ab589e1bdb82151a84726232e578fa829a42f22b5c0c07eafc87a8209ffad105cad90a61a3c71c23a459dcf7d1c7b59dc097e6f40e19b04d236fa1498bc58e7d0969c3394dae0ca99fcf080c8c1946c75ba6eb80c6cd52853b26bc3a9a1ea55e4f13347fcd85e8efce509f098035200a0da3bf82cd5c44e91a76c85e4d5b29ae69004f847ac899d12e4015153adb8037c9a8699ccc3079364ef25e59b433de53ca538431708816ea069d03922e4e0959340312f2adbfbd81a92580fe504b887b412f2e8df1e020aafb5f0fb3ebab3b34a8d649ba3bf9dba90b4fba33fda9f176a0355756e5cc40b540056be324a20df234d7c4c47ee3aec0118d8357713aa413005803a0ac8c7f447105e93100fc4483d760754b7c3915669496720eaa4783073f14e786c9914635537a4cc608411ad5031b96ad4a1c3c5de01d3c2fabff2dd11692820f59b4c5a1ddb0b4593196a189e8b67656b9d0476f81c347f77bc5799b96d9e1c757e34ea3e35228e38e2f0702caafe5485a5aaebf9784e70f3ef962efe66978ee9e43009211f9d65d6b322b9f186b1be5d64ea1aa3d73c3e2fa2738e3a59c50917f09a518c0f6dcebf8fbbf42488d6aeffb23411b175c562d1452cddba982ee87d85d2f563050c16776ae71f7d17664181e15ee7c6dbca11c2f1144103c77091c01cc17ccc2762f5a2315f9416dedb3e2e4811dd7ea56368339b15d5e16bf093f7488df88985ac0e44593a37a9b967131a5e8eddcce8849c0c8158c24426ddcfeb4ddac9c053caffdcfbd6ae496ede1c98e8e8d11d4d3f74569dad92f06533c0979fdd230def1d748ed1998b46bf23471efcb1f71931a34309ab24a5ce276c241e8defacbe1e3f63d60764813de88f53dd36fce4b3b8b82c8de6f24d1ebc511991f667e5309748cb8c6f4972387dd5d77085e802401b3435212e9af2508eba46983d2e8416935705ffc30fe849a912d175ec19ed04f8d31670aae49fe657cfd2875e4130f6bb665e652346ccb7f5905bbd41d3649cd08af1eb2904ceaf820faeee0a7e70cbc82c1dbf7bf591db89613d55c8b0266bf10dfd38df169c394f21f246afb6b2464fde864d1431a915129a1a6ff321a78be2949113fde0ef4a9ca247321c683d92bde3c257bf34a350a8c2808f89086a7dbbf709d97b1241b19ee34d785df43cd2740c71bf777dd1e06cb27baed18cdf3be62595873813c990c7fa2e10e6f1f80878c4b452cdf4621cd57b24e8afe359f6253f2a074f38d8738c61fcedf299521b578519b09e93427ed72725ba55bb45e7035a428b7f4d5bdc609dcb72bcdf06dd4b61c84e8c47397eb7f426e39db427a04b12cfc2575dc855e7c5884faad7572326860bf9601b114ae5ac547832493ba9452b5a4efc5244334e837a3fee4af484393561a40de3f65460406d12d925214708075cc032092feaa093782def1a3c36d8c0cc8cf3d43a240ffd21a57bc068270cb1b0cb79f2eb4143fa179f42e884ad97f80cfcfb1c5e06b0de232990032f185ccea6b36c00376bc13a839d5105d592dfb1993b390f281f8ddd11958a3a72e136dc400dd44c5e3cd100a9c43cca1665e7f46aeec270bc82f8db148c9ec3bee08c15d035ab903888f9a56771c279a4acc0251c25defd824752a8f9e4d5c4b7a05bccdcb65d3184a8b197bec59878c9350478e814240a941a00a8bcc824b4f937818f6a7373321561ebdc12b3d34a7246e0aee9d727d99ab1e53ba2bf4c8f8b10dc5213f1ebad39ce9cfe3d4be01779d3f110b8c9976e8ac10826f4ff28f08b10b86e57903f0034840fa6d8ab405e3cb59f0e071fcf1a53d8fd72086547dd1e3509ef30777193ba91f3e28580e6abb7238d6a17d41146a9e1d19fb85973a684553788e33601c9cbe1155ecc2ea800cff845798e21a8fddbc0ccfe8f4b4d7770c79fdde97851d54978418023c14c3c81c1c0bc29553f7d6170d6eb709ce5e355f8fa790867cfb1ba5824400e30f4db557cc44f6d90694ee0e14b7a34f07a2df660a4caff97381faf202a9f2157d812962baccd8b53342e11f15b2d468f5177b4af5b99ff2027ed9b5c152eb8a2b91cbd72fb36e13867d54eebdc0fc4c2972c4098860ab6380f004d2712e12995589eaae395f502b2852e2c10f5c2b8920626fe7d2d349b3717f24aeb5fd499b0df2eced77180bde3d7787eeb78358a765f68ff88c86fd05f7d98703b9d85c1b33d9f0145bb15e8919282de9f3d485ab7c92254fc4fe7b813265679f8654bdfa6a4672abe8a982cf119f71e2c218371a653ca48d7ffa139c02bd8e87c53452c7f668aad49876b6add4d8bf9587663259f81b4638d727088a3472abea56bee8bb2856a91ecf0067503832eb76b3648699e3423f4b24b6a03d990a0baa21bce1785f54fbfd6113d0538a7603f3cfe3c35ab914bf3cc08eddb609f926ae2f104f1825967dd9ca4c588c291e46f933829bb576578fd4a88cc6b8cc8a05e48914481863b3bd900bda22f943591479fd00cc6fe59103f06b071ac60e30ad6dea8b387510bcf5c03f51548c042ac0d4a931b9cbd64d9665066dcf43016edd969c88ae95ec0d2aedf37b146f8381849557740440e42c8afdd97ce06d43fcb517a9d7b933bce43f5460d07b14f81b018821e594b07972f78e32ce1286bf14e7c2dd2fa2eb204907fe8e607c109da7eb0e5ee5cab735d85bfb639b8e3dc71071ded3bfbe30c4a38d8f1f88a4499e9f00c90452447fe5809bfc874d43d76cc4e0fcdca0376129f031b392bd98babd66c6187a0ab1a65fd66165eb4fbb6560df0d980bd22fd81e7120cb38832421add010241ce61a1d766ae60d716ac2c57734b3d94d3465aaf32bbf4c199f65cd4dba981a9c2c634fbb4329b7dcabc3967b4e4b2723ff1639f10ef3cebd33bc4e08ef5fb320bee42d9c9bf7fb79cf53670adde0822794cbd56d9214b628647145c0664d9b6798c4d818b006a34eaede956f8863f5c37a0d59dacecac44d29a808c026bdc463c560e9a61cdc1227aa93fc942cc9b7756b8092b366606ea64eac500e36f39f5635d708d1a04184857b6663ea14aba4d6ab00fe9125eca7acb2149755e4fa65b3596b2ad2f9f3528d9b09d6af063e972db24cbeb6683c74a61a1c6576eea7a30503baacadce7db1bdb6599b683bee8b5cdcc2b80efaaaf9eca1ed903e207494fe4e2c17f364ba07f2410d589459ca76e3059132642f79a51de8bb0b0852ab773dc3de58fd3276e3f2c9ccfed75964b9d78da4c2a4b7308adbbd0f5e0c8f420b0ae749cf5ea04bb44d8ae9c6472f9d8ed37fc709c41a65c237d24b7c7541d71414c34a323ced76cd42ef1d4ddfc64ac6afafa1388bd650028d61a821ee73f250f69fe9e2fadebf35cb67efa6497d94984f9c3a7196abdd0b637c36981754f172f92f2756e049cb66cc7581adbeebdd902804dbb3060c8e34ff99eaf9f56eba0318eafbe51b2c13b6249d2f68841b0c944d6c9d181f124e5422f8b001f1b08e508cb272b621adf67f42b8a0cb7a5ea184d2b7fedaf5a5cd0c1229c6e743534a4d71179408806af61e956adfa4a0bfff4844ac7ef0bb80f3d980a68aabf7a512cec9277586c3001c00f251b027cfe95f88177534f8492ef609918b748a659d61dec49923f499162d2bca8722602d1a175ddd2acf58408f7b844771bc97966753ba64ed8d4d74aa17d72d0a97c2a1391b14587a7e4d6dfc29805ca8bc6b0877e0e6f302ff6c7ba59e2cbe5108237029ab16401cd9daf1eead7c6987a5f895a920b54723c9d70d9e9756dab6e3416607e72917b50484f9050fe3db4dbb52040c773528ecdce4730cbfcce3ce2f4a7259648d7d2644c6b3e5e060dfdca5ff8f41df6069be463334fb24660eb6e5543ecb7803bc0d55361c921c9cbdef18bf027dfe07baa9b0d07b372a4277889da10bef0820e87216253e6d02a2d0aa023599ab25b2a1bfd741eabed371749a8d29a2263c308105e63bef0f84b21b0ec72716779c548bc211d2c6b6e0b3bffb26ecc65428bebb874122ff441009cdb817609091af159c0942b2cd0a977dc554ca40e150de46b0062ff16cee5f25cfe815a0155ca058e836c37b8fd4d02c5a29a783b46d21b86497c59423bc3069e9bdaf04a2b234a60d99ec288b3da2fb07534dfd283327f4251e3d8de17350df29263358933d1bfbfc51e741726fc242c2e88b9b185ed326d4da1558bac31f3d3e8bf01dbe64ba5b1d67193fa5731babc8cf72ef6d13da2f0ca43fecef020687e2454f0ca9304e6132e354457fd7f8d9024f9cd79ad01e160c866cc6dd097c19dc6272931fb5f2110bd46731514223373ff0129640964f632f3ec7e6543912f66a34ac7eea3076b8f303cc07e9d57ec77acbda3175c7fc7f1c7aad177883b2f2ed86e26a40009199d64f9fd19df552a574ad5cc8108fe9e3b20b0a0e33b0e418244ff0c1e6042f977e259cf30188ef4187700fd59964d4b7de1d3f0c9a75de71b7cea40d21164bf651889c6eaa40e80af11c2ddc1eca1011d0ccf22cb806c1fa6cb3ead4548bed9ce1b25ba227f94a7de9c0e8d481be5174667a9f454dabf02eeb8f4384030935c639c446910e48ffdd9e36af7037698afa67f7320b2e42ef85237eb818889dd91152c67b4d7b8658d14ec586b5048059561637785d4a8fcbc416cd9190d4120546f2d97adfd38cd65fe80bace4ec74437f4750ab1b1731b2f303d5ff91d82ff6a9216571fce188af21bd4f88db4a523432b65839d899f6723cb6937aecbf63cfa728cd4b284e92c63a8b7b27ee5948218a1bec74ce3ea098235f76d2f66336428ba3895cf4bd072258b2a179a2e82244a0ad54617bf2863b0a504ea7165d25c95089ffeff5c38b399e7cdebb6a6149d4f77d92bb9ba2ba4ab5b3187cbe6dcdefac2b238fbf374f84874f3704dc3522c29da311b3c890872f1a65ff610e21220739bb39e61f1a1dc84a48931307f134c1aa6dff686a5d3eb2d98b3d3b52227c1f9894542fcd48c13df6d8616be04bb081fe3f80446cb0cc557207722e29e2208c55a80d88eacd1cd29ebca258b9ffb738ea1118322592e2ca04dbd8196b59a6df60d65080408e32e"})
sched_getparam(r4, &(0x7f0000000240))
sendto$inet6(r8, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)

kernel console output (not intermixed with test programs):

 549.393100][T12076]  netlink_ack+0x146/0xa50
[  549.393133][T12076]  ? __pfx_genl_rcv_msg+0x10/0x10
[  549.393156][T12076]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  549.393186][T12076]  ? __pfx_nl80211_post_doit+0x10/0x10
[  549.393216][T12076]  ? __asan_memcpy+0x40/0x70
[  549.393236][T12076]  ? __pfx_ref_tracker_free+0x10/0x10
[  549.393260][T12076]  netlink_rcv_skb+0x28c/0x470
[  549.393281][T12076]  ? __lock_acquire+0xab9/0xd20
[  549.393305][T12076]  ? __pfx_genl_rcv_msg+0x10/0x10
[  549.393332][T12076]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  549.393381][T12076]  ? down_read+0x1ad/0x2e0
[  549.393405][T12076]  genl_rcv+0x28/0x40
[  549.393419][T12076]  netlink_unicast+0x82f/0x9e0
[  549.393445][T12076]  ? __pfx_netlink_unicast+0x10/0x10
[  549.393476][T12076]  ? netlink_sendmsg+0x642/0xb30
[  549.393505][T12076]  ? skb_put+0x11b/0x210
[  549.393538][T12076]  netlink_sendmsg+0x805/0xb30
[  549.393571][T12076]  ? __pfx_netlink_sendmsg+0x10/0x10
[  549.393619][T12076]  ? __import_iovec+0x5d4/0x7f0
[  549.393647][T12076]  ? aa_sock_msg_perm+0xf1/0x1d0
[  549.393674][T12076]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  549.393701][T12076]  ? __pfx_netlink_sendmsg+0x10/0x10
[  549.393741][T12076]  __sock_sendmsg+0x21c/0x270
[  549.393763][T12076]  ____sys_sendmsg+0x505/0x830
[  549.393828][T12076]  ? __pfx_____sys_sendmsg+0x10/0x10
[  549.393880][T12076]  ___sys_sendmsg+0x21f/0x2a0
[  549.393898][T12076]  ? __pfx____sys_sendmsg+0x10/0x10
[  549.393966][T12076]  ? __fget_files+0x2a/0x420
[  549.394010][T12076]  ? __fget_files+0x3a0/0x420
[  549.394042][T12076]  __sys_sendmsg+0x164/0x220
[  549.394059][T12076]  ? __pfx___sys_sendmsg+0x10/0x10
[  549.394106][T12076]  ? __pfx_ksys_write+0x10/0x10
[  549.394135][T12076]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  549.394160][T12076]  ? lockdep_hardirqs_on+0x9c/0x150
[  549.394185][T12076]  __do_fast_syscall_32+0xb6/0x2b0
[  549.394203][T12076]  ? lockdep_hardirqs_on+0x9c/0x150
[  549.394221][T12076]  do_fast_syscall_32+0x34/0x80
[  549.394242][T12076]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  549.394272][T12076] RIP: 0023:0xf7fe7539
[  549.394291][T12076] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  549.394310][T12076] RSP: 002b:00000000f54d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  549.394335][T12076] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340
[  549.394346][T12076] RDX: 0000000024004050 RSI: 0000000000000000 RDI: 0000000000000000
[  549.394355][T12076] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  549.394364][T12076] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  549.394374][T12076] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  549.394403][T12076]  </TASK>
[  549.739872][    C0] vkms_vblank_simulate: vblank timer overrun
[  549.793208][T12072] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  549.821226][ T5913] usb 6-1: new high-speed USB device number 60 using dummy_hcd
[  549.864529][ T5907] port100 2-1:8.203: NFC: Could not find bulk-in or bulk-out endpoint
[  549.926304][T12081] FAULT_INJECTION: forcing a failure.
[  549.926304][T12081] name failslab, interval 1, probability 0, space 0, times 0
[  549.929193][ T5907] usb 2-1: USB disconnect, device number 62
[  549.940358][T12081] CPU: 0 UID: 0 PID: 12081 Comm: syz.1.1568 Not tainted syzkaller #0 PREEMPT(full) 
[  549.940391][T12081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  549.940407][T12081] Call Trace:
[  549.940417][T12081]  <TASK>
[  549.940427][T12081]  dump_stack_lvl+0x189/0x250
[  549.940460][T12081]  ? __pfx____ratelimit+0x10/0x10
[  549.940503][T12081]  ? __pfx_dump_stack_lvl+0x10/0x10
[  549.940529][T12081]  ? __pfx__printk+0x10/0x10
[  549.940562][T12081]  ? __pfx___might_resched+0x10/0x10
[  549.940597][T12081]  ? fs_reclaim_acquire+0x7d/0x100
[  549.940633][T12081]  should_fail_ex+0x414/0x560
[  549.940678][T12081]  should_failslab+0xa8/0x100
[  549.940712][T12081]  __kvmalloc_node_noprof+0x158/0x910
[  549.940742][T12081]  ? alloc_netdev_mqs+0xa6/0x11b0
[  549.940778][T12081]  alloc_netdev_mqs+0xa6/0x11b0
[  549.940812][T12081]  ? __pfx_vlan_setup+0x10/0x10
[  549.940848][T12081]  rtnl_create_link+0x31f/0xd10
[  549.940886][T12081]  rtnl_newlink_create+0x25c/0xb00
[  549.940929][T12081]  ? __lock_acquire+0xab9/0xd20
[  549.940967][T12081]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  549.941011][T12081]  ? __pfx___mutex_lock+0x10/0x10
[  549.941050][T12081]  ? ns_capable+0x8a/0xf0
[  549.941091][T12081]  rtnl_newlink+0x16e4/0x1c80
[  549.941126][T12081]  ? netlink_deliver_tap+0x19c/0x1b0
[  549.941176][T12081]  ? __pfx_rtnl_newlink+0x10/0x10
[  549.941239][T12081]  ? kasan_quarantine_put+0xdd/0x220
[  549.941266][T12081]  ? lockdep_hardirqs_on+0x9c/0x150
[  549.941296][T12081]  ? nlmon_xmit+0xb0/0x100
[  549.941325][T12081]  ? kmem_cache_free+0x19b/0x690
[  549.941365][T12081]  ? __local_bh_enable_ip+0x12d/0x1c0
[  549.941398][T12081]  ? lockdep_hardirqs_on+0x9c/0x150
[  549.941423][T12081]  ? __local_bh_enable_ip+0x12d/0x1c0
[  549.941456][T12081]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  549.941497][T12081]  ? __dev_queue_xmit+0x27b/0x3b50
[  549.941523][T12081]  ? __dev_queue_xmit+0x27b/0x3b50
[  549.941545][T12081]  ? __dev_queue_xmit+0x27b/0x3b50
[  549.941572][T12081]  ? __dev_queue_xmit+0x1d79/0x3b50
[  549.941596][T12081]  ? kasan_save_track+0x3e/0x80
[  549.941621][T12081]  ? __kasan_slab_alloc+0x6c/0x80
[  549.941655][T12081]  ? __lock_acquire+0xab9/0xd20
[  549.941716][T12081]  ? __pfx_rtnl_newlink+0x10/0x10
[  549.941748][T12081]  rtnetlink_rcv_msg+0x7cf/0xb70
[  549.941792][T12081]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  549.941826][T12081]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  549.941858][T12081]  ? ref_tracker_free+0x63a/0x7d0
[  549.941883][T12081]  ? __asan_memcpy+0x40/0x70
[  549.941907][T12081]  ? __pfx_ref_tracker_free+0x10/0x10
[  549.941930][T12081]  ? __skb_clone+0x63/0x7a0
[  549.941964][T12081]  netlink_rcv_skb+0x208/0x470
[  549.941999][T12081]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  549.942036][T12081]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  549.942083][T12081]  ? netlink_deliver_tap+0x2e/0x1b0
[  549.942129][T12081]  netlink_unicast+0x82f/0x9e0
[  549.942170][T12081]  ? __pfx_netlink_unicast+0x10/0x10
[  549.942205][T12081]  ? netlink_sendmsg+0x642/0xb30
[  549.942238][T12081]  ? skb_put+0x11b/0x210
[  549.942279][T12081]  netlink_sendmsg+0x805/0xb30
[  549.942325][T12081]  ? __pfx_netlink_sendmsg+0x10/0x10
[  549.942365][T12081]  ? __import_iovec+0x5d4/0x7f0
[  549.942397][T12081]  ? aa_sock_msg_perm+0xf1/0x1d0
[  549.942428][T12081]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  549.942460][T12081]  ? __pfx_netlink_sendmsg+0x10/0x10
[  549.942499][T12081]  __sock_sendmsg+0x21c/0x270
[  549.942533][T12081]  ____sys_sendmsg+0x505/0x830
[  549.942578][T12081]  ? __pfx_____sys_sendmsg+0x10/0x10
[  549.942638][T12081]  ___sys_sendmsg+0x21f/0x2a0
[  549.942663][T12081]  ? __pfx____sys_sendmsg+0x10/0x10
[  549.942730][T12081]  ? __fget_files+0x2a/0x420
[  549.942762][T12081]  ? __fget_files+0x3a0/0x420
[  549.942811][T12081]  __sys_sendmsg+0x164/0x220
[  549.942838][T12081]  ? __pfx___sys_sendmsg+0x10/0x10
[  549.942888][T12081]  ? __pfx_ksys_write+0x10/0x10
[  549.942918][T12081]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  549.942951][T12081]  ? lockdep_hardirqs_on+0x9c/0x150
[  549.942981][T12081]  __do_fast_syscall_32+0xb6/0x2b0
[  549.943009][T12081]  ? lockdep_hardirqs_on+0x9c/0x150
[  549.943041][T12081]  do_fast_syscall_32+0x34/0x80
[  549.943068][T12081]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  549.943098][T12081] RIP: 0023:0xf7fc3539
[  549.943121][T12081] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  549.943142][T12081] RSP: 002b:00000000f54b655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  549.943169][T12081] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000080000280
[  549.943186][T12081] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  549.943201][T12081] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  549.943216][T12081] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  549.943229][T12081] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  549.943266][T12081]  </TASK>
[  550.156361][   T30] kauditd_printk_skb: 23 callbacks suppressed
[  550.156385][   T30] audit: type=1800 audit(1760514609.041:778): pid=12085 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1570" name="file1" dev="tmpfs" ino=1563 res=0 errno=0
[  550.191109][   T44] usb 5-1: USB disconnect, device number 52
[  550.199746][   T30] audit: type=1800 audit(1760514609.051:779): pid=12085 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1570" name="file1" dev="tmpfs" ino=1563 res=0 errno=0
[  550.231128][ T5913] usb 6-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  550.526111][T12092] input: syz1 as /devices/virtual/input/input73
[  550.551020][ T5913] usb 6-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[  550.563608][ T5913] usb 6-1: config 0 interface 0 has no altsetting 0
[  550.570280][ T5913] usb 6-1: New USB device found, idVendor=0596, idProduct=0506, bcdDevice= 0.00
[  550.579495][ T5913] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  550.615399][ T5913] usb 6-1: config 0 descriptor??
[  550.799703][T12092] netlink: 'syz.6.1571': attribute type 1 has an invalid length.
[  550.890917][ T5906] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[  551.003388][T12074] bond5: option arp_interval: invalid value (18446744073709551615)
[  551.063106][T12074] bond5: option arp_interval: allowed values 0 - 2147483647
[  551.070770][ T5906] usb 1-1: Using ep0 maxpacket: 16
[  551.079006][ T5906] usb 1-1: config 252 has too many interfaces: 129, using maximum allowed: 32
[  551.088932][ T5906] usb 1-1: config 252 has 1 interface, different from the descriptor's value: 129
[  551.098511][ T5906] usb 1-1: config 252 has no interface number 0
[  551.117210][ T5906] usb 1-1: config 252 interface 15 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  551.172952][T12074] bond5 (unregistering): Released all slaves
[  551.245178][T12105] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1565'.
[  551.246337][ T5906] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=2b.29
[  551.266351][ T5906] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  551.280883][ T5906] usb 1-1: Product: syz
[  551.285180][ T5906] usb 1-1: Manufacturer: syz
[  551.289838][ T5906] usb 1-1: SerialNumber: syz
[  551.372494][ T5906] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  551.796552][T12116] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  551.905384][T12116] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  552.214534][T12124] FAULT_INJECTION: forcing a failure.
[  552.214534][T12124] name failslab, interval 1, probability 0, space 0, times 0
[  552.234691][T12124] CPU: 1 UID: 0 PID: 12124 Comm: syz.1.1576 Not tainted syzkaller #0 PREEMPT(full) 
[  552.234718][T12124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  552.234728][T12124] Call Trace:
[  552.234735][T12124]  <TASK>
[  552.234743][T12124]  dump_stack_lvl+0x189/0x250
[  552.234774][T12124]  ? __pfx____ratelimit+0x10/0x10
[  552.234810][T12124]  ? __pfx_dump_stack_lvl+0x10/0x10
[  552.234831][T12124]  ? __pfx__printk+0x10/0x10
[  552.234860][T12124]  ? __pfx___might_resched+0x10/0x10
[  552.234882][T12124]  ? fs_reclaim_acquire+0x7d/0x100
[  552.234906][T12124]  should_fail_ex+0x414/0x560
[  552.234945][T12124]  should_failslab+0xa8/0x100
[  552.234975][T12124]  kmem_cache_alloc_node_noprof+0x77/0x710
[  552.234998][T12124]  ? __alloc_skb+0x112/0x2d0
[  552.235025][T12124]  ? netlink_autobind+0xdb/0x300
[  552.235051][T12124]  __alloc_skb+0x112/0x2d0
[  552.235078][T12124]  netlink_sendmsg+0x5c6/0xb30
[  552.235121][T12124]  ? __pfx_netlink_sendmsg+0x10/0x10
[  552.235153][T12124]  ? __import_iovec+0x5d4/0x7f0
[  552.235178][T12124]  ? aa_sock_msg_perm+0xf1/0x1d0
[  552.235197][T12124]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  552.235217][T12124]  ? __pfx_netlink_sendmsg+0x10/0x10
[  552.235250][T12124]  __sock_sendmsg+0x21c/0x270
[  552.235280][T12124]  ____sys_sendmsg+0x505/0x830
[  552.235318][T12124]  ? __pfx_____sys_sendmsg+0x10/0x10
[  552.235356][T12124]  ___sys_sendmsg+0x21f/0x2a0
[  552.235371][T12124]  ? __pfx____sys_sendmsg+0x10/0x10
[  552.235428][T12124]  ? __fget_files+0x2a/0x420
[  552.235453][T12124]  ? __fget_files+0x3a0/0x420
[  552.235487][T12124]  __sys_sendmsg+0x164/0x220
[  552.235503][T12124]  ? __pfx___sys_sendmsg+0x10/0x10
[  552.235533][T12124]  ? __pfx_ksys_write+0x10/0x10
[  552.235562][T12124]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  552.235586][T12124]  ? lockdep_hardirqs_on+0x9c/0x150
[  552.235610][T12124]  __do_fast_syscall_32+0xb6/0x2b0
[  552.235637][T12124]  ? lockdep_hardirqs_on+0x9c/0x150
[  552.235674][T12124]  do_fast_syscall_32+0x34/0x80
[  552.235700][T12124]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  552.235726][T12124] RIP: 0023:0xf7fc3539
[  552.235745][T12124] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  552.235763][T12124] RSP: 002b:00000000f54b655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  552.235786][T12124] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[  552.235801][T12124] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  552.235813][T12124] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  552.235826][T12124] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  552.235839][T12124] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  552.235879][T12124]  </TASK>
[  552.571981][   T37] usb 1-1: Failed to submit usb control message: -110
[  552.586885][   T37] usb 1-1: unable to send the bmi data to the device: -110
[  552.854157][   T37] usb 1-1: unable to get target info from device
[  552.861134][   T37] usb 1-1: could not get target info (-110)
[  552.867662][   T37] usb 1-1: could not probe fw (-110)
[  553.139079][T12130] FAULT_INJECTION: forcing a failure.
[  553.139079][T12130] name failslab, interval 1, probability 0, space 0, times 0
[  553.177128][ T5913] usbhid 6-1:0.0: can't add hid device: -71
[  553.188719][ T5913] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  553.259226][ T5913] usb 6-1: USB disconnect, device number 60
[  553.340116][T12130] CPU: 0 UID: 0 PID: 12130 Comm: syz.1.1579 Not tainted syzkaller #0 PREEMPT(full) 
[  553.340147][T12130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  553.340164][T12130] Call Trace:
[  553.340173][T12130]  <TASK>
[  553.340185][T12130]  dump_stack_lvl+0x189/0x250
[  553.340207][T12130]  ? __pfx____ratelimit+0x10/0x10
[  553.340232][T12130]  ? __pfx_dump_stack_lvl+0x10/0x10
[  553.340248][T12130]  ? __pfx__printk+0x10/0x10
[  553.340281][T12130]  ? __pfx___might_resched+0x10/0x10
[  553.340306][T12130]  should_fail_ex+0x414/0x560
[  553.340333][T12130]  should_failslab+0xa8/0x100
[  553.340354][T12130]  kmem_cache_alloc_node_noprof+0x77/0x710
[  553.340371][T12130]  ? __alloc_skb+0x112/0x2d0
[  553.340397][T12130]  __alloc_skb+0x112/0x2d0
[  553.340420][T12130]  netlink_ack+0x146/0xa50
[  553.340440][T12130]  ? __pfx_genl_rcv_msg+0x10/0x10
[  553.340455][T12130]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  553.340484][T12130]  ? __pfx_nl80211_post_doit+0x10/0x10
[  553.340515][T12130]  ? __asan_memcpy+0x40/0x70
[  553.340534][T12130]  ? __pfx_ref_tracker_free+0x10/0x10
[  553.340565][T12130]  netlink_rcv_skb+0x28c/0x470
[  553.340611][T12130]  ? __lock_acquire+0xab9/0xd20
[  553.340639][T12130]  ? __pfx_genl_rcv_msg+0x10/0x10
[  553.340665][T12130]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  553.340769][T12130]  ? down_read+0x1ad/0x2e0
[  553.340799][T12130]  genl_rcv+0x28/0x40
[  553.340821][T12130]  netlink_unicast+0x82f/0x9e0
[  553.340858][T12130]  ? __pfx_netlink_unicast+0x10/0x10
[  553.340895][T12130]  ? netlink_sendmsg+0x642/0xb30
[  553.340937][T12130]  ? skb_put+0x11b/0x210
[  553.340972][T12130]  netlink_sendmsg+0x805/0xb30
[  553.341013][T12130]  ? __pfx_netlink_sendmsg+0x10/0x10
[  553.341048][T12130]  ? __import_iovec+0x5d4/0x7f0
[  553.341075][T12130]  ? aa_sock_msg_perm+0xf1/0x1d0
[  553.341102][T12130]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  553.341138][T12130]  ? __pfx_netlink_sendmsg+0x10/0x10
[  553.341171][T12130]  __sock_sendmsg+0x21c/0x270
[  553.341199][T12130]  ____sys_sendmsg+0x505/0x830
[  553.341238][T12130]  ? __pfx_____sys_sendmsg+0x10/0x10
[  553.341290][T12130]  ___sys_sendmsg+0x21f/0x2a0
[  553.341308][T12130]  ? __pfx____sys_sendmsg+0x10/0x10
[  553.341349][T12130]  ? __fget_files+0x2a/0x420
[  553.341368][T12130]  ? __fget_files+0x3a0/0x420
[  553.341393][T12130]  __sys_sendmsg+0x164/0x220
[  553.341409][T12130]  ? __pfx___sys_sendmsg+0x10/0x10
[  553.341456][T12130]  ? __pfx_ksys_write+0x10/0x10
[  553.341475][T12130]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  553.341494][T12130]  ? lockdep_hardirqs_on+0x9c/0x150
[  553.341513][T12130]  __do_fast_syscall_32+0xb6/0x2b0
[  553.341540][T12130]  ? lockdep_hardirqs_on+0x9c/0x150
[  553.341568][T12130]  do_fast_syscall_32+0x34/0x80
[  553.341589][T12130]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  553.341608][T12130] RIP: 0023:0xf7fc3539
[  553.341622][T12130] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  553.341636][T12130] RSP: 002b:00000000f54b655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  553.341653][T12130] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340
[  553.341663][T12130] RDX: 0000000024004050 RSI: 0000000000000000 RDI: 0000000000000000
[  553.341673][T12130] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  553.341682][T12130] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  553.341691][T12130] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  553.341713][T12130]  </TASK>
[  553.680761][    C0] vkms_vblank_simulate: vblank timer overrun
[  554.072220][T12144] netlink: 'syz.1.1583': attribute type 2 has an invalid length.
[  554.194226][ T5885] usb 1-1: USB disconnect, device number 80
[  554.412590][    T9] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  554.581308][    T9] usb 5-1: Using ep0 maxpacket: 32
[  554.596298][    T9] usb 5-1: config 0 has an invalid interface number: 188 but max is 0
[  554.604930][    T9] usb 5-1: config 0 has no interface number 0
[  554.611413][    T9] usb 5-1: config 0 interface 188 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  554.622953][    T9] usb 5-1: config 0 interface 188 altsetting 0 has an endpoint descriptor with address 0xBD, changing to 0x8D
[  554.637978][    T9] usb 5-1: config 0 interface 188 altsetting 0 endpoint 0x8D has an invalid bInterval 129, changing to 11
[  554.649692][    T9] usb 5-1: config 0 interface 188 altsetting 0 endpoint 0x8D has invalid maxpacket 10062, setting to 1024
[  554.720015][    T9] usb 5-1: config 0 interface 188 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  554.749960][    T9] usb 5-1: New USB device found, idVendor=2c7c, idProduct=6002, bcdDevice=42.9b
[  554.759632][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  554.790103][    T9] usb 5-1: Product: syz
[  554.795258][    T9] usb 5-1: Manufacturer: syz
[  554.800238][    T9] usb 5-1: SerialNumber: syz
[  554.830953][    T9] usb 5-1: config 0 descriptor??
[  554.841385][T12147] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  554.851424][    T9] option 5-1:0.188: GSM modem (1-port) converter detected
[  554.987191][T12164] input: syz1 as /devices/virtual/input/input74
[  555.049601][T12147] syzkaller1: entered promiscuous mode
[  555.100671][T12147] syzkaller1: entered allmulticast mode
[  555.180433][T12172] FAULT_INJECTION: forcing a failure.
[  555.180433][T12172] name failslab, interval 1, probability 0, space 0, times 0
[  555.193401][T12172] CPU: 1 UID: 0 PID: 12172 Comm: syz.1.1589 Not tainted syzkaller #0 PREEMPT(full) 
[  555.193430][T12172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  555.193444][T12172] Call Trace:
[  555.193455][T12172]  <TASK>
[  555.193465][T12172]  dump_stack_lvl+0x189/0x250
[  555.193495][T12172]  ? __pfx____ratelimit+0x10/0x10
[  555.193530][T12172]  ? __pfx_dump_stack_lvl+0x10/0x10
[  555.193554][T12172]  ? __pfx__printk+0x10/0x10
[  555.193584][T12172]  ? __pfx___might_resched+0x10/0x10
[  555.193614][T12172]  ? fs_reclaim_acquire+0x7d/0x100
[  555.193647][T12172]  should_fail_ex+0x414/0x560
[  555.193689][T12172]  should_failslab+0xa8/0x100
[  555.193721][T12172]  __kmalloc_noprof+0xcb/0x7f0
[  555.193745][T12172]  ? alloc_pipe_info+0x1fd/0x4d0
[  555.193779][T12172]  alloc_pipe_info+0x1fd/0x4d0
[  555.193808][T12172]  splice_direct_to_actor+0xa5d/0xcc0
[  555.193855][T12172]  ? __pfx_aa_file_perm+0x10/0x10
[  555.193882][T12172]  ? __lock_acquire+0xab9/0xd20
[  555.193912][T12172]  ? __pfx_direct_splice_actor+0x10/0x10
[  555.193939][T12172]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  555.193979][T12172]  do_splice_direct+0x181/0x270
[  555.194010][T12172]  ? __pfx_do_splice_direct+0x10/0x10
[  555.194036][T12172]  ? common_file_perm+0x1b5/0x230
[  555.194061][T12172]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  555.194094][T12172]  ? bpf_lsm_file_permission+0x9/0x20
[  555.194125][T12172]  ? security_file_permission+0x75/0x290
[  555.194159][T12172]  ? rw_verify_area+0x255/0x4d0
[  555.194188][T12172]  do_sendfile+0x4da/0x7e0
[  555.194229][T12172]  ? __pfx_do_sendfile+0x10/0x10
[  555.194260][T12172]  ? __pfx_ksys_write+0x10/0x10
[  555.194289][T12172]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  555.194323][T12172]  ? __ia32_compat_sys_sendfile+0x180/0x1d0
[  555.194353][T12172]  ? lockdep_hardirqs_on+0x9c/0x150
[  555.194380][T12172]  __do_fast_syscall_32+0xb6/0x2b0
[  555.194406][T12172]  ? lockdep_hardirqs_on+0x9c/0x150
[  555.194434][T12172]  do_fast_syscall_32+0x34/0x80
[  555.194460][T12172]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  555.194488][T12172] RIP: 0023:0xf7fc3539
[  555.194508][T12172] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  555.194529][T12172] RSP: 002b:00000000f547455c EFLAGS: 00000206 ORIG_RAX: 00000000000000bb
[  555.194554][T12172] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000000007
[  555.194570][T12172] RDX: 0000000000000000 RSI: 00000000558410e9 RDI: 0000000000000000
[  555.194584][T12172] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  555.194598][T12172] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  555.194613][T12172] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  555.194646][T12172]  </TASK>
[  555.501089][T12171] netlink: 'syz.5.1587': attribute type 1 has an invalid length.
[  555.517925][ T5913] usb 5-1: USB disconnect, device number 53
[  555.526048][ T5913] option 5-1:0.188: device disconnected
[  555.851962][T12171] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR
[  556.931033][    T9] usb 7-1: new high-speed USB device number 39 using dummy_hcd
[  557.111403][ T5885] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[  557.125870][    T9] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  557.135713][    T9] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  557.146217][    T9] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  557.155518][    T9] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  557.167371][    T9] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  557.200984][    T9] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  557.212485][    T9] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  557.224090][    T9] usb 7-1: Product: syz
[  557.228413][    T9] usb 7-1: Manufacturer: syz
[  557.242157][    T9] cdc_wdm 7-1:1.0: skipping garbage
[  557.254507][    T9] cdc_wdm 7-1:1.0: skipping garbage
[  557.265224][    T9] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  557.273025][    T9] cdc_wdm 7-1:1.0: Unknown control protocol
[  557.279569][ T5885] usb 2-1: too many configurations: 9, using maximum allowed: 8
[  557.290266][ T5885] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  557.300966][ T5885] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  557.324868][ T5885] usb 2-1: config 0 interface 0 has no altsetting 0
[  557.341473][ T5885] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  557.351726][ T5885] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  557.372621][ T5885] usb 2-1: config 0 interface 0 has no altsetting 0
[  557.384600][ T5885] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  557.394235][ T5885] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  557.408560][ T5885] usb 2-1: config 0 interface 0 has no altsetting 0
[  557.417490][ T5885] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  557.427425][ T5885] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  557.452928][ T5885] usb 2-1: config 0 interface 0 has no altsetting 0
[  557.482155][ T5885] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  557.491541][ T5885] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  557.515854][ T5885] usb 2-1: config 0 interface 0 has no altsetting 0
[  557.540355][ T5885] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  557.549652][ T5885] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  557.561313][ T5885] usb 2-1: config 0 interface 0 has no altsetting 0
[  557.569900][ T5885] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  557.579159][ T5885] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  557.590321][ T5885] usb 2-1: config 0 interface 0 has no altsetting 0
[  557.605257][ T5885] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  557.614650][ T5885] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  557.630795][ T5885] usb 2-1: config 0 interface 0 has no altsetting 0
[  557.651048][ T5885] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  557.660392][ T5885] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  557.677144][ T5885] usb 2-1: Product: syz
[  557.690707][ T5885] usb 2-1: Manufacturer: syz
[  557.698593][ T5885] usb 2-1: SerialNumber: syz
[  557.728587][ T5885] usb 2-1: config 0 descriptor??
[  557.764677][ T5885] yurex 2-1:0.0: USB YUREX device now attached to Yurex #1
[  557.884366][T12197] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  557.922255][T12197] syzkaller0: entered promiscuous mode
[  557.930542][T12197] syzkaller0: entered allmulticast mode
[  557.982459][ T5885] usb 2-1: USB disconnect, device number 63
[  557.999136][T12197] tipc: Resetting bearer <eth:syzkaller0>
[  558.008165][ T5885] yurex 2-1:0.0: USB YUREX #1 now disconnected
[  558.043018][T12196] tipc: Resetting bearer <eth:syzkaller0>
[  558.102937][T12196] tipc: Disabling bearer <eth:syzkaller0>
[  558.677668][T12205] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  558.685614][T12205] syzkaller0: entered promiscuous mode
[  558.696547][T12205] syzkaller0: entered allmulticast mode
[  558.751694][T12205] FAULT_INJECTION: forcing a failure.
[  558.751694][T12205] name failslab, interval 1, probability 0, space 0, times 0
[  558.807245][T12205] CPU: 0 UID: 0 PID: 12205 Comm: syz.5.1599 Not tainted syzkaller #0 PREEMPT(full) 
[  558.807267][T12205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  558.807280][T12205] Call Trace:
[  558.807287][T12205]  <TASK>
[  558.807294][T12205]  dump_stack_lvl+0x189/0x250
[  558.807316][T12205]  ? __pfx____ratelimit+0x10/0x10
[  558.807341][T12205]  ? __pfx_dump_stack_lvl+0x10/0x10
[  558.807357][T12205]  ? __pfx__printk+0x10/0x10
[  558.807378][T12205]  ? __pfx___might_resched+0x10/0x10
[  558.807403][T12205]  should_fail_ex+0x414/0x560
[  558.807431][T12205]  should_failslab+0xa8/0x100
[  558.807453][T12205]  __kmalloc_noprof+0xcb/0x7f0
[  558.807468][T12205]  ? kfree+0x4d/0x6d0
[  558.807480][T12205]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  558.807503][T12205]  tomoyo_realpath_from_path+0xe3/0x5d0
[  558.807522][T12205]  ? tomoyo_domain+0xd9/0x130
[  558.807544][T12205]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  558.807568][T12205]  tomoyo_path_number_perm+0x1e8/0x5a0
[  558.807594][T12205]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  558.807630][T12205]  ? __lock_acquire+0xab9/0xd20
[  558.807665][T12205]  ? __fget_files+0x2a/0x420
[  558.807688][T12205]  ? __fget_files+0x3a0/0x420
[  558.807706][T12205]  ? __fget_files+0x2a/0x420
[  558.807728][T12205]  security_file_ioctl_compat+0xcb/0x2d0
[  558.807754][T12205]  __ia32_compat_sys_ioctl+0x128/0x840
[  558.807774][T12205]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  558.807790][T12205]  ? __fget_files+0x3a0/0x420
[  558.807814][T12205]  ? fput+0xa0/0xd0
[  558.807836][T12205]  ? ksys_write+0x22a/0x250
[  558.807854][T12205]  ? __pfx_ksys_write+0x10/0x10
[  558.807872][T12205]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  558.807890][T12205]  ? lockdep_hardirqs_on+0x9c/0x150
[  558.807907][T12205]  __do_fast_syscall_32+0xb6/0x2b0
[  558.807930][T12205]  do_fast_syscall_32+0x34/0x80
[  558.807946][T12205]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  558.807965][T12205] RIP: 0023:0xf7f62539
[  558.807978][T12205] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  558.807992][T12205] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  558.808008][T12205] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000008922
[  558.808018][T12205] RDX: 0000000080002280 RSI: 0000000000000000 RDI: 0000000000000000
[  558.808028][T12205] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  558.808036][T12205] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  558.808045][T12205] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  558.808068][T12205]  </TASK>
[  558.808091][T12205] ERROR: Out of memory at tomoyo_realpath_from_path.
[  559.815006][    T9] usb 2-1: new full-speed USB device number 64 using dummy_hcd
[  559.874491][T12205] tipc: Resetting bearer <eth:syzkaller0>
[  559.918561][T12208] FAULT_INJECTION: forcing a failure.
[  559.918561][T12208] name failslab, interval 1, probability 0, space 0, times 0
[  559.964723][T12208] CPU: 0 UID: 0 PID: 12208 Comm: syz.0.1600 Not tainted syzkaller #0 PREEMPT(full) 
[  559.964745][T12208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  559.964754][T12208] Call Trace:
[  559.964762][T12208]  <TASK>
[  559.964792][T12208]  dump_stack_lvl+0x189/0x250
[  559.964813][T12208]  ? __pfx____ratelimit+0x10/0x10
[  559.964838][T12208]  ? __pfx_dump_stack_lvl+0x10/0x10
[  559.964855][T12208]  ? __pfx__printk+0x10/0x10
[  559.964872][T12208]  ? __lock_acquire+0xab9/0xd20
[  559.964899][T12208]  should_fail_ex+0x414/0x560
[  559.964938][T12208]  should_failslab+0xa8/0x100
[  559.964960][T12208]  kmem_cache_alloc_noprof+0x74/0x6e0
[  559.964975][T12208]  ? ipv6_chk_mcast_addr+0x2e/0x860
[  559.964992][T12208]  ? skb_clone+0x212/0x3a0
[  559.965012][T12208]  skb_clone+0x212/0x3a0
[  559.965026][T12208]  ? ip6_finish_output2+0x476/0x1480
[  559.965047][T12208]  ip6_finish_output2+0x48a/0x1480
[  559.965076][T12208]  ? __pfx_ip6_finish_output2+0x10/0x10
[  559.965095][T12208]  ? ip6_mtu+0x7d/0x490
[  559.965108][T12208]  ? ip6_mtu+0x38c/0x490
[  559.965124][T12208]  ? ip6_finish_output+0x2ef/0x4e0
[  559.965140][T12208]  ? ip6_output+0x126/0x550
[  559.965155][T12208]  ip6_output+0x340/0x550
[  559.965180][T12208]  ip6_mr_output+0x4e9/0x1100
[  559.965204][T12208]  ? ip6_mr_output+0x1ca/0x1100
[  559.965224][T12208]  ? __pfx_ip6_mr_output+0x10/0x10
[  559.965247][T12208]  ? __ip6_local_out+0x609/0x870
[  559.965275][T12208]  ? __ip6_local_out+0x82c/0x870
[  559.965297][T12208]  ? __lock_acquire+0xab9/0xd20
[  559.965318][T12208]  ? __ip6_local_out+0x609/0x870
[  559.965351][T12208]  ? skb_dst+0x4f/0xd0
[  559.965374][T12208]  ? dst_output+0x17b/0x1c0
[  559.965396][T12208]  ? ip6_send_skb+0x10f/0x390
[  559.965414][T12208]  ip6_send_skb+0x1d5/0x390
[  559.965435][T12208]  rawv6_push_pending_frames+0x6e6/0x8d0
[  559.965463][T12208]  ? __pfx_rawv6_push_pending_frames+0x10/0x10
[  559.965487][T12208]  ? __pfx_raw6_getfrag+0x10/0x10
[  559.965512][T12208]  rawv6_sendmsg+0x133d/0x1830
[  559.965545][T12208]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  559.965572][T12208]  ? aa_file_perm+0x13a/0x1550
[  559.965602][T12208]  ? __pfx_aa_sk_perm+0x10/0x10
[  559.965620][T12208]  ? sock_rps_record_flow+0x19/0x410
[  559.965645][T12208]  ? inet_sendmsg+0x2f4/0x370
[  559.965665][T12208]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  559.965688][T12208]  __sock_sendmsg+0x19c/0x270
[  559.965710][T12208]  sock_write_iter+0x279/0x360
[  559.965730][T12208]  ? __pfx_sock_write_iter+0x10/0x10
[  559.965757][T12208]  ? bpf_lsm_file_permission+0x9/0x20
[  559.965779][T12208]  ? security_file_permission+0x75/0x290
[  559.965808][T12208]  vfs_write+0x5c9/0xb30
[  559.965829][T12208]  ? __pfx_sock_write_iter+0x10/0x10
[  559.965847][T12208]  ? __pfx_vfs_write+0x10/0x10
[  559.965871][T12208]  ? __fget_files+0x2a/0x420
[  559.965898][T12208]  ksys_write+0x145/0x250
[  559.965956][T12208]  ? exc_page_fault+0x82/0x100
[  559.965972][T12208]  ? __pfx_ksys_write+0x10/0x10
[  559.965992][T12208]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  559.966009][T12208]  ? lockdep_hardirqs_on+0x9c/0x150
[  559.966027][T12208]  __do_fast_syscall_32+0xb6/0x2b0
[  559.966045][T12208]  ? lockdep_hardirqs_on+0x9c/0x150
[  559.966064][T12208]  do_fast_syscall_32+0x34/0x80
[  559.966081][T12208]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  559.966101][T12208] RIP: 0023:0xf708d539
[  559.966115][T12208] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  559.966128][T12208] RSP: 002b:00000000f547d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  559.966145][T12208] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  559.966155][T12208] RDX: 00000000000005ac RSI: 0000000000000000 RDI: 0000000000000000
[  559.966164][T12208] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  559.966173][T12208] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  559.966182][T12208] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  559.966206][T12208]  </TASK>
[  560.358207][    C0] vkms_vblank_simulate: vblank timer overrun
[  560.670676][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  560.691946][T12204] tipc: Resetting bearer <eth:syzkaller0>
[  560.760405][T12204] tipc: Disabling bearer <eth:syzkaller0>
[  560.962156][T12212] FAULT_INJECTION: forcing a failure.
[  560.962156][T12212] name failslab, interval 1, probability 0, space 0, times 0
[  560.982209][T12212] CPU: 1 UID: 0 PID: 12212 Comm: syz.1.1601 Not tainted syzkaller #0 PREEMPT(full) 
[  560.982239][T12212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  560.982253][T12212] Call Trace:
[  560.982262][T12212]  <TASK>
[  560.982272][T12212]  dump_stack_lvl+0x189/0x250
[  560.982300][T12212]  ? __pfx____ratelimit+0x10/0x10
[  560.982333][T12212]  ? __pfx_dump_stack_lvl+0x10/0x10
[  560.982356][T12212]  ? __pfx__printk+0x10/0x10
[  560.982381][T12212]  ? __pfx___might_resched+0x10/0x10
[  560.982411][T12212]  ? fs_reclaim_acquire+0x7d/0x100
[  560.982443][T12212]  should_fail_ex+0x414/0x560
[  560.982483][T12212]  should_failslab+0xa8/0x100
[  560.982514][T12212]  __kmalloc_cache_noprof+0x6f/0x6f0
[  560.982539][T12212]  ? nfnetlink_rcv+0x90e/0x2590
[  560.982571][T12212]  nfnetlink_rcv+0x90e/0x2590
[  560.982600][T12212]  ? __dev_queue_xmit+0x27b/0x3b50
[  560.982625][T12212]  ? kasan_save_track+0x3e/0x80
[  560.982675][T12212]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  560.982719][T12212]  ? ref_tracker_free+0x63a/0x7d0
[  560.982757][T12212]  ? __asan_memcpy+0x40/0x70
[  560.982796][T12212]  ? __pfx_ref_tracker_free+0x10/0x10
[  560.982817][T12212]  ? __skb_clone+0x63/0x7a0
[  560.982844][T12212]  ? __skb_clone+0x483/0x7a0
[  560.982873][T12212]  ? skb_clone+0x246/0x3a0
[  560.982899][T12212]  ? __netlink_deliver_tap+0x807/0x850
[  560.982932][T12212]  ? netlink_deliver_tap+0x2e/0x1b0
[  560.982983][T12212]  netlink_unicast+0x82f/0x9e0
[  560.983022][T12212]  ? __pfx_netlink_unicast+0x10/0x10
[  560.983054][T12212]  ? netlink_sendmsg+0x642/0xb30
[  560.983084][T12212]  ? skb_put+0x11b/0x210
[  560.983121][T12212]  netlink_sendmsg+0x805/0xb30
[  560.983164][T12212]  ? __pfx_netlink_sendmsg+0x10/0x10
[  560.983200][T12212]  ? __import_iovec+0x5d4/0x7f0
[  560.983229][T12212]  ? aa_sock_msg_perm+0xf1/0x1d0
[  560.983277][T12212]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  560.983303][T12212]  ? __pfx_netlink_sendmsg+0x10/0x10
[  560.983334][T12212]  __sock_sendmsg+0x21c/0x270
[  560.983363][T12212]  ____sys_sendmsg+0x505/0x830
[  560.983424][T12212]  ? __pfx_____sys_sendmsg+0x10/0x10
[  560.983477][T12212]  ___sys_sendmsg+0x21f/0x2a0
[  560.983502][T12212]  ? __pfx____sys_sendmsg+0x10/0x10
[  560.983565][T12212]  ? __fget_files+0x2a/0x420
[  560.983592][T12212]  ? __fget_files+0x3a0/0x420
[  560.983632][T12212]  __sys_sendmsg+0x164/0x220
[  560.983656][T12212]  ? __pfx___sys_sendmsg+0x10/0x10
[  560.983703][T12212]  ? __pfx_ksys_write+0x10/0x10
[  560.983731][T12212]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  560.983767][T12212]  ? lockdep_hardirqs_on+0x9c/0x150
[  560.983793][T12212]  __do_fast_syscall_32+0xb6/0x2b0
[  560.983819][T12212]  ? lockdep_hardirqs_on+0x9c/0x150
[  560.983846][T12212]  do_fast_syscall_32+0x34/0x80
[  560.983871][T12212]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  560.983898][T12212] RIP: 0023:0xf7fc3539
[  560.983918][T12212] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  560.983938][T12212] RSP: 002b:00000000f54b655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  560.983963][T12212] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  560.983979][T12212] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  560.983992][T12212] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  560.984006][T12212] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  560.984019][T12212] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  560.984053][T12212]  </TASK>
[  560.984405][T12212] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1601'.
[  561.357149][T12217] input: syz1 as /devices/virtual/input/input75
[  561.393802][T12214] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1603'.
[  561.414067][T12212] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1601'.
[  561.427426][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880588ec400: rx timeout, send abort
[  561.464080][T12217] netlink: 'syz.5.1602': attribute type 1 has an invalid length.
[  561.935757][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880588ec400: abort rx timeout. Force session deactivation
[  562.320710][    T9] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[  562.770399][    T9] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[  562.791807][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  562.820700][    T9] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  562.843769][    T9] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  562.864202][    T9] usb 1-1: Manufacturer: syz
[  562.885126][    T9] usb 1-1: config 0 descriptor??
[  563.175509][    T9] rc_core: IR keymap rc-hauppauge not found
[  563.200755][    T9] Registered IR keymap rc-empty
[  563.266170][    T9] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  563.306855][    T9] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input76
[  563.469051][    T9] usb 1-1: USB disconnect, device number 81
[  563.911042][   T44] usb 6-1: new full-speed USB device number 61 using dummy_hcd
[  564.097737][   T44] usb 6-1: config 0 has no interfaces?
[  564.126175][   T44] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  564.162783][   T44] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  564.222169][   T44] usb 6-1: config 0 descriptor??
[  564.317723][T12258] netlink: 'syz.0.1613': attribute type 1 has an invalid length.
[  564.372011][T12261] netlink: 'syz.1.1614': attribute type 1 has an invalid length.
[  564.379460][T12258] 8021q: adding VLAN 0 to HW filter on device bond5
[  564.421434][T12261] bond7: entered promiscuous mode
[  564.427357][T12261] 8021q: adding VLAN 0 to HW filter on device bond7
[  564.446530][T12246] netlink: 'syz.5.1609': attribute type 10 has an invalid length.
[  564.504996][T12258] bond5: (slave veth3): Enslaving as an active interface with a down link
[  564.529135][T12246] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  564.561618][T12264] vlan2: entered allmulticast mode
[  564.567920][T12264] veth1: entered allmulticast mode
[  564.579938][T12264] veth1: entered promiscuous mode
[  564.587743][T12264] veth1: left promiscuous mode
[  564.597100][T12264] bond5: (slave vlan2): making interface the new active one
[  564.607059][T12264] veth1: entered promiscuous mode
[  564.613933][T12264] vlan2: entered promiscuous mode
[  564.620118][T12264] bond5: (slave vlan2): Enslaving as an active interface with an up link
[  564.731002][T12266] FAULT_INJECTION: forcing a failure.
[  564.731002][T12266] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  564.756455][T12266] CPU: 1 UID: 0 PID: 12266 Comm: syz.1.1615 Not tainted syzkaller #0 PREEMPT(full) 
[  564.756487][T12266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  564.756502][T12266] Call Trace:
[  564.756512][T12266]  <TASK>
[  564.756524][T12266]  dump_stack_lvl+0x189/0x250
[  564.756553][T12266]  ? __pfx____ratelimit+0x10/0x10
[  564.756588][T12266]  ? __pfx_dump_stack_lvl+0x10/0x10
[  564.756605][T12266]  ? __pfx__printk+0x10/0x10
[  564.756630][T12266]  should_fail_ex+0x414/0x560
[  564.756672][T12266]  _copy_to_user+0x31/0xb0
[  564.756706][T12266]  __copy_siginfo_to_user32+0xa2/0x110
[  564.756739][T12266]  ? __pfx___copy_siginfo_to_user32+0x10/0x10
[  564.756786][T12266]  ia32_setup_rt_frame+0x6b0/0xb70
[  564.756837][T12266]  ? __pfx_ia32_setup_rt_frame+0x10/0x10
[  564.756872][T12266]  ? arch_do_signal_or_restart+0x385/0x790
[  564.756904][T12266]  arch_do_signal_or_restart+0x429/0x790
[  564.756926][T12266]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  564.756946][T12266]  ? __pfx___ia32_compat_sys_socketcall+0x10/0x10
[  564.757007][T12266]  ? exit_to_user_mode_loop+0x40/0x130
[  564.757040][T12266]  exit_to_user_mode_loop+0x72/0x130
[  564.757068][T12266]  __do_fast_syscall_32+0x1f4/0x2b0
[  564.757095][T12266]  ? lockdep_hardirqs_on+0x9c/0x150
[  564.757122][T12266]  do_fast_syscall_32+0x34/0x80
[  564.757149][T12266]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  564.757177][T12266] RIP: 0023:0xf7fc3539
[  564.757195][T12266] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  564.757214][T12266] RSP: 002b:00000000f54b5430 EFLAGS: 00000206 ORIG_RAX: 0000000000000066
[  564.757237][T12266] RAX: ffffffffffffffe0 RBX: 000000000000000b RCX: 00000000f54b5444
[  564.757248][T12266] RDX: 0000000000000000 RSI: 00000000f54b5560 RDI: 00000000f7455ff4
[  564.757258][T12266] RBP: 00000000f54b5560 R08: 0000000000000000 R09: 0000000000000000
[  564.757273][T12266] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  564.757287][T12266] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  564.757319][T12266]  </TASK>
[  564.968561][    C1] vkms_vblank_simulate: vblank timer overrun
[  566.738685][ T5885] usb 6-1: USB disconnect, device number 61
[  566.872877][T12289] input: syz1 as /devices/virtual/input/input77
[  567.074494][T12289] netlink: 'syz.1.1619': attribute type 1 has an invalid length.
[  567.266491][   T44] usb 6-1: new high-speed USB device number 62 using dummy_hcd
[  567.571012][   T44] usb 6-1: device descriptor read/64, error -71
[  567.810838][   T44] usb 6-1: new high-speed USB device number 63 using dummy_hcd
[  567.951392][   T44] usb 6-1: device descriptor read/64, error -71
[  568.074934][   T44] usb usb6-port1: attempt power cycle
[  568.246105][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  568.253326][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  568.431696][   T44] usb 6-1: new high-speed USB device number 64 using dummy_hcd
[  568.519850][   T44] usb 6-1: device descriptor read/8, error -71
[  568.632202][T12314] netlink: 'syz.4.1626': attribute type 1 has an invalid length.
[  568.701979][T12314] bond5: entered promiscuous mode
[  568.712718][T12314] 8021q: adding VLAN 0 to HW filter on device bond5
[  568.770591][   T44] usb 6-1: new high-speed USB device number 65 using dummy_hcd
[  568.791807][   T44] usb 6-1: device descriptor read/8, error -71
[  568.912449][   T44] usb usb6-port1: unable to enumerate USB device
[  570.040901][ T5885] usb 2-1: new full-speed USB device number 65 using dummy_hcd
[  570.560199][ T5885] usb 2-1: unable to get BOS descriptor or descriptor too short
[  570.568794][ T5885] usb 2-1: not running at top speed; connect to a high speed hub
[  570.579266][ T5885] usb 2-1: config 219 has an invalid interface number: 147 but max is 1
[  570.606475][ T5885] usb 2-1: config 219 has an invalid interface number: 147 but max is 1
[  570.623835][ T5885] usb 2-1: config 219 has 1 interface, different from the descriptor's value: 2
[  570.635070][ T5885] usb 2-1: config 219 has no interface number 0
[  570.650657][ T5885] usb 2-1: config 219 interface 147 has no altsetting 0
[  570.672948][ T5885] usb 2-1: config 219 interface 147 has no altsetting 1
[  571.075142][ T5885] usb 2-1: New USB device found, idVendor=07b0, idProduct=0006, bcdDevice=9e.d4
[  571.084642][ T5885] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  571.106285][ T5885] usb 2-1: Product: syz
[  571.111787][ T5885] usb 2-1: Manufacturer: syz
[  571.116668][ T5885] usb 2-1: SerialNumber: syz
[  572.038958][T12329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  572.069014][T12353] loop8: detected capacity change from 0 to 7
[  572.211327][T12329] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  572.252376][T12353] Dev loop8: unable to read RDB block 7
[  572.258175][T12353]  loop8: unable to read partition table
[  572.264532][T12353] loop8: partition table beyond EOD, truncated
[  572.278759][T12353] loop_reread_partitions: partition scan of loop8 (þ被xü—ŸÑà– ) failed (rc=-5)
[  572.476144][T12359] loop6: detected capacity change from 0 to 524287999
[  572.619494][ T5839] Dev loop8: unable to read RDB block 7
[  572.651858][ T5839]  loop8: unable to read partition table
[  572.715858][ T5839] loop8: partition table beyond EOD, truncated
[  572.736353][T12356] Dev loop8: unable to read RDB block 7
[  572.743534][T12356]  loop8: unable to read partition table
[  572.750306][T12356] loop8: partition table beyond EOD, truncated
[  572.756855][T12356] loop_reread_partitions: partition scan of loop8 (þ被xü—ŸÑà– ) failed (rc=-5)
[  573.040637][T10795] usb 6-1: new high-speed USB device number 66 using dummy_hcd
[  573.200728][    T9] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  573.210763][T10795] usb 6-1: Using ep0 maxpacket: 32
[  573.224853][T10795] usb 6-1: too many configurations: 217, using maximum allowed: 8
[  573.237036][T10795] usb 6-1: unable to read config index 0 descriptor/start: -61
[  573.245723][T10795] usb 6-1: can't read configurations, error -61
[  573.380826][T10795] usb 6-1: new high-speed USB device number 67 using dummy_hcd
[  573.388969][    T9] usb 5-1: Using ep0 maxpacket: 16
[  573.620577][T10795] usb 6-1: Using ep0 maxpacket: 32
[  573.634940][T10795] usb 6-1: too many configurations: 217, using maximum allowed: 8
[  573.647175][T10795] usb 6-1: unable to read config index 0 descriptor/start: -61
[  573.655444][T10795] usb 6-1: can't read configurations, error -61
[  573.662938][T10795] usb usb6-port1: attempt power cycle
[  573.868345][ T5885] HFC-S_USB 2-1:219.147: probe with driver HFC-S_USB failed with error -5
[  573.978873][ T5885] usb 2-1: USB disconnect, device number 65
[  574.071503][T10795] usb 6-1: new high-speed USB device number 68 using dummy_hcd
[  574.174891][ T5831] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  574.187969][ T5831] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  574.199040][ T5831] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  574.207582][ T5831] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  574.215784][ T5831] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  574.233210][ T5826] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  574.241182][ T5826] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  574.248639][ T5826] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  574.258246][ T5826] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  574.267026][ T5826] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  574.332028][T10795] usb 6-1: Using ep0 maxpacket: 32
[  574.346583][T10795] usb 6-1: too many configurations: 217, using maximum allowed: 8
[  574.364304][T10795] usb 6-1: unable to read config index 0 descriptor/start: -61
[  574.377056][T10795] usb 6-1: can't read configurations, error -61
[  574.396911][T12371] binder: BINDER_SET_CONTEXT_MGR already set
[  574.415473][T12371] binder: 12366:12371 ioctl 4018620d 80004a80 returned -16
[  574.560704][T10795] usb 6-1: new high-speed USB device number 69 using dummy_hcd
[  574.612520][T10795] usb 6-1: Using ep0 maxpacket: 32
[  574.648270][T10795] usb 6-1: too many configurations: 217, using maximum allowed: 8
[  574.730789][T10795] usb 6-1: unable to read config index 0 descriptor/start: -61
[  574.773656][T10795] usb 6-1: can't read configurations, error -61
[  574.803652][T10795] usb usb6-port1: unable to enumerate USB device
[  574.866744][T12370] chnl_net:caif_netlink_parms(): no params data found
[  574.922391][T12379] netlink: 'syz.0.1640': attribute type 1 has an invalid length.
[  575.167118][T12379] bond6: entered promiscuous mode
[  575.172897][T12379] 8021q: adding VLAN 0 to HW filter on device bond6
[  575.351277][T12370] bridge0: port 1(bridge_slave_0) entered blocking state
[  575.358547][T12370] bridge0: port 1(bridge_slave_0) entered disabled state
[  575.411455][T12370] bridge_slave_0: entered allmulticast mode
[  575.419534][T12370] bridge_slave_0: entered promiscuous mode
[  575.440413][    T9] usb 5-1: unable to get BOS descriptor or descriptor too short
[  575.474372][    T9] usb 5-1: unable to read config index 0 descriptor/start: -71
[  575.493350][T12370] bridge0: port 2(bridge_slave_1) entered blocking state
[  575.502721][    T9] usb 5-1: can't read configurations, error -71
[  575.526145][T12370] bridge0: port 2(bridge_slave_1) entered disabled state
[  575.560133][T12370] bridge_slave_1: entered allmulticast mode
[  575.574882][T12370] bridge_slave_1: entered promiscuous mode
[  575.680075][T12370] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  575.814330][T12370] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  575.914735][T10795] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[  575.998721][T12370] team0: Port device team_slave_0 added
[  576.011977][T12370] team0: Port device team_slave_1 added
[  576.067983][T10795] usb 1-1: device descriptor read/64, error -71
[  576.249639][T12370] batman_adv: batadv0: Adding interface: batadv_slave_0
[  576.256941][T12370] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  576.285882][T12370] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  576.302976][T12370] batman_adv: batadv0: Adding interface: batadv_slave_1
[  576.310188][T12370] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  576.339389][ T5826] Bluetooth: hci5: command tx timeout
[  576.347209][T10795] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[  576.362728][T12370] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  576.500806][T10795] usb 1-1: device descriptor read/64, error -71
[  576.611340][T10795] usb usb1-port1: attempt power cycle
[  576.772279][T12370] hsr_slave_0: entered promiscuous mode
[  576.860332][T12370] hsr_slave_1: entered promiscuous mode
[  576.912635][T12370] debugfs: 'hsr0' already exists in 'hsr'
[  576.918430][T12370] Cannot create hsr debugfs directory
[  576.971593][T10795] usb 1-1: new high-speed USB device number 84 using dummy_hcd
[  577.011535][T10795] usb 1-1: device descriptor read/8, error -71
[  577.260631][T10795] usb 1-1: new high-speed USB device number 85 using dummy_hcd
[  577.281642][T10795] usb 1-1: device descriptor read/8, error -71
[  577.301859][    T9] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  577.391056][T10795] usb usb1-port1: unable to enumerate USB device
[  577.470576][    T9] usb 5-1: Using ep0 maxpacket: 8
[  577.487214][T12370] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  577.499541][    T9] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  577.511271][    T9] usb 5-1: config 0 has no interface number 0
[  577.523541][T12370] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  577.530985][    T9] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  577.551182][T12370] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  577.558196][    T9] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  577.574264][    T9] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  577.591171][T12370] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  577.598090][    T9] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  577.619567][    T9] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  577.638123][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  577.653383][    T9] usb 5-1: config 0 descriptor??
[  577.667458][    T9] ldusb 5-1:0.55: LD USB Device #1 now attached to major 180 minor 1
[  577.835200][T12370] 8021q: adding VLAN 0 to HW filter on device bond0
[  577.896309][T12370] 8021q: adding VLAN 0 to HW filter on device team0
[  577.929832][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  577.937106][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  577.981154][   T37] vlan2: left promiscuous mode
[  578.110881][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  578.118116][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  578.408497][ T5826] Bluetooth: hci5: command tx timeout
[  578.452326][T12420] input: syz1 as /devices/virtual/input/input78
[  578.749291][T12370] 8021q: adding VLAN 0 to HW filter on device batadv0
[  578.992283][T12370] veth0_vlan: entered promiscuous mode
[  579.029947][T12370] veth1_vlan: entered promiscuous mode
[  579.346016][T12427] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1649'.
[  579.399547][T12370] veth0_macvtap: entered promiscuous mode
[  579.412116][T12427] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  579.683566][T12370] veth1_macvtap: entered promiscuous mode
[  579.893763][T12370] batman_adv: batadv0: Interface activated: batadv_slave_0
[  579.935353][T12370] batman_adv: batadv0: Interface activated: batadv_slave_1
[  580.384144][   T12] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  580.399372][ T5906] usb 5-1: USB disconnect, device number 56
[  580.434166][   T12] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  580.451409][ T5906] ldusb 5-1:0.55: LD USB Device #1 now disconnected
[  580.480914][ T5826] Bluetooth: hci5: command tx timeout
[  580.503036][   T12] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  580.547960][   T12] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  580.767790][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  580.784370][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  580.876371][   T44] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[  581.181578][   T44] usb 2-1: Using ep0 maxpacket: 8
[  581.381160][   T44] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[  581.429383][T12436] hub 9-0:1.0: USB hub found
[  581.434810][T12436] hub 9-0:1.0: 1 port detected
[  581.464932][   T44] usb 2-1: config 0 has no interface number 0
[  581.491814][   T44] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  581.508290][T12436] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1650'.
[  581.528645][   T44] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  581.539188][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  581.557113][   T44] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  581.569168][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  581.602508][   T44] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  581.686828][   T44] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  581.721400][   T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  581.742738][T12442] netlink: 'syz.0.1652': attribute type 1 has an invalid length.
[  581.760386][   T44] usb 2-1: config 0 descriptor??
[  581.785885][   T44] ldusb 2-1:0.55: LD USB Device #1 now attached to major 180 minor 1
[  581.965196][T12442] bond7: entered promiscuous mode
[  582.016391][T12442] 8021q: adding VLAN 0 to HW filter on device bond7
[  582.331102][   T44] usb 6-1: new high-speed USB device number 70 using dummy_hcd
[  582.561711][ T5826] Bluetooth: hci5: command tx timeout
[  582.590643][   T44] usb 6-1: Using ep0 maxpacket: 32
[  582.597880][   T44] usb 6-1: config 0 has an invalid interface number: 239 but max is 0
[  582.610345][   T44] usb 6-1: config 0 has an invalid descriptor of length 49, skipping remainder of the config
[  582.678933][   T44] usb 6-1: config 0 has no interface number 0
[  582.714185][   T44] usb 6-1: config 0 interface 239 altsetting 4 bulk endpoint 0x2 has invalid maxpacket 8
[  582.736098][   T44] usb 6-1: config 0 interface 239 altsetting 4 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  582.767022][   T44] usb 6-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xA9, changing to 0x89
[  582.805616][   T44] usb 6-1: config 0 interface 239 altsetting 4 endpoint 0x89 has invalid maxpacket 28648, setting to 1024
[  582.829147][   T44] usb 6-1: config 0 interface 239 altsetting 4 bulk endpoint 0x89 has invalid maxpacket 1024
[  582.860030][   T44] usb 6-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xD5, changing to 0x85
[  582.884479][   T44] usb 6-1: config 0 interface 239 altsetting 4 endpoint 0x85 has invalid maxpacket 14444, setting to 1024
[  582.898613][   T44] usb 6-1: config 0 interface 239 altsetting 4 bulk endpoint 0x85 has invalid maxpacket 1024
[  582.923131][   T44] usb 6-1: config 0 interface 239 has no altsetting 0
[  582.936390][   T44] usb 6-1: New USB device found, idVendor=105b, idProduct=1799, bcdDevice=36.e9
[  583.311550][   T44] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  583.319820][   T44] usb 6-1: Product: syz
[  583.328405][   T44] usb 6-1: Manufacturer: syz
[  583.338145][   T44] usb 6-1: SerialNumber: syz
[  583.349498][   T44] usb 6-1: config 0 descriptor??
[  583.356825][T12443] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  583.367041][T12443] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  583.375616][T12443] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  583.561431][   T44] usb 2-1: USB disconnect, device number 66
[  583.574899][   T44] ldusb 2-1:0.55: LD USB Device #1 now disconnected
[  583.795679][T12439] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1651'.
[  583.990697][T10795] usb 1-1: new high-speed USB device number 86 using dummy_hcd
[  584.170534][T10795] usb 1-1: Using ep0 maxpacket: 8
[  584.184254][T10795] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[  584.198738][T10795] usb 1-1: config 0 has no interface number 0
[  584.207078][T10795] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  584.360272][T10795] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  584.372583][T10795] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  584.392679][T10795] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  584.427073][T10795] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  584.521103][T10795] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  584.587776][T10795] usb 1-1: config 0 descriptor??
[  584.622168][T10795] ldusb 1-1:0.55: LD USB Device #1 now attached to major 180 minor 1
[  584.846968][ T5886] usb 6-1: USB disconnect, device number 70
[  586.071594][T12487] input: syz1 as /devices/virtual/input/input79
[  586.237647][T12487] netlink: 'syz.4.1661': attribute type 1 has an invalid length.
[  586.250137][ T5886] usb 6-1: new high-speed USB device number 71 using dummy_hcd
[  586.476274][ T5886] usb 6-1: Using ep0 maxpacket: 8
[  586.529438][ T5886] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  586.538440][ T5886] usb 6-1: config 0 has no interface number 0
[  586.575297][ T5886] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  586.625289][ T5886] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  586.721666][ T5886] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  586.740911][ T5886] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  586.780367][ T5886] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  586.840320][T12494] debugfs: '!' already exists in 'ieee80211'
[  587.082297][   T30] audit: type=1326 audit(1760514645.971:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12490 comm="syz.7.1663" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000
[  587.157449][   T30] audit: type=1326 audit(1760514645.971:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12490 comm="syz.7.1663" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d539 code=0x7ffc0000
[  587.239451][T10795] usb 1-1: USB disconnect, device number 86
[  587.250534][ T5886] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  587.369108][ T5886] usb 6-1: config 0 descriptor??
[  587.404581][T10795] ldusb 1-1:0.55: LD USB Device #1 now disconnected
[  587.640668][ T5886] ldusb 6-1:0.55: LD USB Device #1 now attached to major 180 minor 1
[  587.708964][T12500] netlink: 'syz.0.1666': attribute type 1 has an invalid length.
[  587.827697][T12500] bond8: entered promiscuous mode
[  587.834024][T12500] 8021q: adding VLAN 0 to HW filter on device bond8
[  588.747830][    C0] wdm_int_callback: 13 callbacks suppressed
[  588.747852][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  588.760642][    C0] wdm_int_callback: 13 callbacks suppressed
[  588.760658][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  588.774635][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  588.781284][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  588.787706][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  588.794313][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  588.807120][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  588.813800][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  588.820075][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  588.826677][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  588.833047][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  588.839655][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  588.846454][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  588.853516][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  588.860168][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  588.866786][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  588.873111][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  588.879808][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  588.886380][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  588.893297][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  588.944791][   T44] usb 7-1: USB disconnect, device number 39
[  588.944917][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  589.020960][T10795] usb 6-1: USB disconnect, device number 71
[  589.088788][T10795] ldusb 6-1:0.55: LD USB Device #1 now disconnected
[  589.237644][ T1150] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  589.678475][ T1150] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  589.833121][ T1150] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  590.499661][ T1150] netdevsim netdevsim6 netdevsim0 (unregistering): left promiscuous mode
[  590.527575][ T1150] netdevsim netdevsim6 netdevsim0 (unregistering): left allmulticast mode
[  590.659877][ T1150] team0: Port device netdevsim0 removed
[  590.667454][ T1150] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  591.070928][ T1150] team0: left allmulticast mode
[  591.101477][ T1150] team_slave_0: left allmulticast mode
[  591.147454][ T1150] team_slave_1: left allmulticast mode
[  591.180938][ T1150] bridge0: port 3(team0) entered disabled state
[  591.332895][ T1150] bridge_slave_1: left allmulticast mode
[  591.338631][ T1150] bridge_slave_1: left promiscuous mode
[  591.380821][ T1150] bridge0: port 2(bridge_slave_1) entered disabled state
[  591.408039][ T1150] bridge_slave_0: left allmulticast mode
[  591.415935][ T1150] bridge_slave_0: left promiscuous mode
[  591.426526][ T1150] bridge0: port 1(bridge_slave_0) entered disabled state
[  591.581054][T12433] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[  591.598293][T12559] netlink: 'syz.4.1681': attribute type 1 has an invalid length.
[  591.775001][T12433] usb 2-1: Using ep0 maxpacket: 8
[  591.807276][T12565] input: syz1 as /devices/virtual/input/input81
[  591.815925][T12433] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[  591.843645][T12433] usb 2-1: config 0 has no interface number 0
[  591.849870][T12433] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  591.864437][T12433] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  591.906884][T12433] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  591.950103][T12433] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  591.994310][T12565] netlink: 'syz.5.1682': attribute type 1 has an invalid length.
[  592.035586][T12433] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  592.060585][T12433] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  592.105438][T12433] usb 2-1: config 0 descriptor??
[  592.145546][T12433] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  592.164091][ T1150] bond1 (unregistering): (slave gretap1): Releasing active interface
[  592.282467][ T1150] bond2 (unregistering): (slave gre1): Releasing backup interface
[  592.295622][ T1150] gre1 (unregistering): left promiscuous mode
[  593.808325][ T1150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  593.884375][T12572] input: syz1 as /devices/virtual/input/input82
[  593.930350][ T1150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  593.956582][ T1150] bond0 (unregistering): Released all slaves
[  594.015037][ T1150] bond1 (unregistering): Released all slaves
[  594.200326][T12572] netlink: 'syz.7.1683': attribute type 1 has an invalid length.
[  594.286917][ T1150] bond2 (unregistering): Released all slaves
[  594.359619][ T5906] usb 2-1: USB disconnect, device number 67
[  594.368855][ T5906] ldusb 2-1:0.55: LD USB Device #0 now disconnected
[  594.922002][ T1150] bond3 (unregistering): Released all slaves
[  595.116428][ T1150] bond4 (unregistering): Released all slaves
[  595.288696][ T1150] bond5 (unregistering): Released all slaves
[  595.306954][ T1150] bond6 (unregistering): Released all slaves
[  595.392484][T12559] bond7: entered promiscuous mode
[  595.398129][T12559] 8021q: adding VLAN 0 to HW filter on device bond7
[  595.425492][   T30] audit: type=1326 audit(1760514654.331:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.1.1687" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc3539 code=0x0
[  595.458423][T12565] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR
[  595.708288][ T1150] tipc: Left network mode
[  595.825023][T12603] loop6: detected capacity change from 0 to 524287999
[  596.296771][ T5886] usb 6-1: new high-speed USB device number 72 using dummy_hcd
[  596.550658][ T5886] usb 6-1: Using ep0 maxpacket: 16
[  596.624393][T12618] FAULT_INJECTION: forcing a failure.
[  596.624393][T12618] name failslab, interval 1, probability 0, space 0, times 0
[  596.637346][T12618] CPU: 0 UID: 0 PID: 12618 Comm: syz.0.1692 Not tainted syzkaller #0 PREEMPT(full) 
[  596.637367][T12618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  596.637377][T12618] Call Trace:
[  596.637384][T12618]  <TASK>
[  596.637392][T12618]  dump_stack_lvl+0x189/0x250
[  596.637418][T12618]  ? __pfx____ratelimit+0x10/0x10
[  596.637443][T12618]  ? __pfx_dump_stack_lvl+0x10/0x10
[  596.637459][T12618]  ? __pfx__printk+0x10/0x10
[  596.637486][T12618]  ? __pfx___might_resched+0x10/0x10
[  596.637507][T12618]  ? fs_reclaim_acquire+0x7d/0x100
[  596.637530][T12618]  should_fail_ex+0x414/0x560
[  596.637558][T12618]  should_failslab+0xa8/0x100
[  596.637580][T12618]  __kmalloc_noprof+0xcb/0x7f0
[  596.637597][T12618]  ? tomoyo_encode+0x28b/0x550
[  596.637619][T12618]  tomoyo_encode+0x28b/0x550
[  596.637641][T12618]  tomoyo_realpath_from_path+0x58d/0x5d0
[  596.637660][T12618]  ? tomoyo_domain+0xd9/0x130
[  596.637683][T12618]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  596.637707][T12618]  tomoyo_path_number_perm+0x1e8/0x5a0
[  596.637733][T12618]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  596.637769][T12618]  ? __lock_acquire+0xab9/0xd20
[  596.637804][T12618]  ? __fget_files+0x2a/0x420
[  596.637827][T12618]  ? __fget_files+0x3a0/0x420
[  596.637845][T12618]  ? __fget_files+0x2a/0x420
[  596.637867][T12618]  security_file_ioctl_compat+0xcb/0x2d0
[  596.637892][T12618]  __ia32_compat_sys_ioctl+0x128/0x840
[  596.637910][T12618]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  596.637926][T12618]  ? __fget_files+0x3a0/0x420
[  596.637950][T12618]  ? fput+0xa0/0xd0
[  596.637977][T12618]  ? ksys_write+0x22a/0x250
[  596.637992][T12618]  ? exc_page_fault+0x82/0x100
[  596.638011][T12618]  ? __pfx_ksys_write+0x10/0x10
[  596.638047][T12618]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  596.638069][T12618]  ? lockdep_hardirqs_on+0x9c/0x150
[  596.638087][T12618]  __do_fast_syscall_32+0xb6/0x2b0
[  596.638106][T12618]  ? lockdep_hardirqs_on+0x9c/0x150
[  596.638124][T12618]  do_fast_syscall_32+0x34/0x80
[  596.638141][T12618]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  596.638160][T12618] RIP: 0023:0xf708d539
[  596.638175][T12618] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  596.638189][T12618] RSP: 002b:00000000f547d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  596.638206][T12618] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000ae80
[  596.638217][T12618] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  596.638226][T12618] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  596.638236][T12618] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  596.638245][T12618] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  596.638268][T12618]  </TASK>
[  596.914293][T12618] ERROR: Out of memory at tomoyo_realpath_from_path.
[  597.553204][    T9] IPVS: starting estimator thread 0...
[  597.682261][T12623] IPVS: using max 36 ests per chain, 86400 per kthread
[  598.121458][T12635] input: syz1 as /devices/virtual/input/input83
[  598.286999][T12635] netlink: 'syz.4.1694': attribute type 1 has an invalid length.
[  598.713581][ T1150] hsr_slave_0: left promiscuous mode
[  598.732540][ T1150] hsr_slave_1: left promiscuous mode
[  598.755020][ T1150] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  598.793105][ T1150] batman_adv: batadv0: Removing interface: batadv_slave_0
[  598.819216][ T1150] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  598.838616][ T1150] batman_adv: batadv0: Removing interface: batadv_slave_1
[  599.082282][ T1150] veth1_macvtap: left promiscuous mode
[  599.087857][ T1150] veth0_macvtap: left promiscuous mode
[  599.130975][ T1150] veth1_vlan: left promiscuous mode
[  599.136357][ T1150] veth0_vlan: left promiscuous mode
[  599.862111][ T1150] pim6reg (unregistering): left allmulticast mode
[  600.108641][ T5886] usb 6-1: unable to get BOS descriptor or descriptor too short
[  600.137863][ T5886] usb 6-1: unable to read config index 0 descriptor/start: -71
[  600.170553][ T5886] usb 6-1: can't read configurations, error -71
[  600.310996][T12646] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1698'.
[  600.495775][T12650] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1697'.
[  600.759409][T12655] netlink: 'syz.1.1701': attribute type 1 has an invalid length.
[  600.794904][T12656] input: syz1 as /devices/virtual/input/input84
[  600.907121][T12656] netlink: 'syz.7.1700': attribute type 1 has an invalid length.
[  601.263148][ T1150] team_slave_1 (unregistering): left promiscuous mode
[  601.274516][ T1150] team0 (unregistering): Port device team_slave_1 removed
[  601.341093][ T1150] team_slave_0 (unregistering): left promiscuous mode
[  601.609687][ T1150] team0 (unregistering): Port device team_slave_0 removed
[  602.644199][T12635] workqueue: Failed to create a rescuer kthread for wq "bond8": -EINTR
[  602.821632][T12655] bond9: entered promiscuous mode
[  602.835681][T12655] 8021q: adding VLAN 0 to HW filter on device bond9
[  603.555920][T12669] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1703'.
[  603.595563][ T1150] IPVS: stop unused estimator thread 0...
[  604.694882][T12688] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1706'.
[  605.962430][T12703] FAULT_INJECTION: forcing a failure.
[  605.962430][T12703] name failslab, interval 1, probability 0, space 0, times 0
[  606.031071][T12703] CPU: 1 UID: 0 PID: 12703 Comm: syz.7.1708 Not tainted syzkaller #0 PREEMPT(full) 
[  606.031104][T12703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  606.031119][T12703] Call Trace:
[  606.031129][T12703]  <TASK>
[  606.031139][T12703]  dump_stack_lvl+0x189/0x250
[  606.031170][T12703]  ? __pfx____ratelimit+0x10/0x10
[  606.031205][T12703]  ? __pfx_dump_stack_lvl+0x10/0x10
[  606.031229][T12703]  ? __pfx__printk+0x10/0x10
[  606.031259][T12703]  ? __pfx___might_resched+0x10/0x10
[  606.031290][T12703]  ? fs_reclaim_acquire+0x7d/0x100
[  606.031322][T12703]  should_fail_ex+0x414/0x560
[  606.031363][T12703]  should_failslab+0xa8/0x100
[  606.031394][T12703]  __kmalloc_cache_noprof+0x6f/0x6f0
[  606.031420][T12703]  ? do_proc_control+0x215/0xe40
[  606.031458][T12703]  do_proc_control+0x215/0xe40
[  606.031504][T12703]  proc_control+0xc8/0x110
[  606.031531][T12703]  ? __pfx_proc_control+0x10/0x10
[  606.031573][T12703]  usbdev_ioctl+0xc4c/0x20b0
[  606.031605][T12703]  ? __fget_files+0x2a/0x420
[  606.031634][T12703]  ? __pfx_usbdev_ioctl+0x10/0x10
[  606.031660][T12703]  ? __fget_files+0x3a0/0x420
[  606.031685][T12703]  ? __fget_files+0x2a/0x420
[  606.031716][T12703]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[  606.031753][T12703]  __ia32_compat_sys_ioctl+0x543/0x840
[  606.031780][T12703]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  606.031803][T12703]  ? __fget_files+0x3a0/0x420
[  606.031845][T12703]  ? fput+0xa0/0xd0
[  606.031877][T12703]  ? ksys_write+0x22a/0x250
[  606.031898][T12703]  ? exc_page_fault+0x82/0x100
[  606.031920][T12703]  ? __pfx_ksys_write+0x10/0x10
[  606.031947][T12703]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  606.031972][T12703]  ? lockdep_hardirqs_on+0x9c/0x150
[  606.031998][T12703]  __do_fast_syscall_32+0xb6/0x2b0
[  606.032023][T12703]  ? lockdep_hardirqs_on+0x9c/0x150
[  606.032050][T12703]  do_fast_syscall_32+0x34/0x80
[  606.032075][T12703]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  606.032102][T12703] RIP: 0023:0xf703d539
[  606.032121][T12703] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  606.032141][T12703] RSP: 002b:00000000f542d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  606.032164][T12703] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0185500
[  606.032180][T12703] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  606.032194][T12703] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  606.032208][T12703] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  606.032222][T12703] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  606.032256][T12703]  </TASK>
[  606.301362][    C1] vkms_vblank_simulate: vblank timer overrun
[  607.143481][T12729] input: syz1 as /devices/virtual/input/input85
[  607.333327][T12729] netlink: 'syz.0.1713': attribute type 1 has an invalid length.
[  607.510600][ T5906] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  607.660047][T12743] loop6: detected capacity change from 0 to 63
[  607.667594][T12743] Buffer I/O error on dev loop6, logical block 0, async page read
[  607.677286][ T5906] usb 5-1: Using ep0 maxpacket: 8
[  607.684487][ T5906] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  607.695230][T12743] Buffer I/O error on dev loop6, logical block 0, async page read
[  607.711734][ T5906] usb 5-1: config 0 has no interface number 0
[  607.729898][ T5906] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  607.747170][T12743] Buffer I/O error on dev loop6, logical block 0, async page read
[  607.769308][ T5906] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  607.784774][T12744] Buffer I/O error on dev loop6, logical block 0, lost async page write
[  607.917283][ T5906] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  607.943632][T12744] Buffer I/O error on dev loop6, logical block 1, lost async page write
[  607.950694][ T5906] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  607.975487][T12743]  loop6: unable to read partition table
[  607.981757][T12743] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  608.010718][T12744] Buffer I/O error on dev loop6, logical block 2, lost async page write
[  608.019226][T12744] Buffer I/O error on dev loop6, logical block 3, lost async page write
[  608.028478][ T5906] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  608.048506][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  608.168758][ T5906] usb 5-1: config 0 descriptor??
[  608.192080][T12744] Buffer I/O error on dev loop6, logical block 4, lost async page write
[  608.210181][ T5906] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  608.241239][T12744] Buffer I/O error on dev loop6, logical block 5, lost async page write
[  608.282739][T12744] Buffer I/O error on dev loop6, logical block 6, lost async page write
[  609.479325][T12760] input: syz1 as /devices/virtual/input/input86
[  610.220775][T12433] usb 5-1: USB disconnect, device number 57
[  610.251357][T12433] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  610.594132][T12771] FAULT_INJECTION: forcing a failure.
[  610.594132][T12771] name failslab, interval 1, probability 0, space 0, times 0
[  610.621645][T12771] CPU: 0 UID: 0 PID: 12771 Comm: syz.4.1721 Not tainted syzkaller #0 PREEMPT(full) 
[  610.621677][T12771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  610.621691][T12771] Call Trace:
[  610.621700][T12771]  <TASK>
[  610.621710][T12771]  dump_stack_lvl+0x189/0x250
[  610.621738][T12771]  ? __pfx____ratelimit+0x10/0x10
[  610.621772][T12771]  ? __pfx_dump_stack_lvl+0x10/0x10
[  610.621795][T12771]  ? __pfx__printk+0x10/0x10
[  610.621823][T12771]  ? __pfx___might_resched+0x10/0x10
[  610.621853][T12771]  ? fs_reclaim_acquire+0x7d/0x100
[  610.621886][T12771]  should_fail_ex+0x414/0x560
[  610.621926][T12771]  should_failslab+0xa8/0x100
[  610.621961][T12771]  kmem_cache_alloc_node_noprof+0x77/0x710
[  610.621985][T12771]  ? __alloc_skb+0x112/0x2d0
[  610.622016][T12771]  ? netlink_autobind+0xdb/0x300
[  610.622055][T12771]  __alloc_skb+0x112/0x2d0
[  610.622090][T12771]  netlink_sendmsg+0x5c6/0xb30
[  610.622133][T12771]  ? __pfx_netlink_sendmsg+0x10/0x10
[  610.622169][T12771]  ? __import_iovec+0x5d4/0x7f0
[  610.622196][T12771]  ? aa_sock_msg_perm+0xf1/0x1d0
[  610.622224][T12771]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  610.622261][T12771]  ? __pfx_netlink_sendmsg+0x10/0x10
[  610.622295][T12771]  __sock_sendmsg+0x21c/0x270
[  610.622325][T12771]  ____sys_sendmsg+0x505/0x830
[  610.622367][T12771]  ? __pfx_____sys_sendmsg+0x10/0x10
[  610.622419][T12771]  ___sys_sendmsg+0x21f/0x2a0
[  610.622444][T12771]  ? __pfx____sys_sendmsg+0x10/0x10
[  610.622504][T12771]  ? __fget_files+0x2a/0x420
[  610.622532][T12771]  ? __fget_files+0x3a0/0x420
[  610.622571][T12771]  __sys_sendmsg+0x164/0x220
[  610.622595][T12771]  ? __pfx___sys_sendmsg+0x10/0x10
[  610.622641][T12771]  ? __pfx_ksys_write+0x10/0x10
[  610.622667][T12771]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  610.622693][T12771]  ? lockdep_hardirqs_on+0x9c/0x150
[  610.622719][T12771]  __do_fast_syscall_32+0xb6/0x2b0
[  610.622745][T12771]  ? lockdep_hardirqs_on+0x9c/0x150
[  610.622771][T12771]  do_fast_syscall_32+0x34/0x80
[  610.622795][T12771]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  610.622823][T12771] RIP: 0023:0xf7f23539
[  610.622843][T12771] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  610.622863][T12771] RSP: 002b:00000000f541655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  610.622887][T12771] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080
[  610.622903][T12771] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  610.622916][T12771] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  610.622930][T12771] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  610.622943][T12771] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  610.622976][T12771]  </TASK>
[  611.252177][T12787] FAULT_INJECTION: forcing a failure.
[  611.252177][T12787] name failslab, interval 1, probability 0, space 0, times 0
[  611.294434][T12787] CPU: 1 UID: 0 PID: 12787 Comm: syz.4.1725 Not tainted syzkaller #0 PREEMPT(full) 
[  611.294467][T12787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  611.294482][T12787] Call Trace:
[  611.294490][T12787]  <TASK>
[  611.294501][T12787]  dump_stack_lvl+0x189/0x250
[  611.294529][T12787]  ? __pfx____ratelimit+0x10/0x10
[  611.294565][T12787]  ? __pfx_dump_stack_lvl+0x10/0x10
[  611.294589][T12787]  ? __pfx__printk+0x10/0x10
[  611.294618][T12787]  ? __pfx___might_resched+0x10/0x10
[  611.294655][T12787]  should_fail_ex+0x414/0x560
[  611.294695][T12787]  should_failslab+0xa8/0x100
[  611.294727][T12787]  __kmalloc_noprof+0xcb/0x7f0
[  611.294752][T12787]  ? nf_tables_newrule+0x150b/0x28a0
[  611.294776][T12787]  ? nla_strcmp+0x106/0x140
[  611.294806][T12787]  nf_tables_newrule+0x150b/0x28a0
[  611.294847][T12787]  ? __pfx_nf_tables_newrule+0x10/0x10
[  611.294873][T12787]  ? nfnl_pernet+0x23/0x240
[  611.294921][T12787]  ? __nla_parse+0x40/0x60
[  611.294952][T12787]  nfnetlink_rcv+0x11d9/0x2590
[  611.295019][T12787]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  611.295102][T12787]  ? netlink_deliver_tap+0x2e/0x1b0
[  611.295155][T12787]  netlink_unicast+0x82f/0x9e0
[  611.295194][T12787]  ? __pfx_netlink_unicast+0x10/0x10
[  611.295226][T12787]  ? netlink_sendmsg+0x642/0xb30
[  611.295256][T12787]  ? skb_put+0x11b/0x210
[  611.295294][T12787]  netlink_sendmsg+0x805/0xb30
[  611.295337][T12787]  ? __pfx_netlink_sendmsg+0x10/0x10
[  611.295380][T12787]  ? __import_iovec+0x5d4/0x7f0
[  611.295414][T12787]  ? aa_sock_msg_perm+0xf1/0x1d0
[  611.295442][T12787]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  611.295471][T12787]  ? __pfx_netlink_sendmsg+0x10/0x10
[  611.295505][T12787]  __sock_sendmsg+0x21c/0x270
[  611.295537][T12787]  ____sys_sendmsg+0x505/0x830
[  611.295579][T12787]  ? __pfx_____sys_sendmsg+0x10/0x10
[  611.295633][T12787]  ___sys_sendmsg+0x21f/0x2a0
[  611.295658][T12787]  ? __pfx____sys_sendmsg+0x10/0x10
[  611.295719][T12787]  ? __fget_files+0x2a/0x420
[  611.295747][T12787]  ? __fget_files+0x3a0/0x420
[  611.295787][T12787]  __sys_sendmsg+0x164/0x220
[  611.295811][T12787]  ? __pfx___sys_sendmsg+0x10/0x10
[  611.295857][T12787]  ? __pfx_ksys_write+0x10/0x10
[  611.295886][T12787]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  611.295912][T12787]  ? lockdep_hardirqs_on+0x9c/0x150
[  611.295938][T12787]  __do_fast_syscall_32+0xb6/0x2b0
[  611.295964][T12787]  ? lockdep_hardirqs_on+0x9c/0x150
[  611.295991][T12787]  do_fast_syscall_32+0x34/0x80
[  611.296016][T12787]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  611.296043][T12787] RIP: 0023:0xf7f23539
[  611.296062][T12787] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  611.296083][T12787] RSP: 002b:00000000f541655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  611.296107][T12787] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080009b40
[  611.296123][T12787] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000
[  611.296137][T12787] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  611.296150][T12787] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  611.296164][T12787] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  611.296198][T12787]  </TASK>
[  611.616198][    C1] vkms_vblank_simulate: vblank timer overrun
[  611.748697][T12790] fuse: Unknown parameter 'urer_id'
[  611.890663][T12498] usb 1-1: new low-speed USB device number 87 using dummy_hcd
[  612.043199][T12498] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[  612.051861][T12498] usb 1-1: config 0 has no interface number 0
[  612.066364][T12498] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  612.128528][T12498] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  612.140943][T12433] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  612.142975][T12498] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  612.161612][T12498] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  612.178411][T12498] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  612.198325][T12498] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  612.221274][T12498] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  612.230379][T12498] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  612.241133][ T5886] usb 6-1: new high-speed USB device number 74 using dummy_hcd
[  612.269040][T12498] usb 1-1: config 0 descriptor??
[  612.276113][T12785] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  612.286301][T12785] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  612.308814][T12498] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  612.330402][T12433] usb 5-1: Using ep0 maxpacket: 8
[  612.346251][T12433] usb 5-1: config 0 has an invalid interface number: 56 but max is 0
[  612.364604][T12433] usb 5-1: config 0 has no interface number 0
[  612.384750][T12433] usb 5-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  612.402469][ T5886] usb 6-1: Using ep0 maxpacket: 8
[  612.404502][T12804] netlink: 'syz.1.1729': attribute type 1 has an invalid length.
[  612.410154][ T5886] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  612.415722][T12433] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  612.428651][ T5886] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  612.451229][ T5886] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  612.460606][T12433] usb 5-1: Product: syz
[  612.461091][ T5886] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  612.464807][T12433] usb 5-1: Manufacturer: syz
[  612.474414][ T5886] usb 6-1: Product: syz
[  612.482246][ T5886] usb 6-1: Manufacturer: syz
[  612.487297][ T5886] usb 6-1: SerialNumber: syz
[  612.495236][T12433] usb 5-1: SerialNumber: syz
[  612.513788][T12433] usb 5-1: config 0 descriptor??
[  612.521968][T12785] ldusb 1-1:0.55: Write buffer overflow, 1 bytes dropped
[  612.524812][T12433] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  612.562617][T12785] random: crng reseeded on system resumption
[  612.573326][ T5886] usb 6-1: config 0 descriptor??
[  612.613633][T12804] 8021q: adding VLAN 0 to HW filter on device bond10
[  612.622269][T12433] pctv452e: pctv452e_power_ctrl: 1
[  612.622269][T12433] 
[  612.629650][T12433] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  612.629650][T12433] 
[  612.650596][T12433] dvb-usb: bulk message failed: -22 (5/0)
[  612.684790][T12433] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  612.717157][T12808] bond10: (slave veth3): Enslaving as an active interface with a down link
[  612.737442][T12433] dvbdev: DVB: registering new adapter (Technotrend TT Connect S2-3600)
[  612.754772][T12795] dvb-usb: bulk message failed: -22 (7/0)
[  612.764752][T12433] usb 5-1: media controller created
[  612.770179][T12795] pctv452e: I2C error -22; AA 01  04 00 02 -> aa 01 31 03 04 00 02
[  612.788601][T12809] vlan2: entered allmulticast mode
[  612.798030][T12433] dvb-usb: bulk message failed: -22 (8/0)
[  612.805966][T12809] veth1: entered allmulticast mode
[  612.821022][T12433] pctv452e: I2C error -22; AA 02  A0 01 14 -> aa 02 31 04 a0 01 14
[  612.826068][T12809] veth1: entered promiscuous mode
[  612.836044][T12809] veth1: left promiscuous mode
[  612.845703][T12809] bond10: (slave vlan2): making interface the new active one
[  612.857353][T12433] dvb-usb: MAC address reading failed.
[  612.863042][T12809] veth1: entered promiscuous mode
[  612.864673][T12809] vlan2: entered promiscuous mode
[  612.875256][T12809] bond10: (slave vlan2): Enslaving as an active interface with an up link
[  612.935054][T12433] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  613.029810][T12433] DVB: Unable to find symbol stb0899_attach()
[  613.036683][T12433] dvb-usb: no frontend was attached by 'Technotrend TT Connect S2-3600'
[  613.163205][T12433] rc_core: IR keymap rc-tt-1500 not found
[  613.177121][T12433] Registered IR keymap rc-empty
[  613.195021][T12433] rc rc0: Technotrend TT Connect S2-3600 as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0
[  613.212854][T12433] input: Technotrend TT Connect S2-3600 as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0/input87
[  613.238714][ T5886] usb 1-1: USB disconnect, device number 87
[  613.269439][ T5886] ldusb 1-1:0.55: LD USB Device #0 now disconnected
[  613.269870][T12433] dvb-usb: schedule remote query interval to 100 msecs.
[  613.294632][    T9] usb 6-1: USB disconnect, device number 74
[  613.318638][T12433] pctv452e: pctv452e_power_ctrl: 0
[  613.318638][T12433] 
[  613.355538][T12433] dvb-usb: Technotrend TT Connect S2-3600 successfully initialized and connected.
[  613.378514][T12433] usb 5-1: USB disconnect, device number 58
[  613.554894][T12433] dvb-usb: Technotrend TT Connect S2-3600 successfully deinitialized and disconnected.
[  613.786181][T12835] snd_dummy snd_dummy.0: control 0:0:0:syz0:16384 is already present
[  614.466979][T12836] loop8: detected capacity change from 0 to 7
[  614.613647][T12836] Dev loop8: unable to read RDB block 7
[  614.621165][T12836]  loop8: unable to read partition table
[  614.696539][T12836] loop8: partition table beyond EOD, truncated
[  614.719687][T12849] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1735'.
[  614.732722][T12847] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1736'.
[  614.950636][T12836] loop_reread_partitions: partition scan of loop8 (þ被xü—ŸÑà– ) failed (rc=-5)
[  614.981913][ T6450] Dev loop8: unable to read RDB block 7
[  614.987590][ T6450]  loop8: unable to read partition table
[  614.990993][T12847] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1736'.
[  615.013279][ T6450] loop8: partition table beyond EOD, truncated
[  615.176247][T12857] FAULT_INJECTION: forcing a failure.
[  615.176247][T12857] name failslab, interval 1, probability 0, space 0, times 0
[  615.201303][T12857] CPU: 0 UID: 0 PID: 12857 Comm: syz.0.1738 Not tainted syzkaller #0 PREEMPT(full) 
[  615.201333][T12857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  615.201346][T12857] Call Trace:
[  615.201355][T12857]  <TASK>
[  615.201365][T12857]  dump_stack_lvl+0x189/0x250
[  615.201396][T12857]  ? __pfx____ratelimit+0x10/0x10
[  615.201432][T12857]  ? __pfx_dump_stack_lvl+0x10/0x10
[  615.201455][T12857]  ? __pfx__printk+0x10/0x10
[  615.201483][T12857]  ? __pfx___might_resched+0x10/0x10
[  615.201514][T12857]  ? fs_reclaim_acquire+0x7d/0x100
[  615.201546][T12857]  should_fail_ex+0x414/0x560
[  615.201586][T12857]  should_failslab+0xa8/0x100
[  615.201630][T12857]  kmem_cache_alloc_node_noprof+0x77/0x710
[  615.201654][T12857]  ? __alloc_skb+0x112/0x2d0
[  615.201684][T12857]  ? netlink_autobind+0xdb/0x300
[  615.201735][T12857]  __alloc_skb+0x112/0x2d0
[  615.201769][T12857]  netlink_sendmsg+0x5c6/0xb30
[  615.201811][T12857]  ? __pfx_netlink_sendmsg+0x10/0x10
[  615.201845][T12857]  ? __import_iovec+0x5d4/0x7f0
[  615.201872][T12857]  ? aa_sock_msg_perm+0xf1/0x1d0
[  615.201899][T12857]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  615.202053][T12857]  ? __pfx_netlink_sendmsg+0x10/0x10
[  615.202083][T12857]  __sock_sendmsg+0x21c/0x270
[  615.202118][T12857]  ____sys_sendmsg+0x505/0x830
[  615.202158][T12857]  ? __pfx_____sys_sendmsg+0x10/0x10
[  615.202214][T12857]  ___sys_sendmsg+0x21f/0x2a0
[  615.202239][T12857]  ? __pfx____sys_sendmsg+0x10/0x10
[  615.202294][T12857]  ? __fget_files+0x2a/0x420
[  615.202322][T12857]  ? __fget_files+0x3a0/0x420
[  615.202362][T12857]  __sys_sendmsg+0x164/0x220
[  615.202386][T12857]  ? __pfx___sys_sendmsg+0x10/0x10
[  615.202430][T12857]  ? __pfx_ksys_write+0x10/0x10
[  615.202459][T12857]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  615.202486][T12857]  ? lockdep_hardirqs_on+0x9c/0x150
[  615.202511][T12857]  __do_fast_syscall_32+0xb6/0x2b0
[  615.202537][T12857]  ? lockdep_hardirqs_on+0x9c/0x150
[  615.202563][T12857]  do_fast_syscall_32+0x34/0x80
[  615.202586][T12857]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  615.202612][T12857] RIP: 0023:0xf708d539
[  615.202631][T12857] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  615.202651][T12857] RSP: 002b:00000000f547d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  615.202676][T12857] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000080
[  615.202692][T12857] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  615.202705][T12857] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  615.202718][T12857] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  615.202794][T12857] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  615.202836][T12857]  </TASK>
[  615.763969][T12870] FAULT_INJECTION: forcing a failure.
[  615.763969][T12870] name failslab, interval 1, probability 0, space 0, times 0
[  615.778006][T12870] CPU: 0 UID: 0 PID: 12870 Comm: syz.5.1743 Not tainted syzkaller #0 PREEMPT(full) 
[  615.778038][T12870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  615.778052][T12870] Call Trace:
[  615.778062][T12870]  <TASK>
[  615.778072][T12870]  dump_stack_lvl+0x189/0x250
[  615.778103][T12870]  ? __pfx____ratelimit+0x10/0x10
[  615.778139][T12870]  ? __pfx_dump_stack_lvl+0x10/0x10
[  615.778164][T12870]  ? __pfx__printk+0x10/0x10
[  615.778193][T12870]  ? __pfx___might_resched+0x10/0x10
[  615.778253][T12870]  should_fail_ex+0x414/0x560
[  615.778295][T12870]  should_failslab+0xa8/0x100
[  615.778333][T12870]  kmem_cache_alloc_node_noprof+0x77/0x710
[  615.778358][T12870]  ? __alloc_skb+0x112/0x2d0
[  615.778397][T12870]  __alloc_skb+0x112/0x2d0
[  615.778434][T12870]  netlink_ack+0x146/0xa50
[  615.778463][T12870]  ? __pfx_genl_rcv_msg+0x10/0x10
[  615.778486][T12870]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  615.778518][T12870]  ? __pfx_nl80211_post_doit+0x10/0x10
[  615.778551][T12870]  ? __asan_memcpy+0x40/0x70
[  615.778573][T12870]  ? __pfx_ref_tracker_free+0x10/0x10
[  615.778605][T12870]  netlink_rcv_skb+0x28c/0x470
[  615.778635][T12870]  ? __lock_acquire+0xab9/0xd20
[  615.778665][T12870]  ? __pfx_genl_rcv_msg+0x10/0x10
[  615.778692][T12870]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  615.778743][T12870]  ? down_read+0x1ad/0x2e0
[  615.778771][T12870]  genl_rcv+0x28/0x40
[  615.778792][T12870]  netlink_unicast+0x82f/0x9e0
[  615.778830][T12870]  ? __pfx_netlink_unicast+0x10/0x10
[  615.778859][T12870]  ? netlink_sendmsg+0x642/0xb30
[  615.778889][T12870]  ? skb_put+0x11b/0x210
[  615.778925][T12870]  netlink_sendmsg+0x805/0xb30
[  615.778976][T12870]  ? __pfx_netlink_sendmsg+0x10/0x10
[  615.779012][T12870]  ? __import_iovec+0x5d4/0x7f0
[  615.779039][T12870]  ? aa_sock_msg_perm+0xf1/0x1d0
[  615.779067][T12870]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  615.779097][T12870]  ? __pfx_netlink_sendmsg+0x10/0x10
[  615.779131][T12870]  __sock_sendmsg+0x21c/0x270
[  615.779163][T12870]  ____sys_sendmsg+0x505/0x830
[  615.779205][T12870]  ? __pfx_____sys_sendmsg+0x10/0x10
[  615.779260][T12870]  ___sys_sendmsg+0x21f/0x2a0
[  615.779285][T12870]  ? __pfx____sys_sendmsg+0x10/0x10
[  615.779347][T12870]  ? __fget_files+0x2a/0x420
[  615.779377][T12870]  ? __fget_files+0x3a0/0x420
[  615.779417][T12870]  __sys_sendmsg+0x164/0x220
[  615.779441][T12870]  ? __pfx___sys_sendmsg+0x10/0x10
[  615.779486][T12870]  ? __pfx_ksys_write+0x10/0x10
[  615.779514][T12870]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  615.779542][T12870]  ? lockdep_hardirqs_on+0x9c/0x150
[  615.779569][T12870]  __do_fast_syscall_32+0xb6/0x2b0
[  615.779594][T12870]  ? lockdep_hardirqs_on+0x9c/0x150
[  615.779620][T12870]  do_fast_syscall_32+0x34/0x80
[  615.779645][T12870]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  615.779673][T12870] RIP: 0023:0xf7f62539
[  615.779693][T12870] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  615.779713][T12870] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  615.779737][T12870] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800031c0
[  615.779754][T12870] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  615.779767][T12870] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  615.779780][T12870] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  615.779794][T12870] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  615.779828][T12870]  </TASK>
[  616.340857][ T5907] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[  616.525375][T12882] snd_dummy snd_dummy.0: control 0:0:0:syz0:16384 is already present
[  616.593548][ T5907] usb 5-1: Using ep0 maxpacket: 8
[  616.614591][ T5907] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  616.630766][ T5907] usb 5-1: config 0 has no interface number 0
[  616.647201][ T5907] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  616.687336][ T5907] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  616.800271][ T5907] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  616.820997][ T5907] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  616.835289][ T5907] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  616.862925][ T5907] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  616.897461][ T5907] usb 5-1: config 0 descriptor??
[  616.929479][ T5907] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  617.969566][T12902] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1751'.
[  618.827284][ T5906] usb 5-1: USB disconnect, device number 59
[  618.849228][ T5906] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  618.980989][T12923] input: syz1 as /devices/virtual/input/input88
[  619.399489][T12923] netlink: 'syz.4.1755': attribute type 1 has an invalid length.
[  619.758880][T12956] input: syz1 as /devices/virtual/input/input89
[  619.934911][T12956] netlink: 'syz.5.1756': attribute type 1 has an invalid length.
[  620.910100][T12975] FAULT_INJECTION: forcing a failure.
[  620.910100][T12975] name failslab, interval 1, probability 0, space 0, times 0
[  620.984963][T12975] CPU: 1 UID: 0 PID: 12975 Comm: syz.1.1760 Not tainted syzkaller #0 PREEMPT(full) 
[  620.984995][T12975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  620.985009][T12975] Call Trace:
[  620.985019][T12975]  <TASK>
[  620.985029][T12975]  dump_stack_lvl+0x189/0x250
[  620.985058][T12975]  ? __pfx____ratelimit+0x10/0x10
[  620.985093][T12975]  ? __pfx_dump_stack_lvl+0x10/0x10
[  620.985116][T12975]  ? __pfx__printk+0x10/0x10
[  620.985145][T12975]  ? __pfx___might_resched+0x10/0x10
[  620.985181][T12975]  should_fail_ex+0x414/0x560
[  620.985221][T12975]  should_failslab+0xa8/0x100
[  620.985261][T12975]  kmem_cache_alloc_node_noprof+0x77/0x710
[  620.985285][T12975]  ? __alloc_skb+0x112/0x2d0
[  620.985324][T12975]  __alloc_skb+0x112/0x2d0
[  620.985358][T12975]  netlink_ack+0x146/0xa50
[  620.985406][T12975]  netlink_rcv_skb+0x28c/0x470
[  620.985435][T12975]  ? lockdep_hardirqs_on+0x9c/0x150
[  620.985456][T12975]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  620.985486][T12975]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  620.985528][T12975]  ? bpf_lsm_capable+0x9/0x20
[  620.985547][T12975]  ? security_capable+0x7e/0x2e0
[  620.985576][T12975]  nfnetlink_rcv+0x282/0x2590
[  620.985607][T12975]  ? __dev_queue_xmit+0x27b/0x3b50
[  620.985631][T12975]  ? __dev_queue_xmit+0x1d79/0x3b50
[  620.985652][T12975]  ? kasan_save_track+0x3e/0x80
[  620.985675][T12975]  ? __kasan_slab_alloc+0x6c/0x80
[  620.985709][T12975]  ? __dev_queue_xmit+0x27b/0x3b50
[  620.985746][T12975]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  620.985774][T12975]  ? __pfx___dev_queue_xmit+0x10/0x10
[  620.985856][T12975]  ? ref_tracker_free+0x63a/0x7d0
[  620.985881][T12975]  ? __asan_memcpy+0x40/0x70
[  620.985901][T12975]  ? __pfx_ref_tracker_free+0x10/0x10
[  620.985921][T12975]  ? __skb_clone+0x63/0x7a0
[  620.985947][T12975]  ? __skb_clone+0x483/0x7a0
[  620.985973][T12975]  ? skb_clone+0x246/0x3a0
[  620.986000][T12975]  ? __netlink_deliver_tap+0x807/0x850
[  620.986030][T12975]  ? netlink_deliver_tap+0x2e/0x1b0
[  620.986068][T12975]  ? netlink_deliver_tap+0x2e/0x1b0
[  620.986107][T12975]  netlink_unicast+0x82f/0x9e0
[  620.986144][T12975]  ? __pfx_netlink_unicast+0x10/0x10
[  620.986175][T12975]  ? netlink_sendmsg+0x642/0xb30
[  620.986205][T12975]  ? skb_put+0x11b/0x210
[  620.986241][T12975]  netlink_sendmsg+0x805/0xb30
[  620.986294][T12975]  ? __pfx_netlink_sendmsg+0x10/0x10
[  620.986330][T12975]  ? __import_iovec+0x5d4/0x7f0
[  620.986358][T12975]  ? aa_sock_msg_perm+0xf1/0x1d0
[  620.986384][T12975]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  620.986413][T12975]  ? __pfx_netlink_sendmsg+0x10/0x10
[  620.986447][T12975]  __sock_sendmsg+0x21c/0x270
[  620.986478][T12975]  ____sys_sendmsg+0x505/0x830
[  620.986519][T12975]  ? __pfx_____sys_sendmsg+0x10/0x10
[  620.986573][T12975]  ___sys_sendmsg+0x21f/0x2a0
[  620.986597][T12975]  ? __pfx____sys_sendmsg+0x10/0x10
[  620.986656][T12975]  ? __fget_files+0x2a/0x420
[  620.986684][T12975]  ? __fget_files+0x3a0/0x420
[  620.986722][T12975]  __sys_sendmsg+0x164/0x220
[  620.986747][T12975]  ? __pfx___sys_sendmsg+0x10/0x10
[  620.986792][T12975]  ? __pfx_ksys_write+0x10/0x10
[  620.986819][T12975]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  620.986847][T12975]  ? lockdep_hardirqs_on+0x9c/0x150
[  620.986873][T12975]  __do_fast_syscall_32+0xb6/0x2b0
[  620.986898][T12975]  ? lockdep_hardirqs_on+0x9c/0x150
[  620.986925][T12975]  do_fast_syscall_32+0x34/0x80
[  620.986949][T12975]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  620.986977][T12975] RIP: 0023:0xf7fc3539
[  620.986997][T12975] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  620.987016][T12975] RSP: 002b:00000000f54b655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  620.987040][T12975] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000540
[  620.987056][T12975] RDX: 0000000000044000 RSI: 0000000000000000 RDI: 0000000000000000
[  620.987070][T12975] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  620.987084][T12975] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  620.987097][T12975] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  620.987130][T12975]  </TASK>
[  621.693182][T12981] binder: BINDER_SET_CONTEXT_MGR already set
[  621.699230][T12981] binder: 12980:12981 ioctl 4018620d 80004a80 returned -16
[  621.819137][T12983] netlink: 'syz.1.1763': attribute type 1 has an invalid length.
[  621.831304][T12981] binder: 12980:12981 ioctl c0306201 80000180 returned -14
[  621.889588][T12988] netlink: 'syz.5.1765': attribute type 10 has an invalid length.
[  621.942032][T12983] bond11: entered promiscuous mode
[  621.948638][T12983] 8021q: adding VLAN 0 to HW filter on device bond11
[  622.069486][T12988] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  622.136666][T12997] snd_dummy snd_dummy.0: control 0:0:0:syz0:16384 is already present
[  623.678447][T13028] FAULT_INJECTION: forcing a failure.
[  623.678447][T13028] name failslab, interval 1, probability 0, space 0, times 0
[  623.691960][T13028] CPU: 1 UID: 0 PID: 13028 Comm: syz.5.1775 Not tainted syzkaller #0 PREEMPT(full) 
[  623.691999][T13028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  623.692013][T13028] Call Trace:
[  623.692022][T13028]  <TASK>
[  623.692032][T13028]  dump_stack_lvl+0x189/0x250
[  623.692063][T13028]  ? __pfx____ratelimit+0x10/0x10
[  623.692099][T13028]  ? __pfx_dump_stack_lvl+0x10/0x10
[  623.692135][T13028]  ? __pfx__printk+0x10/0x10
[  623.692164][T13028]  ? __pfx___might_resched+0x10/0x10
[  623.692199][T13028]  should_fail_ex+0x414/0x560
[  623.692238][T13028]  should_failslab+0xa8/0x100
[  623.692268][T13028]  kmem_cache_alloc_node_noprof+0x77/0x710
[  623.692292][T13028]  ? __alloc_skb+0x112/0x2d0
[  623.692328][T13028]  __alloc_skb+0x112/0x2d0
[  623.692372][T13028]  netlink_ack+0x146/0xa50
[  623.692400][T13028]  ? __pfx_genl_rcv_msg+0x10/0x10
[  623.692423][T13028]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  623.692452][T13028]  ? __pfx_nl80211_post_doit+0x10/0x10
[  623.692483][T13028]  ? __asan_memcpy+0x40/0x70
[  623.692503][T13028]  ? __pfx_ref_tracker_free+0x10/0x10
[  623.692535][T13028]  netlink_rcv_skb+0x28c/0x470
[  623.692581][T13028]  ? __lock_acquire+0xab9/0xd20
[  623.692611][T13028]  ? __pfx_genl_rcv_msg+0x10/0x10
[  623.692637][T13028]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  623.692689][T13028]  ? down_read+0x1ad/0x2e0
[  623.692731][T13028]  genl_rcv+0x28/0x40
[  623.692752][T13028]  netlink_unicast+0x82f/0x9e0
[  623.692789][T13028]  ? __pfx_netlink_unicast+0x10/0x10
[  623.692818][T13028]  ? netlink_sendmsg+0x642/0xb30
[  623.692848][T13028]  ? skb_put+0x11b/0x210
[  623.692882][T13028]  netlink_sendmsg+0x805/0xb30
[  623.692923][T13028]  ? __pfx_netlink_sendmsg+0x10/0x10
[  623.692958][T13028]  ? __import_iovec+0x5d4/0x7f0
[  623.692991][T13028]  ? aa_sock_msg_perm+0xf1/0x1d0
[  623.693017][T13028]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  623.693045][T13028]  ? __pfx_netlink_sendmsg+0x10/0x10
[  623.693078][T13028]  __sock_sendmsg+0x21c/0x270
[  623.693108][T13028]  ____sys_sendmsg+0x505/0x830
[  623.693148][T13028]  ? __pfx_____sys_sendmsg+0x10/0x10
[  623.693200][T13028]  ___sys_sendmsg+0x21f/0x2a0
[  623.693223][T13028]  ? __pfx____sys_sendmsg+0x10/0x10
[  623.693289][T13028]  ? __fget_files+0x2a/0x420
[  623.693315][T13028]  ? __fget_files+0x3a0/0x420
[  623.693353][T13028]  __sys_sendmsg+0x164/0x220
[  623.693377][T13028]  ? __pfx___sys_sendmsg+0x10/0x10
[  623.693421][T13028]  ? __pfx_ksys_write+0x10/0x10
[  623.693448][T13028]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  623.693473][T13028]  ? lockdep_hardirqs_on+0x9c/0x150
[  623.693497][T13028]  __do_fast_syscall_32+0xb6/0x2b0
[  623.693521][T13028]  ? lockdep_hardirqs_on+0x9c/0x150
[  623.693548][T13028]  do_fast_syscall_32+0x34/0x80
[  623.693572][T13028]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  623.693597][T13028] RIP: 0023:0xf7f62539
[  623.693617][T13028] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  623.693635][T13028] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  623.693658][T13028] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340
[  623.693674][T13028] RDX: 0000000024004050 RSI: 0000000000000000 RDI: 0000000000000000
[  623.693688][T13028] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  623.693701][T13028] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  623.693712][T13028] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  623.693744][T13028]  </TASK>
[  624.100617][ T5906] usb 2-1: new full-speed USB device number 68 using dummy_hcd
[  624.117005][T13030] mac80211_hwsim hwsim10 wlan1: entered allmulticast mode
[  624.280565][ T5906] usb 2-1: device descriptor read/64, error -71
[  624.520566][ T5906] usb 2-1: new full-speed USB device number 69 using dummy_hcd
[  624.690622][ T5906] usb 2-1: device descriptor read/64, error -71
[  624.813930][ T5906] usb usb2-port1: attempt power cycle
[  624.951906][T13051] input: syz1 as /devices/virtual/input/input91
[  625.088762][T13051] netlink: 'syz.0.1778': attribute type 1 has an invalid length.
[  625.162745][ T5906] usb 2-1: new full-speed USB device number 70 using dummy_hcd
[  625.201936][ T5906] usb 2-1: device descriptor read/8, error -71
[  625.226189][T13058] netlink: 'syz.7.1779': attribute type 1 has an invalid length.
[  625.291811][T13058] bond1: entered promiscuous mode
[  625.299131][T13058] 8021q: adding VLAN 0 to HW filter on device bond1
[  625.442660][T13062] 8021q: adding VLAN 0 to HW filter on device bond1
[  625.450603][ T5906] usb 2-1: new full-speed USB device number 71 using dummy_hcd
[  625.472531][T13062] bond1: (slave gre1): The slave device specified does not support setting the MAC address
[  625.610927][T13062] bond1: (slave gre1): Setting fail_over_mac to active for active-backup mode
[  625.649799][ T5906] usb 2-1: device descriptor read/8, error -71
[  625.680065][T13062] bond1: (slave gre1): making interface the new active one
[  625.750134][T13062] gre1: entered promiscuous mode
[  625.758149][T13062] bond1: (slave gre1): Enslaving as an active interface with an up link
[  625.772693][ T5906] usb usb2-port1: unable to enumerate USB device
[  627.323083][T13107] fuse: blksize only supported for fuseblk
[  627.324984][   T37] vlan2: left promiscuous mode
[  627.421646][ T5906] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[  627.554069][T13117] FAULT_INJECTION: forcing a failure.
[  627.554069][T13117] name failslab, interval 1, probability 0, space 0, times 0
[  627.581248][T13117] CPU: 0 UID: 0 PID: 13117 Comm: syz.5.1794 Not tainted syzkaller #0 PREEMPT(full) 
[  627.581280][T13117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  627.581294][T13117] Call Trace:
[  627.581303][T13117]  <TASK>
[  627.581314][T13117]  dump_stack_lvl+0x189/0x250
[  627.581344][T13117]  ? __pfx____ratelimit+0x10/0x10
[  627.581379][T13117]  ? __pfx_dump_stack_lvl+0x10/0x10
[  627.581402][T13117]  ? __pfx__printk+0x10/0x10
[  627.581432][T13117]  ? __pfx___might_resched+0x10/0x10
[  627.581468][T13117]  should_fail_ex+0x414/0x560
[  627.581509][T13117]  should_failslab+0xa8/0x100
[  627.581540][T13117]  kmem_cache_alloc_node_noprof+0x77/0x710
[  627.581565][T13117]  ? __alloc_skb+0x112/0x2d0
[  627.581610][T13117]  __alloc_skb+0x112/0x2d0
[  627.581646][T13117]  netlink_ack+0x146/0xa50
[  627.581675][T13117]  ? __pfx_genl_rcv_msg+0x10/0x10
[  627.581698][T13117]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  627.581728][T13117]  ? __pfx_nl80211_post_doit+0x10/0x10
[  627.581761][T13117]  ? __asan_memcpy+0x40/0x70
[  627.581782][T13117]  ? __pfx_ref_tracker_free+0x10/0x10
[  627.581815][T13117]  netlink_rcv_skb+0x28c/0x470
[  627.581845][T13117]  ? __lock_acquire+0xab9/0xd20
[  627.581874][T13117]  ? __pfx_genl_rcv_msg+0x10/0x10
[  627.581900][T13117]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  627.581953][T13117]  ? down_read+0x1ad/0x2e0
[  627.581982][T13117]  genl_rcv+0x28/0x40
[  627.582004][T13117]  netlink_unicast+0x82f/0x9e0
[  627.582043][T13117]  ? __pfx_netlink_unicast+0x10/0x10
[  627.582074][T13117]  ? netlink_sendmsg+0x642/0xb30
[  627.582104][T13117]  ? skb_put+0x11b/0x210
[  627.582140][T13117]  netlink_sendmsg+0x805/0xb30
[  627.582183][T13117]  ? __pfx_netlink_sendmsg+0x10/0x10
[  627.582219][T13117]  ? __import_iovec+0x5d4/0x7f0
[  627.582246][T13117]  ? aa_sock_msg_perm+0xf1/0x1d0
[  627.582273][T13117]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  627.582302][T13117]  ? __pfx_netlink_sendmsg+0x10/0x10
[  627.582335][T13117]  __sock_sendmsg+0x21c/0x270
[  627.582367][T13117]  ____sys_sendmsg+0x505/0x830
[  627.582409][T13117]  ? __pfx_____sys_sendmsg+0x10/0x10
[  627.582480][T13117]  ___sys_sendmsg+0x21f/0x2a0
[  627.582505][T13117]  ? __pfx____sys_sendmsg+0x10/0x10
[  627.582567][T13117]  ? __fget_files+0x2a/0x420
[  627.582600][T13117]  ? __fget_files+0x3a0/0x420
[  627.582640][T13117]  __sys_sendmsg+0x164/0x220
[  627.582664][T13117]  ? __pfx___sys_sendmsg+0x10/0x10
[  627.582709][T13117]  ? __pfx_ksys_write+0x10/0x10
[  627.582737][T13117]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  627.582763][T13117]  ? lockdep_hardirqs_on+0x9c/0x150
[  627.582789][T13117]  __do_fast_syscall_32+0xb6/0x2b0
[  627.582814][T13117]  ? lockdep_hardirqs_on+0x9c/0x150
[  627.582842][T13117]  do_fast_syscall_32+0x34/0x80
[  627.582867][T13117]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  627.582894][T13117] RIP: 0023:0xf7f62539
[  627.582914][T13117] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  627.582933][T13117] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  627.582956][T13117] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[  627.582971][T13117] RDX: 0000000004044000 RSI: 0000000000000000 RDI: 0000000000000000
[  627.582985][T13117] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  627.582997][T13117] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  627.583010][T13117] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  627.583044][T13117]  </TASK>
[  627.931272][    C0] vkms_vblank_simulate: vblank timer overrun
[  628.182811][T13125] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1791'.
[  628.550549][ T5906] usb 2-1: Using ep0 maxpacket: 8
[  628.980159][ T5906] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[  628.998624][ T5906] usb 2-1: config 0 has no interface number 0
[  629.008772][ T5906] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  629.038518][ T5906] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  629.083169][ T5906] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  629.113986][ T5906] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  629.165052][ T5906] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  629.207457][ T5906] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  629.331043][ T5906] usb 2-1: config 0 descriptor??
[  629.389043][ T5906] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  629.591947][T13141] RDS: rds_bind could not find a transport for ae0c:91e3:ccfb:11d2:0:5efe:150.125.240.108, load rds_tcp or rds_rdma?
[  629.778059][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  629.792396][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  630.120162][T13156] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1799'.
[  630.251041][T13154] input: syz1 as /devices/virtual/input/input92
[  630.625105][T13154] netlink: 'syz.7.1800': attribute type 1 has an invalid length.
[  630.856465][T13170] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1802'.
[  630.878534][T13170] tipc: New replicast peer: 0.0.0.0
[  630.885246][T13170] tipc: Enabled bearer <udp:syz2>, priority 10
[  631.317985][ T5906] usb 2-1: USB disconnect, device number 72
[  631.328718][ T5906] ldusb 2-1:0.55: LD USB Device #0 now disconnected
[  631.723728][T13182] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1806'.
[  632.133433][T13194] snd_dummy snd_dummy.0: control 0:0:0:syz0:16384 is already present
[  632.155253][T13196] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1810'.
[  632.259495][T13196] FAULT_INJECTION: forcing a failure.
[  632.259495][T13196] name failslab, interval 1, probability 0, space 0, times 0
[  632.386863][T13196] CPU: 1 UID: 0 PID: 13196 Comm: syz.0.1810 Not tainted syzkaller #0 PREEMPT(full) 
[  632.386896][T13196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  632.386910][T13196] Call Trace:
[  632.386920][T13196]  <TASK>
[  632.386930][T13196]  dump_stack_lvl+0x189/0x250
[  632.386961][T13196]  ? __pfx____ratelimit+0x10/0x10
[  632.386996][T13196]  ? __pfx_dump_stack_lvl+0x10/0x10
[  632.387020][T13196]  ? __pfx__printk+0x10/0x10
[  632.387050][T13196]  ? __pfx___might_resched+0x10/0x10
[  632.387080][T13196]  ? fs_reclaim_acquire+0x7d/0x100
[  632.387113][T13196]  should_fail_ex+0x414/0x560
[  632.387176][T13196]  should_failslab+0xa8/0x100
[  632.387207][T13196]  kmem_cache_alloc_node_noprof+0x77/0x710
[  632.387239][T13196]  ? __alloc_skb+0x112/0x2d0
[  632.387278][T13196]  __alloc_skb+0x112/0x2d0
[  632.387316][T13196]  nl80211_tx_mgmt+0x9cd/0xdf0
[  632.387348][T13196]  ? __pfx_nl80211_tx_mgmt+0x10/0x10
[  632.387374][T13196]  ? __pfx___mutex_lock+0x10/0x10
[  632.387421][T13196]  ? nl80211_pre_doit+0x4f1/0x930
[  632.387460][T13196]  genl_family_rcv_msg_doit+0x215/0x300
[  632.387495][T13196]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  632.387535][T13196]  ? bpf_lsm_capable+0x9/0x20
[  632.387556][T13196]  ? security_capable+0x7e/0x2e0
[  632.387586][T13196]  genl_rcv_msg+0x60e/0x790
[  632.387622][T13196]  ? __pfx_genl_rcv_msg+0x10/0x10
[  632.387645][T13196]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  632.387681][T13196]  ? __pfx_nl80211_tx_mgmt+0x10/0x10
[  632.387703][T13196]  ? __pfx_nl80211_post_doit+0x10/0x10
[  632.387742][T13196]  ? __asan_memcpy+0x40/0x70
[  632.387764][T13196]  ? __pfx_ref_tracker_free+0x10/0x10
[  632.387797][T13196]  netlink_rcv_skb+0x208/0x470
[  632.387827][T13196]  ? __lock_acquire+0xab9/0xd20
[  632.387857][T13196]  ? __pfx_genl_rcv_msg+0x10/0x10
[  632.387883][T13196]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  632.387936][T13196]  ? down_read+0x1ad/0x2e0
[  632.387966][T13196]  genl_rcv+0x28/0x40
[  632.387987][T13196]  netlink_unicast+0x82f/0x9e0
[  632.388026][T13196]  ? __pfx_netlink_unicast+0x10/0x10
[  632.388056][T13196]  ? netlink_sendmsg+0x642/0xb30
[  632.388085][T13196]  ? skb_put+0x11b/0x210
[  632.388123][T13196]  netlink_sendmsg+0x805/0xb30
[  632.388174][T13196]  ? __pfx_netlink_sendmsg+0x10/0x10
[  632.388211][T13196]  ? __import_iovec+0x5d4/0x7f0
[  632.388238][T13196]  ? aa_sock_msg_perm+0xf1/0x1d0
[  632.388265][T13196]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  632.388294][T13196]  ? __pfx_netlink_sendmsg+0x10/0x10
[  632.388328][T13196]  __sock_sendmsg+0x21c/0x270
[  632.388359][T13196]  ____sys_sendmsg+0x505/0x830
[  632.388401][T13196]  ? __pfx_____sys_sendmsg+0x10/0x10
[  632.388454][T13196]  ___sys_sendmsg+0x21f/0x2a0
[  632.388480][T13196]  ? __pfx____sys_sendmsg+0x10/0x10
[  632.388539][T13196]  ? __fget_files+0x2a/0x420
[  632.388565][T13196]  ? __fget_files+0x3a0/0x420
[  632.388605][T13196]  __sys_sendmsg+0x164/0x220
[  632.388629][T13196]  ? __pfx___sys_sendmsg+0x10/0x10
[  632.388675][T13196]  ? __pfx_ksys_write+0x10/0x10
[  632.388702][T13196]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  632.388728][T13196]  ? lockdep_hardirqs_on+0x9c/0x150
[  632.388754][T13196]  __do_fast_syscall_32+0xb6/0x2b0
[  632.388778][T13196]  ? lockdep_hardirqs_on+0x9c/0x150
[  632.388805][T13196]  do_fast_syscall_32+0x34/0x80
[  632.388829][T13196]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  632.388857][T13196] RIP: 0023:0xf708d539
[  632.388876][T13196] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  632.388896][T13196] RSP: 002b:00000000f547d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  632.388920][T13196] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[  632.388935][T13196] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  632.388948][T13196] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  632.388960][T13196] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  632.388973][T13196] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  632.389007][T13196]  </TASK>
[  632.781003][    C1] vkms_vblank_simulate: vblank timer overrun
[  633.273023][T13199] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1808'.
[  633.456220][T12433] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[  633.621451][T13210] program syz.7.1813 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  634.053520][T12433] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  634.056921][T13214] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1814'.
[  634.084005][T12433] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  634.094028][T12433] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  634.180580][T12433] usb 1-1: Product: syz
[  634.226747][T12433] usb 1-1: Manufacturer: syz
[  634.252917][T12433] usb 1-1: SerialNumber: syz
[  634.734727][T13231] sctp: [Deprecated]: syz.4.1817 (pid 13231) Use of struct sctp_assoc_value in delayed_ack socket option.
[  634.734727][T13231] Use struct sctp_sack_info instead
[  635.441004][   T31] INFO: task kworker/0:2:813 blocked for more than 143 seconds.
[  635.448745][   T31]       Not tainted syzkaller #0
[  635.457629][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  635.466939][   T31] task:kworker/0:2     state:D stack:21128 pid:813   tgid:813   ppid:2      task_flags:0x4208060 flags:0x00080000
[  635.553946][   T31] Workqueue: usb_hub_wq hub_event
[  635.571592][   T31] Call Trace:
[  635.575234][   T31]  <TASK>
[  635.578378][   T31]  __schedule+0x1798/0x4cc0
[  635.583377][   T31]  ? __pfx___schedule+0x10/0x10
[  635.588341][   T31]  ? schedule+0x91/0x360
[  635.592890][   T31]  schedule+0x165/0x360
[  635.597192][   T31]  schedule_preempt_disabled+0x13/0x30
[  635.680662][   T31]  __mutex_lock+0x7e6/0x1350
[  635.685568][   T31]  ? __mutex_lock+0x5bb/0x1350
[  635.691004][   T31]  ? hub_event+0x21e5/0x4a20
[  635.695886][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  635.701219][   T31]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  635.723592][   T31]  hub_event+0x21e5/0x4a20
[  635.728315][   T31]  ? do_raw_spin_lock+0x121/0x290
[  635.734877][   T31]  ? __pfx_hub_event+0x10/0x10
[  635.752219][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  635.758230][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  635.771275][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  635.777699][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  635.783996][   T31]  process_scheduled_works+0xae1/0x17b0
[  635.789714][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  635.806304][   T31]  worker_thread+0x8a0/0xda0
[  635.812830][   T31]  kthread+0x711/0x8a0
[  635.817043][   T31]  ? __pfx_worker_thread+0x10/0x10
[  635.823589][   T31]  ? __pfx_kthread+0x10/0x10
[  635.828479][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  635.834503][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  635.840900][   T31]  ? __pfx_kthread+0x10/0x10
[  635.877161][   T31]  ret_from_fork+0x4bc/0x870
[  635.882084][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  635.887680][   T31]  ? __switch_to_asm+0x39/0x70
[  635.904093][   T31]  ? __switch_to_asm+0x33/0x70
[  635.908971][   T31]  ? __pfx_kthread+0x10/0x10
[  635.951068][   T31]  ret_from_fork_asm+0x1a/0x30
[  635.955943][   T31]  </TASK>
[  635.992366][   T31] 
[  635.992366][   T31] Showing all locks held in the system:
[  636.007846][   T31] 1 lock held by khungtaskd/31:
[  636.021918][   T31]  #0: ffffffff8e13d2e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  636.054678][   T31] 5 locks held by kworker/0:2/813:
[  636.067081][   T31]  #0: ffff8881446bc948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  636.086890][   T31]  #1: ffffc900032f7ba0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  636.102526][   T31]  #2: ffff888028ad0198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  636.111988][   T31]  #3: ffff88814632e518 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x21b8/0x4a20
[  636.123635][   T31]  #4: ffff8881457e9b68 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21e5/0x4a20
[  636.144752][   T31] 2 locks held by getty/5588:
[  636.149521][   T31]  #0: ffff8880309100a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  636.159924][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  636.171773][   T31] 5 locks held by kworker/1:3/5828:
[  636.177042][   T31]  #0: ffff8881446bc948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  636.188470][   T31]  #1: ffffc90004197ba0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  636.202000][   T31]  #2: ffff8881457da198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  636.211528][   T31]  #3: ffff8881457dd518 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x21b8/0x4a20
[  636.221825][   T31]  #4: ffff8881457e9b68 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21e5/0x4a20
[  636.231625][   T31] 4 locks held by udevd/6450:
[  636.236464][   T31]  #0: ffff88804ea3de80 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe20
[  636.248104][   T31]  #1: ffff88802ee70488 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x5c/0x420
[  636.257756][   T31]  #2: ffff88805b74f878 (kn->active#31){++++}-{0:0}, at: kernfs_seq_start+0xb2/0x420
[  636.270087][   T31]  #3: ffff888055747198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0
[  636.281628][   T31] 1 lock held by syz-executor/6806:
[  636.286897][   T31]  #0: ffffffff8e142d78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730
[  636.298041][   T31] 5 locks held by kworker/1:2/12433:
[  636.303468][   T31]  #0: ffff8881446bc948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  636.314955][   T31]  #1: ffffc90012d2fba0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  636.327225][   T31]  #2: ffff888144fb6198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  636.336240][   T31]  #3: ffff888055747198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  636.345657][   T31]  #4: ffff88801f29d160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  636.356211][   T31] 2 locks held by dhcpcd/13245:
[  636.361280][   T31]  #0: ffff88807fa88258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  636.372210][   T31]  #1: ffffffff8e142d78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  636.383308][   T31] 
[  636.385685][   T31] =============================================
[  636.385685][   T31] 
[  636.397666][T12433] cdc_ncm 1-1:1.0: failed GET_NTB_PARAMETERS
[  636.411269][T12433] cdc_ncm 1-1:1.0: bind() failure
[  636.429821][   T31] NMI backtrace for cpu 1
[  636.429841][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  636.429864][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  636.429878][   T31] Call Trace:
[  636.429888][   T31]  <TASK>
[  636.429898][   T31]  dump_stack_lvl+0x189/0x250
[  636.429930][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  636.429954][   T31]  ? __pfx__printk+0x10/0x10
[  636.429991][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  636.430024][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  636.430066][   T31]  ? __pfx__printk+0x10/0x10
[  636.430093][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  636.430124][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  636.430158][   T31]  watchdog+0xf60/0xfa0
[  636.430194][   T31]  ? watchdog+0x1e2/0xfa0
[  636.430229][   T31]  kthread+0x711/0x8a0
[  636.430256][   T31]  ? __pfx_watchdog+0x10/0x10
[  636.430285][   T31]  ? __pfx_kthread+0x10/0x10
[  636.430309][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  636.430343][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  636.430363][   T31]  ? __pfx_kthread+0x10/0x10
[  636.430387][   T31]  ret_from_fork+0x4bc/0x870
[  636.430420][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  636.430455][   T31]  ? __switch_to_asm+0x39/0x70
[  636.430479][   T31]  ? __switch_to_asm+0x33/0x70
[  636.430503][   T31]  ? __pfx_kthread+0x10/0x10
[  636.430526][   T31]  ret_from_fork_asm+0x1a/0x30
[  636.430569][   T31]  </TASK>
[  636.570371][    C1] vkms_vblank_simulate: vblank timer overrun
[  636.577686][   T31] Sending NMI from CPU 1 to CPUs 0:
[  636.583438][    C0] NMI backtrace for cpu 0
[  636.583456][    C0] CPU: 0 UID: 0 PID: 1150 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT(full) 
[  636.583477][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  636.583490][    C0] Workqueue: events_unbound nsim_dev_trap_report_work
[  636.583520][    C0] RIP: 0010:__lock_acquire+0x332/0xd20
[  636.583547][    C0] Code: e5 15 09 d5 09 cd 44 09 f5 41 89 6c c7 20 45 89 44 c7 24 4c 89 7c 24 10 4d 8d 34 c7 81 e5 ff 1f 00 00 48 0f a3 2d de 5a fb 11 <73> 10 48 69 c5 c8 00 00 00 48 8d 80 30 f3 39 93 eb 40 83 3d 45 ea
[  636.583563][    C0] RSP: 0018:ffffc90003a57368 EFLAGS: 00000003
[  636.583578][    C0] RAX: 0000000000000014 RBX: ffffffff8e13d2e0 RCX: 0000000000000007
[  636.583591][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888026845ac0
[  636.583603][    C0] RBP: 0000000000000007 R08: 0000000000000000 R09: ffffffff8173cd25
[  636.583616][    C0] R10: ffffc90003a575b8 R11: ffffffff81ac6cd0 R12: 0000000000020000
[  636.583629][    C0] R13: 0000000000000000 R14: ffff888026846690 R15: ffff8880268465f0
[  636.583642][    C0] FS:  0000000000000000(0000) GS:ffff888125d0c000(0000) knlGS:0000000000000000
[  636.583658][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  636.583670][    C0] CR2: 00000000f7429068 CR3: 0000000077704000 CR4: 00000000003526f0
[  636.583686][    C0] Call Trace:
[  636.583694][    C0]  <TASK>
[  636.583706][    C0]  ? unwind_next_frame+0xa5/0x2390
[  636.583733][    C0]  lock_acquire+0x120/0x360
[  636.583755][    C0]  ? unwind_next_frame+0xa5/0x2390
[  636.583786][    C0]  ? unwind_next_frame+0xa5/0x2390
[  636.583812][    C0]  ? process_scheduled_works+0xae1/0x17b0
[  636.583844][    C0]  ? unwind_next_frame+0xa5/0x2390
[  636.583871][    C0]  unwind_next_frame+0xc2/0x2390
[  636.583896][    C0]  ? unwind_next_frame+0xa5/0x2390
[  636.583926][    C0]  ? unwind_next_frame+0xa5/0x2390
[  636.583952][    C0]  ? nsim_dev_trap_report_work+0x7cf/0xb80
[  636.583977][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  636.583996][    C0]  arch_stack_walk+0x11c/0x150
[  636.584027][    C0]  ? process_scheduled_works+0xae1/0x17b0
[  636.584058][    C0]  stack_trace_save+0x9c/0xe0
[  636.584076][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  636.584094][    C0]  ? kfree+0x19a/0x6d0
[  636.584110][    C0]  ? process_scheduled_works+0xae1/0x17b0
[  636.584133][    C0]  ? worker_thread+0x8a0/0xda0
[  636.584163][    C0]  ? kthread+0x711/0x8a0
[  636.584183][    C0]  kasan_save_track+0x3e/0x80
[  636.584202][    C0]  ? kasan_save_track+0x3e/0x80
[  636.584220][    C0]  ? __kasan_save_free_info+0x46/0x50
[  636.584247][    C0]  ? __kasan_slab_free+0x5c/0x80
[  636.584266][    C0]  ? kmem_cache_free+0x19b/0x690
[  636.584286][    C0]  ? nsim_dev_trap_report_work+0x7cf/0xb80
[  636.584307][    C0]  ? process_scheduled_works+0xae1/0x17b0
[  636.584353][    C0]  ? nsim_dev_trap_report_work+0x7cf/0xb80
[  636.584375][    C0]  __kasan_save_free_info+0x46/0x50
[  636.584403][    C0]  __kasan_slab_free+0x5c/0x80
[  636.584424][    C0]  kmem_cache_free+0x19b/0x690
[  636.584448][    C0]  nsim_dev_trap_report_work+0x7cf/0xb80
[  636.584477][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  636.584503][    C0]  process_scheduled_works+0xae1/0x17b0
[  636.584541][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  636.584574][    C0]  worker_thread+0x8a0/0xda0
[  636.584611][    C0]  kthread+0x711/0x8a0
[  636.584630][    C0]  ? __pfx_worker_thread+0x10/0x10
[  636.584656][    C0]  ? __pfx_kthread+0x10/0x10
[  636.584675][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  636.584702][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  636.584718][    C0]  ? __pfx_kthread+0x10/0x10
[  636.584736][    C0]  ret_from_fork+0x4bc/0x870
[  636.584762][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  636.584789][    C0]  ? __switch_to_asm+0x39/0x70
[  636.584810][    C0]  ? __switch_to_asm+0x33/0x70
[  636.584840][    C0]  ? __pfx_kthread+0x10/0x10
[  636.584859][    C0]  ret_from_fork_asm+0x1a/0x30
[  636.584888][    C0]  </TASK>
[  636.587973][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  636.967728][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  636.976840][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  636.986914][   T31] Call Trace:
[  636.990197][   T31]  <TASK>
[  636.993128][   T31]  dump_stack_lvl+0x99/0x250
[  636.997727][   T31]  ? __asan_memcpy+0x40/0x70
[  637.002320][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  637.007518][   T31]  ? __pfx__printk+0x10/0x10
[  637.012115][   T31]  vpanic+0x237/0x6d0
[  637.016107][   T31]  ? __pfx_vpanic+0x10/0x10
[  637.020629][   T31]  ? preempt_schedule_common+0x83/0xd0
[  637.026095][   T31]  panic+0xb9/0xc0
[  637.029819][   T31]  ? __pfx_panic+0x10/0x10
[  637.034245][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  637.039656][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  637.045824][   T31]  watchdog+0xf9f/0xfa0
[  637.050000][   T31]  ? watchdog+0x1e2/0xfa0
[  637.054336][   T31]  kthread+0x711/0x8a0
[  637.058409][   T31]  ? __pfx_watchdog+0x10/0x10
[  637.063098][   T31]  ? __pfx_kthread+0x10/0x10
[  637.067692][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  637.072909][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  637.078110][   T31]  ? __pfx_kthread+0x10/0x10
[  637.082706][   T31]  ret_from_fork+0x4bc/0x870
[  637.087311][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  637.092451][   T31]  ? __switch_to_asm+0x39/0x70
[  637.097218][   T31]  ? __switch_to_asm+0x33/0x70
[  637.101984][   T31]  ? __pfx_kthread+0x10/0x10
[  637.106578][   T31]  ret_from_fork_asm+0x1a/0x30
[  637.111367][   T31]  </TASK>
[  637.114571][   T31] Kernel Offset: disabled
[  637.118900][   T31] Rebooting in 86400 seconds..