last executing test programs:

14.252978168s ago: executing program 3 (id=1903):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = accept4$rose(0xffffffffffffffff, &(0x7f0000000180)=@short={0xb, @remote, @bcast, 0x1, @rose}, &(0x7f0000000300)=0x1c, 0x80000)
ioctl$sock_rose_SIOCADDRT(r0, 0x890b, &(0x7f0000000400)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x9, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={'rose', 0x0}, 0x5, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
kexec_load(0x6, 0x0, 0x0, 0x1)
r1 = syz_open_procfs(0xffffffffffffffff, 0x0)
r2 = socket$kcm(0xa, 0x2, 0x73)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000001c0)={0x14, 0x2, 0x6, 0x201}, 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r11, @ANYBLOB="080026008f0900000800b7"], 0x2c}}, 0x0)
sendmsg$inet(r2, 0x0, 0x0)
read$FUSE(r1, 0x0, 0x0)

12.873061873s ago: executing program 3 (id=1906):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000000000000500"], 0x1c}, 0x1, 0x0, 0x0, 0x24008054}, 0x40)
prlimit64(0x0, 0xe, &(0x7f0000000340)={0xd, 0x200200090}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = add_key$user(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x1e, r4, 0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000004c0)=0x14)
sendmsg$inet(r2, 0x0, 0x20000050)
r5 = socket(0x2a, 0x2, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x0, 0x0, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
bind$qrtr(r5, 0x0, 0x0)
sendmsg$kcm(r6, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001c40)="d80000001c0081064e81f782db44b9040a1d08041100000000020aa1180002000600142603600e1208000f0000810401a8001605200001400200000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516", 0x5d}, {&(0x7f0000001d00)="0092e9a7e64c32c40a81fa0f64bd9906f29b6a0aa0e850e7eb26dd111c83b33cf6f3f5bfdf52e23faac8580b58c35613a51fec2e1500747c8a72eb20d3d6b9e4e75d266a5440ad6fa037d9055e6a4a6760575b9459419cfc252cb04e3a624aaaa02bf155303808bcb8ec989fd7db312bb9807d1efe0dab699418e3", 0x7b}], 0x2, 0x0, 0x0, 0x7400}, 0x40000)

12.741283334s ago: executing program 0 (id=1907):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000980)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=r0])
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000002480)=@raw={'raw\x00', 0x8, 0x3, 0x2b8, 0x0, 0x11, 0x148, 0x340, 0x0, 0x450, 0x2a8, 0x2a8, 0x450, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xc8, 0x110, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}, {0x0, 0x0, 0x81}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x4f, 0x7, "72f6daeff0a9c6294e211d2d88fe6dcff5d0e552201da3b7a1fdb30dcb59"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x318)

12.658711288s ago: executing program 4 (id=1908):
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000002c0), 0x80042, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x41, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$PTP_PEROUT_REQUEST2(r0, 0x40383d0c, &(0x7f0000000100)={{0x9, 0xfffffffa}, {0x4049, 0x1003ff}, 0xffffffff, 0x7})

11.831121052s ago: executing program 3 (id=1909):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="2503000000000000000016000000fad8472ed5f03dac64594d2a2ad4968ece0db895b743965f3ba5b819988bea54b978989b95cc2074089ee937363d431b95a7422012778bd61c3b310cc1264215a5b15cc194065a2cfd649fcd4f769832db5c1348a6359feec8199d24193889e8c5af5cfb9cf4db5e6aa8317f24d8cdefee68ef1fa32e71b3990e5305f2acc9791c37868f8ddbb0e767a2a4f1424a5d005f73f0e622cf9cd572892c6bd1"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1d, 0x5, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0xfffffffffffffeb3)
r7 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000ac0), 0x88603, 0x0)
lseek(r7, 0x7, 0x3)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = mq_open(&(0x7f0000000100)='&\x00', 0x40, 0x100, 0x0)
mq_notify(r8, &(0x7f0000000000)={0x110c230000, 0x3, 0x2, @thr={0x0, 0x0}})
readv(r8, &(0x7f00000005c0)=[{&(0x7f0000000040)=""/164, 0xa4}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003", @ANYRES32=r6, @ANYRESHEX=r7], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
syz_emit_ethernet(0x6e, &(0x7f0000000700)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x38, 0x3a, 0x0, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "01b02b", 0x0, 0x6c, 0x0, @loopback, @local, [@srh]}}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20f42, 0x0)
r9 = dup(0xffffffffffffffff)
getpeername$packet(r9, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
socket$netlink(0x10, 0x3, 0x0)

10.751243662s ago: executing program 3 (id=1911):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000000), &(0x7f0000000040)=0x8)
r0 = getpid()
syz_pidfd_open(r0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = fsopen(0x0, 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000180))
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x44804)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$NL80211_CMD_RELOAD_REGDB(r4, &(0x7f0000000380)={0x0, 0x1f, &(0x7f0000000340)={&(0x7f0000000280)={0x14, r5, 0x101, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000)
socket(0x15, 0x5, 0x0)
write$usbip_server(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x35)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180))
syz_open_dev$tty1(0xc, 0x4, 0x2)
pipe2(&(0x7f0000000140), 0x4880)

10.657883418s ago: executing program 4 (id=1912):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r1=>0x0})
execveat(0xffffffffffffffff, &(0x7f0000003180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x800)
r2 = openat$autofs(0xffffffffffffff9c, 0x0, 0x109000, 0x0)
r3 = openat(0xffffffffffffffff, &(0x7f00000006c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc2, 0xa5)
ioctl$AUTOFS_DEV_IOCTL_READY(r3, 0xc0189376, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r4=>r0, {0xf}}, './file0\x00'})
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000000040)={<r6=>0x0}, &(0x7f0000000400)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000440)={r6, 0xa8, &(0x7f00000005c0)=[@in={0x2, 0x4e22, @private=0xa010101}, @in6={0xa, 0x4e22, 0x3, @mcast2, 0x6}, @in6={0xa, 0x4e22, 0x10001, @loopback, 0x8}, @in={0x2, 0x4e24, @rand_addr=0x64010100}, @in={0x2, 0x4e22, @local}, @in={0x2, 0x4e22, @private=0xa010101}, @in={0x2, 0x4e24, @broadcast}, @in={0x2, 0x4e20, @private=0xa010102}, @in={0x2, 0x4e24, @rand_addr=0x64010102}]}, &(0x7f00000016c0)=0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001700), r3)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r9, &(0x7f0000032680)=""/102392, 0x18ff8)
r10 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r2, 0x0)
r11 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0)
writev(r11, &(0x7f0000000340)=[{&(0x7f0000000100)="1876d433b8c266f9be2253e7c12fc9ea10343a19c358547a9357a174911e926c57b51eab3d0a4a2297653ac0c62201010000881a8789adddd1ca89ebd8632972a4f65ad1505ed06b6785508eb1dee994d18b084ef189ce72b079ed03ef849c46e3dedf604c01fae7c32f782dd9a45993a0798444d6ba181f2546b88893bf12575b27c1af55a55c55ca8855d5dc89db3e110430d10f429cc423ff64acc9fdb59a76caf809ce3c954f8a9618ebe5c3253e888feae6cc381ecb4a64085e24c48cf5ae9c5125d58d78ab2b70ec9216b42cf69b0cd34aa9a9b8e32e1841f19a7d38ce8de4d6d24b1a239ccfbb0935e4db5f50c9b8ebdf158eb582b914857522de035110521a268d3fa0888ebd65ab713338b2fa1029851d62af03f2bcf6034cf0287f10c84c967bae32a79fbf90122d41a622c0fa8a0fae4ffa55df5ec7ebb0708dbb6148f2cde6d128018a0efa8598fa29ac80c6642d52c6f6b979e8fe5e1fbe7615ca1bc31f2bc541b3f67f129a490900000004ab65b661139a2d66fbe14888b28fb681b11cd33e07a04cee7fa46193218553971e41d0eaed454f6b4520963c5d21b889764986530174051ddeca7547b3aeb0ed720e20099fbeec90859a9f22b9229f72fb45e62fb2c7048099eb484edac92717591a6467c38af94b14d4bf366d5fb232c24bc8a9d5361dd979a98ff5ea6a331cf27110b4457301454119173622e1ddef43e79842b3dcbce701ec9195770fd820823cd45fe00baa87d3000000000000570d", 0x223}], 0x1)
bind$netlink(r8, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c00", @ANYRES16=r7, @ANYBLOB="010000000000000000000800000008000300", @ANYRES32=r1, @ANYBLOB="7caa309bd6646fa22da6476a176d6565f6de21590c5f3e192a093972e3dcca432d8b324b84bc0a49315e68d145e4d4bb66655cb0aceabcf340fd2b3ef4bcaa4140ab22f690927497088e26dc4ceaddbeed99f0be4f1af62051a10b3b682efa00ff359ac809172ca3d541f3157b210815a6d196a295"], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

10.617262757s ago: executing program 0 (id=1913):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0)
mlockall(0x3)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil)
brk(0x400000ffc000)
brk(0x400000ffc020)
ioctl$SCSI_IOCTL_STOP_UNIT(r0, 0x5319)
r1 = socket$tipc(0x1e, 0x5, 0x0)
listen(r1, 0x0)
ppoll(&(0x7f00000002c0)=[{r1, 0x2482}], 0x1, &(0x7f0000000340)={0x0, 0x989680}, 0x0, 0x0)

8.983976696s ago: executing program 2 (id=1914):
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x4008890)
r0 = socket(0x2, 0x80805, 0x0)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
sendmmsg$inet(r0, &(0x7f0000000900)=[{{&(0x7f0000000080)={0x2, 0x4, @rand_addr=0xac1414bb}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}, {{&(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000ac0)="6cb76def2c36dab0f366cf47ad785ed2fb5e1fa5fb56d566acdc377060c4ba50a58104620df72c3004bfbc77173110e163f7d8ad60c34cdb064852353438fea809e390e392afbf35311690cd8286a6c49668aee29b7537078dba77963d15c085d7343c1012135d361ac15c082b7ac8db87cc10fe3ffc374c8be18fc53437100a11dddb9981072ec036d513870a5bbf62ce9e39f790f61ef997af390b9f5fc8a699e001c59077c459eb40ee80a3ffeb35737da668ef974592faf129325cd9ad0dc5663950a329804c9f5d261f71165b05dac212cc2afc40f980ddef8773f1045e75de4ec606aef87052e9ac784bb0f5a43f9cac5e44ae1a6dd575ce17a4749dc7cd4d7f76a40676e792e5b31a25703b1f35b48a89ed84582ef8f4ac046695f402c25da1fa6bc732a7016edf093b4c31193130b3bc143702e2b1d23743ca797b24495dc4979b81413701c0597dcd5e3bcc9c2050c18cfe03814d358e0f795e990dc44d2c1b9890514bd5ea94a3f3a1e25a8cdc67133e9176d76dc54c31274cff0101d8a42c103bad1b8b57362446f2c2ed8a69daf3d7306ef3fa2015e4ee1ef3392120b82671d73b07f3082ea69ffa0ebc7b53c78862a3e1ece518c1f0abbe4053b4dfafe815c1fe4b0d079446e80d13af972e00644a0188605d7309812e24cd1158677f94a16a5eb0c5d48b60329fc522026efa596ac913540f2a9b0345f279329bfba29a7dfc8894e6a08eeee3dd974c3de9e0602cfd1e3e584b10dd26cd13f7fb432e72ea85fd1d3a872061bc967d7a67a3a7f09f34cc825db5d9ef3ce0ff9873f8eff342eb30fa970007e2f591f07dc9bc5141a9679a2f7c69aa50894353a7830a0f7cf766aff6e81d7c3b88d730946ce3f327716ef6fd270d5bf467aef288db903f740b6ac27b962a3c6462372e63f8da8505f05d17b364dd8c6b5d449accd01b4c6da297669f098bee986b95e389a2d003539ca9dec8c26b9f6bbb5f7fe6f0b764d99bc0dafcad4121ed6a749ac71fc5deeee54d0e8a2d9dccc87df818258d73c8816b78c1be3670fb14dded879caf925e0f8abf63f55ffee02bbffb465f0303338bd12e22fe94fdaa3f033127ecaf41649232c38e83850fd3ebc890ea5db2763a8389ac49bd9b7f6b81f381d3eeb90d0f596e2b7f7dfa2a0e9453c1f5f359b56aae9e97a51f6c092d25a031843e351f5733a25c5905706618ab569359bdca4932f6471f4f2d152f84cfc0c563885b0d93fd015095a8eb9422e3d17ddaf3f20dde5eeea415f76c0617964198c824b98f4d53ab0d4d734dcd6d07dddd5b77c1bd71208632941973bd5b5aca981137ec21dcd86ba518b3d4979b68f704a2a7d7cfeb9be3edf4b4b3560e930d9dba0bc358cba36a129748c1fa73483a69759ba0c4f2ee2a936899e163c213bb3fe5a28e68669fb2da6bbcdf4c55e933d127a8bc68b8d0e6c6c757fe8ea47f26ceb7c1b3ca8b962eb31a081756ed56fe4385dccc5e2a7a53300e9c8a1a55bcf8db3f828cb3db8485110da631a50199a5c1932b5538a2b1c3cddb4451868a413418e3f761530fd477b2ebb449070c73171964203ad7bad4302af13fa6fe55fb88ede096a7aba95ef3665da778250daa9dd4bd5ecb8a807d83fe6dcf2f0cf5de7a4ef742979afd7d93bb2672ad45f6537640313b1ca8838f3fdc08e57455af6398ce5b253312fe1a88206210831e0de59d1e3f9442fb9dd43f1b9c00d151d3234028990f8bcaf65c0ad9ea1bc20e4b7641ff26969b02ccd60d2d8d2d72fe5fd58068cd6d7525c9e24c4246cd776ecf1f57550bb6bddad5093618797547cde5c07e165bc979bfbb5479c58e89c29efa5fdfa5b4a87917a4275609afc849384458ca980ba5a2aa4d10c761bb", 0x537}], 0x1}}], 0x2, 0x0)

8.42593202s ago: executing program 3 (id=1915):
r0 = io_uring_setup(0x7d98, &(0x7f0000000240)={0x0, 0x918a, 0x10, 0xfff7ffff, 0x800024a})
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socket(0x1d, 0x2, 0x6)
mkdir(0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
r2 = syz_init_net_socket$ax25(0x3, 0x5, 0xcf)
r3 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x48200, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xe)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x200, 0x0)
pipe2$9p(&(0x7f0000000340)={<r5=>0xffffffffffffffff}, 0xdf86660534e091eb)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0/../file0/file0\x00', &(0x7f0000000300), 0x20000, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@cache_fscache}], [{@subj_type={'subj_type', 0x3d, ']\x05/%/-}&${'}}, {@euid_gt={'euid>', 0xee00}}]}})
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000200)={@in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x22, 0x0, "43cad7b04bde5bbd8035d89034a56bad61a87c614899a37c5d0d7da4d7fc948375f3593dbd21eb7618ffb4ff4984e01eedc37998dd16526edb40eaadabe6cd2bd9f9dfeade7787ea64309c01ae05fb70"}, 0xd8)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x35, 0x6007, @fd, 0x0, 0x0})
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000041c0)="75ff311821f07fa4703471f11c7f9a343f146bc8a0059adb304af4dda6a635c782f0d1876dc4627e1aec92ca1fa753a923ca393dde13807c4a58e5a359ca9e98080eef63408e6f862bb0163f4d0eb142e97c03e024aa14ae0bedb306245522bb5a9d1fbc0e8655ae0dc9ba5980d67871769aef065383747b762ce0de5431ecd5e635dbb9ec7fe06e6cf812ef5bac0e0ea2daea3849ef66912f02de733073e13d5a4e5432e0d04f561567c0a9968ae8f5ff5a896237069bfb948bc71ccdea121324fec465b4cf31bd464726d15e7c13741869f0c969fe6f173604650e9d37350745066e8a5dc520898df15cf02859f6d508dc8bb5342af839d6ac5cd69bfb102b5c54746c5382dd976382351a7b701f3490a27ae738b93176d55d5de60823ddcd2470bf6c939ed858c53ba880c38db973256e065521c495d3b6f01d89a526e285bd11a1ad902cbad5bd7a240a10c4f955e6f57bf2b734fe658151b69ca497d6a90f930b330f639c3480a03b8ff62d067051ee0fb71df680b4d79ade539e31512d102ae66b75fc632b5af7da47ba3b87489a7c9735a522070c1b9c7f980aca172315b90bef887aaffe72804ff70d6a275513a90722d191c367474102dd5b17cd9e115e6ce1a2d6a787f8beac2fa5e32f88be0902db5bb1ecde5adb2331f1cd97e9a181e722c3fb83a99a53568f94e457c377ee840de8f2dcaf183781fad768431dc0b24ee63e689eaaaf7e75346fc5e5f6ff123d2fedaeee184e8d6a4d9e45f7a06b5de83fce572c5f631beed57641d3e262e57d592256bc38911adc7c4c59b022d532c7a5418fdebc76ff44c1fd9392818934a4f5603f33687d7d0f9e72c7056e55180e9ce336d86f99f243d31b3fcb15bd7a5bac39a93fcd7f747ee2352cf4886123757c7b7f759aa06a65fdfbf1da74f74968c47ef679ae843f9a331159d490578ae0d7c314a833bc31dbcda6bb0c019f189a2f999c29bbeb2586744d2f2682f3336516a92740d031029b83b3d38844390165bf6517521db3d89d016192b916bd9ac2ee5a3c2059d76cca7eddffdc3ac38bba3112298cb2ac79c686027621b212cb2165de3849f217d8e01885c05e4278491585ecd9633335769a431e82d809f4c378f1fe1f6b3560745fc9c9b2ba0f095b27513e3d6e6263c8298c0dab4819e8d170db1f42df4a2aee0a05d5422eb8fe61e7fbcf3ac8b568d2d6e0bd0ebfeed6fda0f8783dd797ebb2978a0e92fb9610d0ff465515adaeccf7d84bf7f90cf0867de6ef4a1102050928f5416fefa01af66779964011532b8abdf30b24dd76988699f6f8f139cb3628a94aaaf80baebb86d27d970cc17a298473cd80657c641c94ab4ca99336d1a95c27b47da153a0787002ea830c29db176b0f5539b40500986f206cdbbbc843ac148e1f583de9db549354cf681162483bf55704d548f523f1f4ce7b42abc127ff33fb70d4f129cc355b19eef3f6a19f903419b63b2f535e70a1e42bb85c94615bf2e2a640264e0a9712f69ed4a3ebfec61083a65096619b5c91f17eea4cc1e709b6b958be70656fc0086dde58cdfcf2f881abe9e26d185fef6b4c4726646ee47733de0645a5a204be01132c8ea667562625550035d0053267f4f80fcd9e827410c9bbcc4e8dcadb6fd603d709450749941fe5a4419b1f11764dbd0dbb251fcdc92acf7ef19eb65effcc2b8f563825a148b33747bd71fe7904d3946f60cee531131cc847e9c030922296f0578653d304501eda09e9aa95dc019be57e660282c47b81d00d502a8f7af8e2d8e5ead13577c7ecaec231b1117932de732c937db995056cd124ab9155f6c30a8efe14dfd47c1324b970be0317abbf68c130971a3672d093cf9c6a0fb897987107a490cfaeb114348fe308d3df65c732d5e5f910c344d632db028350739c5ee84b229114d97493827d405b349117818b29d2bd9117ee09d061c46fa2cb5ad83880d23300c7a11aeece2125c87eacf88279052bad129cb69b841fcae78a153cc31b494e0b0de4d8d9f347dafad6e4c44146def64c255173822aea7983cad710d734b9ddf5edd4369c00af3bff5ea434fd6d23079410bc8dfb4ac2554f6d9589d4d3dbc5757c93fe0bf5143ee2cc2118a07ddfa29756d80d78131c79d84ab0d269147bbf7756ad4e3875db312ea1270091d8d1d6249c6b9f703659bb3c60cc00055b0b3854f7e31a793a518927f5718b6f5738914bb07ed83ad8371111a48f1bc252443cc1f54ddee0e909506f0f5107b9dde26059135bc6a253e721f1ae34f81c023df75c58ff392d37b04a797365902d638ecd523cd8a78ff351318401c6729b7a1cc85f30a72223869df4c2013bfcbc64382fc8612393fd950f4874d215bfef214ea816acd8ad3a41d4b52b83e7a62d42069610f2169b9132b2b73f6a96ec31209facf23f1dd21f6c0c5892e3b9435c1f5b1d4bd9650814a34654de031da54729fbca6feb36e2e3fb80925b82d58982e4a17947ea8d5db9d743a108be3cf71c788625aae1eaf8f31d54b798eac0fd9076cfa0de451fd81eb7667ae88ca1f42c212f09fbc6e51fd7b8f3cbb9b664a09575bcda1e860bffe2c02411baba18087bc7dd8b6550019cb344c2e1a7eda52b0040b847bf8570cfaeed3934e0e90734df9ec8b495d1da4775658599326be1126c4995bab0f25d6c0b52e241a06f376f1f2b786da2cf4ffc61ffb1554930c02f34cc1136ffd1013bf2bff1adad5a9aad0360f508dd79765723e19de228d99a4895d51b5e6c5a820b883cc42529c8e1cff24fd31a7085869818d28de64956ec221603dd30c4e148ee34e3dbaf24ecbbf2c32f535be5ecf453d736c90ed28bfca01f4c54a9dd0ba2d16602c5681d70be98a5cc32ac862cc2675101b23e77ed827e3efb6ed34afb546d22dd96d88170fa98324953c58eb37bbcd9cdf366d88cc09e615029c41ab853e06a990e43394e3f3873703a3256b28416f4f6fe06dedbd2b9865b6974e13d5d7ab0cfbd9a2c57c00f407c002f9d6cd4a9458a1f67d507ea990db074ec5100714b7dce20c1f9ff6ce76d7882eab2930dd6a75cdb0a3712fba6c757bdc31e21a88ad59911c3f9d94c82817808d22b4dafe124fc1060bcfe61538ae5c04f1b394019ab0b028f915cd1b74ad3cc78b66b94af4339873e988e580f32801d2556482c168b690312e710c9889c32cc3c616b046c75d2d89eb160e97756fc5e1bbd0880f1e9e77e3de1e84becc16df56b55b6b9dc123bb8f1ec0417ebdaab62439f9dc7549903b9f1a90ed9b39edea8611268ce74d92f3629bb3bb357b78d669e9ef3bc8f5f1f22d16af63208c85c1b98af509a36dceb2c69c60ed8c21c15ea821ce40f3eee389807c51bd3ef310d811456cc36509705865584ed545085101ddf75bd44f260ab0407f476fb16bb3cba70b2361f4804719ad9775e9f015c2952a070bd93ef96cb6e96c4501b776da4e3221420be5bce977bb8b19f044dc339c0c8579c1c5ecf5e30f049c43241f1539a5520f580b67e30a435fb726e3d00e08e7d6a14d89f01257a28aed0fe773aaaedc0f5a6458e163dbe4d43a83ffd54ae69cb0e62a7f72b667f85f84b0decd84b043c943360a3d287c9a7167b30e0c2ddcc61c6d7c14119d760e1b9ced30a3baec6d3c82635e02726ea02489630f0b77b0e6c435b560358b5df5a16762d77860ae94b8b934794c6282ef45d669652551c05f8a451220138a25449da84a77d8e4fc171aedf4b613fa07710f4479912eba0e0cb0faa39582e2edd08c67e858799d9d5ab93f0791dbf5312dd94b5145c66e401d42805178ae212b5d328b7971371975ba952f5d387e694d24d71970aa1d3d719c560719a6e2a8b32a70f71ae44cac4695d342c4561e8eec605f8335e3ff1663feb569141fe859ef29e346759dcb682ca401177eb7ffcdd30b23aa976c5cff76e0ce19d301b272700b726902bc0765d809518be44cbf33cc63c845a9e97d2999a1f75d54c0caed5165a03e8337bb38f5582cd5a87057aa116f97012dd058a59d31c1cf53cc1492a39d213111ecd2284b76fd847c7cbd6305390baffee8373e525a6540c85317b44660fdda85357c04b885aae5d2e353cf094404df2708228f193600e7534e464f891201fcefb37f09302f234de1f1388645798437ad53d150078749f5080d83de1257cd3c7bedcb9817cb025c23bf3750e7b7be10079b4285c19788d6233c2c07f9c976845873bae54eb6f9196c23273b1e0b79464c23454e7a3de1b791ea60dedf6ba7cf44a197cacd6f22276d9456f1f786afcd468b50608233bfda467814a6a74f5035520e46ab21a822ca0f9feb3a2dfb1562addeffa3725d831351c1429232c1001b79b90eb6cefba15f68bcb3d530a11cd7226345b410cbf97a6fa892bf5c9c4c96e8917b07819c9c2628352ff08787c7a520f737b8b4fc6d27f3ff23256b64cdbc7ebc6cf7822badab4af58b845ec7c8b0d8815358cad4e32709e480c9dd14e0e21fcac30eec45b8744565b0b4efbdab74fbeb3b3feff454e8ae277c967bf6e0e70f15c48fe4c0407e7e446016cd683e36a1913f9be7a200247c37495c9585600897e0803eacdc758d8c37362379090df025772dc8e20fb1acbeff16150baa7361aec5c0d299337cf9497defa20cb8a6f9150b0fd7e80fff83900bc5825f2a02193e7da4c62b27630d12c4e161db7e58d0df7f3bb83777af4c60e2489e64aef23056fa7b363955a0477970503ef2925435ff78df62b58454c57f4106a2ff13e78264fdcb725811d378225f7675ba7046d4034590f1e84fb67f37dab7affc09e0ca51386d0fc206884164a322ff8923aa77a5fbd606a97989027c15e2dcea0f064bf893ca48a0f7ba9ba7519e922964260eb268705040be051c3059f8645200eebd51de1376a6ed88d1556b8a71df8796dfcf465426da4a0108c18608b677cb32b36c1da5f8219297e317c00642a09a548710ba6f9974bdb3d8cbd286bf458af5eda394705de8154d939df7856b9e9fd210c58015c859e33874f6dd5c0209c9f512d6d0a327a2fa6c2342d75cad4a0d4a19b48103666db3fd86493edcdb2b4202b1449a547a6f20911b6f982d66a9ddf54e539c48f5742b0d3221ea5f3f9a9a5198d797439cd1d7bbc269d6430e299ee12e1dc56e4da607fc29e047061db51ab5a8d249e0b2aa0b09b60f1314e5ab117c9ea940ebdf6d4529ea02b73565b0894f1420a4a2a4f25ac8e1cf2feb137e06d638af3e47db14aa721a343a00eb3e660b0ea03d6ff1ecdce42d41605a8fec19b61fb49986c87304057cc08880e5d6ad44158c3c3dd64287e55c0e4d0a577e408c1b44cf6670cd04c9a1d79899d367818c7451d3b95bef3d21f93e7c87667ce10fe1d8dec460523cfdfbbb0a8e01527f86e1268a0ffa98aa51a6b966e4196a37f096b4167c9ac9b31ed85a8c33f222aa15d1fa34cfa042d33189cd7f6255d4393228386253367a10cd501a85ad39011d3fa404146ee228e11446a0118c5be841936693e77f2bacc15b4bde2f58a2283bb82fabb29b897509151efed1a8d19c1deb85181e02183a49477a9857b179849d41c389248715350d9ca35a62e637f804cf3e8cf007582957104832c5c2da3765894b267aa0affcf8129469aabfcb6b854a1e54313f5841a34c1c0809004689cce4175811a958defb457a2ff3781a198114ea016232d74fcb8a5161f129f456848c74bf0f081778779060f3662ac3478d804edcc2340a19e449525336d0e9775bae61cfec557b4ddb0e5357458c6d88e94f46378aa0ea4499a3233cc22d6bd4aceb6cb46a0e9e2d619636a860ced49c8731268c69de345df6abfd5c443eb7e0da26e5bca8c03b5bc7b46b479fe14bc8e33df52419ecc8c551561b140c138625ed647a47471f121608e4ae233adc92bf62556ca0af28f94d629f5e5dcbbcd4239ecf202f7c886148db64b702c5be5b4779db955fd229fb40324fbe8db99270c2599da6d5c09cd93fd5197a1e85c3fc791883a71084c846a7f91202db6fc864d6113e1c5834f3d9634b595b2f1ceeab67f65b9d5833f1069e08d55821655938a35895458eb407352218ad49815d1497fb3cbd3ba2f6da2cb1ea81d4ab04416939528c208c4cc420d6fe119ac2adb6ccf32d7b52fb56b4c88f4357dedbe83b630acd0edb826550e36239f5a1703719abac50c8202c2adacba2e7036dcf42342656190b930a45c5bd617fffea79e3baab98e0bbffc48109127849b37f65d59133bb4fc4548f2414756327081f7208158dbe26742880c3d1e8c534e14f2a572d0f4cc5345fa1604f6bdc7eec5ccdc011911d55c6f79272a30282162b7f3cbffebf78871defb9cec442dc5488efc00a158ac265c0319e44fc39aa9b20f7996727fc2821383f69bc1e3d5fbd0810e484416482b196463a6a4d2e22bab5f1a2e0866348a9c9e4c1df5926042aac3fcb179d514d62972245961c308c4250e01f44274bfd8477d3a64396c714d47efb8f5adfacee7360d061bba505c4230a1993d2f43089e734c36494af93b3d4cd77c2540244e41fb7103db54ca0beec9b67a29a2b702028c5772f34325343335806c3fa058ba3e657e8554e5fdfa1aad253114acd220737428bdc1a0c56fd86ad1ab4f2332a2d0a960bdf300e591f164a34d1af63fa2aa98328829f61ff4a6b6b89afe93bb9967dfbc0b97f949d62886c4890fc77f26b344b83a052be0eda4671730f2dfbc792a67c41f9969789a4227facfbe3903b6826d01788ad5702428f3954227609d75e7d9dd8de82a55b9fef1b65dc9168650351e1b5b2b2db96098771c8b7614bdded244f29c6ebda995843e939f96d986fbadb196cf2d27f5c15a5bc7f65e340a054812b88686e9a4ec036d75a5b57cfb5be1c9fc915559508512d8e3936728e5c26e5849cf7559b4d9c993cfedd1b8ca59d895535d444ea7eb96c361cb4b72226acdd64787e0950e43dc517f30b15534ede3006d425296f36cdb3459500c817c05f729a4dd290d28baa55558902f0553df72bd618713013708304c7ba7bfb4b004af2c9af436d6b04e64dd92adbe41f91d2920106167f3d061d6262d62c5ba810e327240004b97536488dc5d758a051a717670b0b760e0c0aa0bc41e1a501614e51ec4f50eb5a862c3723ce53bb4f75469c92cd4f491dfe81ca8c4bd925fe2275caca49843865c56dac2506be78b610b454fb0408e88b3ea6fdd133b9340ef85ac58b1ca7b1ef1c19f7369d55d68ddf68d19cb0853486abfa0bc847bbdeacbc42675462ca236283b7b3171f3129bce5c705f0da567c408baf7848d8f8067a7cda0834bb9adbe07576b11a4c4560ebf32fab24b11acc14d065b8bcb0a75deab241b24f10789fda3f2359d7dcd96804f8a1b79445fed28224965067cd17dd0535495dae3c13ddbdd0d26d1e6c6a44a76b7b391079f8d375b0ae484e449d24d16fc3783a7a6644664edeb0efb57420f97daf4825a3001a010072bcf5a87ad98bda8eb1ad72ea3b84672b10fae1239118fb9be7e504c1f04d59d08792bd6e4ce7090bc4986386beedbb510a36d4dcd59df09daa064df9d6f6649fa41da815dc647db36ad14d0d9f8014e2d96d7e2f9cc43a50719592954508e15e99209abfcbe0553de67f758f07e9d23bd9173e245d4701bf94591a258d0ef88d4f24dfd692658ac2fb551aa14246e9d3f36172c2559eda27a52191be7d4b4c8b2c7d89a238a18c57a0c6bd2989566390ac90171bff2d90706e520835ce24e28040e811035be6512f974c314d547dcfb13f8d66aa3369aad2d2a2e40058c83c9a3e933b211166ce1848ad98e8023469fe7360415fb288104e037f1eaf9fa39d1c81f674c64c48b9dd21e26385a0fc9caac8027eab7b2ec9c1ba87c5e41a5ef4ea2fe8a55d1edc19468eb184483f5b42401e50bd89526c78db9dd59e8a05ebe3c8b36d1cf1287daee3b4de0652a35c2cbd2d69f4f0b63e1b852a75dcb31bab9ab59f1b5f23310e129c4cb0f67dffdb3528726784460f4136f1c0b3bebead066bacc814f054227fbcdc89eddd429b526c94a255e3489cb329dfcdff5df32c70fdd7b5272ab6c14de9afa2c1c943ad896533c1b9c36030080a6df4515bf1a025506f68f45bf5c8bb6007c4c12c3b9841ec959760193ac031bd67106192bd9dd01d37fa18756d24a033b3078e4dbff0ce4efda48ae89c0d1486694d09b8550cd2aa22ab2407af4a74c9d29d23e7ae79ced6f6e46ecfeccb44ea617167d14607c592ed12952a5bb0a078176ff6aba391fb2152089c42fa048a47525708ba67cdeff99a8e62fde26ac22fe106184be2e054ca94b878e14deaa62cf70967ee2063b3ded9b2c5e4ce7c90bcdd329d50083772c6abb0704ee03c2c9a0a714182e6cb49abccbb3fd5c12d184cfb8a343a7dac685775e39cf1c5f2130d66d2c7e7b4490fe200b25a6bbfbd0a6684b10b0cfd833153c7353356c78b0bae6b3545671e5c9ed7fe645c799f409535f0dd69e063eb826129869718a93cca7b0450eef6a93a80cf3bca7746bb904b04a8bc2b12d50477b400a97ceadb0bfed7e8d4a94cbafb4d496b6b3e3d113d997c373ffa2341bb607346b2b24006ccdae52834a559b5d35c5f27ef05722bd32c7471ada2b535b3d786d27a794f5db55b834aba43f6f46bde855ff533cd6450c2a2900ffff0bc9c37ee6cfacfc2b06a7b10336014b7db868d615c9b3d4f3d86a4834ed97ced9f2cf06e96ec21715ffd46527754f8717a672c6cf69455dd5dcc557328cc0599b2420d89ca2d78c9283da5e3ead128be306980211ae3009e2a339106c244e92a9b1065cd0f7ab74b21edd89f910a8dbe28991df6f2e2946697c59da7eb1c3bc356e991b75a65e89288d0878706a49c289d6a573f394e76eb3b28f9a6f4f23e3181fb97257181adcfd36eba2ad2a81a2e3f45f25f7937c423bc28f59e8aba9dfcea3450711b152eae6d29480760988bfbd3670bdfdc3b1ea808b23cd2b9f950e0e1f7cff1e6880830326d808394e340504315d11f80eaffe6640df91e8ad907f3f7b2aacc39eaedcfca78e73bef99b844fd9f365a9990f26f0d25245dad5757c321aa6d8455bb5b1a0a727115f4b6bac2f554cfdd712c067d2200655db26e009c1375888e7582d74fd1e803b7da21866d57a23ba8183d2b5b23ea6d96fa031d0b9e952424e993d45e88d05098002a33198e4eef4f7fd55f75c7b2aaa5d23e6a95e59b6fc9b763217492b45fa8193caf228ea0955e628a3bb9cf912d73113aef09c4f5b1cd12c6404cdd5e365089bcd9e27a81eda7d7cbfd6d7cedd54eebdda507b170a9c994bc9e8baeb7c750d3c011bc59790c5ed5679ecdfef26f48e4ca88efd755c835566353b7e4d32d313398e00a1b72c70bcc6dceb3c08d62294fcff61554cac9e1b8fdd5cae252e5d1f33415b2ff450c06277817ff0d63e52e6be9ccf9f06e028d1d5bd0f93bd80a5c8242b10da68df985635b2d86ed26e6e2b3976be076ccdb9257fa6b64328d83b0180664f507f20ae883a9404ba0a48aa3b7ca1233099f80a892d7ffdbb5af0a90f71ebaf8922bf670b016d301e52d53af718d17c2467ebd863b9146bf730e05120acabfe4fd1208565e0d408f30f83778742ec651649c2a6f7beb4363e77575185449e92f735526dca023647a807e54f8a562d76502e05efd128f171f5b557d7649699bcda0df779cac291326414c6fb27d0f837895eb2066c4ce0a179e768965ed70f3164a2e84f183dd5e9ed0de7a122371ca7205b298389d7a2d92228ab844d169fe356b571a43197d1181e3e7f1609c9120fff75fc6272b56167528557b55b6f7e590610c3deeb82bf3d9bb68bac455e3239305668fe00d6b8b6fe47dba8bc603f7bef657dc6c8d47d0df722b9c1e891ffa5cb7b2be34c361791ac497d07a4d600f1fd24fea1a399546fcf0e9fca7f85ed1eca2ffa05c3c1b30ed74564358562c500d17065c3eb2421e68bfd86bc7700b66d35a85a07de9355d226744a001a9fa8c2df39034329c9736675e450c7f1b614587b4a77a00607471fd5ae1066522d88c65b3e23fcec27204eed1f60b4fa4a40f816900992f0fddadb5eaa0e478ef1c2202193b4992e0f077c9b8cbf9aaa0cc8ac80c0bfba7c7c42a3bfd072ef3df0d644503e36a70048ad79a7007c994128661afb61510af0fb7f8c049bb48d530be4d8a68f3beab8eca240577879e50103fd7bce6393194520bd3e8bcd899fe5d45ed4f05cc624c4ddc2f5bed56a70a4bcc195c79c039955a5302c332580d8f429ed2f9a1b3b8e5acdb60868ea9b64c640a6a0f7dd4cd07661a9e82d50b468efaa96c787a9c7513b769922e146b3906ffc21cd6d9f2a8a4292da640e6438883cdd4f07ec5556e241739710dd6f1e857cbcc2d95bd8448d71a8c72fc1658e6038dd669e7b3bb183a274386571abe8077f23a9ac2d461786b60093177ece718061a64990ca37166f73c505cdeae12295897a57d96ae439ab57e34546f4f3de44de489ec0e1d22e8abcb3c4eaaba51ffd466b662672552d08d0f1baa32fffd7e030dbe54127f2db1ccd812de4a0ca97dc5d4c426d365996a736998e1b27c00fd8bd1134621eb7b3ab571b09ab4b726facd6027b7f301adf4ffb66b7e51d6a59b786439f174a3841343027be4f6bb23b89a10739eca5967dae44bb35088ebf9ff7d3449aadb0babc3852369f449eb9fcf9c622e4c61eefa8c828f42c9869bcee70f0af771032eb65f35ec09fd287c82521193c831b821839a318590543595a76c25c7dadc0fd5a79e826c618963e602f0de526fb30cd76407545558210aad6e06e6a45247b1d920902aad7e61f15058ae98118137e38243ef403c8982c4235e13c34323d37136d276275cb4aba2b44bacffaf3a11a0a5973349204d29999bb0c722ace31c26595521a30f03fa7c28fb4d22b70d3fbd13185cb19a75d8b8eaf1125ce206c6401eaf2c4b73d1629a8e65bb9e586bdb523de71302899bec87bbe62ac9cac46ccbd66c1e098a9e05fe599039bdfed5e9b789b43312fb0b3c2eb1f3f8f9486dfe07ce180369be6fc8d8107a5a1fbd0c0691044d4015810742a122858e2ce25f6d522e5136da5ebe9eb6ed32d932cb1443ead3584bb998fedd2f707a11a4a076c1d36bea69371cf616d2ef5be3d03031da49e4a2aef49d0ae45e7f2c91fb87bed83da94c77cebde7764565e664f6b8b12911b481d4c94853cf5834e8dc6c7d11fffd38f0680679ad9759b60bb5ef8f70c980f57fa990b3dfa0b1fb9a4f2ad61911c55bcdc15a9ca69444481c38b95d47b5f087c1c081ac308be753410157874009e33e8a1f8911f75486db0459ba025f9d7483a964aa8fc840a1c862a3a0284469e8751682ee3ec84696d9bbba81703d3b922eb6e92d1524c0f5ebd7a3376c42e868d53b710b35d95548c82fb9ddbd7f316391288b6cf2902234d90e062b33033df20c4f02b1c62bbc09d81d42fe54aa426ef02350fd35cd00755c78ab3d6ccc98e77ee6ab5e357df58843390422283f311b4b46dea4fa6d8ef2dceed92819db1ce5f5a827d26e8154dffe4ec8f419c420c72825df0", 0x2000, 0x0)
link(&(0x7f0000000280)='./file0/../file0/file0\x00', 0x0)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x26080, 0x0)
ioctl$TIOCGPGRP(r6, 0x5437, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

8.301250145s ago: executing program 4 (id=1916):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = accept4$rose(0xffffffffffffffff, &(0x7f0000000180)=@short={0xb, @remote, @bcast, 0x1, @rose}, &(0x7f0000000300)=0x1c, 0x80000)
ioctl$sock_rose_SIOCADDRT(r0, 0x890b, &(0x7f0000000400)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x9, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={'rose', 0x0}, 0x5, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
kexec_load(0x6, 0x0, 0x0, 0x1)
r1 = syz_open_procfs(0xffffffffffffffff, 0x0)
r2 = socket$kcm(0xa, 0x2, 0x73)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000001c0)={0x14, 0x2, 0x6, 0x201}, 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r11, @ANYBLOB="080026008f0900000800b7"], 0x2c}}, 0x0)
sendmsg$inet(r2, 0x0, 0x0)
read$FUSE(r1, 0x0, 0x0)

8.280436769s ago: executing program 1 (id=1917):
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x39}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
memfd_secret(0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_smc(0x2b, 0x1, 0x0)
r1 = syz_io_uring_setup(0x19f2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000140)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000040)={'syztnl0\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x14, 0x0, 0x0, 0xb928, 0x39, @empty, @dev={0xfe, 0x80, '\x00', 0xe}, 0x40, 0x0, 0x0, 0xfffe}})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[@ANYRES64=r4], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, r5, 0x0, r0})
io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r8, 0x6, 0x20, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}}, 0x0, 0x0, 0x3b, 0x0, "6606ca7ce41b346ac33e74fc00d9165a44e86835fec0b518269fd4c21a897da3d787c09dcb8216a272aea67961649d1590065253e07bd0b461b349eb64746d76c42fb2623034078188f0009f9f10d5f0"}, 0xd8)
r9 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r10=>0x0})
sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="380000005500e502000000000000000007000000", @ANYRES32=r10, @ANYBLOB="20000100", @ANYRES32=r10, @ANYBLOB="040000000000000000000000000000000000000000000000fad291e152485a750086fddf653e37537294c2588743f92c654031064c7e1353b07106b70fe8e380ed6b1f33271ce28f0b793ece3c55961eb6aced076f29020fd95ed35f7a5c1d8fac7c2142c29403f7edd58e4b04270438d6133e4c13ae83a950c2c49b0e500a90c73a03ca6e53f878bdd5bfe899dfa7eb718ab863a66b768865e177d2aab2a186170955eb5eeda362f80a543a827b332f7f8e0bba5d01646358859736f11f3f24bc515d03891e0f06398690bb02e0f6c0595405bc9a8e81fe16315f0ac35efd79791f477fab3d23498ca72319ed671f54c11e06bed819858ed00d5baa285d5c924adaa445ba434d5c0aafb792f83554d6cc638aa75504954aaaaa377f876e16bce4ebe5dfb4dfaa44f176ab1a988482edd9e51ba173b5232eb971ba27c2e57b0d117abe35bc9c15746d9edaa5f82f15aee51f8e13584f5c338deb40955beb88cdda598a4b867b6a663660a89315aea62bc783165e64e843643f575d9f282e3a9651a78a5110a8fe24b45ce22313d3295e0c4a67ed231ec7a2ab157dce1dbec604a963aee2bee9f3eb91fc20e9ab107043e7d42a6714b0982ee30863b609e276d2ab2e00000000000000003cbe3c6674d2bed5c19a9262511d97000df1445b17129f0266960889ad4fd8c62c005efc3d2153f6fce64aa5719c6103333024b49aa1f392ce123fa451288a6ab877030448ae907fb84419889fb18db1c86db78f6091faae6e021e3964c2e799efb12d24bcc540e18285f04ad4684c61108f3cf45f420517f5a6ad8dc97531e787b1376c1a545cdd68cdb2c0ac612e90f514e4621bf6b16757b7efc9645638171e163f13aa8438c5e1b4c0d520f14f28c07cc3f655f59247cab28473502d981be39456dfcf24817df7e37ed1af35af38747cbde769b4285f1bd734ca2751173281627369acb9ef6e762f2e"], 0x38}}, 0x0)
bind$inet6(r6, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x18)
recvmmsg(r6, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
syz_emit_ethernet(0xfc0, &(0x7f0000001300)={@broadcast, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x17, 0xfb2, 0x3, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xf9e, 0x0, @opaque="66e834db1bc4290cbda12200194e7c75b16576d1e6d1c487694cf83ab4cbe446716af70f300d2d2c44522ae4994273ce3168dad9c2d554ee08c3e11995f09c9bbaec63011aea5d2f5f67643dfdf012a012f37e39c5e69f1a306bbd2c43328dbc8e2f9bf7efe14f3ebf6e64b680d0bf428076d59b62aa6548232abb5d732471265ebcb1370dc808fd3b2a7f7d11d24ea18500b2c260076ab0a78c2dbb8728982f8fb13c38b671b1b1d2989426c20f1bea256104d96d9d95a124a423db8ede8badd0cd9578c48d50bba7e395d62e5ba6d8ffbfd3d0c62b81554583a0fd2a4001a4d302e13fd9beab004e19119e1e0099908f2f444c0bde58fa17a4531ebcd91ac3ff55dc5e49b589e6f523b888497d231f7fd7543c686ccb84d591f37be0b73cebaed91ff57683c618163a9beafcd71b61a7230869e403f548eb8d791273b7088004010ea9acac65656404e85c372167cf5b3f26b4aba1d5eea054e3c7880c4c4c04db9aef001138262c735d21a768fe94b20a9ffced4e1ff1c2942ccb93d727e64deee6be425d252486fad249cafba1a28932b42386bb72c8a7da2034649537b154a4b293db52f841aecaa7faf010004a3c170792e376875e674bd755bac8c3953f2f83d575a5e75cfcda6defa9c44dad6ce74b4e8cc90e2051fa632c7bd6ed3fea9ed64f5657bfa33f7387a8b8082cc0861561bbdbfb1454204f0cd93c1ea53be70430a5f2cfc308593439410f21cc0507faa849cd20ce9dab8e0d43dfe25311a87c0e903277705ee18e4b8cb798c802ce662747d141a1eb972597674db949f1b515be4db45f5050b0ecf9d9b61bdde4ccc666fd9d0a34a454064b901f7ee4cdb8901b4279d4ad928fc354fd160582feb17bad81c1c599a27325ae12ec8bae70feaa1acf091b7b6443ec79c60d07a6594e27c8a994974b2ee86713683966965b8eec33cf0ee3ead22f0c181d24763649a5d3de78797a6c29ac6bf7eb2d7dcc8f79d80ef77432b447cccb0258257a0b430b14cae57fdbee0b86b737e1141aebab6a1e1f581694c64a4ad17775feca7872409d613756c00767306c2e0fd05138bb71c24e182d8cade7ecb575cee85709cb9cebdd9e438870e8ad7c0fc81f9bce9dd39c736cd71edc768140653c9e86bb52d17b4cd5bbb4ccb5e1828c76cdb93d9b04b0a500057d41f004a8c4b568e74ad921f962ca2b0c5a67f5040ab6b3d1dfdc3aa924afb227f02ac70d8e950e429e64a50ccc83ae44598324833e34b452f030d8d170230587deafdd0e0faaea08ed56930713ffd3ff6367f1bdfeec7d1587ab5b5cd07555f9fdb032d0c34b8aa135f29bb4a0de70e3d28a2612d4a02a71c33b253fc3df89b2a1999d0a8d9e532b127f9919d4fc45942477dbf997952f4d615831f2d30d43a5007405590001dcb5bc74dd1f41a613885d6e256a05dc0a357ccc17f2313c894f02b532d8661e1fd19c75d37955318eb5eb1432c30a3097aced48fa20c153432ae46cc21a6cb98c6c493b841eeaff36e63e2d70e56de0128bc5a5f1a7caa22c7b580b29692a457ff97ac3b1666b80fc1ad1623f108100d40d2332dd519f5499ef15b39c2f4519d77fd7e6d7e2f3f2cf81c49cb9d5506e77615346e0b39cfffb1fa33a116f10f6cd7c54be96ff184164a67275d475765d6434f9a26b5254c85e23501453eb96b5085afa5471c15a6d7f8a9e51b67e60e2ca6e6fee82b6f61ab31d76624d7b10eaa5ac6f75b6d2c184a5225514be4b1d7a2a029c1129b4e9de17c1f8676355bfa49cd6a6af7ffa9b68a48ed3e8db19c23a6773114b6011ee4f8afd5b8c7b3d882a53407f21a0f66baab7f678af2129c3949cec60164de170ca6443fcb8e0341b30aba2eff85dc405412e32356a23fafb81d37718b359a4770194fc3189fee85a6bab8afe054353de206333e388785779fb96b8b4ec86ff7e990da901be17b4df6a58ddd8c01ebbf0e2dc0ad8c22facf765b5a61daa824a4eca11abf746dd1e11eef433b424c22d8958b3c8d585bd9ee6ddb00a18596f3c001ebfa696771e982ade45af0d1b9ccd1c80d4b88b45185da14986e73734fd96700d9470b4665e45136e2468d315fa4f3aa55f0ca09ae58cafc43d95dd474726f6c70c83d23323cef5078217582f183cb3bcdd7a28e92462413dba2481010c4f6ff162a13f06b89f644cdc9d65ac0001f05e335c88829f50ddb39b167ca46163d5f45d588f16baaec817bfaf6bfa2f21ddb65e88bad8b177ca4b7d0cfa21eb31d248e62ea63ac324fcd7378febf6d29b4a8a8af16b56f403c465a0275716f87490687066e91660df7698cd332d8766db310d4ff9be348222e576174526d3e0df0e330dc1779bdc9c6583d2fee2a2c86d4a84b150d9682b4afe237abad8a6cb8cd0b5d30cd4feeee7e466d62bcdc9bfdabcfd389008d687a099ffec68e1ea6d3c22b670e96b27745e7779c95dcd0f16f0883f8e590c6e3bafb38bd078afb4c9964e35c50247b20af5827c41915473475f685b6d7ef9a6a8992b5a3b7cbac4816d0411e02d8f7bd4bb174a98b478f2c366bdee7b01f3f68419822ebb4b8be863f71ba37ba9bed6fdaf3b835f0b8c327722e87b17b36c4d61d729f2195bc094ae18fff47756f01e2d711b662224bc7a1c869a76d7b9168254855f644b48da4b07c0ebd488e57de7937c2d17a61f48f70c641f475fe9150a40247313842d497a69d7a695504bb19e689e529018063e8498e5213c66432b9a95d81d38fbebb13b463f6ede81e2d9d85086b5aaae79c01cf9aaad34e8b7954c5568e27b1e8a1753c93e74caa73a4f208b660bf1ddc528ffa55d1fffc148ac9bd36bc42c1fe608505965bb9aeb86a0e98c4c9ea8be859c71e152ef02fd9a870451f0d2338759ebc3af487e270104f6183fd3777009499757929eedd9ca6b73a8d876059e31cfe976893374525f3067523b9887a7978e6186379d9c7ab01c44a462ad7378193d52d3596eeaf4ffe9e68f1c57deab09728bd9d161d5dd6fa04014806faed68ba426c9ca8b78fd1817bfcf22b8d23b01b1f5da4df81e1e3111671d377130c92e22c4a95be2587d9feeffcfb9083b33c2ef28799c478d041e0b24631533eacf9d132829b66a2e076b0c7eefbf91af54c7e6e183d791caf8d0ed38cddc15eb56d10690b99089131d9ad2cdf52bcc00afae4b127d2ffb4bc3c3656ed14270dd2236039808dfb4912dc038e3883738ef962b0288d0bea4ea6ceac5eecb338b701863972b68feb107c20ed19876eb3556a85e5423ab9e6c46b7b809da7db8d9d263d8eb330493b5555dc33593e8064fefcffcffde0067127302ac6b9ea201ef23581f46422a1d85d2617df8cf4e99e52ab40a6db19a33c1c95773f88f8f2947b21a28c3370d47d673b50bff1b15d098b9478a0397e930877af3fe0c0d44e8a4e78d868d9958d1689c9ac8efe764cc73f590d4ba553ccc435d6f300b3c61a7e2fa558f8384d7929c3b055b0e2a52d431990cf45a8e44b050e006c1818ed2751ef5fb9da232e944c26553dd4ed4cc4a0a2d92761afe9c1db0d07306afdc0d199edf84ddf8c67c55d5919c0f7504d76f9501f629748830ee00f0f770ecd379605571ea81dc3ecf102c836b4fc49d3f52e9351f9223b32413ace5f079a31deddeceb0753375a7ede91237edf1072a65e4c4caaf2801ead961b2b516a66fd16654ca7c0fb60450386522ac5f884c552befa098e2ddbcb8247c0c87cffb04fc213e6c18b10ef63161e3b1e9ca5c6911cf63a0b8bb63bf1acaac34af3d217ea7f38cd636eb17747a201ca4d9d924655f49dc704c7e1be714d1f66ee34cb70c944a113fec0ecd278eaeaab6385c58179b58b8868d04c81a5d56396779aba69c23aac1830724b01a2358cf284ef91e8151b08b4759f7ac927d7fe162e19664456b0c3e7ad35cb53bc4597e762d6f62067f951655d2a174067162c3e3daafa733d8190a59649f09519d3e9a1d085b03efdb920b10a938d163601560db25535888917a543e3f062522dc44ae27ca7fc2469949bade7e5ec146f3d7e834d6fb5360d96cd6c1e600b3c109c98df2e0754f8af7099f4361a7113fd50edd508f9724761889b65fb9fb7a0825b6d584ce96a1947be8569515760532a1d0ce2968a2d437e7caa8360491a697c4ae7f02927273b466ae437ba532ebf574e1328fa68645c308613900c86bc45e123157c8d06145875a2e2f3cf4f77c7ec1c170740eab55e8a7c4a06aa0b6c8ff28a42cac1d84aac1b2f3437bcb9128470353df4a1c4c062bc5395572d4e08545eb4ee87dfda9864ca9377f330aa8170a77919ddce55d7b9e67267710aa6125f9dd04feffe935bdd185ad4aa46659f998964e8f7b23c9dd92c150b1010b47db044ca4d7c52e03a22d54dc8482d0b52123bffaf47f9ad12f9f54b3e899635b5787c249ac79d0e57058384801d8b70f753bf1f7ca7eea50622204585e102ee384500ee53b60bbde5bc2b56a72eb7f4b1f2e2d3862bb754839bf8259b7060b49ecad1f8be305175aa9fe9dcb8e73e62d9291712661341939e2451bba78bf8b5c373b2eda04deee2fd29aeef701d1e2a5287c838f3ddf98cc6641a8999a48ed03edaddfa472593e6b1566b80a6559260476e3c9d4d9dbea3e0351b53eca7a67e206a3671ff8b92440b26575a2a9a1f0f0c89916e1bdcccab4b61a96bb776c42d7cfa5b82248d6383e7517f720ac0515727b8250166b78aa8fd2e07c473152c917731df06676dd75414b2e434c980bf9b7da58832e07b95c93480d39935757de85f1e57d3e7022effcd7af356a08ba3ad861c9e9862c86297819487142a26677c161137a8c14d2daed3f3db50f6808490046e5656fc060b41467ed3c0aa8b2f2a46efc72db602d3b388fd2083c383565cc8fe08508c0b9006aba836b748c757499ee9b5bff1841aa68c3da4ebafeda669d9b0c490c2a947513a5eb24a457bacd5cae4d3358130c753960e12afe2fb0bff3358e7eadcedbfb12a2fc3061406aeacd9c3a9149d76c4e5ef36a00f8ba6fad52d87a859aaf9f406903bac6aea2720db44fdacb6eaa8d2d0f3b1049c6f76c63be569166289656828d271cdc988b4dbbdd71a4267cc389fd555084d4bfc2fce3f25e7671d0b0922a7b6d106899be6deb7efdc5a76cac0462e3dff245b9c761fff68f68761b1a567f6b9b3ed5ac7bb21b60d23ecde88515bce64a9ef6bce709bf7159f7610907389cb880018e6710744f250493893d35ef645741bbc9c08d786814c82ef6675afafe6bd7e485f0d59c91bd5352293181919e71c2f2cb6d4c4484e9d5e093257e03920c8bc732accb2dbdeaedaaf1846ce673d1d65b559790d606ec8adb8696148855aff8e23be2053af9aba1541961b3e535a51140c7bfd426977c5e0d60f37ef0a531a30e2478b845cbe48d06558a789ece1304f1b2c88085183631d269084d42599351e4aae40ee56f506c3536d982d4c297f4e02742f1b15131c03b790058adc800a706c29e3929deea95c696698ad4d2dce0e2b2113aaf5eb31814a7653876b919fd76aebd250939cf9b488bbef15395f582935f82b2902497e2225539602fa48ec7c6e5280eb020338e495dd7e67c7ae7e6c34e27720a2b297d88c291f69182ad647b"}}}}}, 0x0)

8.273901747s ago: executing program 2 (id=1918):
bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = socket$inet6(0xa, 0x5, 0x24cdfd13)
connect$inet6(r6, &(0x7f0000000480)={0xa, 0x8, 0xffff7fff, @loopback, 0x2}, 0x1c)
r7 = dup2(r6, r6)
sendmmsg$unix(r7, &(0x7f0000008380), 0x400000000000174, 0x4008890)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000880)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xe, 0xfff3}, {}, {0x4}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_FLAGS={0x8, 0xb, 0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x40)
r8 = socket(0x2, 0x80805, 0x0)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
r9 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r10 = dup(r9)
write$6lowpan_enable(r10, &(0x7f0000000000)='0', 0xfffffd2c)
ioctl$TIOCSETD(r10, 0x5423, &(0x7f0000000040))
sendmmsg$inet(r8, &(0x7f0000000900)=[{{&(0x7f0000000080)={0x2, 0x4, @rand_addr=0xac1414bb}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}, {{&(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000ac0)="6cb76def2c36dab0f366cf47ad785ed2fb5e1fa5fb56d566acdc377060c4ba50a58104620df72c3004bfbc77173110e163f7d8ad60c34cdb064852353438fea809e390e392afbf35311690cd8286a6c49668aee29b7537078dba77963d15c085d7343c1012135d361ac15c082b7ac8db87cc10fe3ffc374c8be18fc53437100a11dddb9981072ec036d513870a5bbf62ce9e39f790f61ef997af390b9f5fc8a699e001c59077c459eb40ee80a3ffeb35737da668ef974592faf129325cd9ad0dc5663950a329804c9f5d261f71165b05dac212cc2afc40f980ddef8773f1045e75de4ec606aef87052e9ac784bb0f5a43f9cac5e44ae1a6dd575ce17a4749dc7cd4d7f76a40676e792e5b31a25703b1f35b48a89ed84582ef8f4ac046695f402c25da1fa6bc732a7016edf093b4c31193130b3bc143702e2b1d23743ca797b24495dc4979b81413701c0597dcd5e3bcc9c2050c18cfe03814d358e0f795e990dc44d2c1b9890514bd5ea94a3f3a1e25a8cdc67133e9176d76dc54c31274cff0101d8a42c103bad1b8b57362446f2c2ed8a69daf3d7306ef3fa2015e4ee1ef3392120b82671d73b07f3082ea69ffa0ebc7b53c78862a3e1ece518c1f0abbe4053b4dfafe815c1fe4b0d079446e80d13af972e00644a0188605d7309812e24cd1158677f94a16a5eb0c5d48b60329fc522026efa596ac913540f2a9b0345f279329bfba29a7dfc8894e6a08eeee3dd974c3de9e0602cfd1e3e584b10dd26cd13f7fb432e72ea85fd1d3a872061bc967d7a67a3a7f09f34cc825db5d9ef3ce0ff9873f8eff342eb30fa970007e2f591f07dc9bc5141a9679a2f7c69aa50894353a7830a0f7cf766aff6e81d7c3b88d730946ce3f327716ef6fd270d5bf467aef288db903f740b6ac27b962a3c6462372e63f8da8505f05d17b364dd8c6b5d449accd01b4c6da297669f098bee986b95e389a2d003539ca9dec8c26b9f6bbb5f7fe6f0b764d99bc0dafcad4121ed6a749ac71fc5deeee54d0e8a2d9dccc87df818258d73c8816b78c1be3670fb14dded879caf925e0f8abf63f55ffee02bbffb465f0303338bd12e22fe94fdaa3f033127ecaf41649232c38e83850fd3ebc890ea5db2763a8389ac49bd9b7f6b81f381d3eeb90d0f596e2b7f7dfa2a0e9453c1f5f359b56aae9e97a51f6c092d25a031843e351f5733a25c5905706618ab569359bdca4932f6471f4f2d152f84cfc0c563885b0d93fd015095a8eb9422e3d17ddaf3f20dde5eeea415f76c0617964198c824b98f4d53ab0d4d734dcd6d07dddd5b77c1bd71208632941973bd5b5aca981137ec21dcd86ba518b3d4979b68f704a2a7d7cfeb9be3edf4b4b3560e930d9dba0bc358cba36a129748c1fa73483a69759ba0c4f2ee2a936899e163c213bb3fe5a28e68669fb2da6bbcdf4c55e933d127a8bc68b8d0e6c6c757fe8ea47f26ceb7c1b3ca8b962eb31a081756ed56fe4385dccc5e2a7a53300e9c8a1a55bcf8db3f828cb3db8485110da631a50199a5c1932b5538a2b1c3cddb4451868a413418e3f761530fd477b2ebb449070c73171964203ad7bad4302af13fa6fe55fb88ede096a7aba95ef3665da778250daa9dd4bd5ecb8a807d83fe6dcf2f0cf5de7a4ef742979afd7d93bb2672ad45f6537640313b1ca8838f3fdc08e57455af6398ce5b253312fe1a88206210831e0de59d1e3f9442fb9dd43f1b9c00d151d3234028990f8bcaf65c0ad9ea1bc20e4b7641ff26969b02ccd60d2d8d2d72fe5fd58068cd6d7525c9e24c4246cd776ecf1f57550bb6bddad5093618797547cde5c07e165bc979bfbb5479c58e89c29efa5fdfa5b4a87917a4275609afc849384458ca980ba5a2aa4d10c761bb3b3a57e3d3b41001cdf6", 0x541}], 0x1}}], 0x2, 0x0)

6.738297732s ago: executing program 4 (id=1919):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000000000000500"], 0x1c}, 0x1, 0x0, 0x0, 0x24008054}, 0x40)
prlimit64(0x0, 0xe, &(0x7f0000000340)={0xd, 0x200200090}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = add_key$user(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x1e, r4, 0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000004c0)=0x14)
sendmsg$inet(r2, 0x0, 0x20000050)
r5 = socket(0x2a, 0x2, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x0, 0x0, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
bind$qrtr(r5, 0x0, 0x0)
sendmsg$kcm(r6, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001c40)="d80000001c0081064e81f782db44b9040a1d08041100000000020aa1180002000600142603600e1208000f0000810401a8001605200001400200000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516", 0x5d}, {&(0x7f0000001d00)="0092e9a7e64c32c40a81fa0f64bd9906f29b6a0aa0e850e7eb26dd111c83b33cf6f3f5bfdf52e23faac8580b58c35613a51fec2e1500747c8a72eb20d3d6b9e4e75d266a5440ad6fa037d9055e6a4a6760575b9459419cfc252cb04e3a624aaaa02bf155303808bcb8ec989fd7db312bb9807d1efe0dab699418e3", 0x7b}], 0x2, 0x0, 0x0, 0x7400}, 0x40000)

5.653827211s ago: executing program 4 (id=1920):
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x1, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, <r2=>0xffffffffffffffff, 0x1})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000000), 0x6ffffffffffffffe, 0x0)
read$msr(r3, &(0x7f000001b000)=""/102400, 0x19000)
rseq(&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0)
add_key(&(0x7f0000000300)='trusted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb)
syz_emit_ethernet(0x92, &(0x7f00000003c0)=ANY=[@ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)
inotify_rm_watch(0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000200000001801000020207025000000000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, @void, @value}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000000500040000000000050005000a00000014000780050015000000000008001240"], 0x60}}, 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r5}, 0x4)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0)
close(r6)
ioctl$SIOCSIFHWADDR(r6, 0x8b0b, &(0x7f0000000000)={'wlan1\x00', @random='\x00\x00  \x00'})
setsockopt$ALG_SET_AEAD_AUTHSIZE(r6, 0x117, 0x5, 0x0, 0xb16)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x3, 0x18, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000060000000000000000000000180100002020692500000000002020207b1af8ff00000000bfa10000000000000701000000ffffffb702000008000000b703000047f8ffff8500000006000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000080)='GPL\x00', 0x9, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r7, 0x0, 0xe, 0x0, &(0x7f00000003c0)="386d178529a39dea18dd3f87d7a5", 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x334e8b})

5.653115194s ago: executing program 1 (id=1921):
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x810, 0xffffffffffffffff, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x100, &(0x7f00000002c0)=0xfffffea9, 0x0, 0x4)
sched_setaffinity(0xffffffffffffffff, 0x8, &(0x7f00000004c0)=0xffffffff7fffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000001300)=@mangle={'mangle\x00', 0x10, 0x6, 0x740, 0x328, 0x580, 0x580, 0xd0, 0x328, 0x670, 0x670, 0x670, 0x670, 0x670, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}, {{@uncond, 0x0, 0x230, 0x258, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth1_to_batadv\x00', {0x8, 0x5, 0x3c, 0x97, 0x6, 0x401, 0x4, 0x120e, 0x18, 0x40}, {0x5}}}, @common=@srh={{0x30}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0xfff7, 0x4}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv6=@mcast1}}}, {{@ipv6={@private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'veth1\x00', 'ip6gretap0\x00', {}, {}, 0x0, 0x2}, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @inet=@rpfilter={{0x28}, {0x1}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@local, @ipv4=@multicast1}}}, {{@ipv6={@mcast1, @mcast2, [], [], 'wg1\x00', 'vxcan1\x00', {0xff}, {}, 0x2c}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@mcast2, @ipv6=@local}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x7a0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
pipe2(&(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x4800)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net/vlan/config\x00')
memfd_create(&(0x7f0000000200)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05', 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
preadv(r6, &(0x7f0000001780)=[{&(0x7f0000000380)=""/67, 0x43}], 0x1, 0x4, 0xd)
dup3(r4, r5, 0x80000)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xf0)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r9, 0x0, 0x0}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff)

5.640673588s ago: executing program 2 (id=1922):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = add_key(&(0x7f0000000080)='user\x00', &(0x7f0000000000)={'syz', 0x2}, &(0x7f0000000040)='9', 0x1, 0xfffffffffffffffc)
keyctl$chown(0x4, r2, 0xee00, 0xffffffffffffffff)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000003c0), 0x3)
getsockopt$bt_hci(r3, 0x11a, 0x2, 0x0, &(0x7f0000000000))
keyctl$setperm(0x5, r2, 0x4002410)
keyctl$chown(0x4, r2, 0x0, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x10000040, 0x0, 0x0, 0xb49, 0x2, 0x80000000, 0x0, 0x3}, 0x0)
close(0xffffffffffffffff)
link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
openat$dma_heap(0xffffffffffffff9c, 0x0, 0xa0042, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r4, 0x6, 0x6, &(0x7f0000000040)=0x24, 0x4)
setsockopt$inet_int(r4, 0x0, 0x13, &(0x7f0000000000)=0x802, 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000026c0)=ANY=[@ANYBLOB="400000001200050100000000ffdbdf2505001900ff00080028001a000a010102008000000000000000000000fe8000000000000000000000000000aa02"], 0x40}}, 0x20040810)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x8000)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=<r7=>0x0)
syz_pidfd_open(r7, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0xffffffffffffff47, 0x0, 0x1, 0x0, 0x0, 0x480c0}, 0x20000800)
syz_open_dev$vim2m(0x0, 0x7, 0x2)
membarrier(0x10, 0x0)

4.45505004s ago: executing program 0 (id=1923):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000980)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=r0])
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000002480)=@raw={'raw\x00', 0x8, 0x3, 0x2b8, 0x0, 0x11, 0x148, 0x340, 0x0, 0x450, 0x2a8, 0x2a8, 0x450, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xc8, 0x110, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}, {0x0, 0x0, 0x81}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x4f, 0x7, "72f6daeff0a9c6294e211d2d88fe6dcff5d0e552201da3b7a1fdb30dcb59"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x318)

4.196735942s ago: executing program 2 (id=1924):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
r2 = gettid()
ioprio_get$pid(0x2, r2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
r6 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x40, 0x0)
fsmount(r6, 0x0, 0x7c)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ppoll(&(0x7f00000000c0)=[{r1, 0x1b188}], 0x1, 0x0, 0x0, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xb, &(0x7f00000009c0)=@framed={{}, [@printk={@p, {0x3, 0x0, 0x6, 0xa, 0x1, 0xfff8, 0xa1}, {}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {}, {0x85, 0x0, 0x0, 0xca}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r6, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r5, {0x2}}, './file0\x00'})
r8 = memfd_create(0x0, 0x3)
r9 = openat$smackfs_ipv6host(0xffffffffffffff9c, &(0x7f0000000ac0), 0x2, 0x0)
r10 = socket$inet6(0xa, 0x2, 0x3a)
bind$inet6(r10, &(0x7f0000000080)={0xa, 0x0, 0x0, @private2, 0x101}, 0x1c)
write$smackfs_ipv6host(r9, &(0x7f0000000b00)=@l1={{0x7, 0x3a, 0x3, 0x3a, 0x40, 0x3a, 0xc86, 0x3a, 0x6137, 0x3a, 0x10, 0x3a, 0x90, 0x3a, 0x80000001}, 0x20, '!'}, 0x9a)
ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000000)={r8, 0x0, 0x0, 0x8000})
r11 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r11, 0x8946, &(0x7f0000000500)={'syz_tun\x00', &(0x7f0000000540)=@ethtool_link_settings={0x4d, 0x400, 0xf, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, [0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3ff]}})
socket$unix(0x1, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

4.130309794s ago: executing program 1 (id=1925):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000980)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
writev(r0, &(0x7f0000000180)=[{&(0x7f0000000280)='\b\x00\x00\x00', 0x4}], 0x1)
syz_open_dev$video(&(0x7f0000000080), 0x7, 0x40580)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000240), 0x20000, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'sit0\x00', <r3=>0x0})
ioctl$sock_inet6_SIOCSIFDSTADDR(r2, 0x8918, &(0x7f0000000080)={@mcast1, 0x68, r3})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000020000000000000f9ffff0b8500000007000000850000000700"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='xen_cpu_write_ldt_entry\x00', r4, 0x0, 0x9}, 0x18)
getxattr(0x0, 0x0, 0x0, 0x0)
ioctl$EVIOCGLED(r1, 0x80284504, &(0x7f0000000000)=""/56)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r5, {0x3, 0x8}}, './file1\x00'})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f0000000100), 0x1729, 0x0)
read$msr(r6, &(0x7f0000032680)=""/102400, 0x19000)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r7, 0x400, 0x0)
r8 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x101)
capset(&(0x7f0000000000)={0x19980330, 0xffffffffffffffff}, &(0x7f0000000180)={0x0, 0x0, 0x1007, 0x0, 0x0, 0x80})
ioctl$SG_IO(r8, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x6, 0x6, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000140)="bf3e324fb80c", 0x0, 0x0, 0x0, 0x0, 0x0})
gettid()
truncate(&(0x7f0000000900)='./file1\x00', 0x24b9)
r9 = socket$inet(0x2, 0x80001, 0x84)
bind$inet(r9, 0x0, 0x0)

3.830764763s ago: executing program 0 (id=1926):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r1=>0x0})
execveat(0xffffffffffffffff, &(0x7f0000003180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x800)
r2 = openat$autofs(0xffffffffffffff9c, 0x0, 0x109000, 0x0)
r3 = openat(0xffffffffffffffff, &(0x7f00000006c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc2, 0xa5)
ioctl$AUTOFS_DEV_IOCTL_READY(r3, 0xc0189376, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r4=>r0, {0xf}}, './file0\x00'})
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000000040)={<r6=>0x0}, &(0x7f0000000400)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000440)={r6, 0xa8, &(0x7f00000005c0)=[@in={0x2, 0x4e22, @private=0xa010101}, @in6={0xa, 0x4e22, 0x3, @mcast2, 0x6}, @in6={0xa, 0x4e22, 0x10001, @loopback, 0x8}, @in={0x2, 0x4e24, @rand_addr=0x64010100}, @in={0x2, 0x4e22, @local}, @in={0x2, 0x4e22, @private=0xa010101}, @in={0x2, 0x4e24, @broadcast}, @in={0x2, 0x4e20, @private=0xa010102}, @in={0x2, 0x4e24, @rand_addr=0x64010102}]}, &(0x7f00000016c0)=0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001700), r3)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r9, &(0x7f0000032680)=""/102392, 0x18ff8)
r10 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r2, 0x0)
r11 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0)
writev(r11, &(0x7f0000000340)=[{&(0x7f0000000100)="1876d433b8c266f9be2253e7c12fc9ea10343a19c358547a9357a174911e926c57b51eab3d0a4a2297653ac0c62201010000881a8789adddd1ca89ebd8632972a4f65ad1505ed06b6785508eb1dee994d18b084ef189ce72b079ed03ef849c46e3dedf604c01fae7c32f782dd9a45993a0798444d6ba181f2546b88893bf12575b27c1af55a55c55ca8855d5dc89db3e110430d10f429cc423ff64acc9fdb59a76caf809ce3c954f8a9618ebe5c3253e888feae6cc381ecb4a64085e24c48cf5ae9c5125d58d78ab2b70ec9216b42cf69b0cd34aa9a9b8e32e1841f19a7d38ce8de4d6d24b1a239ccfbb0935e4db5f50c9b8ebdf158eb582b914857522de035110521a268d3fa0888ebd65ab713338b2fa1029851d62af03f2bcf6034cf0287f10c84c967bae32a79fbf90122d41a622c0fa8a0fae4ffa55df5ec7ebb0708dbb6148f2cde6d128018a0efa8598fa29ac80c6642d52c6f6b979e8fe5e1fbe7615ca1bc31f2bc541b3f67f129a490900000004ab65b661139a2d66fbe14888b28fb681b11cd33e07a04cee7fa46193218553971e41d0eaed454f6b4520963c5d21b889764986530174051ddeca7547b3aeb0ed720e20099fbeec90859a9f22b9229f72fb45e62fb2c7048099eb484edac92717591a6467c38af94b14d4bf366d5fb232c24bc8a9d5361dd979a98ff5ea6a331cf27110b4457301454119173622e1ddef43e79842b3dcbce701ec9195770fd820823cd45fe00baa87d3000000000000570d", 0x223}], 0x1)
bind$netlink(r8, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c00", @ANYRES16=r7, @ANYBLOB="010000000000000000000800000008000300", @ANYRES32=r1, @ANYBLOB="7caa309bd6646fa22da6476a176d6565f6de21590c5f3e192a093972e3dcca432d8b324b84bc0a49315e68d145e4d4bb66655cb0aceabcf340fd2b3ef4bcaa4140ab22f690927497088e26dc4ceaddbeed99f0be4f1af62051a10b3b682efa00ff359ac809172ca3d541f3157b210815a6d196a295"], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

3.101730585s ago: executing program 2 (id=1927):
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mount(&(0x7f00000003c0)=@sr0, 0x0, &(0x7f0000000440)='cifs\x00', 0x0, 0x0)
r0 = semget$private(0x0, 0x0, 0x280)
semctl$SEM_STAT_ANY(r0, 0x3, 0x14, 0x0)
r1 = eventfd2(0x0, 0x0)
io_setup(0x6, &(0x7f0000000040)=<r2=>0x0)
io_getevents(r2, 0x3, 0x3, &(0x7f0000002a00)=[{}, {}, {}], 0x0)
io_submit(r2, 0x1, &(0x7f0000002900)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x7, 0x3511, r1, 0x0, 0x0, 0x0, 0x0, 0x1, r1}])
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x4, 0x129142)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000003c0)='net/ipv6_route\x00')
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x34058094)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
r4 = userfaultfd(0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})
sendmsg$NL80211_CMD_START_AP(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x40080}, 0x20000014)

2.05397707s ago: executing program 1 (id=1928):
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x4008890)
r0 = socket(0x2, 0x80805, 0x0)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
sendmmsg$inet(r0, &(0x7f0000000900)=[{{&(0x7f0000000080)={0x2, 0x4, @rand_addr=0xac1414bb}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}, {{&(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000ac0)="6cb76def2c36dab0f366cf47ad785ed2fb5e1fa5fb56d566acdc377060c4ba50a58104620df72c3004bfbc77173110e163f7d8ad60c34cdb064852353438fea809e390e392afbf35311690cd8286a6c49668aee29b7537078dba77963d15c085d7343c1012135d361ac15c082b7ac8db87cc10fe3ffc374c8be18fc53437100a11dddb9981072ec036d513870a5bbf62ce9e39f790f61ef997af390b9f5fc8a699e001c59077c459eb40ee80a3ffeb35737da668ef974592faf129325cd9ad0dc5663950a329804c9f5d261f71165b05dac212cc2afc40f980ddef8773f1045e75de4ec606aef87052e9ac784bb0f5a43f9cac5e44ae1a6dd575ce17a4749dc7cd4d7f76a40676e792e5b31a25703b1f35b48a89ed84582ef8f4ac046695f402c25da1fa6bc732a7016edf093b4c31193130b3bc143702e2b1d23743ca797b24495dc4979b81413701c0597dcd5e3bcc9c2050c18cfe03814d358e0f795e990dc44d2c1b9890514bd5ea94a3f3a1e25a8cdc67133e9176d76dc54c31274cff0101d8a42c103bad1b8b57362446f2c2ed8a69daf3d7306ef3fa2015e4ee1ef3392120b82671d73b07f3082ea69ffa0ebc7b53c78862a3e1ece518c1f0abbe4053b4dfafe815c1fe4b0d079446e80d13af972e00644a0188605d7309812e24cd1158677f94a16a5eb0c5d48b60329fc522026efa596ac913540f2a9b0345f279329bfba29a7dfc8894e6a08eeee3dd974c3de9e0602cfd1e3e584b10dd26cd13f7fb432e72ea85fd1d3a872061bc967d7a67a3a7f09f34cc825db5d9ef3ce0ff9873f8eff342eb30fa970007e2f591f07dc9bc5141a9679a2f7c69aa50894353a7830a0f7cf766aff6e81d7c3b88d730946ce3f327716ef6fd270d5bf467aef288db903f740b6ac27b962a3c6462372e63f8da8505f05d17b364dd8c6b5d449accd01b4c6da297669f098bee986b95e389a2d003539ca9dec8c26b9f6bbb5f7fe6f0b764d99bc0dafcad4121ed6a749ac71fc5deeee54d0e8a2d9dccc87df818258d73c8816b78c1be3670fb14dded879caf925e0f8abf63f55ffee02bbffb465f0303338bd12e22fe94fdaa3f033127ecaf41649232c38e83850fd3ebc890ea5db2763a8389ac49bd9b7f6b81f381d3eeb90d0f596e2b7f7dfa2a0e9453c1f5f359b56aae9e97a51f6c092d25a031843e351f5733a25c5905706618ab569359bdca4932f6471f4f2d152f84cfc0c563885b0d93fd015095a8eb9422e3d17ddaf3f20dde5eeea415f76c0617964198c824b98f4d53ab0d4d734dcd6d07dddd5b77c1bd71208632941973bd5b5aca981137ec21dcd86ba518b3d4979b68f704a2a7d7cfeb9be3edf4b4b3560e930d9dba0bc358cba36a129748c1fa73483a69759ba0c4f2ee2a936899e163c213bb3fe5a28e68669fb2da6bbcdf4c55e933d127a8bc68b8d0e6c6c757fe8ea47f26ceb7c1b3ca8b962eb31a081756ed56fe4385dccc5e2a7a53300e9c8a1a55bcf8db3f828cb3db8485110da631a50199a5c1932b5538a2b1c3cddb4451868a413418e3f761530fd477b2ebb449070c73171964203ad7bad4302af13fa6fe55fb88ede096a7aba95ef3665da778250daa9dd4bd5ecb8a807d83fe6dcf2f0cf5de7a4ef742979afd7d93bb2672ad45f6537640313b1ca8838f3fdc08e57455af6398ce5b253312fe1a88206210831e0de59d1e3f9442fb9dd43f1b9c00d151d3234028990f8bcaf65c0ad9ea1bc20e4b7641ff26969b02ccd60d2d8d2d72fe5fd58068cd6d7525c9e24c4246cd776ecf1f57550bb6bddad5093618797547cde5c07e165bc979bfbb5479c58e89c29efa5fdfa5b4a87917a4275609afc849384458ca980ba5a2aa4d10c761bb", 0x537}], 0x1}}], 0x2, 0x0)

1.980715087s ago: executing program 4 (id=1929):
r0 = socket(0xa, 0x3, 0x3a)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x51}, [@ldst={0x7}]}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x3c)
setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x0, 0x5, @mcast2}, {0xa, 0x0, 0x0, @private1}, 0xb, {[0x0, 0x3, 0x0, 0x0, 0xc]}}, 0x5c)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)={0x20002000})
r3 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000340)={&(0x7f0000000180), 0x0, 0x0, 0x0})
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={r5, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000700), r7)
sendmsg$NFC_CMD_START_POLL(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010027bd7000fbdbdf250600000008000e0056000000080003005200000008000e00a46398d008000d000e0000000800010075"], 0x3c}, 0x1, 0x0, 0x0, 0x2400c844}, 0x40000)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r4, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0, <r9=>0x0], &(0x7f0000000040), 0x3, r6})
ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000380)={0x200, 0x1, &(0x7f0000000440)=[r6], &(0x7f0000000200), &(0x7f0000000300)=[r9], &(0x7f0000000340)})
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
r10 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48)
pipe(&(0x7f0000000100)={<r11=>0xffffffffffffffff})
getpid()
fcntl$setpipe(r11, 0x407, 0x4)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x4, 0x1000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x200000a, 0x13, r10, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
connect$qrtr(r3, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
syz_open_dev$sndmidi(&(0x7f00000003c0), 0xb6, 0x6044c0)

1.891066731s ago: executing program 0 (id=1930):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="dc00000002000005ffffff00aaaa06000008004500002200000000002f907800001f38e0000001a00086dd000c"], 0x32)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYRESOCT, @ANYRES16=r0, @ANYRESOCT=r2], 0x50)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r3}, 0x0, 0x0}, 0x20)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
vmsplice(r4, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08", @ANYRES32=r4], 0x0)
capset(&(0x7f0000000000)={0xf1504}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
capget(&(0x7f0000000080)={0x20071026}, &(0x7f0000000100)={0x0, 0x5, 0x369, 0x9db, 0x8, 0x1})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000068000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000212c0011800a0001006c696d69740000001c0002800c00024000000000000000030c00014000000000000001016c0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000400003803c000080080003400000000230000b802c0001800a0001006c696d69740000001c0002800c00024000000000000000000c000140000000000000000938010000080a0500000000000000000005000007260007403d71b32682bbe6000000d4fa66a8175e9872e4cc0d9b3832de08e08e24df369ec0a31c82067f6a310900020073797a310000000008000940000000024a0007405c890b690e2214dac90362bb4f8e989a74bdc1985458a1e6868adb9ac469290098443d437b475c9c2a18de6b34f9e8558b70644604cadd65d58ce8b25f35723200cfaabbf18500003c000580080001400000000608000140000000880800014000000032080001400000c6afd72afcfafa64002b080002400000000308000140000000290900020073797a30000000000c000580080001400000890d44000740bef2077827d68611293f798db0"], 0x4dc}, 0x1, 0x0, 0x0, 0x44000}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/xfrm_stat\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)

1.741776523s ago: executing program 1 (id=1931):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x404c840, &(0x7f0000000100)={0xa, 0x4e23, 0x9, @loopback}, 0x1c)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_procfs(0x0, 0x0)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8923, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00')
poll(&(0x7f0000000140)=[{r4}], 0x1, 0x1)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f00000029c0)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b55c8f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd4829bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bccdf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e20c6770a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5fa747cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921bd7d80000c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4048ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
r5 = socket(0x10, 0x803, 0x0)
write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000080)={0x1a, 0x17, 0x1, {0x11, './cgroup/../file0'}}, 0x1a)
getsockname$packet(r5, 0x0, &(0x7f0000000200))

934.304526ms ago: executing program 0 (id=1932):
bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = socket$inet6(0xa, 0x5, 0x24cdfd13)
connect$inet6(r6, &(0x7f0000000480)={0xa, 0x8, 0xffff7fff, @loopback, 0x2}, 0x1c)
r7 = dup2(r6, r6)
sendmmsg$unix(r7, &(0x7f0000008380), 0x400000000000174, 0x4008890)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000880)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xe, 0xfff3}, {}, {0x4}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_FLAGS={0x8, 0xb, 0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x40)
r8 = socket(0x2, 0x80805, 0x0)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
r9 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r10 = dup(r9)
write$6lowpan_enable(r10, &(0x7f0000000000)='0', 0xfffffd2c)
ioctl$TIOCSETD(r10, 0x5423, &(0x7f0000000040))
sendmmsg$inet(r8, &(0x7f0000000900)=[{{&(0x7f0000000080)={0x2, 0x4, @rand_addr=0xac1414bb}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}, {{&(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000ac0)="6cb76def2c36dab0f366cf47ad785ed2fb5e1fa5fb56d566acdc377060c4ba50a58104620df72c3004bfbc77173110e163f7d8ad60c34cdb064852353438fea809e390e392afbf35311690cd8286a6c49668aee29b7537078dba77963d15c085d7343c1012135d361ac15c082b7ac8db87cc10fe3ffc374c8be18fc53437100a11dddb9981072ec036d513870a5bbf62ce9e39f790f61ef997af390b9f5fc8a699e001c59077c459eb40ee80a3ffeb35737da668ef974592faf129325cd9ad0dc5663950a329804c9f5d261f71165b05dac212cc2afc40f980ddef8773f1045e75de4ec606aef87052e9ac784bb0f5a43f9cac5e44ae1a6dd575ce17a4749dc7cd4d7f76a40676e792e5b31a25703b1f35b48a89ed84582ef8f4ac046695f402c25da1fa6bc732a7016edf093b4c31193130b3bc143702e2b1d23743ca797b24495dc4979b81413701c0597dcd5e3bcc9c2050c18cfe03814d358e0f795e990dc44d2c1b9890514bd5ea94a3f3a1e25a8cdc67133e9176d76dc54c31274cff0101d8a42c103bad1b8b57362446f2c2ed8a69daf3d7306ef3fa2015e4ee1ef3392120b82671d73b07f3082ea69ffa0ebc7b53c78862a3e1ece518c1f0abbe4053b4dfafe815c1fe4b0d079446e80d13af972e00644a0188605d7309812e24cd1158677f94a16a5eb0c5d48b60329fc522026efa596ac913540f2a9b0345f279329bfba29a7dfc8894e6a08eeee3dd974c3de9e0602cfd1e3e584b10dd26cd13f7fb432e72ea85fd1d3a872061bc967d7a67a3a7f09f34cc825db5d9ef3ce0ff9873f8eff342eb30fa970007e2f591f07dc9bc5141a9679a2f7c69aa50894353a7830a0f7cf766aff6e81d7c3b88d730946ce3f327716ef6fd270d5bf467aef288db903f740b6ac27b962a3c6462372e63f8da8505f05d17b364dd8c6b5d449accd01b4c6da297669f098bee986b95e389a2d003539ca9dec8c26b9f6bbb5f7fe6f0b764d99bc0dafcad4121ed6a749ac71fc5deeee54d0e8a2d9dccc87df818258d73c8816b78c1be3670fb14dded879caf925e0f8abf63f55ffee02bbffb465f0303338bd12e22fe94fdaa3f033127ecaf41649232c38e83850fd3ebc890ea5db2763a8389ac49bd9b7f6b81f381d3eeb90d0f596e2b7f7dfa2a0e9453c1f5f359b56aae9e97a51f6c092d25a031843e351f5733a25c5905706618ab569359bdca4932f6471f4f2d152f84cfc0c563885b0d93fd015095a8eb9422e3d17ddaf3f20dde5eeea415f76c0617964198c824b98f4d53ab0d4d734dcd6d07dddd5b77c1bd71208632941973bd5b5aca981137ec21dcd86ba518b3d4979b68f704a2a7d7cfeb9be3edf4b4b3560e930d9dba0bc358cba36a129748c1fa73483a69759ba0c4f2ee2a936899e163c213bb3fe5a28e68669fb2da6bbcdf4c55e933d127a8bc68b8d0e6c6c757fe8ea47f26ceb7c1b3ca8b962eb31a081756ed56fe4385dccc5e2a7a53300e9c8a1a55bcf8db3f828cb3db8485110da631a50199a5c1932b5538a2b1c3cddb4451868a413418e3f761530fd477b2ebb449070c73171964203ad7bad4302af13fa6fe55fb88ede096a7aba95ef3665da778250daa9dd4bd5ecb8a807d83fe6dcf2f0cf5de7a4ef742979afd7d93bb2672ad45f6537640313b1ca8838f3fdc08e57455af6398ce5b253312fe1a88206210831e0de59d1e3f9442fb9dd43f1b9c00d151d3234028990f8bcaf65c0ad9ea1bc20e4b7641ff26969b02ccd60d2d8d2d72fe5fd58068cd6d7525c9e24c4246cd776ecf1f57550bb6bddad5093618797547cde5c07e165bc979bfbb5479c58e89c29efa5fdfa5b4a87917a4275609afc849384458ca980ba5a2aa4d10c761bb3b3a57e3d3b41001cdf6", 0x541}], 0x1}}], 0x2, 0x0)

93.696855ms ago: executing program 2 (id=1933):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r1 = getpid()
ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000280))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
r5 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, 0x0, &(0x7f0000000100)='%\xff:2\x82|\x9a\xe0\xadA\xde\xd5\x03\x00\x00\x00\xb7\xe5\xee:\xb5\x0e\xec\xe5\xdc\xe5\x8d?\x16BE\x8b\xe8)\xa9H\x99\x10\x02q\xf7\xd3\xc5*\x15\xdf_\xb2_`\x92|\x7f\xff9\xf7o$e&1\xfd\xea\xb0\xb0', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='%\xde({F\xfaA:', 0x0)
r6 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='%.,c\xbe\xfbL:', 0x0)
mknod$loop(0x0, 0x6000, 0x1)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x8, &(0x7f0000000000)=0xfffffffd, 0x4)
getsockopt$inet6_tcp_buf(r7, 0x6, 0x8, 0x0, &(0x7f0000001040))

72.035977ms ago: executing program 3 (id=1934):
r0 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x3)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
socket$unix(0x1, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x0) (async)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') (async)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={0x0}, 0x18) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x4}, 0x6) (async)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x4}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="b4", 0x1}, {0x0}], 0x2)
mkdir(0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x2050, &(0x7f0000000380)={[{@redirect_dir_nofollow}, {@verity_require}, {@userxattr}]})
socket(0x2a, 0x800000002, 0x0) (async)
r4 = socket(0x2a, 0x800000002, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_AUTHENTICATE(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="0b0302000000000000002500000008000300", @ANYRES32=r7, @ANYBLOB="047c36c175628ad37624e837c23de4c0ea57ca289f3e44014745f2a1dea5391a5735d20a7cf745d5413051067f3bd2"], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$SIOCPNENABLEPIPE(r4, 0x541b, 0x1000000000000)
prctl$PR_SET_SECCOMP(0x4e, 0x1, 0x0) (async)
prctl$PR_SET_SECCOMP(0x4e, 0x1, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x400000000001, 0x1, 0x20ff, 0x6, 0x5, 0xde15, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x1}}, {0x0, 0x13}}}, 0xa0)
ioctl$SNDCTL_SEQ_GETINCOUNT(r2, 0x80045105, &(0x7f0000000280))
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7f03) (async)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7f03)
syz_emit_ethernet(0x3e, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa7f0a0003401108004500010102ac1412d18ae85e26d0dc02282500000000000000002f00007f00000100000000"], 0x0)

0s ago: executing program 1 (id=1935):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = syz_io_uring_setup(0xd6, &(0x7f0000000480)={0x0, 0x0, 0x100, 0x3, 0xffffffff}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_GUEST_MEMFD(r6, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000})
fallocate(r7, 0x0, 0x100000000, 0x400000009)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0)
ppoll(&(0x7f0000000000)=[{r1, 0x80}], 0x1, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

ted USB speed: UNKNOWN
[  389.828649][ T8656] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  389.943846][ T8663] vxcan1: entered allmulticast mode
[  389.966132][ T8664] vxcan1: entered allmulticast mode
[  389.987467][ T8663] vxcan1: left allmulticast mode
[  390.006167][ T8664] vxcan1: left allmulticast mode
[  393.172183][ T8700] netlink: 4 bytes leftover after parsing attributes in process `syz.1.752'.
[  393.210145][ T5893] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  393.703142][ T5893] usb 1-1: Using ep0 maxpacket: 8
[  393.818637][ T8699] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  393.826975][ T8699] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  393.987988][ T5893] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  394.112340][ T5893] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.310470][ T5893] usb 1-1: Product: syz
[  394.328053][ T5893] usb 1-1: Manufacturer: syz
[  394.348883][ T5893] usb 1-1: SerialNumber: syz
[  394.799389][ T5893] usb 1-1: config 0 descriptor??
[  395.125849][ T5893] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  395.177323][ T5893] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  395.204111][ T5893] usb 1-1: USB disconnect, device number 16
[  395.749400][ T8724] netlink: 252 bytes leftover after parsing attributes in process `syz.4.761'.
[  396.534442][ T8731] EXT4-fs (nullb0): VFS: Can't find ext4 filesystem
[  396.885447][ T8739] netlink: 20 bytes leftover after parsing attributes in process `syz.2.766'.
[  396.895736][ T8739] netlink: 16 bytes leftover after parsing attributes in process `syz.2.766'.
[  398.500348][    T9] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  399.010132][    T9] usb 1-1: Using ep0 maxpacket: 32
[  399.529892][    T9] usb 1-1: config 0 has no interfaces?
[  399.580108][    T9] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  399.589361][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  399.625664][    T9] usb 1-1: config 0 descriptor??
[  401.656645][   T55] usb 1-1: USB disconnect, device number 17
[  402.110110][   T24] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  403.330113][   T24] usb 3-1: Using ep0 maxpacket: 8
[  403.478950][   T24] usb 3-1: config 0 has an invalid interface number: 25 but max is 0
[  403.542491][   T24] usb 3-1: config 0 has no interface number 0
[  403.563296][   T24] usb 3-1: too many endpoints for config 0 interface 25 altsetting 247: 124, using maximum allowed: 30
[  403.690021][   T24] usb 3-1: config 0 interface 25 altsetting 247 has 0 endpoint descriptors, different from the interface descriptor's value: 124
[  403.729404][   T24] usb 3-1: config 0 interface 25 has no altsetting 0
[  403.768020][   T24] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  403.840557][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.849054][   T24] usb 3-1: Product: syz
[  404.227742][   T24] usb 3-1: Manufacturer: syz
[  404.235386][   T24] usb 3-1: SerialNumber: syz
[  404.433602][ T8784] netlink: 252 bytes leftover after parsing attributes in process `syz.3.780'.
[  404.476375][ T8787] netlink: 28 bytes leftover after parsing attributes in process `syz.1.782'.
[  404.502086][   T24] usb 3-1: config 0 descriptor??
[  404.551755][ T8787] netlink: 28 bytes leftover after parsing attributes in process `syz.1.782'.
[  405.850560][   T24] usb 3-1: USB disconnect, device number 7
[  406.026490][ T8799] netlink: 'syz.4.785': attribute type 6 has an invalid length.
[  406.202696][ T5889] kernel write not supported for file /bluetooth/6lowpan_control (pid: 5889 comm: kworker/1:3)
[  406.300271][   T24] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  406.406381][ T8813] netlink: 132 bytes leftover after parsing attributes in process `syz.3.790'.
[  406.442652][ T8814] binder: BC_ATTEMPT_ACQUIRE not supported
[  406.465197][ T8814] binder: 8812:8814 ioctl c0306201 2000000001c0 returned -22
[  406.802778][   T24] usb 3-1: config 36 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 192, changing to 11
[  406.890285][    T9] usb 2-1: new full-speed USB device number 15 using dummy_hcd
[  406.916096][   T24] usb 3-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  406.926049][   T24] usb 3-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  406.934797][   T24] usb 3-1: Manufacturer: syz
[  406.939574][   T24] usb 3-1: SerialNumber: syz
[  407.062617][    T9] usb 2-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=cd.35
[  407.072300][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  407.093663][    T9] usb 2-1: config 0 descriptor??
[  407.120732][    T9] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state.
[  407.142568][    T9] dw2102: su3000_power_ctrl: 1, initialized 0
[  407.149280][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  407.178627][   T24] usbhid 3-1:36.0: couldn't find an input interrupt endpoint
[  407.182304][    T9] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  407.340112][    T9] dvb-usb: TeVii S482 (tuner 2) error while loading driver (-19)
[  407.411613][   T24] usb 3-1: USB disconnect, device number 8
[  407.512553][ T8827] netlink: 252 bytes leftover after parsing attributes in process `syz.3.797'.
[  407.650985][ T5889] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  407.840344][ T5889] usb 1-1: Using ep0 maxpacket: 8
[  407.907412][ T5889] usb 1-1: config 0 has an invalid interface number: 25 but max is 0
[  407.907446][ T5889] usb 1-1: config 0 has no interface number 0
[  407.907478][ T5889] usb 1-1: too many endpoints for config 0 interface 25 altsetting 247: 124, using maximum allowed: 30
[  407.907528][ T5889] usb 1-1: config 0 interface 25 altsetting 247 has 0 endpoint descriptors, different from the interface descriptor's value: 124
[  407.907556][ T5889] usb 1-1: config 0 interface 25 has no altsetting 0
[  407.913299][ T5889] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  407.913330][ T5889] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.913350][ T5889] usb 1-1: Product: syz
[  407.913366][ T5889] usb 1-1: Manufacturer: syz
[  407.913381][ T5889] usb 1-1: SerialNumber: syz
[  407.920798][ T5889] usb 1-1: config 0 descriptor??
[  408.148973][ T5889] usb 1-1: USB disconnect, device number 18
[  408.272438][ T5912] usb 2-1: USB disconnect, device number 15
[  408.593997][ T8847] netlink: 'syz.3.802': attribute type 23 has an invalid length.
[  408.753533][ T8847] ALSA: mixer_oss: invalid OSS volume 'LI'
[  409.818267][ T8864] random: crng reseeded on system resumption
[  409.970148][ T8864] batman_adv: batadv0: Adding interface: ip6gretap1
[  409.976919][ T8864] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  410.040539][ T8864] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active
[  410.287232][ T8867] xt_CT: No such helper "snmp"
[  412.303942][ T8885] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  412.310521][ T8885] [U] J"—e:ÀÆ"


[  413.780287][   T55] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  414.363393][   T55] usb 4-1: Using ep0 maxpacket: 8
[  414.437239][   T55] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  414.460222][   T55] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.499040][   T55] usb 4-1: Product: syz
[  414.509994][   T55] usb 4-1: Manufacturer: syz
[  414.514741][   T55] usb 4-1: SerialNumber: syz
[  414.537779][   T55] usb 4-1: config 0 descriptor??
[  414.654203][ T8903] netlink: 'syz.4.819': attribute type 23 has an invalid length.
[  414.855872][   T55] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  415.606280][   T55] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  416.190247][   T55] usb 4-1: USB disconnect, device number 18
[  416.560158][ T8913] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  416.590903][ T8913] batadv_slave_0: entered promiscuous mode
[  417.330176][ T8903] ALSA: mixer_oss: invalid OSS volume 'LI'
[  417.745094][ T8930] binder: BINDER_SET_CONTEXT_MGR already set
[  417.752002][ T8930] binder: 8926:8930 ioctl 4018620d 200000000080 returned -16
[  419.357663][ T8940] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  419.377604][ T8942] fuse: Bad value for 'group_id'
[  419.407956][ T8942] fuse: Bad value for 'group_id'
[  419.451408][ T8942] xt_hashlimit: max too large, truncated to 1048576
[  420.620398][ T8951] vxcan1: entered allmulticast mode
[  420.881986][ T8955] vxcan1: left allmulticast mode
[  421.041074][ T8952] overlayfs: failed to resolve './file0': -2
[  421.914293][   T24] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  421.964825][ T8966] netlink: 12 bytes leftover after parsing attributes in process `syz.3.836'.
[  422.500268][   T24] usb 2-1: Using ep0 maxpacket: 8
[  422.989699][   T24] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  423.039147][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  423.091206][   T24] usb 2-1: Product: syz
[  423.095465][   T24] usb 2-1: Manufacturer: syz
[  423.149596][   T24] usb 2-1: SerialNumber: syz
[  423.187424][   T24] usb 2-1: config 0 descriptor??
[  423.232815][ T8982] netlink: 'syz.0.841': attribute type 23 has an invalid length.
[  423.311293][ T8983] Invalid logical block size (8210)
[  423.607896][   T24] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  423.920308][   T24] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  424.024518][ T8982] ALSA: mixer_oss: invalid OSS volume 'LI'
[  425.165321][ T8998] netlink: 132 bytes leftover after parsing attributes in process `syz.4.843'.
[  425.286508][   T24] usb 2-1: USB disconnect, device number 16
[  426.264113][ T9005] netlink: 28 bytes leftover after parsing attributes in process `syz.2.847'.
[  426.273532][ T9005] netlink: 'syz.2.847': attribute type 7 has an invalid length.
[  426.320141][ T9005] netlink: 'syz.2.847': attribute type 8 has an invalid length.
[  426.690112][ T9005] netlink: 4 bytes leftover after parsing attributes in process `syz.2.847'.
[  427.137385][ T9015] netlink: 12 bytes leftover after parsing attributes in process `syz.4.849'.
[  427.892563][ T9020] xt_hashlimit: max too large, truncated to 1048576
[  428.235874][ T9028] netlink: 252 bytes leftover after parsing attributes in process `syz.2.853'.
[  429.953960][ T9036] netlink: 'syz.4.857': attribute type 23 has an invalid length.
[  430.235961][ T9036] ALSA: mixer_oss: invalid OSS volume 'LI'
[  430.455016][ T9047] netlink: 132 bytes leftover after parsing attributes in process `syz.1.860'.
[  431.345646][ T9057] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  431.378486][ T9057] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  431.408595][ T9057] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  431.448913][ T9057] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  432.061255][ T9067] netlink: 28 bytes leftover after parsing attributes in process `syz.1.864'.
[  432.078874][ T9067] netlink: 'syz.1.864': attribute type 7 has an invalid length.
[  432.100497][ T9067] netlink: 'syz.1.864': attribute type 8 has an invalid length.
[  432.160152][ T9067] netlink: 4 bytes leftover after parsing attributes in process `syz.1.864'.
[  432.298090][ T9071] xt_hashlimit: max too large, truncated to 1048576
[  433.985592][ T9083] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  433.991965][ T9083] [U] J"—e:ÀÆ"


[  435.408579][ T9099] netlink: 132 bytes leftover after parsing attributes in process `syz.2.874'.
[  435.656308][ T9098] netlink: 'syz.1.875': attribute type 23 has an invalid length.
[  436.671871][ T9102] ALSA: mixer_oss: invalid OSS volume 'LI'
[  437.498265][ T9118] netdevsim netdevsim2: Direct firmware load for ¼JÈöníñÆgkNšÄq>ä*x(Oˆ@Ä“Æ™¬aîWóÿfV!�Œˆ«_—)µAD‘I†µw•C7�;¹gB›|hÂV`f”?:VmÐUWX:SZ;žË©6h?AeÙÿ³iÛámç/Øî‘ÆS–Á6­Ò_C?ÚF failed with error -2
[  437.518822][ T9118] netdevsim netdevsim2: Falling back to sysfs fallback for: ¼JÈöníñÆgkNšÄq>ä*x(Oˆ@Ä“Æ™¬aîWóÿfV!�Œˆ«_—)µAD‘I†µw•C7�;¹gB›|hÂV`f”?:VmÐUWX:SZ;žË©6h?AeÙÿ³iÛámç/Øî‘ÆS–Á6­Ò_C?ÚF
[  437.622012][ T9117] fuse: Bad value for 'fd'
[  437.824870][ T9117] xt_hashlimit: max too large, truncated to 1048576
[  438.775911][ T9127] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  439.052864][ T9135] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  439.059207][ T9135] [U] J"—e:ÀÆ"


[  440.214446][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  440.221888][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  442.173513][ T9163] netlink: 132 bytes leftover after parsing attributes in process `syz.4.889'.
[  442.665299][ T9167] netlink: 'syz.3.891': attribute type 23 has an invalid length.
[  444.261962][ T9172] ALSA: mixer_oss: invalid OSS volume 'LI'
[  444.949327][ T9176] sp0: Synchronizing with TNC
[  445.090596][ T9182] Falling back ldisc for ttyS3.
[  447.061508][ T9199] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  448.718968][ T9222] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  449.376148][ T9230] netlink: 28 bytes leftover after parsing attributes in process `syz.0.904'.
[  449.385936][ T9230] netlink: 'syz.0.904': attribute type 7 has an invalid length.
[  449.399398][ T9230] netlink: 'syz.0.904': attribute type 8 has an invalid length.
[  449.415112][ T9230] netlink: 4 bytes leftover after parsing attributes in process `syz.0.904'.
[  450.313475][ T9234] netlink: 252 bytes leftover after parsing attributes in process `syz.0.906'.
[  451.266240][ T9245] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  451.274504][ T9245] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  451.283683][ T9245] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  451.292005][ T9245] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  453.915171][   T30] audit: type=1326 audit(1750598399.820:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9269 comm="syz.0.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ad18e929 code=0x7ffc0000
[  453.955904][   T30] audit: type=1326 audit(1750598399.840:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9269 comm="syz.0.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f82ad18e929 code=0x7ffc0000
[  453.984272][   T30] audit: type=1326 audit(1750598399.840:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9269 comm="syz.0.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ad18e929 code=0x7ffc0000
[  454.005656][    C1] vkms_vblank_simulate: vblank timer overrun
[  454.014067][   T30] audit: type=1326 audit(1750598399.840:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9269 comm="syz.0.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f82ad18e929 code=0x7ffc0000
[  454.076329][   T30] audit: type=1326 audit(1750598399.840:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9269 comm="syz.0.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ad18e929 code=0x7ffc0000
[  454.102100][   T30] audit: type=1326 audit(1750598399.840:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9269 comm="syz.0.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f82ad1858e7 code=0x7ffc0000
[  454.123464][    C1] vkms_vblank_simulate: vblank timer overrun
[  454.337758][   T30] audit: type=1326 audit(1750598399.840:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9269 comm="syz.0.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f82ad12ab19 code=0x7ffc0000
[  454.529857][   T30] audit: type=1326 audit(1750598399.840:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9269 comm="syz.0.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f82ad18e929 code=0x7ffc0000
[  455.285122][   T30] audit: type=1326 audit(1750598399.840:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9269 comm="syz.0.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f82ad1858e7 code=0x7ffc0000
[  455.307110][   T30] audit: type=1326 audit(1750598399.840:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9269 comm="syz.0.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f82ad12ab19 code=0x7ffc0000
[  456.015183][ T9282] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  457.237458][ T9295] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  457.274858][ T9295] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  457.304730][ T9295] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  457.327262][ T9295] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  457.488001][ T9300] netlink: 252 bytes leftover after parsing attributes in process `syz.0.923'.
[  457.517960][ T9301] FAULT_INJECTION: forcing a failure.
[  457.517960][ T9301] name failslab, interval 1, probability 0, space 0, times 0
[  457.540178][ T9301] CPU: 0 UID: 0 PID: 9301 Comm: syz.1.924 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  457.540211][ T9301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  457.540223][ T9301] Call Trace:
[  457.540232][ T9301]  <TASK>
[  457.540241][ T9301]  dump_stack_lvl+0x189/0x250
[  457.540277][ T9301]  ? __pfx____ratelimit+0x10/0x10
[  457.540306][ T9301]  ? __pfx_dump_stack_lvl+0x10/0x10
[  457.540336][ T9301]  ? __pfx__printk+0x10/0x10
[  457.540364][ T9301]  ? __pfx___might_resched+0x10/0x10
[  457.540391][ T9301]  ? fs_reclaim_acquire+0x7d/0x100
[  457.540426][ T9301]  should_fail_ex+0x414/0x560
[  457.540465][ T9301]  should_failslab+0xa8/0x100
[  457.540494][ T9301]  __kmalloc_cache_noprof+0x70/0x3d0
[  457.540518][ T9301]  ? __request_module+0x2b5/0x5e0
[  457.540550][ T9301]  __request_module+0x2b5/0x5e0
[  457.540584][ T9301]  ? __pfx___request_module+0x10/0x10
[  457.540615][ T9301]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  457.540675][ T9301]  snd_timer_open+0x4d2/0x10b0
[  457.540718][ T9301]  __snd_timer_user_ioctl+0x1b15/0x3ff0
[  457.540753][ T9301]  ? __pfx_bpf_trace_run2+0x10/0x10
[  457.540776][ T9301]  ? register_lock_class+0x51/0x320
[  457.540807][ T9301]  ? __pfx___snd_timer_user_ioctl+0x10/0x10
[  457.540843][ T9301]  ? __bpf_trace_contention_end+0xdc/0x130
[  457.540872][ T9301]  ? __pfx___bpf_trace_contention_end+0x10/0x10
[  457.540904][ T9301]  ? __mutex_trylock_common+0x153/0x260
[  457.540949][ T9301]  ? rcu_is_watching+0x15/0xb0
[  457.540984][ T9301]  ? __mutex_lock+0x330/0xe80
[  457.541015][ T9301]  ? smk_tskacc+0x2fc/0x370
[  457.541042][ T9301]  ? snd_timer_user_ioctl+0x4b/0x80
[  457.541075][ T9301]  ? __pfx___mutex_lock+0x10/0x10
[  457.541119][ T9301]  ? __fget_files+0x2a/0x420
[  457.541144][ T9301]  ? __fget_files+0x3a0/0x420
[  457.541169][ T9301]  ? __fget_files+0x2a/0x420
[  457.541197][ T9301]  ? __pfx_snd_timer_user_ioctl+0x10/0x10
[  457.541228][ T9301]  snd_timer_user_ioctl+0x5a/0x80
[  457.541260][ T9301]  __se_sys_ioctl+0xf9/0x170
[  457.541285][ T9301]  do_syscall_64+0xfa/0x3b0
[  457.541314][ T9301]  ? lockdep_hardirqs_on+0x9c/0x150
[  457.541342][ T9301]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.541362][ T9301]  ? clear_bhb_loop+0x60/0xb0
[  457.541387][ T9301]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.541407][ T9301] RIP: 0033:0x7f2a34f8e929
[  457.541426][ T9301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  457.541452][ T9301] RSP: 002b:00007f2a35d80038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  457.541475][ T9301] RAX: ffffffffffffffda RBX: 00007f2a351b5fa0 RCX: 00007f2a34f8e929
[  457.541491][ T9301] RDX: 0000200000000080 RSI: 0000000040345410 RDI: 0000000000000003
[  457.541504][ T9301] RBP: 00007f2a35d80090 R08: 0000000000000000 R09: 0000000000000000
[  457.541516][ T9301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  457.541529][ T9301] R13: 0000000000000000 R14: 00007f2a351b5fa0 R15: 00007ffd12df10d8
[  457.541564][ T9301]  </TASK>
[  458.068517][ T9307] netlink: 28 bytes leftover after parsing attributes in process `syz.3.927'.
[  458.081040][ T9307] netlink: 'syz.3.927': attribute type 7 has an invalid length.
[  458.088760][ T9307] netlink: 'syz.3.927': attribute type 8 has an invalid length.
[  458.096611][ T9307] netlink: 4 bytes leftover after parsing attributes in process `syz.3.927'.
[  462.628403][ T9334] netlink: 'syz.4.935': attribute type 9 has an invalid length.
[  462.723451][ T9333] fuse: root generation should be zero
[  462.810644][ T9337] FAULT_INJECTION: forcing a failure.
[  462.810644][ T9337] name failslab, interval 1, probability 0, space 0, times 0
[  462.909584][ T9337] CPU: 0 UID: 0 PID: 9337 Comm: syz.3.934 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  462.909617][ T9337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  462.909630][ T9337] Call Trace:
[  462.909638][ T9337]  <TASK>
[  462.909647][ T9337]  dump_stack_lvl+0x189/0x250
[  462.909687][ T9337]  ? __pfx____ratelimit+0x10/0x10
[  462.909718][ T9337]  ? __pfx_dump_stack_lvl+0x10/0x10
[  462.909747][ T9337]  ? __pfx__printk+0x10/0x10
[  462.909777][ T9337]  ? __pfx___might_resched+0x10/0x10
[  462.909803][ T9337]  ? fs_reclaim_acquire+0x7d/0x100
[  462.909838][ T9337]  should_fail_ex+0x414/0x560
[  462.909869][ T9337]  should_failslab+0xa8/0x100
[  462.909898][ T9337]  kmem_cache_alloc_noprof+0x73/0x3c0
[  462.909920][ T9337]  ? getname_flags+0xb8/0x540
[  462.909951][ T9337]  getname_flags+0xb8/0x540
[  462.909983][ T9337]  do_sys_openat2+0xbc/0x1c0
[  462.910017][ T9337]  ? __pfx_do_sys_openat2+0x10/0x10
[  462.910049][ T9337]  ? ksys_write+0x22a/0x250
[  462.910076][ T9337]  ? __pfx_ksys_write+0x10/0x10
[  462.910094][ T9337]  ? rcu_is_watching+0x15/0xb0
[  462.910130][ T9337]  __x64_sys_creat+0x8f/0xc0
[  462.910154][ T9337]  do_syscall_64+0xfa/0x3b0
[  462.910185][ T9337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.910205][ T9337]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  462.910224][ T9337]  ? clear_bhb_loop+0x60/0xb0
[  462.910249][ T9337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.910268][ T9337] RIP: 0033:0x7f59bd18e929
[  462.910288][ T9337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  462.910305][ T9337] RSP: 002b:00007f59bdf22038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  462.910329][ T9337] RAX: ffffffffffffffda RBX: 00007f59bd3b6080 RCX: 00007f59bd18e929
[  462.910353][ T9337] RDX: 0000000000000000 RSI: 14943e9b6c6e8de5 RDI: 0000200000000600
[  462.910367][ T9337] RBP: 00007f59bdf22090 R08: 0000000000000000 R09: 0000000000000000
[  462.910380][ T9337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  462.910392][ T9337] R13: 0000000000000000 R14: 00007f59bd3b6080 R15: 00007ffe83afd408
[  462.910426][ T9337]  </TASK>
[  463.158934][ T9334] bond_slave_0: entered promiscuous mode
[  463.165285][ T9334] bond_slave_1: entered promiscuous mode
[  463.171939][ T9334] macvlan2: entered promiscuous mode
[  463.177557][ T9334] bond0: entered promiscuous mode
[  463.194168][ T9334] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  463.839436][ T9346] netlink: 28 bytes leftover after parsing attributes in process `syz.4.940'.
[  463.853986][ T9346] netlink: 'syz.4.940': attribute type 7 has an invalid length.
[  463.863031][ T9346] netlink: 'syz.4.940': attribute type 8 has an invalid length.
[  463.874085][ T9346] netlink: 4 bytes leftover after parsing attributes in process `syz.4.940'.
[  463.938304][ T9342] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  465.290561][   T24] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  465.812120][ T9358] vxcan1: entered allmulticast mode
[  465.818024][   T24] usb 4-1: Using ep0 maxpacket: 16
[  465.833153][ T9358] vxcan1: left allmulticast mode
[  465.844969][   T24] usb 4-1: config 0 has an invalid interface number: 23 but max is 0
[  465.872145][   T24] usb 4-1: config 0 has an invalid descriptor of length 72, skipping remainder of the config
[  465.920343][   T24] usb 4-1: config 0 has no interface number 0
[  465.929271][   T24] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a1, bcdDevice=de.77
[  465.938670][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  465.968852][   T24] usb 4-1: Product: syz
[  465.985056][   T24] usb 4-1: Manufacturer: syz
[  465.989838][   T24] usb 4-1: SerialNumber: syz
[  465.998022][   T24] usb 4-1: config 0 descriptor??
[  466.383827][ T9350] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  466.730683][ T9350] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  466.793474][   T24] dvb-usb: found a 'Terratec Cinergy DT USB XS Diversity/ T5' in cold state, will try to load a firmware
[  466.867639][ T9368] FAULT_INJECTION: forcing a failure.
[  466.867639][ T9368] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  466.887468][ T9368] CPU: 0 UID: 0 PID: 9368 Comm: syz.0.947 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  466.887499][ T9368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  466.887511][ T9368] Call Trace:
[  466.887519][ T9368]  <TASK>
[  466.887528][ T9368]  dump_stack_lvl+0x189/0x250
[  466.887562][ T9368]  ? __pfx____ratelimit+0x10/0x10
[  466.887591][ T9368]  ? __pfx_dump_stack_lvl+0x10/0x10
[  466.887620][ T9368]  ? __pfx__printk+0x10/0x10
[  466.887640][ T9368]  ? __might_fault+0xb0/0x130
[  466.887684][ T9368]  should_fail_ex+0x414/0x560
[  466.887714][ T9368]  _copy_from_user+0x2d/0xb0
[  466.887735][ T9368]  __sys_bpf+0x1ed/0x860
[  466.887763][ T9368]  ? __pfx___sys_bpf+0x10/0x10
[  466.887803][ T9368]  ? ksys_write+0x22a/0x250
[  466.887830][ T9368]  ? __pfx_ksys_write+0x10/0x10
[  466.887850][ T9368]  ? rcu_is_watching+0x15/0xb0
[  466.887887][ T9368]  __x64_sys_bpf+0x7c/0x90
[  466.887911][ T9368]  do_syscall_64+0xfa/0x3b0
[  466.887938][ T9368]  ? lockdep_hardirqs_on+0x9c/0x150
[  466.887966][ T9368]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.887986][ T9368]  ? clear_bhb_loop+0x60/0xb0
[  466.888008][ T9368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.888022][ T9368] RIP: 0033:0x7f82ad18e929
[  466.888037][ T9368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  466.888051][ T9368] RSP: 002b:00007f82adfd7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  466.888069][ T9368] RAX: ffffffffffffffda RBX: 00007f82ad3b5fa0 RCX: 00007f82ad18e929
[  466.888080][ T9368] RDX: 0000000000000094 RSI: 0000200000000040 RDI: 0000000000000005
[  466.888090][ T9368] RBP: 00007f82adfd7090 R08: 0000000000000000 R09: 0000000000000000
[  466.888100][ T9368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  466.888109][ T9368] R13: 0000000000000000 R14: 00007f82ad3b5fa0 R15: 00007ffc710bfe08
[  466.888136][ T9368]  </TASK>
[  466.910996][   T24] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  468.379202][   T24] dib0700: firmware download failed at 7 with -22
[  468.589218][   T24] usb 4-1: USB disconnect, device number 19
[  468.783232][ T9389] netlink: 'syz.4.955': attribute type 10 has an invalid length.
[  468.832440][ T9389] syz_tun: entered promiscuous mode
[  468.849593][ T9389] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  468.871671][ T9399] netlink: 252 bytes leftover after parsing attributes in process `syz.0.957'.
[  468.925991][ T9389] mkiss: ax0: crc mode is auto.
[  472.061342][ T9426] macsec1: entered allmulticast mode
[  472.330153][ T9435] netlink: 4 bytes leftover after parsing attributes in process `syz.2.970'.
[  472.791314][ T9431] syz.3.968: attempt to access beyond end of device
[  472.791314][ T9431] nbd3: rw=0, sector=6, nr_sectors = 2 limit=0
[  472.814865][ T9431] ADFS-fs (nbd3): error: unable to read block 3, try 0
[  472.844136][ T9448] xt_cgroup: path and classid specified
[  473.049802][ T9453] xt_hashlimit: max too large, truncated to 1048576
[  473.081171][ T5912] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  473.250325][ T5912] usb 5-1: Using ep0 maxpacket: 8
[  473.315351][ T5912] usb 5-1: config 2 has an invalid interface number: 169 but max is 0
[  473.399215][ T5912] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  473.525519][ T5912] usb 5-1: config 2 has no interface number 0
[  473.760218][ T5912] usb 5-1: config 2 interface 169 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  473.819988][ T5912] usb 5-1: config 2 interface 169 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  473.880308][ T5912] usb 5-1: config 2 interface 169 altsetting 0 endpoint 0x8B has an invalid bInterval 129, changing to 11
[  473.948403][ T5912] usb 5-1: config 2 interface 169 altsetting 0 endpoint 0x8B has invalid maxpacket 58232, setting to 1024
[  473.997005][ T5912] usb 5-1: New USB device found, idVendor=1163, idProduct=0200, bcdDevice=b8.92
[  474.056706][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  474.091008][ T5912] cypress_m8 5-1:2.169: DeLorme Earthmate USB converter detected
[  474.125717][ T5912] earthmate ttyUSB0: required endpoint is missing
[  474.297713][ T5912] usb 5-1: USB disconnect, device number 12
[  474.318432][ T5912] cypress_m8 5-1:2.169: device disconnected
[  475.904544][ T9478] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  475.910997][ T9478] [U] J"—e:ÀÆ"


[  477.553199][ T9484] netlink: 252 bytes leftover after parsing attributes in process `syz.3.983'.
[  478.564239][ T9506] netlink: 28 bytes leftover after parsing attributes in process `syz.0.991'.
[  478.580244][ T9506] netlink: 'syz.0.991': attribute type 7 has an invalid length.
[  478.660140][ T9506] netlink: 'syz.0.991': attribute type 8 has an invalid length.
[  478.667818][ T9506] netlink: 4 bytes leftover after parsing attributes in process `syz.0.991'.
[  478.716506][ T9506] erspan0: entered promiscuous mode
[  478.726082][ T9506] batadv_slave_1: entered promiscuous mode
[  485.158633][ T9554] Invalid logical block size (8210)
[  489.411027][ T9605] netlink: 'syz.0.1019': attribute type 23 has an invalid length.
[  490.094754][ T9605] ALSA: mixer_oss: invalid OSS volume 'LI'
[  490.346588][   T55] usb 4-1: new full-speed USB device number 20 using dummy_hcd
[  490.872809][   T55] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  490.888958][   T55] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  490.899040][   T55] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  490.909025][   T55] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  491.540460][   T55] usb 4-1: config 0 descriptor??
[  491.548407][   T55] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  491.590145][   T55] dvb-usb: bulk message failed: -22 (3/0)
[  492.131725][   T55] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  492.164053][ T9608] IPVS: set_ctl: invalid protocol: 94 172.20.20.62:20000
[  492.190736][   T55] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  492.199274][   T55] usb 4-1: media controller created
[  492.214340][ T9608] dvb-usb: bulk message failed: -22 (4/0)
[  492.249197][   T55] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  492.302468][   T55] dvb-usb: bulk message failed: -22 (6/0)
[  492.302717][   T55] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  492.314824][   T55] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input8
[  492.316935][   T55] dvb-usb: schedule remote query interval to 150 msecs.
[  492.355298][   T55] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  492.532879][   T55] dvb-usb: bulk message failed: -22 (1/0)
[  492.539997][   T55] dvb-usb: error while querying for an remote control event.
[  493.002634][   T55] dvb-usb: bulk message failed: -22 (1/0)
[  493.002699][   T55] dvb-usb: error while querying for an remote control event.
[  493.013543][   T55] usb 4-1: USB disconnect, device number 20
[  493.094057][   T55] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  493.690849][ T5912] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  494.133534][ T5912] usb 5-1: Using ep0 maxpacket: 8
[  494.141712][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  494.141755][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  494.141778][ T5912] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  494.141803][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  494.141825][ T5912] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  494.141866][ T5912] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  494.141889][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  494.144972][ T5912] usb 5-1: config 0 descriptor??
[  494.177945][ T5833] Bluetooth: hci5: urb ffff888143f40500 submission failed (90)
[  495.477636][ T9673] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1039'.
[  495.512557][ T5893] usb 5-1: USB disconnect, device number 13
[  495.513514][ T9673] netlink: 'syz.1.1039': attribute type 7 has an invalid length.
[  495.573530][ T9673] netlink: 'syz.1.1039': attribute type 8 has an invalid length.
[  495.585672][ T9673] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1039'.
[  495.644916][ T9673] erspan0: entered promiscuous mode
[  495.666570][ T9673] batadv_slave_1: entered promiscuous mode
[  495.868398][ T9673] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  495.944949][ T9673] Cannot create hsr debugfs directory
[  498.561833][ T5893] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  499.607537][ T5893] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  499.626530][ T9726] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1056'.
[  500.603766][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.646482][ T5893] usb 5-1: Product: syz
[  500.651972][ T5893] usb 5-1: Manufacturer: syz
[  500.658880][ T5893] usb 5-1: SerialNumber: syz
[  500.673635][ T5893] usb 5-1: config 0 descriptor??
[  500.709324][ T5893] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 014
[  501.655597][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  501.662181][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  503.522102][ T5893] i2c i2c-1: failure reading functionality
[  503.537381][ T5893] i2c i2c-1: connected i2c-tiny-usb device
[  503.642091][ T5893] usb 5-1: USB disconnect, device number 14
[  507.442103][ T9792] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  507.460709][ T9792] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  507.572069][   T24] usb 4-1: new low-speed USB device number 21 using dummy_hcd
[  507.589534][ T9792] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  507.647150][ T9792] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  507.840176][   T24] usb 4-1: device descriptor read/64, error -71
[  508.223246][   T24] usb 4-1: new low-speed USB device number 22 using dummy_hcd
[  508.500274][   T24] usb 4-1: device descriptor read/64, error -71
[  508.855000][   T24] usb usb4-port1: attempt power cycle
[  510.385176][   T24] usb 4-1: new low-speed USB device number 23 using dummy_hcd
[  510.605599][   T24] usb 4-1: device not accepting address 23, error -71
[  511.707144][ T9839] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  511.713790][ T9839] [U] J"—e:ÀÆ"


[  512.774755][ T9859] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  512.797544][ T9859] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  512.808616][ T9859] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  512.824356][ T9859] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  515.472940][ T9899] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  516.406735][ T9904] 9pnet_fd: Insufficient options for proto=fd
[  518.500625][ T9902] vxcan1: entered allmulticast mode
[  518.506116][ T9906] vxcan1: left allmulticast mode
[  519.357082][ T9916] netlink: 'syz.1.1107': attribute type 23 has an invalid length.
[  519.941711][ T9916] ALSA: mixer_oss: invalid OSS volume 'LI'
[  523.288877][ T9961] netlink: 'syz.0.1119': attribute type 23 has an invalid length.
[  523.569424][ T9967] ALSA: mixer_oss: invalid OSS volume 'LI'
[  527.102513][ T9995] xt_hashlimit: max too large, truncated to 1048576
[  527.177960][T10007] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1132'.
[  527.240084][T10007] netlink: 'syz.4.1132': attribute type 7 has an invalid length.
[  527.359826][T10007] netlink: 'syz.4.1132': attribute type 8 has an invalid length.
[  527.380346][T10007] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1132'.
[  527.456908][T10007] erspan0: entered promiscuous mode
[  527.485642][T10007] batadv_slave_1: entered promiscuous mode
[  527.519510][T10007] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  527.529471][T10007] Cannot create hsr debugfs directory
[  530.439825][T10034] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  530.740989][T10042] vxcan1: entered allmulticast mode
[  531.346605][T10042] vxcan1: left allmulticast mode
[  534.813410][   T55] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  535.210287][   T55] usb 2-1: Using ep0 maxpacket: 8
[  535.218188][   T55] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0x82 has invalid maxpacket 24385, setting to 1024
[  535.240195][   T55] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0x82 has invalid maxpacket 1024
[  535.311518][   T55] usb 2-1: config 1 interface 0 has no altsetting 0
[  535.784321][   T55] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  535.793628][   T55] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  535.806064][   T55] usb 2-1: Product: syz
[  535.815754][   T55] usb 2-1: Manufacturer: syz
[  535.850057][   T55] usb 2-1: SerialNumber: syz
[  535.868137][T10074] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  536.637500][   T55] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -71
[  536.826761][   T55] usb 2-1: USB disconnect, device number 17
[  536.917208][T10102] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  537.368806][T10109] vxcan1: entered allmulticast mode
[  537.818146][T10116] vxcan1: left allmulticast mode
[  541.009599][T10150] ALSA: mixer_oss: invalid OSS volume 'u'
[  545.890295][ T5912] usb 2-1: new full-speed USB device number 18 using dummy_hcd
[  547.020887][ T5912] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  547.238310][ T5912] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x93, changing to 0x83
[  547.311174][ T5912] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  547.436483][ T5912] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  547.549740][ T5912] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  547.645760][ T5912] usb 2-1: New USB device found, idVendor=15c2, idProduct=003b, bcdDevice=66.3e
[  547.677206][ T5912] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  547.713924][ T5912] usb 2-1: Product: syz
[  547.747109][ T5912] usb 2-1: Manufacturer: syz
[  547.779592][ T5912] usb 2-1: SerialNumber: syz
[  547.823218][ T5912] usb 2-1: config 0 descriptor??
[  547.964613][T10211] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  547.977759][ T5912] imon:imon_init_intf0: usb_submit_urb failed for intf0 (-90)
[  548.008504][ T5912] imon 2-1:0.0: unable to initialize intf0, err -90
[  548.062662][ T5912] imon:imon_probe: failed to initialize context!
[  548.111205][ T5912] imon 2-1:0.0: unable to register, err -19
[  548.406815][T10217] vxcan1: entered allmulticast mode
[  548.455311][T10218] vxcan1: left allmulticast mode
[  548.610495][ T5912] usb 2-1: USB disconnect, device number 18
[  553.414168][   T30] kauditd_printk_skb: 98 callbacks suppressed
[  553.414189][   T30] audit: type=1800 audit(1750598499.320:267): pid=10264 uid=0 auid=4294967295 ses=4294967295 subj=_ op=set_data cause=unavailable-hash-algorithm comm="syz.4.1209" name="/" dev="sockfs" ino=24325 res=0 errno=0
[  555.407011][T10300] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1217'.
[  562.286662][T10335] lo speed is unknown, defaulting to 1000
[  562.483783][T10344] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  562.673329][T10353] vxcan1: entered allmulticast mode
[  562.679273][T10353] vxcan1: left allmulticast mode
[  563.170852][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  563.178744][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  566.140159][ T5991] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  567.055349][ T5991] usb 5-1: Using ep0 maxpacket: 16
[  567.095084][ T5991] usb 5-1: config 1 has an invalid descriptor of length 111, skipping remainder of the config
[  567.311696][T10393] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1244'.
[  567.658863][ T5991] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 108, changing to 10
[  567.747346][ T5991] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 25152, setting to 1024
[  567.801263][ T5991] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  567.894727][ T5991] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  567.951988][ T5991] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  568.029429][ T5991] usb 5-1: SerialNumber: syz
[  568.113956][ T5991] usb 5-1: can't set config #1, error -71
[  568.135637][T10399] netlink: 'syz.0.1246': attribute type 23 has an invalid length.
[  568.145258][ T5991] usb 5-1: USB disconnect, device number 15
[  568.911845][T10410] ALSA: mixer_oss: invalid OSS volume 'LI'
[  569.031206][T10411] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  569.250064][    T9] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  570.172744][T10422] vxcan1: entered allmulticast mode
[  570.446724][    T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  570.677985][T10422] vxcan1: left allmulticast mode
[  570.710736][    T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  570.722073][    T9] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  570.731546][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  570.739700][    T9] usb 5-1: SerialNumber: syz
[  571.144889][T10440] netlink: 'syz.3.1259': attribute type 10 has an invalid length.
[  571.169092][T10440] 8021q: adding VLAN 0 to HW filter on device team0
[  571.184689][T10440] bond0: (slave team0): Enslaving as an active interface with an up link
[  572.154216][    T9] usb 5-1: 0:2 : does not exist
[  572.297503][    T9] usb 5-1: USB disconnect, device number 16
[  573.437558][T10458] netlink: 'syz.3.1264': attribute type 23 has an invalid length.
[  574.099271][T10460] ALSA: mixer_oss: invalid OSS volume 'LI'
[  574.511123][T10470] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  574.534352][T10470] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  574.580193][T10470] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  574.603887][T10470] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  575.098130][T10481] capability: warning: `syz.4.1272' uses 32-bit capabilities (legacy support in use)
[  577.718877][T10499] Invalid logical block size (8210)
[  578.016689][T10503] netlink: 'syz.3.1278': attribute type 23 has an invalid length.
[  578.877999][T10505] ALSA: mixer_oss: invalid OSS volume 'LI'
[  579.152319][T10520] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  579.177917][T10520] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  579.204972][T10520] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  579.279985][T10520] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  582.641406][T10559] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1291'.
[  583.638909][T10568] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1296'.
[  587.233876][T10590] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1302'.
[  587.590050][   T55] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  587.753878][T10601] netlink: 252 bytes leftover after parsing attributes in process `syz.4.1305'.
[  587.912879][T10593] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1302'.
[  588.185247][   T55] usb 3-1: Using ep0 maxpacket: 32
[  588.227451][   T55] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  588.262184][   T55] usb 3-1: config 0 has no interface number 0
[  588.268385][   T55] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  588.333533][   T55] usb 3-1: config 0 interface 85 has no altsetting 0
[  588.367340][   T55] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  588.398020][   T55] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  588.433311][T10608] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1306'.
[  589.220224][   T55] usb 3-1: Product: syz
[  589.229421][   T55] usb 3-1: Manufacturer: syz
[  589.261184][   T55] usb 3-1: SerialNumber: syz
[  589.268008][   T55] usb 3-1: config 0 descriptor??
[  589.593914][   T55] appletouch 3-1:0.85: Failed to read mode from device.
[  589.605195][   T55] appletouch 3-1:0.85: probe with driver appletouch failed with error -5
[  592.199303][   T55] usb 3-1: USB disconnect, device number 9
[  593.086915][T10648] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1318'.
[  594.465073][T10657] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2
[  594.475807][T10657] netdevsim netdevsim1: Falling back to sysfs fallback for: ./file0
[  594.990586][T10659] FAULT_INJECTION: forcing a failure.
[  594.990586][T10659] name failslab, interval 1, probability 0, space 0, times 0
[  595.077532][T10659] CPU: 1 UID: 0 PID: 10659 Comm: syz.0.1322 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  595.077567][T10659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  595.077580][T10659] Call Trace:
[  595.077590][T10659]  <TASK>
[  595.077600][T10659]  dump_stack_lvl+0x189/0x250
[  595.077636][T10659]  ? __pfx____ratelimit+0x10/0x10
[  595.077665][T10659]  ? __pfx_dump_stack_lvl+0x10/0x10
[  595.077694][T10659]  ? __pfx__printk+0x10/0x10
[  595.077733][T10659]  ? __pfx___might_resched+0x10/0x10
[  595.077760][T10659]  ? fs_reclaim_acquire+0x7d/0x100
[  595.077795][T10659]  should_fail_ex+0x414/0x560
[  595.077827][T10659]  should_failslab+0xa8/0x100
[  595.077856][T10659]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  595.077882][T10659]  ? __alloc_skb+0x112/0x2d0
[  595.077910][T10659]  __alloc_skb+0x112/0x2d0
[  595.077937][T10659]  netlink_ack+0x146/0xa50
[  595.077957][T10659]  ? __pfx_genl_rcv_msg+0x10/0x10
[  595.077982][T10659]  ? ref_tracker_free+0x63a/0x7d0
[  595.078012][T10659]  ? __pfx_ref_tracker_free+0x10/0x10
[  595.078051][T10659]  netlink_rcv_skb+0x28c/0x470
[  595.078076][T10659]  ? __pfx_genl_rcv_msg+0x10/0x10
[  595.078118][T10659]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  595.078163][T10659]  ? down_read+0x1ad/0x2e0
[  595.078187][T10659]  genl_rcv+0x28/0x40
[  595.078212][T10659]  netlink_unicast+0x75b/0x8d0
[  595.078248][T10659]  netlink_sendmsg+0x805/0xb30
[  595.078284][T10659]  ? __pfx_netlink_sendmsg+0x10/0x10
[  595.078318][T10659]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  595.078343][T10659]  ? __pfx_netlink_sendmsg+0x10/0x10
[  595.078366][T10659]  __sock_sendmsg+0x21c/0x270
[  595.078400][T10659]  ____sys_sendmsg+0x505/0x830
[  595.078431][T10659]  ? __pfx_____sys_sendmsg+0x10/0x10
[  595.078469][T10659]  ? import_iovec+0x74/0xa0
[  595.078493][T10659]  ___sys_sendmsg+0x21f/0x2a0
[  595.078522][T10659]  ? __pfx____sys_sendmsg+0x10/0x10
[  595.078601][T10659]  ? __fget_files+0x2a/0x420
[  595.078627][T10659]  ? __fget_files+0x3a0/0x420
[  595.078667][T10659]  __x64_sys_sendmsg+0x19b/0x260
[  595.078696][T10659]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  595.078734][T10659]  ? __pfx_ksys_write+0x10/0x10
[  595.078754][T10659]  ? rcu_is_watching+0x15/0xb0
[  595.078790][T10659]  ? do_syscall_64+0xbe/0x3b0
[  595.078824][T10659]  do_syscall_64+0xfa/0x3b0
[  595.078855][T10659]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  595.078875][T10659]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  595.078894][T10659]  ? clear_bhb_loop+0x60/0xb0
[  595.078920][T10659]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  595.078939][T10659] RIP: 0033:0x7f82ad18e929
[  595.078958][T10659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  595.078976][T10659] RSP: 002b:00007f82adfd7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  595.079000][T10659] RAX: ffffffffffffffda RBX: 00007f82ad3b5fa0 RCX: 00007f82ad18e929
[  595.079015][T10659] RDX: 0000000004000040 RSI: 0000200000000500 RDI: 0000000000000003
[  595.079029][T10659] RBP: 00007f82adfd7090 R08: 0000000000000000 R09: 0000000000000000
[  595.079042][T10659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  595.079053][T10659] R13: 0000000000000000 R14: 00007f82ad3b5fa0 R15: 00007ffc710bfe08
[  595.079088][T10659]  </TASK>
[  595.397005][    C1] vkms_vblank_simulate: vblank timer overrun
[  597.959940][   T55] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  598.960761][   T55] usb 5-1: Using ep0 maxpacket: 8
[  599.100130][   T55] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  599.492698][   T55] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  599.522639][   T55] usb 5-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=f8.63
[  599.559454][   T55] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  599.568195][   T55] usb 5-1: Product: syz
[  599.572754][   T55] usb 5-1: Manufacturer: syz
[  599.577478][   T55] usb 5-1: SerialNumber: syz
[  599.589476][   T55] usb 5-1: config 0 descriptor??
[  599.797942][T10682] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  599.828810][T10682] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  601.011928][T10713] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  601.063704][   T55] usb 5-1: USB disconnect, device number 17
[  601.161563][T10718] vxcan1: entered allmulticast mode
[  601.161849][T10718] vxcan1: left allmulticast mode
[  603.304452][   T55] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  603.960099][   T55] usb 2-1: Using ep0 maxpacket: 8
[  603.988739][   T55] usb 2-1: too many configurations: 14, using maximum allowed: 8
[  604.012761][   T55] usb 2-1: unable to read config index 0 descriptor/start: -61
[  604.034703][   T55] usb 2-1: can't read configurations, error -61
[  604.220025][   T55] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  604.383210][T10747] netlink: 252 bytes leftover after parsing attributes in process `syz.2.1353'.
[  604.498464][   T55] usb 2-1: Using ep0 maxpacket: 8
[  604.602437][   T55] usb 2-1: too many configurations: 14, using maximum allowed: 8
[  604.856720][T10753] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  604.866569][T10753] [U] J"—e:ÀÆ"


[  605.333960][   T55] usb 2-1: unable to read config index 0 descriptor/start: -61
[  605.344666][   T55] usb 2-1: can't read configurations, error -61
[  605.371966][   T55] usb usb2-port1: attempt power cycle
[  608.001377][T10785] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1364'.
[  608.044518][T10785] openvswitch: netlink: Missing key (keys=40, expected=80)
[  608.113235][T10785] netlink: 180 bytes leftover after parsing attributes in process `syz.4.1364'.
[  610.773205][T10807] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  610.960541][ T5912] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  611.529992][ T5912] usb 1-1: Using ep0 maxpacket: 8
[  611.609087][T10821] vxcan1: entered allmulticast mode
[  611.617063][ T5912] usb 1-1: too many configurations: 14, using maximum allowed: 8
[  611.630053][T10821] vxcan1: left allmulticast mode
[  611.679122][ T5912] usb 1-1: unable to read config index 0 descriptor/start: -61
[  611.696354][ T5912] usb 1-1: can't read configurations, error -61
[  611.840350][ T5912] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  612.579992][ T5912] usb 1-1: Using ep0 maxpacket: 8
[  612.586058][ T5912] usb 1-1: too many configurations: 14, using maximum allowed: 8
[  612.593392][T10829] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1378'.
[  612.607380][ T5912] usb 1-1: unable to read config index 0 descriptor/start: -61
[  612.632190][ T5912] usb 1-1: can't read configurations, error -61
[  612.656687][ T5912] usb usb1-port1: attempt power cycle
[  613.100080][ T5912] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  613.742361][T10840] fuse: Bad value for 'fd'
[  613.743800][T10840] xt_hashlimit: max too large, truncated to 1048576
[  613.807068][ T5912] usb 1-1: device descriptor read/8, error -71
[  614.989953][T10846] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1383'.
[  615.988929][T10862] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1389'.
[  616.814231][T10870] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1393'.
[  616.830085][T10870] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1393'.
[  617.063135][T10876] fuse: Bad value for 'fd'
[  617.068563][T10876] xt_hashlimit: max too large, truncated to 1048576
[  617.860761][T10882] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1396'.
[  617.980900][T10883] FAULT_INJECTION: forcing a failure.
[  617.980900][T10883] name failslab, interval 1, probability 0, space 0, times 0
[  617.994323][T10883] CPU: 1 UID: 0 PID: 10883 Comm: syz.2.1397 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  617.994352][T10883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  617.994365][T10883] Call Trace:
[  617.994373][T10883]  <TASK>
[  617.994382][T10883]  dump_stack_lvl+0x189/0x250
[  617.994418][T10883]  ? __pfx____ratelimit+0x10/0x10
[  617.994449][T10883]  ? __pfx_dump_stack_lvl+0x10/0x10
[  617.994480][T10883]  ? __pfx__printk+0x10/0x10
[  617.994518][T10883]  should_fail_ex+0x414/0x560
[  617.994550][T10883]  should_failslab+0xa8/0x100
[  617.994581][T10883]  kmem_cache_alloc_noprof+0x73/0x3c0
[  617.994605][T10883]  ? skb_clone+0x212/0x3a0
[  617.994628][T10883]  ? run_filter+0x23/0x270
[  617.994661][T10883]  skb_clone+0x212/0x3a0
[  617.994686][T10883]  ? packet_rcv+0x567/0x1590
[  617.994714][T10883]  packet_rcv+0x6d6/0x1590
[  617.994749][T10883]  ? __pfx_packet_rcv+0x10/0x10
[  617.994774][T10883]  dev_queue_xmit_nit+0x3f1/0xcc0
[  617.994798][T10883]  ? dev_queue_xmit_nit+0x2d/0xcc0
[  617.994835][T10883]  dev_hard_start_xmit+0x1be/0x830
[  617.994884][T10883]  __dev_queue_xmit+0x1adf/0x3a70
[  617.994917][T10883]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  617.994945][T10883]  ? __dev_queue_xmit+0x27e/0x3a70
[  617.994975][T10883]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  617.995009][T10883]  ? __pfx___dev_queue_xmit+0x10/0x10
[  617.995056][T10883]  ? __copy_skb_header+0xa7/0x550
[  617.995084][T10883]  ? __asan_memcpy+0x40/0x70
[  617.995105][T10883]  ? __skb_clone+0x63/0x7a0
[  617.995147][T10883]  ? __skb_clone+0x483/0x7a0
[  617.995183][T10883]  ? skb_clone+0x246/0x3a0
[  617.995214][T10883]  __netlink_deliver_tap+0x5ad/0x850
[  617.995253][T10883]  ? netlink_deliver_tap+0x2e/0x1b0
[  617.995279][T10883]  netlink_deliver_tap+0x19c/0x1b0
[  617.995305][T10883]  netlink_unicast+0x72f/0x8d0
[  617.995340][T10883]  netlink_sendmsg+0x805/0xb30
[  617.995377][T10883]  ? __pfx_netlink_sendmsg+0x10/0x10
[  617.995412][T10883]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  617.995437][T10883]  ? __pfx_netlink_sendmsg+0x10/0x10
[  617.995464][T10883]  __sock_sendmsg+0x21c/0x270
[  617.995500][T10883]  ____sys_sendmsg+0x505/0x830
[  617.995533][T10883]  ? __pfx_____sys_sendmsg+0x10/0x10
[  617.995569][T10883]  ? import_iovec+0x74/0xa0
[  617.995594][T10883]  ___sys_sendmsg+0x21f/0x2a0
[  617.995622][T10883]  ? __pfx____sys_sendmsg+0x10/0x10
[  617.995690][T10883]  ? __fget_files+0x2a/0x420
[  617.995717][T10883]  ? __fget_files+0x3a0/0x420
[  617.995758][T10883]  __x64_sys_sendmsg+0x19b/0x260
[  617.995788][T10883]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  617.995826][T10883]  ? __pfx_ksys_write+0x10/0x10
[  617.995848][T10883]  ? rcu_is_watching+0x15/0xb0
[  617.995885][T10883]  ? do_syscall_64+0xbe/0x3b0
[  617.995920][T10883]  do_syscall_64+0xfa/0x3b0
[  617.995949][T10883]  ? lockdep_hardirqs_on+0x9c/0x150
[  617.995978][T10883]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  617.995999][T10883]  ? clear_bhb_loop+0x60/0xb0
[  617.996025][T10883]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  617.996045][T10883] RIP: 0033:0x7fcebad8e929
[  617.996065][T10883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  617.996083][T10883] RSP: 002b:00007fcebbb64038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  617.996106][T10883] RAX: ffffffffffffffda RBX: 00007fcebafb5fa0 RCX: 00007fcebad8e929
[  617.996122][T10883] RDX: 0000000000000800 RSI: 00002000000000c0 RDI: 000000000000001a
[  617.996135][T10883] RBP: 00007fcebbb64090 R08: 0000000000000000 R09: 0000000000000000
[  617.996156][T10883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  617.996169][T10883] R13: 0000000000000000 R14: 00007fcebafb5fa0 R15: 00007ffce845dba8
[  617.996204][T10883]  </TASK>
[  618.500057][   T24] usb 4-1: new low-speed USB device number 25 using dummy_hcd
[  619.033208][   T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  619.053311][   T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  619.077816][   T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  619.116380][   T24] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  619.175855][   T24] usb 4-1: string descriptor 0 read error: -22
[  619.398029][   T24] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  619.428293][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  619.463945][   T24] usb 4-1: 0:2 : does not exist
[  619.622028][T10899] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  619.800926][   T24] usb 4-1: USB disconnect, device number 25
[  619.839489][T10901] vxcan1: entered allmulticast mode
[  619.859399][T10901] vxcan1: left allmulticast mode
[  621.520864][T10919] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1404'.
[  622.478637][T10923] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1407'.
[  622.487998][T10923] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1407'.
[  624.560978][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  624.567354][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  627.330197][T10957] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1419'.
[  627.377628][T10957] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1419'.
[  629.883937][ T5912] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  630.040091][ T5912] usb 1-1: Using ep0 maxpacket: 16
[  630.082887][ T5912] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  630.105778][ T5912] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  630.145056][ T5912] usb 1-1: Product: syz
[  630.160259][ T5912] usb 1-1: Manufacturer: syz
[  630.170314][ T5912] usb 1-1: SerialNumber: syz
[  630.210658][ T5912] r8152-cfgselector 1-1: Unknown version 0x0000
[  630.227396][ T5912] r8152-cfgselector 1-1: config 0 descriptor??
[  630.396555][T11008] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1437'.
[  631.385782][ T1216] r8152-cfgselector 1-1: USB disconnect, device number 23
[  631.716585][ T1216] usb 1-1: new full-speed USB device number 24 using dummy_hcd
[  631.966155][ T1216] usb 1-1: not running at top speed; connect to a high speed hub
[  632.080389][ T1216] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  632.408504][ T1216] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 10539, setting to 64
[  632.427576][ T1216] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  632.440502][ T1216] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  632.579036][ T1216] usb 1-1: Product: á°ƒ
[  632.583399][ T1216] usb 1-1: Manufacturer: 葑⭒ᛕ쯶㣳늻➢怤쨑Ꚉ櫡墻呻ꑯ巅⅓ᶊ�ꞥ�Û濠乣⛆⮔淭뤈퀲䚹㩅
[  632.596260][ T1216] usb 1-1: SerialNumber: 튬�鸠螬篽墮楰ᓔﴮ�ꖷ值ꉰ㘂縎䤇癎ꭻ�东�跿顑���艫悫䮫鴲ズ馠汧㪂掗혉㚅㽄癄�틾膭躋৯矣��⌡똤ꜜ면枞ѷ�䴶䫧⓱㊹ᤲ캣뻔칙
[  632.693208][ T1216] usb 1-1: can't set config #1, error -71
[  632.731822][ T1216] usb 1-1: USB disconnect, device number 24
[  633.250598][   T43] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  633.309978][T11030] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  633.317355][T11030] [U] J"—e:ÀÆ"


[  633.646123][   T43] usb 3-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=47.78
[  633.656285][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  633.664473][   T43] usb 3-1: Product: syz
[  633.668779][   T43] usb 3-1: Manufacturer: syz
[  633.673539][   T43] usb 3-1: SerialNumber: syz
[  635.230367][   T43] usb 3-1: USB disconnect, device number 10
[  638.664731][ T1216] usb 4-1: new full-speed USB device number 26 using dummy_hcd
[  639.028768][T11077] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1457'.
[  639.079974][ T1216] usb 4-1: device descriptor read/64, error -71
[  639.331440][ T1216] usb 4-1: new full-speed USB device number 27 using dummy_hcd
[  639.588238][ T1216] usb 4-1: device descriptor read/64, error -71
[  639.777862][ T1216] usb usb4-port1: attempt power cycle
[  640.242451][T11102] FAULT_INJECTION: forcing a failure.
[  640.242451][T11102] name failslab, interval 1, probability 0, space 0, times 0
[  640.283801][T11104] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  640.283801][T11104] The task syz.0.1463 (11104) triggered the difference, watch for misbehavior.
[  640.330698][T11102] CPU: 1 UID: 0 PID: 11102 Comm: syz.2.1464 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  640.330739][T11102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  640.330752][T11102] Call Trace:
[  640.330759][T11102]  <TASK>
[  640.330765][T11102]  dump_stack_lvl+0x189/0x250
[  640.330794][T11102]  ? __pfx____ratelimit+0x10/0x10
[  640.330817][T11102]  ? __pfx_dump_stack_lvl+0x10/0x10
[  640.330841][T11102]  ? __pfx__printk+0x10/0x10
[  640.330861][T11102]  ? __pfx___might_resched+0x10/0x10
[  640.330883][T11102]  ? fs_reclaim_acquire+0x7d/0x100
[  640.330912][T11102]  should_fail_ex+0x414/0x560
[  640.330941][T11102]  should_failslab+0xa8/0x100
[  640.330964][T11102]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  640.330986][T11102]  ? __alloc_skb+0x112/0x2d0
[  640.331008][T11102]  __alloc_skb+0x112/0x2d0
[  640.331034][T11102]  netlink_ack+0x146/0xa50
[  640.331052][T11102]  ? __pfx_genl_rcv_msg+0x10/0x10
[  640.331077][T11102]  ? ref_tracker_free+0x63a/0x7d0
[  640.331099][T11102]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  640.331124][T11102]  ? __pfx_nl80211_post_doit+0x10/0x10
[  640.331150][T11102]  ? __pfx_ref_tracker_free+0x10/0x10
[  640.331189][T11102]  netlink_rcv_skb+0x28c/0x470
[  640.331212][T11102]  ? __pfx_genl_rcv_msg+0x10/0x10
[  640.331241][T11102]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  640.331282][T11102]  ? down_read+0x1ad/0x2e0
[  640.331304][T11102]  genl_rcv+0x28/0x40
[  640.331327][T11102]  netlink_unicast+0x75b/0x8d0
[  640.331360][T11102]  netlink_sendmsg+0x805/0xb30
[  640.331394][T11102]  ? __pfx_netlink_sendmsg+0x10/0x10
[  640.331428][T11102]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  640.331451][T11102]  ? __pfx_netlink_sendmsg+0x10/0x10
[  640.331487][T11102]  __sock_sendmsg+0x21c/0x270
[  640.331522][T11102]  ____sys_sendmsg+0x505/0x830
[  640.331554][T11102]  ? __pfx_____sys_sendmsg+0x10/0x10
[  640.331591][T11102]  ? import_iovec+0x74/0xa0
[  640.331613][T11102]  ___sys_sendmsg+0x21f/0x2a0
[  640.331641][T11102]  ? __pfx____sys_sendmsg+0x10/0x10
[  640.331711][T11102]  ? __fget_files+0x2a/0x420
[  640.331745][T11102]  ? __fget_files+0x3a0/0x420
[  640.331785][T11102]  __x64_sys_sendmsg+0x19b/0x260
[  640.331813][T11102]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  640.331850][T11102]  ? __pfx_ksys_write+0x10/0x10
[  640.331881][T11102]  ? do_syscall_64+0xbe/0x3b0
[  640.331915][T11102]  do_syscall_64+0xfa/0x3b0
[  640.331942][T11102]  ? lockdep_hardirqs_on+0x9c/0x150
[  640.331970][T11102]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.331990][T11102]  ? clear_bhb_loop+0x60/0xb0
[  640.332013][T11102]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.332032][T11102] RIP: 0033:0x7fcebad8e929
[  640.332052][T11102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  640.332070][T11102] RSP: 002b:00007fcebbb43038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  640.332093][T11102] RAX: ffffffffffffffda RBX: 00007fcebafb6080 RCX: 00007fcebad8e929
[  640.332108][T11102] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  640.332121][T11102] RBP: 00007fcebbb43090 R08: 0000000000000000 R09: 0000000000000000
[  640.332134][T11102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  640.332146][T11102] R13: 0000000000000001 R14: 00007fcebafb6080 R15: 00007ffce845dba8
[  640.332180][T11102]  </TASK>
[  640.355233][T11109] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  640.703183][T11109] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  640.727486][T11109] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  640.735743][T11109] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  641.893360][T11131] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1472'.
[  645.225101][T11159] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1478'.
[  646.693800][T11181] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1483'.
[  646.897137][T11187] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1485'.
[  648.173252][T11204] FAULT_INJECTION: forcing a failure.
[  648.173252][T11204] name (null), interval 1, probability 0, space 0, times 1
[  648.242436][T11204] CPU: 0 UID: 0 PID: 11204 Comm: syz.2.1491 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  648.242469][T11204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  648.242483][T11204] Call Trace:
[  648.242491][T11204]  <TASK>
[  648.242501][T11204]  dump_stack_lvl+0x189/0x250
[  648.242536][T11204]  ? __pfx____ratelimit+0x10/0x10
[  648.242565][T11204]  ? __pfx_dump_stack_lvl+0x10/0x10
[  648.242600][T11204]  ? __pfx__printk+0x10/0x10
[  648.242625][T11204]  ? blk_mq_submit_bio+0x1750/0x22d0
[  648.242663][T11204]  should_fail_ex+0x414/0x560
[  648.242702][T11204]  null_queue_rq+0x244/0xe30
[  648.242745][T11204]  null_queue_rqs+0x123/0x270
[  648.242777][T11204]  ? blk_mq_dispatch_queue_requests+0x11a/0x800
[  648.242807][T11204]  blk_mq_dispatch_queue_requests+0x417/0x800
[  648.242842][T11204]  blk_mq_flush_plug_list+0x432/0x550
[  648.242874][T11204]  ? filemap_get_folios_tag+0x53b/0x630
[  648.242897][T11204]  ? filemap_get_folios_tag+0xed/0x630
[  648.242919][T11204]  ? __pfx_blk_mq_flush_plug_list+0x10/0x10
[  648.242945][T11204]  ? __pfx_filemap_get_folios_tag+0x10/0x10
[  648.242978][T11204]  __blk_flush_plug+0x3d3/0x4b0
[  648.243013][T11204]  ? __pfx___blk_flush_plug+0x10/0x10
[  648.243052][T11204]  blk_finish_plug+0x5e/0x90
[  648.243081][T11204]  blkdev_writepages+0x10e/0x170
[  648.243112][T11204]  ? __pfx_blkdev_writepages+0x10/0x10
[  648.243160][T11204]  ? do_raw_spin_unlock+0x122/0x240
[  648.243182][T11204]  ? __pfx_blkdev_writepages+0x10/0x10
[  648.243212][T11204]  do_writepages+0x32b/0x550
[  648.243253][T11204]  ? do_raw_spin_unlock+0x122/0x240
[  648.243279][T11204]  filemap_write_and_wait_range+0x217/0x310
[  648.243299][T11204]  ? is_bpf_text_address+0x292/0x2b0
[  648.243330][T11204]  ? __pfx_filemap_write_and_wait_range+0x10/0x10
[  648.243398][T11204]  ? kasan_save_track+0x4f/0x80
[  648.243418][T11204]  ? kasan_save_track+0x3e/0x80
[  648.243437][T11204]  ? __kasan_slab_alloc+0x6c/0x80
[  648.243459][T11204]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  648.243479][T11204]  ? io_submit_one+0x11f/0x1310
[  648.243505][T11204]  ? do_syscall_64+0xfa/0x3b0
[  648.243548][T11204]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.243567][T11204]  ? kiocb_write_and_wait+0xad/0x1b0
[  648.243593][T11204]  blkdev_read_iter+0x199/0x440
[  648.243622][T11204]  aio_read+0x311/0x470
[  648.243656][T11204]  ? __pfx_aio_read+0x10/0x10
[  648.243710][T11204]  ? __might_fault+0xb0/0x130
[  648.243757][T11204]  io_submit_one+0x768/0x1310
[  648.243803][T11204]  ? __pfx_io_submit_one+0x10/0x10
[  648.243830][T11204]  ? __might_fault+0xb0/0x130
[  648.243867][T11204]  ? __might_fault+0xb0/0x130
[  648.243895][T11204]  __se_sys_io_submit+0x185/0x2f0
[  648.243923][T11204]  ? __pfx___se_sys_io_submit+0x10/0x10
[  648.243943][T11204]  ? ksys_write+0x22a/0x250
[  648.243980][T11204]  ? do_syscall_64+0xbe/0x3b0
[  648.244013][T11204]  do_syscall_64+0xfa/0x3b0
[  648.244040][T11204]  ? lockdep_hardirqs_on+0x9c/0x150
[  648.244067][T11204]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.244087][T11204]  ? clear_bhb_loop+0x60/0xb0
[  648.244113][T11204]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.244132][T11204] RIP: 0033:0x7fcebad8e929
[  648.244152][T11204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  648.244170][T11204] RSP: 002b:00007fcebbb64038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  648.244193][T11204] RAX: ffffffffffffffda RBX: 00007fcebafb5fa0 RCX: 00007fcebad8e929
[  648.244208][T11204] RDX: 0000200000000080 RSI: 0000000000000002 RDI: 00007fcebbb3b000
[  648.244221][T11204] RBP: 00007fcebbb64090 R08: 0000000000000000 R09: 0000000000000000
[  648.244233][T11204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  648.244245][T11204] R13: 0000000000000000 R14: 00007fcebafb5fa0 R15: 00007ffce845dba8
[  648.244279][T11204]  </TASK>
[  648.620949][    C0] vkms_vblank_simulate: vblank timer overrun
[  649.181428][T11215] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1496'.
[  649.200368][T11215] FAULT_INJECTION: forcing a failure.
[  649.200368][T11215] name failslab, interval 1, probability 0, space 0, times 0
[  649.214135][T11215] CPU: 0 UID: 0 PID: 11215 Comm: syz.4.1496 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  649.214154][T11215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  649.214162][T11215] Call Trace:
[  649.214167][T11215]  <TASK>
[  649.214172][T11215]  dump_stack_lvl+0x189/0x250
[  649.214196][T11215]  ? __pfx____ratelimit+0x10/0x10
[  649.214215][T11215]  ? __pfx_dump_stack_lvl+0x10/0x10
[  649.214233][T11215]  ? __pfx__printk+0x10/0x10
[  649.214249][T11215]  ? atomic_notifier_call_chain+0x26/0x180
[  649.214267][T11215]  ? atomic_notifier_call_chain+0x26/0x180
[  649.214287][T11215]  should_fail_ex+0x414/0x560
[  649.214304][T11215]  should_failslab+0xa8/0x100
[  649.214321][T11215]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  649.214337][T11215]  ? __alloc_skb+0x112/0x2d0
[  649.214348][T11215]  ? rht_lock+0xff/0x220
[  649.214369][T11215]  __alloc_skb+0x112/0x2d0
[  649.214384][T11215]  fdb_notify+0xa6/0x160
[  649.214402][T11215]  fdb_delete+0xec4/0x1160
[  649.214421][T11215]  ? fdb_delete+0x39a/0x1160
[  649.214440][T11215]  ? __pfx_fdb_delete+0x10/0x10
[  649.214464][T11215]  br_fdb_find_delete_local+0x122/0x140
[  649.214483][T11215]  br_vlan_delete+0x1bc/0x240
[  649.214503][T11215]  __br_vlan_set_default_pvid+0x4f0/0xed0
[  649.214528][T11215]  ? br_stp_set_enabled+0x3e2/0x5b0
[  649.214546][T11215]  br_changelink+0x47e/0x1650
[  649.214564][T11215]  ? __mutex_lock+0x330/0xe80
[  649.214582][T11215]  ? __pfx_br_changelink+0x10/0x10
[  649.214603][T11215]  ? __lock_acquire+0xab9/0xd20
[  649.214623][T11215]  ? rtnl_newlink+0x8db/0x1c70
[  649.214635][T11215]  ? rcu_is_watching+0x15/0xb0
[  649.214653][T11215]  ? __pfx___mutex_lock+0x10/0x10
[  649.214678][T11215]  ? ns_capable+0x8a/0xf0
[  649.214695][T11215]  ? rtnl_link_get_net_capable+0x16a/0x350
[  649.214711][T11215]  rtnl_newlink+0x1669/0x1c70
[  649.214721][T11215]  ? netlink_sendmsg+0x805/0xb30
[  649.214743][T11215]  ? __pfx_rtnl_newlink+0x10/0x10
[  649.214769][T11215]  ? kasan_quarantine_put+0xdd/0x220
[  649.214782][T11215]  ? lockdep_hardirqs_on+0x9c/0x150
[  649.214803][T11215]  ? nlmon_xmit+0xb0/0x100
[  649.214819][T11215]  ? kmem_cache_free+0x18f/0x400
[  649.214838][T11215]  ? __local_bh_enable_ip+0x12d/0x1c0
[  649.214855][T11215]  ? lockdep_hardirqs_on+0x9c/0x150
[  649.214873][T11215]  ? __local_bh_enable_ip+0x12d/0x1c0
[  649.214890][T11215]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  649.214909][T11215]  ? __dev_queue_xmit+0x27e/0x3a70
[  649.214925][T11215]  ? __dev_queue_xmit+0x27e/0x3a70
[  649.214940][T11215]  ? __dev_queue_xmit+0x27e/0x3a70
[  649.214963][T11215]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  649.214983][T11215]  ? __lock_acquire+0xab9/0xd20
[  649.215013][T11215]  ? __pfx_rtnl_newlink+0x10/0x10
[  649.215025][T11215]  rtnetlink_rcv_msg+0x7cc/0xb70
[  649.215039][T11215]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  649.215050][T11215]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  649.215060][T11215]  ? ref_tracker_free+0x63a/0x7d0
[  649.215074][T11215]  ? __copy_skb_header+0xa7/0x550
[  649.215090][T11215]  ? __pfx_ref_tracker_free+0x10/0x10
[  649.215105][T11215]  ? __skb_clone+0x63/0x7a0
[  649.215124][T11215]  netlink_rcv_skb+0x208/0x470
[  649.215138][T11215]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  649.215150][T11215]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  649.215172][T11215]  ? netlink_deliver_tap+0x2e/0x1b0
[  649.215185][T11215]  ? netlink_deliver_tap+0x2e/0x1b0
[  649.215201][T11215]  netlink_unicast+0x75b/0x8d0
[  649.215219][T11215]  netlink_sendmsg+0x805/0xb30
[  649.215238][T11215]  ? __pfx_netlink_sendmsg+0x10/0x10
[  649.215257][T11215]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  649.215272][T11215]  ? __pfx_netlink_sendmsg+0x10/0x10
[  649.215286][T11215]  __sock_sendmsg+0x21c/0x270
[  649.215306][T11215]  ____sys_sendmsg+0x505/0x830
[  649.215324][T11215]  ? __pfx_____sys_sendmsg+0x10/0x10
[  649.215344][T11215]  ? import_iovec+0x74/0xa0
[  649.215357][T11215]  ___sys_sendmsg+0x21f/0x2a0
[  649.215373][T11215]  ? __pfx____sys_sendmsg+0x10/0x10
[  649.215410][T11215]  ? __fget_files+0x2a/0x420
[  649.215425][T11215]  ? __fget_files+0x3a0/0x420
[  649.215448][T11215]  __x64_sys_sendmsg+0x19b/0x260
[  649.215464][T11215]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  649.215484][T11215]  ? __pfx_ksys_write+0x10/0x10
[  649.215496][T11215]  ? rcu_is_watching+0x15/0xb0
[  649.215517][T11215]  ? do_syscall_64+0xbe/0x3b0
[  649.215538][T11215]  do_syscall_64+0xfa/0x3b0
[  649.215555][T11215]  ? lockdep_hardirqs_on+0x9c/0x150
[  649.215572][T11215]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  649.215584][T11215]  ? clear_bhb_loop+0x60/0xb0
[  649.215599][T11215]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  649.215610][T11215] RIP: 0033:0x7fc560f8e929
[  649.215622][T11215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  649.215632][T11215] RSP: 002b:00007fc561eb7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  649.215646][T11215] RAX: ffffffffffffffda RBX: 00007fc5611b5fa0 RCX: 00007fc560f8e929
[  649.215655][T11215] RDX: 0000000000000040 RSI: 0000200000000280 RDI: 0000000000000003
[  649.215663][T11215] RBP: 00007fc561eb7090 R08: 0000000000000000 R09: 0000000000000000
[  649.215670][T11215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  649.215678][T11215] R13: 0000000000000000 R14: 00007fc5611b5fa0 R15: 00007ffee57e8c58
[  649.215696][T11215]  </TASK>
[  649.730358][    C0] vkms_vblank_simulate: vblank timer overrun
[  649.771167][T11215] bridge0: port 2(bridge_slave_1) entered disabled state
[  649.779246][T11215] bridge0: port 1(bridge_slave_0) entered disabled state
[  650.447958][T11225] fuse: Bad value for 'rootmode'
[  650.453726][T11225] xt_hashlimit: max too large, truncated to 1048576
[  650.810154][   T43] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  651.010241][   T43] usb 4-1: Using ep0 maxpacket: 8
[  651.563398][   T43] usb 4-1: config 31 has an invalid interface number: 134 but max is 0
[  651.698766][   T43] usb 4-1: config 31 contains an unexpected descriptor of type 0x2, skipping
[  651.707725][   T43] usb 4-1: config 31 contains an unexpected descriptor of type 0x1, skipping
[  651.725759][   T43] usb 4-1: config 31 has an invalid descriptor of length 6, skipping remainder of the config
[  651.858991][   T43] usb 4-1: config 31 has no interface number 0
[  651.865904][   T43] usb 4-1: config 31 interface 134 altsetting 41 has an invalid endpoint descriptor of length 5, skipping
[  651.877662][   T43] usb 4-1: config 31 interface 134 altsetting 41 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[  651.950360][   T43] usb 4-1: config 31 interface 134 has no altsetting 0
[  652.202851][   T43] usb 4-1: string descriptor 0 read error: -22
[  652.436865][   T43] usb 4-1: New USB device found, idVendor=0499, idProduct=1052, bcdDevice=a4.d0
[  652.480590][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  652.538964][   T43] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  652.640950][   T43] snd-usb-audio 4-1:31.134: probe with driver snd-usb-audio failed with error -2
[  652.738571][   T43] usb 4-1: USB disconnect, device number 29
[  653.426173][T11255] netlink: 'syz.3.1508': attribute type 3 has an invalid length.
[  653.534907][T11255] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1508'.
[  654.395594][T11267] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  654.842388][T10077] null_blk: rq ffff888025b15580 timed out
[  654.849047][T10077] timeout error, dev nullb0, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 4 prio class 0
[  654.859575][T10077] buffer_io_error: 7 callbacks suppressed
[  654.859608][T10077] Buffer I/O error on dev nullb0, logical block 0, lost async page write
[  654.874129][T10077] Buffer I/O error on dev nullb0, logical block 1, lost async page write
[  654.882664][T10077] Buffer I/O error on dev nullb0, logical block 2, lost async page write
[  654.891326][T10077] Buffer I/O error on dev nullb0, logical block 3, lost async page write
[  655.011540][T11261] [U] J"—e:ÀÆ"


[  655.206905][T11275] trusted_key: encrypted_key: insufficient parameters specified
[  656.798512][T11288] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  656.955478][T11294] vxcan1: entered allmulticast mode
[  657.017001][T11294] vxcan1: left allmulticast mode
[  662.233844][T11319] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  662.345976][T11315] [U] J"—e:ÀÆ"


[  662.451311][T11332] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  663.633851][ T1216] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  663.686765][T11346] vxcan1: entered allmulticast mode
[  663.777086][T11348] vxcan1: left allmulticast mode
[  664.140235][ T1216] usb 4-1: Using ep0 maxpacket: 8
[  664.346313][T11351] netlink: 252 bytes leftover after parsing attributes in process `syz.4.1532'.
[  664.393804][ T1216] usb 4-1: config index 0 descriptor too short (expected 33298, got 18)
[  664.402539][ T1216] usb 4-1: config 12 has too many interfaces: 249, using maximum allowed: 32
[  664.681693][ T1216] usb 4-1: config 12 has an invalid descriptor of length 26, skipping remainder of the config
[  664.692566][ T1216] usb 4-1: config 12 has 0 interfaces, different from the descriptor's value: 249
[  664.720615][ T1216] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  664.739886][ T1216] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  664.754961][ T1216] usb 4-1: Product: syz
[  664.768438][ T1216] usb 4-1: Manufacturer: syz
[  664.776671][ T1216] usb 4-1: SerialNumber: syz
[  665.891683][ T1216] usb 4-1: USB disconnect, device number 30
[  668.229206][T11390] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  668.826209][T11384] [U] J"—e:ÀÆ"


[  670.295151][T11411] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  670.613896][ T5889] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  670.721124][T11422] FAULT_INJECTION: forcing a failure.
[  670.721124][T11422] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  670.734500][T11422] CPU: 0 UID: 0 PID: 11422 Comm: syz.4.1554 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  670.734528][T11422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  670.734539][T11422] Call Trace:
[  670.734548][T11422]  <TASK>
[  670.734555][T11422]  dump_stack_lvl+0x189/0x250
[  670.734595][T11422]  ? __pfx____ratelimit+0x10/0x10
[  670.734624][T11422]  ? __pfx_dump_stack_lvl+0x10/0x10
[  670.734653][T11422]  ? __pfx__printk+0x10/0x10
[  670.734679][T11422]  ? __might_fault+0xb0/0x130
[  670.734711][T11422]  should_fail_ex+0x414/0x560
[  670.734741][T11422]  _copy_from_user+0x2d/0xb0
[  670.734762][T11422]  rds_free_mr+0xda/0x440
[  670.734791][T11422]  ? __pfx_rds_free_mr+0x10/0x10
[  670.734825][T11422]  ? finish_task_switch+0x266/0x950
[  670.734849][T11422]  ? lockdep_hardirqs_on+0x9c/0x150
[  670.734883][T11422]  rds_setsockopt+0x2d3/0xc40
[  670.734912][T11422]  ? __pfx_rds_setsockopt+0x10/0x10
[  670.734933][T11422]  ? __schedule+0x16c0/0x4cb0
[  670.734968][T11422]  ? __lock_acquire+0xab9/0xd20
[  670.735005][T11422]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  670.735028][T11422]  ? __pfx_rds_setsockopt+0x10/0x10
[  670.735055][T11422]  do_sock_setsockopt+0x25a/0x3e0
[  670.735083][T11422]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  670.735111][T11422]  ? __fget_files+0x2a/0x420
[  670.735147][T11422]  __x64_sys_setsockopt+0x18b/0x220
[  670.735178][T11422]  do_syscall_64+0xfa/0x3b0
[  670.735209][T11422]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.735228][T11422]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  670.735246][T11422]  ? clear_bhb_loop+0x60/0xb0
[  670.735271][T11422]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.735289][T11422] RIP: 0033:0x7fc560f8e929
[  670.735308][T11422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  670.735325][T11422] RSP: 002b:00007fc561e75038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  670.735346][T11422] RAX: ffffffffffffffda RBX: 00007fc5611b6160 RCX: 00007fc560f8e929
[  670.735361][T11422] RDX: 0000000000000003 RSI: 0000000000000114 RDI: 0000000000000006
[  670.735373][T11422] RBP: 00007fc561e75090 R08: 0000000000000010 R09: 0000000000000000
[  670.735386][T11422] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[  670.735398][T11422] R13: 0000000000000000 R14: 00007fc5611b6160 R15: 00007ffee57e8c58
[  670.735430][T11422]  </TASK>
[  671.130079][ T5912] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  671.140365][ T5889] usb 3-1: device descriptor read/64, error -71
[  671.300005][ T5912] usb 2-1: Using ep0 maxpacket: 8
[  671.310932][ T5912] usb 2-1: config index 0 descriptor too short (expected 33298, got 18)
[  671.391676][ T5912] usb 2-1: config 12 has too many interfaces: 249, using maximum allowed: 32
[  671.410835][ T5912] usb 2-1: config 12 has an invalid descriptor of length 26, skipping remainder of the config
[  671.440359][ T5912] usb 2-1: config 12 has 0 interfaces, different from the descriptor's value: 249
[  671.457281][ T5889] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  671.478102][ T5912] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  671.489484][ T5912] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  671.497735][ T5912] usb 2-1: Product: syz
[  671.502244][ T5912] usb 2-1: Manufacturer: syz
[  671.506967][ T5912] usb 2-1: SerialNumber: syz
[  671.742243][ T5889] usb 3-1: device descriptor read/64, error -71
[  671.757121][ T5912] usb 2-1: USB disconnect, device number 22
[  672.572924][ T5889] usb usb3-port1: attempt power cycle
[  672.832831][T11433] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  672.839494][T11433] [U] J"—e:ÀÆ"


[  673.370019][ T5889] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  673.469292][T11439] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  673.580224][ T5889] usb 3-1: device not accepting address 13, error -71
[  674.120512][T11435] [U] J"—e:ÀÆ"


[  674.190054][   T43] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  674.382082][   T43] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  674.454462][   T43] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  674.518145][   T43] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  674.668210][   T43] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  675.066425][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  675.098242][   T43] usb 2-1: Product: syz
[  675.102801][   T43] usb 2-1: Manufacturer: syz
[  675.107477][   T43] usb 2-1: SerialNumber: syz
[  675.118166][   T43] cdc_ncm 2-1:1.0: skipping garbage
[  675.127402][   T43] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found
[  675.134554][   T43] cdc_ncm 2-1:1.0: bind() failure
[  675.144237][T11453] ALSA: mixer_oss: invalid OSS volume 'LI'
[  675.537564][T11442] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  675.631862][T11442] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  675.780372][   T43] usb 2-1: USB disconnect, device number 23
[  676.303499][T11471] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1569'.
[  676.313073][T11471] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1569'.
[  676.362085][T11474] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  677.440174][T11477] vxcan1: entered allmulticast mode
[  677.455291][T11477] vxcan1: left allmulticast mode
[  677.485108][T11483] fuse: Unknown parameter 'user_i00000000000000000000'
[  677.810892][T11483] xt_hashlimit: max too large, truncated to 1048576
[  679.420033][T11504] netlink: 252 bytes leftover after parsing attributes in process `syz.1.1578'.
[  679.908234][T11506] vivid-007: disconnect
[  680.275481][T11493] vivid-007: reconnect
[  680.596857][T11513] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1581'.
[  680.606315][T11513] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1581'.
[  680.616672][T11512] ALSA: mixer_oss: invalid OSS volume 'LI'
[  681.962092][   T30] audit: type=1800 audit(1750598627.850:268): pid=11518 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.1583" name="bus" dev="overlay" ino=1675 res=0 errno=0
[  682.734432][T11524] FAULT_INJECTION: forcing a failure.
[  682.734432][T11524] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  682.944849][T11524] CPU: 0 UID: 0 PID: 11524 Comm: syz.3.1586 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  682.944882][T11524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  682.944894][T11524] Call Trace:
[  682.944904][T11524]  <TASK>
[  682.944912][T11524]  dump_stack_lvl+0x189/0x250
[  682.944938][T11524]  ? __pfx____ratelimit+0x10/0x10
[  682.944956][T11524]  ? __pfx_dump_stack_lvl+0x10/0x10
[  682.944974][T11524]  ? __pfx__printk+0x10/0x10
[  682.944986][T11524]  ? __might_fault+0xb0/0x130
[  682.945008][T11524]  should_fail_ex+0x414/0x560
[  682.945026][T11524]  _copy_from_user+0x2d/0xb0
[  682.945039][T11524]  get_nodes+0x17f/0x390
[  682.945058][T11524]  ? __pfx_get_nodes+0x10/0x10
[  682.945076][T11524]  ? rcu_is_watching+0x15/0xb0
[  682.945095][T11524]  ? trace_sched_exit_tp+0x38/0x120
[  682.945112][T11524]  __se_sys_mbind+0x18d/0xc30
[  682.945132][T11524]  ? __pfx___se_sys_mbind+0x10/0x10
[  682.945146][T11524]  ? __fget_files+0x3a0/0x420
[  682.945161][T11524]  ? schedule+0x165/0x360
[  682.945181][T11524]  ? __pfx___schedule+0x10/0x10
[  682.945207][T11524]  ? __x64_sys_mbind+0x21/0xf0
[  682.945222][T11524]  do_syscall_64+0xfa/0x3b0
[  682.945241][T11524]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  682.945252][T11524]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  682.945265][T11524]  ? clear_bhb_loop+0x60/0xb0
[  682.945280][T11524]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  682.945291][T11524] RIP: 0033:0x7f59bd18e929
[  682.945303][T11524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  682.945313][T11524] RSP: 002b:00007f59bdf43038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  682.945329][T11524] RAX: ffffffffffffffda RBX: 00007f59bd3b5fa0 RCX: 00007f59bd18e929
[  682.945338][T11524] RDX: 0000000000008000 RSI: 0000000000002000 RDI: 0000200000ffe000
[  682.945346][T11524] RBP: 00007f59bdf43090 R08: 0000000000000fff R09: 0000000000000005
[  682.945354][T11524] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[  682.945361][T11524] R13: 0000000000000001 R14: 00007f59bd3b5fa0 R15: 00007ffe83afd408
[  682.945380][T11524]  </TASK>
[  683.664595][T11529] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  683.999157][T11538] vxcan1: entered allmulticast mode
[  684.041298][T11538] vxcan1: left allmulticast mode
[  685.925603][T11548] FAULT_INJECTION: forcing a failure.
[  685.925603][T11548] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  685.940494][T11548] CPU: 0 UID: 0 PID: 11548 Comm: syz.4.1592 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  685.940525][T11548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  685.940537][T11548] Call Trace:
[  685.940553][T11548]  <TASK>
[  685.940562][T11548]  dump_stack_lvl+0x189/0x250
[  685.940603][T11548]  ? __pfx____ratelimit+0x10/0x10
[  685.940633][T11548]  ? __pfx_dump_stack_lvl+0x10/0x10
[  685.940663][T11548]  ? __pfx__printk+0x10/0x10
[  685.940685][T11548]  ? __might_fault+0xb0/0x130
[  685.940723][T11548]  should_fail_ex+0x414/0x560
[  685.940754][T11548]  _copy_from_user+0x2d/0xb0
[  685.940775][T11548]  ppp_ioctl+0xa8a/0x19a0
[  685.940803][T11548]  ? __pfx_smack_file_ioctl+0x10/0x10
[  685.940832][T11548]  ? __pfx_ppp_ioctl+0x10/0x10
[  685.940863][T11548]  ? __fget_files+0x2a/0x420
[  685.940890][T11548]  ? __fget_files+0x3a0/0x420
[  685.940915][T11548]  ? __fget_files+0x2a/0x420
[  685.940945][T11548]  ? bpf_lsm_file_ioctl+0x9/0x20
[  685.940974][T11548]  ? __pfx_ppp_ioctl+0x10/0x10
[  685.941000][T11548]  __se_sys_ioctl+0xf9/0x170
[  685.941026][T11548]  do_syscall_64+0xfa/0x3b0
[  685.941055][T11548]  ? lockdep_hardirqs_on+0x9c/0x150
[  685.941084][T11548]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  685.941115][T11548]  ? clear_bhb_loop+0x60/0xb0
[  685.941141][T11548]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  685.941161][T11548] RIP: 0033:0x7fc560f8e929
[  685.941180][T11548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  685.941199][T11548] RSP: 002b:00007fc561eb7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  685.941222][T11548] RAX: ffffffffffffffda RBX: 00007fc5611b5fa0 RCX: 00007fc560f8e929
[  685.941237][T11548] RDX: 0000200000000180 RSI: 000000004010744d RDI: 0000000000000004
[  685.941251][T11548] RBP: 00007fc561eb7090 R08: 0000000000000000 R09: 0000000000000000
[  685.941264][T11548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  685.941276][T11548] R13: 0000000000000000 R14: 00007fc5611b5fa0 R15: 00007ffee57e8c58
[  685.941311][T11548]  </TASK>
[  685.949215][T11552] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1593'.
[  686.014895][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  686.021449][T11552] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1593'.
[  686.062878][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  687.080380][T11560] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  687.153616][T11567] ALSA: mixer_oss: invalid OSS volume 'LI'
[  687.479910][   T43] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  688.683621][   T43] usb 2-1: Using ep0 maxpacket: 8
[  689.146370][   T43] usb 2-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  689.177267][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  689.192846][   T43] usb 2-1: Product: syz
[  689.197300][   T43] usb 2-1: Manufacturer: syz
[  689.204316][   T43] usb 2-1: SerialNumber: syz
[  689.235819][   T43] usb 2-1: config 0 descriptor??
[  689.455661][   T43] gspca_main: se401-2.14.0 probing 047d:5003
[  689.475258][T11583] Bluetooth: MGMT ver 1.23
[  692.169427][T11602] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  692.671150][   T43] gspca_se401: read req failed req 0x06 error -19
[  692.745499][   T43] usb 2-1: USB disconnect, device number 24
[  692.769239][T11608] vxcan1: entered allmulticast mode
[  692.854712][T11608] vxcan1: left allmulticast mode
[  693.241828][T11616] FAULT_INJECTION: forcing a failure.
[  693.241828][T11616] name failslab, interval 1, probability 0, space 0, times 0
[  693.254598][T11616] CPU: 1 UID: 0 PID: 11616 Comm: syz.3.1609 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  693.254627][T11616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  693.254646][T11616] Call Trace:
[  693.254655][T11616]  <TASK>
[  693.254664][T11616]  dump_stack_lvl+0x189/0x250
[  693.254698][T11616]  ? __pfx____ratelimit+0x10/0x10
[  693.254728][T11616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  693.254757][T11616]  ? __pfx__printk+0x10/0x10
[  693.254784][T11616]  ? __pfx___might_resched+0x10/0x10
[  693.254812][T11616]  ? fs_reclaim_acquire+0x7d/0x100
[  693.254845][T11616]  should_fail_ex+0x414/0x560
[  693.254876][T11616]  should_failslab+0xa8/0x100
[  693.254903][T11616]  __kmalloc_noprof+0xcb/0x4f0
[  693.254925][T11616]  ? kfree+0x4d/0x440
[  693.254944][T11616]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  693.254978][T11616]  tomoyo_realpath_from_path+0xe3/0x5d0
[  693.255009][T11616]  ? tomoyo_domain+0xda/0x130
[  693.255045][T11616]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  693.255069][T11616]  tomoyo_path_number_perm+0x1e8/0x5a0
[  693.255097][T11616]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  693.255119][T11616]  ? rcu_is_watching+0x15/0xb0
[  693.255147][T11616]  ? trace_sched_exit_tp+0x38/0x120
[  693.255171][T11616]  ? __schedule+0x16c0/0x4cb0
[  693.255210][T11616]  ? __lock_acquire+0xab9/0xd20
[  693.255261][T11616]  ? __fget_files+0x2a/0x420
[  693.255291][T11616]  ? __fget_files+0x2a/0x420
[  693.255315][T11616]  ? __fget_files+0x3a0/0x420
[  693.255338][T11616]  ? __fget_files+0x2a/0x420
[  693.255369][T11616]  security_file_ioctl+0xcb/0x2d0
[  693.255396][T11616]  __se_sys_ioctl+0x47/0x170
[  693.255421][T11616]  do_syscall_64+0xfa/0x3b0
[  693.255456][T11616]  ? lockdep_hardirqs_on+0x9c/0x150
[  693.255483][T11616]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  693.255503][T11616]  ? clear_bhb_loop+0x60/0xb0
[  693.255527][T11616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  693.255547][T11616] RIP: 0033:0x7f59bd18e929
[  693.255565][T11616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  693.255582][T11616] RSP: 002b:00007f59baff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  693.255603][T11616] RAX: ffffffffffffffda RBX: 00007f59bd3b6160 RCX: 00007f59bd18e929
[  693.255617][T11616] RDX: 0000000000000000 RSI: 0000000080404518 RDI: 0000000000000003
[  693.255630][T11616] RBP: 00007f59baff6090 R08: 0000000000000000 R09: 0000000000000000
[  693.255651][T11616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  693.255663][T11616] R13: 0000000000000000 R14: 00007f59bd3b6160 R15: 00007ffe83afd408
[  693.255697][T11616]  </TASK>
[  693.255730][T11616] ERROR: Out of memory at tomoyo_realpath_from_path.
[  694.150348][   T43] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  695.042852][   T43] usb 5-1: Using ep0 maxpacket: 8
[  695.054619][   T43] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 7
[  695.080394][   T43] usb 5-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  695.089496][   T43] usb 5-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  695.100297][   T43] usb 5-1: Product: syz
[  695.104760][   T43] usb 5-1: Manufacturer: syz
[  695.109540][   T43] usb 5-1: SerialNumber: syz
[  695.350033][   T55] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  695.538096][   T55] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  695.544052][T11618] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  695.549787][   T55] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  695.566923][   T55] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  695.588442][   T55] usb 4-1: config 0 descriptor??
[  695.625301][T11618] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  695.724468][   T43] usb 5-1: Invalid connection information received from device
[  695.792312][   T30] audit: type=1326 audit(1750598641.700:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11631 comm="syz.0.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ad18e929 code=0x7ffc0000
[  695.831800][   T30] audit: type=1326 audit(1750598641.730:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11631 comm="syz.0.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ad18e929 code=0x7ffc0000
[  695.874574][   T30] audit: type=1326 audit(1750598641.770:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11631 comm="syz.0.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f82ad18e929 code=0x7ffc0000
[  695.876296][   T55] usbhid 4-1:0.0: can't add hid device: -71
[  695.905196][T11634] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1617'.
[  695.905647][   T55] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  695.925249][   T30] audit: type=1326 audit(1750598641.770:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11631 comm="syz.0.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ad18e929 code=0x7ffc0000
[  695.933436][T11632] futex_wake_op: syz.0.1616 tries to shift op by 36; fix this program
[  695.984820][ T1216] usb 5-1: USB disconnect, device number 18
[  696.009023][   T30] audit: type=1326 audit(1750598641.770:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11631 comm="syz.0.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ad18e929 code=0x7ffc0000
[  696.043673][   T55] usb 4-1: USB disconnect, device number 31
[  696.052346][   T30] audit: type=1326 audit(1750598641.770:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11631 comm="syz.0.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f82ad18e929 code=0x7ffc0000
[  696.114684][   T30] audit: type=1326 audit(1750598641.770:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11631 comm="syz.0.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ad18e929 code=0x7ffc0000
[  696.172362][   T30] audit: type=1326 audit(1750598641.770:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11631 comm="syz.0.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ad18e929 code=0x7ffc0000
[  697.298719][   T30] audit: type=1326 audit(1750598641.780:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11631 comm="syz.0.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7f82ad18e929 code=0x7ffc0000
[  697.837362][   T30] audit: type=1326 audit(1750598641.780:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11631 comm="syz.0.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ad18e929 code=0x7ffc0000
[  697.941304][   T55] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  697.981099][T11646] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  699.035762][   T55] usb 4-1: device descriptor read/all, error -71
[  699.216406][T11639] [U] J"—e:ÀÆ"


[  699.276139][T11658] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  699.284918][T11658] overlayfs: option "index=on" is useless in a non-upper mount, ignore
[  699.293209][T11658] overlayfs: missing 'lowerdir'
[  699.540231][   T24] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  700.061550][   T24] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  700.129592][T11669] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1629'.
[  700.201924][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  700.210614][   T24] usb 3-1: Product: syz
[  700.216383][   T24] usb 3-1: Manufacturer: syz
[  700.221137][   T24] usb 3-1: SerialNumber: syz
[  700.250066][   T24] usb 3-1: config 0 descriptor??
[  700.275753][   T24] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 015
[  700.797893][T11675] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1631'.
[  700.820919][T11675] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1631'.
[  700.896593][T11678] FAULT_INJECTION: forcing a failure.
[  700.896593][T11678] name failslab, interval 1, probability 0, space 0, times 0
[  700.909792][T11678] CPU: 1 UID: 0 PID: 11678 Comm: syz.3.1630 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  700.909825][T11678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  700.909837][T11678] Call Trace:
[  700.909846][T11678]  <TASK>
[  700.909855][T11678]  dump_stack_lvl+0x189/0x250
[  700.909889][T11678]  ? __pfx____ratelimit+0x10/0x10
[  700.909917][T11678]  ? __pfx_dump_stack_lvl+0x10/0x10
[  700.909945][T11678]  ? __pfx__printk+0x10/0x10
[  700.909972][T11678]  ? __pfx___might_resched+0x10/0x10
[  700.910009][T11678]  should_fail_ex+0x414/0x560
[  700.910040][T11678]  should_failslab+0xa8/0x100
[  700.910069][T11678]  __kmalloc_cache_noprof+0x70/0x3d0
[  700.910094][T11678]  ? adf_ctl_ioctl+0x34f/0x1420
[  700.910126][T11678]  adf_ctl_ioctl+0x34f/0x1420
[  700.910157][T11678]  ? __pfx_smack_log+0x10/0x10
[  700.910176][T11678]  ? __pfx_adf_ctl_ioctl+0x10/0x10
[  700.910199][T11678]  ? smk_access+0x14c/0x4e0
[  700.910227][T11678]  ? smk_tskacc+0x2fc/0x370
[  700.910252][T11678]  ? smack_file_ioctl+0x24a/0x340
[  700.910277][T11678]  ? __pfx_smack_file_ioctl+0x10/0x10
[  700.910312][T11678]  ? __fget_files+0x2a/0x420
[  700.910336][T11678]  ? __fget_files+0x3a0/0x420
[  700.910360][T11678]  ? __fget_files+0x2a/0x420
[  700.910390][T11678]  ? bpf_lsm_file_ioctl+0x9/0x20
[  700.910417][T11678]  ? __pfx_adf_ctl_ioctl+0x10/0x10
[  700.910444][T11678]  __se_sys_ioctl+0xf9/0x170
[  700.910469][T11678]  do_syscall_64+0xfa/0x3b0
[  700.910500][T11678]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.910528][T11678]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  700.910546][T11678]  ? clear_bhb_loop+0x60/0xb0
[  700.910570][T11678]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.910589][T11678] RIP: 0033:0x7f59bd18e929
[  700.910608][T11678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  700.910626][T11678] RSP: 002b:00007f59baff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  700.910649][T11678] RAX: ffffffffffffffda RBX: 00007f59bd3b6160 RCX: 00007f59bd18e929
[  700.910663][T11678] RDX: 0000200000000880 RSI: 0000000040096101 RDI: 0000000000000005
[  700.910676][T11678] RBP: 00007f59baff6090 R08: 0000000000000000 R09: 0000000000000000
[  700.910694][T11678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  700.910706][T11678] R13: 0000000000000000 R14: 00007f59bd3b6160 R15: 00007ffe83afd408
[  700.910740][T11678]  </TASK>
[  701.151739][    C1] vkms_vblank_simulate: vblank timer overrun
[  701.169980][T11675] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1631'.
[  701.312197][T11675] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1631'.
[  702.973697][   T24]  (null): failure reading functionality
[  703.328497][   T24] i2c i2c-1: failure reading functionality
[  703.525499][   T24] i2c i2c-1: connected i2c-tiny-usb device
[  703.551718][   T24] usb 3-1: USB disconnect, device number 15
[  704.063458][T11706] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1640'.
[  704.709976][ T1216] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  705.248118][ T1216] usb 1-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  705.267980][ T1216] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  705.405949][ T1216] usb 1-1: Product: syz
[  705.410429][ T1216] usb 1-1: Manufacturer: syz
[  705.418743][ T1216] usb 1-1: SerialNumber: syz
[  705.435087][ T1216] usb 1-1: config 0 descriptor??
[  705.456102][ T1216] gspca_main: sunplus-2.14.0 probing 055f:c230
[  705.726847][T11724] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1643'.
[  706.039038][ T1216] gspca_sunplus: reg_r err -110
[  706.044054][ T1216] sunplus 1-1:0.0: probe with driver sunplus failed with error -110
[  707.642047][T11729] FAULT_INJECTION: forcing a failure.
[  707.642047][T11729] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  707.960286][T11729] CPU: 1 UID: 0 PID: 11729 Comm: syz.2.1644 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  707.960318][T11729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  707.960330][T11729] Call Trace:
[  707.960339][T11729]  <TASK>
[  707.960347][T11729]  dump_stack_lvl+0x189/0x250
[  707.960382][T11729]  ? __pfx____ratelimit+0x10/0x10
[  707.960412][T11729]  ? __pfx_dump_stack_lvl+0x10/0x10
[  707.960440][T11729]  ? __pfx__printk+0x10/0x10
[  707.960465][T11729]  ? __might_fault+0xb0/0x130
[  707.960497][T11729]  should_fail_ex+0x414/0x560
[  707.960527][T11729]  core_sys_select+0x724/0xa20
[  707.960566][T11729]  ? __pfx_core_sys_select+0x10/0x10
[  707.960618][T11729]  ? __pfx_set_user_sigmask+0x10/0x10
[  707.960661][T11729]  __se_sys_pselect6+0x27a/0x300
[  707.960693][T11729]  ? __pfx___se_sys_pselect6+0x10/0x10
[  707.960718][T11729]  ? __pfx_ksys_write+0x10/0x10
[  707.960739][T11729]  ? rcu_is_watching+0x15/0xb0
[  707.960774][T11729]  ? __x64_sys_pselect6+0x21/0xf0
[  707.960803][T11729]  do_syscall_64+0xfa/0x3b0
[  707.960830][T11729]  ? lockdep_hardirqs_on+0x9c/0x150
[  707.960857][T11729]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  707.960877][T11729]  ? clear_bhb_loop+0x60/0xb0
[  707.960903][T11729]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  707.960922][T11729] RIP: 0033:0x7fcebad8e929
[  707.960941][T11729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  707.960959][T11729] RSP: 002b:00007fcebbb64038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  707.960983][T11729] RAX: ffffffffffffffda RBX: 00007fcebafb5fa0 RCX: 00007fcebad8e929
[  707.960997][T11729] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[  707.961010][T11729] RBP: 00007fcebbb64090 R08: 0000000000000000 R09: 0000000000000000
[  707.961022][T11729] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  707.961034][T11729] R13: 0000000000000000 R14: 00007fcebafb5fa0 R15: 00007ffce845dba8
[  707.961066][T11729]  </TASK>
[  708.169760][    C1] vkms_vblank_simulate: vblank timer overrun
[  708.231029][   T55] usb 1-1: USB disconnect, device number 25
[  708.514081][T11750] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1651'.
[  710.482678][T11769] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  711.329061][T11781] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  711.335895][T11781] [U] J"—e:ÀÆ"


[  711.354777][T11781] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1656'.
[  713.168554][T11792] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(15)
[  713.175527][T11792] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  713.184681][T11792] vhci_hcd vhci_hcd.0: Device attached
[  713.491084][T11792] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  713.539469][T11792] vhci_hcd vhci_hcd.0: pdev(2) rhport(2) sockfd(19)
[  713.546104][T11792] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  713.553680][T11792] vhci_hcd vhci_hcd.0: Device attached
[  713.867958][ T5890] vhci_hcd: vhci_device speed not set
[  713.879757][T11792] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(21)
[  713.886397][T11792] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  713.895541][T11792] vhci_hcd vhci_hcd.0: Device attached
[  713.926395][T11810] vhci_hcd vhci_hcd.0: pdev(2) rhport(4) sockfd(24)
[  713.933029][T11810] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  713.961625][T11810] vhci_hcd vhci_hcd.0: Device attached
[  714.274449][T11792] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  714.283630][T11792] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  714.300373][T11798] vhci_hcd: connection closed
[  714.300459][T11808] vhci_hcd: connection closed
[  714.303655][ T1026] vhci_hcd: stop threads
[  714.305590][T11805] vhci_hcd: connection closed
[  714.310370][T11811] vhci_hcd: connection closed
[  714.326894][ T5890] usb 37-1: new full-speed USB device number 2 using vhci_hcd
[  714.350910][ T1026] vhci_hcd: release socket
[  714.370714][ T1026] vhci_hcd: disconnect device
[  714.410143][ T1026] vhci_hcd: stop threads
[  714.414464][ T1026] vhci_hcd: release socket
[  714.484341][T11817] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1663'.
[  714.708164][ T1026] vhci_hcd: disconnect device
[  714.722384][ T1026] vhci_hcd: stop threads
[  714.726688][ T1026] vhci_hcd: release socket
[  714.742187][ T1026] vhci_hcd: disconnect device
[  714.775211][ T1026] vhci_hcd: stop threads
[  714.779623][ T1026] vhci_hcd: release socket
[  714.795391][ T1026] vhci_hcd: disconnect device
[  714.913028][T11828] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  714.921305][T11828] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  714.936538][T11828] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  714.945047][T11828] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  715.958282][T11834] netlink: 252 bytes leftover after parsing attributes in process `syz.4.1668'.
[  717.340758][T11839] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  717.346768][T11839] [U] J"—e:ÀÆ"


[  718.808149][T11861] netlink: 252 bytes leftover after parsing attributes in process `syz.1.1673'.
[  719.570876][ T5890] vhci_hcd: vhci_device speed not set
[  720.125740][T11884] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1679'.
[  722.551844][   T24] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  722.830343][   T24] usb 1-1: Using ep0 maxpacket: 8
[  722.966420][   T24] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  723.059754][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  723.532667][   T24] usb 1-1: config 0 descriptor??
[  723.612972][T11917] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  723.619699][T11917] [U] J"—e:ÀÆ"


[  724.218732][T11924] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  724.645094][T11918] [U] J"—e:ÀÆ"


[  724.885384][   T24] usb 1-1: can't set config #0, error -71
[  724.893266][   T24] usb 1-1: USB disconnect, device number 26
[  731.011908][ T5889] IPVS: starting estimator thread 0...
[  732.840221][T11982] IPVS: using max 23 ests per chain, 55200 per kthread
[  736.267203][T12030] FAULT_INJECTION: forcing a failure.
[  736.267203][T12030] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  736.286075][T12030] CPU: 1 UID: 0 PID: 12030 Comm: syz.4.1722 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  736.286118][T12030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  736.286131][T12030] Call Trace:
[  736.286139][T12030]  <TASK>
[  736.286148][T12030]  dump_stack_lvl+0x189/0x250
[  736.286185][T12030]  ? __pfx____ratelimit+0x10/0x10
[  736.286214][T12030]  ? __pfx_dump_stack_lvl+0x10/0x10
[  736.286244][T12030]  ? __pfx__printk+0x10/0x10
[  736.286265][T12030]  ? __might_fault+0xb0/0x130
[  736.286303][T12030]  should_fail_ex+0x414/0x560
[  736.286342][T12030]  _copy_from_iter+0x1db/0x16f0
[  736.286399][T12030]  ? __pfx__copy_from_iter+0x10/0x10
[  736.286435][T12030]  ? __lock_acquire+0xab9/0xd20
[  736.286471][T12030]  write_pool_user+0xeb/0x2f0
[  736.286500][T12030]  ? __pfx_write_pool_user+0x10/0x10
[  736.286537][T12030]  ? import_ubuf+0xfb/0x1d0
[  736.286564][T12030]  random_ioctl+0x3b5/0x4c0
[  736.286590][T12030]  ? __pfx_random_ioctl+0x10/0x10
[  736.286617][T12030]  ? __fget_files+0x3a0/0x420
[  736.286643][T12030]  ? __fget_files+0x2a/0x420
[  736.286673][T12030]  ? bpf_lsm_file_ioctl+0x9/0x20
[  736.286700][T12030]  ? __pfx_random_ioctl+0x10/0x10
[  736.286723][T12030]  __se_sys_ioctl+0xf9/0x170
[  736.286749][T12030]  do_syscall_64+0xfa/0x3b0
[  736.286777][T12030]  ? lockdep_hardirqs_on+0x9c/0x150
[  736.286806][T12030]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.286826][T12030]  ? clear_bhb_loop+0x60/0xb0
[  736.286852][T12030]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.286871][T12030] RIP: 0033:0x7fc560f8e929
[  736.286891][T12030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  736.286908][T12030] RSP: 002b:00007fc561eb7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  736.286933][T12030] RAX: ffffffffffffffda RBX: 00007fc5611b5fa0 RCX: 00007fc560f8e929
[  736.286947][T12030] RDX: 000020000000fec0 RSI: 0000000040085203 RDI: 0000000000000003
[  736.286960][T12030] RBP: 00007fc561eb7090 R08: 0000000000000000 R09: 0000000000000000
[  736.286973][T12030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  736.286984][T12030] R13: 0000000000000000 R14: 00007fc5611b5fa0 R15: 00007ffee57e8c58
[  736.287018][T12030]  </TASK>
[  736.512024][    C1] vkms_vblank_simulate: vblank timer overrun
[  738.937523][T12040] 9pnet_fd: Insufficient options for proto=fd
[  739.485473][T12047] fuse: Unknown parameter '0x0000000000000004'
[  739.513241][T12047] xt_hashlimit: max too large, truncated to 1048576
[  742.156561][T11740] IPVS: starting estimator thread 0...
[  742.259965][T12067] IPVS: using max 25 ests per chain, 60000 per kthread
[  742.816671][T12081] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  743.362711][T12070] [U] J"—e:ÀÆ"


[  746.075490][T12098] 9pnet_fd: Insufficient options for proto=fd
[  746.891008][ T1216] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  747.452558][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  747.467100][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  747.889908][ T1216] usb 1-1: Using ep0 maxpacket: 32
[  747.944957][ T1216] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  747.954150][ T1216] usb 1-1: config 0 has no interface number 0
[  747.971084][ T1216] usb 1-1: config 0 interface 184 has no altsetting 0
[  747.990186][   T55] usb 2-1: new low-speed USB device number 25 using dummy_hcd
[  748.017897][ T1216] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  748.027428][ T1216] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  748.037116][ T1216] usb 1-1: Product: syz
[  748.041604][ T1216] usb 1-1: Manufacturer: syz
[  748.046457][ T1216] usb 1-1: SerialNumber: syz
[  748.060096][ T1216] usb 1-1: config 0 descriptor??
[  748.103845][ T1216] smsc75xx v1.0.0
[  748.182878][   T55] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  748.203625][   T55] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  748.277698][   T55] pvrusb2: Hardware description: Terratec Grabster AV400
[  748.325211][   T55] pvrusb2: **********
[  748.332924][   T55] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  748.344651][   T55] pvrusb2: Important functionality might not be entirely working.
[  748.354871][   T55] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  748.367747][   T55] pvrusb2: **********
[  749.012056][ T2343] pvrusb2: Invalid write control endpoint
[  749.021687][   T55] usb 2-1: USB disconnect, device number 25
[  749.044801][T12120] netlink: 300 bytes leftover after parsing attributes in process `syz.0.1743'.
[  749.280117][ T1216] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  749.346373][ T1216] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  749.372320][ T2343] pvrusb2: Invalid write control endpoint
[  749.532107][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  749.567039][ T1216] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  749.590693][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  749.598749][ T1216] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71
[  749.610037][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  749.625423][ T1216] usb 1-1: USB disconnect, device number 27
[  749.631658][ T2343] pvrusb2: Device being rendered inoperable
[  749.662528][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  749.674529][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  749.686143][ T2343] pvrusb2: Attached sub-driver cx25840
[  749.702890][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  749.716203][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  752.193653][T12143] 9pnet_fd: Insufficient options for proto=fd
[  753.488701][T12151] lo speed is unknown, defaulting to 1000
[  753.853137][T12160] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1760'.
[  754.714526][T12166] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1755'.
[  754.747208][T12166] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1755'.
[  756.683151][T12190] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1766'.
[  756.692623][T12190] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1766'.
[  756.704400][T12190] netlink: 5 bytes leftover after parsing attributes in process `syz.3.1766'.
[  757.846755][T12198] netlink: 252 bytes leftover after parsing attributes in process `syz.4.1771'.
[  774.919291][T12326] overlayfs: missing 'lowerdir'
[  775.007441][T12331] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1809'.
[  775.679046][T12341] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  775.698263][T12341] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  775.712479][T12341] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  775.773041][T12341] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  782.179908][    T9] usb 1-1: new full-speed USB device number 28 using dummy_hcd
[  782.426524][    T9] usb 1-1: config 0 has an invalid descriptor of length 54, skipping remainder of the config
[  782.455473][    T9] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  783.205994][    T9] usb 1-1: New USB device found, idVendor=eaa8, idProduct=70bd, bcdDevice=51.7f
[  783.215640][    T9] usb 1-1: New USB device strings: Mfr=242, Product=41, SerialNumber=0
[  783.227577][    T9] usb 1-1: Product: syz
[  783.232449][    T9] usb 1-1: Manufacturer: syz
[  783.240906][    T9] usb 1-1: config 0 descriptor??
[  784.232186][   T55] usb 1-1: USB disconnect, device number 28
[  787.290106][T11740] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  787.486568][T11740] usb 3-1: Using ep0 maxpacket: 8
[  787.508536][T11740] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  788.365649][T11740] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  788.399023][T11740] usb 3-1: config 0 descriptor??
[  788.519991][    T9] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  788.549074][T12443] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1840'.
[  788.572779][T12443] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1840'.
[  788.773440][    T9] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  789.001043][T12443] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  789.069364][    T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  789.089701][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  789.098319][    T9] usb 4-1: SerialNumber: syz
[  791.243733][T11740] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  791.254091][T11740] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x0080: ffffffb9
[  791.326942][T11740] asix 3-1:0.0: probe with driver asix failed with error -71
[  791.542094][T11740] usb 3-1: USB disconnect, device number 16
[  791.545597][    T9] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71
[  791.878028][    T9] usb 4-1: USB disconnect, device number 34
[  793.505086][T12491] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1851'.
[  794.591706][T12505] fuse: Bad value for 'group_id'
[  794.596886][T12505] fuse: Bad value for 'group_id'
[  795.242982][T12511] ALSA: mixer_oss: invalid OSS volume 'LI'
[  797.278171][T12543] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  797.364601][T12547] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1866'.
[  798.295649][T12557] vxcan1: entered allmulticast mode
[  798.317664][T12557] vxcan1: left allmulticast mode
[  799.687321][T12570] ALSA: mixer_oss: invalid OSS volume 'LI'
[  801.077649][T12579] syz.3.1878 (12579) used greatest stack depth: 16648 bytes left
[  801.563685][T12596] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1882'.
[  802.349878][    T9] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  802.540603][    T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  802.556996][    T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  802.576193][    T9] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  802.606747][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  802.617431][    T9] usb 1-1: SerialNumber: syz
[  802.837072][    T9] usb 1-1: 0:2 : does not exist
[  802.848411][    T9] usb 1-1: unit 5: unexpected type 0x0a
[  802.878169][    T9] usb 1-1: USB disconnect, device number 29
[  804.285957][T12610] netlink: 252 bytes leftover after parsing attributes in process `syz.4.1887'.
[  806.784572][T12641] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1894'.
[  808.869604][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  808.876053][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  810.785860][T12673] netlink: 252 bytes leftover after parsing attributes in process `syz.0.1904'.
[  812.129741][T12688] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1906'.
[  815.775798][T12708] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  815.783182][T12708] [U] J"—e:ÀÆ"


[  818.228893][T12739] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1919'.
[  821.668943][T11740] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  821.753422][T11740] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  823.084619][T12776] netlink: 252 bytes leftover after parsing attributes in process `syz.0.1930'.
[  825.432685][T12790] ==================================================================
[  825.440813][T12790] BUG: KASAN: slab-out-of-bounds in _raw_spin_lock+0x2e/0x40
[  825.448213][T12790] Read of size 1 at addr ffff88806c9bf8e0 by task syz.3.1934/12790
[  825.456099][T12790] 
[  825.458421][T12790] CPU: 1 UID: 0 PID: 12790 Comm: syz.3.1934 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  825.458438][T12790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  825.458445][T12790] Call Trace:
[  825.458450][T12790]  <TASK>
[  825.458455][T12790]  dump_stack_lvl+0x189/0x250
[  825.458476][T12790]  ? __kasan_check_byte+0x12/0x40
[  825.458493][T12790]  ? __pfx_dump_stack_lvl+0x10/0x10
[  825.458510][T12790]  ? lock_release+0x4b/0x3e0
[  825.458535][T12790]  ? __virt_addr_valid+0x4a5/0x5c0
[  825.458555][T12790]  print_report+0xd2/0x2b0
[  825.458575][T12790]  ? _raw_spin_lock+0x2e/0x40
[  825.458589][T12790]  kasan_report+0x118/0x150
[  825.458604][T12790]  ? _raw_spin_lock+0x2e/0x40
[  825.458620][T12790]  ? __futex_pivot_hash+0x226/0x460
[  825.458634][T12790]  __kasan_check_byte+0x2a/0x40
[  825.458648][T12790]  lock_acquire+0x8d/0x360
[  825.458663][T12790]  ? futex_hash_allocate+0x7eb/0xba0
[  825.458677][T12790]  _raw_spin_lock+0x2e/0x40
[  825.458691][T12790]  ? __futex_pivot_hash+0x226/0x460
[  825.458702][T12790]  __futex_pivot_hash+0x226/0x460
[  825.458716][T12790]  futex_hash_allocate+0xa6b/0xba0
[  825.458729][T12790]  ? __pfx_futex_hash_allocate+0x10/0x10
[  825.458741][T12790]  ? cap_task_prctl+0x1de/0xaa0
[  825.458758][T12790]  ? static_key_count+0x41/0x70
[  825.458776][T12790]  ? security_task_prctl+0x163/0x190
[  825.458796][T12790]  __se_sys_prctl+0x9e8/0x1940
[  825.458811][T12790]  ? __pfx___se_sys_prctl+0x10/0x10
[  825.458823][T12790]  ? rcu_is_watching+0x15/0xb0
[  825.458842][T12790]  ? do_syscall_64+0xbe/0x3b0
[  825.458859][T12790]  ? __x64_sys_prctl+0x20/0xc0
[  825.458873][T12790]  do_syscall_64+0xfa/0x3b0
[  825.458890][T12790]  ? lockdep_hardirqs_on+0x9c/0x150
[  825.458907][T12790]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  825.458918][T12790]  ? clear_bhb_loop+0x60/0xb0
[  825.458931][T12790]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  825.458943][T12790] RIP: 0033:0x7f59bd18e929
[  825.458955][T12790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  825.458966][T12790] RSP: 002b:00007f59bdf22038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d
[  825.458980][T12790] RAX: ffffffffffffffda RBX: 00007f59bd3b6080 RCX: 00007f59bd18e929
[  825.458989][T12790] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000004e
[  825.458996][T12790] RBP: 00007f59bd210b39 R08: 0000000000000000 R09: 0000000000000000
[  825.459004][T12790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  825.459011][T12790] R13: 0000000000000000 R14: 00007f59bd3b6080 R15: 00007ffe83afd408
[  825.459023][T12790]  </TASK>
[  825.459028][T12790] 
[  825.717988][T12790] Allocated by task 12792:
[  825.722398][T12790]  kasan_save_track+0x3e/0x80
[  825.727077][T12790]  __kasan_kmalloc+0x93/0xb0
[  825.731663][T12790]  __kvmalloc_node_noprof+0x30d/0x5f0
[  825.737033][T12790]  futex_hash_allocate+0x3f4/0xba0
[  825.742144][T12790]  __se_sys_prctl+0x9e8/0x1940
[  825.746926][T12790]  do_syscall_64+0xfa/0x3b0
[  825.751440][T12790]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  825.757331][T12790] 
[  825.759654][T12790] The buggy address belongs to the object at ffff88806c9bf880
[  825.759654][T12790]  which belongs to the cache kmalloc-cg-64 of size 64
[  825.773809][T12790] The buggy address is located 32 bytes to the right of
[  825.773809][T12790]  allocated 64-byte region [ffff88806c9bf880, ffff88806c9bf8c0)
[  825.788315][T12790] 
[  825.790640][T12790] The buggy address belongs to the physical page:
[  825.797049][T12790] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6c9bf
[  825.805811][T12790] memcg:ffff888064655001
[  825.810156][T12790] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  825.817258][T12790] page_type: f5(slab)
[  825.821247][T12790] raw: 00fff00000000000 ffff88801a449c80 ffffea0001ab35c0 dead000000000002
[  825.829931][T12790] raw: 0000000000000000 0000000080200020 00000000f5000000 ffff888064655001
[  825.838512][T12790] page dumped because: kasan: bad access detected
[  825.844958][T12790] page_owner tracks the page as allocated
[  825.850690][T12790] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5822, tgid 5822 (syz-executor), ts 97269960202, free_ts 97269136980
[  825.870032][T12790]  post_alloc_hook+0x240/0x2a0
[  825.874809][T12790]  get_page_from_freelist+0x21d5/0x22b0
[  825.880370][T12790]  __alloc_frozen_pages_noprof+0x181/0x370
[  825.886179][T12790]  alloc_pages_mpol+0x232/0x4a0
[  825.891119][T12790]  allocate_slab+0x8a/0x3b0
[  825.895623][T12790]  ___slab_alloc+0xbfc/0x1480
[  825.900297][T12790]  __kvmalloc_node_noprof+0x429/0x5f0
[  825.905668][T12790]  simple_xattr_alloc+0x43/0xa0
[  825.910530][T12790]  shmem_initxattrs+0x24d/0x4b0
[  825.915414][T12790]  security_inode_init_security+0x29d/0x3f0
[  825.921325][T12790]  shmem_mknod+0x1f6/0x3e0
[  825.925758][T12790]  shmem_mkdir+0x33/0x70
[  825.930004][T12790]  vfs_mkdir+0x303/0x510
[  825.934243][T12790]  do_mkdirat+0x247/0x590
[  825.938588][T12790]  __x64_sys_mkdirat+0x87/0xa0
[  825.943398][T12790]  do_syscall_64+0xfa/0x3b0
[  825.947911][T12790] page last free pid 5822 tgid 5822 stack trace:
[  825.954227][T12790]  __free_frozen_pages+0xc65/0xe60
[  825.959337][T12790]  kasan_populate_vmalloc+0x118/0x1a0
[  825.964984][T12790]  alloc_vmap_area+0xd51/0x1490
[  825.969830][T12790]  __get_vm_area_node+0x1f8/0x300
[  825.974858][T12790]  __vmalloc_node_range_noprof+0x301/0x12f0
[  825.980747][T12790]  vzalloc_noprof+0xb2/0xf0
[  825.985257][T12790]  alloc_counters+0xd3/0x6d0
[  825.989850][T12790]  do_ip6t_get_ctl+0xa94/0x1180
[  825.994714][T12790]  nf_getsockopt+0x26e/0x290
[  825.999302][T12790]  ipv6_getsockopt+0x1ed/0x290
[  826.004081][T12790]  do_sock_getsockopt+0x360/0x650
[  826.009103][T12790]  __x64_sys_getsockopt+0x1a5/0x250
[  826.014293][T12790]  do_syscall_64+0xfa/0x3b0
[  826.018793][T12790]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  826.024682][T12790] 
[  826.027001][T12790] Memory state around the buggy address:
[  826.032627][T12790]  ffff88806c9bf780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  826.042872][T12790]  ffff88806c9bf800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  826.051028][T12790] >ffff88806c9bf880: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  826.059090][T12790]                                                        ^
[  826.066388][T12790]  ffff88806c9bf900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  826.074457][T12790]  ffff88806c9bf980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  826.082517][T12790] ==================================================================
[  826.091354][T12790] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  826.098577][T12790] CPU: 1 UID: 0 PID: 12790 Comm: syz.3.1934 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  826.110637][T12790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  826.120696][T12790] Call Trace:
[  826.123973][T12790]  <TASK>
[  826.126951][T12790]  dump_stack_lvl+0x99/0x250
[  826.131571][T12790]  ? __asan_memcpy+0x40/0x70
[  826.136170][T12790]  ? __pfx_dump_stack_lvl+0x10/0x10
[  826.141377][T12790]  ? __pfx__printk+0x10/0x10
[  826.145966][T12790]  panic+0x2db/0x790
[  826.149884][T12790]  ? lockdep_hardirqs_on+0x9c/0x150
[  826.155173][T12790]  ? __pfx_panic+0x10/0x10
[  826.159597][T12790]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  826.165490][T12790]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  826.171393][T12790]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  826.177736][T12790]  ? _raw_spin_lock+0x2e/0x40
[  826.182414][T12790]  check_panic_on_warn+0x89/0xb0
[  826.187359][T12790]  ? _raw_spin_lock+0x2e/0x40
[  826.192045][T12790]  end_report+0x78/0x160
[  826.196318][T12790]  kasan_report+0x129/0x150
[  826.200830][T12790]  ? _raw_spin_lock+0x2e/0x40
[  826.205514][T12790]  ? __futex_pivot_hash+0x226/0x460
[  826.210733][T12790]  __kasan_check_byte+0x2a/0x40
[  826.215593][T12790]  lock_acquire+0x8d/0x360
[  826.220025][T12790]  ? futex_hash_allocate+0x7eb/0xba0
[  826.225366][T12790]  _raw_spin_lock+0x2e/0x40
[  826.229880][T12790]  ? __futex_pivot_hash+0x226/0x460
[  826.235103][T12790]  __futex_pivot_hash+0x226/0x460
[  826.240203][T12790]  futex_hash_allocate+0xa6b/0xba0
[  826.245424][T12790]  ? __pfx_futex_hash_allocate+0x10/0x10
[  826.251069][T12790]  ? cap_task_prctl+0x1de/0xaa0
[  826.255962][T12790]  ? static_key_count+0x41/0x70
[  826.260822][T12790]  ? security_task_prctl+0x163/0x190
[  826.266220][T12790]  __se_sys_prctl+0x9e8/0x1940
[  826.270987][T12790]  ? __pfx___se_sys_prctl+0x10/0x10
[  826.276183][T12790]  ? rcu_is_watching+0x15/0xb0
[  826.280950][T12790]  ? do_syscall_64+0xbe/0x3b0
[  826.285630][T12790]  ? __x64_sys_prctl+0x20/0xc0
[  826.290396][T12790]  do_syscall_64+0xfa/0x3b0
[  826.294903][T12790]  ? lockdep_hardirqs_on+0x9c/0x150
[  826.300101][T12790]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  826.306254][T12790]  ? clear_bhb_loop+0x60/0xb0
[  826.310931][T12790]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  826.316821][T12790] RIP: 0033:0x7f59bd18e929
[  826.321232][T12790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  826.341115][T12790] RSP: 002b:00007f59bdf22038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d
[  826.349701][T12790] RAX: ffffffffffffffda RBX: 00007f59bd3b6080 RCX: 00007f59bd18e929
[  826.357670][T12790] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000004e
[  826.365636][T12790] RBP: 00007f59bd210b39 R08: 0000000000000000 R09: 0000000000000000
[  826.373604][T12790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  826.381579][T12790] R13: 0000000000000000 R14: 00007f59bd3b6080 R15: 00007ffe83afd408
[  826.389727][T12790]  </TASK>
[  826.393031][T12790] Kernel Offset: disabled
[  826.397358][T12790] Rebooting in 86400 seconds..